npm - @stamhoofd/backend - Versions diffs - 2.75.0 → 2.75.2 - Mend

@stamhoofd/backend 2.75.0 → 2.75.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json +10 -10
package/src/endpoints/auth/OpenIDConnectAuthTokenEndpoint.ts +43 -0
package/src/endpoints/auth/OpenIDConnectStartEndpoint.ts +6 -12
package/src/endpoints/global/registration/RegisterMembersEndpoint.test.ts +329 -1
package/src/helpers/MemberUserSyncer.ts +90 -86
package/src/services/FileSignService.ts +8 -18
package/src/services/SSOService.ts +116 -16
package/tests/e2e/register.test.ts +459 -24

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.75.0",
+    "version": "2.75.2",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -37,14 +37,14 @@
         "@simonbackx/simple-encoding": "2.20.0",
         "@simonbackx/simple-endpoints": "1.19.0",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.75.0",
-        "@stamhoofd/backend-middleware": "2.75.0",
-        "@stamhoofd/email": "2.75.0",
-        "@stamhoofd/models": "2.75.0",
-        "@stamhoofd/queues": "2.75.0",
-        "@stamhoofd/sql": "2.75.0",
-        "@stamhoofd/structures": "2.75.0",
-        "@stamhoofd/utility": "2.75.0",
+        "@stamhoofd/backend-i18n": "2.75.2",
+        "@stamhoofd/backend-middleware": "2.75.2",
+        "@stamhoofd/email": "2.75.2",
+        "@stamhoofd/models": "2.75.2",
+        "@stamhoofd/queues": "2.75.2",
+        "@stamhoofd/sql": "2.75.2",
+        "@stamhoofd/structures": "2.75.2",
+        "@stamhoofd/utility": "2.75.2",
         "archiver": "^7.0.1",
         "aws-sdk": "^2.885.0",
         "axios": "1.6.8",
@@ -64,5 +64,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "4710a9386f9f489356e04518622cc83c5faa2bf1"
+    "gitHead": "aafa49d4e89f748e62f364b52a40efe339206779"
 }

package/src/endpoints/auth/OpenIDConnectAuthTokenEndpoint.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { AutoEncoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { Context } from '../../helpers/Context';
+import { SSOService } from '../../services/SSOService';
+import { OpenIDAuthTokenResponse } from '@stamhoofd/structures';
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined;
+type ResponseBody = OpenIDAuthTokenResponse;
+/**
+ * This endpoint does nothing but build a URL to start the OpenID Connect flow.
+ * It is used to provide authenticateion data to the url that is temporarily valid (allows to connect an SSO provider to an existing account)
+ */
+export class OpenIDConnectAuthTokenEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'POST') {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, '/openid/auth-token', {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        // Check webshop and/or organization
+        await Context.setUserOrganizationScope();
+        await Context.authenticate({ allowWithoutAccount: false });
+        // Create a SSO auth token that can only be used once
+        const token = await SSOService.createToken();
+        return new Response(OpenIDAuthTokenResponse.create({
+            ssoAuthToken: token,
+        }));
+    }
+}

package/src/endpoints/auth/OpenIDConnectStartEndpoint.ts CHANGED Viewed

@@ -6,15 +6,15 @@ import { Context } from '../../helpers/Context';
 import { SSOService } from '../../services/SSOService';
 type Params = Record<string, never>;
-type Query = undefined;
-type Body = StartOpenIDFlowStruct;
+type Query = StartOpenIDFlowStruct;
+type Body = undefined;
 type ResponseBody = undefined;
 export class OpenIDConnectStartEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
-    bodyDecoder = StartOpenIDFlowStruct as Decoder<StartOpenIDFlowStruct>;
+    queryDecoder = StartOpenIDFlowStruct as Decoder<StartOpenIDFlowStruct>;
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method !== 'POST') {
+        if (request.method !== 'GET') {
             return [false];
         }
@@ -29,13 +29,7 @@ export class OpenIDConnectStartEndpoint extends Endpoint<Params, Query, Body, Re
     async handle(request: DecodedRequest<Params, Query, Body>) {
         // Check webshop and/or organization
         await Context.setUserOrganizationScope();
-        await Context.optionalAuthenticate({ allowWithoutAccount: false });
-        console.log('Full start connect body;', await request.request.body);
-        if (Context.user) {
-            console.log('User:', Context.user);
-        }
-        const service = await SSOService.fromContext(request.body.provider);
-        return await service.validateAndStartAuthCodeFlow(request.body);
+        const service = await SSOService.fromContext(request.query.provider);
+        return await service.validateAndStartAuthCodeFlow(request.query);
     }
 }

package/src/endpoints/global/registration/RegisterMembersEndpoint.test.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Request } from '@simonbackx/simple-endpoints';
 import { Email } from '@stamhoofd/email';
 import { BalanceItemFactory, Group, GroupFactory, MemberFactory, MemberWithRegistrations, Organization, OrganizationFactory, Registration, RegistrationFactory, RegistrationPeriod, RegistrationPeriodFactory, Token, UserFactory } from '@stamhoofd/models';
