From 6f454f4eb4fbcc1a68d96f21651fb9dcd79ea23a Mon Sep 17 00:00:00 2001 From: giurigaud Date: Thu, 25 Jul 2024 11:27:28 -0300 Subject: [PATCH 1/6] fix: addUser to not accept invalid cost center --- CHANGELOG.md | 20 +++++++++++++++++ node/clients/Organizations.ts | 7 +++--- node/package.json | 4 ++-- node/resolvers/Mutations/Users.ts | 8 +++++++ node/resolvers/Routes/utils/index.ts | 1 + node/typings/custom.d.ts | 33 ++++++++++++++++++++++++++++ node/yarn.lock | 10 ++++----- 7 files changed, 73 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bcc1c9c..18e5388 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,65 +7,84 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +### Fixed + +- addUser function to not accept invalid cost center + ## [1.43.1] - 2024-07-24 ### Changed + - Changed the token validation directive of some operations + ## [1.43.0] - 2024-07-23 ### Added + - Add admin validation directive ## [1.42.0] - 2024-07-17 ### Fixed + - Get tokens from headers when necessary ## [1.41.1] - 2024-07-15 ### Added + - Add validation metrics for admin and api tokens ## [1.41.0] - 2024-07-01 ### Added + - Add token validation directive ## [1.40.7] - 2024-06-11 ### Fixed + - Provide correct tokens to clients ## [1.40.6] - 2024-05-28 ### Changed + - Check user is part of buyer org instead of "active" on checkUserAccess directive ## [1.40.5] - 2024-05-22 + ### Changed + - Improved metrics and logging for checkUserAccess and checkAdminAccess directives ## [1.40.4] - 2024-04-29 ### Added + - Add token validation logs ### Removed + - Reverted changes from versions 1.40.3, 1.40.2 and 1.40.1 ## [1.40.3] - 2024-04-24 ### Fixed + - Provide correct auth tokens to clients ## [1.40.2] - 2024-04-19 ### Fixed + - Fix auth issue by adding additional admin token check to checkUserAccess and checkAdminAccess ## [1.40.1] - 2024-04-18 ### Fixed + - Fix auth issue by adding role check to checkUserAccess directive ## [1.40.0] - 2024-03-20 @@ -89,6 +108,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [1.39.2] - 2024-02-26 ### Changed + - Add intro description about Session Watcher ## [1.39.1] - 2024-02-09 diff --git a/node/clients/Organizations.ts b/node/clients/Organizations.ts index bd1d427..3dc105a 100644 --- a/node/clients/Organizations.ts +++ b/node/clients/Organizations.ts @@ -1,8 +1,9 @@ -import type { InstanceOptions, IOContext } from '@vtex/api' +import type { GraphQLResponse, InstanceOptions, IOContext } from '@vtex/api' import { AppGraphQLClient } from '@vtex/api' import { QUERIES } from '../resolvers/Routes/utils' import { getTokenToHeader } from './index' +import type { GetCostCenterType } from '../typings/custom' const getPersistedQuery = () => { return { @@ -36,14 +37,14 @@ export class OrganizationsGraphQLClient extends AppGraphQLClient { }) } - public getCostCenterById = async (costId: string): Promise => { + public getCostCenterById = async (costId: string) => { return this.query({ extensions: getPersistedQuery(), query: QUERIES.getCostCenterById, variables: { id: costId, }, - }) + }) as Promise> } public getMarketingTags = async (costId: string): Promise => { diff --git a/node/package.json b/node/package.json index 22e4c36..3f0faeb 100644 --- a/node/package.json +++ b/node/package.json @@ -2,7 +2,7 @@ "name": "vtex.checkout-ui-custom", "version": "1.43.1", "dependencies": { - "@vtex/api": "6.46.1", + "@vtex/api": "6.47.0", "atob": "^2.1.2", "co-body": "^6.0.0", "cookie": "^0.3.1", @@ -21,7 +21,7 @@ "@types/jsonwebtoken": "^8.5.0", "@types/node": "^12.0.0", "@types/ramda": "types/npm-ramda#dist", - "@vtex/api": "6.46.1", + "@vtex/api": "6.47.0", "@vtex/prettier-config": "^0.3.1", "tslint": "^5.12.0", "tslint-config-prettier": "^1.18.0", diff --git a/node/resolvers/Mutations/Users.ts b/node/resolvers/Mutations/Users.ts index 32074f4..2e5cd20 100644 --- a/node/resolvers/Mutations/Users.ts +++ b/node/resolvers/Mutations/Users.ts @@ -180,6 +180,14 @@ export const addUser = async (_: any, params: any, ctx: Context) => { } = ctx try { + const costCenter = await ctx.clients.organizations.getCostCenterById( + params.costId + ) + + if (!costCenter?.data?.getCostCenterById.name) { + throw new Error(`Invalid cost center`) + } + const cId = await addUserToMasterdata({ masterdata, params }) const organizations = await getOrganizationsByEmail( diff --git a/node/resolvers/Routes/utils/index.ts b/node/resolvers/Routes/utils/index.ts index 65c4a7b..1836521 100644 --- a/node/resolvers/Routes/utils/index.ts +++ b/node/resolvers/Routes/utils/index.ts @@ -22,6 +22,7 @@ export const QUERIES = { id name } + name addresses { addressId addressType diff --git a/node/typings/custom.d.ts b/node/typings/custom.d.ts index 66032a1..ce578b5 100644 --- a/node/typings/custom.d.ts +++ b/node/typings/custom.d.ts @@ -191,3 +191,36 @@ export interface DeliveryId { courierName: string | null quantity: number | null } + +export interface GetCostCenterType { + getCostCenterById: { + name: string | null + paymentTerms: { + id: string | null + name: string | null + } | null + addresses: { + addressId: string | null + addressType: string | null + addressQuery: string | null + postalCode: string | null + country: string | null + receiverName: string | null + city: string | null + state: string | null + street: string | null + number: string | null + complement: string | null + neighborhood: string | null + geoCoordinates: string | null + reference: string | null + } + phoneNumber: string | null + businessDocument: string | null + stateRegistration: string | null + sellers: { + id: string | null + name: string | null + } + } +} diff --git a/node/yarn.lock b/node/yarn.lock index 3a098b1..1a57dcf 100644 --- a/node/yarn.lock +++ b/node/yarn.lock @@ -190,10 +190,10 @@ "@types/mime" "^1" "@types/node" "*" -"@vtex/api@6.46.1": - version "6.46.1" - resolved "https://registry.yarnpkg.com/@vtex/api/-/api-6.46.1.tgz#55a8755ae48f5400e7f1ed1921cd547950bb7a2a" - integrity sha512-geoxVvyWoQpOQ70Zmx3M8SBkRoGOS/bp9Gy26M+iCue63jofVSwmFz1zf66EaHA1PKOJNRgQPFwY+oeDE1U2lQ== +"@vtex/api@6.47.0": + version "6.47.0" + resolved "https://registry.yarnpkg.com/@vtex/api/-/api-6.47.0.tgz#6910455d593d8bb76f1f4f2b7660023853fda35e" + integrity sha512-t9gt7Q89EMbSj3rLhho+49Fv+/lQgiy8EPVRgtmmXFp1J4v8hIAZF7GPjCPie111KVs4eG0gfZFpmhA5dafKNA== dependencies: "@types/koa" "^2.11.0" "@types/koa-compose" "^3.2.3" @@ -1428,7 +1428,7 @@ sprintf-js@~1.0.2: resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw= -stats-lite@vtex/node-stats-lite#dist: +"stats-lite@github:vtex/node-stats-lite#dist": version "2.2.0" resolved "https://codeload.github.com/vtex/node-stats-lite/tar.gz/1b0d39cc41ef7aaecfd541191f877887a2044797" dependencies: From 804699866853bcbda3777210af4263c0fca29772 Mon Sep 17 00:00:00 2001 From: giurigaud Date: Thu, 8 Aug 2024 11:15:23 -0300 Subject: [PATCH 2/6] feat: add type --- node/typings/custom.d.ts | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/node/typings/custom.d.ts b/node/typings/custom.d.ts index ce578b5..8205411 100644 --- a/node/typings/custom.d.ts +++ b/node/typings/custom.d.ts @@ -199,22 +199,7 @@ export interface GetCostCenterType { id: string | null name: string | null } | null - addresses: { - addressId: string | null - addressType: string | null - addressQuery: string | null - postalCode: string | null - country: string | null - receiverName: string | null - city: string | null - state: string | null - street: string | null - number: string | null - complement: string | null - neighborhood: string | null - geoCoordinates: string | null - reference: string | null - } + address: Address phoneNumber: string | null businessDocument: string | null stateRegistration: string | null From abb1e8ec2a754f09cf26ba38e1d17c4ea028df81 Mon Sep 17 00:00:00 2001 From: giurigaud Date: Tue, 20 Aug 2024 11:28:38 -0300 Subject: [PATCH 3/6] feat: add other validation --- node/resolvers/Mutations/Users.ts | 5 ++++- node/resolvers/Routes/utils/index.ts | 1 + node/typings/custom.d.ts | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/node/resolvers/Mutations/Users.ts b/node/resolvers/Mutations/Users.ts index 2e5cd20..0c836f6 100644 --- a/node/resolvers/Mutations/Users.ts +++ b/node/resolvers/Mutations/Users.ts @@ -184,7 +184,10 @@ export const addUser = async (_: any, params: any, ctx: Context) => { params.costId ) - if (!costCenter?.data?.getCostCenterById.name) { + if ( + !costCenter?.data?.getCostCenterById.name || + params.orgId !== costCenter.data.getCostCenterById.organization + ) { throw new Error(`Invalid cost center`) } diff --git a/node/resolvers/Routes/utils/index.ts b/node/resolvers/Routes/utils/index.ts index 124dc09..6530db0 100644 --- a/node/resolvers/Routes/utils/index.ts +++ b/node/resolvers/Routes/utils/index.ts @@ -23,6 +23,7 @@ export const QUERIES = { name } name + organization addresses { addressId addressType diff --git a/node/typings/custom.d.ts b/node/typings/custom.d.ts index 8205411..5c1a123 100644 --- a/node/typings/custom.d.ts +++ b/node/typings/custom.d.ts @@ -195,6 +195,7 @@ export interface DeliveryId { export interface GetCostCenterType { getCostCenterById: { name: string | null + organization: string | null paymentTerms: { id: string | null name: string | null From 8c0c2654ef1f2ba5f8b6670f60a4d27fdead781c Mon Sep 17 00:00:00 2001 From: giurigaud Date: Wed, 21 Aug 2024 11:23:43 -0300 Subject: [PATCH 4/6] feat: add validation --- node/resolvers/Mutations/Users.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/node/resolvers/Mutations/Users.ts b/node/resolvers/Mutations/Users.ts index 0c836f6..9cd9279 100644 --- a/node/resolvers/Mutations/Users.ts +++ b/node/resolvers/Mutations/Users.ts @@ -185,8 +185,8 @@ export const addUser = async (_: any, params: any, ctx: Context) => { ) if ( - !costCenter?.data?.getCostCenterById.name || - params.orgId !== costCenter.data.getCostCenterById.organization + !costCenter?.data?.getCostCenterById?.name || + params.orgId !== costCenter.data?.getCostCenterById?.organization ) { throw new Error(`Invalid cost center`) } From 9173bc58e05071045b394629a50b3a9b0202d784 Mon Sep 17 00:00:00 2001 From: Enzo Mercanti <131273915+enzomerca@users.noreply.github.com> Date: Wed, 21 Aug 2024 11:29:23 -0300 Subject: [PATCH 5/6] add: comment --- node/resolvers/Mutations/Users.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/node/resolvers/Mutations/Users.ts b/node/resolvers/Mutations/Users.ts index 9cd9279..891764b 100644 --- a/node/resolvers/Mutations/Users.ts +++ b/node/resolvers/Mutations/Users.ts @@ -184,6 +184,9 @@ export const addUser = async (_: any, params: any, ctx: Context) => { params.costId ) + // before adding an user to a cost center we check if the cost + // center exists and if it has a valid name, otherwise both + // login and UI might break. if ( !costCenter?.data?.getCostCenterById?.name || params.orgId !== costCenter.data?.getCostCenterById?.organization From 20dedf91d4d5024f528cdab3095ceedc7a7030fd Mon Sep 17 00:00:00 2001 From: giurigaud Date: Wed, 21 Aug 2024 11:35:08 -0300 Subject: [PATCH 6/6] fix: add interrogation --- node/resolvers/Mutations/Users.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node/resolvers/Mutations/Users.ts b/node/resolvers/Mutations/Users.ts index 891764b..3115834 100644 --- a/node/resolvers/Mutations/Users.ts +++ b/node/resolvers/Mutations/Users.ts @@ -189,7 +189,7 @@ export const addUser = async (_: any, params: any, ctx: Context) => { // login and UI might break. if ( !costCenter?.data?.getCostCenterById?.name || - params.orgId !== costCenter.data?.getCostCenterById?.organization + params.orgId !== costCenter?.data?.getCostCenterById?.organization ) { throw new Error(`Invalid cost center`) }