exports.addTeamToOrg = function(request, reply) {
var orgName = request.params.org;
var loggedInUser = request.loggedInUser && request.loggedInUser.name;
var teamName = request.payload["team-name"];
var description = request.payload.description;
var members = request.payload.member || [];
members = Array.isArray(members) ? members : [].concat(members);
if (invalidUserName(orgName)) {
return handleUserError(request, reply, '/org', "Invalid Org Name.");
}
if (invalidUserName(teamName)) {
return handleUserError(request, reply, '/org/' + orgName + '/team', "Invalid Team Name.");
}
return Org(loggedInUser)
.get(orgName)
.then(function() {
return Org(loggedInUser)
.addTeam({
orgScope: orgName,
teamName: teamName,
description: description
});
})
.then(function() {
// add members
return members.length ?
Team(loggedInUser)
.addUsers({
teamName: teamName,
scope: orgName,
users: members
})
: P.resolve(null);
})
.then(function() {
return reply.redirect('/org/' + orgName + '/team/' + teamName);
})
.catch(function(err) {
request.logger.error(err);
if (err.statusCode === 404) {
return reply.view('errors/not-found', err).code(404);
} else if (err.statusCode < 500) {
return handleUserError(request, reply, '/org', err.message);
} else {
return reply.view('errors/internal', err);
}
});
};
exports.getAddTeamPackagePage = function(request, reply) {
if (invalidUserName(request.params.org)) {
return reply.view('errors/not-found').code(404);
}
if (invalidUserName(request.params.teamName)) {
return reply.view('errors/not-found').code(404);
}
return exports._handleTeamAdditions(request, reply, 'team/add-package');
};
Joi.validate(data, schema, joiOptions, function (err, value) {
if (err) {
opts.errors.push(err.details);
}
if (data.password !== data.verify) {
opts.errors.push(new Error("Passwords don't match"));
}
userValidate.username(data.name) && opts.errors.push(userValidate.username(data.name));
if (opts.errors.length) {
timer.end = Date.now();
addLatencyMetric(timer, 'signup-form-error');
addMetric({name: 'signup-form-error'});
return reply.view('user/signup-form', opts);
}
delSession(value, function (er) {
if (er) {
return showError(request, reply, 'Unable to set the session for user ' + data.name, 500, er);
}
signupUser(value, function (er, user) {
if (er) {
return showError(request, reply, 'Failed to create account', 403, er);
}
setSession(user, function (err) {
if (err) {
return showError(request, reply, 'Unable to set the session for user ' + opts.user.name, 500, err);
}
timer.end = Date.now();
addLatencyMetric(timer, 'signup');
addMetric({name: 'signup'});
return reply.redirect('/profile-edit');
});
});
});
});
req.on('form', function (data) {
td.data = data
td.hiring = req.model.whoshiring
var name = data.name
, password = data.password
, verify = data.verify
, email = data.email
, errors = []
if (!name || !password || !verify || !email) {
errors.push(new Error('All fields are required'))
} else if (password !== verify) {
errors.push(new Error("Passwords don't match"))
}
//colloect other errors
userValidate.username(name) && errors.push(userValidate.username(name))
userValidate.pw(password) && errors.push(userValidate.pw(password))
userValidate.email(email) && errors.push(userValidate.email(email))
if (errors && errors.length) {
td.errors = errors
return res.template('signup-form.ejs', td, 400)
}
// ok, looks maybe ok.
