@tiledesk/tiledesk-server 2.10.3 → 2.10.4

package/routes/images.js

@@ -15,6 +15,9 @@ const sharp = require('sharp');
 
 
 const FileGridFsService = require('../services/fileGridFsService.js');
+const faq_kb = require('../models/faq_kb');
+const project_user = require('../models/project_user');
+const roleConstants = require('../models/roleConstants');
 
 const fileService = new FileGridFsService("images");
 
@@ -173,27 +176,57 @@ curl -v -X PUT -u andrea.leo@f21.it:123456 \
   */
 router.put('/users/photo', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken],
 // bodymiddleware, 
-uploadAvatar.single('file'), (req, res, next) => {
+uploadAvatar.single('file'), async (req, res, next) => {
   try {
     winston.debug("/users/photo");
-    // winston.info("req.query.folder1:"+req.body.folder);
-
-    // var folder = req.folder || "error";
-    // winston.info("folder:"+folder);
 
     if (req.upload_file_already_exists) {
       winston.warn('Error uploading photo image, file already exists',req.file.filename );
       return res.status(409).send({success: false, msg: 'Error uploading photo image, file already exists'});
     }
 
-    var userid = req.user.id;
+    let userid = req.user.id;
+    let bot_id;
+    let entity_id = userid;
 
-    if (req.query.user_id) {
-      userid = req.query.user_id;
-    }
+    // if (req.query.user_id) {
+    //   userid = req.query.user_id;
+    // }
     
+    if (req.query.bot_id) {
+      bot_id = req.query.bot_id;
+
+      let chatbot = await faq_kb.findById(bot_id).catch((err) => {
+        winston.error("Error finding bot ", err);
+        res.status(500).send({ success: false, error: "Unable to find chatbot with id " + bot_id });
+      })
+
+      if (!chatbot) {
+        res.status(404).send({ success: false, error: "Chatbot not found" })
+      }
 
-     var destinationFolder = 'uploads/users/' + userid + "/images/";
+      let id_project = chatbot.id_project;
+
+      let puser = await project_user.findOne({ id_user: userid, id_project: id_project }).catch((err) => {
+        winston.error("Error finding project user: ", err);
+        return res.status(500).send({ success: false, error: "Unable to find project user for user " + userid + "in project " + id_project });
+      })
+
+      if (!puser) {
+        winston.warn("User" + userid + "don't belongs the project " + id_project);
+        return res.status(401).send({ success: false, error: "You don't belong the chatbot's project" })
+      }
+
+      if ((puser.role !== roleConstants.ADMIN) && (puser.role !== roleConstants.OWNER)) {
+        winston.warn("User with role " + puser.role + "can't modify the chatbot");
+        return res.status(403).send({ success: false, error: "You don't have the role required to modify the chatbot" });
+      }
+
+      entity_id = bot_id;
+    }
+
+    
+     var destinationFolder = 'uploads/users/' + entity_id + "/images/";
      winston.debug("destinationFolder:"+destinationFolder);
 
      var thumFilename = destinationFolder+'thumbnails_200_200-photo.jpg';

package/routes/request.js

@@ -29,6 +29,7 @@ csv = require('csv-express');
 csv.separator = ';';
 
 const { check, validationResult } = require('express-validator');
+const RoleConstants = require('../models/roleConstants');
 
 // var messageService = require('../services/messageService');
 
@@ -222,9 +223,9 @@ router.patch('/:requestid', function (req, res) {
     update.tags = req.body.tags;
   }
 
-  if (req.body.notes) {
-    update.notes = req.body.notes;
-  }
+  // if (req.body.notes) {
+  //   update.notes = req.body.notes;
+  // }
 
   if (req.body.rating) {
     update.rating = req.body.rating;
@@ -302,21 +303,39 @@ router.patch('/:requestid', function (req, res) {
 
 
 // TODO make a synchronous chat21 version (with query parameter?) with request.support_group.created
-router.put('/:requestid/close', function (req, res) {
+router.put('/:requestid/close', async function (req, res) {
   winston.debug(req.body);
+  let request_id = req.params.requestid;
+  let user_role = req.projectuser.role;
 
