@tiledesk/tiledesk-server 2.7.2 → 2.7.3

package/CHANGELOG.md

@@ -5,6 +5,10 @@
 🚀        IN PRODUCTION                        🚀
 (https://www.npmjs.com/package/@tiledesk/tiledesk-server/v/2.3.77) 
 
+# 2.7.3
+- Updated project profile call
+- Updated tybot-connector to 0.2.59
+
 # 2.7.2
 - Improved QuoteManager with kbs and chatbots (disabled)
 - Improved QuoteManager with AI multipliers

package/middleware/has-role.js

@@ -184,8 +184,22 @@ class RoleChecker {
                 }
               } else {
               
+                /**
+                 * Updated by Johnny - 29mar2024 - START
+                 */
+                // console.log("req.user: ", req.user);
+                if (req.user.email === process.env.ADMIN_EMAIL) {
+                  req.user.attributes = { isSuperadmin: true };
+                  next();
+                } else {
+                  res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+                }
+                /**
+                 * Updated by Johnny - 29mar2024 - END
+                 */
+
                 // if (req.user) equals super admin next()
-                res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+                //res.status(403).send({success: false, msg: 'you dont belong to the project.'});
               }
       
           });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@tiledesk/tiledesk-server",
   "description": "The Tiledesk server module",
-  "version": "2.7.2",
+  "version": "2.7.3",
   "scripts": {
     "start": "node ./bin/www",
     "pretest": "mongodb-runner start",
@@ -48,7 +48,7 @@
     "@tiledesk/tiledesk-rasa-connector": "^1.0.10",
     "@tiledesk/tiledesk-telegram-connector": "^0.1.10",
     "@tiledesk/tiledesk-train-jobworker": "^0.0.7",
-    "@tiledesk/tiledesk-tybot-connector": "^0.2.57",
+    "@tiledesk/tiledesk-tybot-connector": "^0.2.59",
     "@tiledesk/tiledesk-whatsapp-connector": "^0.1.64",
     "@tiledesk/tiledesk-whatsapp-jobworker": "^0.0.7",
     "amqplib": "^0.5.5",

package/pubmodules/trigger/rulesTrigger.js

@@ -711,7 +711,8 @@ class RulesTrigger {
   
 
 
-              var startText = "\\start";
+              var startText = "\start";
+              // var startText = "\\start";
               if (action.parameters && action.parameters.text) {
                 startText = action.parameters.text;
               }
@@ -787,7 +788,7 @@ class RulesTrigger {
                     'system', 
                     'Bot',                                     
                     request_id,
-                    '\\start', // / start
+                    '\\start', // TODO CHANGE TO / start
                     id_project,
                     null,
                     {subtype:'info', updateconversation : false}
@@ -1037,6 +1038,7 @@ class RulesTrigger {
                if (eventAttributes.participants && eventAttributes.participants.length>0) { 
                 participants = eventAttributes.participants;
                 if (participants[0].indexOf("bot_")>-1) {
+                  // TODO CHANGE TO /start
                   text = "\\start";  //if participants is passed than the bot reply to the first message "welcome" so I changed "welcome" with "\start"
                 }              
                 // status = RequestConstants.ASSIGNED;

package/routes/auth.js

@@ -72,14 +72,29 @@ router.post('/signup',
   } else {    
     return userService.signup(req.body.email, req.body.password, req.body.firstname, req.body.lastname, false)
       .then(function (savedUser) {
-
-
+        
         winston.debug('-- >> -- >> savedUser ', savedUser.toObject());
 
+        // let skipVerificationEmail = false;
+        // if (req.headers.authorization) {
+
+        //   let token = req.headers.authorization.split(" ")[1];
+        //   let decode = jwt.verify(token, configSecret)
+        //   if (decode && (decode.email === process.env.ADMIN_EMAIL)) {
+        //     skipVerificationEmail = true;
+        //     winston.verbose("skip sending verification email")
+        //   }
+        // }
+
+        // if (!req.body.disableEmail){
+        //   if (!skipVerificationEmail) {
+        //     emailService.sendVerifyEmailAddress(savedUser.email, savedUser);
+        //   }
+        // }
+        
         if (!req.body.disableEmail){
-          emailService.sendVerifyEmailAddress(savedUser.email, savedUser);
+            emailService.sendVerifyEmailAddress(savedUser.email, savedUser);
         }
-        
 
