Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release/project day #572

Merged
merged 34 commits into from
Oct 20, 2024
Merged

Release/project day #572

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
61a5ddb
docs: fix grammar in FAQ
S3BzA Oct 2, 2024
5c2319f
feat: Clean up signup page
Vafdaf12 Oct 2, 2024
18f03a9
feat: Polished up the verify page
Vafdaf12 Oct 2, 2024
61abe83
fix: Spacing issues on small screen sizes
Vafdaf12 Oct 2, 2024
6679228
feat: Tweak color of login/signup links
Vafdaf12 Oct 7, 2024
160b168
feat: Make dispute page responsive
Vafdaf12 Oct 7, 2024
886ca99
feat: Snap navbar to bottom on mobile
Vafdaf12 Oct 7, 2024
e54b528
feat: Bring over styling from admin dashboard
Vafdaf12 Oct 15, 2024
7836bfa
fix: Goofy scroll behaviour
Vafdaf12 Oct 15, 2024
4c08381
feat: Add dropdown for actions
Vafdaf12 Oct 15, 2024
e4d777a
feat: Stub time estimate tooltip
Vafdaf12 Oct 15, 2024
4c25c4f
feat: Bring over all the styling from admin
Vafdaf12 Oct 16, 2024
532ce70
fix: Next no build
Vafdaf12 Oct 16, 2024
826d3b3
fix link
ZaguePrime Oct 20, 2024
12c33a7
feat: just one more docker container bro please bro please bro
MichaelHorwitz Oct 20, 2024
cf3e750
added auth to the workflows endpoint
CaelanHill Oct 20, 2024
b2170ae
Merge branch 'fix/yippee' of https://github.com/COS301-SE-2024/Disput…
CaelanHill Oct 20, 2024
fc00482
feat: fixed config of nginx
MichaelHorwitz Oct 20, 2024
779e57d
Merge pull request #569 from COS301-SE-2024/fix/evi-files
MichaelHorwitz Oct 20, 2024
85f57bd
fix: Expert rejection pobrelms
Vafdaf12 Oct 20, 2024
1f0d995
feat: table styling
MichaelHorwitz Oct 20, 2024
5531674
feat: more styling
MichaelHorwitz Oct 20, 2024
87875da
feat: removed mock data
MichaelHorwitz Oct 20, 2024
d62a7e6
feat: final styling
MichaelHorwitz Oct 20, 2024
d4f4aef
feat: padding on splash
MichaelHorwitz Oct 20, 2024
7c66e01
Merge pull request #570 from COS301-SE-2024/feat/archive-styling
MichaelHorwitz Oct 20, 2024
751ccda
fix: Caelan keeps breaking frontend
Vafdaf12 Oct 20, 2024
d2c6f31
added stricter access control
ZaguePrime Oct 20, 2024
937638a
Merge branch 'dev' into fix/yippee
vfeistel Oct 20, 2024
710723c
fix go tests?
ZaguePrime Oct 20, 2024
a2c9595
Merge pull request #571 from COS301-SE-2024/fix/yippee
MichaelHorwitz Oct 20, 2024
4252049
feat: updated tests
MichaelHorwitz Oct 20, 2024
8f6910d
feat: new cypress user
MichaelHorwitz Oct 20, 2024
ba31fbc
fix: broken tests
CaelanHill Oct 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions api/handlers/authentication.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@
}
if !valid {
logger.Error("Invalid pin")
h.DisputeProceedingsLogger.LogDisputeProceedings(models.Users, map[string]interface{}{"user": userVerify, "message": "Invalid pin"})
h.DisputeProceedingsLogger.LogDisputeProceedings(models.Users, map[string]interface{}{"user": jwtUser, "message": "Invalid pin"})

Check warning on line 286 in api/handlers/authentication.go

View check run for this annotation

Codecov / codecov/patch

api/handlers/authentication.go#L286 

Added line #L286 was not covered by tests
c.JSON(http.StatusBadRequest, models.Response{Error: "Invalid pin"})
return
}
Expand Down Expand Up @@ -456,7 +456,7 @@
}

//send an email to the user with a temporary link to reset the password
linkURL := fmt.Sprintf("%s/reset-password/%s", frontendBase, jwt)
linkURL := fmt.Sprintf("%s/reset/%s", frontendBase, jwt)