var acct = { name: name, password: password, email: email }
req.session.del(function (er) {
if (er) return res.error(er)
req.couch.signup(acct, function (er, cr, data) {
if (er || cr && cr.statusCode >= 400 || data && data.error) {
td.error = "Failed creating account. CouchDB said: "
+ ((er && er.message) || (data && data.error))
return res.template('signup-form.ejs', td, 400)
}
req.session.set('profile', data, function (er) {
if (er) return res.error(er, 500)
req.metrics.counter('users>signups')
// it worked! now let them add some details
return res.redirect('/profile-edit')
})
})
})
})
function handle(request, reply) {
var opts = {
user: request.auth.credentials,
hiring: request.server.methods.getRandomWhosHiring()
};
var data = request.payload;
if (data.selected_name) {
return lookupUserByUsername(data.selected_name, request, reply);
}
if (!data.name_email) {
opts.error = "All fields are required";
return reply.view('password-recovery-form', opts).code(400);
}
var nameEmail = data.name_email.trim();
if (userValidate.username(nameEmail) && userValidate.email(nameEmail)) {
opts.error = "Need a valid username or email address";
return reply.view('password-recovery-form', opts).code(400);
}
// look up the user
if (nameEmail.indexOf('@') !== -1) {
return lookupUserByEmail(nameEmail, request, reply);
} else {
return lookupUserByUsername(nameEmail, request, reply);
}
}
Joi.validate(data, schema, joiOptions, function (err, value) {
if (err) {
opts.errors.push(err.details);
}
if (data.password !== data.verify) {
opts.errors.push(new Error("Passwords don't match"));
}
userValidate.username(data.name) && opts.errors.push(userValidate.username(data.name));
if (opts.errors.length) {
return reply.view('signup-form', opts);
}
request.auth.session.clear();
signupUser(value, function (er, user) {
if (er) {
opts.errors.push(er);
return reply.view('signup-form', opts);
}
var sid = murmurhash.v3(user.name, 55).toString(16);
user.sid = sid;
request.server.app.cache.set(sid, user, 0, function (err) {
if (err) {
console.log(err)
reply(err);
}
request.auth.session.set({sid: sid});
return reply().redirect('/profile-edit');
});
});
});
function readUsername (msg, username, opts, isRetry) {
if (!msg) msg = 'npm username: '******''})
.then((username) => readUsername(msg, username, opts, true))
}
function handle(request, reply) {
var opts = {
user: request.auth.credentials,
namespace: NAMESPACE
};
var data = request.payload;
if (data.selected_name) {
return lookupUserByUsername(data.selected_name, request, reply);
}
if (!data.name_email) {
opts.error = "All fields are required";
timer.end = Date.now();
metrics.addPageLatencyMetric(timer, 'password-recovery-error');
metrics.addMetric({ name: 'password-recovery-error' });
return reply.view('user/password-recovery-form', opts).code(400);
}
var nameEmail = data.name_email.trim();
if (userValidate.username(nameEmail) && userValidate.email(nameEmail)) {
opts.error = "Need a valid username or email address";
timer.end = Date.now();
metrics.addPageLatencyMetric(timer, 'password-recovery-error');
metrics.addMetric({ name: 'password-recovery-error' });
return reply.view('user/password-recovery-form', opts).code(400);
}
// look up the user
if (nameEmail.indexOf('@') !== -1) {
return lookupUserByEmail(nameEmail, request, reply);
} else {
return lookupUserByUsername(nameEmail, request, reply);
}
}
function handle(request, reply) {
var opts = { };
var data = request.payload;
if (data.selected_name) {
return lookupUserByUsername(data.selected_name, request, reply);
}
if (!data.name_email) {
opts.error = "All fields are required";
request.timing.page = 'password-recovery-error';
request.metrics.metric({
name: 'password-recovery-error'
});
return reply.view('user/password-recovery-form', opts).code(400);
}
var nameEmail = data.name_email.trim();
if (userValidate.username(nameEmail) && userValidate.email(nameEmail)) {
opts.error = "Need a valid username or email address";