 
         /*

package/routes/project.js

@@ -11,6 +11,7 @@ var operatingHoursService = require("../services/operatingHoursService");
 var winston = require('../config/winston');
 var roleChecker = require('../middleware/has-role');
 
+
 // THE THREE FOLLOWS IMPORTS  ARE USED FOR AUTHENTICATION IN THE ROUTE
 var passport = require('passport');
 require('../middleware/passport')(passport);
@@ -20,6 +21,21 @@ var cacheUtil = require('../utils/cacheUtil');
 var orgUtil = require("../utils/orgUtil");
 var cacheEnabler = require("../services/cacheEnabler");
 
+/**
+ * NEW
+ */
+var jwt = require('jsonwebtoken');
+var config = require('../config/database');
+
+let configSecret = process.env.GLOBAL_SECRET || config.secret;
+var pKey = process.env.GLOBAL_SECRET_OR_PUB_KEY;
+if (pKey) {
+  configSecret = pKey.replace(/\\n/g, '\n');
+}
+/**
+ * End NEW
+ */
+
 router.post('/', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken], async (req, res) => {
   
   // create(name, createdBy, settings) 
@@ -71,10 +87,219 @@ router.delete('/:projectid', [passport.authenticate(['basic', 'jwt'], { session:
   });
 });
 
