diff --git a/angular.json b/angular.json index dbd52a88e..30f72a28d 100644 --- a/angular.json +++ b/angular.json @@ -37,7 +37,12 @@ "src/styles.scss" ], "scripts": [], - "sourceMap": true + "sourceMap": true, + "vendorChunk": true, + "extractLicenses": false, + "buildOptimizer": false, + "optimization": false, + "namedChunks": true }, "configurations": { "production": { @@ -74,7 +79,8 @@ "production": { "browserTarget": "rpx-xui-manage-organisations:build:production" } - } + }, + "defaultConfiguration": "" }, "serveTest": { "builder": "@angular-devkit/build-angular:dev-server", diff --git a/api/.yarn/install-state.gz b/api/.yarn/install-state.gz index 1ad5315ee..990d73edb 100644 Binary files a/api/.yarn/install-state.gz and b/api/.yarn/install-state.gz differ diff --git a/api/allUserListWithoutRoles/index.ts b/api/allUserListWithoutRoles/index.ts index 2360a7767..7049b6110 100644 --- a/api/allUserListWithoutRoles/index.ts +++ b/api/allUserListWithoutRoles/index.ts @@ -11,7 +11,6 @@ export async function handleAllUserListRoute(req: Request, res: Response) { try { const rdProfessionalApiPath = getConfigValue(SERVICES_RD_PROFESSIONAL_API_PATH); const response = await req.http.get(getRefdataAllUserListUrl(rdProfessionalApiPath)); - logger.info('response::', response.data); res.send(response.data); } catch (error) { logger.error('error', error); diff --git a/api/application.ts b/api/application.ts index 11d5f6c4b..93847e3dd 100644 --- a/api/application.ts +++ b/api/application.ts @@ -13,6 +13,7 @@ import { FEATURE_REDIS_ENABLED, FEATURE_TERMS_AND_CONDITIONS_ENABLED, HELMET, SERVICES_CCD_DATA_STORE_API_PATH, + SERVICES_CCD_DEFINITION_STORE_API_PATH, SERVICES_FEE_AND_PAY_API_PATH, SERVICES_MCA_PROXY_API_PATH, SERVICES_RD_PROFESSIONAL_API_PATH, @@ -99,6 +100,8 @@ console.log('healthChecks', healthChecks); console.log('ccdData', getConfigValue(SERVICES_CCD_DATA_STORE_API_PATH)); +console.log('ccdDefinition', getConfigValue(SERVICES_CCD_DEFINITION_STORE_API_PATH)); + console.log('caseAssignmentApi', getConfigValue(SERVICES_MCA_PROXY_API_PATH)); console.log('caseTypes', getConfigValue(CASE_TYPES)); diff --git a/api/configuration/references.ts b/api/configuration/references.ts index d43307a35..ccb588c89 100644 --- a/api/configuration/references.ts +++ b/api/configuration/references.ts @@ -39,11 +39,13 @@ export const SERVICES_RD_PROFESSIONAL_API_PATH = 'services.rdProfessionalApi'; export const SERVICES_FEE_AND_PAY_API_PATH = 'services.feeAndPayApi'; export const SERVICES_TERMS_AND_CONDITIONS_API_PATH = 'services.termsAndConditions'; +export const SERVICES_CCD_DEFINITION_STORE_API_PATH = 'services.ccdDefinitionApi'; export const SERVICES_CCD_DATA_STORE_API_PATH = 'services.ccdDataApi'; export const SERVICES_MCA_PROXY_API_PATH = 'services.caseAssignmentApi'; export const SERVICES_IDAM_ISS_URL = 'iss'; export const SERVICES_ROLE_ASSIGNMENT_API_PATH = 'services.role_assignment.roleApi'; +export const SERVICES_ROLE_ASSIGNMENT_MAPPING_API_PATH = 'services.role_assignment.roleMappingApi'; export const SERVICES_PRD_COMMONDATA_API = 'services.prd.commondataApi'; diff --git a/api/editUserPermissions/index.ts b/api/editUserPermissions/index.ts index 68025c649..113342f63 100644 --- a/api/editUserPermissions/index.ts +++ b/api/editUserPermissions/index.ts @@ -30,6 +30,26 @@ async function inviteUserRoute(req: Request, res: Response) { } } +export async function ogdEditUserRoute(req: Request) { + let ogdErrReport: ErrorReport; + if (!req.params.userId) { + ogdErrReport = getErrorReport('UserId is missing', '400', 'User Permissions route error'); + throw (ogdErrReport); + } + const payload = req.body; + try { + const response = await req.http.put(getEditPermissionsUrl(getConfigValue(SERVICES_RD_PROFESSIONAL_API_PATH), req.params.userId), payload); + logger.info('response::', response.data); + + return (response.data); + } catch (error) { + logger.info('error', error); + const ogdEditStatus = error.status ? error.status : 500; + ogdErrReport = getErrorReport(getErrorMessage(error), ogdEditStatus, getErrorMessage(error)); + throw (ogdErrReport); + } +} + function getErrorMessage(error: any): string { return error && error.data ? error.data.message : ''; } diff --git a/api/inviteUser/index.ts b/api/inviteUser/index.ts index e4e78482f..fa68edc20 100644 --- a/api/inviteUser/index.ts +++ b/api/inviteUser/index.ts @@ -10,11 +10,12 @@ const logger = log4jui.getLogger('invite-user'); router.post('/', inviteUserRoute); +const rdProfessionalApiPath = getConfigValue(SERVICES_RD_PROFESSIONAL_API_PATH); +const reqUrl = getRefdataUserCommonUrlUtil(rdProfessionalApiPath); + export async function inviteUserRoute(req: Request, res: Response) { const payload = req.body; try { - const rdProfessionalApiPath = getConfigValue(SERVICES_RD_PROFESSIONAL_API_PATH); - const reqUrl = getRefdataUserCommonUrlUtil(rdProfessionalApiPath); logger.info('INVITE USER: request URL:: ', reqUrl); logger.info('INVITE USER: payload:: ', payload); const response = await req.http.post(reqUrl, payload); @@ -31,4 +32,23 @@ export async function inviteUserRoute(req: Request, res: Response) { res.status(status).send(errReport); } } + +export async function inviteUserRouteOGD(req: Request) { + const payload = req.body.userPayload; + try { + logger.info('INVITE USER OGD: request URL:: ', reqUrl); + const response = await req.http.post(reqUrl, payload); + logger.info('response::', response.data); + return (response.data); + } catch (error) { + logger.error('error', error); + const ogdStatus = exists(error, 'status') ? error.status : 500; + const ogdErrReport = { + apiError: valueOrNull(error, 'data.errorMessage'), + apiStatusCode: ogdStatus, + message: valueOrNull(error, 'data.errorDescription') + }; + throw (ogdErrReport); + } +} export default router; diff --git a/api/ogd/index.ts b/api/ogd/index.ts new file mode 100644 index 000000000..1caf88bf7 --- /dev/null +++ b/api/ogd/index.ts @@ -0,0 +1,54 @@ +import { Request, Response, Router } from 'express'; +import { compareAccessTypes } from '../retrieveAccessTypes'; +import { inviteUserRouteOGD } from '../inviteUser'; +import { ogdEditUserRoute } from '../editUserPermissions'; +import { refreshUser } from '../refresh-user'; +import * as log4jui from '../lib/log4jui'; + +export const router = Router({ mergeParams: true }); +const logger = log4jui.getLogger('OGD-FLOW'); + +export async function ogdInvite(req: Request, res: Response) { + try { + logger.info('ogdInvite:: Invite Request received'); + const userPayload = req.body.userPayload; + if (userPayload.roles.includes('pui-case-manager')) { + const compareResult = await compareAccessTypes(req); + req.body.userPayload = { ...userPayload, ...compareResult }; + } + const operationResult = await inviteUserRouteOGD(req); + const userId = operationResult.userIdentifier; + req.body = { userId }; + await refreshUser(req); + res.send(operationResult); + } catch (error) { + logger.error('ogdInvite:: Error ', error); + res.status(error.apiStatusCode || 500).json(error); + } +} + +export async function ogdUpdate(req: Request, res: Response) { + try { + logger.info('ogdUpdate:: Edit User Request received'); + const userPayload = req.body.userPayload; + const userId = req.params.userId; + if (userPayload.userAccessTypes.length > 0) { + const compareResult = await compareAccessTypes(req); + req.body = { ...userPayload, ...compareResult }; + } else { + req.body = userPayload; + } + const operationResult = await ogdEditUserRoute(req); + req.body = { userId }; + await refreshUser(req); + res.send(operationResult); + } catch (error) { + logger.error('ogdUpdate:: Error ', error); + res.status(error.apiStatusCode || 500).json(error); + } +} + +router.post('/invite', ogdInvite); +router.put('/update/:userId', ogdUpdate); + +export default router; diff --git a/api/refresh-user/index.ts b/api/refresh-user/index.ts new file mode 100644 index 000000000..4926c7348 --- /dev/null +++ b/api/refresh-user/index.ts @@ -0,0 +1,33 @@ +import { Request, Router } from 'express'; +import { getConfigValue } from '../configuration'; +import { SERVICES_ROLE_ASSIGNMENT_MAPPING_API_PATH } from '../configuration/references'; +import * as log4jui from '../lib/log4jui'; +import { exists, valueOrNull } from '../lib/util'; + +const logger = log4jui.getLogger('refresh-user'); + +export async function refreshUser(req: Request) { + const payload = req.body; + try { + const serviceApiBasePath = getConfigValue(SERVICES_ROLE_ASSIGNMENT_MAPPING_API_PATH); + const userId = payload.userId; + const reqUrl = `${serviceApiBasePath}/am/role-mapping/professional/refresh?userId=${userId}`; + logger.info('REFRESH USER: request URL:: ', reqUrl); + const response = await req.http.post(reqUrl); + logger.info('response::', response.data); + return response.data; + } catch (error) { + logger.error('error', error); + const status = exists(error, 'status') ? error.status : 500; + const errReport = { + apiError: valueOrNull(error, 'data.errorMessage'), + apiStatusCode: status, + message: valueOrNull(error, 'data.errorDescription') + }; + throw (errReport); + } +} + +export const router = Router({ mergeParams: true }); +router.post('/', refreshUser); +export default router; diff --git a/api/retrieveAccessTypes/accessTypesComparison.ts b/api/retrieveAccessTypes/accessTypesComparison.ts new file mode 100644 index 000000000..bc70136bb --- /dev/null +++ b/api/retrieveAccessTypes/accessTypesComparison.ts @@ -0,0 +1,51 @@ +// Function to compare the users accessType selections with the most recently obtained ones +export function processAccessTypes(currentOrganisationAccessTypes, userAccessTypeOptions) { + const processedAccessTypes = []; + const accessTypesMap = new Map(); + currentOrganisationAccessTypes.forEach((jurisdiction) => { + jurisdiction.accessTypes.forEach((accessType) => { + const key = `${jurisdiction.jurisdictionId}-${accessType.organisationProfileId}-${accessType.accessTypeId}`; + accessTypesMap.set(key, accessType); + }); + }); + + userAccessTypeOptions.userAccessTypes.forEach((userAccessType) => { + const key = `${userAccessType.jurisdictionId}-${userAccessType.organisationProfileId}-${userAccessType.accessTypeId}`; + const accessType = accessTypesMap.get(key); + + if (accessType && accessType.display) { + if (accessType.accessMandatory && accessType.accessDefault) { + // If access type is mandatory and default is true, set it to true + processedAccessTypes.push({ + jurisdictionId: userAccessType.jurisdictionId, + organisationProfileId: userAccessType.organisationProfileId, + accessTypeId: userAccessType.accessTypeId, + enabled: true + }); + } else { + // For non-mandatory access types or mandatory with default false, use user's selection + processedAccessTypes.push(userAccessType); + } + } + + // Remove the processed access type from the map + accessTypesMap.delete(key); + }); + + accessTypesMap.forEach((accessType, key) => { + if (accessType.display) { + const [jurisdictionId, organisationProfileId, accessTypeId] = key.split('-'); + processedAccessTypes.push({ + jurisdictionId, + organisationProfileId, + accessTypeId, + enabled: accessType.accessDefault + }); + } + }); + + return { + ...userAccessTypeOptions, + userAccessTypes: processedAccessTypes + }; +} diff --git a/api/retrieveAccessTypes/index.ts b/api/retrieveAccessTypes/index.ts new file mode 100644 index 000000000..6c0c773b4 --- /dev/null +++ b/api/retrieveAccessTypes/index.ts @@ -0,0 +1,56 @@ +import { Request, Response, Router } from 'express'; +import { getConfigValue } from '../configuration'; +import { SERVICES_CCD_DEFINITION_STORE_API_PATH } from '../configuration/references'; +import * as log4jui from '../lib/log4jui'; +import { exists, valueOrNull } from '../lib/util'; +import { processAccessTypes } from './accessTypesComparison'; + +const logger = log4jui.getLogger('retrive-access-types'); + +async function fetchAccessTypes(req: Request, payload: any): Promise { + try { + const ccdDefinitionStore = getConfigValue(SERVICES_CCD_DEFINITION_STORE_API_PATH); + const url = `${ccdDefinitionStore}/retrieve-access-types`; + logger.info('RETRIEVE ACCESS TYPES: request URL:: ', url); + const response = await req.http.post(url, payload); + return response.data; + } catch (error) { + logger.error(error); + throw error; + } +} + +export async function handleRetrieveAccessTypes(req: Request, res: Response) { + const payload = req.body; + try { + const data = await fetchAccessTypes(req, payload); + res.send(data); + } catch (error) { + const status = exists(error, 'status') ? error.status : 500; + const errReport = { + apiError: valueOrNull(error, 'data.errorMessage'), + apiStatusCode: status, + message: valueOrNull(error, 'data.errorDescription') + }; + res.status(status).send(errReport); + } +} + +export async function compareAccessTypes(req: Request) { + try { + const orgIdPayload = { organisationProfileIds: req.body.orgIdsPayload }; + const userAccessTypesPayload = req.body.userPayload; + const accessTypes = await fetchAccessTypes(req, orgIdPayload); + const comparedUserSelections = processAccessTypes(accessTypes.jurisdictions, userAccessTypesPayload); + return (comparedUserSelections); + } catch (error) { + logger.error('Error in compareAccessTypes:', error); + return ({ error: 'An error occurred while processing your request.' }); + } +} + +export const router = Router({ mergeParams: true }); + +router.post('/', handleRetrieveAccessTypes); +router.post('/compare', compareAccessTypes); +export default router; diff --git a/api/routes.ts b/api/routes.ts index cdff5e31a..5497cdb0b 100644 --- a/api/routes.ts +++ b/api/routes.ts @@ -23,6 +23,9 @@ import getTermsAndConditions from './termsAndConditions'; import userDetailsRouter from './user'; import getUserDetails from './user-details'; import getUserList from './userList'; +import refreshUser from './refresh-user'; +import retriveAccessTypes from './retrieveAccessTypes'; +import ogdInvite from './ogd'; const router = Router({ mergeParams: true }); @@ -40,6 +43,7 @@ router.use('/accounts', accountsRouter); router.use('/user', userDetailsRouter); router.use('/healthCheck', healthCheck); router.use('/inviteUser', inviteUser); +router.use('/refresh-user', refreshUser); router.use('/allUserList', getAllUserList); router.use('/allUserListWithoutRoles', getAllUserListWithoutRoles); router.use('/userList', getUserList); @@ -57,4 +61,6 @@ router.use('/caseshare', caseShareRouter); router.use('/pba', pbaRouter); router.use('/register-org', registerRouter); router.use('/user-details', getUserDetails); +router.use('/retrieve-access-types', retriveAccessTypes); +router.use('/ogd-flow', ogdInvite); export default router; diff --git a/charts/xui-mo-webapp/Chart.yaml b/charts/xui-mo-webapp/Chart.yaml index 64b24f350..85cc1c67e 100644 --- a/charts/xui-mo-webapp/Chart.yaml +++ b/charts/xui-mo-webapp/Chart.yaml @@ -1,13 +1,13 @@ apiVersion: v2 name: xui-mo-webapp home: https://github.com/hmcts/rpx-xui-manage-organisations -version: 1.1.16 +version: 1.1.17 description: Expert UI maintainers: - name: HMCTS RPX XUI dependencies: - name: nodejs - version: 3.0.0 + version: 3.1.0 repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/' - name: redis version: 16.13.0 diff --git a/charts/xui-mo-webapp/values.yaml b/charts/xui-mo-webapp/values.yaml index 7aa821599..f75a6673e 100644 --- a/charts/xui-mo-webapp/values.yaml +++ b/charts/xui-mo-webapp/values.yaml @@ -69,9 +69,11 @@ nodejs: MANAGE_CASE_LINK: https://manage-case.{{ .Values.global.environment }}.platform.hmcts.net/cases MANAGE_ORG_LINK: https://manage-org.{{ .Values.global.environment }}.platform.hmcts.net SERVICES_CCD_DATA_STORE_API: http://ccd-data-store-api-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal + SERVICES_CCD_DEFINITION_STORE_API: http://ccd-definition-store-api-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal SERVICES_MCA_PROXY_API: http://aac-manage-case-assignment-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal SERVICES_IDAM_ISS_URL: https://forgerock-am.service.core-compute-idam-{{ .Values.global.environment }}2.internal:8443/openam/oauth2/realms/root/realms/hmcts SERVICES_ROLE_ASSIGNMENT_API: http://am-role-assignment-service-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal + SERVICES_ROLE_ASSIGNMENT_MAPPING_API: http://am-org-role-mapping-service-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal keyVaults: rpx: diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json index e298ea90b..a601246b9 100644 --- a/config/custom-environment-variables.json +++ b/config/custom-environment-variables.json @@ -33,10 +33,12 @@ "feeAndPayApi": "FEE_AND_PAY_API", "termsAndConditions": "SERVICES_TERMS_AND_CONDITIONS_API_SERVICE", "ccdDataApi": "SERVICES_CCD_DATA_STORE_API", + "ccdDefinitionApi": "SERVICES_CCD_DEFINITION_STORE_API", "caseAssignmentApi": "SERVICES_MCA_PROXY_API", "role_assignment": { - "roleApi": "SERVICES_ROLE_ASSIGNMENT_API" - }, + "roleApi": "SERVICES_ROLE_ASSIGNMENT_API", + "roleMappingApi": "SERVICES_ROLE_ASSIGNMENT_MAPPING_API" + }, "prd": { "commondataApi": "SERVICES_PRD_COMMONDATA_API" } diff --git a/config/default.json b/config/default.json index 6d26816df..b4865f15c 100644 --- a/config/default.json +++ b/config/default.json @@ -36,9 +36,11 @@ "feeAndPayApi": "https://payment-api-prod.service.core-compute-prod.internal", "termsAndConditions": "http://xui-terms-and-conditions-aat.service.core-compute-aat.internal", "ccdDataApi": "http://ccd-data-store-api-prod.service.core-compute-prod.internal", + "ccdDefinitionApi": "http://ccd-definition-store-api-prod.service.core-compute-prod.internal", "caseAssignmentApi": "http://aac-manage-case-assignment-prod.service.core-compute-prod.internal", "role_assignment": { - "roleApi": "http://am-role-assignment-service-prod.service.core-compute-prod.internal" + "roleApi": "http://am-role-assignment-service-prod.service.core-compute-prod.internal", + "roleMappingApi": "http://am-org-role-mapping-service-prod.service.core-compute-prod.internal" }, "prd": { "commondataApi": "http://rd-commondata-api-prod.service.core-compute-prod.internal" diff --git a/package.json b/package.json index 249dc7766..e7664e33e 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "test:crossbrowser": "protractor ./test/e2e/config/crossbrowser.conf.js", "test:node": "cd api && yarn test", "test:functional": "yarn build && node ./test_codecept/backendMock/configCopy.js && NODE_CONFIG_ENV=mock && yarn playwright install chromium && yarn test:api && yarn run test:xuiIntegration && yarn run test:codeceptE2E", - "test:functional:backup": "webdriver-manager update --versions.chrome 2.40 && protractor ./test/e2e/config/functional.conf.js", + "yarn test:smoke": "webdriver-manager update --versions.chrome 2.40 && protractor ./test/e2e/config/functional.conf.js", "test:functional:local": "webdriver-manager update --versions.chrome 2.40 && protractor ./test/e2e/config/functional.conf.js --local", "test:fullfunctional": "yarn test:api && yarn run test:codeceptE2E", "test:fullfunctional:local": "webdriver-manager update --versions.chrome 2.40 && protractor ./test/e2e/config/fullfunctional.conf.js --local", diff --git a/src/app/app-initializer.ts b/src/app/app-initializer.ts index 8d82e6660..2194adab1 100644 --- a/src/app/app-initializer.ts +++ b/src/app/app-initializer.ts @@ -10,7 +10,8 @@ export function initApplication(store: Store): VoidFunction { store.dispatch(new fromApp.LoadFeatureToggleConfig([AppConstants.FEATURE_NAMES.feeAccount, AppConstants.FEATURE_NAMES.editUserPermissions, AppConstants.FEATURE_NAMES.caaMenuItems, - AppConstants.FEATURE_NAMES.newRegisterOrg])); + AppConstants.FEATURE_NAMES.newRegisterOrg, + AppConstants.FEATURE_NAMES.ogdInviteUserFlow])); store.pipe( select(fromSelectors.getAppState), diff --git a/src/app/app.constants.ts b/src/app/app.constants.ts index 38f79edaa..d42dbd8b9 100644 --- a/src/app/app.constants.ts +++ b/src/app/app.constants.ts @@ -8,7 +8,8 @@ const featureNames = { editUserPermissions: 'edit-permissions', removeUserFromCase: 'remove-user-from-case-mo', caaMenuItems: 'mo-caa-menu-items', - newRegisterOrg: 'mo-new-register-org' + newRegisterOrg: 'mo-new-register-org', + ogdInviteUserFlow: 'ogd-invite-user-flow' }; const navItemsArray: NavItemModel[] = [ @@ -208,6 +209,16 @@ const environmentNames = { const serviceMessagesFeatureToggleKey: string = 'mo-service-messages'; const serviceMessageCookie: string = 'mo_service_messages'; +const ogdProfileTypes = { + OGD_DWP_PROFILE: 'OGD_DWP_PROFILE', + SOLICITOR_PROFILE: 'SOLICITOR_PROFILE', + OGD_HO_PROFILE: 'OGD_HO_PROFILE', + OGD_HMRC_PROFILE: 'OGD_HMRC_PROFILE', + OGD_CICA_PROFILE: 'OGD_CICA_PROFILE', + OGD_CAFCASS_PROFILE_ENGLAND: 'OGD_CAFCASS_PROFILE_ENGLAND', + OGD_CAFCASS_PROFILE_CYMRU: 'OGD_CAFCASS_PROFILE_CYMRU' +}; + /** * Place to keep app constants. * Nice to have: The constants should also be injected into state to have single source of truth. @@ -230,4 +241,5 @@ export class AppConstants { public static FEATURE_NAMES = featureNames; public static SERVICE_MESSAGES_FEATURE_TOGGLE_KEY = serviceMessagesFeatureToggleKey; public static SERVICE_MESSAGE_COOKIE = serviceMessageCookie; + public static OGD_PROFILE_TYPES = ogdProfileTypes; } diff --git a/src/app/store/selectors/app.selectors.ts b/src/app/store/selectors/app.selectors.ts index 3f7a853b4..4093e2164 100644 --- a/src/app/store/selectors/app.selectors.ts +++ b/src/app/store/selectors/app.selectors.ts @@ -58,6 +58,17 @@ export const getCaaMenuItemsFeatureIsEnabled = createSelector( (featureFlag) => featureFlag && featureFlag.isEnabled ); +export const getOgdInviteUserFlowFeature = createSelector( + getFeatureFlag, + (featureFlags) => + featureFlags && featureFlags.find((flag) => flag.featureName === AppConstants.FEATURE_NAMES.ogdInviteUserFlow) +); + +export const getOgdInviteUserFlowFeatureIsEnabled = createSelector( + getOgdInviteUserFlowFeature, + (featureFlag) => featureFlag && featureFlag.isEnabled +); + export const getEditUserFeature = createSelector( getFeatureFlag, (featureFlags) => featureFlags && featureFlags.find((flag) => flag.featureName === AppConstants.FEATURE_NAMES.editUserPermissions) diff --git a/src/karma.conf.js b/src/karma.conf.js index 4591a6a6a..5d6df4e24 100644 --- a/src/karma.conf.js +++ b/src/karma.conf.js @@ -28,7 +28,7 @@ module.exports = function (config) { reporters: ['progress', 'coverage'], port: 9876, colors: true, - logLevel: config.LOG_INFO, + logLevel: config.LOG_WARN, autoWatch: true, browsers: ['ChromeHeadless'], singleRun: true diff --git a/src/models/organisation.model.ts b/src/models/organisation.model.ts index a87f7cc8e..5924d42ec 100644 --- a/src/models/organisation.model.ts +++ b/src/models/organisation.model.ts @@ -41,3 +41,24 @@ export interface OrganisationDetails { orgType?: string; orgAttributes?: {key: string, value: string}[]; } + +export interface Jurisdiction { + jurisdictionId: string; + jurisdictionName: string; + accessTypes: OrganisationAccessType[]; +} + +export interface JurisdictionResponse { + jurisdictions: Jurisdiction[] +} + +export interface OrganisationAccessType { + organisationProfileId: string; + accessTypeId: string; + accessMandatory: boolean; + accessDefault: boolean; + display: boolean; + description: string; + hint: string; + displayOrder: number; +} diff --git a/src/organisation/components/pba-numbers-form/pba-numbers-form.component.spec.ts b/src/organisation/components/pba-numbers-form/pba-numbers-form.component.spec.ts index 54d442c80..c18580eef 100644 --- a/src/organisation/components/pba-numbers-form/pba-numbers-form.component.spec.ts +++ b/src/organisation/components/pba-numbers-form/pba-numbers-form.component.spec.ts @@ -10,6 +10,7 @@ import { of } from 'rxjs'; import { OrganisationDetails } from '../../../models/organisation.model'; import { PbaNumbersFormComponent } from './pba-numbers-form.component'; +import { AppConstants } from '../../../app/app.constants'; const storeMock = { // eslint-disable-next-line @typescript-eslint/no-empty-function @@ -27,7 +28,7 @@ const mockOrganisationDetails: OrganisationDetails = { name: 'A Firm', organisationIdentifier: 'A111111', organisationProfileIds: [ - 'SOLICITOR_PROFILE' + AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE ], contactInformation: [{ addressLine1: '123 Street', diff --git a/src/organisation/containers/update-pba-check/update-pba-numbers-check.component.spec.ts b/src/organisation/containers/update-pba-check/update-pba-numbers-check.component.spec.ts index bc59b088a..0d3da35b8 100644 --- a/src/organisation/containers/update-pba-check/update-pba-numbers-check.component.spec.ts +++ b/src/organisation/containers/update-pba-check/update-pba-numbers-check.component.spec.ts @@ -9,6 +9,7 @@ import { DxAddress, OrganisationContactInformation, OrganisationDetails, PBANumb import { PBAService } from '../../services/pba.service'; import * as fromStore from '../../store'; import { UpdatePbaNumbersCheckComponent } from './update-pba-numbers-check.component'; +import { AppConstants } from '../../../app/app.constants'; @Component({ template: '
Nothing to see here. Move along, please.
' @@ -63,7 +64,7 @@ describe('UpdatePbaNumbersCheckComponent', () => { name: 'Luke Solicitors', organisationIdentifier: 'HAUN33E', organisationProfileIds: [ - 'SOLICITOR_PROFILE' + AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE ], contactInformation: [MOCK_CONTACT_INFORMATION], pendingPaymentAccount: [], diff --git a/src/organisation/containers/update-pba-numbers/update-pba-numbers.component.spec.ts b/src/organisation/containers/update-pba-numbers/update-pba-numbers.component.spec.ts index c1117bfa7..303360273 100644 --- a/src/organisation/containers/update-pba-numbers/update-pba-numbers.component.spec.ts +++ b/src/organisation/containers/update-pba-numbers/update-pba-numbers.component.spec.ts @@ -7,6 +7,7 @@ import * as fromRoot from '../../../app/store'; import { DxAddress, OrganisationContactInformation, OrganisationDetails } from '../../../models'; import * as fromOrgStore from '../../../users/store'; import { UpdatePbaNumbersComponent } from './update-pba-numbers.component'; +import { AppConstants } from '../../../app/app.constants'; const storeMock = { // eslint-disable-next-line @typescript-eslint/no-empty-function @@ -48,7 +49,7 @@ describe('UpdatePbaNumbersComponent', () => { name: 'Luke Solicitors', organisationIdentifier: 'HAUN33E', organisationProfileIds: [ - 'SOLICITOR_PROFILE' + AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE ], contactInformation: [contactInformation], status: 'ACTIVE', diff --git a/src/organisation/models/apiError.model.ts b/src/organisation/models/apiError.model.ts new file mode 100644 index 000000000..ba93de9f9 --- /dev/null +++ b/src/organisation/models/apiError.model.ts @@ -0,0 +1,5 @@ +export interface ApiError { + apiError: string; + apiStatusCode: number; + message: string; +} diff --git a/src/organisation/services/organisation.service.ts b/src/organisation/services/organisation.service.ts index e4cbb10a8..6789a145e 100644 --- a/src/organisation/services/organisation.service.ts +++ b/src/organisation/services/organisation.service.ts @@ -1,7 +1,8 @@ import { HttpClient, HttpErrorResponse } from '@angular/common/http'; import { Injectable } from '@angular/core'; -import { Observable, throwError } from 'rxjs'; +import { Observable, catchError, throwError } from 'rxjs'; +import { JurisdictionResponse } from 'src/models'; export const ENVIRONMENT = { orgUri: '/api/organisation' @@ -30,4 +31,10 @@ export class OrganisationService { return throwError( 'error please try again later.'); } + + public retrieveAccessType(organisationProfileIds: string[]): Observable { + return this.http + .post('/api/retrieve-access-types', { organisationProfileIds: organisationProfileIds }) + .pipe(catchError((error: any) => throwError(error.json()))); + } } diff --git a/src/organisation/store/actions/organisation.actions.spec.ts b/src/organisation/store/actions/organisation.actions.spec.ts index e8649957d..58258c2e0 100644 --- a/src/organisation/store/actions/organisation.actions.spec.ts +++ b/src/organisation/store/actions/organisation.actions.spec.ts @@ -1,3 +1,4 @@ +import { AppConstants } from '../../../app/app.constants'; import { OrganisationDetails } from '../../../models'; import { LoadOrganisation, @@ -21,7 +22,7 @@ describe('LoadOrganisationSuccess', () => { name: 'a@b.com', organisationIdentifier: 'A111111', organisationProfileIds: [ - 'SOLICITOR_PROFILE' + AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE ], contactInformation: [{ addressLine1: '10 oxford street', diff --git a/src/organisation/store/actions/organisation.actions.ts b/src/organisation/store/actions/organisation.actions.ts index 9701db47a..df2938e2d 100644 --- a/src/organisation/store/actions/organisation.actions.ts +++ b/src/organisation/store/actions/organisation.actions.ts @@ -1,6 +1,6 @@ // load organisation import { Action } from '@ngrx/store'; -import { OrganisationDetails } from '../../../models/organisation.model'; +import { Jurisdiction, OrganisationDetails } from '../../../models/organisation.model'; import { PBANumberModel } from '../../../models/pbaNumber.model'; import { PendingPaymentAccount } from '../../../models/pendingPaymentAccount.model'; @@ -17,6 +17,12 @@ export const ORGANISATION_UPDATE_PBA_ERROR = '[Organisation] Organisation Update export const ORGANISATION_UPDATE_PBA_ERROR_RESET = '[Organisation] Organisation Update PBAs Error Reset'; export const ORGANISATION_UPDATE_PROFILE_IDS = '[Organisation] Organisation Update Profile Ids'; +export const LOAD_ORGANISATION_ACCESS_TYPES = '[Organisation] Load Organisation Access Types'; +export const LOAD_ORGANISATION_ACCESS_TYPES_SUCCESS = '[Organisation] Load Organisation Access Types Success'; +export const LOAD_ORGANISATION_ACCESS_TYPES_FAIL = '[Organisation] Load Organisation Access Types Fail'; +export const LOAD_ORGANISATION_ACCESS_TYPES_FAIL_WITH_400 = '[Organisation] Load Organisation Access Types Fail with 400'; +export const LOAD_ORGANISATION_ACCESS_TYPES_FAIL_WITH_401 = '[Organisation] Load Organisation Access Types Fail with 401'; +export const LOAD_ORGANISATION_ACCESS_TYPES_FAIL_WITH_5xx = '[Organisation] Load Organisation Access Types Fail with 5xx'; export class LoadOrganisation { public readonly type = LOAD_ORGANISATION; @@ -67,6 +73,36 @@ export class OrganisationUpdateUpdateProfileIds implements Action { constructor(public payload: string[]) {} } +export class LoadOrganisationAccessTypes { + public readonly type = LOAD_ORGANISATION_ACCESS_TYPES; + constructor(public payload?: string[]) {} +} + +export class LoadOrganisationAccessTypesSuccess implements Action { + public readonly type = LOAD_ORGANISATION_ACCESS_TYPES_SUCCESS; + constructor(public payload?: Jurisdiction[]) {} +} + +export class LoadOrganisationAccessTypesFail implements Action { + public readonly type = LOAD_ORGANISATION_ACCESS_TYPES_FAIL; + constructor(public payload: any) {} +} + +export class LoadOrganisationAccessTypesFailWith400 implements Action { + public readonly type = LOAD_ORGANISATION_ACCESS_TYPES_FAIL_WITH_400; + constructor(public payload: any) {} +} + +export class LoadOrganisationAccessTypesFailWith401 implements Action { + public readonly type = LOAD_ORGANISATION_ACCESS_TYPES_FAIL_WITH_401; + constructor(public payload: any) {} +} + +export class LoadOrganisationAccessTypesFailWith5xx implements Action { + public readonly type = LOAD_ORGANISATION_ACCESS_TYPES_FAIL_WITH_5xx; + constructor(public payload: any) {} +} + export type organisationActions = | LoadOrganisation | LoadOrganisationSuccess @@ -77,4 +113,10 @@ export type organisationActions = | OrganisationUpdatePBAResponse | OrganisationUpdatePBAError | OrganisationUpdatePBAErrorReset - | OrganisationUpdateUpdateProfileIds; + | OrganisationUpdateUpdateProfileIds + | LoadOrganisationAccessTypes + | LoadOrganisationAccessTypesSuccess + | LoadOrganisationAccessTypesFailWith400 + | LoadOrganisationAccessTypesFailWith401 + | LoadOrganisationAccessTypesFailWith5xx + | LoadOrganisationAccessTypesFail; diff --git a/src/organisation/store/effects/organisation.effects.spec.ts b/src/organisation/store/effects/organisation.effects.spec.ts index 168ca2cad..f8303337a 100644 --- a/src/organisation/store/effects/organisation.effects.spec.ts +++ b/src/organisation/store/effects/organisation.effects.spec.ts @@ -10,6 +10,7 @@ import { LoggerService } from '../../../shared/services/logger.service'; import { OrganisationService } from '../../services'; import { LoadOrganisation, LoadOrganisationFail, LoadOrganisationSuccess } from '../actions'; import * as fromOrganisationEffects from './organisation.effects'; +import { AppConstants } from '../../../app/app.constants'; describe('Organisation Effects', () => { let actions$; @@ -61,7 +62,7 @@ describe('Organisation Effects', () => { name: 'a@b.com', organisationIdentifier: 'A111111', organisationProfileIds: [ - 'SOLICITOR_PROFILE' + AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE ], contactInformation: [{ addressLine1: '10 oxford street', diff --git a/src/organisation/store/effects/organisation.effects.ts b/src/organisation/store/effects/organisation.effects.ts index f64b8d62c..bb7f5fe7b 100644 --- a/src/organisation/store/effects/organisation.effects.ts +++ b/src/organisation/store/effects/organisation.effects.ts @@ -1,12 +1,15 @@ import { Injectable } from '@angular/core'; import { FeatureToggleService } from '@hmcts/rpx-xui-common-lib'; -import { Actions, Effect, ofType } from '@ngrx/effects'; +import { Actions, Effect, createEffect, ofType } from '@ngrx/effects'; +import { Action } from '@ngrx/store'; import { of } from 'rxjs'; import { catchError, map, switchMap, take } from 'rxjs/operators'; import { AppConstants } from '../../../app/app.constants'; import { LoggerService } from '../../../shared/services/logger.service'; import { OrganisationService } from '../../services'; import * as organisationActions from '../actions'; +import { LoadOrganisationAccessTypes } from '../actions'; +import { ApiError } from 'src/organisation/models/apiError.model'; @Injectable() export class OrganisationEffects { @@ -35,4 +38,34 @@ export class OrganisationEffects { ); }) ); + + public getAccessTypes$ = createEffect(() => + this.actions$.pipe( + ofType(organisationActions.LOAD_ORGANISATION_ACCESS_TYPES), + switchMap((action: LoadOrganisationAccessTypes) => { + return this.organisationService.retrieveAccessType(action.payload).pipe( + map((jurisdictions) => new organisationActions.LoadOrganisationAccessTypesSuccess(jurisdictions.jurisdictions)), + catchError((error) => { + this.loggerService.error(error.message); + return of(new organisationActions.LoadOrganisationAccessTypesFail(error)); + }) + ); + }) + ) + ); + + public static getErrorAction(error: ApiError): Action { + const errorCode = error.apiStatusCode; + if (errorCode >= 500 && errorCode <= 599){ + return new organisationActions.LoadOrganisationAccessTypesFailWith5xx(error); + } + switch (error.apiStatusCode) { + case 400: + return new organisationActions.LoadOrganisationAccessTypesFailWith400(error); + case 401: + return new organisationActions.LoadOrganisationAccessTypesFailWith401(error); + default: + return new organisationActions.LoadOrganisationAccessTypesFail(error); + } + } } diff --git a/src/organisation/store/reducers/organisation.reducer.ts b/src/organisation/store/reducers/organisation.reducer.ts index 1eaceb0ae..89737e2c7 100644 --- a/src/organisation/store/reducers/organisation.reducer.ts +++ b/src/organisation/store/reducers/organisation.reducer.ts @@ -1,9 +1,10 @@ -import { OrganisationDetails } from '../../../models/organisation.model'; +import { Jurisdiction, OrganisationDetails } from '../../../models/organisation.model'; import { PBANumberModel } from '../../../models/pbaNumber.model'; import * as fromOrganisation from '../actions/organisation.actions'; export interface OrganisationState { organisationDetails: OrganisationDetails; + organisationJurisdications: Jurisdiction[]; loaded: boolean; loading: boolean; error?: any; @@ -11,6 +12,7 @@ export interface OrganisationState { export const initialState: OrganisationState = { organisationDetails: null, + organisationJurisdications: [], loaded: false, loading: false }; @@ -20,7 +22,8 @@ export function reducer( action: fromOrganisation.organisationActions ): OrganisationState { switch (action.type) { - case fromOrganisation.LOAD_ORGANISATION: { + case fromOrganisation.LOAD_ORGANISATION: + case fromOrganisation.LOAD_ORGANISATION_ACCESS_TYPES: { return { ...state, loaded: false, @@ -30,8 +33,11 @@ export function reducer( case fromOrganisation.LOAD_ORGANISATION_SUCCESS: { const paymentAccount: PBANumberModel[] = []; // if the users are loaded before organisation, the profile ids will be added since this is not provided by the GET operation - action.payload = { ...action.payload, organisationProfileIds: state.organisationDetails?.organisationProfileIds }; - action.payload.paymentAccount.forEach((pba) => { + const newPayload = { + ...action.payload, + organisationProfileIds: state.organisationDetails?.organisationProfileIds + }; + newPayload.paymentAccount.forEach((pba) => { let pbaNumberModel: PBANumberModel; if (typeof pba === 'string') { pbaNumberModel = { @@ -41,7 +47,7 @@ export function reducer( paymentAccount.push(pbaNumberModel); }); const loadedOrgDetails = { - ...action.payload, + ...newPayload, paymentAccount, pendingAddPaymentAccount: [], pendingRemovePaymentAccount: [] @@ -53,6 +59,22 @@ export function reducer( }; } + case fromOrganisation.LOAD_ORGANISATION_ACCESS_TYPES_SUCCESS: { + return { + ...state, + loading: false, + organisationJurisdications: action.payload + }; + } + + case fromOrganisation.LOAD_ORGANISATION_ACCESS_TYPES_FAIL: { + return { + ...state, + loading: false, + loaded: false + }; + } + case fromOrganisation.UPDATE_ORGANISATION_PBA_PENDING_ADD: { const orgDetails = { ...state.organisationDetails, @@ -132,7 +154,9 @@ export function reducer( if (state.organisationDetails?.organisationProfileIds){ profileIds = state.organisationDetails?.organisationProfileIds ?? []; } - profileIds = [...new Set([...profileIds ?? [], ...action.payload])]; + if (action.payload){ + profileIds = [...new Set([...profileIds ?? [], ...action.payload])]; + } return { ...state, organisationDetails: { @@ -149,3 +173,4 @@ export function reducer( export const getOrganisation = (state: OrganisationState) => state.organisationDetails; export const getOrganisationLoaded = (state: OrganisationState) => state.loaded; export const getOrganisationError = (state: OrganisationState) => state.error; +export const getOrganisationAccessTypes = (state: OrganisationState) => state.organisationJurisdications; diff --git a/src/organisation/store/selectors/organisation.selectors.ts b/src/organisation/store/selectors/organisation.selectors.ts index 83266f321..b58516f29 100644 --- a/src/organisation/store/selectors/organisation.selectors.ts +++ b/src/organisation/store/selectors/organisation.selectors.ts @@ -23,3 +23,8 @@ export const getOrganisationError = createSelector( fromOrganisation.getOrganisationError ); +export const getAccessTypes = createSelector( + getOrganisationState, + fromOrganisation.getOrganisationAccessTypes +); + diff --git a/src/shared/components/phase-banner/phase-banner.component.html b/src/shared/components/phase-banner/phase-banner.component.html index a22b513a5..ec6fdc3dd 100644 --- a/src/shared/components/phase-banner/phase-banner.component.html +++ b/src/shared/components/phase-banner/phase-banner.component.html @@ -4,7 +4,7 @@ {{type}} - This is a new service – your feedback will help us to improve it. + This is a new service – your feedback will help us to improve it.

