Initial organizations functionality: Creating orgs and inviting users

LOVEBBC · Apr 24, 2018 · 4093bf9 · 4093bf9
1 parent a4d2aad
commit 4093bf9
Show file tree

Hide file tree

Showing 14 changed files with 440 additions and 170 deletions.
diff --git a/migrations/2018-02-17-205753_create_collections_and_orgs/up.sql b/migrations/2018-02-17-205753_create_collections_and_orgs/up.sql
@@ -18,12 +18,14 @@ CREATE TABLE users_collections (
 );
 
 CREATE TABLE users_organizations (
-  user_uuid TEXT    NOT NULL REFERENCES users (uuid),
-  org_uuid  TEXT    NOT NULL REFERENCES organizations (uuid),
+  uuid       TEXT    NOT NULL PRIMARY KEY,
+  user_uuid  TEXT    NOT NULL REFERENCES users (uuid),
+  org_uuid   TEXT    NOT NULL REFERENCES organizations (uuid),
 
-  key       TEXT    NOT NULL,
-  status    INTEGER NOT NULL,
-  type      INTEGER NOT NULL,
+  access_all BOOLEAN NOT NULL,
+  key        TEXT    NOT NULL,
+  status     INTEGER NOT NULL,
+  type       INTEGER NOT NULL,
 
-  PRIMARY KEY (user_uuid, org_uuid)
+  UNIQUE (user_uuid, org_uuid)
 );
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
@@ -60,8 +60,18 @@ fn register(data: Json<RegisterData>, conn: DbConn) -> EmptyResult {
 }
 
 #[get("/accounts/profile")]
-fn profile(headers: Headers) -> JsonResult {
-    Ok(Json(headers.user.to_json()))
+fn profile(headers: Headers, conn: DbConn) -> JsonResult {
+    Ok(Json(headers.user.to_json(&conn)))
+}
+
+#[get("/users/<uuid>/public-key")]
+fn get_public_keys(uuid: String, headers: Headers, conn: DbConn) -> JsonResult {
+    let user = match User::find_by_uuid(&uuid, &conn) {
+        Some(user) => user,
+        None => err!("User doesn't exist")
+    };
+
+    Ok(Json(json!(user.public_key)))
 }
 
 #[post("/accounts/keys", data = "<data>")]
@@ -75,7 +85,7 @@ fn post_keys(data: Json<KeysData>, headers: Headers, conn: DbConn) -> JsonResult
 
     user.save(&conn);
 
-    Ok(Json(user.to_json()))
+    Ok(Json(user.to_json(&conn)))
 }
 
 #[derive(Deserialize)]

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -23,7 +23,7 @@ use CONFIG;
 
 #[get("/sync")]
 fn sync(headers: Headers, conn: DbConn) -> JsonResult {
-    let user_json = headers.user.to_json();
+    let user_json = headers.user.to_json(&conn);
 
     let folders = Folder::find_by_user(&headers.user.uuid, &conn);
     let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect();
@@ -112,7 +112,7 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonR
     Ok(Json(cipher.to_json(&headers.host, &conn)))
 }
 
-fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, conn: &DbConn) -> EmptyResult {  
+fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, conn: &DbConn) -> EmptyResult {
     if let Some(ref folder_id) = data.folderId {
         match Folder::find_by_uuid(folder_id, conn) {
             Some(folder) => {
@@ -188,15 +188,13 @@ fn copy_values(from: &Value, to: &mut Value) {
         for (key, val) in map {
             copy_values(val, &mut to[util::upcase_first(key)]);
         }
-
     } else if let Some(array) = from.as_array() {
         // Initialize array with null values
         *to = json!(vec![Value::Null; array.len()]);
 
         for (index, val) in array.iter().enumerate() {
             copy_values(val, &mut to[index]);
         }
-
     } else {
         *to = from.clone();
     }
@@ -375,7 +373,7 @@ fn delete_cipher_selected(data: Json<Value>, headers: Headers, conn: DbConn) ->
 
     let uuids = match data.get("ids") {
         Some(ids) => match ids.as_array() {
-            Some(ids) => ids.iter().filter_map(|uuid| {uuid.as_str()}),
+            Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }),
             None => err!("Posted ids field is not an array")
         },
         None => err!("Request missing ids field")
@@ -405,16 +403,16 @@ fn move_cipher_selected(data: Json<Value>, headers: Headers, conn: DbConn) -> Em
                         }
                         None => err!("Folder doesn't exist")
                     }
-                },
+                }
                 None => err!("Folder id provided in wrong format")
             }
-        },
+        }
         None => None
     };
 
