Skip to content

Commit

Permalink
Merge pull request #59 from akhilome/ft-admin-secret-161119874
Browse files Browse the repository at this point in the history 
#161119874 Any User Should be Able to Signup as an Admin
  • Loading branch information
@akhilome
akhilome committed Oct 10, 2018
2 parents 7c122cf + 9280744 commit 0ab780e
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 7 deletions.
1 change: 1 addition & 0 deletions .env.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ PORT=[server_port_number]
DATABASE_URL=postgres://[username]@[server]:[port]/fastfoodfast
TEST_DATABASE_URL=postgres://[username]@[server]:[port]/fastfoodfast_test
JWT_SECRET=[your_supersecret_secret]
ADMIN_SECRET=[secret_keyword_admins_should_provide_on_signup]
9 changes: 7 additions & 2 deletions server/controllers/authController.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,13 @@ import pool from '../db/config';

class AuthController {
static async signup(req, res) {
const { name, email, password } = req;
const isAdmin = email === 'hovkard@gmail.com' ? 't' : 'f';
const {
name,
email,
password,
adminSecret,
} = req;
const isAdmin = adminSecret === process.env.ADMIN_SECRET ? 't' : 'f';

try {
// Check if a user with the provided email already exists
Expand Down
2 changes: 2 additions & 0 deletions server/middleware/sanitizer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ class Sanitize {
email,
password,
confirmPassword,
adminSecret,
} = req.body;

const missingFields = [name, email, password, confirmPassword].map((field, index) => {
Expand Down Expand Up @@ -36,6 +37,7 @@ class Sanitize {
req.name = name.trim();
req.email = email.trim();
req.password = password.trim();
req.adminSecret = adminSecret;
return next();
}

Expand Down
2 changes: 2 additions & 0 deletions tests/routes/auth.spec.js
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import chai from 'chai';
import 'chai/register-should';
import chaiHttp from 'chai-http';
import dotenv from 'dotenv';
import app from '../../server/index';
import { users, emptyTables } from '../seed/seed';

dotenv.config();
chai.use(chaiHttp);

before(emptyTables);
Expand Down
10 changes: 5 additions & 5 deletions tests/seed/seed.js
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,30 @@
import jwt from 'jsonwebtoken';
import pool from '../../server/db/config';

const adminEmail = 'hovkard@gmail.com';


const users = {
admin: {
id: 1,
name: 'Kizito',
email: adminEmail,
email: 'hovkard@gmail.com',
password: 'suppersecurepassword',
confirmPassword: 'suppersecurepassword',
adminSecret: process.env.ADMIN_SECRET,
},
validUser: {
id: 2,
name: 'James',
email: 'daniel@james.com',
password: 'pixel2user',
confirmPassword: 'pixel2user',
adminSecret: '',
},
validUserTwo: {
id: 3,
name: 'Philip',
email: 'philip@new.man',
password: 'facilitate',
confirmPassword: 'facilitate',
adminSecret: '',
},
validUserInvalidPass: {
email: 'daniel@james.com',
Expand Down Expand Up @@ -63,7 +63,7 @@ function generateValidToken(userObject) {
userId: userObject.id,
userName: userObject.name,
userEmail: userObject.email,
userStatus: userObject.email === adminEmail ? 'admin' : 'customer',
userStatus: userObject.adminSecret === process.env.ADMIN_SECRET ? 'admin' : 'customer',
}, process.env.JWT_SECRET).toString();
}

Expand Down

0 comments on commit 0ab780e

Please sign in to comment.