   // closeRequestByRequestId(request_id, id_project, skipStatsUpdate, notify, closed_by)
   const closed_by = req.user.id;
-  return requestService.closeRequestByRequestId(req.params.requestid, req.projectid, false, true, closed_by, req.body.force).then(function (closedRequest) {
 
-    winston.verbose("request closed", closedRequest);
+  if (user_role !== RoleConstants.OWNER && user_role !== RoleConstants.ADMIN) {
+    let request = await Request.findOne({ id_project: req.projectid, request_id: request_id }).catch((err) => {
+      winston.error("Error finding request: ", err);
+      return res.status(500).send({ success: false, error: "Error finding request with request_id " + request_id })
+    })
+  
+    if (!request) {
+      winston.verbose("Request with request_id " + request_id)
+      return res.status(404).send({ success: false, error: "Request not found"})
+    }
+  
+    if (!request.participantsAgents.includes(req.user.id)) {
+      winston.verbose("Request can't be closed by a non participant. Attempt made by " + req.user.id);
+      return res.status(403).send({ success: false, error: "You must be among the participants to close a conversation."})
+    }
+  }
+  
 
+  return requestService.closeRequestByRequestId(req.params.requestid, req.projectid, false, true, closed_by, req.body.force).then(function (closedRequest) {
+    winston.verbose("request closed", closedRequest);
     return res.json(closedRequest);
-
   });
 
-
 });
+
 // TODO make a synchronous chat21 version (with query parameter?) with request.support_group.created
 router.put('/:requestid/reopen', function (req, res) {
   winston.debug(req.body);
@@ -609,14 +628,34 @@ router.patch('/:requestid/attributes', function (req, res) {
 
 });
 
-router.post('/:requestid/notes', function (req, res) {
+router.post('/:requestid/notes', async function (req, res) {
+  
+  let request_id = req.params.requestid
   var note = {};
   note.text = req.body.text;
-  // note.id_project = req.projectid;
   note.createdBy = req.user.id;
 
-  //cacheinvalidation
-  return Request.findOneAndUpdate({ request_id: req.params.requestid, id_project: req.projectid }, { $push: { notes: note } }, { new: true, upsert: false })
+  let project_user = req.projectuser;
+
+  if (project_user.role === RoleConstants.AGENT) {
+    let request = await Request.findOne({ request_id: request_id }).catch((err) => {
+      winston.error("Error finding request ", err);
+      return res.status(500).send({ success: false, error: "Error finding request with id " +  request_id });
+    })
+  
+    if (!request) {
+      winston.warn("Request with id " + request_id + " not found.");
+      return res.status(404).send({ success: false, error: "Request with id " + request_id + " not found."});
+    }
+
+    // Check if the user is a participant
+    if (!request.participantsAgents.includes(req.user.id)) {
+      winston.verbose("Trying to add a note from a non participating agent");
+      return res.status(403).send({ success: false, error: "You are not participating in the conversation"})
+    }
+  }
+
+  return Request.findOneAndUpdate({ request_id: request_id, id_project: req.projectid }, { $push: { notes: note } }, { new: true, upsert: false })
     .populate('lead')
     .populate('department')
     .populate('participatingBots')
@@ -638,10 +677,32 @@ router.post('/:requestid/notes', function (req, res) {
 });
 
 
-router.delete('/:requestid/notes/:noteid', function (req, res) {
+router.delete('/:requestid/notes/:noteid', async function (req, res) {
+
+  let request_id = req.params.requestid
+  let note_id = req.params.noteid;
+  let project_user = req.projectuser;
+
+  if (project_user.role === RoleConstants.AGENT) {
+    let request = await Request.findOne({ request_id: request_id }).catch((err) => {
+      winston.error("Error finding request ", err);
+      return res.status(500).send({ success: false, error: "Error finding request with id " +  request_id });
+    })
+  
+    if (!request) {
+      winston.warn("Request with id " + request_id + " not found.");
+      return res.status(404).send({ success: false, error: "Request with id " + request_id + " not found."});
+    }
+  
+    // Check if the user is a participant
+    if (!request.participantsAgents.includes(req.user.id)) {
+      winston.verbose("Trying to delete a note from a non participating agent");
+      return res.status(403).send({ success: false, error: "You are not participating in the conversation"})
+    }
+  }
 