     let uuids = match data.get("ids") {
         Some(ids) => match ids.as_array() {
-            Some(ids) => ids.iter().filter_map(|uuid| {uuid.as_str()}),
+            Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }),
             None => err!("Posted ids field is not an array")
         },
         None => err!("Request missing ids field")

diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
@@ -14,6 +14,7 @@ pub fn routes() -> Vec<Route> {
     routes![
         register,
         profile,
+        get_public_keys,
         post_keys,
         post_password,
         post_sstamp,
@@ -53,7 +54,15 @@ pub fn routes() -> Vec<Route> {
         activate_authenticator,
         disable_authenticator,
 
+        create_organization,
         get_user_collections,
+        get_org_collections,
+        get_org_details,
+        get_org_users,
+        get_collection_users,
+        send_invite,
+        confirm_invite,
+        delete_user,
 
         clear_device_token,
         put_device_token,

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -8,22 +8,34 @@ use db::models::*;
 use api::{JsonResult, EmptyResult};
 use auth::Headers;
 
+
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct OrgData {
+    billingEmail: String,
+    collectionName: String,
+    key: String,
+    name: String,
+    planType: String,
+}
+
 #[post("/organizations", data = "<data>")]
-fn create_organization(headers: Headers, data: Json<Value>, conn: DbConn) -> JsonResult {
-    /*
-    Data is a JSON Object with the following entries
-        billingEmail	<email>
-        collectionName	<encrypted_collection_name>
-        key	            <key>
-        name	        <unencrypted_name>
-        planType	    free
-    */
+fn create_organization(headers: Headers, data: Json<OrgData>, conn: DbConn) -> JsonResult {
+    let data: OrgData = data.into_inner();
 
-    // We need to add the following key to the users jwt claims
-    // orgowner: "<org-id>"
+    let mut org = Organization::new(data.name, data.billingEmail);
+    let mut user_org = UserOrganization::new(
+        headers.user.uuid, org.uuid.clone());
 
-    // This function returns organization.to_json();
-    err!("Not implemented")
+    user_org.key = data.key;
+    user_org.access_all = true;
+    user_org.type_ = UserOrgType::Owner as i32;
+    user_org.status = UserOrgStatus::Confirmed as i32;
+
+    org.save(&conn);
+    user_org.save(&conn);
+
+    Ok(Json(org.to_json()))
 }
 
 
@@ -50,6 +62,35 @@ fn get_org_collections(org_id: String, headers: Headers, conn: DbConn) -> JsonRe
     })))
 }
 
+#[derive(FromForm)]
+#[allow(non_snake_case)]
+struct OrgIdData {
+    organizationId: String
+}
+
+#[get("/ciphers/organization-details?<data>")]
+fn get_org_details(data: OrgIdData, headers: Headers, conn: DbConn) -> JsonResult {
+
+    // Get list of ciphers in org?
+
+    Ok(Json(json!({
+        "Data": [],
+        "Object": "list"
+    })))
+}
+
+#[get("/organizations/<org_id>/users")]
+fn get_org_users(org_id: String, headers: Headers, conn: DbConn) -> JsonResult {
+    // TODO Check if user in org
+
+    let users = UserOrganization::find_by_org(&org_id, &conn);
+    let users_json: Vec<Value> = users.iter().map(|c| c.to_json_details(&conn)).collect();
+
+    Ok(Json(json!({
+        "Data": users_json,
+        "Object": "list"
+    })))
+}
 
 #[get("/organizations/<org_id>/collections/<coll_id>/users")]
 fn get_collection_users(org_id: String, coll_id: String, headers: Headers, conn: DbConn) -> JsonResult {
@@ -78,10 +119,94 @@ fn get_collection_users(org_id: String, coll_id: String, headers: Headers, conn:
     })))
 }
 