+// router.put('/:projectid/update', function (req, res) {
+// // router.put('/:projectid/profile', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken], function (req, res) {
+  
+//   // Get token from header authorization
+//   let token = req.headers.authorization;
+//   token = token.split(" ")[1];
+
+//   try {
+//     let decoded = jwt.verify(token, configSecret)
+//     winston.debug("user decode: ", decoded);
+
+//     if (!process.env.ADMIN_EMAIL) {
+//       winston.warn("Missing admin email parameter in environment");
+//       return res.status(401).send({ success: false, error: "Missing admin email parameter"});
+//     }
+
+//     if (decoded.email !== process.env.ADMIN_EMAIL) {
+//       winston.warn("Profile modification: permission denied.");
+//       return res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile"});
+//     } 
+
+//     /**
+//      * modify the project profile here
+//      */
+//     var update = {};
+
+//     if (req.body.name!=undefined) {
+//       update.name = req.body.name;
+//     }
+  
+//     if (req.body.activeOperatingHours!=undefined) {
+//       update.activeOperatingHours = req.body.activeOperatingHours;
+//     }
+    
+//     if (req.body.operatingHours!=undefined) {
+//       update.operatingHours = req.body.operatingHours;
+//     }
+    
+//     if (req.body.settings!=undefined) {
+//       update.settings = req.body.settings;
+//     }
+
+//     if (req.body["settings.email.autoSendTranscriptToRequester"]!=undefined) {
+//       update["settings.email.autoSendTranscriptToRequester"] = req.body["settings.email.autoSendTranscriptToRequester"];
+//     }
+//     if (req.body["settings.email.notification.conversation.assigned"]!=undefined) {
+//       update["settings.email.notification.conversation.assigned"] = req.body["settings.email.notification.conversation.assigned"];
+//     }
+//     if (req.body["settings.email.notification.conversation.pooled"]!=undefined) {
+//       update["settings.email.notification.conversation.pooled"] = req.body["settings.email.notification.conversation.pooled"];
+//     }
+//     if (req.body["settings.email.templates.assignedRequest"]!=undefined) {
+//       update["settings.email.templates.assignedRequest"] = req.body["settings.email.templates.assignedRequest"];
+//     }
+//     if (req.body["settings.email.templates.assignedEmailMessage"]!=undefined) {
+//       update["settings.email.templates.assignedEmailMessage"] = req.body["settings.email.templates.assignedEmailMessage"];
+//     }
+//     if (req.body["settings.email.templates.pooledRequest"]!=undefined) {
+//       update["settings.email.templates.pooledRequest"] = req.body["settings.email.templates.pooledRequest"];
+//     }
+//     if (req.body["settings.email.templates.pooledEmailMessage"]!=undefined) {
+//       update["settings.email.templates.pooledEmailMessage"] = req.body["settings.email.templates.pooledEmailMessage"];
+//     }
+//     if (req.body["settings.email.templates.newMessage"]!=undefined) {
+//       update["settings.email.templates.newMessage"] = req.body["settings.email.templates.newMessage"];
+//     }
+//     if (req.body["settings.email.templates.newMessageFollower"]!=undefined) {
+//       update["settings.email.templates.newMessageFollower"] = req.body["settings.email.templates.newMessageFollower"];
+//     }
+//     if (req.body["settings.email.templates.ticket"]!=undefined) {
+//       update["settings.email.templates.ticket"] = req.body["settings.email.templates.ticket"];
+//     }
+//     if (req.body["settings.email.templates.sendTranscript"]!=undefined) {
+//       update["settings.email.templates.sendTranscript"] = req.body["settings.email.templates.sendTranscript"];
+//     }
+//     if (req.body["settings.email.templates.emailDirect"]!=undefined) {
+//       update["settings.email.templates.emailDirect"] = req.body["settings.email.templates.emailDirect"];
+//     }
+//     if (req.body["settings.email.from"]!=undefined) {
+//       update["settings.email.from"] = req.body["settings.email.from"];
+//     }
+//     if (req.body["settings.email.config.host"]!=undefined) {
+//       update["settings.email.config.host"] = req.body["settings.email.config.host"];
+//     }
+//     if (req.body["settings.email.config.port"]!=undefined) {
+//       update["settings.email.config.port"] = req.body["settings.email.config.port"];
+//     }
+//     if (req.body["settings.email.config.secure"]!=undefined) {
+//       update["settings.email.config.secure"] = req.body["settings.email.config.secure"];
+//     }
+//     if (req.body["settings.email.config.user"]!=undefined) {
+//       update["settings.email.config.user"] = req.body["settings.email.config.user"];
+//     }
+//     if (req.body["settings.email.config.pass"]!=undefined) {
+//       update["settings.email.config.pass"] = req.body["settings.email.config.pass"];
+//     }
+//     if (req.body["settings.chat_limit_on"]!=undefined) {
+//       update["settings.chat_limit_on"] = req.body["settings.chat_limit_on"];
+//     }
+//     if (req.body["settings.max_agent_assigned_chat"]!=undefined) {
+//       update["settings.max_agent_assigned_chat"] = req.body["settings.max_agent_assigned_chat"];
+//     }
+//     if (req.body["settings.reassignment_on"]!=undefined) {
+//       update["settings.reassignment_on"] = req.body["settings.reassignment_on"];
+//     }
+//     if (req.body["settings.reassignment_delay"]!=undefined) {
+//       update["settings.reassignment_delay"] = req.body["settings.reassignment_delay"];
+//     }
+//     if (req.body["settings.automatic_unavailable_status_on"]!=undefined) {
+//       update["settings.automatic_unavailable_status_on"] = req.body["settings.automatic_unavailable_status_on"];
+//     }
+//     if (req.body["settings.automatic_idle_chats"]!=undefined) {
+//       update["settings.automatic_idle_chats"] = req.body["settings.automatic_idle_chats"];
+//     }
+
+//     if (req.body.widget!=undefined) {
+//       update.widget = req.body.widget;
+//     }
+//     if (req.body.versions!=undefined) {
+//       update.versions = req.body.versions;
+//     }
+//     if (req.body.channels!=undefined) {
+//       update.channels = req.body.channels; 
+//     }
+//     if (req.body.ipFilterEnabled!=undefined) {
+//       update.ipFilterEnabled = req.body.ipFilterEnabled;
+//     }
+//     if (req.body.ipFilter!=undefined) {
+//       update.ipFilter = req.body.ipFilter;
+//     }
+//     if (req.body.ipFilterDenyEnabled!=undefined) {
+//       update.ipFilterDenyEnabled = req.body.ipFilterDenyEnabled;
+//     }
+//     if (req.body.ipFilterDeny!=undefined) {
+//       update.ipFilterDeny = req.body.ipFilterDeny;
+//     }
+//     if (req.body.bannedUsers!=undefined) {
+//       update.bannedUsers = req.body.bannedUsers;
+//     }
+//     if (req.body.profile!=undefined) {
+//       update.profile = req.body.profile;
+//     }
+
+//     winston.debug('UPDATE PROJECT REQ BODY ', update);
+
+//     Project.findByIdAndUpdate(req.params.projectid, update, { new: true, upsert: true }, function (err, updatedProject) {
+//       if (err) {
+//         winston.error('Error putting project ', err);
+//         return res.status(500).send({ success: false, msg: 'Error updating object.' });
+//       }
+//       projectEvent.emit('project.update', updatedProject );
+//       res.json(updatedProject);
+//     });
+  
+//   } catch (err) {
+//     winston.warn("Profile modification: permission denied.");
+//     res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile"});
+//   }
+
+// })
+
 router.put('/:projectid', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('admin')], function (req, res) {
+  
   winston.debug('UPDATE PROJECT REQ BODY ', req.body);
 
