Skip to content
This repository was archived by the owner on Aug 3, 2025. It is now read-only.

Refactor users service #70

Merged
merged 4 commits into from
Feb 20, 2017
Merged

Refactor users service #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6501ff4
Get login UI working again
sameetandpotatoes Feb 12, 2017
fea3dc2
Set up more user routes
sameetandpotatoes Feb 12, 2017
ead6beb
Can approve, delete, and join new users
sameetandpotatoes Feb 12, 2017
d369386
Improve html
sameetandpotatoes Feb 19, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
127 changes: 61 additions & 66 deletions controllers/services/users.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@

const SERVICES_URL = process.env.SERVICES_URL || 'http://localhost:8000';
const GROOT_ACCESS_TOKEN = process.env.GROOT_ACCESS_TOKEN || "TEMP_STRING";
const path = require('path');
const request = require('request');
const ejs = require('ejs');
const utils = require('../../etc/utils.js');

module.exports = function(app) {
Expand All @@ -20,8 +22,8 @@ module.exports = function(app) {
}

request({
url: `${SERVICES_URL}/users/pre`,
method: "POST",
url: `${SERVICES_URL}/users`,
method: "GET",
headers: {
"Authorization": GROOT_ACCESS_TOKEN
},
Expand All @@ -33,115 +35,108 @@ module.exports = function(app) {
if(err) {
return res.status(500).send("Sorry, there was a server error. Please try again.");
}

res.render('users_index', {
authenticated: utils.isAuthenticated(req),
session:req.session,
premembers: body,
messages: req.flash('success')
premembers: body.data,
me: req.session.student
});
});

});


app.get('/intranet/users/:approvedUserNetID', function(req, res){
app.put('/intranet/users/:netid/paid', function(req, res) {
if(!req.session.roles.isAdmin && !req.session.roles.isTop4) {
return res.redirect('/login');
res.redirect('/login');
}

var absUsersPath = path.resolve(__dirname + '/../../views/_partials/users.ejs');
request({
url: `${SERVICES_URL}/users/paid`,
method: "POST",
url: `${SERVICES_URL}/users/` + req.params.netid + `/paid`,
method: "PUT",
headers: {
"Authorization": GROOT_ACCESS_TOKEN
},
body: {
"token" : req.session.student.token,
"netid" : req.params["approvedUserNetID"],
"Authorization": GROOT_ACCESS_TOKEN,
"Netid": req.session.student.netid
},
json: true
}, function(err) {
if(err) {
req.flash('error', "There was an issue, and the member may not have been added. Please contact someone from the Admin committee.");
}, function(err, response, body) {
if (response && response.statusCode == 200 && body) {
res.status(200).send(ejs.render("<%- include('" + absUsersPath + "') %>", { users : body.data } ));
} else {
req.flash('success', "The member was added successfully!");
res.status(response.statusCode).send(body.error);
}
});
});

res.redirect('/intranet/users');
app.delete('/intranet/users/:netid', function(req, res) {
if(!req.session.roles.isAdmin && !req.session.roles.isTop4) {
res.redirect('/login');
}

var absUsersPath = path.resolve(__dirname + '/../../views/_partials/users.ejs');
request({
url: `${SERVICES_URL}/users/` + req.params.netid,
method: "DELETE",
headers: {
"Authorization": GROOT_ACCESS_TOKEN,
"Netid": req.session.student.netid
},
json: true,
body: {}
}, function(error, response, body) {
if (response && response.statusCode == 200 && body) {
res.status(200).send(ejs.render("<%- include('" + absUsersPath + "') %>", { users : body.data, me: req.session.student } ));
} else {
res.status(response.statusCode).send(body.error);
}
});
});

app.post('/join', function(req, res) {
var userData = {
first_name: req.body.first_name,
last_name: req.body.last_name,
netid: req.body.netid,
uin: req.body.uin
};
request({
url: `${SERVICES_URL}/users/newUser`,
url: `${SERVICES_URL}/users`,
method: "POST",
headers: {
"Authorization": GROOT_ACCESS_TOKEN
},
body: userData,
body: req.body,
json: true
}, function(err, response, body) {
if(err || !response || response.statusCode != 200) {
req.flash('error', err || body.error);
req.flash('error', (body && body.error) || err);
} else {
req.flash('success', "Added as a premember");
req.flash('success', body.message);
}
res.redirect('/join');
});
});

app.post('/login', function(req, res){
Copy link
Member Author

@sameetandpotatoes sameetandpotatoes Feb 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So one cool thing that affects development is that we no longer have to connect to the production database on the acm server to login to the website. Now, in development, the users service talks to crowd with the credentials and basically does a find or create User (fetching additional info like their name automatically) and returning it along with the session token.

Copy link
Member

@narendasan narendasan Feb 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds cool, can you explain more? Is login still hitting crowd directly or is it behind users now?

Copy link
Member

@aashishkapur aashishkapur Feb 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from my understanding, Crowd would be behind users, so login would go through user-service

Copy link
Member Author

@sameetandpotatoes sameetandpotatoes Feb 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, login is behind users service now. I think we want the eventual goal to be that only users service talks to crowd. @bcongdon and I discussed this previously and we believe that would be best practice. For example, it would move the logic of the validation-factors body that needs to be there for any crowd request to go to the users service. And it would make the users service actually behave as a service for all things users.

