thegameofcode · ghost · Mar 17, 2015 · Mar 17, 2015 · Mar 17, 2015 · Mar 17, 2015
diff --git a/config_sample.json b/config_sample.json
@@ -7,7 +7,7 @@
   "accessToken" : {
     "cipherKey" : "unsecureKey1",
     "signKey" : "unsecureKey2",
-    "expiration" : 10
+    "expiration" : 1000
   },
   "refreshToken" : {
     "cipherKey" : "unsecureKey3",
@@ -65,6 +65,12 @@
       "avatars": "example-avatars"
     }
   },
+  "validators": {
+    "profile": {
+      "path": "",
+      "filename": "profile_create.json"
+    }
+  },
   "phoneVerification": {
     "pinSize": 4,
     "attempts": 3,
@@ -83,7 +89,7 @@
       }
     ]
   },
-  "emailVerification":{
+  "emailVerification": {
     "subject": "Example email verification",
     "body": "<p>Thanks for register into Example, here is a link to activate your account click</p> <p><a href='{link}' >here</a></p> <p>If you have any problems on this process, please contact <a href='mailto:support@example.com'>support@example.com</a> and we will be pleased to help you.</p>",
     "compatibleEmailDevices": [ "*iPhone*", "*iPad*", "*iPod*" , "*Android*"],
@@ -95,31 +101,35 @@
     "scheme":"mycomms"
   },
   "externalServices":{
-    "notifications": "http://localhost:3002"
+    "notifications": {
+      "base": "http://localhost:3002",
+      "pathEmail": "/api/notification/email"
+    }
   },
   "version" : {
     "header" : "x-example-version",
     "platforms" : {
       "test" : {
         "link" : "http://testLink",
         "1" : true
-      }
-    },
+      },
     "installPath" : "/install",
     "db":"mongodb://localhost/versionControl?w=1"
+  }
   },
   "allowedDomains":[
     "*@a.com"
   ],
   "password":{
+    "validateOldPassword": false,
     "regexValidation": "(?=.*\\d)(?=.*[A-Z])(?=.*[a-z]).{8}",
     "message": "Your password must be at least 8 characters and must contain at least one capital, one lower and one number.",
     "generatedRegex": "([a-z][\\d][A-Z]){3,4}",
     "subject" :"Recover Example User Password",
     "body" : "Here is your new password for accessing to your Example account, if you want, you can update it anytime from your edit profile screen. <p> __PASSWD__ <p> you can also click <a href='__LINK__' >here</a> from your mobile device to get in. If you receiver this email by error or you are sure you didn't requested it, please contact support@example.com"
   },
-  "endpoints" : [
-    {
+    "endpoints" : [
+      {
       "path" : "\/api\/profile",
       "methods" : ["POST", "PUT"],
       "roles" : ["admin"]
@@ -140,6 +150,9 @@
     }
   ],
   "directProxyUrls": [
-     "\/upload$"
+    "\/upload$"
+  ],
+  "allowedHeaders": [
+      "x-custom-header"
   ]
 }
diff --git a/features/proxy.feature b/features/proxy.feature
@@ -10,3 +10,15 @@ Feature: reverse proxy protects an applicacion behind cipherlayer
     | PATH          | METHOD  | STATUS | REQUEST_PAYLOAD | RESPONSE_PAYLOAD        |
     | /test/get200  | GET     | 200    |                 | {"m":"GET", "s":"200"}  |
     | /test/post200 | POST    | 200    | {"key":"value"} | {"m":"POST", "s":"200"} |
+
+  @only
+  Scenario Outline: A protected service returns a response header
+    Given a user with role user and a valid access token
+    And a protected service replies to a <METHOD> request with <REQUEST_PAYLOAD> to <PATH> with status <STATUS> and a body <RESPONSE_PAYLOAD> and header <ALLOWED_HEADER> and value <HEADER_VALUE>
+    When the application makes a <METHOD> with <REQUEST_PAYLOAD> to a protected <PATH>
+    Then the response status code is <STATUS>
+    And the response body must be <RESPONSE_PAYLOAD>
+    And the response headers contains the <ALLOWED_HEADER> with <HEADER_VALUE>
+    Examples:
+    | PATH          | METHOD  | STATUS | REQUEST_PAYLOAD | RESPONSE_PAYLOAD        | ALLOWED_HEADER    | HEADER_VALUE |
+    | /test/get200  | GET     | 200    |                 | {"m":"GET", "s":"200"}  | x-custom-header   | test         |
diff --git a/features/step_definitions/client_pass_through.js b/features/step_definitions/client_pass_through.js
@@ -7,7 +7,7 @@ var config = require('../../config.json');
 module.exports = function(){
     this.When(/^the client makes a pass through (.*) with the following (.*) in the body$/, function (METHOD, PUBLIC_PAYLOAD, callback) {
 