-import { BalanceItemCartItem, BalanceItemType, Company, IDRegisterCart, IDRegisterCheckout, IDRegisterItem, OrganizationPackages, PayconiqAccount, PaymentCustomer, PaymentMethod, PermissionLevel, Permissions, STPackageStatus, STPackageType, UserPermissions, Version } from '@stamhoofd/structures';
+import { BalanceItemCartItem, BalanceItemType, Company, GroupOption, GroupOptionMenu, IDRegisterCart, IDRegisterCheckout, IDRegisterItem, OrganizationPackages, PayconiqAccount, PaymentCustomer, PaymentMethod, PermissionLevel, Permissions, ReduceablePrice, RegisterItemOption, STPackageStatus, STPackageType, UserPermissions, Version } from '@stamhoofd/structures';
 import nock from 'nock';
 import { v4 as uuidv4 } from 'uuid';
 import { testServer } from '../../../../tests/helpers/TestServer';
@@ -1011,6 +1011,334 @@ describe('Endpoint.RegisterMembers', () => {
                 jest.useFakeTimers().resetAllMocks();
             }
         });
+        test('Should update group stock reservations', async () => {
+            // #region arrange
+            const { organization, group, groupPrice, token, member } = await initData();
+            groupPrice.stock = 5;
+            await group.save();
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                    ],
+                    balanceItems: [],
+                    deleteRegistrationIds: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 25,
+                asOrganizationId: organization.id,
+                customer: null,
+            });
+            // #endregion
+            // #region act and assert
+            expect(group?.stockReservations.length).toBe(0);
+            await post(body, organization, token);
+            const updatedGroup = await Group.getByID(group.id);
+            expect(updatedGroup?.stockReservations.length).toBe(1);
+            // #endregion
+        });
+        test('Should fail if group price stock sold out', async () => {
+            // #region arrange
+            const { organization, group, groupPrice, token, member, otherMembers } = await initData({
+                permissionLevel: PermissionLevel.Read, otherMemberAmount: 3 });
+            groupPrice.stock = 2;
+            await group.save();
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                        ...otherMembers.map(m => IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: m.id,
+                        })),
+                    ],
+                    balanceItems: [],
+                    deleteRegistrationIds: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 75,
+                customer: null,
+            });
+            // #endregion
+            // #region act and assert
+            expect(group?.stockReservations.length).toBe(0);
+            await expect(async () => await post(body, organization, token))
+                .rejects
+                .toThrow(new RegExp('Maximum reached'));
+            // #endregion
+        });
+        test('Should fail if option stock sold out', async () => {
+            // #region arrange
+            const { organization, group, groupPrice, token, member } = await initData();
+            const option1 = GroupOption.create({
+                name: 'option 1',
+                stock: 4,
+                price: ReduceablePrice.create({
+                    price: 5,
+                    reducedPrice: 3,
+                }),
+            });
+            const option2 = GroupOption.create({
+                name: 'option 2',
+                stock: 4,
+                price: ReduceablePrice.create({
+                    price: 3,
+                    reducedPrice: 1,
+                }),
+            });
+            const optionMenu = GroupOptionMenu.create({
+                name: 'option menu 1',
+                multipleChoice: true,
+                options: [option1, option2],
+            });
+            group.settings.optionMenus = [
+                optionMenu,
+            ];
+            await group.save();
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [
+                                RegisterItemOption.create({
+                                    option: option1,
+                                    amount: 2,
+                                    optionMenu,
+                                }),
+                                RegisterItemOption.create({
+                                    option: option2,
+                                    amount: 5,
+                                    optionMenu,
+                                }),
+                            ],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                    ],
+                    balanceItems: [
+                    ],
+                    deleteRegistrationIds: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 50,
+                customer: null,
+            });
+            // #endregion
+            // #region act and assert
+            await expect(async () => await post(body, organization, token))
+                .rejects
+                .toThrow(new RegExp('Stock empty'));
