Automatically share demo account for new users with clinic role

tidepool-org · Apr 20, 2017 · df9e061 · df9e061
1 parent 52c4b8a
commit df9e061
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 4 deletions.
diff --git a/config/server.json b/config/server.json
@@ -16,9 +16,10 @@
     "longTermDaysDuration": 30,
     "tokenDurationSecs": 2592000,
     "salt" : "ADihSEI7tOQQP9xfXMO9HfRpXKu1NpIJ",
-    "verificationSecret" : "+skip"
+    "verificationSecret" : "+skip",
+    "clinicDemoUserId": ""
   },
   "oauth2" : {
     "expireDays" : 14
   }
-}
+}
diff --git a/user/api.go b/user/api.go
@@ -43,6 +43,7 @@ type (
 		Secret string `json:"apiSecret"`
 		//allows for the skipping of verification for testing
 		VerificationSecret string `json:"verificationSecret"`
+		ClinicDemoUserID   string `json:"clinicDemoUserId"`
 	}
 	varsHandler func(http.ResponseWriter, *http.Request, map[string]string)
 )
@@ -197,6 +198,15 @@ func (a *Api) CreateUser(res http.ResponseWriter, req *http.Request) {
 		a.sendError(res, http.StatusInternalServerError, STATUS_ERR_CREATING_USR, err)
 
 	} else {
+		if newUserDetails.IsClinic() {
+			if a.ApiConfig.ClinicDemoUserID != "" {
+				if _, err := a.perms.SetPermissions(newUser.Id, a.ApiConfig.ClinicDemoUserID, clients.Permissions{"view": clients.Allowed}); err != nil {
+					a.sendError(res, http.StatusInternalServerError, STATUS_ERR_CREATING_USR, err)
+					return
+				}
+			}
+		}
+
 		tokenData := TokenData{DurationSecs: extractTokenDuration(req), UserId: newUser.Id, IsServer: false}
 		tokenConfig := TokenConfig{DurationSecs: a.ApiConfig.TokenDurationSecs, Secret: a.ApiConfig.Secret}
 		if sessionToken, err := CreateSessionTokenAndSave(&tokenData, tokenConfig, a.Store); err != nil {

diff --git a/user/api_test.go b/user/api_test.go
@@ -40,6 +40,7 @@ var (
 		LongTermKey:        "thelongtermkey",
 		Salt:               "a mineral substance composed primarily of sodium chloride",
 		VerificationSecret: "",
+		ClinicDemoUserID:   "00000000",
 	}
 	/*
 	 * users and tokens
@@ -435,6 +436,17 @@ func Test_CreateUser_Error_ErrorUpsertingUser(t *testing.T) {
 	T_ExpectErrorResponse(t, response, 500, "Error creating the user")
 }
 
+func Test_CreateUser_Error_ErrorSettingPermissions(t *testing.T) {
+	responsableStore.FindUsersResponses = []FindUsersResponse{{[]*User{}, nil}}
+	responsableStore.UpsertUserResponses = []error{nil}
+	responsableGatekeeper.SetPermissionsResponses = []PermissionsResponse{{clients.Permissions{}, errors.New("ERROR")}}
+	defer T_ExpectResponsablesEmpty(t)
+
+	body := "{\"username\": \"[email protected]\", \"emails\": [\"[email protected]\"], \"password\": \"12345678\", \"roles\": [\"clinic\"]}"
+	response := T_PerformRequestBody(t, "POST", "/user", body)
+	T_ExpectErrorResponse(t, response, 500, "Error creating the user")
+}
+
 func Test_CreateUser_Error_ErrorAddingToken(t *testing.T) {
 	responsableStore.FindUsersResponses = []FindUsersResponse{{[]*User{}, nil}}
 	responsableStore.UpsertUserResponses = []error{nil}
@@ -449,14 +461,15 @@ func Test_CreateUser_Error_ErrorAddingToken(t *testing.T) {
 func Test_CreateUser_Success(t *testing.T) {
 	responsableStore.FindUsersResponses = []FindUsersResponse{{[]*User{}, nil}}
 	responsableStore.UpsertUserResponses = []error{nil}
+	responsableGatekeeper.SetPermissionsResponses = []PermissionsResponse{{clients.Permissions{}, nil}}
 	responsableStore.AddTokenResponses = []error{nil}
 	defer T_ExpectResponsablesEmpty(t)
 