diff --git a/src/shared/services/logger.service.ts b/src/shared/services/logger.service.ts index e8db735ac..4e6ecd696 100644 --- a/src/shared/services/logger.service.ts +++ b/src/shared/services/logger.service.ts @@ -42,8 +42,8 @@ export class LoggerService implements ILoggerService { // eslint-disable-next-line @typescript-eslint/no-unused-vars public debug(message: any, ...additional: any[]): void { const formattedMessage = this.getMessage(message); - this.ngxLogger.debug(formattedMessage); - this.monitoringService.logEvent(message); + this.ngxLogger.debug(formattedMessage, additional); + this.monitoringService.logEvent(message, additional); } // eslint-disable-next-line @typescript-eslint/no-unused-vars diff --git a/src/shared/shared.module.ts b/src/shared/shared.module.ts index b273f2b7d..ac349c92d 100644 --- a/src/shared/shared.module.ts +++ b/src/shared/shared.module.ts @@ -23,6 +23,7 @@ import { HeadersService } from './services/headers.service'; import { HealthCheckService } from './services/health-check.service'; import { HttpIntercepterServer } from './services/http-interceptor.service'; import { MonitoringService } from './services/monitoring.service'; +import { RpxTranslationModule } from 'rpx-xui-translation'; @NgModule({ declarations: [ @@ -38,7 +39,8 @@ import { MonitoringService } from './services/monitoring.service'; RouterModule, CommonModule, GovUiModule, - LoaderModule + LoaderModule, + RpxTranslationModule.forChild() ], exports: [ GovUiModule, diff --git a/src/user-profile/models/editUser.model.ts b/src/user-profile/models/editUser.model.ts new file mode 100644 index 000000000..b940b2a4c --- /dev/null +++ b/src/user-profile/models/editUser.model.ts @@ -0,0 +1,18 @@ +import { UserAccessType } from '@hmcts/rpx-xui-common-lib'; + +export class EditUserModel { + constructor( + public id: string, + public email: string, + public firstName: string, + public lastName: string, + public idamStatus: string, + public rolesAdd: RoleChange[], + public rolesDelete: RoleChange[], + public userAccessTypes: UserAccessType[] + ) {} +} + +export interface RoleChange { + name: string; +} diff --git a/src/user-profile/services/user.service.spec.ts b/src/user-profile/services/user.service.spec.ts index b348577be..94082e281 100644 --- a/src/user-profile/services/user.service.spec.ts +++ b/src/user-profile/services/user.service.spec.ts @@ -1,17 +1,50 @@ +import { TestBed } from '@angular/core/testing'; +import { HttpClientTestingModule, HttpTestingController } from '@angular/common/http/testing'; +import { provideMockStore, MockStore } from '@ngrx/store/testing'; import { UserService } from './user.service'; +import * as fromRoot from '../../../src/app/store'; describe('User service', () => { - const mockHttpService = jasmine.createSpyObj('mockHttpService', ['put', 'get']); + let userService: UserService; + let httpTestingController: HttpTestingController; + let mockStore: MockStore; - it('should be Truthy', () => { - const userService = new UserService(mockHttpService); - expect(userService).toBeTruthy(); + const initialState = { }; + + beforeEach(() => { + TestBed.configureTestingModule({ + imports: [HttpClientTestingModule], + providers: [ + UserService, + provideMockStore({ initialState }) + ] + }); + + userService = TestBed.inject(UserService); + httpTestingController = TestBed.inject(HttpTestingController); + mockStore = TestBed.inject(MockStore); + + mockStore.overrideSelector(fromRoot.getOgdInviteUserFlowFeatureIsEnabled, false); + }); + + afterEach(() => { + httpTestingController.verify(); }); - it('editUser Permissions', () => { - const userService = new UserService(mockHttpService); - const editUser = { userId: '123', editUserRolesObj: {} }; - userService.editUserPermissions(editUser); - expect(mockHttpService.put).toHaveBeenCalledWith('/api/editUserPermissions/users/123', {}); + it('should send a request to the correct URL based on the ogdEnabled flag', () => { + const editUserMockOGD_True = { orgIdsPayload: ['SOLICITOR_PROFILE'], userPayload: { id: '123456' } }; + const editUserMockOGD_False = { id: '654321' }; + + userService.editUserPermissions(editUserMockOGD_False).subscribe(); + const req = httpTestingController.expectOne('/api/editUserPermissions/users/654321'); + expect(req.request.method).toEqual('PUT'); + req.flush({}); + + mockStore.overrideSelector(fromRoot.getOgdInviteUserFlowFeatureIsEnabled, true); + + userService.editUserPermissions(editUserMockOGD_True).subscribe(); + const reqOgd = httpTestingController.expectOne('/api/ogd-flow/update/123456'); + expect(reqOgd.request.method).toEqual('PUT'); + reqOgd.flush({}); }); }); diff --git a/src/user-profile/services/user.service.ts b/src/user-profile/services/user.service.ts index d402880e4..51c4afa37 100644 --- a/src/user-profile/services/user.service.ts +++ b/src/user-profile/services/user.service.ts @@ -1,17 +1,29 @@ import { HttpClient } from '@angular/common/http'; import { Injectable } from '@angular/core'; -import { Observable } from 'rxjs'; +import { Observable, switchMap } from 'rxjs'; import { UserInterface } from '../models/user.model'; +import { Store, select } from '@ngrx/store'; +import * as fromRoot from '../../../src/app/store'; @Injectable({ providedIn: 'root' }) export class UserService { - constructor(private readonly http: HttpClient) {} + constructor( + private readonly http: HttpClient, + private readonly rootStore: Store, + ) {} public editUserPermissions(editUser): Observable { - return this.http.put(`/api/editUserPermissions/users/${editUser.userId}`, editUser.editUserRolesObj); + return this.rootStore.pipe( + select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled), + switchMap((ogdEnabled) => { + const editUrl = ogdEnabled ? '/api/ogd-flow/update/' : '/api/editUserPermissions/users/'; + const userId = ogdEnabled ? editUser.userPayload.id : editUser.id; + return this.http.put(`${editUrl}${userId}`, editUser); + }) + ); } public getUserDetails(): Observable { diff --git a/src/user-profile/store/effects/user-profile.effects.ts b/src/user-profile/store/effects/user-profile.effects.ts index d191d02c0..d72c0502d 100644 --- a/src/user-profile/store/effects/user-profile.effects.ts +++ b/src/user-profile/store/effects/user-profile.effects.ts @@ -74,31 +74,39 @@ export class UserProfileEffects { * If PRD does not return a 201 or 204, then we show a permissions updated failure page. The permissions update failure * page allows the logged in User to retry editing permissions by showing them a link taking them back to the * Edit Permissions page. + * + * Additionally, a 500 status code is now returned within the statusUpdateResponse object if the API fails to update the user's access types. */ @Effect() public editUser$ = this.actions$.pipe( ofType(usersActions.EDIT_USER), - map((action: usersActions.EditUser) => action.payload), - switchMap((user) => { - return this.userService.editUserPermissions(user).pipe( + switchMap(({ payload, orgProfileIds }: usersActions.EditUser) => { + const user = payload; + const reqBody = orgProfileIds ? { userPayload: payload, orgIdsPayload: orgProfileIds } : payload; + return this.userService.editUserPermissions(reqBody).pipe( map((response) => { if (UserRolesUtil.doesRoleAdditionExist(response)) { if (response.roleAdditionResponse.idamStatusCode !== '201') { - return new usersActions.EditUserFailure(user.userId); + return new usersActions.EditUserFailure(user.id); } } if (UserRolesUtil.doesRoleDeletionExist(response)) { if (!UserRolesUtil.checkRoleDeletionsSuccess(response.roleDeletionResponse)) { - return new usersActions.EditUserFailure(user.userId); + return new usersActions.EditUserFailure(user.id); } } - return new usersActions.EditUserSuccess(user.userId); + // Changes to access types populate the statusUpdateResponse object with a 500 if API fails + if (response.statusUpdateResponse !== null && response.statusUpdateResponse.idamStatusCode === '500') { + return new usersActions.EditUserFailure(user.id); + } + + return new usersActions.EditUserSuccess(user.id); }), catchError((error) => { this.loggerService.error(error); - return of(new usersActions.EditUserServerError({ userId: user.userId, errorCode: error.apiStatusCode })); + return of(new usersActions.EditUserServerError({ userId: user.id, errorCode: error.apiStatusCode })); }) ); }) @@ -128,15 +136,4 @@ export class UserProfileEffects { ); }) ); - - @Effect() - public confirmEditUser$ = this.actions$.pipe( - ofType(usersActions.EDIT_USER_SUCCESS), - map((user: any) => { - return user.payload; // this is the userId - }), - switchMap(() => [ - new usersActions.LoadAllUsers() - ]) - ); } diff --git a/src/user-profile/store/effects/user.effects.spec.ts b/src/user-profile/store/effects/user.effects.spec.ts index 5d13c64ef..456d4a4ae 100644 --- a/src/user-profile/store/effects/user.effects.spec.ts +++ b/src/user-profile/store/effects/user.effects.spec.ts @@ -22,7 +22,8 @@ describe('User Profile Effects', () => { let loggerService: LoggerService; const userServiceMock = jasmine.createSpyObj('UserService', [ - 'getUserDetails' + 'getUserDetails', + 'editUserPermissions' ]); const acceptTandCSrviceMock = jasmine.createSpyObj('AcceptTcService', [ 'getHasUserAccepted', diff --git a/src/users/components/index.ts b/src/users/components/index.ts index 23ad3638a..b22ed637c 100644 --- a/src/users/components/index.ts +++ b/src/users/components/index.ts @@ -1,7 +1,50 @@ import { InviteUserFormComponent } from './invite-user-form/invite-user-form.component'; import { InviteUserPermissionComponent } from './invite-user-permissions/invite-user-permission.component'; +import { SearchFilterUserComponent } from './search-filter-users/search-filter-users.component'; +import { UserTableComponent } from './user-table/user-table.component'; +import { UserPersonalDetailsComponent } from './user-personal-details/user-personal-details.component'; +import { OrganisationAccessPermissionsComponent } from './organisation-access-permissions/organisation-access-permissions.component'; +import { StandardUserPermissionsComponent } from './standard-user-permissions/standard-user-permissions.component'; +import { OgdCafcassCyProfileContentComponent } from './ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component'; +import { OgdCafcassEnProfileContentComponent } from './ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component'; +import { OgdCicaProfileContentComponent } from './ogd-cica-profile-content/ogd-cica-profile-content.component'; +import { OgdDwpProfileContentComponent } from './ogd-dwp-profile-content/ogd-dwp-profile-content.component'; +import { OgdHmrcProfileContentComponent } from './ogd-hmrc-profile-content/ogd-hmrc-profile-content.component'; +import { OgdHoProfileContentComponent } from './ogd-ho-profile-content/ogd-ho-profile-content.component'; +import { SolicitorProfileContentComponent } from './solicitor-profile-content/solicitor-profile-content.component'; +import { JurisdictionAccessOptionsComponent } from './jurisdictions-access-options/jurisdiction-access-options.component'; -export const components: any[] = [InviteUserFormComponent, InviteUserPermissionComponent]; +export const components: any[] = [ + InviteUserFormComponent, + InviteUserPermissionComponent, + SearchFilterUserComponent, + UserTableComponent, + UserPersonalDetailsComponent, + OrganisationAccessPermissionsComponent, + StandardUserPermissionsComponent, + SolicitorProfileContentComponent, + OgdDwpProfileContentComponent, + OgdHoProfileContentComponent, + OgdHmrcProfileContentComponent, + OgdCicaProfileContentComponent, + OgdCafcassEnProfileContentComponent, + OgdCafcassCyProfileContentComponent, + JurisdictionAccessOptionsComponent +]; export * from './invite-user-form/invite-user-form.component'; export * from './invite-user-permissions/invite-user-permission.component'; +export * from './search-filter-users/search-filter-users.component'; +export * from './user-table/user-table.component'; +export * from './user-personal-details/user-personal-details.component'; +export * from './organisation-access-permissions/organisation-access-permissions.component'; +export * from './standard-user-permissions/standard-user-permissions.component'; +export * from './solicitor-profile-content/solicitor-profile-content.component'; +export * from './ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component'; +export * from './ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component'; +export * from './ogd-cica-profile-content/ogd-cica-profile-content.component'; +export * from './ogd-dwp-profile-content/ogd-dwp-profile-content.component'; +export * from './ogd-hmrc-profile-content/ogd-hmrc-profile-content.component'; +export * from './ogd-ho-profile-content/ogd-ho-profile-content.component'; +export * from './jurisdictions-access-options/jurisdiction-access-options.component'; + diff --git a/src/users/components/jurisdictions-access-options/jurisdiction-access-options.component.html b/src/users/components/jurisdictions-access-options/jurisdiction-access-options.component.html new file mode 100644 index 000000000..392465b2e --- /dev/null +++ b/src/users/components/jurisdictions-access-options/jurisdiction-access-options.component.html @@ -0,0 +1,35 @@ +
+ +
+
+
+ +
+ + + + {{ accesssType.hint }} + This checkbox is disabled + because this role is + mandatory. + +
+ +
+
+
+ +
\ No newline at end of file diff --git a/src/users/components/jurisdictions-access-options/jurisdiction-access-options.component.ts b/src/users/components/jurisdictions-access-options/jurisdiction-access-options.component.ts new file mode 100644 index 000000000..0ed8eb888 --- /dev/null +++ b/src/users/components/jurisdictions-access-options/jurisdiction-access-options.component.ts @@ -0,0 +1,9 @@ +import { Component, Input } from '@angular/core'; + +@Component({ + selector: 'app-jurisdiction-access-options', + templateUrl: './jurisdiction-access-options.component.html' +}) +export class JurisdictionAccessOptionsComponent { + @Input() jurisdictions?; +} diff --git a/src/users/components/ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component.html b/src/users/components/ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component.html new file mode 100644 index 000000000..cb7ff03ac --- /dev/null +++ b/src/users/components/ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component.html @@ -0,0 +1,3 @@ +

