the user's phone number, represented as a string.
" } - ] + ], + "header": [{ + "group": "header", + "type": "JWT", + "optional": true, + "field": "token", + "description": "the user's invite token.
" + }] }, "examples": [{ "title": "Request-Example:", diff --git a/docs/api/api_data.json b/docs/api/api_data.json index 04a94c3f..51be9836 100644 --- a/docs/api/api_data.json +++ b/docs/api/api_data.json @@ -70,7 +70,14 @@ "field": "phoneNumber", "description": "the user's phone number, represented as a string.
" } - ] + ], + "header": [{ + "group": "header", + "type": "JWT", + "optional": true, + "field": "token", + "description": "the user's invite token.
" + }] }, "examples": [{ "title": "Request-Example:", diff --git a/middlewares/auth.middleware.js b/middlewares/auth.middleware.js index c7e81507..2b42f181 100644 --- a/middlewares/auth.middleware.js +++ b/middlewares/auth.middleware.js @@ -423,6 +423,17 @@ function createRoleBindings(roleName = undefined) { }); } +/** + * Adds a rolebinding between the user and the role with the name stored in 'accountType'. + * @param {{user: {id: ObjectId, accountType: string}}} req + * @param {*} res + * @param {(err?) => void} next + */ +async function addAccountTypeRoleBinding(req, res, next) { + await Services.RoleBinding.createRoleBindingByRoleName(req.user.id, req.user.accountType); + return next(); +} + /** * Middleware to retrieve all the roles in the database * @param {*} req @@ -450,6 +461,7 @@ module.exports = { getAccountTypeFromConfirmationToken: Middleware.Util.asyncMiddleware(getAccountTypeFromConfirmationToken), validateConfirmationTokenWithoutAccount: Middleware.Util.asyncMiddleware(validateConfirmationTokenWithoutAccount), createRoleBindings: createRoleBindings, + addAccountTypeRoleBinding: Middleware.Util.asyncMiddleware(addAccountTypeRoleBinding), addCreationRoleBindings: Middleware.Util.asyncMiddleware(addCreationRoleBindings), resendConfirmAccountEmail: Middleware.Util.asyncMiddleware(resendConfirmAccountEmail), retrieveRoleBindings: Middleware.Util.asyncMiddleware(retrieveRoleBindings), diff --git a/middlewares/validators/account.validator.js b/middlewares/validators/account.validator.js index 9118fd5a..69ef5fb7 100644 --- a/middlewares/validators/account.validator.js +++ b/middlewares/validators/account.validator.js @@ -11,7 +11,7 @@ module.exports = { VALIDATOR.alphaArrayValidator("body", "dietaryRestrictions", false), VALIDATOR.enumValidator("body", "shirtSize", Constants.SHIRT_SIZES, false), VALIDATOR.passwordValidator("body", "password", false), - VALIDATOR.jwtValidator("param", "token", process.env.JWT_CONFIRM_ACC_SECRET, true), + VALIDATOR.jwtValidator("header", "token", process.env.JWT_CONFIRM_ACC_SECRET, true), VALIDATOR.dateValidator("body", "birthDate", false), VALIDATOR.phoneNumberValidator("body", "phoneNumber", false) ], diff --git a/models/account.model.js b/models/account.model.js index 412bc110..db5e24ec 100644 --- a/models/account.model.js +++ b/models/account.model.js @@ -42,7 +42,7 @@ const AccountSchema = new mongoose.Schema({ }, accountType: { type: String, - enum: Constants.USER_TYPES, + enum: Constants.EXTENDED_USER_TYPES, default: Constants.HACKER }, birthDate: { diff --git a/routes/api/account.js b/routes/api/account.js index 6ae784f4..c973ef5a 100644 --- a/routes/api/account.js +++ b/routes/api/account.js @@ -75,6 +75,7 @@ module.exports = { * @apiParam (body) {String} password The password of the account. * @apiParam (body) {String} birthDate a Date parsable string. * @apiParam (body) {Number} phoneNumber the user's phone number, represented as a string. + * @apiParam (header) {JWT} [token] the user's invite token. * * @apiParamExample {json} Request-Example: * { diff --git a/routes/api/sponsor.js b/routes/api/sponsor.js index ed305d96..01a18778 100644 --- a/routes/api/sponsor.js +++ b/routes/api/sponsor.js @@ -98,7 +98,7 @@ module.exports = { Middleware.Sponsor.parseSponsor, - Middleware.Auth.createRoleBindings(CONSTANTS.SPONSOR), + Middleware.Auth.addAccountTypeRoleBinding, Middleware.Sponsor.createSponsor, Controllers.Sponsor.createdSponsor