   //cacheinvalidation
-  return Request.findOneAndUpdate({ request_id: req.params.requestid, id_project: req.projectid }, { $pull: { notes: { "_id": req.params.noteid } } }, { new: true, upsert: false })
+  return Request.findOneAndUpdate({ request_id: request_id, id_project: req.projectid }, { $pull: { notes: { "_id": note_id } } }, { new: true, upsert: false })
     .populate('lead')
     .populate('department')
     .populate('participatingBots')
@@ -903,7 +964,7 @@ router.get('/', function (req, res, next) {
   skip = page * limit;
 
   // Default query
-  var query = { "id_project": req.projectid, "status": { $lt: 1000, $ne: 150 }, preflight: false };
+  var query = { "id_project": req.projectid, "status": { $lt: 1000, $nin: [50, 150] }, preflight: false };
 
   if (req.user instanceof Subscription) {
     // All request 

package/routes/users.js

@@ -6,6 +6,7 @@ var emailService = require("../services/emailService");
 var winston = require('../config/winston');
 const authEvent = require('../event/authEvent');
 const uuidv4 = require('uuid/v4');
+var uniqid = require('uniqid');
 
 router.put('/', function (req, res) {
 
@@ -131,6 +132,16 @@ router.put('/changepsw', function (req, res) {
             winston.debug('* THE PSW MATCH CURRENT PSW * PROCEED WITH THE UPDATE')
             winston.debug('CHANGE PSW - NEW PSW: ', req.body.newpsw);
 
+            if (req.body.newpsw === req.body.oldpsw) {
+              winston.warn("New password can't match the old one");
+              return res.status(403).send({ success: false, message: "The new password must be different from the previous one."})
+            }
+
+            const regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*])[A-Za-z\d!@#$%^&*]{8,}$/);
+            if (!regex.test(req.body.newpsw)) {
+              return res.status(403).send({ success: false, message: "The password does not meet the minimum vulnerability requirements"})
+            }
+            
             user.password = req.body.newpsw
 
             user.save(function (err, saveUser) {
@@ -157,9 +168,17 @@ router.put('/changepsw', function (req, res) {
 
 router.get('/resendverifyemail', function (req, res) {
   winston.debug('RE-SEND VERIFY EMAIL - LOGGED USER ', req.user);
+  console.log("resendverifyemail req.user", req.user)
+  let user = req.user;
   try {
     // TODO req.user.email is null for bot visitor
-    emailService.sendVerifyEmailAddress(req.user.email, req.user);
+    let verify_email_code = uniqid();
+    let redis_client = req.app.get('redis_client');
+    let key = "emailverify:verify-" + verify_email_code;
+    let obj = { _id: user._id, email: user.email}
+    let value = JSON.stringify(obj);
+    redis_client.set(key, value, { EX: 900} ) 
+    emailService.sendVerifyEmailAddress(user.email, user, verify_email_code);
     res.status(200).json({ success: true, message: 'Verify email successfully sent' });
   } catch (e) {
     winston.debug("RE-SEND VERIFY EMAIL error", e);

package/services/emailService.js

@@ -1685,7 +1685,7 @@ class EmailService {
   }
 
   // ok
-  async sendVerifyEmailAddress(to, savedUser) {
+  async sendVerifyEmailAddress(to, savedUser, code) {
 
 
     var that = this;
@@ -1705,7 +1705,8 @@ class EmailService {
 
     var replacements = {
       savedUser: savedUser,
-      baseScope: baseScope
+      baseScope: baseScope,
+      code: code
     };
 