+ The following roles are available to manage cases for your organisation +

diff --git a/src/users/components/ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component.ts b/src/users/components/ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component.ts new file mode 100644 index 000000000..23ea4ecc1 --- /dev/null +++ b/src/users/components/ogd-cafcass-cy-profile-content/ogd-cafcass-cy-profile-content.component.ts @@ -0,0 +1,9 @@ +import { Component } from '@angular/core'; + +@Component({ + selector: 'app-ogd-cafcass-cy-profile-content', + templateUrl: './ogd-cafcass-cy-profile-content.component.html' +}) +export class OgdCafcassCyProfileContentComponent { + +} diff --git a/src/users/components/ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component.html b/src/users/components/ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component.html new file mode 100644 index 000000000..36c7dd178 --- /dev/null +++ b/src/users/components/ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component.html @@ -0,0 +1,3 @@ +

+ The following roles are available to manage cases for your organisation +

\ No newline at end of file diff --git a/src/users/components/ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component.ts b/src/users/components/ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component.ts new file mode 100644 index 000000000..b949dbb88 --- /dev/null +++ b/src/users/components/ogd-cafcass-en-profile-content/ogd-cafcass-en-profile-content.component.ts @@ -0,0 +1,9 @@ +import { Component } from '@angular/core'; + +@Component({ + selector: 'app-ogd-cafcass-en-profile-content', + templateUrl: './ogd-cafcass-en-profile-content.component.html' +}) +export class OgdCafcassEnProfileContentComponent { + +} diff --git a/src/users/components/ogd-cica-profile-content/ogd-cica-profile-content.component.html b/src/users/components/ogd-cica-profile-content/ogd-cica-profile-content.component.html new file mode 100644 index 000000000..36c7dd178 --- /dev/null +++ b/src/users/components/ogd-cica-profile-content/ogd-cica-profile-content.component.html @@ -0,0 +1,3 @@ +

+ The following roles are available to manage cases for your organisation +

\ No newline at end of file diff --git a/src/users/components/ogd-cica-profile-content/ogd-cica-profile-content.component.ts b/src/users/components/ogd-cica-profile-content/ogd-cica-profile-content.component.ts new file mode 100644 index 000000000..2c3c0a71b --- /dev/null +++ b/src/users/components/ogd-cica-profile-content/ogd-cica-profile-content.component.ts @@ -0,0 +1,9 @@ +import { Component } from '@angular/core'; + +@Component({ + selector: 'app-ogd-cica-profile-content', + templateUrl: './ogd-cica-profile-content.component.html' +}) +export class OgdCicaProfileContentComponent { + +} diff --git a/src/users/components/ogd-dwp-profile-content/ogd-dwp-profile-content.component.html b/src/users/components/ogd-dwp-profile-content/ogd-dwp-profile-content.component.html new file mode 100644 index 000000000..36c7dd178 --- /dev/null +++ b/src/users/components/ogd-dwp-profile-content/ogd-dwp-profile-content.component.html @@ -0,0 +1,3 @@ +

+ The following roles are available to manage cases for your organisation +

\ No newline at end of file diff --git a/src/users/components/ogd-dwp-profile-content/ogd-dwp-profile-content.component.ts b/src/users/components/ogd-dwp-profile-content/ogd-dwp-profile-content.component.ts new file mode 100644 index 000000000..9841f87c9 --- /dev/null +++ b/src/users/components/ogd-dwp-profile-content/ogd-dwp-profile-content.component.ts @@ -0,0 +1,9 @@ +import { Component } from '@angular/core'; + +@Component({ + selector: 'app-ogd-dwp-profile-content', + templateUrl: './ogd-dwp-profile-content.component.html' +}) +export class OgdDwpProfileContentComponent { + +} diff --git a/src/users/components/ogd-hmrc-profile-content/ogd-hmrc-profile-content.component.html b/src/users/components/ogd-hmrc-profile-content/ogd-hmrc-profile-content.component.html new file mode 100644 index 000000000..36c7dd178 --- /dev/null +++ b/src/users/components/ogd-hmrc-profile-content/ogd-hmrc-profile-content.component.html @@ -0,0 +1,3 @@ +

+ The following roles are available to manage cases for your organisation +

\ No newline at end of file diff --git a/src/users/components/ogd-hmrc-profile-content/ogd-hmrc-profile-content.component.ts b/src/users/components/ogd-hmrc-profile-content/ogd-hmrc-profile-content.component.ts new file mode 100644 index 000000000..a5edf7c82 --- /dev/null +++ b/src/users/components/ogd-hmrc-profile-content/ogd-hmrc-profile-content.component.ts @@ -0,0 +1,9 @@ +import { Component } from '@angular/core'; + +@Component({ + selector: 'app-ogd-hmrc-profile-content', + templateUrl: './ogd-hmrc-profile-content.component.html' +}) +export class OgdHmrcProfileContentComponent { + +} diff --git a/src/users/components/ogd-ho-profile-content/ogd-ho-profile-content.component.html b/src/users/components/ogd-ho-profile-content/ogd-ho-profile-content.component.html new file mode 100644 index 000000000..36c7dd178 --- /dev/null +++ b/src/users/components/ogd-ho-profile-content/ogd-ho-profile-content.component.html @@ -0,0 +1,3 @@ +

+ The following roles are available to manage cases for your organisation +

\ No newline at end of file diff --git a/src/users/components/ogd-ho-profile-content/ogd-ho-profile-content.component.ts b/src/users/components/ogd-ho-profile-content/ogd-ho-profile-content.component.ts new file mode 100644 index 000000000..359005939 --- /dev/null +++ b/src/users/components/ogd-ho-profile-content/ogd-ho-profile-content.component.ts @@ -0,0 +1,9 @@ +import { Component } from '@angular/core'; + +@Component({ + selector: 'app-ogd-ho-profile-content', + templateUrl: './ogd-ho-profile-content.component.html' +}) +export class OgdHoProfileContentComponent { + +} diff --git a/src/users/components/organisation-access-permissions/organisation-access-permissions.component.html b/src/users/components/organisation-access-permissions/organisation-access-permissions.component.html new file mode 100644 index 000000000..5c5655728 --- /dev/null +++ b/src/users/components/organisation-access-permissions/organisation-access-permissions.component.html @@ -0,0 +1,60 @@ +
+

