Merge pull request #1034 from CVEProject/dev

Update INT with Sprint 25
CVEProject · Feb 20, 2023 · cd207f1 · cd207f1
2 parents 8294189 + cb243b8
commit cd207f1
Show file tree

Hide file tree

Showing 27 changed files with 310 additions and 114 deletions.
diff --git a/api-docs/openapi.json b/api-docs/openapi.json
@@ -1105,8 +1105,8 @@
         "tags": [
           "CVE Record"
         ],
-        "summary": "Creates a reject CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)",
-        "description": "  <h2>Access Control</h2>  <p>User must belong to an organization with the <b>CNA</b> or <b>Secretariat</b> role</p>  <h2>Expected Behavior</h2>  <p><b>CNA:</b> Creates a reject CVE Record for a record owned by their organization</p>  <p><b>Secretariat:</b> Creates a reject CVE Record for a record owned by any organization</p>",
+        "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)",
+        "description": "  <h2>Access Control</h2>  <p>User must belong to an organization with the <b>CNA</b> or <b>Secretariat</b> role</p>  <h2>Expected Behavior</h2>  <p><b>CNA:</b> Creates a rejected CVE Record for a record owned by their organization</p>  <p><b>Secretariat:</b> Creates a rejected CVE Record for a record owned by any organization</p>",
         "operationId": "cveCnaCreateReject",
         "parameters": [
           {
@@ -1205,8 +1205,8 @@
         "tags": [
           "CVE Record"
         ],
-        "summary": "Updates an existing CVE Record with a reject record for the specified ID (accessible to CNAs and Secretariat)",
-        "description": "  <h2>Access Control</h2>  <p>User must belong to an organization with the <b>CNA</b> or <b>Secretariat</b> role</p>  <h2>Expected Behavior</h2>  <p><b>CNA:</b> Updates a reject CVE Record for a record owned by their organization</p>  <p><b>Secretariat:</b> Updates a reject CVE Record for a record owned by any organization</p>",
+        "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)",
+        "description": "  <h2>Access Control</h2>  <p>User must belong to an organization with the <b>CNA</b> or <b>Secretariat</b> role</p>  <h2>Expected Behavior</h2>  <p><b>CNA:</b> Updates a rejected CVE Record for a record owned by their organization</p>  <p><b>Secretariat:</b> Updates a rejected CVE Record for a record owned by any organization</p>",
         "operationId": "cveCnaUpdateReject",
         "parameters": [
           {

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -15,7 +15,7 @@
         "depcheck": "^0.9.2",
         "eslint": "^8.20.0",
         "eslint-config-standard": "^14.1.1",
-        "eslint-plugin-import": "^2.20.1",
+        "eslint-plugin-import": "^2.26.0",
         "eslint-plugin-mocha": "^8.0.0",
         "eslint-plugin-node": "^11.0.0",
         "eslint-plugin-promise": "^4.2.1",
@@ -41,7 +41,7 @@
         "jsonschema": "^1.4.0",
         "JSONStream": "^1.3.5",
         "kleur": "^4.1.4",
-        "mongoose": "^5.12.3",
+        "mongoose": "^5.13.15",
         "mongoose-aggregate-paginate-v2": "1.0.6",
         "morgan": "^1.9.1",
         "node-dev": "^7.4.3",

diff --git a/src/controller/cve-id.controller/cve-id.controller.js b/src/controller/cve-id.controller/cve-id.controller.js
@@ -173,7 +173,7 @@ async function reserveCveId (req, res, next) {
     const result = await orgRepo.findOneByShortName(shortName)
     if (!result) {
       logger.info({ uuid: req.ctx.uuid, message: shortName + ' organization does not exist.' })
-      return res.status(403).json(error.orgDne(shortName))
+      return res.status(403).json(error.orgDne(shortName, 'short_name', 'query'))
     }
 
     const payload = await getPayload(req, result)
@@ -330,7 +330,7 @@ async function modifyCveId (req, res, next) {
 
       if (!orgUUID) {
         logger.info({ uuid: req.ctx.uuid, message: id + ' could not be reassigned to ' + newOrgShortName + ' in MongoDB because it does not exist.' })
-        return res.status(404).json(error.orgDne(newOrgShortName))
+        return res.status(404).json(error.orgDne(newOrgShortName, 'org', 'query'))
       }
 
       cveId.owning_cna = orgUUID

diff --git a/src/controller/cve-id.controller/error.js b/src/controller/cve-id.controller/error.js
@@ -105,7 +105,7 @@ class CveIdControllerError extends idrErr.IDRError {
   overIdQuota (details) { // cve-id
     const err = {}
     err.error = 'EXCEEDED_ID_QUOTA'
-    err.message = 'The amount requested would exceed the organization\'s ID quota. No more IDs can be reserved until the number of IDs in the Reserved state goes below the ID quota or the ID quota is raised. If you feel you are receiving this message in error, please contact support.'
+    err.message = 'The amount requested would exceed the organization\'s ID quota. No more IDs can be reserved until the number of IDs in the Reserved state goes below the ID quota or the ID quota is raised. If you feel you are receiving this message in error, please contact support here: https://cveform.mitre.org/'
     err.details = details
     return err
   }

diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -306,7 +306,7 @@ async function submitCna (req, res, next) {
 
