Skip to content

Commit

Permalink
fix: ORV2-1706 Fixes to endpoint with respect to roles (#807)
Browse files Browse the repository at this point in the history
  • Loading branch information
@praju-aot
praju-aot authored Nov 29, 2023
1 parent 1239489 commit e1d74a0
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 21 deletions.
2 changes: 1 addition & 1 deletion database/mssql/scripts/sampledata/dbo.ORBC_COMPANY.Table.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEG
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (71, N'BB5C30054B7C491584D38EDCD765FEC0', N'B3-000009-931',N'Erdman-D''Amore Trucking', N'BBCEID', 109, N'406-404-9943', NULL, NULL, N'[email protected]', 9, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (72, N'BB9F409AB3734478987C721FC3EA7168', N'R3-000043-131',N'Durgan Group Trucking', N'BBCEID', 143, N'873-507-7075', NULL, NULL, N'[email protected]', 43, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (73, N'BD7B318804D9452FBA8BB4174AC863BA', N'R3-000007-226',N'Wuckert Inc Trucking', N'BBCEID', 107, N'703-424-0377', NULL, NULL, N'[email protected]', 7, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (74, N'BD7CD6DCBD34404BA80735B200EC270E', N'B3-000005-722',N'Parisian LLC Trucking', N'BBCEID', 5, N'267-189-4484', NULL, NULL, N'[email protected]', 5, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (74, N'C0224BB8493F4D8289CD930FE0067289', N'B3-000005-722',N'Parisian LLC Trucking', N'BBCEID', 5, N'267-189-4484', NULL, NULL, N'[email protected]', 5, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (75, N'C231EC9917F94A93886D432660FF398B', N'B2-000049-418',N'Weissnat-Runolfsson Trucking', N'BBCEID', 49, N'242-508-9710', NULL, NULL, N'[email protected]', 49, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (76, N'C29B49EFE671467E9DC72D832145644F', N'E3-000025-309',N'Harvey LLC Trucking', N'BBCEID', 125, N'141-126-7911', NULL, NULL, N'[email protected]', 25, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY] ([COMPANY_ID], [COMPANY_GUID], [CLIENT_NUMBER], [LEGAL_NAME], [COMPANY_DIRECTORY], [MAILING_ADDRESS_ID], [PHONE], [EXTENSION], [FAX], [EMAIL], [PRIMARY_CONTACT_ID], [ACCOUNT_REGION], [ACCOUNT_SOURCE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (77, N'C322041166A943488E475EB12B810D4A', N'E2-000032-101',N'Jakubowski Inc Trucking', N'BBCEID', 132, N'521-855-4797', NULL, NULL, N'[email protected]', 32, N'B', N'3', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
Expand Down
2 changes: 1 addition & 1 deletion database/mssql/scripts/sampledata/dbo.ORBC_COMPANY_USER.Table.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TY
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (73, N'4BEC2BFF363149F08E6E874F6BF43140', N'ORGADMIN', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (73, N'4A37505459CD4396AD21B0560390A886', N'ORGADMIN', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (74, N'CBEAC8E5665A4DE49B4554AF0414B6CD', N'ORGADMIN', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (74, N'06267945F2EB4E31B585932F78B76269', N'ORGADMIN', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (74, N'6F5683DE28444A6697E561936F2C75FA', N'ORGADMIN', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (75, N'DE72A4E34DA849ABB66345AD473BF04B', N'CVCLIENT', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (75, N'8787C5D755DC4837BEF34AA624D94683', N'ORGADMIN', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_COMPANY_USER] ([COMPANY_ID], [USER_GUID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (76, N'554344633DF44D63A80F298E4248200B', N'CVCLIENT', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
Expand Down
2 changes: 1 addition & 1 deletion database/mssql/scripts/sampledata/dbo.ORBC_USER.Table.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATU
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'02F54641C1CB4766AF90B248C097744D', N'hscouse2m', N'BBCEID', N'ACTIVE', 195, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'03F1AF2793BD4735BB3BE7B4638FA682', N'fgookey3i', N'BBCEID', N'ACTIVE', 227, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'04C1868991DE4EB6B4307EE08446CB9B', N'awatmoreg', N'BBCEID', N'ACTIVE', 117, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'06267945F2EB4E31B585932F78B76269', N'redtruck', N'BCEID', N'ACTIVE', 302, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'6F5683DE28444A6697E561936F2C75FA', N'tomstrucking', N'BBCEID', N'ACTIVE', 302, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'067FBFD0CC4D4E8D928634A51DA469E4', N'mscroggins1v', N'BBCEID', N'ACTIVE', 168, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'081BA455A00D4374B0CC13092117A706', N'chansford5d', N'BBCEID', N'ACTIVE', 294, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
INSERT [dbo].[ORBC_USER] ([USER_GUID], [USERNAME], [USER_DIRECTORY], [USER_STATUS_TYPE], [CONTACT_ID], [USER_AUTH_GROUP_TYPE], [CONCURRENCY_CONTROL_NUMBER], [DB_CREATE_USERID], [DB_CREATE_TIMESTAMP], [DB_LAST_UPDATE_USERID], [DB_LAST_UPDATE_TIMESTAMP]) VALUES (N'08308BB4668642A8BC2ECB8D08E381D8', N'asuatt56', N'BBCEID', N'ACTIVE', 287, N'PUBLIC', NULL, N'dbo', GETUTCDATE(), N'dbo', GETUTCDATE())
Expand Down
41 changes: 29 additions & 12 deletions dops/src/modules/auth/jwt.strategy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,14 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
userName = payload.bceid_username;
}