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct InviteCollectionData {
+    id: String,
+    readOnly: bool,
+}
+
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct InviteData {
+    emails: Vec<String>,
+    #[serde(rename = "type")]
+    type_: String,
+    collections: Vec<InviteCollectionData>,
+    accessAll: bool,
+
+}
+
+#[post("/organizations/<org_id>/users/invite", data = "<data>")]
+fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: DbConn) -> EmptyResult {
+    let data: InviteData = data.into_inner();
+
+    // TODO Check that user is in org and admin or more
+
+    for user_opt in data.emails.iter().map(|email| User::find_by_mail(email, &conn)) {
+        match user_opt {
+            None => err!("User email does not exist"),
+            Some(user) => {
+                // TODO Check that user is not already in org
+
+                let mut user_org = UserOrganization::new(
+                    user.uuid, org_id.clone());
+
+                if data.accessAll {
+                    user_org.access_all = data.accessAll;
+                } else {
+                    err!("Select collections unimplemented")
+                    // TODO create Users_collections
+                }
+
+                user_org.type_ = match data.type_.as_ref() {
+                    "Owner" => UserOrgType::Owner,
+                    "Admin" => UserOrgType::Admin,
+                    "User" => UserOrgType::User,
+                    _ => err!("Invalid type")
+                } as i32;
+
+                user_org.save(&conn);
+            }
+        }
+    }
+
+    Ok(())
+}
+
+#[post("/organizations/<org_id>/users/<user_id>/confirm", data = "<data>")]
+fn confirm_invite(org_id: String, user_id: String, data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
+    // TODO Check that user is in org and admin or more
+
+    let mut user_org = match UserOrganization::find_by_user_and_org(
+        &user_id, &org_id, &conn) {
+        Some(user_org) => user_org,
+        None => err!("Can't find user")
+    };
+
+    if user_org.status != UserOrgStatus::Accepted as i32 {
+        err!("User in invalid state")
+    }
+
+    user_org.status = UserOrgStatus::Confirmed as i32;
+    user_org.key = match data["key"].as_str() {
+        Some(key) => key.to_string(),
+        None => err!("Invalid key provided")
+    };
+
+    user_org.save(&conn);
+
+    Ok(())
+}
+
+#[post("/organizations/<org_id>/users/<user_id>/delete")]
+fn delete_user(org_id: String, user_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
+    // TODO Check that user is in org and admin or more
+    // TODO To delete a user you need either:
+    //      - To be yourself
+    //      - To be of a superior type (ex. Owner can delete Admin and User, Admin can delete User)
 
-//********************************************************************************************
-/*
-    We need to modify 'GET /api/profile' to return the users organizations, instead of []
+    // Delete users_organizations and users_collections from this org
 
-    The elements from that array come from organization.to_json_profile()
-*/
+    unimplemented!();
+}
diff --git a/src/api/identity.rs b/src/api/identity.rs
@@ -19,7 +19,6 @@ pub fn routes() -> Vec<Route> {
 #[post("/connect/token", data = "<connect_data>")]
 fn login(connect_data: Form<ConnectData>, device_type: DeviceType, conn: DbConn) -> JsonResult {
     let data = connect_data.get();
-    println!("{:#?}", data);
 
     let mut device = match data.grant_type {
         GrantType::RefreshToken => {
@@ -98,7 +97,9 @@ fn login(connect_data: Form<ConnectData>, device_type: DeviceType, conn: DbConn)
     };
 
     let user = User::find_by_uuid(&device.user_uuid, &conn).unwrap();
-    let (access_token, expires_in) = device.refresh_tokens(&user);
+    let orgs = UserOrganization::find_by_user(&user.uuid, &conn);
+
+    let (access_token, expires_in) = device.refresh_tokens(&user, orgs);
     device.save(&conn);
 
     Ok(Json(json!({

diff --git a/src/auth.rs b/src/auth.rs
@@ -72,6 +72,10 @@ pub struct JWTClaims {
     pub email: String,
     pub email_verified: bool,
 
+    pub orgowner: Vec<String>,
+    pub orgadmin: Vec<String>,
+    pub orguser: Vec<String>,
+
     // user security_stamp
     pub sstamp: String,
     // device uuid

diff --git a/src/db/models/org/collection.rs → src/db/models/collection.rs b/src/db/models/org/collection.rs → src/db/models/collection.rs
@@ -1,4 +1,3 @@
-use chrono::{NaiveDateTime, Utc};
 use serde_json::Value as JsonValue;
 
 use uuid::Uuid;
@@ -18,8 +17,6 @@ pub struct Collection {
 /// Local methods
 impl Collection {
     pub fn new(org_uuid: String, name: String) -> Self {
-        let now = Utc::now().naive_utc();
-
         Self {
             uuid: Uuid::new_v4().to_string(),
 
@@ -46,8 +43,6 @@ use db::schema::collections;
 /// Database methods
 impl Collection {
     pub fn save(&mut self, conn: &DbConn) -> bool {
-        self.updated_at = Utc::now().naive_utc();
-
         match diesel::replace_into(collections::table)
             .values(&*self)
             .execute(&**conn) {