Case management and access

+
+
+ + + + +
+ + + + + + + +
+ + +
+
+
+

+ + +

+
+
+
+
+ +
+ + + Warning + The below list contains all case types with additional access. You do not need to select additional access + for case types that you do not use. + +
+ + +
+
+
+ + + + +
+
+
\ No newline at end of file diff --git a/src/users/components/organisation-access-permissions/organisation-access-permissions.component.spec.ts b/src/users/components/organisation-access-permissions/organisation-access-permissions.component.spec.ts new file mode 100644 index 000000000..22eea848d --- /dev/null +++ b/src/users/components/organisation-access-permissions/organisation-access-permissions.component.spec.ts @@ -0,0 +1,225 @@ +import { ComponentFixture, TestBed } from '@angular/core/testing'; +import { ExuiCommonLibModule, User, UserAccessType } from '@hmcts/rpx-xui-common-lib'; +import { OrganisationAccessPermissionsComponent } from './organisation-access-permissions.component'; +import { Jurisdiction } from 'src/models'; +import { ReactiveFormsModule } from '@angular/forms'; +import { RpxTranslationService } from 'rpx-xui-translation'; +import { CaseManagementPermissions } from '../../models/case-management-permissions.model'; +import { + StandardUserPermissionsComponent, + SolicitorProfileContentComponent, + OgdDwpProfileContentComponent, + OgdHoProfileContentComponent, + OgdHmrcProfileContentComponent, + OgdCicaProfileContentComponent, + OgdCafcassEnProfileContentComponent, + OgdCafcassCyProfileContentComponent, + JurisdictionAccessOptionsComponent +} from '../../components'; +import { AppConstants } from '../../../app/app.constants'; + +describe('OrganisationAccessPermissionsComponent', () => { + const knownJurisdictions:Jurisdiction[] = [ + { + jurisdictionId: '5', + jurisdictionName: 'Family Public Law', + accessTypes: [ + { + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + accessTypeId: '1', + accessMandatory: false, + accessDefault: false, + display: true, + description: 'Non-mandatory access type', + hint: 'Hint for the BEFTA Master Jurisdiction Access Type.', + displayOrder: 3 + }, + { + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + accessTypeId: '2', + accessMandatory: false, + accessDefault: false, + display: false, + description: 'Non displayed access type', + hint: 'Hint for the BEFTA Master Jurisdiction Access Type.', + displayOrder: 2 + }, + { + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + accessTypeId: '3', + accessMandatory: false, + accessDefault: false, + display: true, + description: 'Access type already enabled by user', + hint: 'Hint for the BEFTA Master Jurisdiction Access Type.', + displayOrder: 1 + }, + { + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + accessTypeId: '4', + accessMandatory: false, + accessDefault: true, + display: true, + description: 'Default access type enabled', + hint: 'Hint for the BEFTA Master Jurisdiction Access Type.', + displayOrder: 3 + } + ] + } + ]; + + const knownExistingUserAccessType:UserAccessType[] = [ + { + jurisdictionId: '5', + accessTypeId: '3', + enabled: true, + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE + } + + ]; + + const userWithCaseManagerRole: User = { + email: 'john@doe.com', + fullName: 'John Doe', + userAccessTypes: knownExistingUserAccessType, + roles: ['pui-case-manager'] + }; + + const userWithoutCaseManagerRole: User = { + email: 'john@doe.com', + fullName: 'John Doe', + userAccessTypes: [], + roles: [] + }; + + let component: OrganisationAccessPermissionsComponent; + let fixture: ComponentFixture; + const translationMockService = jasmine.createSpyObj('translationMockService', ['translate', 'getTranslation$']); + + beforeEach(async () => { + await TestBed.configureTestingModule({ + declarations: [OrganisationAccessPermissionsComponent, StandardUserPermissionsComponent, + SolicitorProfileContentComponent, + OgdDwpProfileContentComponent, + OgdHoProfileContentComponent, + OgdHmrcProfileContentComponent, + OgdCicaProfileContentComponent, + OgdCafcassEnProfileContentComponent, + OgdCafcassCyProfileContentComponent, + JurisdictionAccessOptionsComponent], + imports: [ReactiveFormsModule, ExuiCommonLibModule], + providers: [{ provide: RpxTranslationService, useValue: translationMockService }] + }) + .compileComponents(); + + fixture = TestBed.createComponent(OrganisationAccessPermissionsComponent); + component = fixture.componentInstance; + }); + + afterEach(() => { + component.ngOnDestroy(); + }); + + describe('User with case manager role', () => { + beforeEach(() => { + component.jurisdictions = knownJurisdictions; + component.user = userWithCaseManagerRole; + }); + + it('should create', () => { + component.ngOnInit(); + fixture.detectChanges(); + + expect(component).toBeTruthy(); + expect(component.permissions).toBeTruthy(); + expect(component.jurisdictionPermissionsForm).toBeTruthy(); + }); + + it('should setup permissions model from org and user models', () => { + // act + component.ngOnInit(); + fixture.detectChanges(); + + // assert + const jurisdiction = component.permissions[0]; + // assert simple properties + expect(jurisdiction.jurisdictionName).toBe('Family Public Law'); + expect(jurisdiction.jurisdictionId).toBe('5'); + // should filter hidden access types + expect(jurisdiction.accessTypes.length).toBe(3); + // check order + expect(jurisdiction.accessTypes[0].accessTypeId).toBe('3'); + expect(jurisdiction.accessTypes[1].accessTypeId).toBe('1'); + expect(jurisdiction.accessTypes[2].accessTypeId).toBe('4'); + // check enabled + expect(jurisdiction.accessTypes[0].enabled).toBe(true); + expect(jurisdiction.accessTypes[1].enabled).toBe(false); + expect(jurisdiction.accessTypes[2].enabled).toBe(true); // mandatory must be enabled + }); + + it('should emit permissions model when form is updated', () => { + // arrange + spyOn(component.selectedPermissionsChanged, 'emit'); + component.ngOnInit(); + fixture.detectChanges(); + + // act + const jurisdiction = component.permissions[0]; + expect(jurisdiction.accessTypes[2].accessTypeId).withContext('access type with id 4 exists').toBe('4'); + expect(jurisdiction.accessTypes[2].enabled).withContext('access type with id 4 is enabled').toBe(true); + expect(fixture.debugElement.nativeElement.innerHTML).toContain('id="4"'); + const inputElement = fixture.nativeElement.querySelector('[id="4"]'); + inputElement.click(); + + // assert + expect(component.permissions[0].accessTypes.find((at) => at.accessTypeId === '4').enabled).toBe(false); + expect(component.selectedPermissionsChanged.emit).toHaveBeenCalledWith({ + manageCases: true, + userAccessTypes: component.mapPermissionsToUserAccessTypes() + } as CaseManagementPermissions); + }); + }); + + describe('User without case manager role', () => { + beforeEach(() => { + component.jurisdictions = knownJurisdictions; + component.user = userWithoutCaseManagerRole; + }); + + it('should set up with no access types', () => { + // arrange + spyOn(component.selectedPermissionsChanged, 'emit'); + component.ngOnInit(); + fixture.detectChanges(); + + // assert + expect(component).toBeTruthy(); + expect(component.permissions).toBeTruthy(); + expect(component.jurisdictionPermissionsForm).toBeTruthy(); + expect(component.selectedPermissionsChanged.emit).toHaveBeenCalledWith({ + manageCases: false, + userAccessTypes: [] + } as CaseManagementPermissions); + const inputElement = fixture.nativeElement.querySelector('[id="4"]'); + expect(inputElement).toBeNull(); + }); + + it('should display access types when case manager role is selected', () => { + // arrange + spyOn(component.selectedPermissionsChanged, 'emit'); + component.ngOnInit(); + fixture.detectChanges(); + + // act + const caseManageRoleCheckbox = fixture.nativeElement.querySelector('[id="enableCaseManagement"]'); + caseManageRoleCheckbox.click(); + expect(component.selectedPermissionsChanged.emit).toHaveBeenCalledWith({ + manageCases: true, + userAccessTypes: component.mapPermissionsToUserAccessTypes() + } as CaseManagementPermissions); + fixture.detectChanges(); + const accessTypeCheckbox = fixture.nativeElement.querySelector('[id="4"]'); + expect(accessTypeCheckbox).not.toBeNull(); + }); + }); +}); diff --git a/src/users/components/organisation-access-permissions/organisation-access-permissions.component.ts b/src/users/components/organisation-access-permissions/organisation-access-permissions.component.ts new file mode 100644 index 000000000..a0fd93d79 --- /dev/null +++ b/src/users/components/organisation-access-permissions/organisation-access-permissions.component.ts @@ -0,0 +1,263 @@ +import { AfterViewInit, ChangeDetectionStrategy, ChangeDetectorRef, Component, EventEmitter, Input, OnDestroy, OnInit, Output, SimpleChanges } from '@angular/core'; +import { FormArray, FormBuilder, FormControl, FormGroup, Validators } from '@angular/forms'; +import { User, UserAccessType } from '@hmcts/rpx-xui-common-lib'; +import { Observable, Subject, map, shareReplay, takeUntil } from 'rxjs'; +import { CaseManagementPermissions } from '../../models/case-management-permissions.model'; +import { Jurisdiction } from 'src/models'; +import { AppConstants } from '../../../app/app.constants'; +import { Accordion } from 'govuk-frontend'; +import { OrganisationProfileService } from 'src/users/services/org-profiles.service'; + +@Component({ + selector: 'app-organisation-access-permissions', + templateUrl: './organisation-access-permissions.component.html', + styleUrls: ['./organisation-access-permissions.scss'], + changeDetection: ChangeDetectionStrategy.OnPush +}) +export class OrganisationAccessPermissionsComponent implements OnInit, OnDestroy, AfterViewInit { + @Input() public jurisdictions: Jurisdiction[] = []; + @Input() public organisationProfileIds: string[] = []; + @Input() user: User; + + @Output() public selectedPermissionsChanged = new EventEmitter(); + + public permissions: JurisdictionPermissionViewModel[]; + public jurisdictionPermissionsForm: FormGroup; + public ogdProfileTypes = AppConstants.OGD_PROFILE_TYPES; + + public enableCaseManagement: boolean; + public orgProfileType: string; + + private userAccessTypes: UserAccessType[]; + private onDestroy$ = new Subject(); + + private accordianConfig = { + i18n: { + showSection: 'See additional types of access', + hideSection: 'Hide additional types of access' + }, + rememberExpanded: false + }; + + constructor( + private fb: FormBuilder, + private cdRef: ChangeDetectorRef, + private orgProfileService: OrganisationProfileService + ) {} + + ngOnInit(): void { + this.enableCaseManagement = this.user?.roles?.includes('pui-case-manager'); + this.userAccessTypes = this.user?.userAccessTypes ?? []; + this.initializeComponent(); + + this.publishCurrentPermissions(); + this.createFormAndPopulate(); + this.subscribeToAccessTypesChanges(); + } + + // If the user reloads on the invite page it doesnt handle the loading of data without the below block + ngOnChanges(changes: SimpleChanges): void { + if (changes.organisationProfileIds) { + this.orgProfileType = this.orgProfileService.getOrganisationProfileType(this.organisationProfileIds); + } + if (changes.jurisdictions) { + this.initAccordion(); + this.initializeComponent(); + } + } + + private initializeComponent(): void { + this.permissions = this.createPermissionsViewModel(); + this.orgProfileType = this.orgProfileService.getOrganisationProfileType(this.organisationProfileIds); + this.publishCurrentPermissions(); + this.createFormAndPopulate(); + this.subscribeToAccessTypesChanges(); + } + + ngOnDestroy(): void { + this.onDestroy$.next(); + this.onDestroy$.complete(); + } + + ngAfterViewInit(): void{ + this.initAccordion(); + } + + initAccordion(){ + const accordion1 = document.getElementById('org-access-accordion'); + new Accordion(accordion1, this.accordianConfig).init(); + } + + get jurisdictionsFormArray(): FormArray> { + return this.jurisdictionPermissionsForm.controls.jurisdictions; + } + + public createPermissionsViewModel() : JurisdictionPermissionViewModel[] { + if (!this.jurisdictions){ + return []; + } + return this.jurisdictions.map((jurisdiction) => { + // make a non-readonly copy of the access types so that we can sort them + const accessTypes = [...jurisdiction.accessTypes] + .sort((a, b) => a.displayOrder - b.displayOrder) + .filter((accessType) => accessType.display) + .map((accessType) => { + const accessTypePermissionViewModel:AccessTypePermissionViewModel = { + accessTypeId: accessType.accessTypeId, + enabled: accessType.accessDefault, + display: accessType.display, + description: accessType.description, + accessMandatory: accessType.accessMandatory, + hint: accessType.hint, + accessDefault: accessType.accessDefault + }; + const userAccessType = this.userAccessTypes?.find((ua) => ua.accessTypeId === accessType.accessTypeId && ua.jurisdictionId === jurisdiction.jurisdictionId); + if (userAccessType) { + accessTypePermissionViewModel.enabled = userAccessType.enabled; + } + return accessTypePermissionViewModel; + }); + + const permission:JurisdictionPermissionViewModel = { + jurisdictionId: jurisdiction.jurisdictionId, + jurisdictionName: jurisdiction.jurisdictionName, + accessTypes: accessTypes + }; + return permission; + }); + } + + public mapPermissionsToUserAccessTypes() { + if (!this.enableCaseManagement){ + return []; + } + const accessTypes = this.permissions.reduce((acc, permission) => { + const orgProfileId = this.jurisdictions[0].accessTypes[0].organisationProfileId; + const mappedAccessTypes = permission.accessTypes.map((accessType) => { + return { + jurisdictionId: permission.jurisdictionId, + organisationProfileId: orgProfileId, + accessTypeId: accessType.accessTypeId, + enabled: accessType.enabled + } as UserAccessType; + }); + return acc.concat(mappedAccessTypes); + }, []); + return accessTypes; + } + + private subscribeToAccessTypesChanges() { + this.jurisdictionPermissionsForm.controls.enableCaseManagement.valueChanges.pipe(takeUntil(this.onDestroy$)).subscribe((enableCaseManagement) => { + this.enableCaseManagement = enableCaseManagement; + this.publishCurrentPermissions(); + }); + this.jurisdictionsFormArray.controls.forEach((jurisdictionGroup: FormGroup) => { + this.createPermissionChangeObservableForGroup(jurisdictionGroup).pipe(takeUntil(this.onDestroy$)).subscribe(() => { + this.publishCurrentPermissions(); + }); + }); + } + + private publishCurrentPermissions() { + this.selectedPermissionsChanged.emit({ + manageCases: this.enableCaseManagement, + userAccessTypes: this.mapPermissionsToUserAccessTypes() + }); + } + + private createPermissionChangeObservableForGroup(jurisdictionGroup: FormGroup): Observable{ + return jurisdictionGroup.controls.accessTypes.valueChanges.pipe( + map((value) => { + const jurisdictionId = jurisdictionGroup.controls.jurisdictionId.value; + value.forEach((accessType) => { + this.updatePermissionsWithCurrentSelection(jurisdictionId, accessType.accessTypeId, accessType.enabled); + }); + return this.permissions; + }), + shareReplay(1)); + } + + private updatePermissionsWithCurrentSelection(jurisdictionId: string, accessTypeId: string, enabled: boolean) { + const jurisdictionPermissions = this.permissions.find((permission) => permission.jurisdictionId === jurisdictionId); + if (jurisdictionPermissions) { + const permissionAccessType = jurisdictionPermissions.accessTypes.find((pa) => pa.accessTypeId === accessTypeId); + if (permissionAccessType) { + permissionAccessType.enabled = enabled; + } + if (permissionAccessType.accessMandatory){ + permissionAccessType.enabled = true; + } + } + } + + private createFormAndPopulate() { + this.jurisdictionPermissionsForm = this.fb.nonNullable.group({ + enableCaseManagement: this.fb.nonNullable.control(this.enableCaseManagement), + jurisdictions: this.fb.nonNullable.array>([]) + }); + + this.populateFormWithExistingAccess(this.permissions); + this.cdRef.markForCheck(); + } + + private populateFormWithExistingAccess(permissions: JurisdictionPermissionViewModel[]) { + const permissionFGs = permissions.map((permission) => { + const accessTypesFGs = permission.accessTypes.map((accessType) => { + const validation = accessType.accessMandatory ? [Validators.required] : []; + // cater to edge case where existing access type is changed to mandatory, ignore user selection and set to accessDefault value + const accessTypeEnabledState = accessType.accessMandatory ? accessType.accessDefault : accessType.enabled; + return this.fb.nonNullable.group({ + accessTypeId: new FormControl(accessType.accessTypeId, Validators.required), + enabled: new FormControl({ value: accessTypeEnabledState, disabled: !accessType.display || accessType.accessMandatory }, validation), + display: new FormControl(accessType.display), + description: new FormControl(accessType.description), + hint: new FormControl(accessType.hint), + mandatory: new FormControl(accessType.accessMandatory) + }); + }); + const jurisdictionPermissionFG = this.fb.nonNullable.group({ + jurisdictionId: new FormControl(permission.jurisdictionId, Validators.required), + jurisdictionName: new FormControl(permission.jurisdictionName, Validators.required), + accessTypes: this.fb.nonNullable.array(accessTypesFGs) + }); + return jurisdictionPermissionFG; + }); + const permissionFormArray = this.fb.nonNullable.array>(permissionFGs); + this.jurisdictionPermissionsForm.controls.jurisdictions = permissionFormArray; + } +} + +interface JurisdictionPermissionViewModel { + jurisdictionId: string; + jurisdictionName: string; + accessTypes: AccessTypePermissionViewModel[]; +} +interface AccessTypePermissionViewModel { + accessTypeId: string; + enabled: boolean; + display: boolean; + accessMandatory: boolean; + description: string; + hint: string; + accessDefault: boolean; +} + +interface AccessForm { + enableCaseManagement: FormControl; + jurisdictions: FormArray>; +} + +interface JurisdictionPermissionViewModelForm{ + jurisdictionId: FormControl; + jurisdictionName: FormControl; + accessTypes: FormArray>; +} + +interface AccessTypePermissionViewModelForm{ + accessTypeId: FormControl; + enabled: FormControl; + display: FormControl; + description: FormControl; + hint: FormControl; + mandatory: FormControl; +} diff --git a/src/users/components/organisation-access-permissions/organisation-access-permissions.scss b/src/users/components/organisation-access-permissions/organisation-access-permissions.scss new file mode 100644 index 000000000..a4dd31750 --- /dev/null +++ b/src/users/components/organisation-access-permissions/organisation-access-permissions.scss @@ -0,0 +1,25 @@ +::ng-deep .govuk-accordion { + margin: 0; + border-bottom: 0 !important; + } + + .govuk-accordion__section-button { + border-top: 0 !important; + } + + ::ng-deep .js-enabled .govuk-accordion__controls { + display: none !important; + } + + ::ng-deep .hidden { + display: none; + } + + ::ng-deep .js-enabled .govuk-accordion__section-button:hover{ + background: none; + } + + ::ng-deep .govuk-warning-text__icon{ + background: #ffffff; + color: #0b0c0c; + } \ No newline at end of file diff --git a/src/users/components/search-filter-users/search-filter-users.component.html b/src/users/components/search-filter-users/search-filter-users.component.html new file mode 100644 index 000000000..a916d8e24 --- /dev/null +++ b/src/users/components/search-filter-users/search-filter-users.component.html @@ -0,0 +1,37 @@ + +
+ +
+