-	body := "{\"username\": \"[email protected]\", \"emails\": [\"[email protected]\"], \"password\": \"12345678\"}"
+	body := "{\"username\": \"[email protected]\", \"emails\": [\"[email protected]\"], \"password\": \"12345678\", \"roles\": [\"clinic\"]}"
 	response := T_PerformRequestBody(t, "POST", "/user", body)
 	successResponse := T_ExpectSuccessResponseWithJSONMap(t, response, 201)
 	T_ExpectElementMatch(t, successResponse, "userid", `\A[0-9a-f]{10}\z`, true)
-	T_ExpectEqualsMap(t, successResponse, map[string]interface{}{"emailVerified": false, "emails": []interface{}{"[email protected]"}, "username": "[email protected]"})
+	T_ExpectEqualsMap(t, successResponse, map[string]interface{}{"emailVerified": false, "emails": []interface{}{"[email protected]"}, "username": "[email protected]", "roles": []interface{}{"clinic"}})
 	if response.Header().Get(TP_SESSION_TOKEN) == "" {
 		t.Fatalf("Missing expected %s header", TP_SESSION_TOKEN)
 	}

diff --git a/user/user.go b/user/user.go
@@ -227,6 +227,19 @@ func (details *NewUserDetails) Validate() error {
 	return nil
 }
 
+func (details *NewUserDetails) HasRole(role string) bool {
+	for _, userRole := range details.Roles {
+		if userRole == role {
+			return true
+		}
+	}
+	return false
+}
+
+func (details *NewUserDetails) IsClinic() bool {
+	return details.HasRole("clinic")
+}
+
 func ParseNewUserDetails(reader io.Reader) (*NewUserDetails, error) {
 	details := &NewUserDetails{}
 	if err := details.ExtractFromJSON(reader); err != nil {

diff --git a/user/user_test.go b/user/user_test.go
@@ -414,6 +414,72 @@ func Test_NewUserDetails_Validate_Valid(t *testing.T) {
 	}
 }
 
+func Test_NewUserDetails_HasRole_Multiple(t *testing.T) {
+	username := "[email protected]"
+	password := "12345678"
+	details := &NewUserDetails{Username: &username, Emails: []string{"[email protected]", "[email protected]"}, Password: &password, Roles: []string{"clinic", "other"}}
+	if !details.HasRole("clinic") {
+		t.Fatalf("HasRole returned false when should have returned true")
+	}
+	if details.HasRole("missing") {
+		t.Fatalf("HasRole returned true when should have returned false")
+	}
+}
+
+func Test_NewUserDetails_HasRole_One(t *testing.T) {
+	username := "[email protected]"
+	password := "12345678"
+	details := &NewUserDetails{Username: &username, Emails: []string{"[email protected]", "[email protected]"}, Password: &password, Roles: []string{"clinic"}}
+	if !details.HasRole("clinic") {
+		t.Fatalf("HasRole returned false when should have returned true")
+	}
+	if details.HasRole("missing") {
+		t.Fatalf("HasRole returned true when should have returned false")
+	}
+}
+
+func Test_NewUserDetails_HasRole_Empty(t *testing.T) {
+	username := "[email protected]"
+	password := "12345678"
+	details := &NewUserDetails{Username: &username, Emails: []string{"[email protected]", "[email protected]"}, Password: &password, Roles: []string{}}
+	if details.HasRole("clinic") {
+		t.Fatalf("HasRole returned true when should have returned false")
+	}
+	if details.HasRole("missing") {
+		t.Fatalf("HasRole returned true when should have returned false")
+	}
+}
+
+func Test_NewUserDetails_HasRole_Missing(t *testing.T) {
+	username := "[email protected]"
+	password := "12345678"
+	details := &NewUserDetails{Username: &username, Emails: []string{"[email protected]", "[email protected]"}, Password: &password}
+	if details.HasRole("clinic") {
+		t.Fatalf("HasRole returned true when should have returned false")
+	}
+	if details.HasRole("missing") {
+		t.Fatalf("HasRole returned true when should have returned false")
+	}
+}
+
+func Test_NewUserDetails_IsClinic_Valid(t *testing.T) {
+	username := "[email protected]"
+	password := "12345678"
+	details := &NewUserDetails{Username: &username, Emails: []string{"[email protected]", "[email protected]"}, Password: &password, Roles: []string{"clinic"}}
+	if !details.IsClinic() {
+		t.Fatalf("IsClinic returned false when should have returned true")
+	}
+}
+
+func Test_NewUserDetails_IsClinic_Invalid(t *testing.T) {
+	username := "[email protected]"
+	password := "12345678"
+	details := &NewUserDetails{Username: &username, Emails: []string{"[email protected]", "[email protected]"}, Password: &password}
+	if details.IsClinic() {
+		t.Fatalf("IsClinic returned true when should have returned false")
+	}
+}
+
 func Test_ParseNewUserDetails_InvalidJSON(t *testing.T) {
 	source := ""
 	details, err := ParseNewUserDetails(strings.NewReader(source))