fix: handle uppercase and missing user verification (#44444)

* fix: hotfix for isHonest null * fix: early return if no user? * fix: handle invalid input on api Also lowerCases the username it receives since the client could send any case. * fix: report errors to user when verification fails Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>
2021-12-10 03:23:26 -08:00
parent fd0a140c8a
commit 42acc542b7
4 changed files with 43 additions and 9 deletions
--- a/api-server/src/common/models/user.js
+++ b/api-server/src/common/models/user.js
@ -55,7 +55,7 @@ function destroyAll(id, Model) {
  return Observable.fromNodeCallback(Model.destroyAll, Model)({ userId: id });
 }

-function ensureLowerCaseString(maybeString) {
+export function ensureLowerCaseString(maybeString) {
  return (maybeString && maybeString.toLowerCase()) || '';
 }

--- a/api-server/src/server/boot/certificate.js
+++ b/api-server/src/server/boot/certificate.js
@ -20,6 +20,7 @@ import { reportError } from '../middlewares/sentry-error-handler.js';
 import { getChallenges } from '../utils/get-curriculum';
 import { ifNoUser401 } from '../utils/middleware';
 import { observeQuery } from '../utils/rx';
+import { ensureLowerCaseString } from '../../common/models/user';

 const {
  legacyFrontEndChallengeId,
@ -523,7 +524,7 @@ function createVerifyCanClaim(certTypeIds, app) {
    let certType = superBlockCertTypeMap[superBlock];
    log(certType);

-    return findUserByUsername$(username, {
+    return findUserByUsername$(ensureLowerCaseString(username), {
      isFrontEndCert: true,
      isBackEndCert: true,
      isFullStackCert: true,
@ -544,15 +545,36 @@ function createVerifyCanClaim(certTypeIds, app) {
      isHonest: true,
      completedChallenges: true
    }).subscribe(user => {
+      if (!user) {
+        return res.status(404).json({
+          message: {
+            type: 'info',
+            message: 'flash.username-not-found',
+            variables: { username }
+          }
+        });
+      }
+
+      if (!certTypeIds[certType]) {
+        return res.status(404).json({
+          message: {
+            type: 'info',
+            // TODO: create a specific 'flash.cert-not-found' message
+            message: 'flash.could-not-find'
+          }
+        });
+      }
+
      return Observable.of(certTypeIds[certType])
        .flatMap(challenge => {
          const certName = certTypeTitleMap[certType];
          const { tests = [] } = challenge;
-          const { isHonest, completedChallenges } = user;
-          const isProjectsCompleted = canClaim(tests, completedChallenges);
          let result = 'incomplete-requirements';
          let status = false;

+          const { isHonest, completedChallenges } = user;
+          const isProjectsCompleted = canClaim(tests, completedChallenges);
+
          if (isHonest && isProjectsCompleted) {
            status = true;
            result = 'requirements-met';