Check warning on line 459 in api/handlers/authentication.go

View check run for this annotation

Codecov / codecov/patch

api/handlers/authentication.go#L459 

Added line #L459 was not covered by tests
email := models.Email{
From: companyEmail,
To: user.Email,
Expand Down
10 changes: 9 additions & 1 deletion api/handlers/dispute/dispute.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -650,6 +650,14 @@
func (h Dispute) UpdateStatus(c *gin.Context) {
var disputeStatus models.DisputeStatusChange
logger := utilities.NewLogger().LogWithCaller()
claims, err := h.JWT.GetClaims(c)

if err != nil || claims.Role != "admin" {
logger.Error("Unauthorized access attempt")
c.JSON(http.StatusUnauthorized, models.Response{Error: "Unauthorized"})
return
}

Check warning on line 659 in api/handlers/dispute/dispute.go

View check run for this annotation

Codecov / codecov/patch

api/handlers/dispute/dispute.go#L656-L659 

Added lines #L656 - L659 were not covered by tests

if err := c.BindJSON(&disputeStatus); err != nil {
logger.WithError(err).Error("Invalid request body")
c.JSON(http.StatusBadRequest, models.Response{Error: "Invalid request body"})
Expand Down Expand Up @@ -814,7 +822,7 @@

// Get info from token
claims, err := h.JWT.GetClaims(c)
if err != nil {
if err != nil || claims.Role != "admin" {
logger.WithError(err).Error("Unauthorized access attempt", claims, err)
c.JSON(http.StatusUnauthorized, models.Response{Error: "Unauthorized"})
return
Expand Down
16 changes: 11 additions & 5 deletions api/handlers/dispute/dispute_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1161,6 +1161,7 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionsReviewInvalidRequestBody
req.Header.Add("Authorization", "Bearer mock")
req.Header.Add("Content-Type", "application/json")

suite.jwtMock.returnUser.Role = "admin"
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, req)

Expand Down Expand Up @@ -1195,6 +1196,7 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionsReviewErrorReviewingObje
req.Header.Add("Authorization", "Bearer mock")
req.Header.Add("Content-Type", "application/json")

suite.jwtMock.returnUser.Role = "admin"
suite.disputeMock.throwErrors = true

w := httptest.NewRecorder()
Expand All @@ -1214,6 +1216,8 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionsReviewSuccess() {
req.Header.Add("Authorization", "Bearer mock")
req.Header.Add("Content-Type", "application/json")

suite.jwtMock.returnUser.Role = "admin"

w := httptest.NewRecorder()
suite.router.ServeHTTP(w, req)

Expand All @@ -1233,7 +1237,7 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionErrorDuringObjection() {
req.Header.Add("Content-Type", "application/json")

suite.disputeMock.throwErrors = true

suite.jwtMock.returnUser.Role = "admin"
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, req)

Expand Down Expand Up @@ -1291,7 +1295,7 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionSuccess() {
req, _ := http.NewRequest("POST", "/1/objections", bytes.NewBuffer([]byte(reqBody)))
req.Header.Add("Authorization", "Bearer mock")
req.Header.Add("Content-Type", "application/json")

suite.jwtMock.returnUser.Role = "admin"
//inject the mock
suite.disputeMock.throwErrors = false
suite.disputeMock.Get_Experts = []models.AdminDisputeExperts{
Expand Down Expand Up @@ -1328,7 +1332,7 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionUnauthorized() {
func (suite *DisputeErrorTestSuite) TestExpertObjectionInvalidDisputeID() {
req, _ := http.NewRequest("POST", "/invalid/objections", nil)
req.Header.Add("Authorization", "Bearer mock")

suite.jwtMock.returnUser.Role = "admin"
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, req)

Expand All @@ -1343,7 +1347,7 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionInvalidRequestBody() {
req, _ := http.NewRequest("POST", "/1/objections", bytes.NewBuffer([]byte("invalid body")))
req.Header.Add("Authorization", "Bearer mock")
req.Header.Add("Content-Type", "application/json")

suite.jwtMock.returnUser.Role = "admin"
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, req)