+            // #endregion
+        });
+        test('Should fail if max option exceeded', async () => {
+            // #region arrange
+            const { organization, group, groupPrice, token, member } = await initData();
+            const option1 = GroupOption.create({
+                name: 'option 1',
+                stock: 4,
+                maximum: 5,
+                allowAmount: true,
+                price: ReduceablePrice.create({
+                    price: 5,
+                    reducedPrice: 3,
+                }),
+            });
+            const option2 = GroupOption.create({
+                name: 'option 2',
+                stock: 5,
+                maximum: 2,
+                allowAmount: true,
+                price: ReduceablePrice.create({
+                    price: 3,
+                    reducedPrice: 1,
+                }),
+            });
+            const optionMenu = GroupOptionMenu.create({
+                name: 'option menu 1',
+                multipleChoice: true,
+                options: [option1, option2],
+            });
+            group.settings.optionMenus = [
+                optionMenu,
+            ];
+            await group.save();
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [
+                                RegisterItemOption.create({
+                                    option: option1,
+                                    amount: 2,
+                                    optionMenu,
+                                }),
+                                RegisterItemOption.create({
+                                    option: option2,
+                                    amount: 5,
+                                    optionMenu,
+                                }),
+                            ],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                    ],
+                    balanceItems: [
+                    ],
+                    deleteRegistrationIds: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 50,
+                customer: null,
+            });
+            // #endregion
+            // #region act and assert
+            await expect(async () => await post(body, organization, token))
+                .rejects
+                .toThrow(new RegExp('Option maximum exceeded'));
+            // #endregion
+        });
+        test('Should not fail if max option not exceeded', async () => {
+            // #region arrange
+            const { organization, group, groupPrice, token, member } = await initData();
+            const option1 = GroupOption.create({
+                name: 'option 1',
+                stock: 4,
+                maximum: 5,
+                allowAmount: true,
+                price: ReduceablePrice.create({
+                    price: 5,
+                    reducedPrice: 3,
+                }),
+            });
+            const option2 = GroupOption.create({
+                name: 'option 2',
+                stock: 5,
+                maximum: 5,
+                allowAmount: true,
+                price: ReduceablePrice.create({
+                    price: 3,
+                    reducedPrice: 1,
+                }),
+            });
+            const optionMenu = GroupOptionMenu.create({
+                name: 'option menu 1',
+                multipleChoice: true,
+                options: [option1, option2],
+            });
+            group.settings.optionMenus = [
+                optionMenu,
+            ];
+            await group.save();
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [
+                                RegisterItemOption.create({
+                                    option: option1,
+                                    amount: 2,
+                                    optionMenu,
+                                }),
+                                RegisterItemOption.create({
+                                    option: option2,
+                                    amount: 5,
+                                    optionMenu,
+                                }),
+                            ],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                    ],
+                    balanceItems: [
+                    ],
+                    deleteRegistrationIds: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 50,
+                customer: null,
+            });
+            // #endregion
+            // #region act and assert
+            const result = await post(body, organization, token);
+            expect(result).toBeDefined();
+            // #endregion
+        });
     });
     describe('Register by other organization', () => {

package/src/helpers/MemberUserSyncer.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import crypto from 'crypto';
 import basex from 'base-x';
 import { AuditLogService } from '../services/AuditLogService';
 import { Formatter } from '@stamhoofd/utility';
+import { QueueHandler } from '@stamhoofd/queues';
 const ALPHABET = '123456789ABCDEFGHJKMNPQRSTUVWXYZ'; // Note: we removed 0, O, I and l to make it easier for humans
