@pierluca's comments

web/backend/src/authManager.ts

@@ -21,6 +21,7 @@ export const PERMISSIONS = {
 };
 
 let authEnforcer: Enforcer;
+
 /*
 We use the postgres adapter to store the Casbin policies
 we initialize the adapter with the connection string and the migrate option
@@ -83,3 +84,13 @@ export function setMapAuthorization(list: string[][]): Map<String, Array<String>
   }
   return userRights;
 }
+
+// Reads a SCIPER from a string and returns the number. If the SCIPER is not in
+// the range between 100000 and 999999, an error is thrown.
+export function readSCIPER(s: string): number {
+  const n = parseInt(s, 10);
+  if (n < 100000 || n > 999999) {
+    throw new Error(`SCIPER is out of range. ${n} is not between 100000 and 999999`);
+  }
+  return n;
+}

web/backend/src/cli.ts

@@ -12,7 +12,7 @@ import { SequelizeAdapter } from 'casbin-sequelize-adapter';
 import { newEnforcer } from 'casbin';
 import { curve } from '@dedis/kyber';
 import * as fs from 'fs';
-import { PERMISSIONS } from './authManager';
+import { PERMISSIONS, readSCIPER } from './authManager';
 
 const program = new Command();
 
@@ -95,16 +95,13 @@ program
       const scipers: Array<string> = data.split('\n');
       const policies = [];
       for (let i = 0; i < scipers.length; i += 1) {
-        const sciper: number = Number(scipers[i]);
-        if (Number.isNaN(sciper)) {
-          throw new InvalidArgumentError(`SCIPER '${sciper}' on line ${i + 1} is not a number`);
-        }
-        if (sciper > 999999 || sciper < 100000) {
+        try {
+          policies[i] = [readSCIPER(scipers[i]), electionId, PERMISSIONS.ACTIONS.VOTE];
+        } catch (e) {
           throw new InvalidArgumentError(
-            `SCIPER '${sciper}' on line ${i + 1} is outside acceptable range (100000..999999)`
+            `SCIPER '${scipers[i]}' on line ${i + 1} is not a valid sciper: ${e}`
           );
         }
-        policies[i] = [scipers[i], electionId, PERMISSIONS.ACTIONS.VOTE];
       }
       const enforcer = await initEnforcer();
       await enforcer.addPolicies(policies);

web/backend/src/controllers/authentication.ts

@@ -1,7 +1,7 @@
 import express from 'express';
 import axios, { AxiosError } from 'axios';
 import { sciper2sess } from '../session';
-import { getUserPermissions, setMapAuthorization } from '../authManager';
+import { getUserPermissions, readSCIPER, setMapAuthorization } from '../authManager';
 
 export const authenticationRouter = express.Router();
 
@@ -18,20 +18,20 @@ authenticationRouter.get('/get_dev_login', (req, res) => {
     res.status(500).send(err);
     return;
   }
-  const sciper = parseInt(process.env.SCIPER_ADMIN, 10);
-  if (sciper < 100000 || sciper > 999999) {
-    const err = 'SCIPER_ADMIN must be between 100000 and 999999 included';
+  try {
+    req.session.userId = readSCIPER(process.env.SCIPER_ADMIN);
+    req.session.lastName = 'develo';
+    req.session.firstName = 'pment';
+  } catch (e) {
+    const err = `Invalid SCIPER_ADMIN: ${e}`;
     console.error(err);
     res.status(500).send(err);
     return;
   }
-  req.session.userId = sciper;
-  req.session.lastName = 'develo';
-  req.session.firstName = 'pment';
 
   const sciperSessions = sciper2sess.get(req.session.userId) || new Set<string>();
   sciperSessions.add(req.sessionID);
-  sciper2sess.set(sciper, sciperSessions);
+  sciper2sess.set(req.session.userId, sciperSessions);
 
   res.redirect('/logged');
 });

web/backend/src/controllers/users.ts

@@ -1,6 +1,6 @@
 import express from 'express';
 
-import { isAuthorized, PERMISSIONS } from '../authManager';
+import { isAuthorized, PERMISSIONS, readSCIPER } from '../authManager';
 
 export const usersRouter = express.Router();
 
@@ -26,13 +26,13 @@ usersRouter.post('/add_role', (req, res, next) => {
     return;
   }
 
-  const { sciper } = req.body;
-
-  // The sciper has to contain 6 numbers
-  if (sciper > 999999 || sciper < 100000) {
+  try {
+    readSCIPER(req.body.sciper);
+  } catch (e) {
     res.status(400).send('Sciper length is incorrect');
     return;
   }
+
   next();
   // Call https://search-api.epfl.ch/api/ldap?q=228271, if the answer is
   // empty then sciper unknown, otherwise add it in userDB