-        var notifServiceURL = config.externalServices.notifications;
+        var notifServiceURL = config.externalServices.notifications.base;
 
         var options = {
             url: 'http://localhost:' + config.public_port + config.passThroughEndpoint.path,

diff --git a/features/step_definitions/method_request_to_path.js b/features/step_definitions/method_request_to_path.js
@@ -5,6 +5,9 @@ var nock = require('nock');
 var request = require('request');
 var assert = require('assert');
 
+var NOTIFICATION_SERVICE_URL = config.externalServices.notifications.base;
+var NOTIFICATION_EMAIL_SERVICE_PATH = config.externalServices.notifications.pathEmail;
+
 var myStepDefinitionsWrapper = function () {
     this.When(/^the client makes a (.*) request to (.*)$/, function (METHOD, PATH, callback) {
 
@@ -18,12 +21,12 @@ var myStepDefinitionsWrapper = function () {
         };
         options.headers[config.version.header] = "test/1";
 
-        nock(config.externalServices.notifications)
-            .post('/notification/email')
+        nock(NOTIFICATION_SERVICE_URL)
+            .post(NOTIFICATION_EMAIL_SERVICE_PATH)
             .reply(204);
 
         request(options, function(err,res) {
-            assert.equal(err,null);
+          assert.equal(err,null);
             world.getResponse().statusCode = res.statusCode;
             callback();
         });

diff --git a/features/step_definitions/protected_service_call.js b/features/step_definitions/protected_service_call.js
@@ -27,6 +27,8 @@ module.exports = function(){
             } else {
                 world.getResponse().body = null;
             }
+
+            world.getResponse().headers = res.headers;
             callback();
         });
     });

diff --git a/features/step_definitions/protected_service_definiton.js b/features/step_definitions/protected_service_definiton.js
@@ -14,11 +14,24 @@ module.exports = function(){
         callback();
     });
 
+    this.Given(/^a protected service replies to a GET request with (.*) to (.*) with status (.*) and a body (.*) and header (.*) and value (.*)$/, function (REQUEST_PAYLOAD, PATH, STATUS, RESPONSE_PAYLOAD, ALLOWED_HEADER, HEADER_VALUE, callback){
+        var headers = {};
+        headers[ALLOWED_HEADER] = HEADER_VALUE;
+        nock('http://localhost:'+config.private_port, {
+            reqheaders: {
+                'Content-Type': 'application/json; charset=utf-8',
+                'x-user-id' : world.getUser().id
+            }
+        }).get(PATH).reply(Number(STATUS), JSON.parse(RESPONSE_PAYLOAD), headers);
+
+        callback();
+    });
+
     this.Given(/^a protected service replies to a POST request with (.*) to (.*) with status (.*) and a body (.*)$/, function (REQUEST_PAYLOAD, PATH, STATUS, RESPONSE_PAYLOAD, callback){
         nock('http://localhost:'+config.private_port)
             .post(PATH, JSON.parse(REQUEST_PAYLOAD))
             .reply(Number(STATUS), JSON.parse(RESPONSE_PAYLOAD));
-            
+
         callback();
     });
 