 const customBase = basex(ALPHABET);
@@ -203,116 +204,119 @@ export class MemberUserSyncerStatic {
     }
     async linkUser(email: string, member: MemberWithRegistrations, asParent: boolean, updateNameIfEqual = true) {
-        console.log('Linking user', email, 'to member', member.id, 'as parent', asParent, 'update name if equal', updateNameIfEqual);
-        let user = member.users.find(u => u.email.toLocaleLowerCase() === email.toLocaleLowerCase()) ?? await User.getForAuthentication(member.organizationId, email, { allowWithoutAccount: true });
-        if (user) {
-            // console.log("Giving an existing user access to a member: " + user.id + ' - ' + member.id)
-            if (!asParent) {
-                if (user.memberId && user.memberId !== member.id) {
-                    console.error('Found conflicting user with multiple members', user.id, 'members', user.memberId, 'to', member.id);
-                    const otherMember = await Member.getWithRegistrations(user.memberId);
-                    if (otherMember) {
-                        if (otherMember.registrations.length > 0 && member.registrations.length === 0) {
-                            // Choose the other member
-                            // don't make changes
-                            console.error('Resolved to current member - no changes made');
-                            return;
+        // This needs to happen in the queue to prevent creating duplicate users in the database
+        await QueueHandler.schedule('link-user/' + email, async () => {
+            console.log('Linking user', email, 'to member', member.id, 'as parent', asParent, 'update name if equal', updateNameIfEqual);
+            let user = member.users.find(u => u.email.toLocaleLowerCase() === email.toLocaleLowerCase()) ?? await User.getForAuthentication(member.organizationId, email, { allowWithoutAccount: true });
+            if (user) {
+                // console.log("Giving an existing user access to a member: " + user.id + ' - ' + member.id)
+                if (!asParent) {
+                    if (user.memberId && user.memberId !== member.id) {
+                        console.error('Found conflicting user with multiple members', user.id, 'members', user.memberId, 'to', member.id);
+                        const otherMember = await Member.getWithRegistrations(user.memberId);
+                        if (otherMember) {
+                            if (otherMember.registrations.length > 0 && member.registrations.length === 0) {
+                                // Choose the other member
+                                // don't make changes
+                                console.error('Resolved to current member - no changes made');
+                                return;
+                            }
+                            const responsibilities = await this.getResponsibilitiesForMembers([otherMember.id, member.id]);
+                            const responsibilitiesOther = responsibilities.filter(r => r.memberId === otherMember.id);
+                            const responsibilitiesCurrent = responsibilities.filter(r => r.memberId === member.id);
+                            if (responsibilitiesOther.length >= responsibilitiesCurrent.length) {
+                                console.error('Resolved to current member because of more responsibilities - no changes made');
+                                return;
+                            }
                         }
+                    }
-                        const responsibilities = await this.getResponsibilitiesForMembers([otherMember.id, member.id]);
-                        const responsibilitiesOther = responsibilities.filter(r => r.memberId === otherMember.id);
-                        const responsibilitiesCurrent = responsibilities.filter(r => r.memberId === member.id);
-                        if (responsibilitiesOther.length >= responsibilitiesCurrent.length) {
-                            console.error('Resolved to current member because of more responsibilities - no changes made');
-                            return;
-                        }
+                    if (updateNameIfEqual) {
+                        user.firstName = member.details.firstName;
+                        user.lastName = member.details.lastName;
                     }
+                    user.memberId = member.id;
+                    await this.updateInheritedPermissions(user);
                 }
+                else {
+                    let shouldSave = false;
+                    if (!user.firstName && !user.lastName) {
+                        const parents = member.details.parents.filter(p => p.email === email);
+                        if (parents.length === 1) {
+                            if (updateNameIfEqual) {
+                                user.firstName = parents[0].firstName;
+                                user.lastName = parents[0].lastName;
+                            }
+                            shouldSave = true;
+                        }
+                    }