+ +

+
+ Enter at least 3 characters to begin filtering by name or email address +
+ + +
+ + {{judicialUser?.firstName ? judicialUser.firstName : ''}} {{judicialUser?.lastName ? + judicialUser.lastName : ''}} {{judicialUser?.email ? ' (' + judicialUser.email + ')' : ''}} + + + No results found + +
+ +
+ + + +
+ \ No newline at end of file diff --git a/src/users/components/search-filter-users/search-filter-users.component.scss b/src/users/components/search-filter-users/search-filter-users.component.scss new file mode 100644 index 000000000..7b5bb73df --- /dev/null +++ b/src/users/components/search-filter-users/search-filter-users.component.scss @@ -0,0 +1,26 @@ +::ng-deep .mat-mdc-autocomplete-panel.mat-mdc-autocomplete-visible{ + border-left: 2px solid #0b0c0c; + border-right: 2px solid #0b0c0c; + border-bottom: 2px solid #0b0c0c; +} + +::ng-deep .mdc-menu-surface.mat-mdc-autocomplete-panel.mat-mdc-autocomplete-visible{ + padding: 0; +} + +::ng-deep .hmcts-pagination__link{ + color: #1d70b8; +} + +.mat-mdc-option { + padding: 5px; + margin: 0; + background: #ffffff; + &:hover{ + background: #2596be; + } +} + +.hide-autocomplete{ + display: none; +} \ No newline at end of file diff --git a/src/users/components/search-filter-users/search-filter-users.component.spec.ts b/src/users/components/search-filter-users/search-filter-users.component.spec.ts new file mode 100644 index 000000000..63ebed680 --- /dev/null +++ b/src/users/components/search-filter-users/search-filter-users.component.spec.ts @@ -0,0 +1,136 @@ +import { ComponentFixture, TestBed } from '@angular/core/testing'; +import { SearchFilterUserComponent } from './search-filter-users.component'; +import { FormControl, FormGroup } from '@angular/forms'; +import { MatAutocompleteModule } from '@angular/material/autocomplete'; +import { PrdUser } from 'src/users/models/prd-users.model'; + +describe('SearchFilterUserComponent', () => { + let component: SearchFilterUserComponent; + let fixture: ComponentFixture; + + beforeEach(async () => { + await TestBed.configureTestingModule({ + imports: [ + MatAutocompleteModule + ], + declarations: [SearchFilterUserComponent] + }) + .compileComponents(); + }); + + beforeEach(() => { + fixture = TestBed.createComponent(SearchFilterUserComponent); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + it('should create', () => { + expect(component).toBeTruthy(); + }); + + it('should initialize form with default values', () => { + expect(component.searchFilterUserForm instanceof FormGroup).toBe(true); + expect(component.nameFilterControl instanceof FormControl).toBe(true); + expect(component.statusFilterControl instanceof FormControl).toBe(true); + }); + + it('should emit filter values', () => { + const filterParams = { name: 'John Doe', email: 'john@example.com', status: 'active' }; + spyOn(component.filterValues, 'emit'); + component.nameFilterControl.setValue({ firstName: 'John', lastName: 'Doe', email: 'john@example.com' } as PrdUser); + component.statusFilterControl.setValue('active'); + component.formatFiltersAndEmit(); + expect(component.filterValues.emit).toHaveBeenCalledWith(filterParams); + }); + + it('should filter judicial users based on search term', () => { + const usersList = [ + { firstName: 'John', lastName: 'Doe', email: 'john@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'Jane', lastName: 'Doe', email: 'jane@example.com', idamStatus: 'ACTIVE' } + ]; + component.usersList = usersList; + const searchTerm = 'john'; + const filteredUsers$ = component.filterJudicialUsers(searchTerm); + filteredUsers$.subscribe((filteredUsers) => { + expect(filteredUsers.length).toEqual(1); + expect(filteredUsers[0].firstName).toEqual('John'); + }); + }); + + it('should filter judicial users based on search term and return list in alphabetical order', () => { + const usersList = [ + { firstName: 'John', lastName: 'Doe', email: 'johnDoe@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doer', email: 'johnDoer@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Asd', email: 'johnAsd@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Cat', email: 'johnCat@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'Jerry', lastName: 'Cat', email: 'jerryCat@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'Johan', lastName: 'Doe', email: 'johanDoe@example.com', idamStatus: 'ACTIVE' } + ]; + const orderedList = [ + { firstName: 'Johan', lastName: 'Doe', email: 'johanDoe@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Asd', email: 'johnAsd@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Cat', email: 'johnCat@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doer', email: 'johnDoer@example.com', idamStatus: 'ACTIVE' } + ]; + + component.usersList = usersList; + const searchTerm = 'joh'; + const filteredUsers$ = component.filterJudicialUsers(searchTerm); + filteredUsers$.subscribe((filteredUsers) => { + expect(filteredUsers.length).toEqual(5); + expect(filteredUsers).toEqual(orderedList); + }); + }); + + it('should filter judicial users based on search term and return list in alphabetical order based on email', () => { + const usersList = [ + { firstName: 'John', lastName: 'Doe', email: 'johnDoe3@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe1@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe4@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe2@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Asd', email: 'johnAsd@example.com', idamStatus: 'ACTIVE' } + ]; + const orderedList = [ + { firstName: 'John', lastName: 'Asd', email: 'johnAsd@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe1@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe2@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe3@example.com', idamStatus: 'ACTIVE' }, + { firstName: 'John', lastName: 'Doe', email: 'johnDoe4@example.com', idamStatus: 'ACTIVE' } + ]; + + component.usersList = usersList; + const searchTerm = 'joh'; + const filteredUsers$ = component.filterJudicialUsers(searchTerm); + filteredUsers$.subscribe((filteredUsers) => { + expect(filteredUsers.length).toEqual(6); + expect(filteredUsers).toEqual(orderedList); + }); + }); + + it('should handle selection change and emit filter values', () => { + const event = { isUserInput: true, source: { value: { firstName: 'John', lastName: 'Doe', email: 'john@example.com' } } }; + spyOn(component.filterValues, 'emit'); + component.onSelectionChange(event); + expect(component.judicialUserSelected).toBe(true); + expect(component.filterValues.emit).toHaveBeenCalled(); + }); + + it('should handle blur event and emit filter values', () => { + const event = { relatedTarget: { role: 'option' } } as any; + spyOn(component.filterValues, 'emit'); + component.onBlur(event); + expect(component.nameFilterControl.value).toEqual(''); + expect(component.filterValues.emit).toHaveBeenCalled(); + }); + + it('should unsubscribe from observables on component destruction', () => { + spyOn(component.subscriptions$, 'next'); + spyOn(component.subscriptions$, 'complete'); + component.ngOnDestroy(); + expect(component.subscriptions$.next).toHaveBeenCalled(); + expect(component.subscriptions$.complete).toHaveBeenCalled(); + }); +}); diff --git a/src/users/components/search-filter-users/search-filter-users.component.ts b/src/users/components/search-filter-users/search-filter-users.component.ts new file mode 100644 index 000000000..192edc776 --- /dev/null +++ b/src/users/components/search-filter-users/search-filter-users.component.ts @@ -0,0 +1,183 @@ +import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from '@angular/core'; +import { FormControl, FormGroup, Validators } from '@angular/forms'; +import { Observable, Subject, combineLatest, of } from 'rxjs'; +import { debounceTime, distinctUntilChanged, filter, startWith, switchMap, takeUntil, tap } from 'rxjs/operators'; +import { PrdUser } from 'src/users/models/prd-users.model'; + +interface User { + firstName: string; + lastName: string; + email: string; + idamStatus: string; +} + +@Component({ + selector: 'app-search-filter-users', + templateUrl: './search-filter-users.component.html', + styleUrls: ['./search-filter-users.component.scss'] +}) +export class SearchFilterUserComponent implements OnInit, OnDestroy{ + @Output() filterValues = new EventEmitter<{ name: string; email: string; status: string }>(); + @Input() usersList: User[] = []; + + filteredJudicialUsers$: Observable; + searchFilterUserForm: FormGroup; + nameFilterControl: FormControl; + statusFilterControl: FormControl; + subscriptions$ = new Subject(); + minSearchCharacters = 3; + statusFilterConfig: any; + emitReset = false; + noResults = false; + searchTerm: string = ''; + showAutocomplete = false; + judicialUserSelected = false; + + ngOnInit() { + this.searchFilterUserForm = new FormGroup({ + nameFilter: new FormControl('', Validators.required), + statusFilter: new FormControl('all', Validators.required) + }); + + this.nameFilterControl = this.searchFilterUserForm.get('nameFilter') as FormControl; + this.statusFilterControl = this.searchFilterUserForm.get('statusFilter') as FormControl; + this.statusFilterConfig = this.initialiseSearchFilters(); + + this.filteredJudicialUsers$ = combineLatest([ + this.nameFilterControl.valueChanges.pipe( + startWith(''), + debounceTime(300), + tap((searchTerm: string) => { + this.searchTerm = searchTerm; + this.showAutocomplete = searchTerm.length >= this.minSearchCharacters; + }), + filter((searchTerm) => searchTerm.length >= this.minSearchCharacters) + ), + this.statusFilterControl.valueChanges.pipe( + startWith(null), + distinctUntilChanged() + ) + ]).pipe( + takeUntil(this.subscriptions$), + switchMap(([searchTerm, _]) => this.filterJudicialUsers(searchTerm).pipe( + tap((judicialUsers) => { + this.noResults = judicialUsers.length === 0; + if (searchTerm.length >= this.minSearchCharacters) { + this.showAutocomplete = true; + } + }) + )) + ); + + this.statusFilterControl.valueChanges.pipe( + distinctUntilChanged(), + takeUntil(this.subscriptions$) + ).subscribe(() => { + this.formatFiltersAndEmit(); + }); + } + + public formatFiltersAndEmit() { + const { value: nameFilterValue } = this.nameFilterControl as any; + const { value: statusFilterValue } = this.statusFilterControl; + const name = nameFilterValue && typeof nameFilterValue === 'object' + ? `${nameFilterValue.firstName || ''} ${nameFilterValue.lastName || ''}`.trim() + : ''; + const email = nameFilterValue.email || ''; + const filterParams = { + name, + email, + status: statusFilterValue !== 'all' ? statusFilterValue : '' + }; + this.filterValues.emit(filterParams); + } + + public initialiseSearchFilters(){ + return { + group: this.searchFilterUserForm, + config: { + hint: '', + id: 'statusFilter', + label: 'Filter by status', + classes: 'govuk-label--m', + isHeading: true + }, + items: [ + { + value: 'all', + label: 'All', + id: 'all' + }, + { + value: 'active', + label: 'Active', + id: 'active' + }, + { + value: 'pending', + label: 'Pending', + id: 'pending' + }, + { + value: 'suspended', + label: 'Suspended', + id: 'suspended' + } + ] + }; + } + + public displayJudicialUser(user?: any): string | undefined { + return user + ? `${user.firstName ? user.firstName : ''} ${user.lastName ? user.lastName : ''} ${user.email ? ` (${user.email})` : ''}` + : undefined; + } + + public filterJudicialUsers(searchTerm: string): Observable> { + return of(this.usersList.filter((item) => { + const searchStr = searchTerm.toLowerCase(); + const fullName = `${item.firstName} ${item.lastName}`.toLowerCase(); + const statusOption = this.statusFilterControl.value.toUpperCase(); + + const isSearchMatch = item.email.toLowerCase().includes(searchStr) || + item.firstName.toLowerCase().includes(searchStr) || + item.lastName.toLowerCase().includes(searchStr) || + fullName.includes(searchStr); + + const isStatusMatch = statusOption === 'ALL' || item.idamStatus === statusOption; + + return isSearchMatch && isStatusMatch; + }).sort((a, b) => { + const fullNameA = `${a.firstName} ${a.lastName}`.toLowerCase(); + const fullNameB = `${b.firstName} ${b.lastName}`.toLowerCase(); + if (fullNameA === fullNameB) { + return a.email.toLowerCase().localeCompare(b.email.toLowerCase()); + } + return fullNameA.localeCompare(fullNameB); + })); + } + + public onSelectionChange(event) { + if (event.isUserInput){ + this.judicialUserSelected = true; + this.searchFilterUserForm.get('nameFilter').setValue(event.source.value); + this.formatFiltersAndEmit(); + } + } + + public onBlur(event: FocusEvent): void { + const isStringValue = typeof this.nameFilterControl.value === 'string'; + const shouldFormatAndEmit = isStringValue && event.relatedTarget !== null; + if (!this.nameFilterControl.value) { + this.nameFilterControl.setValue(''); + } + if (shouldFormatAndEmit || !this.nameFilterControl.value) { + this.formatFiltersAndEmit(); + } + } + + ngOnDestroy() { + this.subscriptions$.next(); + this.subscriptions$.complete(); + } +} diff --git a/src/users/components/solicitor-profile-content/solicitor-profile-content.component.html b/src/users/components/solicitor-profile-content/solicitor-profile-content.component.html new file mode 100644 index 000000000..eaf1ca9ec --- /dev/null +++ b/src/users/components/solicitor-profile-content/solicitor-profile-content.component.html @@ -0,0 +1,15 @@ +
+

+ Standard access - All case types +

+

+ All users automatically get access to their own cases and those shared with them. +

+

+ Additional types of access +

+

+ Some case types have access options in addition to standard access. This could be access to manage all cases in your + organisation, rather than just their own cases. +

+
\ No newline at end of file diff --git a/src/users/components/solicitor-profile-content/solicitor-profile-content.component.scss b/src/users/components/solicitor-profile-content/solicitor-profile-content.component.scss new file mode 100644 index 000000000..c019a25dd --- /dev/null +++ b/src/users/components/solicitor-profile-content/solicitor-profile-content.component.scss @@ -0,0 +1,12 @@ +::ng-deep .govuk-accordion { + margin: 0; + border-bottom: 0 !important; +} + +.govuk-accordion__section-button { + border-top: 0 !important; +} + +::ng-deep .js-enabled .govuk-accordion__controls { + display: none !important; +} diff --git a/src/users/components/solicitor-profile-content/solicitor-profile-content.component.ts b/src/users/components/solicitor-profile-content/solicitor-profile-content.component.ts new file mode 100644 index 000000000..ec8990f8b --- /dev/null +++ b/src/users/components/solicitor-profile-content/solicitor-profile-content.component.ts @@ -0,0 +1,24 @@ +import { AfterViewInit, Component } from '@angular/core'; +import { Accordion } from 'govuk-frontend'; + +@Component({ + selector: 'app-solicitor-profile-content', + templateUrl: './solicitor-profile-content.component.html', + styleUrls: ['./solicitor-profile-content.component.scss'] +}) +export class SolicitorProfileContentComponent implements AfterViewInit { + private accordianConfig = { + i18n: { + showSection: 'Read more', + hideSection: 'Read less' + } + }; + + ngAfterViewInit(): void { + const accordion1 = document.getElementById('solicitor-profile-accordion'); + new Accordion(accordion1, this.accordianConfig).init(); + + const accordion2 = document.getElementById('additional-access-accordion'); + new Accordion(accordion2, this.accordianConfig).init(); + } +} diff --git a/src/users/components/standard-user-permissions/standard-user-permissions.component.html b/src/users/components/standard-user-permissions/standard-user-permissions.component.html new file mode 100644 index 000000000..c0cbd9fd0 --- /dev/null +++ b/src/users/components/standard-user-permissions/standard-user-permissions.component.html @@ -0,0 +1,73 @@ +
+

Administrator access permissions

+
+

+ Error: You must select at least + one action +

+
+ + + + + +
+ + + + + +
+
+
+
\ No newline at end of file diff --git a/src/users/components/standard-user-permissions/standard-user-permissions.component.spec.ts b/src/users/components/standard-user-permissions/standard-user-permissions.component.spec.ts new file mode 100644 index 000000000..07e6e2b7b --- /dev/null +++ b/src/users/components/standard-user-permissions/standard-user-permissions.component.spec.ts @@ -0,0 +1,78 @@ +import { ComponentFixture, TestBed } from '@angular/core/testing'; + +import { StandardUserPermissionsComponent } from './standard-user-permissions.component'; +import { ReactiveFormsModule } from '@angular/forms'; +import { ExuiCommonLibModule, FeatureToggleService, User } from '@hmcts/rpx-xui-common-lib'; +import { of } from 'rxjs'; +import { RpxTranslationService } from 'rpx-xui-translation'; + +describe('StaticUserPermissionsComponent', () => { + const knownUser: User = { + id: '123', + firstName: 'John', + lastName: 'Doe', + email: 'john@doe.com', + roles: [ + 'pui-case-manager', + 'pui-finance-manager', + 'pui-organisation-manager', + 'pui-caa' + ], + manageCases: 'Yes', + manageUsers: 'No', + manageOrganisations: 'Yes', + managePayments: 'Yes' + }; + let component: StandardUserPermissionsComponent; + let fixture: ComponentFixture; + let featureToggleServiceSpy: jasmine.SpyObj; + const translationMockService = jasmine.createSpyObj('translationMockService', ['translate', 'getTranslation$']); + + beforeEach(async () => { + featureToggleServiceSpy = jasmine.createSpyObj('FeatureToggleService', ['getValue']); + featureToggleServiceSpy.getValue.withArgs('mo-grant-case-access-admin', false).and.returnValue(of(true)); + featureToggleServiceSpy.getValue.withArgs('mo-grant-manage-fee-accounts', false).and.returnValue(of(true)); + + await TestBed.configureTestingModule({ + declarations: [StandardUserPermissionsComponent], + imports: [ReactiveFormsModule, ExuiCommonLibModule], + providers: [ + { provide: FeatureToggleService, useValue: featureToggleServiceSpy }, + { provide: RpxTranslationService, useValue: translationMockService } + ] + }) + .compileComponents(); + + fixture = TestBed.createComponent(StandardUserPermissionsComponent); + component = fixture.componentInstance; + component.user = knownUser; + fixture.detectChanges(); + }); + + afterEach(() => { + component.ngOnDestroy(); + }); + + it('should create', () => { + expect(component).toBeTruthy(); + expect(component.permissions).toBeTruthy(); + expect(component.permissions.isPuiUserManager).toBeFalse(); + expect(component.permissions.isPuiFinanceManager).toBeTrue(); + expect(component.permissions.isPuiOrganisationManager).toBeTrue(); + expect(component.permissions.isCaseAccessAdmin).toBeTrue(); + }); + + it('should emit permissions when form is updated', () => { + // arrange + const spy = spyOn(component.selectedPermissionsChanged, 'emit'); + fixture.detectChanges(); + + // act + const inputElement = fixture.nativeElement.querySelector('[id="isPuiUserManager"]'); + inputElement.click(); + + // assert + expect(component.permissions.isPuiUserManager).toBeTrue(); + expect(spy).toHaveBeenCalledWith(component.permissions); + }); +}); diff --git a/src/users/components/standard-user-permissions/standard-user-permissions.component.ts b/src/users/components/standard-user-permissions/standard-user-permissions.component.ts new file mode 100644 index 000000000..e08cc113a --- /dev/null +++ b/src/users/components/standard-user-permissions/standard-user-permissions.component.ts @@ -0,0 +1,113 @@ +import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from '@angular/core'; +import { FormBuilder, FormControl, FormGroup, ValidationErrors } from '@angular/forms'; +import { FeatureToggleService } from '@hmcts/rpx-xui-common-lib'; +import { Observable, Subject } from 'rxjs'; +import { User } from '@hmcts/rpx-xui-common-lib'; +import { BasicAccessTypes } from '../../models/basic-access-types.model'; + +@Component({ + selector: 'app-standard-user-permissions', + templateUrl: './standard-user-permissions.component.html' +}) +export class StandardUserPermissionsComponent implements OnInit, OnDestroy { + @Input() public user: User; + + @Output() public selectedPermissionsChanged = new EventEmitter(); + + public permissionsForm: FormGroup; + public permissions: BasicAccessTypes; + public errors: {basicPermissions: string[]} = { + basicPermissions: [] + }; + + public grantCaseAccessAdmin$: Observable; + public grantFinanceManager$: Observable; + + private onDestroy$ = new Subject(); + + constructor( + private fb: FormBuilder, + public readonly featureToggleService: FeatureToggleService + ) {} + + ngOnInit(): void { + this.grantCaseAccessAdmin$ = this.featureToggleService.getValue( + 'mo-grant-case-access-admin', + false + ); + this.grantFinanceManager$ = this.featureToggleService.getValue( + 'mo-grant-manage-fee-accounts', + false + ); + this.permissions = this.createPermissionsViewModelFromInput(); + this.selectedPermissionsChanged.emit(this.permissions); + this.createFormAndPopulate(); + this.subscribeToAccessTypesChanges(); + } + + ngOnDestroy(): void { + this.onDestroy$.next(); + this.onDestroy$.complete(); + } + + createFormAndPopulate() { + this.permissionsForm = this.fb.nonNullable.group({ + isPuiUserManager: new FormControl(this.permissions.isPuiUserManager), + isPuiOrganisationManager: new FormControl(this.permissions.isPuiOrganisationManager), + isPuiFinanceManager: new FormControl(this.permissions.isPuiFinanceManager), + isCaseAccessAdmin: new FormControl(this.permissions.isCaseAccessAdmin) + }, { validators: atLeastOneTrueValidator }); + } + + updateCurrentErrors(){ + if (this.permissionsForm.errors?.atLeastOneTrue){ + this.errors.basicPermissions = ['Select at least one permission']; + } else { + this.errors.basicPermissions = []; + } + } + + private subscribeToAccessTypesChanges() { + this.permissionsForm.valueChanges.subscribe((permissions) => { + this.permissions.isPuiUserManager = permissions.isPuiUserManager; + this.permissions.isPuiOrganisationManager = permissions.isPuiOrganisationManager; + this.permissions.isPuiFinanceManager = permissions.isPuiFinanceManager; + this.permissions.isCaseAccessAdmin = permissions.isCaseAccessAdmin; + this.selectedPermissionsChanged.emit(this.createPermissionsViewModelFromForm()); + this.updateCurrentErrors(); + }); + } + + private createPermissionsViewModelFromInput(): BasicAccessTypes { + return { + isPuiUserManager: this.user?.roles?.includes('pui-user-manager'), + isPuiOrganisationManager: this.user?.roles?.includes('pui-organisation-manager'), + isPuiFinanceManager: this.user?.roles?.includes('pui-finance-manager'), + isCaseAccessAdmin: this.user?.roles?.includes('pui-caa') + }; + } + + private createPermissionsViewModelFromForm(): BasicAccessTypes { + return { + isPuiUserManager: this.permissions.isPuiUserManager, + isPuiOrganisationManager: this.permissions.isPuiOrganisationManager, + isPuiFinanceManager: this.permissions.isPuiFinanceManager, + isCaseAccessAdmin: this.permissions.isCaseAccessAdmin + }; + } +} + +interface AccessForm { + isPuiUserManager: FormControl; + isPuiOrganisationManager: FormControl; + isPuiFinanceManager: FormControl; + isCaseAccessAdmin: FormControl; +} + +function atLeastOneTrueValidator(group: FormGroup): ValidationErrors | null { + const controls = Object.values(group.controls); + if (controls.some((control) => control.value === true)) { + return null; // return null if at least one control is true + } + return { atLeastOneTrue: true }; // return error if none are true +} diff --git a/src/users/components/user-personal-details/user-personal-details.component.html b/src/users/components/user-personal-details/user-personal-details.component.html new file mode 100644 index 000000000..d1d67480d --- /dev/null +++ b/src/users/components/user-personal-details/user-personal-details.component.html @@ -0,0 +1,94 @@ +