request.timing.page = 'password-recovery-error';
request.metrics.metric({
name: 'password-recovery-error'
});
return reply.view('user/password-recovery-form', opts).code(400);
}
// look up the user
if (nameEmail.indexOf('@') !== -1) {
return lookupUserByEmail(nameEmail, request, reply);
} else {
return lookupUserByUsername(nameEmail, request, reply);
}
}
exports.getTeamCreationPage = function(request, reply) {
var orgName = request.params.org;
var loggedInUser = request.loggedInUser && request.loggedInUser.name;
if (invalidUserName(orgName)) {
return reply.view('errors/not-found').code(404);
}
Org(loggedInUser)
.get(orgName)
.then(function(org) {
var currentUserIsAdmin = org.users.items.filter(function(user) {
return user.role && user.role.match(/admin/);
}).some(function(admin) {
return admin.name === loggedInUser;
});
if (currentUserIsAdmin) {
return reply.view('org/add-team', {
org: request.params.org
});
} else {
return handleUserError(request, reply, '/org/' + orgName, "You do not have access to that page");
}
})
.catch(function(err) {
request.logger.error(err);
if (err.statusCode === 404) {
return reply.view('errors/not-found', err).code(404);
} else if (err.statusCode < 500) {
return handleUserError(request, reply, '/org/' + orgName, err.message);
} else {
return reply.view('errors/internal', err);
}
});
};
var invalidURL = referrer.split("/").some(function(path) {
return !!invalidUserName(path);
});
Joi.validate(data, schema, joiOptions, function (err, value) {
if (err) {
opts.errors.push(err.details);
}
if (data.password !== data.verify) {
opts.errors.push(new Error("Passwords don't match"));
}
userValidate.username(data.name) && opts.errors.push(userValidate.username(data.name));
if (opts.errors.length) {
return reply.view('signup-form', opts);
}
var timer = { start: Date.now() };
delSession(value, function (er) {
timer.end = Date.now();
addMetric({
name: 'latency',
value: timer.end - timer.start,
type: 'redis',
action: 'delSession'
});
if (er) {
return showError(request, reply, 'Unable to set the session for user ' + opts.user.name, 500, er);
}
timer.start = Date.now();
signupUser(value, function (er, user) {
timer.end = Date.now();
addMetric({
name: 'latency',
value: timer.end - timer.start,
type: 'couchdb',
action: 'signupUser'
});
if (er) {
return showError(request, reply, 'Failed to create account', 403, er);
}
timer.start = Date.now();
setSession(user, function (err) {
timer.end = Date.now();
addMetric({
name: 'latency',
value: timer.end - timer.start,
type: 'redis',
action: 'setSession'
});
if (err) {
return showError(request, reply, 'Unable to set the session for user ' + opts.user.name, 500, err);
}
addMetric({name: 'signup'});
return reply.redirect('/profile-edit');
});
});
});
});
function subscribeToOrg() {
var newUser = planData['new-user'];
if (newUser && invalidUserName(newUser)) {
var err = new Error("User name must be valid");
request.logger.error(err);
return request.saveNotifications([
P.reject(err.message)
]).then(function(token) {
var url = '/org/transfer-user-name';
var param = token ? "?notice=" + token : "";
param = param + "&orgScope=" + request.query.orgScope;
url = url + param;
return reply.redirect(url);
}).catch(function(err) {
request.logger.error(err);
});
}
// check if the org name works as a package name
var valid = validate('@' + planData.orgScope + '/foo');
if (!valid.errors) {
// now check if the org name works on its own
valid = validate(planData.orgScope);
}
if (valid.errors) {
return reply.view('org/create', {
stripePublicKey: process.env.STRIPE_PUBLIC_KEY,
notices: valid.errors
});
}
Org(loggedInUser)
.get(planData.orgScope).then(function() {
var err = new Error("Org already exists");
err.isUserError = true;
throw err;
}).catch(function(err) {
if (err.statusCode !== 404) {
throw err;
}
// org doesn't yet exist, transfer user then create org
var start = newUser ? User.new(request).toOrg(loggedInUser, newUser) : P.resolve(null);
