Merge branch 'develop' into feature/export-import

Author: Maksym Mykhailenko

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:8.2.1
+FROM node:12.16.1
 LABEL version="1.2"
 LABEL description="Projects microservice"
 RUN sed -i '/jessie-updates/d' /etc/apt/sources.list

src/routes/projectMemberInvites/delete.js

@@ -16,7 +16,7 @@ module.exports = [
   (req, res, next) => {
     const projectId = _.parseInt(req.params.projectId);
     const inviteId = _.parseInt(req.params.inviteId);
-    const email = req.authUser.email;
+    const currentUserEmail = req.authUser.email ? req.authUser.email.toLowerCase() : req.authUser.email;
     const currentUserId = req.authUser.userId;
 
     // get invite by id and project id
@@ -25,13 +25,13 @@ module.exports = [
         // if invite doesn't exist, return 404
         if (!invite) {
           const err = new Error(`invite not found for project id ${projectId}, inviteId ${inviteId},` +
-            ` email ${email} and userId ${currentUserId}`,
+            ` email ${currentUserEmail} and userId ${currentUserId}`,
           );
           err.status = 404;
           return next(err);
         }
         // check this invitation is for logged-in user or not
-        const ownInvite = (!!invite && (invite.userId === currentUserId || invite.email === email));
+        const ownInvite = (!!invite && (invite.userId === currentUserId || invite.email === currentUserEmail));
 
         // check permission
         req.log.debug('Checking user permission for deleting invite');

src/routes/projectMemberInvites/get.spec.js

@@ -227,7 +227,8 @@ describe('GET Project Member Invite', () => {
             should.exist(resJson);
             should.exist(resJson.projectId);
             resJson.id.should.be.eql(3);
-            resJson.email.should.be.eql('t***t@t***r.com'); // masked
+            // not masked, because user who is invited by email is the user who is calling this endpoint
+            resJson.email.should.be.eql('test@topcoder.com');
             resJson.status.should.be.eql(INVITE_STATUS.PENDING);
             done();
           }

src/routes/projectMemberInvites/list.js

@@ -27,7 +27,7 @@ module.exports = [
   (req, res, next) => {
     const projectId = _.parseInt(req.params.projectId);
     const currentUserId = req.authUser.userId;
-    const email = req.authUser.email;
+    const currentUserEmail = req.authUser.email ? req.authUser.email.toLowerCase() : req.authUser.email;
     const fields = req.query.fields ? req.query.fields.split(',') : null;
 
     const esSearchParam = {
@@ -64,7 +64,7 @@ module.exports = [
       esSearchParam.query.nested.query.filtered.filter.bool.must.push({
         bool: {
           should: [
-            { term: { 'invites.email': email } },
+            { term: { 'invites.email': currentUserEmail } },
             { term: { 'invites.userId': currentUserId } },
           ],
           minimum_number_should_match: 1,
@@ -90,7 +90,7 @@ module.exports = [
           }
           // get invitation only for user
           return models.ProjectMemberInvite.getPendingOrRequestedProjectInvitesForUser(
-            projectId, email, currentUserId);
+            projectId, currentUserEmail, currentUserId);
         }
         req.log.debug('project member found in ES');
         return data[0].inner_hits.invites.hits.hits.map(hit => hit._source); // eslint-disable-line no-underscore-dangle

src/routes/projectMemberInvites/list.spec.js

@@ -252,7 +252,8 @@ describe('GET Project Member Invites', () => {
             resJson.length.should.be.eql(1);
             // check invitations
             _.filter(resJson, inv => inv.id === 3).length.should.be.eql(1);
-            resJson[0].email.should.be.eql('t***t@t***r.com'); // masked
+            // not masked, because user who is invited by email is the user who is calling this endpoint
+            resJson[0].email.should.be.eql('test@topcoder.com');
             done();
           }
         });

src/routes/projectMemberInvites/update.js

@@ -36,7 +36,7 @@ module.exports = [
     }
     const projectId = _.parseInt(req.params.projectId);
     const inviteId = _.parseInt(req.params.inviteId);
-    const email = req.authUser.email;
+    const currentUserEmail = req.authUser.email ? req.authUser.email.toLowerCase() : req.authUser.email;
     const currentUserId = req.authUser.userId;
 
     // get invite by id and project id
@@ -45,13 +45,13 @@ module.exports = [
         // if invite doesn't exist, return 404
         if (!invite) {
           const err = new Error(`invite not found for project id ${projectId}, inviteId ${inviteId},` +
-            ` email ${email} and userId ${currentUserId}`,
+            ` email ${currentUserEmail} and userId ${currentUserId}`,
           );
           err.status = 404;
           return next(err);
         }
         // check this invitation is for logged-in user or not
-        const ownInvite = (!!invite && (invite.userId === currentUserId || invite.email === email));
+        const ownInvite = (!!invite && (invite.userId === currentUserId || invite.email === currentUserEmail));
 
         // check permission
         req.log.debug('Checking user permission for updating invite');
@@ -103,7 +103,7 @@ module.exports = [
                   req.context.currentProjectMembers = members;
                   let userId = updatedInvite.userId;
                   // if the requesting user is updating his/her own invite
-                  if (!userId && email === updatedInvite.email) {
+                  if (!userId && currentUserEmail === updatedInvite.email) {
                     userId = currentUserId;
                   }
                   // if we are not able to identify the user yet, it must be something wrong and we should not create

src/util.js

@@ -654,6 +654,7 @@ _.assignIn(util, {
 
     const isAdmin = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
     const currentUserId = req.authUser.userId;
+    const currentUserEmail = req.authUser.email;
 
     // admins can get data as it is
     if (isAdmin) {
@@ -670,7 +671,13 @@ _.assignIn(util, {
         const canSeeEmail = (
           isAdmin || // admin
           invite.createdBy === currentUserId || // user who created invite
-          invite.userId === currentUserId // user who is invited
+          (invite.userId !== null && invite.userId === currentUserId) || // user who is invited by `handle`
+          ( // user who is invited by `email` (invite doesn't have `userId`)
+            invite.userId === null &&
+            invite.email &&
+            currentUserEmail &&
+            invite.email.toLowerCase() === currentUserEmail.toLowerCase()
+          )
         );
         // mask email if user cannot see it
         _.assign(invite, {