kuzzle 2.17.8 → 2.18.0

package/lib/api/controllers/authController.js

@@ -646,7 +646,12 @@ class AuthController extends NativeController {
 
   assertIsAuthenticated (request) {
     if (request.context.user._id === this.anonymousId) {
-      throw kerror.get('security', 'rights', 'unauthorized');
+      throw kerror.get(
+        'security',
+        'rights',
+        'unauthorized',
+        request.input.controller,
+        request.input.action);
     }
   }
 }

package/lib/api/controllers/indexController.js

@@ -21,8 +21,6 @@
 
 'use strict';
 
-const Bluebird = require('bluebird');
-
 const { Request } = require('../request');
 const { NativeController } = require('./baseController');
 
@@ -119,7 +117,7 @@ class IndexController extends NativeController {
         );
       }
 
-      await Bluebird.all(promises);
+      await Promise.all(promises);
     }
 
     return response;
@@ -148,12 +146,18 @@ class IndexController extends NativeController {
   }
 
   /**
-   * Returns a list of indexes allowed to be deleted by the user
+   * Returns a list of indexes allowed to be deleted by the user.
+   *
+   * Returns entire list of public indexes when called from EmbeddedSDK
    *
    * @param {Request} request
-   * @param {String[]} publicIndexes - Complete indexes list
+   * @param {String[]} publicIndexes - Public indexes list
    */
   _allowedIndexes (request, publicIndexes) {
+    if (request.getUser() === null) {
+      return publicIndexes;
+    }
+
     const allowedIndexes = [];
 
     const promises = publicIndexes
@@ -171,7 +175,7 @@ class IndexController extends NativeController {
           });
       });
 
-    return Bluebird.all(promises)
+    return Promise.all(promises)
       .then(() => allowedIndexes);
   }
 }

package/lib/api/controllers/securityController.js

@@ -31,7 +31,7 @@ const { NativeController } = require('./baseController');
 const formatProcessing = require('../../core/auth/formatProcessing');
 const ApiKey = require('../../model/storage/apiKey');
 const kerror = require('../../kerror');
-const { has, get } = require('../../util/safeObject');
+const { has } = require('../../util/safeObject');
 const { generateRandomName } = require('../../util/name-generator');
 
 /**
@@ -92,6 +92,7 @@ class SecurityController extends NativeController {
       'updateRoleMapping',
       'updateUser',
       'updateUserMapping',
+      'upsertUser',
       'validateCredentials'
     ]);
 
@@ -770,17 +771,9 @@ class SecurityController extends NativeController {
    */
   async createUser (request) {
     const content = request.getBodyObject('content');
-    const profileIds = get(content, 'profileIds');
+    const profileIds = request.getBodyArray('content.profileIds');
     const humanReadableId = request.getString('kuid', 'human') !== 'uuid';
 
-    if (profileIds === undefined) {
-      throw kerror.get('api', 'assert', 'missing_argument', 'body.content.profileIds');
-    }
-
-    if (! Array.isArray(profileIds)) {
-      throw kerror.get('api', 'assert', 'invalid_type', 'body.content.profileIds', 'array');
-    }
-
     return this._persistUser(request, profileIds, content, { humanReadableId });
   }
 
@@ -819,20 +812,38 @@ class SecurityController extends NativeController {
       ? null
       : request.getBodyArray('profileIds');
 
-    const updated = await this.ask(
-      'core:security:user:update',
-      id,
-      profileIds,
-      content,
-      {
-        refresh: request.getRefresh('wait_for'),
-        retryOnConflict: request.getInteger('retryOnConflict', 10),
-        userId,
-      });
+    return this._changeUser(request, id, content, userId, profileIds);
+  }
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on user "${id}."`);
+  /**
+   * Applies a partial update to an existing user.
+   * If the user doesn't already exist, a new user is created.
+   *
+   * @param {Request} request
+   * @returns {Promise}
+   */
+  async upsertUser (request) {
+    const id = request.getId();
+    const content = request.getBodyObject('content');
+    const userId = request.getKuid();
+    const profileIds = request.getBodyArray('content.profileIds');
+    const defaultValues = request.getBodyObject('default', {});
 
-    return formatProcessing.serializeUser(updated);
+    try {
+      return await this._changeUser(request, id, content, userId, profileIds);
+    }
+    catch (error) {
+      if (error.id && error.id === 'security.user.not_found') {
+        const creatingContent = {
+          ...defaultValues,
+          ...content, // Order important, content erase default duplicates
+        };
+
+        return this._persistUser(request, profileIds, creatingContent);
+      }
+
+      throw error;
+    }
   }
 
   /**
@@ -1226,6 +1237,27 @@ class SecurityController extends NativeController {
     return successes;
   }
 