return start.then(function(newUserData) {
var setSession = P.promisify(request.server.methods.user.setSession(request));
var delSession = P.promisify(request.server.methods.user.delSession(request));
loggedInUser = newUserData ? newUser : loggedInUser;
if (newUserData) {
return delSession(request.loggedInUser)
.then(function() {
request.logger.info("setting session to: " + loggedInUser);
return setSession({
name: loggedInUser
});
})
} else {
return Org(loggedInUser)
.create({
scope: planData.orgScope,
humanName: planData["human-name"]
});
}
}).then(function() {
planInfo.npm_org = planData.orgScope;
return Customer(loggedInUser).createSubscription(planInfo)
.tap(function(subscription) {
if (typeof subscription === 'string') {
request.logger.info("created subscription: ", planInfo);
}
return new P(function(accept, reject) {
User.new(request).dropCache(loggedInUser, function(err) {
if (err) {
request.logger.error(err);
return reject(err);
}
return accept();
});
});
}).then(function(subscription) {
return Customer(loggedInUser).extendSponsorship(subscription.license_id, loggedInUser);
}).then(function(extendedSponsorship) {
return Customer(loggedInUser).acceptSponsorship(extendedSponsorship.verification_key);
}).then(function() {
return reply.redirect('/org/' + planData.orgScope);
});
})
.catch(function(err) {
request.logger.error(err);
throw err;
});
}).catch(function(err) {
request.logger.error(err);
if (err.isUserError) {
return reply.view('org/create', {
stripePublicKey: process.env.STRIPE_PUBLIC_KEY,
notices: [err]
});
} else if (err.statusCode === 409 && err.message) {
return reply.view('org/create', {
stripePublicKey: process.env.STRIPE_PUBLIC_KEY,
inUseError: true,
orgScope: planData.orgScope,
humanName: planData["human-name"],
notices: [err]
});
} else {
return reply.view('errors/internal', err).code(500);
}
});
}
members = members.filter(function(member) {
return !invalidUserName(member);
});
exports.showTeam = function(request, reply) {
var orgName = request.params.org;
var teamName = request.params.teamName;
var loggedInUser = request.loggedInUser && request.loggedInUser.name;
if (invalidUserName(orgName)) {
return handleUserError(request, reply, '/org', "Invalid Org Name.");
}
if (invalidUserName(teamName)) {
return handleUserError(request, reply, '/org/' + orgName + '/team', "Invalid Team Name.");
}
var perms = {};
return Org(loggedInUser)
.get(orgName)
.then(function(org) {
var isSuperAdmin = org.users.items.filter(function(user) {
return user.role && user.role.match(/super-admin/);
}).some(function(admin) {
return admin.name === loggedInUser;
});
var isAtLeastTeamAdmin = org.users.items.filter(function(user) {
return user.role && user.role.match(/admin/);
}).some(function(admin) {
return admin.name === loggedInUser;
});
var isAtLeastMember = org.users.items.filter(function(user) {
return user.role && (user.role.match(/developer/) || user.role.match(/admin/));
}).some(function(member) {
return member.name === loggedInUser;
});
perms = {
isSuperAdmin: isSuperAdmin,
isAtLeastTeamAdmin: isAtLeastTeamAdmin,
isAtLeastMember: isAtLeastMember
};
request.logger.info(perms);
return Team(loggedInUser)
.get({
orgScope: orgName,
teamName: teamName,
detailed: true
});
})
.then(function(team) {
team.packages.items.forEach(function(pkg) {
if (pkg.permissions === 'write') {
pkg.canWrite = true;
}
if (pkg.access === 'restricted') {
pkg.private = true;
}
});
team.users.items.forEach(function(usr) {
usr.avatar = avatar(usr.email);
});
return reply.view('team/show', {
teamName: team.name,
description: team.description,
orgName: orgName,
members: team.users,
packages: team.packages,
perms: perms,
});
})
.catch(function(err) {
request.logger.error(err);
if (err.statusCode === 404) {
return reply.view('errors/not-found', err).code(404);
} else if (err.statusCode < 500) {
return handleUserError(request, reply, '/org/' + orgName, err.message);
