Additional checks for offline sync to prevent DB crash

bcgov · Feb 3, 2025 · 145f471 · 145f471
1 parent 4ce8ec8
commit 145f471
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 13 deletions.
diff --git a/api/src/paths/activity.ts b/api/src/paths/activity.ts
@@ -274,10 +274,19 @@ function createActivity(): RequestHandler {
     const data = { ...req.body, media_keys: req['media_keys'], user_role: req.authContext?.roles[0] };
 
     const sanitizedActivityData = new ActivityPostRequestBody(data);
-    sanitizedActivityData.created_by = req.authContext?.friendlyUsername;
-    sanitizedActivityData.created_by_with_guid = req.authContext?.preferredUsername;
-    sanitizedActivityData.updated_by = req.authContext?.friendlyUsername;
-    sanitizedActivityData.updated_by_with_guid = req.authContext?.preferredUsername;
+
+    if (!(req.authContext && req.authContext.preferredUsername && req.authContext.friendlyUsername)) {
+      return res.status(401).json({
+        message: 'Invalid request, authContext provides insufficient data to complete record metadata',
+        request: req.body,
+        namespace: 'activity',
+        code: 401
+      });
+    }
+
+    sanitizedActivityData.created_by_with_guid = req.authContext.preferredUsername;
+    sanitizedActivityData.updated_by_with_guid = req.authContext.preferredUsername;
+    sanitizedActivityData.updated_by = req.authContext.friendlyUsername;
 
     const connection = await getDBConnection();
 
@@ -383,9 +392,19 @@ function updateActivity(): RequestHandler {
 
     const isAdmin = (req as any).authContext.roles.find((role) => role.role_id === 18);
     const sanitizedActivityData = new ActivityPostRequestBody(data);
-    sanitizedActivityData.created_by_with_guid = req.authContext?.preferredUsername;
-    sanitizedActivityData.updated_by = req.authContext?.friendlyUsername;
-    sanitizedActivityData.updated_by_with_guid = req.authContext?.preferredUsername;
+
+    if (!(req.authContext && req.authContext.preferredUsername && req.authContext.friendlyUsername)) {
+      return res.status(401).json({
+        message: 'Invalid request, authContext provides insufficient data to complete record metadata',
+        request: req.body,
+        namespace: 'activity',
+        code: 401
+      });
+    }
+
+    sanitizedActivityData.created_by_with_guid = req.authContext.preferredUsername;
+    sanitizedActivityData.updated_by_with_guid = req.authContext.preferredUsername;
+    sanitizedActivityData.updated_by = req.authContext.friendlyUsername;
 
     const connection = await getDBConnection();
 

diff --git a/api/src/utils/auth-utils.ts b/api/src/utils/auth-utils.ts
@@ -117,6 +117,7 @@ export const authenticate = async (req: InvasivesRequest): Promise<void> => {
       if (!decoded || error) {
         if (error) defaultLog.error({ label: 'authenticate', message: 'token verification failure', error });
         reject(rejectWithErr('Token decode Failure'));
+        return;
       }
       req.keycloakToken = decoded;
 
@@ -125,17 +126,17 @@ export const authenticate = async (req: InvasivesRequest): Promise<void> => {
       if (decoded?.identity_provider === 'idir') {
         accountType = KeycloakAccountType.idir;
         if (!decoded?.idir_user_guid) {
-          reject(rejectWithErr('Invalid token - missing idir guid'));
+          return reject(rejectWithErr('Invalid token - missing idir guid'));
         }
         id = decoded.idir_user_guid;
       } else if (decoded.identity_provider === 'bceidbusiness') {
         accountType = KeycloakAccountType.bceid;
         if (!decoded?.bceid_user_guid) {
-          reject(rejectWithErr('Invalid token - missing bceid guid'));
+          return reject(rejectWithErr('Invalid token - missing bceid guid'));
         }
         id = decoded.bceid_user_guid;
       } else {
-        reject(rejectWithErr('Invalid token - Missing idir_userid or bceid_userid'));
+        return reject(rejectWithErr('Invalid token - Missing idir_userid or bceid_userid'));
       }
 
       getUserByKeycloakID(accountType, id)
@@ -187,19 +188,19 @@ export const authenticate = async (req: InvasivesRequest): Promise<void> => {
               })
               .catch((error: Error) => {
                 defaultLog.error({ label: 'authenticate', message: 'failed looking up roles', error });
-                reject(error);
+                return reject(error);
               })
               .then(() => {
                 // check if user has beta access
                 getV2BetaAccessForUser(user.user_id)
                   .then((betaAccess) => {
                     defaultLog.debug({ label: 'authenticate', message: 'looked up v2beta', betaAccess });
                     req.authContext.v2beta = betaAccess;
-                    resolve();
+                    return resolve();
                   })
                   .catch((error: Error) => {
                     defaultLog.error({ label: 'authenticate', message: 'failed looking up beta access', error });
-                    reject(error);
+                    return reject(error);
                   });
               });
           });