     // create full cve record here
     const owningCna = await orgRepo.findOneByUUID(cveId.owning_cna)
-    const assignerShortName = owningCna?.short_name
+    const assignerShortName = owningCna.short_name
     const cnaContainer = req.ctx.body.cnaContainer
     const dateUpdated = (new Date()).toISOString()
     const additionalCveMetadataFields = {

diff --git a/src/controller/cve.controller/error.js b/src/controller/cve.controller/error.js
@@ -70,7 +70,7 @@ class CveControllerError extends idrErr.IDRError {
   unableToStoreCveRecord () { // cve
     const err = {}
     err.error = 'UNABLE_TO_STORE_CVE_RECORD'
-    err.message = 'A problem occurred while saving the CVE Record, ensure that x_ values do not start with $'
+    err.message = 'A problem occurred while saving the CVE Record, ensure field names in x_ objects do not start with $'
     return err
   }
 

diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js
@@ -504,13 +504,13 @@ router.post('/cve/:id/reject',
   /*
   #swagger.tags = ['CVE Record']
   #swagger.operationId = 'cveCnaCreateReject'
-  #swagger.summary = "Creates a reject CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)"
+  #swagger.summary = "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)"
   #swagger.description = "
         <h2>Access Control</h2>
         <p>User must belong to an organization with the <b>CNA</b> or <b>Secretariat</b> role</p>
         <h2>Expected Behavior</h2>
-        <p><b>CNA:</b> Creates a reject CVE Record for a record owned by their organization</p>
-        <p><b>Secretariat:</b> Creates a reject CVE Record for a record owned by any organization</p>"
+        <p><b>CNA:</b> Creates a rejected CVE Record for a record owned by their organization</p>
+        <p><b>Secretariat:</b> Creates a rejected CVE Record for a record owned by any organization</p>"
   #swagger.parameters['id'] = { description: 'The CVE ID for the record being rejected' }
   #swagger.parameters['$ref'] = [
     '#/components/parameters/apiEntityHeader',
@@ -589,13 +589,13 @@ router.put('/cve/:id/reject',
   /*
   #swagger.tags = ['CVE Record']
   #swagger.operationId = 'cveCnaUpdateReject'
-  #swagger.summary = "Updates an existing CVE Record with a reject record for the specified ID (accessible to CNAs and Secretariat)"
+  #swagger.summary = "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)"
   #swagger.description = "
         <h2>Access Control</h2>
         <p>User must belong to an organization with the <b>CNA</b> or <b>Secretariat</b> role</p>
         <h2>Expected Behavior</h2>
-        <p><b>CNA:</b> Updates a reject CVE Record for a record owned by their organization</p>
-        <p><b>Secretariat:</b> Updates a reject CVE Record for a record owned by any organization</p>"
+        <p><b>CNA:</b> Updates a rejected CVE Record for a record owned by their organization</p>
+        <p><b>Secretariat:</b> Updates a rejected CVE Record for a record owned by any organization</p>"
   #swagger.parameters['id'] = { description: 'The CVE ID for the record being rejected' }
   #swagger.parameters['$ref'] = [
     '#/components/parameters/apiEntityHeader',

diff --git a/src/controller/org.controller/error.js b/src/controller/org.controller/error.js
@@ -1,10 +1,10 @@
 const idrErr = require('../../utils/error')
 
 class OrgControllerError extends idrErr.IDRError {
-  orgDneParam (shortname) { // org
+  orgDnePathParam (shortname) { // org
     const err = {}
     err.error = 'ORG_DNE_PARAM'
-    err.message = `The '${shortname}' organization designated by the shortname parameter does not exist.`
+    err.message = `The '${shortname}' organization designated by the shortname path parameter does not exist.`
     return err
   }
 
@@ -77,6 +77,13 @@ class OrgControllerError extends idrErr.IDRError {
     err.message = `'${param}' is not a valid parameter.`
     return err
   }
+
+  notAllowedToSelfDemote () {
+    const err = {}
+    err.error = 'NOT_ALLOWED_TO_SELF_DEMOTE'
+    err.message = 'Please have another admin user from your organization change your role.'
+    return err
+  }
 }
 
 module.exports = {