} else {
return reply.view('errors/internal', err);
}
});
};
Joi.validate(data, schema, joiOptions, function(err, validatedUser) {
var opts = {
errors: []
};
if (err) {
opts.errors = err.details;
}
if (validatedUser.password !== validatedUser.verify) {
opts.errors.push({
message: new Error("passwords don't match").message
});
}
userValidate.username(validatedUser.name) && opts.errors.push({
message: userValidate.username(validatedUser.name).message
});
Scope().get(validatedUser.name, function(err, userExists) {
if (err && err.statusCode != 404) {
request.logger.warn('Unable to get user to validate');
return reply.view('errors/internal', opts).code(403);
}
if (userExists) {
opts.errors.push({
message: new Error("username already exists").message
});
}
if (opts.errors.length) {
request.timing.page = 'signup-form-error';
request.metrics.metric({
name: 'signup-form-error'
});
// give back the user input so the form can be
// partially re-populated
opts.userInput = validatedUser;
return reply.view('user/signup-form', opts).code(400);
}
delSession(validatedUser, function(er) {
if (er) {
request.logger.warn(er);
}
User.signup(validatedUser, function(er, user) {
if (er) {
request.logger.warn('Failed to create account.');
return reply.view('errors/internal', opts).code(403);
}
request.logger.info('created new user ' + user.name);
var almostARequest = {
auth: {
credentials: {
name: user.name
}
}
};
if (feature('bypass_email_verify', almostARequest)) {
User.confirmEmail(user).then(function() {
request.logger.info('Bypassed email verification');
}).catch(function(err) {
// This is for test purposes, don't let it block the main use cases.
request.logger.error(err);
});
}
setSession(user, function(err) {
if (err) {
request.logger.warn('Unable to set the session for new user ' + user.name);
// TODO why show an error here?
return reply.view('errors/internal', opts).code(500);
}
request.logger.info('created new user ' + user.name);
sendEmail('confirm-user-email', user, request.redis)
.then(function() {
request.logger.info('emailed new user at ' + user.email);
request.timing.page = 'signup';
request.metrics.metric({
name: 'signup'
});
return reply.redirect('/profile-edit?new-user=true');
})
.catch(function(er) {
var message = 'Unable to send email to ' + user.email;
request.logger.error(message);
request.logger.error(er);
// if we can't send the email, that shouldn't stop the user from
// completing the signup process - maybe we should just let
// them know?
opts.errors.push({
message: message + '. Please try again later.'
});
request.timing.page = 'signup';
request.metrics.metric({
name: 'signup'
});
return reply.redirect('/profile-edit?new-user=true');
});
});
});
});
});
});
function subscribeToOrg() {
var newUser = planData['new-user'];
if (newUser && invalidUserName(newUser)) {
var err = new Error("User name must be valid");
request.logger.error(err);
return request.saveNotifications([
P.reject(err.message)
]).then(function(token) {
var url = '/org/transfer-user-name';
var param = token ? "?notice=" + token : "";
param = param + "&orgScope=" + request.query.orgScope;
url = url + param;
return reply.redirect(url);
}).catch(function(err) {
request.logger.error(err);
});
}
// check if the org name works as a package name
var valid = validate('@' + planData.orgScope + '/foo');
if (!valid.errors) {
// now check if the org name works on its own
valid = validate(planData.orgScope);
}
if (valid.errors) {
return reply.view('org/create', {
stripePublicKey: process.env.STRIPE_PUBLIC_KEY,
errorNotices: valid.errors
});
}
var opts = {};
Org(loggedInUser)
.getInfo(planData.orgScope)
.then(function() {
throw Object.assign(new Error("Org already exists"), {
code: 'EEXIST',
statusCode: 409,
what: 'org'
});
})
.catch(function(err) {
if (err.statusCode !== 404) {
throw err;
}
// org doesn't yet exist, transfer user then create org
var start = newUser ? User(request.loggedInUser).toOrg(loggedInUser, newUser) : P.resolve(null);