   var update = {};
+
+  console.log("ADMIN EMAIL: ", process.env.ADMIN_EMAIL)
+  if (req.body.profile) {
+
+    if (req.user &&
+        req.user.attributes &&
+        req.user.attributes.isSuperadmin === true) {
+          
+          winston.debug("Superadmin can modify the project profile")
+          update.profile = req.body.profile;
+
+          delete req.user.attributes.isSuperadmin;
+        }
+
+        else {
+          winston.verbose("Project profile can't be modified by the current user " + req.user._id);
+          return res.status(403).send({ success: false,  error: "You don't have the permission required to modify the project profile"});
+        }
+
+    // check if super admin
+    // let token = req.headers.authorization
+    // token = token.split(" ")[1];
+
+    // let decoded = jwt.verify(token, configSecret);
+    // winston.debug("user decoded: ", decoded);
+    // console.log("user decoded: ", decoded);
+
+    // if (!process.env.ADMIN_EMAIL) {
+    //   winston.warn("Missing admin email parameter in environment");
+    //   return res.status(401).send({ success: false, error: "Missing admin email parameter"});
+    // }
+
+    // if (!decoded) {
+    //   winston.warn("Profile modification: permission denied.");
+    //   return res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile. Can't decode user."});
+    // }
+
+    // if (decoded.email !== process.env.ADMIN_EMAIL) {
+    //   winston.warn("Profile modification: permission denied.");
+    //   return res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile"});
+    // }
+
+    // console.log("You can modify the project profile");
+
+    // winston.info("Illegal field profile detected. Deny project profile update.");
+    // return res.status(403).send({ success: false,  error: "You cannot edit the project profile."});
+  }
   
 //like patch
   if (req.body.name!=undefined) {
@@ -232,10 +457,6 @@ router.put('/:projectid', [passport.authenticate(['basic', 'jwt'], { session: fa
   if (req.body.bannedUsers!=undefined) {
     update.bannedUsers = req.body.bannedUsers;
   }
-
-  if (req.body.profile != undefined) {
-    update.profile = req.body.profile;
-  }
   
   // if (req.body.defaultLanguage!=undefined) {
   //   update.defaultLanguage = req.body.defaultLanguage; 
@@ -243,7 +464,6 @@ router.put('/:projectid', [passport.authenticate(['basic', 'jwt'], { session: fa
 
   
   winston.debug('UPDATE PROJECT REQ BODY ', update);
-
   // console.log("update",JSON.stringify(update));
 
   Project.findByIdAndUpdate(req.params.projectid, update, { new: true, upsert: true }, function (err, updatedProject) {

package/test/authentication.js

@@ -1,6 +1,6 @@
 //During the test the env variable is set to test
 process.env.NODE_ENV = 'test';
-
+process.env.ADMIN_EMAIL = "admin@tiledesk.com";
 //var User = require('../models/user');
 var projectService = require('../services/projectService');
 var requestService = require('../services/requestService');
@@ -201,6 +201,33 @@ describe('/signup', () => {
                 
     });
 