User Details

+

Add details of the user you want to invite

+ + +
+ + + + + + + + + + + + + + +
+ + +
+
+ +

{{ user.firstName }}

+
+ +
+ +

{{ user.lastName }}

+
+ +
+ +

{{ user.email }}

+
+
+ diff --git a/src/users/components/user-personal-details/user-personal-details.component.spec.ts b/src/users/components/user-personal-details/user-personal-details.component.spec.ts new file mode 100644 index 000000000..7f45cdc70 --- /dev/null +++ b/src/users/components/user-personal-details/user-personal-details.component.spec.ts @@ -0,0 +1,104 @@ +import { ComponentFixture, TestBed } from '@angular/core/testing'; + +import { UserPersonalDetailsComponent } from './user-personal-details.component'; +import { ExuiCommonLibModule, UserDetails } from '@hmcts/rpx-xui-common-lib'; +import { ReactiveFormsModule } from '@angular/forms'; +import { RpxTranslationService } from 'rpx-xui-translation'; + +describe('UserPersonalDetailsComponent', () => { + const knownUser: UserDetails = { + firstName: 'John', + lastName: 'Doe', + email: 'john@doe.com', + idamId: '123', + caseRoles: null + }; + + let component: UserPersonalDetailsComponent; + let fixture: ComponentFixture; + const translationMockService = jasmine.createSpyObj('translationMockService', ['translate', 'getTranslation$']); + + beforeEach(async () => { + await TestBed.configureTestingModule({ + imports: [ReactiveFormsModule, ExuiCommonLibModule], + declarations: [UserPersonalDetailsComponent], + providers: [{ provide: RpxTranslationService, useValue: translationMockService }] + }) + .compileComponents(); + + fixture = TestBed.createComponent(UserPersonalDetailsComponent); + component = fixture.componentInstance; + }); + + describe('Existing user is provided', () => { + beforeEach(() => { + component.user = knownUser; + fixture.detectChanges(); + }); + + it('should setup component as non-editable', () => { + expect(component).toBeTruthy(); + expect(component.user).toBeTruthy(); + expect(component.inviteMode).toBeFalse(); + expect(component.personalDetailForm).toBeTruthy(); + expect(component.personalDetailForm.controls.email.value).toBe(knownUser.email); + expect(component.personalDetailForm.controls.firstName.value).toBe(knownUser.firstName); + expect(component.personalDetailForm.controls.lastName.value).toBe(knownUser.lastName); + + expect(component.personalDetailForm.controls.email.disabled).toBeTrue(); + expect(component.personalDetailForm.controls.firstName.disabled).toBeTrue(); + expect(component.personalDetailForm.controls.lastName.disabled).toBeTrue(); + + const firstNameElement = fixture.nativeElement.querySelector('[id="firstName"]'); + expect(firstNameElement.textContent).toBe(knownUser.firstName); + + const lastNameElement = fixture.nativeElement.querySelector('[id="lastName"]'); + expect(lastNameElement.textContent).toBe(knownUser.lastName); + + const emailElement = fixture.nativeElement.querySelector('[id="email"]'); + expect(emailElement.textContent).toBe(knownUser.email); + }); + }); + + describe('Invite mode', () => { + beforeEach(() => { + component.user = undefined; + fixture.detectChanges(); + }); + + it('should setup component as editable', () => { + const spy = spyOn(component.personalDetailsChanged, 'emit'); + + expect(component).toBeTruthy(); + expect(component.user).toBeFalsy(); + expect(component.inviteMode).toBeTrue(); + expect(component.personalDetailForm).toBeTruthy(); + + expect(component.personalDetailForm.controls.email.disabled).toBeFalse(); + expect(component.personalDetailForm.controls.firstName.disabled).toBeFalse(); + expect(component.personalDetailForm.controls.lastName.disabled).toBeFalse(); + + const firstNameElement = fixture.nativeElement.querySelector('[id="firstName"]') as HTMLInputElement; + firstNameElement.value = 'John'; + firstNameElement.dispatchEvent(new Event('input')); + + expect(component.personalDetailForm.controls.firstName.value).toBe('John'); + + const lastNameElement = fixture.nativeElement.querySelector('[id="lastName"]'); + lastNameElement.value = 'Doe'; + lastNameElement.dispatchEvent(new Event('input')); + + const emailElement = fixture.nativeElement.querySelector('[id="email"]'); + emailElement.value = 'john@doe.com'; + // need to simluate all fields being touched + component.personalDetailForm.markAllAsTouched(); + emailElement.dispatchEvent(new Event('input')); + + expect(spy).toHaveBeenCalledWith({ + firstName: 'John', + lastName: 'Doe', + email: 'john@doe.com' + }); + }); + }); +}); diff --git a/src/users/components/user-personal-details/user-personal-details.component.ts b/src/users/components/user-personal-details/user-personal-details.component.ts new file mode 100644 index 000000000..c6de13c54 --- /dev/null +++ b/src/users/components/user-personal-details/user-personal-details.component.ts @@ -0,0 +1,102 @@ +import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from '@angular/core'; +import { FormBuilder, FormControl, FormGroup, Validators } from '@angular/forms'; +import { UserDetails } from '@hmcts/rpx-xui-common-lib'; +import { Subject } from 'rxjs'; +import { PersonalDetails } from '../../models/personal-details.model'; + +@Component({ + selector: 'app-user-personal-details', + templateUrl: './user-personal-details.component.html' +}) +export class UserPersonalDetailsComponent implements OnInit, OnDestroy { + public get user(): UserDetails { + return this._existingUser; + } + + @Input() + public set user(value: UserDetails) { + this._existingUser = value; + this.inviteMode = !value; + this.createFormAndPopulate(); + } + + @Output() public personalDetailsChanged = new EventEmitter(); + + public personalDetailForm: FormGroup; + // edit mode is currently read only + public inviteMode: boolean; + public errors: {firstName: string[], lastName: string[], email: string[]} = { + firstName: [], + lastName: [], + email: [] + }; + + private _existingUser: UserDetails; + + private onDestroy$ = new Subject(); + constructor(private fb: FormBuilder) { + } + + ngOnInit(): void { + this.createFormAndPopulate(); + } + + createFormAndPopulate() { + this.personalDetailForm = this.fb.nonNullable.group({ + email: this.fb.nonNullable.control({ value: this._existingUser?.email, disabled: !this.inviteMode }, [Validators.required, Validators.email]), + firstName: this.fb.nonNullable.control({ value: this._existingUser?.firstName, disabled: !this.inviteMode }, [Validators.required]), + lastName: this.fb.nonNullable.control({ value: this._existingUser?.lastName, disabled: !this.inviteMode }, [Validators.required]) + }); + this.personalDetailForm.valueChanges.subscribe((personalDetails) => { + if (this.personalDetailForm.invalid){ + this.updateCurrentErrors(); + } + + if (this.personalDetailForm.untouched) { + // wait until the whole form is complete before emitting + return; + } + + if (this.personalDetailForm.valid) { + this.personalDetailsChanged.emit({ + email: personalDetails.email, + firstName: personalDetails.firstName, + lastName: personalDetails.lastName }); + } else { + this.personalDetailsChanged.emit({ + email: null, + firstName: null, + lastName: null + }); + } + }); + } + + updateCurrentErrors(){ + this.errors.firstName = this.getErrorForControl('firstName', 'Enter first name'); + this.errors.lastName = this.getErrorForControl('lastName', 'Enter last name'); + this.errors.email = this.getErrorForControl('email', 'Enter a valid email address'); + } + + getErrorForControl(controlName: string, defaultMessage: string){ + if (!this.personalDetailForm.controls[controlName].touched){ + return []; + } + const errors = this.personalDetailForm.controls[controlName].errors; + if (errors){ + return [defaultMessage]; + } + return []; + } + + ngOnDestroy(): void { + this.onDestroy$.next(); + this.onDestroy$.complete(); + } +} + +interface PersonalDetailsForm { + firstName: FormControl; + lastName: FormControl; + email: FormControl; +} diff --git a/src/users/components/user-table/user-table-component.spec.ts b/src/users/components/user-table/user-table-component.spec.ts new file mode 100644 index 000000000..261a8998b --- /dev/null +++ b/src/users/components/user-table/user-table-component.spec.ts @@ -0,0 +1,54 @@ +import { UserTableComponent, FilterValues } from './user-table.component'; +import { User } from '@hmcts/rpx-xui-common-lib'; + +describe('UserTableComponent', () => { + let component: UserTableComponent; + + beforeEach(() => { + component = new UserTableComponent(); + component.users = [ + { fullName: 'John Doe', email: 'john@example.com', status: 'active' }, + { fullName: 'Jane Doe', email: 'jane@example.com', status: 'inactive' }, + { fullName: 'Bob Smith', email: 'bob@example.com', status: 'active' } + ] as User[]; + }); + + it('should initialize filteredItems and pagination on ngOnInit', () => { + component.ngOnInit(); + expect(component.filteredItems).toEqual(component.users); + expect(component.pagination).toEqual({ itemsPerPage: 50, currentPage: 0, totalItems: component.users.length }); + }); + + it('should update pagination on updatePagination', () => { + component.filteredItems = [component.users[0]]; + component.updatePagination(); + expect(component.pagination).toEqual({ itemsPerPage: 50, currentPage: 0, totalItems: 1 }); + }); + + it('should filter by name', () => { + component.filterValues = { name: 'John Doe' } as FilterValues; + component.applyFilter(); + expect(component.filteredItems.length).toBe(1); + expect(component.filteredItems[0].fullName).toBe('John Doe'); + }); + + it('should filter by email', () => { + component.filterValues = { email: 'jane@example.com' } as FilterValues; + component.applyFilter(); + expect(component.filteredItems.length).toBe(1); + expect(component.filteredItems[0].email).toBe('jane@example.com'); + }); + + it('should filter by status', () => { + component.filterValues = { status: 'active' } as FilterValues; + component.applyFilter(); + expect(component.filteredItems.length).toBe(2); + expect(component.filteredItems.every((user) => user.status === 'active')).toBeTruthy(); + }); + + it('should handle empty filter values', () => { + component.filterValues = {} as FilterValues; + component.applyFilter(); + expect(component.filteredItems.length).toBe(3); + }); +}); diff --git a/src/users/components/user-table/user-table.component.html b/src/users/components/user-table/user-table.component.html new file mode 100644 index 000000000..078480653 --- /dev/null +++ b/src/users/components/user-table/user-table.component.html @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + + + + + + + + +
{{ 'Name' | rpxTranslate }}{{ 'Email' | rpxTranslate }}{{ 'Status' | rpxTranslate }}
+ {{ u.fullName }} + {{ u.email }}{{ u.status }}
No users matching Name/Status
+ \ No newline at end of file diff --git a/src/users/components/user-table/user-table.component.ts b/src/users/components/user-table/user-table.component.ts new file mode 100644 index 000000000..6d1cda2e5 --- /dev/null +++ b/src/users/components/user-table/user-table.component.ts @@ -0,0 +1,59 @@ +import { Component, EventEmitter, Input, OnInit, Output, SimpleChanges } from '@angular/core'; +import { Pagination, User } from '@hmcts/rpx-xui-common-lib'; + +export interface FilterValues { + name?: string; + email?: string; + status?: string; +} + +@Component({ + selector: 'app-prd-users-table', + templateUrl: './user-table.component.html' +}) + +export class UserTableComponent implements OnInit { + @Input() users: User[] = []; + @Input() moreItems: boolean; + @Input() firstRecord: number; + @Input() filterValues: FilterValues; + + @Output() userClick = new EventEmitter(); + + pagination: Pagination; + currentPage = 0; + filteredItems: any; + + ngOnInit() { + this.filteredItems = this.users; + this.pagination = { itemsPerPage: 50, currentPage: this.currentPage, totalItems: this.filteredItems.length }; + } + + ngOnChanges(changes: SimpleChanges) { + if (changes.filterValues) { + this.applyFilter(); + } + } + + applyFilter() { + this.filteredItems = this.users.filter((user) => { + return (!this.filterValues.name || user.fullName.includes(this.filterValues.name)) && + (!this.filterValues.email || user.email.includes(this.filterValues.email)) && + (!this.filterValues.status || user.status.toLowerCase() === this.filterValues.status.toLowerCase()); + }); + this.currentPage = 0; + this.updatePagination(); + } + + onUserClick = (user: User) => { + this.userClick.emit(user); + }; + + updatePagination() { + this.pagination = { itemsPerPage: 50, currentPage: this.currentPage, totalItems: this.filteredItems.length }; + } + + pageChange(pageNumber: number): void { + this.currentPage = pageNumber; + } +} diff --git a/src/users/containers/edit-user-permissions/edit-user-permission.component.ts b/src/users/containers/edit-user-permissions/edit-user-permission.component.ts index 36cba0a10..1849ed7ba 100644 --- a/src/users/containers/edit-user-permissions/edit-user-permission.component.ts +++ b/src/users/containers/edit-user-permissions/edit-user-permission.component.ts @@ -150,9 +150,10 @@ export class EditUserPermissionComponent implements OnInit, OnDestroy { const permissions = UserRolesUtil.mapPermissions(value); const rolesAdded = UserRolesUtil.getRolesAdded(this.user, permissions); const rolesDeleted = UserRolesUtil.getRolesDeleted(this.user, permissions); - const editUserRolesObj = UserRolesUtil.mapEditUserRoles(this.user, rolesAdded, rolesDeleted); + const editUserRolesObj = UserRolesUtil.mapEditUserRoles(this.user, this.userId, rolesAdded, rolesDeleted); + if (rolesAdded.length > 0 || rolesDeleted.length > 0) { - this.userStore.dispatch(new fromStore.EditUser({ editUserRolesObj, userId: this.userId })); + this.userStore.dispatch(new fromStore.EditUser(editUserRolesObj)); } else { this.summaryErrors = { isFromValid: false, items: [{ id: 'roles', message: 'You need to make a change before submitting. If you don\'t make a change, these permissions will stay the same' }], header: this.errorMessages.header }; diff --git a/src/users/containers/index.ts b/src/users/containers/index.ts index 779bf68c3..00c32d999 100644 --- a/src/users/containers/index.ts +++ b/src/users/containers/index.ts @@ -2,11 +2,23 @@ import { EditUserPermissionsFailureComponent } from './edit-user-permissions-fai import { EditUserPermissionComponent } from './edit-user-permissions/edit-user-permission.component'; import { InviteUserSuccessComponent } from './invite-user-success/invite-user-success.component'; import { InviteUserComponent } from './invite-user/invite-user.component'; +import { ManageUserComponent } from './manage-user/manage-user.component'; import { UserDetailsComponent } from './user-details/user-details.component'; import { UsersComponent } from './users/users.component'; +import { UserUpdatedSuccessComponent } from './user-updated-success/user-updated-success.component'; +import { ManageUserFailureComponent } from './manage-user-failure/manage-user-failure.component'; -export const containers: any[] = [UsersComponent, InviteUserComponent, InviteUserSuccessComponent, UserDetailsComponent, - EditUserPermissionComponent, EditUserPermissionsFailureComponent]; +export const containers: any[] = [ + UsersComponent, + InviteUserComponent, + InviteUserSuccessComponent, + UserDetailsComponent, + EditUserPermissionComponent, + EditUserPermissionsFailureComponent, + UserUpdatedSuccessComponent, + ManageUserComponent, + ManageUserFailureComponent +]; export * from './users/users.component'; export * from './invite-user/invite-user.component'; @@ -14,3 +26,6 @@ export * from './invite-user-success/invite-user-success.component'; export * from './user-details/user-details.component'; export * from './edit-user-permissions/edit-user-permission.component'; export * from './edit-user-permissions-failure/edit-user-permissions-failure.component'; +export * from './manage-user/manage-user.component'; +export * from './user-updated-success/user-updated-success.component'; +export * from './manage-user-failure/manage-user-failure.component'; diff --git a/src/users/containers/manage-user-failure/manage-user-failure.component.html b/src/users/containers/manage-user-failure/manage-user-failure.component.html new file mode 100644 index 000000000..771e091aa --- /dev/null +++ b/src/users/containers/manage-user-failure/manage-user-failure.component.html @@ -0,0 +1,11 @@ +
+
+
+

Sorry, there is a problem with the service

+

We're not able to apply all of the permissions you selected for this user.

+

Check the user's permissions.

+

Contact us if the problem continues.