return start;
})
.then(function(newUserData) {
var setSession = P.promisify(request.server.methods.user.setSession(request));
var delSession = P.promisify(request.server.methods.user.delSession(request));
loggedInUser = newUserData ? newUser : loggedInUser;
if (newUserData) {
return delSession(request.loggedInUser)
.then(function() {
request.logger.info("setting session to: " + loggedInUser);
return setSession({
name: loggedInUser
});
});
} else {
return Org(loggedInUser)
.create({
scope: planData.orgScope,
humanName: planData["human-name"]
});
}
})
.then(function() {
planInfo.npm_org = planData.orgScope;
return Customer(loggedInUser).createSubscription(planInfo);
})
.tap(function(subscription) {
if (typeof subscription === 'string') {
request.logger.info("created subscription: ", planInfo);
}
var dropCache = P.promisify(User(request.loggedInUser).dropCache);
return dropCache(loggedInUser);
})
.then(function(subscription) {
return Customer(loggedInUser).extendSponsorship(subscription.license_id, loggedInUser);
})
.then(function(extendedSponsorship) {
return Customer(loggedInUser).acceptSponsorship(extendedSponsorship.verification_key);
})
.then(function() {
return reply.redirect('/org/' + planData.orgScope);
})
.catch(function(err) {
if (!(err.code === 'EEXIST' && err.what === 'org')) {
throw err;
}
return Org(loggedInUser).getUsers(planData.orgScope)
.then(function(users) {
users = users || {};
users.items = users.items || [];
var isSuperAdmin = users.items.filter(function(user) {
return user.role && user.role.match(/super-admin/);
}).some(function(admin) {
return admin.name === loggedInUser;
});
if (isSuperAdmin) {
opts.users = users;
return request.customer.getLicenseForOrg(planData.orgScope);
} else {
throw Object.assign(new Error("Org already exists"), {
statusCode: 409,
code: 'EEXIST',
what: 'org'
});
}
})
.then(function(license) {
if (license && license.length) {
throw Object.assign(new Error("You already own this Organization"), {
code: 'EEXIST',
statusCode: 409,
what: 'license'
});
} else {
throw Object.assign(new Error("No license for this org"), {
code: 'ENOLICENSE',
statusCode: 404
});
}
})
.catch(function(err) {
if (err.code !== 'ENOLICENSE' && err.code !== 'ENOCUSTOMER') {
throw err;
}
planInfo.npm_org = planData.orgScope;
return request.customer.createSubscription(planInfo);
})
.then(function(license) {
license = license || {};
var extensions = opts.users.items.map(function(user) {
return request.customer.extendSponsorship(license.license_id, user.name);
});
return P.all(extensions);
})
.then(function(sponsorships) {
var acceptances = sponsorships.map(function(sponsorship) {
return request.customer.acceptSponsorship(sponsorship.verification_key);
});
return P.all(acceptances)
.catch(function(err) {
if (err.statusCode !== 409) {
throw err;
}
});
})
.then(function() {
var redirectUrl = "/org/" + planData.orgScope;
var message = "You have successfully restarted " + planData.orgScope;
return request.saveNotifications([
P.resolve(message)
]).then(function(token) {
var param = token ? "?notice=" + token : "";
redirectUrl = redirectUrl + param;
return reply.redirect(redirectUrl);
}).catch(function(err) {
request.logger.error(err);
return reply.redirect(redirectUrl);
});
});
})
.catch(function(err) {
if (!(err.statusCode === 409 && err.message)) {
throw err;
}
return reply.view('org/create', {
stripePublicKey: process.env.STRIPE_PUBLIC_KEY,
inUseError: true,
orgScope: planData.orgScope,
humanName: planData["human-name"],
errorNotices: [err]
});
})
.catch(function(err) {
if (err.statusCode < 500) {
request.logger.error(err);
return request.saveNotifications([
P.reject(err.message)
]).then(function(token) {
var url = '/org/create';
var param = token ? "?notice=" + token : "";
url = url + param;
return reply.redirect(url);
}).catch(function(err) {
request.logger.error(err);
});
} else {
return reply(err);
}
});
}