+    // it('signUpAdminNoVerificationEmail', (done) => {
+
+    //     var email = "test-signup-" + Date.now() + "@email.com";
+    //     var pwd = "pwd";
+
+    //     chai.request(server)
+    //         .post("/auth/signin")
+    //         .send({ email: "admin@tiledesk.com", password: "adminadmin" })
+    //         .end((err, res) => {
+
+    //             // console.log("login with superadmin res.body: ", res.body)
+    //             let superadmin_token = res.body.token;
+
+    //             chai.request(server)
+    //                 .post("/auth/signup")
+    //                 .set('Authorization', superadmin_token)
+    //                 .send({ email: email, password: pwd, lastname: "lastname", firstname: "firstname", disableEmail: true })
+    //                 .end((err, res) => {
+
+    //                     // console.log("res.body: ", res.body);
+    //                     done();
+    //                 })
+    //         })
+
+
+    // })
+
     // mocha test/authentication.js  --grep 'signupUpperCaseEmail'
 
 

package/test/projectRoute.js

@@ -0,0 +1,97 @@
+//During the test the env variable is set to test
+process.env.NODE_ENV = 'test';
+process.env.ADMIN_EMAIL = "admin@tiledesk.com";
+
+let log = false;
+var projectService = require('../services/projectService');
+var userService = require('../services/userService');
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../app');
+let should = chai.should();
+var fs = require('fs');
+const path = require('path');
+
+// chai.config.includeStack = true;
+
+var expect = chai.expect;
+var assert = chai.assert;
+
+chai.use(chaiHttp);
+
+describe('ProjectRoute', () => {
+
+    describe('/create', () => {
+
+        it('updateProjectProfileWithSuperAdminCredential', (done) => {
+
+            var email = "test-signup-" + Date.now() + "@email.com";
+            var pwd = "pwd";
+
+            userService.signup(email, pwd, "Test Firstname", "Test Lastname").then((savedUser) => {
+                projectService.create("test-project-create", savedUser._id).then((savedProject) => {
+
+                    chai.request(server)
+                        .post('/auth/signin')
+                        .send({ email: "admin@tiledesk.com", password: "adminadmin" })
+                        .end((err, res) => {
+
+                            if (log) { console.log("login with superadmin res.body: ", res.body) };
+                            res.should.have.status(200);
+                            res.body.should.be.a('object');
+                            expect(res.body.success).to.equal(true);
+                            expect(res.body.token).not.equal(null);
+
+                            let superadmin_token = res.body.token;
+
+                            chai.request(server)
+                                // .put('/projects/' + savedProject._id + "/update")
+                                .put('/projects/' + savedProject._id)
+                                .set('Authorization', superadmin_token)
+                                .send({ profile: { name: "Custom", quotes: { kbs: 1000} } })
+                                .end((err, res) => {
+
+                                    if (log) { console.log("update project profile res.body: ", res.body) };
+                                    res.should.have.status(200);
+                                    res.body.should.be.a('object');
+                                    expect(res.body.profile.name).to.equal("Custom");
+                                    // expect(res.body.profile.quotes.kbs).to.equal(1000);
+
+                                    done();
+                                })
+                        })
+                })
+            })
+        }).timeout(10000)
+
+        it('denyUpdateProjectProfile', (done) => {
+
+            var email = "test-signup-" + Date.now() + "@email.com";
+            var pwd = "pwd";
+
+            userService.signup(email, pwd, "Test Firstname", "Test Lastname").then((savedUser) => {
+                projectService.create("test-project-create", savedUser._id).then((savedProject) => {
+
+                    chai.request(server)
+                        .put('/projects/' + savedProject._id)
+                        // .put('/projects/' + savedProject._id + "/update")
+                        .auth(email, pwd)
+                        .send({ profile: { name: "Custom", quotes: { kbs: 1000} } })
+                        .end((err, res) => {
+
+                            if (log) { console.log("update project profile res.body: ", res.body) };
+                            res.should.have.status(403);
+                            expect(res.body.success).to.equal(false);
+                            expect(res.body.error).to.equal("You don't have the permission required to modify the project profile");
+                            done();
+                        })
+                })
+            })
+        }).timeout(10000)
+    });
+
+});
+
+