-                if (updateNameIfEqual) {
-                    user.firstName = member.details.firstName;
-                    user.lastName = member.details.lastName;
+                    if (user.firstName === member.details.firstName && user.lastName === member.details.lastName) {
+                        user.firstName = null;
+                        user.lastName = null;
+                        shouldSave = true;
+                    }
+                    if (user.memberId === member.id) {
+                        // Unlink: parents are never 'equal' to the member
+                        user.memberId = null;
+                        await this.updateInheritedPermissions(user);
+                    }
+                    if (shouldSave) {
+                        await user.save();
+                    }
                 }
-                user.memberId = member.id;
-                await this.updateInheritedPermissions(user);
             }
             else {
-                let shouldSave = false;
+                // Create a new placeholder user
+                user = new User();
+                user.organizationId = member.organizationId;
+                user.email = email;
-                if (!user.firstName && !user.lastName) {
+                if (!asParent) {
+                    if (updateNameIfEqual) {
+                        user.firstName = member.details.firstName;
+                        user.lastName = member.details.lastName;
+                    }
+                    user.memberId = member.id;
+                    await this.updateInheritedPermissions(user);
+                }
+                else {
                     const parents = member.details.parents.filter(p => p.email === email);
                     if (parents.length === 1) {
                         if (updateNameIfEqual) {
                             user.firstName = parents[0].firstName;
                             user.lastName = parents[0].lastName;
                         }
-                        shouldSave = true;
                     }
-                }
-                if (user.firstName === member.details.firstName && user.lastName === member.details.lastName) {
-                    user.firstName = null;
-                    user.lastName = null;
-                    shouldSave = true;
-                }
-                if (user.memberId === member.id) {
-                    // Unlink: parents are never 'equal' to the member
-                    user.memberId = null;
-                    await this.updateInheritedPermissions(user);
-                }
-                if (shouldSave) {
-                    await user.save();
-                }
-            }
-        }
-        else {
-            // Create a new placeholder user
-            user = new User();
-            user.organizationId = member.organizationId;
-            user.email = email;
-            if (!asParent) {
-                if (updateNameIfEqual) {
-                    user.firstName = member.details.firstName;
-                    user.lastName = member.details.lastName;
-                }
-                user.memberId = member.id;
-                await this.updateInheritedPermissions(user);
-            }
-            else {
-                const parents = member.details.parents.filter(p => p.email === email);
-                if (parents.length === 1) {
-                    if (updateNameIfEqual) {
-                        user.firstName = parents[0].firstName;
-                        user.lastName = parents[0].lastName;
+                    if (user.firstName === member.details.firstName && user.lastName === member.details.lastName) {
+                        user.firstName = null;
+                        user.lastName = null;
                     }
-                }
-                if (user.firstName === member.details.firstName && user.lastName === member.details.lastName) {
-                    user.firstName = null;
-                    user.lastName = null;
+                    await user.save();
                 }
-                await user.save();
+                console.log('Created new (placeholder) user that has access to a member: ' + user.id);
             }
-            console.log('Created new (placeholder) user that has access to a member: ' + user.id);
-        }
-        // Update model relation to correct response
-        if (!member.users.find(u => u.id === user.id)) {
-            await Member.users.reverse('members').link(user, [member]);
-            member.users.push(user);
+            // Update model relation to correct response
+            if (!member.users.find(u => u.id === user.id)) {
+                await Member.users.reverse('members').link(user, [member]);
+                member.users.push(user);
-            // Update balance of this user, as it could have changed
-            await this.updateUserBalance(user.id, member.id);
-        }
+                // Update balance of this user, as it could have changed
+                await this.updateUserBalance(user.id, member.id);
+            }
+        });
     }
     /**