     var html = template(replacements);

package/services/requestService.js

@@ -2828,7 +2828,7 @@ class RequestService {
 
   async getConversationsCount(id_project, status, preflight, hasBot, startDate, endDate) {
     return new Promise( async (resolve, reject) => {
-      let query = { id_project: id_project, status: status, preflight: preflight};
+      let query = { id_project: id_project, status: status, preflight: preflight, draft: { $in: [false, null] }};
       if (hasBot != null) {
         query.hasBot = hasBot;
       }

package/template/email/verify.html

@@ -160,7 +160,7 @@
                       <!-- <br> welcome on Tiledesk.com. -->
                       <br><br> Thank you for signin up with Tiledesk.
                       <br><br> To complete the setup, <span><a
-                          href="{{baseScope.baseUrl}}/#/verify/email/{{savedUser._id}}"> click here to verify your email
+                          href="{{baseScope.baseUrl}}/#/verify/email/{{savedUser._id}}/{{code}}"> click here to verify your email
                           address. </a> </span>
                       <br><br>Give us your feedback! We need your advice. Send an email to <a
                         href="mailto:info@tiledesk.com">info@tiledesk.com</a>

package/test/authentication.js

@@ -186,12 +186,12 @@ describe('/signup', () => {
     //   this.timeout();
 
        var email = "test-signuook-" + Date.now() + "@email.com";
-       var pwd = "pwd";
+       var pwd = "Pwd1234!";
 
           
                     chai.request(server)
                         .post('/auth/signup' )
-                        .send({email:email, password:pwd, lastname:"lastname", firstname: "firstname", disableEmail: true})
+                        .send({email:email, password:pwd, lastname:"lastname", firstname: "firstname", disableEmail: true}) // whi disableEmail true?
                         .end((err, res) => {
                             //console.log("res",  res);
                             console.log("res.body",  res.body);
@@ -208,6 +208,28 @@ describe('/signup', () => {
                 
     });
 
+
+    // it('verifyemail', (done) => {
+
+    //     let user_id = "670e55c8187b430e793d644e";
+    //     let code = "4fx6e1hfcm2admb4a";
+    //     chai.request(server)
+    //         .put('/auth/verifyemail/' + user_id + '/' + code)
+    //         .send({ emailVerified: true })
+    //         .end((err, res) => {
+
+    //             console.error("err: ", err)
+    //             console.log("res.body: ", res.body)
+    //             done();
+    //         })
+
+
+
+    // });
+
+
+  
+
     // it('signUpAdminNoVerificationEmail', (done) => {
 
     //     var email = "test-signup-" + Date.now() + "@email.com";
@@ -244,7 +266,7 @@ describe('/signup', () => {
         //   this.timeout();
             var now = Date.now();
            var email = "test-signupUpperCaseEmail-" + now + "@email.com";
-           var pwd = "pwd";
+           var pwd = "Pwd1234!";
     
               
                         chai.request(server)
@@ -272,7 +294,7 @@ describe('/signup', () => {
         //   this.timeout();
     
            var email = "test-signuoOk-" + Date.now() + "@email";
-           var pwd = "pwd";
+           var pwd = "Pwd1234!";
     
               
                         chai.request(server)

package/test/authorization.js

@@ -32,7 +32,7 @@ describe('Authorization', () => {
     //   this.timeout();
 
        var email = "test-signup-" + Date.now() + "@email.com";
-       var pwd = "pwd";
+       var pwd = "Pwd1234!";
 
         userService.signup( email ,pwd, "Test Firstname", "Test lastname").then(function(savedUser) {
             projectService.createAndReturnProjectAndProjectUser("test-auth", savedUser._id).then(function(savedProjectAndPU) {

package/test/faqkbRoute.js

@@ -7,7 +7,7 @@ var userService = require('../services/userService');
 var faqService = require('../services/faqService');
 
 let chatbot_mock = require('./chatbot-mock');
-let log = true;
+let log = false;
 