+  /**
+   * @returns {Promise}
+   * @private
+   */
+  async _changeUser (request, id, content, userId, profileIds) {
+    const updated = await this.ask(
+      'core:security:user:update',
+      id,
+      profileIds,
+      content,
+      {
+        refresh: request.getRefresh('wait_for'),
+        retryOnConflict: request.getInteger('retryOnConflict', 10),
+        userId,
+      });
+
+    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on user "${id}."`);
+
+    return formatProcessing.serializeUser(updated);
+  }
+
   /**
    * @param {Request} request
    * @returns {Promise}

package/lib/api/httpRoutes.js

@@ -35,10 +35,10 @@ const {
   OpenApiDocumentCreate,
   OpenApiDocumentCreateOrReplace,
   OpenApiDocumentValidate,
+  OpenApiSecurityUpsertUser,
   OpenApiDocumentmCreateOrReplace,
 } = require('./openapi/components');
 
-
 const routes = [
   // GET (idempotent)
   { verb: 'get', path: '/_me', controller: 'auth', action: 'getCurrentUser' },
@@ -235,6 +235,7 @@ const routes = [
   { verb: 'post', path: '/roles/_search', controller: 'security', action: 'searchRoles' },
   { verb: 'post', path: '/users/_search', controller: 'security', action: 'searchUsers' },
   { verb: 'post', path: '/credentials/:strategy/users/_search', controller: 'security', action: 'searchUsersByCredentials' },
+  { verb: 'post', path: '/users/:_id/_upsert', controller: 'security', action: 'upsertUser', openapi: OpenApiSecurityUpsertUser },
   { verb: 'post', path: '/credentials/:strategy/:_id/_validate', controller: 'security', action: 'validateCredentials' },
   { verb: 'post', path: '/_checkRights', controller: 'auth', action: 'checkRights' },
   { verb: 'post', path: '/_checkRights/:userId', controller: 'security', action: 'checkRights' },

package/lib/api/openapi/OpenApiManager.js

@@ -79,6 +79,9 @@ class OpenApiManager {
                     ...components_1.OpenApiDocumentCreateOrReplaceComponent,
                     ...components_1.OpenApiDocumentCreateComponent,
                     ...components_1.OpenApiDocumentValidateComponent,
+                },
+                security: {
+                    ...components_1.OpenApiSecurityUpsertUserComponent,
                     ...components_1.OpenApiDocumentmCreateOrReplaceComponent,
                 }
             }

package/lib/api/openapi/components/document/get.yaml

@@ -14,7 +14,7 @@ DocumentGet:
         type: string
       required: true
     - in: path
-      name: documentId
+      name: _id
       schema:
         type: string
       required: true

package/lib/api/openapi/components/document/update.yaml

@@ -75,4 +75,4 @@ components:
                   type: "integer"
                 _source:
                   type: string
-                  description: "partial or entire document"
+                  description: "partial or entire document"

package/lib/api/openapi/components/index.d.ts

@@ -1,2 +1,3 @@
 export * from './document';
+export * from './security';
 export declare const OpenApiPayloadsDefinitions: any;

package/lib/api/openapi/components/index.js

@@ -17,6 +17,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.OpenApiPayloadsDefinitions = void 0;
 const readYamlFile_1 = require("../../../util/readYamlFile");
 __exportStar(require("./document"), exports);
+__exportStar(require("./security"), exports);
 // Document definitions (reusable object for KuzzleRequest and KuzzleResponse)
 exports.OpenApiPayloadsDefinitions = (0, readYamlFile_1.readYamlFile)(__dirname + '/payloads.yaml').definitions;
 //# sourceMappingURL=index.js.map

package/lib/api/openapi/components/security/index.d.ts

@@ -0,0 +1,2 @@
+export declare const OpenApiSecurityUpsertUser: any;
+export declare const OpenApiSecurityUpsertUserComponent: any;

package/lib/api/openapi/components/security/index.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenApiSecurityUpsertUserComponent = exports.OpenApiSecurityUpsertUser = void 0;
+const readYamlFile_1 = require("../../../../util/readYamlFile");
+// reading the description of the UpsertUser action in the controller security.
+// The yaml objects are then stored in the variables below
+const upsertUserObject = (0, readYamlFile_1.readYamlFile)(__dirname + '/upsertUser.yaml');
+exports.OpenApiSecurityUpsertUser = upsertUserObject.SecurityUpsertUser;
+exports.OpenApiSecurityUpsertUserComponent = upsertUserObject.components.schemas;
+//# sourceMappingURL=index.js.map