//Remove when Basic and Personal BCeID needs to be accepted
if (
payload.identity_provider === IDP.BCEID &&
!payload.bceid_business_guid
) {
throw new UnauthorizedException();
}

if (req.headers['AuthOnly'] === 'false') {
({ roles, associatedCompanies } = await this.getUserDetails(
access_token,
Expand Down Expand Up @@ -92,6 +100,27 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
payload: IUserJWT,
associatedCompanies: number[],
) {
if (payload.identity_provider !== IDP.IDIR) {
const companiesForUsersResponse: AxiosResponse =
await this.authService.getCompaniesForUser(access_token);
associatedCompanies = (
companiesForUsersResponse.data as [
{ companyId: number; clientNumber: string; legalName: string },
]
).map((company) => {
return company.companyId;
});

//Remove when one login Multiple Companies needs to be activated
companyId = associatedCompanies?.length
? associatedCompanies?.at(0)
: companyId;

if (!associatedCompanies.includes(companyId)) {
throw new ForbiddenException();
}
}

const accessApiResponse: AxiosResponse[] = await Promise.all([
this.authService.getUserDetails(access_token, userGUID),
this.authService.getRolesForUser(access_token, companyId),
Expand All @@ -109,19 +138,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
}

const roles = accessApiResponse.at(1).data as Role[];
if (payload.identity_provider !== IDP.IDIR) {
associatedCompanies = (
accessApiResponse.at(2).data as [
{ companyId: number; clientNumber: string; legalName: string },
]
).map((company) => {
return company.companyId;
});

if (!associatedCompanies.includes(companyId)) {
throw new ForbiddenException();
}
}
return { roles, associatedCompanies };
}
}
2 changes: 0 additions & 2 deletions dops/src/modules/dgen/dgen.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,10 @@ import { Request, Response } from 'express';
import { ReadGeneratedDocumentDto } from './dto/response/read-generated-document.dto';
import { IUserJWT } from '../../interface/user-jwt.interface';
import { CreateGeneratedDocumentDto } from './dto/request/create-generated-document.dto';

import { IDP } from '../../enum/idp.enum';
import { Roles } from '../../decorator/roles.decorator';
import { Role } from '../../enum/roles.enum';
import { CreateGeneratedReportDto } from './dto/request/create-generated-report.dto';
import { AuthOnly } from '../../decorator/auth-only.decorator';
import { DgenService } from './dgen.service';

@ApiTags('Document Generator (DGEN)')
Expand Down
22 changes: 19 additions & 3 deletions vehicles/src/modules/auth/jwt.strategy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,14 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
payload.accountSource = AccountSource.BCeID;
}

//Remove when Basic and Personal BCeID needs to be accepted
if (
payload.identity_provider === IDP.BCEID &&
!payload.bceid_business_guid
) {
throw new UnauthorizedException();
}

if (req.headers['AuthOnly'] === 'false') {
const user = await this.authService.validateUser(
companyId,
Expand All @@ -75,10 +83,18 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
if (!user) {
throw new UnauthorizedException();
}

if (payload.identity_provider !== IDP.IDIR) {
associatedCompanies = await this.authService.getCompaniesForUser(
userGUID,
);
//Remove when one login Multiple Companies needs to be activated
companyId = associatedCompanies?.length
? associatedCompanies?.at(0)
: companyId;
}

roles = await this.authService.getRolesForUser(userGUID, companyId);
associatedCompanies = await this.authService.getCompaniesForUser(
userGUID,
);
}

const access_token = req.headers.authorization;
Expand Down
1 change: 0 additions & 1 deletion vehicles/src/modules/permit/permit.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,6 @@ export class PermitController {
@Query('download') download: FileDownloadModes,
@Res() res: Response,
): Promise<void> {
// TODO: Use IUserJWT / Exception handling
const currentUser = request.user as IUserJWT;

if (download === FileDownloadModes.PROXY) {
Expand Down

0 comments on commit e1d74a0

Please sign in to comment.