 
 //Require the dev-dependencies
@@ -17,6 +17,8 @@ let server = require('../app');
 let should = chai.should();
 var fs = require('fs');
 const path = require('path');
+const Project_user = require('../models/project_user');
+const roleConstants = require('../models/roleConstants');
 
 // chai.config.includeStack = true;
 
@@ -29,12 +31,80 @@ describe('FaqKBRoute', () => {
 
     describe('/create', () => {
 
+      it('create-new-chatbot', (done) => {
 
+        var email = "test-signup-" + Date.now() + "@email.com";
+        var pwd = "pwd";
 
-        it('create', (done) => {
+        userService.signup(email, pwd, "Test Firstname", "Test lastname").then(function (savedUser) {
+          projectService.create("test-faqkb-create", savedUser._id).then(function (savedProject) {
+            
+            chai.request(server)
+              .post('/' + savedProject._id + '/faq_kb')
+              .auth(email, pwd)
+              .send({ "name": "testbot", type: "external", language: 'fr' })
+              .end((err, res) => {
 
+                if (err) { console.error("err: ", err); }
+                if (log) { console.log("res.body", res.body); }
 
-            //   this.timeout();
+                res.should.have.status(200);
+                res.body.should.be.a('object');
+                expect(res.body.name).to.equal("testbot");
+                expect(res.body.language).to.equal("fr");
+
+                chai.request(server)
+                  .get('/' + savedProject._id + '/faq_kb/' + res.body._id)
+                  .auth(email, pwd)
+                  .end((err, res) => {
+
+                    if (err) { console.error("err: ", err); }
+                    if (log) { console.log("res.body", res.body); }
+
+                    res.should.have.status(200);
+
+                    done();
+
+                  });
+              });
+          });
+        });
+
+      })
+
+      it('create-new-chatbot-agent-role', (done) => {
+
+        var email = "test-signup-" + Date.now() + "@email.com";
+        var pwd = "pwd";
+
+        userService.signup(email, pwd, "Test Firstname", "Test lastname").then(function (savedUser) {
+          projectService.create("test-faqkb-create", savedUser._id).then(function (savedProject) {
+            Project_user.findOneAndUpdate({ id_project: savedProject._id, id_user: savedUser._id }, { role: roleConstants.AGENT }, (err, savedProject_user) => {
+
+              chai.request(server)
+                .post('/' + savedProject._id + '/faq_kb')
+                .auth(email, pwd)
+                .send({ "name": "testbot", type: "external", language: 'fr' })
+                .end((err, res) => {
+  
+                  if (err) { console.error("err: ", err); }
+                  if (log) { console.log("res.body", res.body); }
+  
+                  res.should.have.status(403);
+                  expect(res.body.success).to.equal(false);
+                  expect(res.body.msg).to.equal("you dont have the required role.");
+  
+                  done();
+
+                });
+            })
+          });
+        });
+
+      })
+
+
+        it('get-all-chatbot-with-role-admin-or-owner', (done) => {
 
             var email = "test-signup-" + Date.now() + "@email.com";
             var pwd = "pwd";
@@ -46,21 +116,23 @@ describe('FaqKBRoute', () => {
                         .auth(email, pwd)
                         .send({ "name": "testbot", type: "external", language: 'fr' })
                         .end((err, res) => {
-                            if (log) {
-                                console.log("res.body", res.body);
-                            }
+
+                            if (err) { console.error("err: ", err); }
+                            if (log) { console.log("res.body", res.body); }
+
                             res.should.have.status(200);
                             res.body.should.be.a('object');
                             expect(res.body.name).to.equal("testbot");
                             expect(res.body.language).to.equal("fr");
 
                             chai.request(server)
-                                .get('/' + savedProject._id + '/faq_kb/' + res.body._id)
+                                .get('/' + savedProject._id + '/faq_kb')
                                 .auth(email, pwd)
                                 .end((err, res) => {
-                                    if (log) {
-                                        console.log("res.body", res.body);
-                                    }
+
+                                    if (err) { console.error("err: ", err); }
+                                    if (log) { console.log("res.body", res.body); }
+
                                     res.should.have.status(200);
 