package/lib/api/openapi/components/security/upsertUser.yaml

@@ -0,0 +1,59 @@
+SecurityUpsertUser:
+  summary: "Update or create a user."
+  tags:
+    - user
+  parameters:
+    - in: path
+      name: _id
+      schema:
+        type: string
+      required: true
+    - in: path
+      name: refresh
+      schema:
+        type: string
+      description: " if set to wait_for, Kuzzle will not respond until the deletion has been indexed"
+      required: false
+    - in: path
+      name: retryOnConflict
+      schema:
+        type: integer
+      description: "conflicts may occur if the same user gets updated multiple times within a short timespan, in a database cluster. You can set the retryOnConflict optional argument (with a retry count), to tell Kuzzle to retry the failing updates the specified amount of times before rejecting the request with an error."
+      required: false
+    - name: content
+      in: "body"
+      description: "Updates a user content."
+      required: true
+      schema:
+        $ref: "#/components/security/SecurityUpsertUserRequest"
+  responses:
+    200:
+      description: "Updates or creates a user."
+      schema:
+        $ref: "#/components/security/SecurityUpsertUserResponse"
+      
+components:
+  schemas:
+    SecurityUpsertUserRequest:
+      allOf:
+        - type: "object"
+          description: "user changes"
+    SecurityUpsertUserResponse:
+      allOf:
+        - $ref: "#/components/ResponsePayload"
+        - type: "object"
+          properties:
+            result:
+              type: "object"
+              properties:
+                _id:
+                  type: "string"
+                  description: "userId"
+                _version:
+                  type: "integer"
+                _source:
+                  type: "object"
+                  description: " (optional) actualized user content. This property appears only if the \"source\" option is set to true"
+                created:
+                  type: "boolean"
+

package/lib/api/request/kuzzleRequest.d.ts

@@ -277,6 +277,27 @@ export declare class KuzzleRequest {
      * @throws {api.assert.invalid_type} If the fetched parameter is not an object
      */
     getObject(name: string, def?: JSONObject | undefined): JSONObject;
+    /**
+     * Gets a parameter from a request arguments and check with moment.js if the date is an ISO8601 format date
+     * or is valid regarding a given custom format (example : YYYY-MM-DD).
+     *
+     * @param name parameter name.
+     * @param format optional parameter to check if the date is valid regarding a format. If not set, the format checked
+     * is ISO8601.
+     * @throws {api.assert.missing_argument} If parameter not found and no default
+     *                                       value provided
+     * @throws {api.assert.invalid_type} If parameter value is not a valid date.
+     */
+    getDate(name: string, format?: string): string;
+    /**
+     * Gets a parameter from a request arguments and returns it to timestamp format.
+     *
+     * @param name parameter name.
+     * @throws {api.assert.missing_argument} If parameter not found and no default
+     *                                       value provided
+     * @throws {api.assert.invalid_type} If parameter value is not a valid date.
+     */
+    getTimestamp(name: string): number;
     /**
      * Returns the index specified in the request
      */

package/lib/api/request/kuzzleRequest.js

@@ -42,8 +42,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Request = exports.KuzzleRequest = void 0;
+const safeObject_1 = require("../../util/safeObject");
+const lodash_1 = require("lodash");
+const moment_1 = __importDefault(require("moment"));
 const uuid = __importStar(require("uuid"));
 const nanoid_1 = require("nanoid");
 const requestInput_1 = require("./requestInput");
@@ -53,8 +59,6 @@ const errors_1 = require("../../kerror/errors");
 const kerror = __importStar(require("../../kerror"));
 const types_1 = require("../../types");
 const assert = __importStar(require("../../util/assertType"));
-const safeObject_1 = require("../../util/safeObject");
-const lodash_1 = require("lodash");
 const assertionError = kerror.wrap('api', 'assert');
 // private properties
 // \u200b is a zero width space, used to masquerade console.log output
@@ -528,6 +532,48 @@ class KuzzleRequest {
     getObject(name, def = undefined) {
         return this._getObject(this.input.args, name, name, def);
     }
+    /**
+     * Gets a parameter from a request arguments and check with moment.js if the date is an ISO8601 format date
+     * or is valid regarding a given custom format (example : YYYY-MM-DD).
+     *
+     * @param name parameter name.
+     * @param format optional parameter to check if the date is valid regarding a format. If not set, the format checked
+     * is ISO8601.
+     * @throws {api.assert.missing_argument} If parameter not found and no default
+     *                                       value provided
+     * @throws {api.assert.invalid_type} If parameter value is not a valid date.
+     */
+    getDate(name, format) {
+        const args = this.input.args;
+        if (args[name] === undefined) {
+            throw assertionError.get('missing_argument', name);
+        }
+        if (format && !(0, moment_1.default)(args[name], format, true).isValid()) {
+            throw assertionError.get('invalid_type', name, 'date');
+        }
+        if (!(0, moment_1.default)(args[name], moment_1.default.ISO_8601).isValid()) {
+            throw assertionError.get('invalid_type', name, 'date');
+        }
+        return this.getString(name);
+    }
+    /**
+     * Gets a parameter from a request arguments and returns it to timestamp format.
+     *
+     * @param name parameter name.
+     * @throws {api.assert.missing_argument} If parameter not found and no default
+     *                                       value provided
+     * @throws {api.assert.invalid_type} If parameter value is not a valid date.
+     */
+    getTimestamp(name) {
+        const args = this.input.args;
+        if (args[name] === undefined) {
+            throw assertionError.get('missing_argument', name);
+        }
+        if ((0, moment_1.default)(args[name], true).isValid() === false) {
+            throw assertionError.get('invalid_type', name, 'date');
+        }
+        return this.getInteger(name);
+    }
     /**
      * Returns the index specified in the request
      */