+
+
+
+ \ No newline at end of file diff --git a/src/users/containers/manage-user-failure/manage-user-failure.component.spec.ts b/src/users/containers/manage-user-failure/manage-user-failure.component.spec.ts new file mode 100644 index 000000000..09e5267d8 --- /dev/null +++ b/src/users/containers/manage-user-failure/manage-user-failure.component.spec.ts @@ -0,0 +1,39 @@ +import { ComponentFixture, TestBed } from '@angular/core/testing'; +import { ManageUserFailureComponent } from './manage-user-failure.component'; +import { provideMockStore } from '@ngrx/store/testing'; +import { RouterTestingModule } from '@angular/router/testing'; + +import { ActivatedRoute, convertToParamMap } from '@angular/router'; +import { of } from 'rxjs'; + +describe('ManageUserFailureComponent', () => { + let component: ManageUserFailureComponent; + let fixture: ComponentFixture; + + beforeEach(async () => { + await TestBed.configureTestingModule({ + providers: [ + provideMockStore(), + { + provide: ActivatedRoute, + useValue: { paramMap: of(convertToParamMap({ userId: '123' })) } + } + ], + imports: [RouterTestingModule], + declarations: [ManageUserFailureComponent] + }) + .compileComponents(); + + fixture = TestBed.createComponent(ManageUserFailureComponent); + + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + it('should set editUserUrl to the correct value when passed a valid userID via route params', () => { + const userId = '123'; + const expectedLink = `/users/user/${userId}`; + + expect(component.editUserUrl).toEqual(expectedLink); + }); +}); diff --git a/src/users/containers/manage-user-failure/manage-user-failure.component.ts b/src/users/containers/manage-user-failure/manage-user-failure.component.ts new file mode 100644 index 000000000..82b9c433b --- /dev/null +++ b/src/users/containers/manage-user-failure/manage-user-failure.component.ts @@ -0,0 +1,32 @@ +import { Component, OnInit } from '@angular/core'; +import { ActivatedRoute } from '@angular/router'; +import { Store } from '@ngrx/store'; +import { EditUserFailureReset } from 'src/users/store'; +import { UserState } from 'src/users/store/reducers'; + +@Component({ + selector: 'app-manage-user-failure', + templateUrl: './manage-user-failure.component.html' +}) +export class ManageUserFailureComponent implements OnInit { + public userId: string; + public editUserUrl: string; + + constructor( + private readonly userStore: Store, + private readonly route: ActivatedRoute + ) {} + + public ngOnInit(): void { + this.userStore.dispatch(new EditUserFailureReset()); + + this.route.paramMap.subscribe((params) => { + this.userId = params.get('userId'); + this.editUserUrl = this.getEditUserPermissionsLink(this.userId); + }); + } + + public getEditUserPermissionsLink(userId: string): string { + return `/users/user/${userId}`; + } +} diff --git a/src/users/containers/manage-user/manage-user.component.html b/src/users/containers/manage-user/manage-user.component.html new file mode 100644 index 000000000..def89e175 --- /dev/null +++ b/src/users/containers/manage-user/manage-user.component.html @@ -0,0 +1,45 @@ + + + + + +
+ + Cancel + {{ + "and go back" | rpxTranslate + }} +
+ diff --git a/src/users/containers/manage-user/manage-user.component.spec.ts b/src/users/containers/manage-user/manage-user.component.spec.ts new file mode 100644 index 000000000..e8d58081d --- /dev/null +++ b/src/users/containers/manage-user/manage-user.component.spec.ts @@ -0,0 +1,458 @@ +import { + ComponentFixture, + TestBed, + fakeAsync, + flushMicrotasks +} from '@angular/core/testing'; + +import { ManageUserComponent } from './manage-user.component'; +import { provideMockActions } from '@ngrx/effects/testing'; +import { Observable, of } from 'rxjs'; +import { MockStore, provideMockStore } from '@ngrx/store/testing'; + +import * as fromRoot from '../../../app/store'; +import * as fromStore from '../../store'; +import * as fromOrgStore from '../../../organisation/store'; +import { MemoizedSelector } from '@ngrx/store'; +import { FeatureToggleService, User, UserAccessType } from '@hmcts/rpx-xui-common-lib'; +import { NO_ERRORS_SCHEMA } from '@angular/core'; +import { LoggerService } from 'src/shared/services/logger.service'; +import { OrganisationDetails } from 'src/models'; +import { AppConstants } from '../../../app/app.constants'; +import { InviteUserService } from '../../../users/services'; +import { HttpClient, HttpHandler } from '@angular/common/http'; +import { OrganisationService } from 'src/organisation/services/organisation.service'; +import { EditUserModel } from 'src/user-profile/models/editUser.model'; +import { RpxTranslatePipe, RpxTranslationService } from 'rpx-xui-translation'; +import { StandardUserPermissionsComponent } from 'src/users/components/standard-user-permissions/standard-user-permissions.component'; +import { UserPersonalDetailsComponent } from 'src/users/components/user-personal-details/user-personal-details.component'; +import { AsyncPipe } from '@angular/common'; + +describe('ManageUserComponent', () => { + let component: ManageUserComponent; + let fixture: ComponentFixture; + let mockRouterStore: MockStore; + let mockUserStore: MockStore; + let mockOrganisationStore: MockStore; + let mockedLoggerService = jasmine.createSpyObj('LoggerService', ['trace', 'info', 'debug', 'log', 'warn', 'error', 'fatal']); + const translationMockService = jasmine.createSpyObj('translationMockService', ['translate', 'getTranslation$']); + const featureToggleMockService = jasmine.createSpyObj('featureToggleMockService', ['getValue']); + let actions$: Observable; + + let defaultUser: User; + let defaultOrganisationState: OrganisationDetails; + let defaultRouterStateUrl; + let mockGetSingleUserSelector: MemoizedSelector; + let mockGetRouterState; + let organisationProfileIds: string[]; + + beforeEach(async () => { + mockedLoggerService = jasmine.createSpyObj('mockedLoggerService', ['trace', 'info', 'debug', 'log', 'warn', 'error', 'fatal']); + featureToggleMockService.getValue.and.returnValue(of(true)); + await TestBed.configureTestingModule({ + providers: [ + provideMockStore(), + provideMockActions(() => actions$), + { + provide: LoggerService, + useValue: mockedLoggerService + }, + InviteUserService, + HttpClient, + HttpHandler, + OrganisationService, + { provide: RpxTranslationService, useValue: translationMockService }, + { provide: FeatureToggleService, useValue: featureToggleMockService } + ], + imports: [AsyncPipe], + declarations: [ManageUserComponent, UserPersonalDetailsComponent, StandardUserPermissionsComponent, RpxTranslatePipe], + schemas: [NO_ERRORS_SCHEMA] + }) + .compileComponents(); + + fixture = TestBed.createComponent(ManageUserComponent); + + mockRouterStore = TestBed.inject(MockStore); + mockUserStore = TestBed.inject(MockStore); + mockOrganisationStore = TestBed.inject(MockStore); + + defaultRouterStateUrl = { + state: { + params: { userId: '123' }, + url: '', + queryParams: {} + }, + navigationId: 0 + }; + defaultUser = { + email: 'john@doe.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'Active', + idamStatusCode: 'A', + roles: ['pui-case-manager', 'pui-user-manager'], + id: '123' + }; + defaultOrganisationState = { + name: 'Organisation Name', + organisationProfileIds: [AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE], + organisationIdentifier: '123', + status: 'ACTIVE', + sraId: 'sraId', + sraRegulated: true, + superUser: { + firstName: 'John', + lastName: 'Doe', + email: 'john@doe.com' + }, + contactInformation: [], // Add this line + paymentAccount: [], + pendingPaymentAccount: [], + pendingAddPaymentAccount: [], + pendingRemovePaymentAccount: [] + }; + + organisationProfileIds = []; + + mockGetRouterState = mockRouterStore.overrideSelector( + fromRoot.getRouterState, + defaultRouterStateUrl + ); + mockGetSingleUserSelector = mockUserStore.overrideSelector( + fromStore.getGetSingleUser, + of(defaultUser) + ); + mockOrganisationStore.overrideSelector( + fromOrgStore.getOrganisationSel, + defaultOrganisationState + ); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + afterEach(() => { + fixture.destroy(); + mockRouterStore.resetSelectors(); + mockUserStore.resetSelectors(); + mockOrganisationStore.resetSelectors(); + }); + + describe('ngOnInit - user id found in route', () => { + beforeEach(() => { + mockGetRouterState.setResult(defaultRouterStateUrl); + mockGetSingleUserSelector.setResult(defaultUser); + }); + + it('should retrieve user and setup subscribers', fakeAsync(() => { + expect(component).toBeTruthy(); + flushMicrotasks(); + expect(component.backUrl).toBe('/users/user/123'); + })); + }); + + describe('Update User', () => { + let userWithAccessTypes: User; + let userWithUpdatedRoles: EditUserModel; + let userWithUpdatedAccessTypes: EditUserModel; + + const accessTypesUpdated: UserAccessType[] = [ + { + accessTypeId: '10', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: false + }, + { + accessTypeId: '101', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: true + } + ]; + + beforeEach(() => { + userWithAccessTypes = { + email: 'john_AT@doe.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'Active', + idamStatusCode: 'A', + roles: ['pui-case-manager', 'pui-user-manager', 'pui-caa'], + id: '123', + userAccessTypes: [ + { + accessTypeId: '10', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: true + }, + { + accessTypeId: '101', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: false + } + ] + }; + + userWithUpdatedRoles = { + email: 'john_AT@doe.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'Active', + rolesAdd: [{ name: 'pui-finance-manager' }], + rolesDelete: [{ name: 'pui-user-manager' }], + id: '123', + userAccessTypes: [ + { + accessTypeId: '10', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: true + }, + { + accessTypeId: '101', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: false + } + ] + }; + + userWithUpdatedAccessTypes = { + email: 'john_AT@doe.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'Active', + rolesAdd: [], + rolesDelete: [], + id: '123', + userAccessTypes: [ + { + accessTypeId: '10', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: false + }, + { + accessTypeId: '101', + jurisdictionId: '6', + organisationProfileId: AppConstants.OGD_PROFILE_TYPES.SOLICITOR_PROFILE, + enabled: true + } + ] + }; + + const fixture = TestBed.createComponent(ManageUserComponent); + component = fixture.componentInstance; + mockUserStore = TestBed.inject(MockStore); + fixture.detectChanges(); + + mockGetRouterState.setResult(defaultRouterStateUrl); + mockGetSingleUserSelector.setResult(userWithAccessTypes); + + component.userId = userWithAccessTypes.id; + component.user = userWithAccessTypes; + }); + + it('should save updated user details with new roles', fakeAsync(() => { + const dispatchSpy = spyOn(mockUserStore, 'dispatch'); + + component.onPersonalDetailsChange({ + email: userWithAccessTypes.email, + firstName: userWithAccessTypes.firstName, + lastName: userWithAccessTypes.lastName + }); + + component.onSelectedCaseManagamentPermissionsChange({ + manageCases: true, + userAccessTypes: userWithAccessTypes.userAccessTypes + }); + + component.standardPermission.permissionsForm.setValue({ + isCaseAccessAdmin: true, + isPuiFinanceManager: true, // Should be added + isPuiOrganisationManager: false, + isPuiUserManager: false // Should be removed + }); + + component.onSubmit(); + expect(dispatchSpy).toHaveBeenCalledWith( + new fromStore.EditUser(userWithUpdatedRoles) + ); + })); + + it('should save updated user details with new access types', fakeAsync(() => { + const dispatchSpy = spyOn(mockUserStore, 'dispatch'); + + component.onPersonalDetailsChange({ + email: userWithAccessTypes.email, + firstName: userWithAccessTypes.firstName, + lastName: userWithAccessTypes.lastName + }); + + component.onSelectedCaseManagamentPermissionsChange({ + manageCases: true, + userAccessTypes: accessTypesUpdated // Amended access types + }); + + component.standardPermission.permissionsForm.setValue({ + isCaseAccessAdmin: true, + isPuiFinanceManager: false, + isPuiOrganisationManager: false, + isPuiUserManager: true + }); + + component.onSubmit(); + expect(dispatchSpy).toHaveBeenCalledWith( + new fromStore.EditUser(userWithUpdatedAccessTypes) + ); + })); + + it('should fail to update due to no changes', fakeAsync(() => { + component.onPersonalDetailsChange({ + email: userWithAccessTypes.email, + firstName: userWithAccessTypes.firstName, + lastName: userWithAccessTypes.lastName + }); + + component.onSelectedCaseManagamentPermissionsChange({ + manageCases: true, + userAccessTypes: userWithAccessTypes.userAccessTypes + }); + + component.standardPermission.permissionsForm.setValue({ + isCaseAccessAdmin: true, + isPuiFinanceManager: false, + isPuiOrganisationManager: false, + isPuiUserManager: true + }); + + component.onSubmit(); + })); + }); + + describe('inviteUser', () => { + it('should dispatch SendInviteUser action with correct payload', () => { + const updatedUser: any = { + firstName: 'John', + lastName: 'Doe', + email: 'john@doe.com', + roles: ['pui-case-manager'] + }; + component.user = defaultUser; + component.updatedUser = updatedUser; + component.user = defaultUser; + component.resendInvite = true; + component.organisationProfileIds = organisationProfileIds; + + const expectedPayload = { + ...updatedUser, + roles: [...updatedUser.roles, ...AppConstants.CCD_ROLES], + resendInvite: component.resendInvite + }; + + const action = new fromStore.SendInviteUser(expectedPayload, []); + const spy = spyOn(mockUserStore, 'dispatch'); + + component.inviteUser(); + + expect(spy).toHaveBeenCalledWith(action); + }); + + it('should dispatch AddGlobalError and Go actions when globalError is present', () => { + const errorNumber = 400; + const expectedGlobalError = component.getGlobalError(errorNumber); + const spyStoreDispatch = spyOn(mockUserStore, 'dispatch'); + + component.handleError(mockUserStore, errorNumber); + + expect(spyStoreDispatch).toHaveBeenCalledWith( + new fromRoot.AddGlobalError(expectedGlobalError) + ); + expect(spyStoreDispatch).toHaveBeenCalledWith( + new fromRoot.Go({ path: ['service-down'] }) + ); + }); + + it('should return correct global error object for error 400', () => { + const error = 400; + const expectedGlobalError = { + header: 'Sorry, there is a problem', + errors: [ + { + bodyText: 'to check the status of the user', + urlText: 'Refresh and go back', + url: '/users' + } + ] + }; + const globalError = component.getGlobalError(error); + expect(globalError).toEqual(expectedGlobalError); + }); + + it('should return correct global error object for error 404', () => { + const error = 404; + const expectedGlobalError = { + header: 'Sorry, there is a problem', + errors: [ + { + bodyText: 'to reactivate this account', + urlText: 'Get help', + url: '/get-help', + newTab: true + }, + { + bodyText: null, + urlText: 'Go back to manage users', + url: '/users' + } + ] + }; + const globalError = component.getGlobalError(error); + expect(globalError).toEqual(expectedGlobalError); + }); + + it('should return correct global error object for error 500', () => { + const error = 500; + const expectedGlobalError = { + header: 'Sorry, there is a problem with the service', + errors: [ + { + bodyText: 'Try again later.', + urlText: null, + url: null + }, + { + bodyText: null, + urlText: 'Go back to manage users', + url: '/users' + } + ] + }; + const globalError = component.getGlobalError(error); + expect(globalError).toEqual(expectedGlobalError); + }); + + it('should return undefined for an unknown error code', () => { + const error = 999; + const expectedGlobalError = { + header: 'Sorry, there is a problem with the service', + errors: [ + { + bodyText: 'Try again later.', + urlText: null, + url: null + }, + { + bodyText: null, + urlText: 'Go back to manage users', + url: '/users' + } + ] + }; + const globalError = component.getGlobalError(error); + expect(globalError).toEqual(expectedGlobalError); + }); + }); +}); diff --git a/src/users/containers/manage-user/manage-user.component.ts b/src/users/containers/manage-user/manage-user.component.ts new file mode 100644 index 000000000..2a78dffe7 --- /dev/null +++ b/src/users/containers/manage-user/manage-user.component.ts @@ -0,0 +1,340 @@ +import { Component, OnDestroy, OnInit, ViewChild } from '@angular/core'; +import { Actions, ofType } from '@ngrx/effects'; +import { select, Store } from '@ngrx/store'; +import { Observable, Subject, combineLatest, map, takeUntil } from 'rxjs'; + +import * as fromRoot from '../../../app/store'; +import * as fromStore from '../../store'; +import * as fromOrgStore from '../../../organisation/store'; +import { User } from '@hmcts/rpx-xui-common-lib'; +import { CaseManagementPermissions } from '../../models/case-management-permissions.model'; +import { BasicAccessTypes } from '../../models/basic-access-types.model'; +import { PersonalDetails } from '../../models/personal-details.model'; + +import { Jurisdiction, OrganisationDetails } from 'src/models'; +import { LoggerService } from 'src/shared/services/logger.service'; +import { AppConstants } from '../../../app/app.constants'; +import { GlobalError } from '../../../app/store/reducers/app.reducer'; +import { StandardUserPermissionsComponent, UserPersonalDetailsComponent } from 'src/users/components'; +import { InviteUserService } from 'src/users/services'; + +import { UserRolesUtil } from '../utils/user-roles-util'; +import { editUserFailureSelector } from '../../store'; + +@Component({ + selector: 'app-manage-user', + templateUrl: './manage-user.component.html' +}) +export class ManageUserComponent implements OnInit, OnDestroy { + @ViewChild('userPersonalDetails')userPersonalDetails: UserPersonalDetailsComponent; + @ViewChild('standardPermission')standardPermission: StandardUserPermissionsComponent; + + public backUrl: string; + public userId: string; + public organisationAccessTypes$: Observable; + public summaryErrorsSubject = new Subject<{ isFromValid: boolean; items: { id: string; message: any; }[]; header: string }>(); + public summaryErrors$ = this.summaryErrorsSubject.asObservable(); + public errorsArray$: Observable<{ isFromValid: boolean; items: { id: string; message: any; } []}>; + public permissionErrors: { isInvalid: boolean; messages: string[] }; + public user: User; + public showWarningMessage: boolean = false; + public resendInvite: boolean = false; + public combinedErrors$: Observable<{ + isFromValid: boolean; + items: { id: string; message: any; }[]; + header: string; + }>; + + public jurisdictions:Jurisdiction[] = []; + public organisationProfileIds:string[]; + + private user$: Observable; + private organisation$: Observable; + public updatedUser: User; + private onDestroy$ = new Subject(); + + constructor(private readonly actions$: Actions, + private readonly routerStore: Store, + private readonly userStore: Store, + private readonly orgStore: Store, + private loggerService: LoggerService, + private inviteUserSvc: InviteUserService) {} + + ngOnInit(): void { + this.userStore.dispatch(new fromStore.CheckUserListLoaded()); + this.organisationAccessTypes$ = this.orgStore.pipe(select(fromOrgStore.getAccessTypes)); + this.errorsArray$ = this.userStore.pipe(select(fromStore.getGetInviteUserErrorsArray)); + this.combinedErrors$ = combineLatest([ + this.summaryErrors$, + this.errorsArray$ + ]).pipe( + map(([summaryErrors, errorsArray]) => { + return { + isFromValid: summaryErrors.isFromValid && errorsArray.isFromValid, + items: [...summaryErrors.items, ...errorsArray.items], + header: summaryErrors.header + }; + }) + ); + this.routerStore.pipe(select(fromRoot.getRouterState)).pipe(takeUntil(this.onDestroy$)).subscribe((route) => { + this.userId = route.state.params.userId; + this.user$ = this.userStore.pipe(select(fromStore.getGetSingleUser)); + this.organisation$ = this.orgStore.pipe(select(fromOrgStore.getOrganisationSel)); + this.backUrl = this.getBackurl(this.userId); + }); + + combineLatest([this.user$, this.organisation$, this.organisationAccessTypes$]).pipe(takeUntil(this.onDestroy$)).subscribe(([user, organisation, organisationAccessTypes]) => { + this.user = user; + this.organisationProfileIds = organisation?.organisationProfileIds ?? []; + this.resendInvite = user?.status === 'Pending'; + this.jurisdictions = organisationAccessTypes; + }); + + this.actions$.pipe(ofType(fromStore.EDIT_USER_SUCCESS)).subscribe(() => { + this.routerStore.dispatch(new fromRoot.Go({ path: ['users/updated-user-success'] })); + }); + + this.actions$.pipe(ofType(fromStore.EDIT_USER_SERVER_ERROR)).subscribe(() => { + this.routerStore.dispatch(new fromRoot.Go({ path: ['service-down'] })); + }); + + this.userStore.select(editUserFailureSelector).subscribe((editUserFailure) => { + if (editUserFailure) { + this.routerStore.dispatch(new fromRoot.Go({ path: [`users/user/${this.userId}/manage-user-failure`] })); + } + }); + + this.actions$.pipe(ofType(fromStore.REFRESH_USER_FAIL)).subscribe(() => { + this.summaryErrorsSubject.next({ + isFromValid: false, + items: [ + { + id: null, + message: 'There was a problem refreshing the user. Please wait for the batch process for changes to be made.' + } + ], + header: 'There was a problem' }); + }); + + if (!this.userId){ + this.actions$.pipe(ofType(fromStore.INVITE_USER_FAIL_WITH_400), takeUntil(this.onDestroy$)).subscribe(() => { + this.handleError(this.userStore, 400); + }); + this.actions$.pipe(ofType(fromStore.INVITE_USER_FAIL_WITH_404), takeUntil(this.onDestroy$)).subscribe(() => { + this.handleError(this.userStore, 404); + }); + this.actions$.pipe(ofType(fromStore.INVITE_USER_FAIL_WITH_500), takeUntil(this.onDestroy$)).subscribe(() => { + this.handleError(this.userStore, 500); + }); + this.actions$.pipe(ofType(fromStore.INVITE_USER_FAIL_WITH_422), takeUntil(this.onDestroy$)).subscribe(() => { + this.handleError(this.userStore, 422); + }); + this.actions$.pipe(ofType(fromStore.INVITE_USER_FAIL_WITH_429), takeUntil(this.onDestroy$)).subscribe(() => { + this.showWarningMessage = true; + }); + this.actions$.pipe(ofType(fromStore.INVITE_USER_FAIL_WITH_409), takeUntil(this.onDestroy$)).subscribe(() => { + this.showWarningMessage = true; + }); + this.actions$.pipe(ofType(fromStore.INVITE_USER_FAIL), takeUntil(this.onDestroy$)).subscribe(() => { + this.routerStore.dispatch(new fromRoot.Go({ path: ['service-down'] })); + }); + } + } + + ngOnDestroy(): void { + this.onDestroy$.next(); + this.onDestroy$.complete(); + } + + onPersonalDetailsChange($event: PersonalDetails){ + this.updatedUser = { ...this.updatedUser, firstName: $event.firstName, lastName: $event.lastName, email: $event.email }; + this.loggerService.debug('updatedUser', this.updatedUser); + } + + onSelectedCaseManagamentPermissionsChange($event: CaseManagementPermissions) { + // when manageCases is true, add add the pui-case-manager roles field to the user else remove it from the roles field + const caseAdminRole = 'pui-case-manager'; + let updatedRoles: string[]; + if ($event.manageCases){ + updatedRoles = [...this.updatedUser?.roles ?? [], caseAdminRole]; + } else { + updatedRoles = this.updatedUser?.roles?.filter((role: string) => role !== caseAdminRole) ?? []; + } + this.updatedUser = { ...this.updatedUser, roles: [...new Set(updatedRoles)] }; + // when manageCases is false then the roles property is an empty array, which will clear all the access types + this.updatedUser = { ...this.updatedUser, userAccessTypes: $event.userAccessTypes }; + this.loggerService.debug('updatedUser', this.updatedUser); + } + + onStandardUserPermissionsChange($event: BasicAccessTypes) { + let roles: string[] = this.user?.roles ?? []; + roles = this.updateStandardPermission(roles, 'pui-user-manager', $event.isPuiUserManager); + roles = this.updateStandardPermission(roles, 'pui-finance-manager', $event.isPuiFinanceManager); + roles = this.updateStandardPermission(roles, 'pui-organisation-manager', $event.isPuiOrganisationManager); + roles = this.updateStandardPermission(roles, 'pui-caa', $event.isCaseAccessAdmin); + + this.updatedUser = { ...this.updatedUser, roles: [...new Set(roles)] }; + this.loggerService.debug('updatedUser', this.updatedUser); + } + + private updateStandardPermission(currentRoles: string[], roleName: string, enabled: boolean) { + if (enabled) { + currentRoles = [...currentRoles, roleName]; + } else { + currentRoles = currentRoles.filter((value) => value !== roleName); + } + + return currentRoles; + } + + onSubmit() { + this.showWarningMessage = false; + this.userPersonalDetails.personalDetailForm.markAllAsTouched(); + this.userPersonalDetails.updateCurrentErrors(); + this.standardPermission.permissionsForm.markAllAsTouched(); + this.standardPermission.updateCurrentErrors(); + const errorItems = this.getFormErrors(); + this.summaryErrorsSubject.next({ + isFromValid: errorItems.length === 0, + items: errorItems, + header: 'There is a problem' + }); + if (errorItems.length > 0){ + return; + } + if (this.userId && !this.resendInvite) { + this.updateUser(); + } else { + this.inviteUser(); + } + } + + private getFormErrors() { + this.userPersonalDetails.personalDetailForm.markAllAsTouched(); + this.userPersonalDetails.updateCurrentErrors(); + this.standardPermission.permissionsForm.markAllAsTouched(); + this.standardPermission.updateCurrentErrors(); + + const errorItems: {id: string; message: string[];}[] = []; + if (!this.userId){ + Object.keys(this.userPersonalDetails.errors).forEach((key) => { + if (this.userPersonalDetails.errors[key].length > 0) { + errorItems.push({ id: key, message: this.userPersonalDetails.errors[key] }); + } + }); + } + if (this.standardPermission.errors.basicPermissions.length > 0){ + errorItems.push({ id: 'isCaseAccessAdmin', message: this.standardPermission.errors.basicPermissions }); + } + + return errorItems; + } + + public inviteUser(): void { + const value:any = { + ...this.updatedUser, + resendInvite: this.resendInvite + }; + if (value.roles.includes('pui-case-manager')) { + value.roles = [...value.roles, ...AppConstants.CCD_ROLES]; + } + if (this.resendInvite) { + Object.assign(value, { + email: this.user.email, + firstName: this.user.firstName, + lastName: this.user.lastName + }); + } + this.userStore.dispatch(new fromStore.SendInviteUser(value, this.organisationProfileIds)); + } + + private updateUser() { + const permissions = this.updatedUser.roles; + const rolesAdded = [...new Set(UserRolesUtil.getRolesAdded(this.user, permissions))]; + const rolesDeleted = [...new Set(UserRolesUtil.getRolesDeleted(this.user, permissions))]; + const editUserRolesObj = UserRolesUtil.mapEditUserRoles(this.user, this.userId, rolesAdded, rolesDeleted, this.updatedUser.userAccessTypes); + const hasChanges = (rolesAdded.length > 0 || rolesDeleted.length > 0 || !UserRolesUtil.accessTypesMatch(this.user.userAccessTypes, this.updatedUser.userAccessTypes)); + if (hasChanges) { + this.userStore.dispatch(new fromStore.EditUser(editUserRolesObj, this.organisationProfileIds)); + } else { + this.summaryErrorsSubject.next({ isFromValid: false, items: [{ id: 'roles', message: 'You need to make a change before submitting. If you don\'t make a change, these permissions will stay the same' }], header: 'There is a problem' }); + this.permissionErrors = { isInvalid: true, messages: ['You need to make a change before submitting. If you don\'t make a change, these permissions will stay the same'] }; + } + } + + private getBackurl(userId: string): string { + return !!userId ? `/users/user/${userId}` : '/users'; + } + + public handleError(store: Store, errorNumber: number): void { + const globalError = this.getGlobalError(errorNumber); + if (globalError) { + store.dispatch(new fromRoot.AddGlobalError(globalError)); + store.dispatch(new fromRoot.Go({ path: ['service-down'] })); + } + } + + public getGlobalError(error: number): GlobalError { + const errorMessages = this.getErrorMessages(error); + const globalError = { + header: this.getErrorHeader(error), + errors: errorMessages + }; + return globalError; + } + + private getErrorMessages(error: number) { + switch (error) { + case 400: + return [{ + bodyText: 'to check the status of the user', + urlText: 'Refresh and go back', + url: '/users' + }]; + case 404: + return [{ + bodyText: 'to reactivate this account', + urlText: 'Get help', + url: '/get-help', + newTab: true + }, { + bodyText: null, + urlText: 'Go back to manage users', + url: '/users' + }]; + case 422: + return [{ + bodyText: 'User has been created but roles have not been refreshed.', + urlText: null, + url: null + }, { + bodyText: '', + urlText: 'Go back to manage users', + url: '/users' + }]; + case 500: + default: + return [{ + bodyText: 'Try again later.', + urlText: null, + url: null + }, { + bodyText: null, + urlText: 'Go back to manage users', + url: '/users' + }]; + } + } + + private getErrorHeader(error: number): string { + switch (error) { + case 400: + case 404: + case 422: + return 'Sorry, there is a problem'; + case 500: + default: + return 'Sorry, there is a problem with the service'; + } + } +} diff --git a/src/users/containers/user-details/user-details.component.html b/src/users/containers/user-details/user-details.component.html index 86945c41f..61801822c 100644 --- a/src/users/containers/user-details/user-details.component.html +++ b/src/users/containers/user-details/user-details.component.html @@ -6,6 +6,7 @@ > { let component: UserDetailsComponent; let userStoreSpyObject; let routerStoreSpyObject; + let orgStoreSpyObject; let actionsObject; let activeRoute; beforeEach(() => { userStoreSpyObject = jasmine.createSpyObj('Store', ['pipe', 'select', 'dispatch']); routerStoreSpyObject = jasmine.createSpyObj('Store', ['pipe', 'select', 'dispatch']); + orgStoreSpyObject = jasmine.createSpyObj>('Store', ['pipe', 'select', 'dispatch']); + + orgStoreSpyObject.pipe.and.callFake(() => { + return of({ organisation: { organisationJurisdications: [] } } as OrganisationState); + }); + + orgStoreSpyObject.pipe.and.callFake(() => { + return of(([] as Jurisdiction[])); + }); + actionsObject = jasmine.createSpyObj('Actions', ['pipe']); activeRoute = { snapshot: { params: of({}) } }; - component = new UserDetailsComponent(userStoreSpyObject, routerStoreSpyObject, actionsObject, activeRoute); + component = new UserDetailsComponent(userStoreSpyObject, routerStoreSpyObject, orgStoreSpyObject, actionsObject, activeRoute); }); describe('ngOnInit', () => { diff --git a/src/users/containers/user-details/user-details.component.ts b/src/users/containers/user-details/user-details.component.ts index 37e30592e..123ff4a96 100644 --- a/src/users/containers/user-details/user-details.component.ts +++ b/src/users/containers/user-details/user-details.component.ts @@ -1,11 +1,12 @@ import { Component, OnDestroy, OnInit } from '@angular/core'; -import { User } from '@hmcts/rpx-xui-common-lib'; +import { User, UserAccessType } from '@hmcts/rpx-xui-common-lib'; import { Actions, ofType } from '@ngrx/effects'; import { select, Store } from '@ngrx/store'; -import { combineLatest, Observable, Subscription } from 'rxjs'; +import { combineLatest, Observable, Subject, Subscription, takeUntil } from 'rxjs'; import * as fromRoot from '../../../app/store'; import * as fromStore from '../../store'; +import * as fromOrgStore from '../../../organisation/store'; import { ActivatedRoute } from '@angular/router'; @Component({ @@ -18,7 +19,9 @@ export class UserDetailsComponent implements OnInit, OnDestroy { public user$: Observable; public isLoading$: Observable; public user: any; + public userAccessTypes: string[] = []; + private onDestroy$ = new Subject(); public userSubscription: Subscription; public suspendUserServerErrorSubscription: Subscription; @@ -35,18 +38,31 @@ export class UserDetailsComponent implements OnInit, OnDestroy { constructor( private readonly userStore: Store, private readonly routerStore: Store, + private readonly orgStore: Store, private readonly actions$: Actions, private readonly activeRoute: ActivatedRoute ) {} public ngOnInit(): void { this.user$ = new Observable(); - - const isFeatureEnabled$ = this.routerStore.pipe(select(fromRoot.getEditUserFeatureIsEnabled)); - - isFeatureEnabled$.subscribe((isFeatureEnabled) => { - this.editPermissionRouter = isFeatureEnabled ? 'editpermission' : ''; - }); + // We need to call this dispatch to check if the required information is available, + // if the user refreshes on this page, this function will retrieve the accessTypes and userList + this.userStore.dispatch(new fromStore.CheckUserListLoaded()); + + const organisationAccessTypes$ = this.orgStore.pipe(select(fromOrgStore.getAccessTypes)); + const getEditUserFeatureIsEnabled$ = this.routerStore.pipe(select(fromRoot.getEditUserFeatureIsEnabled)); + const getOgdInviteUserFlowFeatureIsEnabled$ = this.routerStore.pipe(select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled)); + + combineLatest([getEditUserFeatureIsEnabled$, getOgdInviteUserFlowFeatureIsEnabled$]) + .pipe(takeUntil(this.onDestroy$)) + .subscribe(([isEditUserFeatureEnabled, isOgdInviteUserFlowFeatureEnabled]) => { + this.editPermissionRouter = ''; + if (isOgdInviteUserFlowFeatureEnabled) { + this.editPermissionRouter = 'manage'; + } else if (isEditUserFeatureEnabled){ + this.editPermissionRouter = 'editpermission'; + } + }); this.setSuspendViewFunctions(); @@ -58,7 +74,30 @@ export class UserDetailsComponent implements OnInit, OnDestroy { this.user$ = this.userStore.pipe(select(fromStore.getUserDetails)); - this.userSubscription = this.user$.subscribe((user) => this.handleUserSubscription(user, isFeatureEnabled$)); + combineLatest([organisationAccessTypes$, this.user$, getOgdInviteUserFlowFeatureIsEnabled$]) + .pipe(takeUntil(this.onDestroy$)) + .subscribe(([organisationAccessTypes, user, isFeatureEnabled]) => { + this.userAccessTypes = []; + if (isFeatureEnabled && user?.roles?.includes('pui-case-manager')) { + const enabledUserAccessTypes: UserAccessType[] = user?.userAccessTypes?.filter((x: UserAccessType) => x.enabled) ?? []; + for (const jurisdiction of organisationAccessTypes){ + for (const ac of jurisdiction.accessTypes){ + if (ac.accessMandatory) { + this.userAccessTypes.push(`${jurisdiction.jurisdictionName} - ${ac.description}`); + continue; + } + if (ac.display){ + const foundUserAc = enabledUserAccessTypes.find((x) => x.accessTypeId === ac.accessTypeId && x.organisationProfileId === ac.organisationProfileId); + if (foundUserAc) { + this.userAccessTypes.push(`${jurisdiction.jurisdictionName} - ${ac.description}`); + } + } + } + } + } + }); + + this.userSubscription = this.user$.subscribe((user) => this.handleUserSubscription(user, getEditUserFeatureIsEnabled$)); this.suspendSuccessSubscription = this.actions$.pipe(ofType(fromStore.SUSPEND_USER_SUCCESS)).subscribe(() => { this.hideSuspendView(); @@ -70,6 +109,9 @@ export class UserDetailsComponent implements OnInit, OnDestroy { } public ngOnDestroy(): void { + this.onDestroy$.next(); + this.onDestroy$.complete(); + if (this.userSubscription) { this.userSubscription.unsubscribe(); } diff --git a/src/users/containers/user-updated-success/user-updated-success.component.html b/src/users/containers/user-updated-success/user-updated-success.component.html new file mode 100644 index 000000000..83f4ef011 --- /dev/null +++ b/src/users/containers/user-updated-success/user-updated-success.component.html @@ -0,0 +1,30 @@ +
+
+
+
+
+