                                     done();
@@ -73,6 +145,50 @@ describe('FaqKBRoute', () => {
 
         }).timeout(20000);
 
+        it('get-all-chatbot-with-role-agent', (done) => {
+
+            var email = "test-signup-" + Date.now() + "@email.com";
+            var pwd = "pwd";
+
+            userService.signup(email, pwd, "Test Firstname", "Test lastname").then(function (savedUser) {
+                projectService.create("test-faqkb-create", savedUser._id).then(function (savedProject) {
+                    chai.request(server)
+                        .post('/' + savedProject._id + '/faq_kb')
+                        .auth(email, pwd)
+                        .send({ "name": "testbot", type: "external", language: 'fr' })
+                        .end((err, res) => {
+
+                            if (err) { console.error("err: ", err); }
+                            if (log) { console.log("res.body", res.body); }
+
+                            res.should.have.status(200);
+                            res.body.should.be.a('object');
+                            expect(res.body.name).to.equal("testbot");
+                            expect(res.body.language).to.equal("fr");
+
+                            Project_user.findOneAndUpdate({ id_project: savedProject._id, id_user: savedUser._id }, { role: roleConstants.AGENT }, (err, savedProject_user) => {
+                                chai.request(server)
+                                    .get('/' + savedProject._id + '/faq_kb')
+                                    .auth(email, pwd)
+                                    .end((err, res) => {
+    
+                                        if (err) { console.error("err: ", err); }
+                                        if (log) { console.log("res.body", res.body); }
+                                        console.log("res.body", res.body);
+                                        res.should.have.status(200);
+    
+                                        done();
+                                    });
+                            })
+
+                        });
+
+
+                });
+            });
+
+        }).timeout(20000);
+
         /**
          * This test will be no longer available after merge with master because 
          * the profile section can no longer be modified via api.

package/test/requestRoute.js

@@ -85,6 +85,56 @@ describe('RequestRoute', () => {
     });
   });
 
+  it('create-simple-new-note', function (done) {
+    // this.timeout(10000);
+
+    var email = "test-request-create-" + Date.now() + "@email.com";
+    var pwd = "pwd";
+
+    userService.signup(email, pwd, "Test Firstname", "Test lastname").then(function (savedUser) {
+      projectService.create("request-create", savedUser._id, { email: { template: { assignedRequest: "123" } } }).then(function (savedProject) {
+
+
+        chai.request(server)
+          .post('/' + savedProject._id + '/requests/')
+          .auth(email, pwd)
+          .set('content-type', 'application/json')
+          .send({ "first_text": "first_text" })
+          .end(function (err, res) {
+
+            if (err) { console.error("err: ", err); }
+            if (log) { console.log("res.body",  res.body); }
+
+            res.should.have.status(200);
+            res.body.should.be.a('object');
+
+            let request_id = res.body.request_id;
+            chai.request(server)
+                .post('/' + savedProject._id + '/requests/' + request_id + "/notes")
+                .auth(email, pwd)
+                .send({ text: "test note 1"})
+                .end((err, res) => {
+
+                  if (err) { console.error("err: ", err); }
+                  if (log) { console.log("res.body",  res.body); }
+
+                  res.should.have.status(200);
+                  res.body.should.be.a('object');
+                  expect(res.body.notes.length).to.equal(1);
+                  expect(res.body.notes[0].text).to.equal("test note 1");
+                  expect(res.body.notes[0].createdBy).to.equal(savedUser._id.toString());
+                  
+                  done();
+                  // Project_user.findOneAndUpdate({id_project: savedProject._id, id_user: savedUser._id }, { role: RoleConstants.AGENT }, function(err, savedProject_user){
+                  //   done();
+                  // })
+                })
+
+          });
+      });
+    });
+  });
+
 
   it('createSimpleAndCloseForDuration', function (done) {
     // this.timeout(10000);