diff --git a/features/step_definitions/response_header_content.js b/features/step_definitions/response_header_content.js
@@ -0,0 +1,9 @@
+var world = require('../support/world');
+var assert = require('assert');
+
+module.exports = function(){
+    this.Given(/^the response headers contains the (.*) with (.*)$/, function (ALLOWEDHEADER, HEADERVALUE, callback) {
+        assert.equal(world.getResponse().headers[ALLOWEDHEADER], HEADERVALUE);
+        callback();
+    });
+};
diff --git a/scripts/add_users.js b/scripts/add_users.js
@@ -0,0 +1,98 @@
+var async = require('async'),
+    fs = require('fs'),
+    nock = require('nock'),
+    userMng = require('../src/managers/user'),
+    config = require('../config.json'),
+    userDao = require('../src/managers/dao.js');
+/*
+ * Objects for `async.eachSeries`
+ */
+
+// Function to apply to each fixture
+var addFixture = function(fixture, callback) {
+
+    var data = fixture;
+
+    // Define user object to be passed to userMng
+    var pin = null;
+    var profileBody = {
+        id: data._id.$oid || data._id,
+        email: data.email,
+        password: data.password || (process.env.DEFAULT_PASS ? process.env.DEFAULT_PASS : "qwerty")
+    };
+
+    if(!profileBody.id || !profileBody.email || !profileBody.password) {
+        console.log("Missing mandatory parameter(s)");
+        return callback();
+    }
+    // Nock the createUser URL
+    nock('http://' + config.private_host + ':' + config.private_port + config.passThroughEndpoint.path, { reqheaders: {
+        'Content-Type': 'application/json; charset=utf-8'
+    }})
+        .post(config.passThroughEndpoint.path)
+        .reply(201,profileBody);
+
+    // Save user data to database
+    userMng().createUser(profileBody, pin, function(err) {
+        if(err) {
+
+            if (err.err === 'auth_proxy_user_error') {
+                console.log(profileBody.email + " " + err.des);
+                return callback();
+            }
+            return callback(err);
+        }
+        console.log(profileBody.email + " added");
+        return callback();
+    });
+
+};
+
+/*
+ * Main part of the script:
+ *  - Exports the function, or
+ *  - Executes the function if running from CLI
+ */
+var runLoadFixtures = module.exports = function(fixtureFile, callback) {
+
+            console.log("running Load Fixtures");
+
+
+            async.eachSeries(fixtureFile, addFixture, callback);
+
+};
+
+if (!module.parent) { // Run as CLI command exec
+    async.series([
+
+        // Start cipherLayer components (mongodb, redis...)
+        function connect(done) {
+            userDao.connect(done);
+        },
+
+        function drop(done) {
+            if(!process.env.DROP_DB) return done();
+            console.log("Dropping database");
+            userDao.deleteAllUsers(done);
+        },
+
+        function load(done) {
+            fixtureFile = require(__dirname + '/' + '../tests/fixtures/' + 'User.json');
+            runLoadFixtures(fixtureFile,done);
+        },
+
+        function disconnect(done) {
+            userDao.disconnect(done);
+        }
+
+    ], function(err) {
+        if (err) {
+            console.error(err);
+            process.exit(1);
+        }
+
+        console.info('Fixtures loaded');
+        process.exit();
+    });
+
+}
diff --git a/src/managers/email.js b/src/managers/email.js
@@ -7,15 +7,15 @@ var redisMng = require('./redis');
 var _settings = {};
 
 function sendEmailVerification(email, subject, emailBody, cbk){
-    var notifServiceURL = _settings.externalServices.notifications;
+    var notifServiceURL = _settings.externalServices.notifications.base;
     var emailOptions = {
         to: email,
         subject: subject,
         html: emailBody
     };
 
     var options = {
-        url: notifServiceURL + '/notification/email',
+        url: notifServiceURL + _settings.externalServices.notifications.pathEmail,
         headers: {
             'Content-Type': 'application/json; charset=utf-8'
         },
@@ -96,7 +96,7 @@ function sendEmailForgotPassword(email, passwd, link, cbk){
     };
 
     var options = {
-        url: _settings.externalServices.notifications + '/notification/email',
+        url: _settings.externalServices.notifications.base + _settings.externalServices.notifications.pathEmail ,
         headers: {
             'Content-Type': 'application/json; charset=utf-8'
         },

diff --git a/src/managers/json_formats/profile_downloader.json b/src/managers/json_formats/profile_downloader.json
@@ -0,0 +1,20 @@
+{
+  "id": "/Profile",
+  "type": "object",
+  "properties": {
+    "password": {
+      "type": "string",
+      "required": true
+    },
+    "email": {
+      "type": "string",
+      "format": "email",
+      "required": true
+    },
+    "name": {
+      "type": "string",
+      "required": true
+    }
+  },
+  "additionalProperties": true
+}
diff --git a/src/managers/json_validator.js b/src/managers/json_validator.js
@@ -5,12 +5,14 @@ module.exports = {
 		if( !json || Object.keys(json).length === 0) {
 			return false;
 		}
-		if(schema) {
+
+      if (!schema) {
+        return true;
+      }
 			var result = (new Validator()).validate(json, schema);
 			if (result.errors.length > 0) {
 				return false;
 			}
-		}
-		return true;
+      return true;
 	}
 };
diff --git a/src/managers/phone.js b/src/managers/phone.js
@@ -34,7 +34,7 @@ function createPIN(redisKeyId, phone, cbk){
 }
 
 function sendPIN(phone, pin, cbk){
-    var notifServiceURL = _settings.externalServices.notifications;
+    var notifServiceURL = _settings.externalServices.notifications.base;
     var sms = {
         phone: phone,
         text: 'MyComms pin code: ' + pin