Copy link
Member

@narendasan narendasan Feb 13, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The main requirement is the interface is simple enough that if you only need auth there is a straight forward route. The only concern I have is if we throw out crowd or we throw out the users service that a massive amount of functionality goes out with it since the two are very closely tied now

Copy link
Member

@narendasan narendasan Feb 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since crowd served only as a session provider and users was a members store, coupling them makes sense in the ad context but is mixing roles in the service context

var netid = req.body.netid, pass = req.body.password;
var options = {
url: `${SERVICES_URL}/session?username=${netid}`,
request({
url: `${SERVICES_URL}/users/login`,
method: "POST",
json: true,
headers: {
"Authorization": GROOT_ACCESS_TOKEN
},
body: {
"username" : netid,
"password" : pass,
"validation-factors" : {
"validationFactors" : [{
"name" : "remote_address",
"value" : "127.0.0.1"
}]
}
}
};

function callback(error, response, body) {
if(!body || !body["token"]) {
return res.render('login', {
authenticated: false,
errors: 'Invalid email or password.'
});
}

if (!error && response && response.statusCode == 200) {
body: req.body
}, function(err, response, body) {
if(err || !response || response.statusCode != 200) {
req.flash('error', (body && body.error) || err);
res.redirect('/login');
} else {
req.session.student = {
netid: netid,
token: body["token"],
email: netid + "@illinois.edu"
first_name: body.data.first_name,
last_name: body.data.last_name,
token: body.data.token,
netid: body.data.netid
};
req.session.username = req.session.student.first_name;
req.session.roles.isStudent = true;

utils.setAuthentication(req, res, function(req, res) {
utils.getUserData(req, res, function(req, res){
res.redirect('/intranet');
});
res.redirect('/intranet');
});
} else {
res.status(response.statusCode).send(error);
}
}
request(options, callback);
});
});
};
};
34 changes: 34 additions & 0 deletions views/_partials/users.ejs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<% if (users && users.length != 0) { %>
<h2>Members</h2>
<table class="table table-striped" id="user-approval-table" class="dynatable-container">
<thead>
<tr>
<th>Action</th>
<th>Netid</th>
<th>First Name</th>
<th>Last Name</th>
<th>A Member Since</th>
<tr>
</thead>
<tbody>
<% for (var user of users) { %>
<tr>
<td>
<% if (!user.is_member && user.netid != me.netid) { %>
<a class="button" onClick="makeACMMember('<%= user.netid %>')">Paid</a>
<a class="button" onClick="deleteACMMember('<%= user.netid %>')">Delete</a>
<% } else { %>
<p>No action to take.</p>
<% } %>
</td>
<td><%= user.netid %></td>
<td><%= user.first_name %></td>
<td><%= user.last_name %></td>
<td><%= new Date(user.created_at).toLocaleString() %></td>
</tr>
<% } %>
</tbody>
</table>
<% } else { %>
<h5>You have no users. That's a problem.</h5>
<% } %>
4 changes: 2 additions & 2 deletions views/intranet.ejs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ this license in a file with the distribution.
</div>
<div id="main-center" class="small-12 medium-12 large-4 columns">
<h3>User Manager</h3>
<p>Maintain pending ACM users</p><a href="intranet/users">
<button class="button">Go</button></a>
<p>View and maintain current and pending ACM users</p>
<a href="intranet/users"><button class="button">Manage</button></a>
</div>
</div>
<% } %>
Expand Down
57 changes: 33 additions & 24 deletions views/users_index.ejs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,30 +13,9 @@ this license in a file with the distribution.
<div id="home-container" class="row">
<div id="main-container" class="small-12 medium-12 large-12 columns">
<div id="links-top" class="row">
<h2>Pre Members</h2>

<table class="table table-striped" id="user-approval-table" class="dynatable-container">
<thead>
<tr>
<th>Mark Paid</th>
<th>Netid</th>
<th>First Name</th>
<th>Last Name</th>
<th>Submitted</th>
<tr>
</thead>
<tbody>
<% for (var preuser of premembers) { %>
<tr>
<td><a href="/intranet/users/<%=preuser.netid%>" class="btn">Paid</a>
<td><%=preuser.netid%></td>
<td><%=preuser.first_name%></td>
<td><%=preuser.last_name%></td>
<td><%=new Date(preuser.created_at).toLocaleString() %></td>
</tr>
<% } %>
</tbody>
</table>
<div id="unapproved-users-partial">
<%- include('_partials/users', { users: premembers }) %>
</div>
</div>
</div>
</div>
Expand All @@ -49,4 +28,34 @@ this license in a file with the distribution.
perPageDefault: 20
}
});

function makeACMMember(netid) {
$.ajax({
url: "/intranet/users/" + netid + "/paid",
method: "PUT",
success: function(response) {
$('#unapproved-users-partial').html(response);
$("#user-approval-table").dynatable({
dataset: {
perPageDefault: 20
}
});
}
});
}

function deleteACMMember(netid) {
$.ajax({
url: "/intranet/users/" + netid,
method: "DELETE",
success: function(response) {
$('#unapproved-users-partial').html(response);
$("#user-approval-table").dynatable({
dataset: {
perPageDefault: 20
}
});
}
});
}
</script>