Expand All @@ -1358,9 +1362,9 @@ func (suite *DisputeErrorTestSuite) TestExpertObjectionInvalidRequestBody() {
func (suite *DisputeErrorTestSuite) TestUpdateStatusInvalidRequestBody() {
req, _ := http.NewRequest("PUT", "/dispute/status", bytes.NewBuffer([]byte("invalid body")))
req.Header.Add("Content-Type", "application/json")
suite.jwtMock.returnUser.Role = "admin"
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, req)

suite.Equal(http.StatusBadRequest, w.Code)
var result models.Response
suite.NoError(json.Unmarshal(w.Body.Bytes(), &result))
Expand All @@ -1383,6 +1387,7 @@ func (suite *DisputeErrorTestSuite) TestUpdateStatusUnauthorized() {
func (suite *DisputeErrorTestSuite) TestUpdateStatusInternalError() {
suite.jwtMock.throwErrors = false
suite.disputeMock.throwErrors = true
suite.jwtMock.returnUser.Role = "admin"
req, _ := http.NewRequest("PUT", "/1/status", bytes.NewBuffer([]byte(`{"status": "Resolved"}`)))
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer mock")
Expand All @@ -1398,6 +1403,7 @@ func (suite *DisputeErrorTestSuite) TestUpdateStatusInternalError() {
func (suite *DisputeErrorTestSuite) TestUpdateStatusSuccess() {
suite.jwtMock.throwErrors = false
suite.disputeMock.throwErrors = false
suite.jwtMock.returnUser.Role = "admin"
req, _ := http.NewRequest("PUT", "/1/status", bytes.NewBuffer([]byte(`{"status": "Resolved"}`)))
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer mock")
Expand Down
25 changes: 24 additions & 1 deletion api/handlers/workflow/workflow.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,10 @@
logger := utilities.NewLogger().LogWithCaller()
var workflow models.CreateWorkflow

if (!w.IsAuthorized(c, "admin", logger)) {
return
}

Check warning on line 143 in api/handlers/workflow/workflow.go

View check run for this annotation

Codecov / codecov/patch

api/handlers/workflow/workflow.go#L141-L143 

Added lines #L141 - L143 were not covered by tests

// Bind incoming JSON to the struct
err := c.BindJSON(&workflow)
if err != nil {
Expand Down Expand Up @@ -253,6 +257,11 @@

func (w Workflow) UpdateWorkflow(c *gin.Context) {
logger := utilities.NewLogger().LogWithCaller()

if (!w.IsAuthorized(c, "admin", logger)) {
return
}

Check warning on line 263 in api/handlers/workflow/workflow.go

View check run for this annotation

Codecov / codecov/patch

api/handlers/workflow/workflow.go#L260-L263 

Added lines #L260 - L263 were not covered by tests

id := c.Param("id")
idInt, err := strconv.Atoi(id)
if err != nil {
Expand Down Expand Up @@ -353,6 +362,12 @@

func (w Workflow) DeleteWorkflow(c *gin.Context) {
logger := utilities.NewLogger().LogWithCaller()

if (!w.IsAuthorized(c, "admin", logger)) {
return
}

Check warning on line 368 in api/handlers/workflow/workflow.go

View check run for this annotation

Codecov / codecov/patch

api/handlers/workflow/workflow.go#L365-L368 

Added lines #L365 - L368 were not covered by tests


id := c.Param("id")
idInt, err := strconv.Atoi(id)
if err != nil {
Expand Down Expand Up @@ -602,6 +617,14 @@
c.JSON(http.StatusOK, models.Response{Data: response})
}


func (h Workflow) IsAuthorized(c *gin.Context, role string, logger *utilities.Logger) bool {
claims, err := h.Jwt.GetClaims(c)
if err != nil || claims.Role != role {
logger.WithError(err).Error("Unauthorized")
c.JSON(401, models.Response{Error: "Unauthorized"})
return false
}
return true

Check warning on line 627 in api/handlers/workflow/workflow.go

View check run for this annotation

Codecov / codecov/patch

api/handlers/workflow/workflow.go#L620-L627 

Added lines #L620 - L627 were not covered by tests
}


Loading
Loading