Merge pull request #46 from chidimo/ch-release-v1

#166231672 Fix flawed logic in user verification controller.

.codeclimate.yml

@@ -42,3 +42,5 @@ exclude_patterns:
   - test/
   - public/
   - dist/
+  - legacyUI/
+  - UI/

controllers/UsersController.js

@@ -71,7 +71,13 @@ const UsersController = {
             const { id } = req.params;
             const clause = `WHERE id=${req.params.id}`;
             const column = 'mailverified=true';
-            update_if_exists(users_model, id, column, clause, res);
+            const user = await update_if_exists(
+                users_model, id, column, clause, res);
+            if (user) {
+                return res.status(200).json({ data: user });
+            }
+            return res.status(404)
+                .json({ error: `User with id ${id} not found` });
         }
         catch (e) { return; }
     },
@@ -95,8 +101,15 @@ const UsersController = {
         const { id } = req.params;
         const clause = `WHERE id=${id}`;
         const column = 'status=\'verified\'';
+        // check requesting user's isAdmin status
         try {
-            update_if_exists(users_model, id, column, clause, res);
+            const user = await update_if_exists(
+                users_model, id, column, clause, res);
+            if (user) {
+                return res.status(200).json({ data: user });
+            }
+            return res.status(404)
+                .json({ error: `User with id ${id} not found` });
         }
         catch (e) { return; }
     },
@@ -122,6 +135,7 @@ const UsersController = {
         const { id } = req.params;
         const { firstname, lastname, phone, home, office } = req.body;
         const clause = `WHERE id=${id}`;
+        // check requesting user's identity
         try {
 
             const exists = await check_user_exists(users_model, clause, res);

controllers/helpers/AuthController.js

@@ -90,10 +90,9 @@ export const update_if_exists = async (model_instance,
         if (exists) {
             await model_instance.update(column, clause);
             const user = await get_existing_user(model_instance, res, clause);
-            return res.status(200).json({ data: user });
+            return user;
         }
-        return res.status(404)
-            .json({ error: `User with id ${id} not found` });
+        return false;
     }
     catch (e) { return; }
 };

routes/index.js

@@ -26,38 +26,45 @@ router.post('/auth/signin',
     AuthController.signin
 );
 
-router.patch('/users/:id/verify',
-    AuthenticationMiddleware.verifyToken,
-    UsersController.verify_user
-);
-router.get('/users/:id/account-confirmation',
-    AuthenticationMiddleware.verifyToken,
-    UsersController.confirm_account
-);
 router.get('/users',
     AuthenticationMiddleware.verifyToken,
     UsersController.get_users
 );
+
 router.get('/users/:id',
     AuthenticationMiddleware.verifyToken,
     UsersController.get_user
 );
+
+router.patch('/users/:id/verify',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.verify_user
+);
+router.get('/users/:id/account-confirmation',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.confirm_account
+);
+
 router.get('/users?status=verified',
     AuthenticationMiddleware.verifyToken,
     UsersController.get_users
 );
+
 router.patch('/users/:id/update',
+    AuthenticationMiddleware.verifyToken,
     UsersValidators.updateProfileValidator,
     UsersController.update_user_profile
 );
 router.get('/users/:id/photo/upload/',
     AuthenticationMiddleware.verifyToken,
     UsersController.get_aws_signed_url
 );
+
 router.patch('/users/:id/photo/update',
     AuthenticationMiddleware.verifyToken,
     UsersController.update_photo_url
 );
+
 router.post('/users/:email/reset_password',
     UsersValidators.newPasswordValidator,
     UsersController.reset_password