package/lib/core/shared/sdk/embeddedSdk.d.ts

@@ -1,5 +1,5 @@
-import { RealtimeController, Notification, JSONObject, ScopeOption, UserOption, Kuzzle } from 'kuzzle-sdk';
-import { RequestPayload, ResponsePayload } from '../../../types';
+import { RealtimeController, Notification, JSONObject, ScopeOption, UserOption, Kuzzle, RequestPayload } from 'kuzzle-sdk';
+import { ResponsePayload } from '../../../types';
 interface EmbeddedRealtime extends RealtimeController {
     /**
      * Subscribes by providing a set of filters: messages, document changes

package/lib/core/shared/sdk/funnelProtocol.d.ts

@@ -1,5 +1,4 @@
-import { KuzzleEventEmitter } from 'kuzzle-sdk';
-import { RequestPayload } from '../../../types';
+import { KuzzleEventEmitter, RequestPayload } from 'kuzzle-sdk';
 export declare class FunnelProtocol extends KuzzleEventEmitter {
     private id;
     private connectionId;

package/lib/kerror/codes/1-services.json

@@ -273,7 +273,7 @@
         "multiple_indice_alias": {
           "description": "The unique association between an indice and its alias has not been respected",
           "code": 48,
-          "message": "An \"%s\" is not allowed to be associated with multiple \"%\". This is probably not linked to this request but rather the consequence of previous actions on ElasticSearch.",
+          "message": "An %s is not allowed to be associated with multiple %s. This is probably not linked to this request but rather the consequence of previous actions on ElasticSearch.",
           "class": "PreconditionError"
         },
         "invalid_multi_index_collection_usage": {

package/lib/kerror/errors/kuzzleError.d.ts

@@ -10,7 +10,7 @@ export declare class KuzzleError extends Error {
     status: number;
     /**
      * Error unique code
-     * @see https://docs.kuzzle.io/core/2/core/2/api/essentials/error-codes/
+     * @see https://docs.kuzzle.io/core/2/api/errors/error-codes/
      */
     code: number;
     /**

package/lib/model/security/user.js

@@ -47,9 +47,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.User = void 0;
-const rights_1 = __importDefault(require("./rights"));
-const bluebird_1 = __importDefault(require("bluebird"));
 const lodash_1 = __importDefault(require("lodash"));
+const rights_1 = __importDefault(require("./rights"));
 const kerror = __importStar(require("../../kerror"));
 /**
  * @class User
@@ -73,7 +72,7 @@ class User {
      */
     async getRights() {
         const profiles = await this.getProfiles();
-        const results = await bluebird_1.default.map(profiles, p => p.getRights());
+        const results = await Promise.all(profiles.map(p => p.getRights()));
         const rights = {};
         results.forEach(right => lodash_1.default.assignWith(rights, right, rights_1.default.merge));
         return rights;
@@ -97,15 +96,15 @@ class User {
             return false;
         }
         // Every target must be allowed by at least one profile
-        return this.areTargetsAllowed(profiles, targets);
+        return this.areTargetsAllowed(request, profiles, targets);
     }
     /**
      * Verifies that every targets are allowed by at least one profile,
      * while skipping the ones that includes a wildcard since they will be expanded
      * later on, based on index and collections authorized for the given user.
      */
-    async areTargetsAllowed(profiles, targets) {
-        const profilesPolicies = await bluebird_1.default.map(profiles, profile => profile.getAllowedPolicies());
+    async areTargetsAllowed(request, profiles, targets) {
+        const profilesPolicies = await Promise.all(profiles.map(profile => profile.getAllowedPolicies(request)));
         // Every target must be allowed by at least one profile
         for (const target of targets) {
             // Skip targets with no Index or Collection