+ {{ "User account updated" | rpxTranslate }} +

+
+ {{ (this.user$ | async).email }} +
+
+

+ Changes to this account have been saved. These changes will be applied + immediately however the user may need to log out and back in to their + account for the changes to take effect. +

+

+ Go back to manage users +

+
+
+
+
diff --git a/src/users/containers/user-updated-success/user-updated-success.component.spec.ts b/src/users/containers/user-updated-success/user-updated-success.component.spec.ts new file mode 100644 index 000000000..ffa174ed8 --- /dev/null +++ b/src/users/containers/user-updated-success/user-updated-success.component.spec.ts @@ -0,0 +1,51 @@ +import { ComponentFixture, TestBed, fakeAsync, flushMicrotasks } from '@angular/core/testing'; + +import { UserUpdatedSuccessComponent } from './user-updated-success.component'; +import { RpxTranslatePipe, RpxTranslationService } from 'rpx-xui-translation'; +import { User } from '@hmcts/rpx-xui-common-lib'; +import { MockStore, provideMockStore } from '@ngrx/store/testing'; +import * as userStore from '../../store'; +import { MemoizedSelector } from '@ngrx/store'; +import { RouterTestingModule } from '@angular/router/testing'; + +describe('UserUpdatedSuccessComponent', () => { + let component: UserUpdatedSuccessComponent; + let fixture: ComponentFixture; + + const translationMockService = jasmine.createSpyObj('translationMockService', ['translate', 'getTranslation$']); + + let mockUserStore: MockStore; + let mockGetSingleUserSelector: MemoizedSelector; + let defaultUser: User; + + beforeEach(async () => { + await TestBed.configureTestingModule({ + imports: [RouterTestingModule], + declarations: [UserUpdatedSuccessComponent, RpxTranslatePipe], + providers: [ + provideMockStore(), + { provide: RpxTranslationService, useValue: translationMockService }] + }) + .compileComponents(); + + fixture = TestBed.createComponent(UserUpdatedSuccessComponent); + defaultUser = { email: 'john@doe.com', firstName: 'John', lastName: 'Doe', idamStatus: 'Active', idamStatusCode: 'A', roles: ['pui-case-manager', 'pui-user-manager'], id: '123' }; + mockUserStore = TestBed.inject(MockStore); + mockGetSingleUserSelector = mockUserStore.overrideSelector(userStore.getGetSingleUser, defaultUser); + mockGetSingleUserSelector.setResult(defaultUser); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + afterEach(() => { + fixture.destroy(); + mockUserStore.resetSelectors(); + }); + + it('should create and display user updated message', fakeAsync(() => { + expect(component).toBeTruthy(); + flushMicrotasks(); + const panelBodyElement = fixture.nativeElement.querySelector('[id="confirmationBody"]'); + expect(panelBodyElement.textContent.trim()).toBe(defaultUser.email); + })); +}); diff --git a/src/users/containers/user-updated-success/user-updated-success.component.ts b/src/users/containers/user-updated-success/user-updated-success.component.ts new file mode 100644 index 000000000..d5dc302d8 --- /dev/null +++ b/src/users/containers/user-updated-success/user-updated-success.component.ts @@ -0,0 +1,23 @@ +import { Component, OnInit, OnDestroy } from '@angular/core'; +import { select, Store } from '@ngrx/store'; +import { Observable } from 'rxjs'; +import { User } from '@hmcts/rpx-xui-common-lib'; +import * as userStore from '../../store'; + +@Component({ + selector: 'app-user-updated-success', + templateUrl: './user-updated-success.component.html' +}) +export class UserUpdatedSuccessComponent implements OnInit, OnDestroy { + public user$: Observable; + constructor(private userStore: Store) { + } + + ngOnInit(): void { + this.user$ = this.userStore.pipe(select(userStore.getGetSingleUser)); + } + + ngOnDestroy(): void { + this.userStore.dispatch(new userStore.Reset()); + } +} diff --git a/src/users/containers/users/users.component.html b/src/users/containers/users/users.component.html index ec340f57e..c40dc4c61 100644 --- a/src/users/containers/users/users.component.html +++ b/src/users/containers/users/users.component.html @@ -1,23 +1,21 @@
-
-
-
-

Users

-
-
- - Invite user - -
-
-
- - -
- -
Loading...
- -
-
- +
+
+
+

Users

+
+
+ + Invite user + + +
+
+
+ +
+ +
Loading...
+ +
+ \ No newline at end of file diff --git a/src/users/containers/users/users.component.scss b/src/users/containers/users/users.component.scss index 824e4f174..e7f14f821 100644 --- a/src/users/containers/users/users.component.scss +++ b/src/users/containers/users/users.component.scss @@ -1,3 +1,6 @@ .table-right_margin{ margin-right: 10rem; } +.invite-float-right{ + float: right; +} \ No newline at end of file diff --git a/src/users/containers/users/users.component.ts b/src/users/containers/users/users.component.ts index 566a2dbf6..754ba6000 100644 --- a/src/users/containers/users/users.component.ts +++ b/src/users/containers/users/users.component.ts @@ -4,9 +4,10 @@ import { select, Store } from '@ngrx/store'; import { Observable, Subscription } from 'rxjs'; // TODO: The below is an odd way to import. import { GovukTableColumnConfig } from '../../../../projects/gov-ui/src/lib/components/govuk-table/govuk-table.component'; -import { UsersService } from '../../../users/services'; - +import * as fromRoot from '../../../app/store'; import * as fromStore from '../../store'; +import { map } from 'rxjs/operators'; +import { AppConstants } from 'src/app/app.constants'; @Component({ selector: 'app-prd-users-component', @@ -22,16 +23,19 @@ export class UsersComponent implements OnInit, OnDestroy { public currentPageNumber: number = 1; public pageTotalSize: number; public allUsersList$: Subscription; + public filterValues: string = ''; + public userList: Array; + public searchFiltersEnabled$: Observable; + public ogdFeatureToggleName: string = AppConstants.FEATURE_NAMES.ogdInviteUserFlow; constructor( private readonly store: Store, - private readonly usersService: UsersService + private readonly routerStore: Store, ) {} public ngOnInit(): void { - // Call to usersService.getAllUsersList() is required to set pageTotalSize for pagination purposes - this.allUsersList$ = this.getAllUsers(); this.loadUsers(); + this.searchFiltersEnabled$ = this.routerStore.pipe(select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled)); } public inviteNewUser(): void { @@ -40,14 +44,20 @@ export class UsersComponent implements OnInit, OnDestroy { public loadUsers(): void { this.store.dispatch(new fromStore.LoadAllUsersNoRoleData()); - this.tableUsersData$ = this.store.pipe(select(fromStore.getGetUserList)); + this.tableUsersData$ = this.store.pipe( + select(fromStore.getGetUserList), + map((users) => { + this.pageTotalSize = users.length; + return users; + }) + ); this.isLoading$ = this.store.pipe(select(fromStore.getGetUserLoading)); } - public getAllUsers(): Subscription { - return this.usersService.getAllUsersList().subscribe((allUserList) => { - this.pageTotalSize = allUserList.users.length; - }); + public handleFilterUpdates(event){ + this.filterValues = event; + this.tableUsersData$ = this.store.pipe(select(fromStore.getGetUserList)); + this.isLoading$ = this.store.pipe(select(fromStore.getGetUserLoading)); } public pageChange(pageNumber: number): void { diff --git a/src/users/containers/utils/user-roles-util.spec.ts b/src/users/containers/utils/user-roles-util.spec.ts index ecf633777..69389cd9e 100644 --- a/src/users/containers/utils/user-roles-util.spec.ts +++ b/src/users/containers/utils/user-roles-util.spec.ts @@ -38,6 +38,7 @@ describe('UserRolesUtil class ', () => { }); it('should mapEditUserRoles', () => { + const userId = '123'; const user = { email: 'email', lastName: 'last', @@ -45,13 +46,25 @@ describe('UserRolesUtil class ', () => { idamStatus: 'idam', roles: ['permission1', 'permission2'] }; - const userEditObj = UserRolesUtil.mapEditUserRoles(user, ['permission3', 'permission4'], ['permission1', 'permission2']); - expect(userEditObj).toEqual({ email: 'email', + const rolesAdd = [ + { name: 'permission3' }, + { name: 'permission4' } + ]; + const rolesDelete = [ + { name: 'permission1' }, + { name: 'permission2' } + ]; + const userEditObj = UserRolesUtil.mapEditUserRoles(user, userId, rolesAdd, rolesDelete); + + expect(userEditObj).toEqual({ + id: '123', + email: 'email', lastName: 'last', firstName: 'first', idamStatus: 'idam', - rolesAdd: ['permission3', 'permission4'], - rolesDelete: ['permission1', 'permission2'] + rolesAdd: [{ name: 'permission3' }, { name: 'permission4' }], + rolesDelete: [{ name: 'permission1' }, { name: 'permission2' }], + userAccessTypes: [] } ); }); diff --git a/src/users/containers/utils/user-roles-util.ts b/src/users/containers/utils/user-roles-util.ts index efb883d7d..e04e4195c 100644 --- a/src/users/containers/utils/user-roles-util.ts +++ b/src/users/containers/utils/user-roles-util.ts @@ -1,5 +1,10 @@ +import { + EditUserModel, + RoleChange +} from 'src/user-profile/models/editUser.model'; import { AppConstants } from '../../../app/app.constants'; import { AppUtils } from '../../../app/utils/app-utils'; +import { UserAccessType } from '@hmcts/rpx-xui-common-lib'; export class UserRolesUtil { public static getRolesAdded(user: any, permissions: string[]): any[] { @@ -10,7 +15,10 @@ export class UserRolesUtil { name: permission }); if (permission === 'pui-case-manager') { - const ccdRolesTobeAdded = UserRolesUtil.GetRolesToBeAddedForUser(user, AppConstants.CCD_ROLES); + const ccdRolesTobeAdded = UserRolesUtil.GetRolesToBeAddedForUser( + user, + AppConstants.CCD_ROLES + ); ccdRolesTobeAdded.forEach((newRole) => roles.push(newRole)); } } @@ -22,12 +30,18 @@ export class UserRolesUtil { const roles = []; if (user.roles) { user.roles.forEach((permission) => { - if (!permissions.includes(permission) && !AppConstants.CCD_ROLES.includes(permission)) { + if ( + !permissions.includes(permission) && + !AppConstants.CCD_ROLES.includes(permission) + ) { roles.push({ name: permission }); if (permission === 'pui-case-manager') { - const ccdRolesTobeRemoved = UserRolesUtil.GetRemovableRolesForUser(user, AppConstants.CCD_ROLES); + const ccdRolesTobeRemoved = UserRolesUtil.GetRemovableRolesForUser( + user, + AppConstants.CCD_ROLES + ); ccdRolesTobeRemoved.forEach((newRole) => roles.push(newRole)); } } @@ -36,14 +50,22 @@ export class UserRolesUtil { return roles; } - public static mapEditUserRoles(user: any, rolesAdd: any[], rolesDelete: any[]): any { + public static mapEditUserRoles( + user: any, + userId: string, + rolesAdd: RoleChange[], + rolesDelete: RoleChange[], + userAccessTypes: UserAccessType[] = [] + ): EditUserModel { return { + id: userId, email: user.email, firstName: user.firstName, lastName: user.lastName, idamStatus: user.idamStatus, rolesAdd, - rolesDelete + rolesDelete, + userAccessTypes: userAccessTypes }; } @@ -124,4 +146,19 @@ export class UserRolesUtil { }); return rolesTobeAdded; } + + public static accessTypesMatch( + accessTypes: UserAccessType[], + updatedAccessTypes: UserAccessType[] + ): boolean { + const sortedAccessTypes = [...accessTypes].sort((a, b) => + a.accessTypeId.localeCompare(b.accessTypeId) + ); + const sortedUpdatedAccessTypes = [...updatedAccessTypes].sort((a, b) => + a.accessTypeId.localeCompare(b.accessTypeId) + ); + const accessTypesJson = JSON.stringify(sortedAccessTypes); + const updatedAccessTypesJson = JSON.stringify(sortedUpdatedAccessTypes); + return accessTypesJson === updatedAccessTypesJson; + } } diff --git a/src/users/guards/feature-toggle-ogd-invite-user-flow.guard.ts b/src/users/guards/feature-toggle-ogd-invite-user-flow.guard.ts new file mode 100644 index 000000000..6aaa6d287 --- /dev/null +++ b/src/users/guards/feature-toggle-ogd-invite-user-flow.guard.ts @@ -0,0 +1,26 @@ +import { select, Store } from '@ngrx/store'; +import * as fromRoot from '../../../src/app/store'; +import { Injectable } from '@angular/core'; +import { CanActivate } from '@angular/router'; +import { catchError, filter, first, Observable, of, timeout, TimeoutError } from 'rxjs'; + +@Injectable() +export class featureToggleOdgInviteUserFlowGuard implements CanActivate { + constructor(private readonly appStore: Store) {} + + public canActivate(): Observable { + // As the feature flags dont return their actual state first on refresh, + // this code is needed to wait for a small time to allow the flag value to be its correct state + return this.appStore.pipe( + select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled), + filter((isEnabled) => isEnabled === true), + first(), + timeout(2000), + catchError((error) => { + if (error instanceof TimeoutError) { + return of(false); + } + }) + ); + } +} diff --git a/src/users/models/basic-access-types.model.ts b/src/users/models/basic-access-types.model.ts new file mode 100644 index 000000000..37bfc7e21 --- /dev/null +++ b/src/users/models/basic-access-types.model.ts @@ -0,0 +1,6 @@ +export interface BasicAccessTypes { + isPuiUserManager: boolean; + isPuiOrganisationManager: boolean; + isPuiFinanceManager: boolean; + isCaseAccessAdmin: boolean; +} diff --git a/src/users/models/case-management-permissions.model.ts b/src/users/models/case-management-permissions.model.ts new file mode 100644 index 000000000..b6aa497ef --- /dev/null +++ b/src/users/models/case-management-permissions.model.ts @@ -0,0 +1,6 @@ +import { UserAccessType } from '@hmcts/rpx-xui-common-lib'; + +export interface CaseManagementPermissions { + manageCases: boolean; + userAccessTypes: UserAccessType[]; +} diff --git a/src/users/models/personal-details.model.ts b/src/users/models/personal-details.model.ts new file mode 100644 index 000000000..3e417ee43 --- /dev/null +++ b/src/users/models/personal-details.model.ts @@ -0,0 +1,5 @@ +export interface PersonalDetails { + firstName: string; + lastName: string; + email: string; +} diff --git a/src/users/models/prd-users.model.ts b/src/users/models/prd-users.model.ts index bc0b7ef5e..e3ff1fd98 100644 --- a/src/users/models/prd-users.model.ts +++ b/src/users/models/prd-users.model.ts @@ -7,6 +7,7 @@ export interface RawPrdUsersList { export interface RawPrdUserListWithoutRoles { organisationIdentifier: string; + organisationProfileIds?: string[]; users: RawPrdUserLite[]; } @@ -16,7 +17,7 @@ export interface RawPrdUserLite { firstName: string; lastName: string; idamStatus: string; - accessTypes?: UserAccessType[]; + userAccessTypes?: UserAccessType[]; } export interface RawPrdUser extends RawPrdUserLite { @@ -35,7 +36,7 @@ export interface PrdUser { fullName: string; routerLink: string; routerLinkTitle: string; - accessTypes: UserAccessType[]; + userAccessTypes: UserAccessType[]; roles?: string[]; status?: string; selected?: boolean; diff --git a/src/users/models/userform.model.ts b/src/users/models/userform.model.ts index 8a461e7f2..1fa4f872e 100644 --- a/src/users/models/userform.model.ts +++ b/src/users/models/userform.model.ts @@ -1,3 +1,4 @@ +import { UserAccessType } from '@hmcts/rpx-xui-common-lib'; export interface UserListApiModel { id?: number; firstName: string; @@ -5,4 +6,5 @@ export interface UserListApiModel { email: string; permissions: string[]; resendInvite: boolean; + userAccessTypes?: Array ; } diff --git a/src/users/services/invite-user.service.spec.ts b/src/users/services/invite-user.service.spec.ts new file mode 100644 index 000000000..05cd9c273 --- /dev/null +++ b/src/users/services/invite-user.service.spec.ts @@ -0,0 +1,51 @@ +import { TestBed } from '@angular/core/testing'; +import { HttpClientTestingModule, HttpTestingController } from '@angular/common/http/testing'; +import { provideMockStore, MockStore } from '@ngrx/store/testing'; +import { InviteUserService } from './invite-user.service'; +import * as fromRoot from '../../../src/app/store'; + +describe('Invite User', () => { + let inviteUserService: InviteUserService; + let httpTestingController: HttpTestingController; + let mockStore: MockStore; + + const initialState = {}; + + beforeEach(() => { + TestBed.configureTestingModule({ + imports: [HttpClientTestingModule], + providers: [ + InviteUserService, + provideMockStore({ initialState }) + ] + }); + + inviteUserService = TestBed.inject(InviteUserService); + httpTestingController = TestBed.inject(HttpTestingController); + mockStore = TestBed.inject(MockStore); + + mockStore.overrideSelector(fromRoot.getOgdInviteUserFlowFeatureIsEnabled, false); + }); + + afterEach(() => { + httpTestingController.verify(); + }); + + it('should send a request to the correct URL based on the ogdEnabled flag', () => { + const userData = { email: 'test@example.com' }; + + // Test with ogdEnabled flag set to false + inviteUserService.inviteUser(userData).subscribe(); + const req = httpTestingController.expectOne('/api/inviteUser'); + expect(req.request.method).toEqual('POST'); + req.flush({}); + + // Change ogdEnabled flag to true and test again + mockStore.overrideSelector(fromRoot.getOgdInviteUserFlowFeatureIsEnabled, true); + + inviteUserService.inviteUser(userData).subscribe(); + const reqOgd = httpTestingController.expectOne('/api/ogd-flow/invite'); + expect(reqOgd.request.method).toEqual('POST'); + reqOgd.flush({}); + }); +}); diff --git a/src/users/services/invite-user.service.ts b/src/users/services/invite-user.service.ts index ec2dcfe5e..5c6f3c102 100644 --- a/src/users/services/invite-user.service.ts +++ b/src/users/services/invite-user.service.ts @@ -1,14 +1,25 @@ import { HttpClient } from '@angular/common/http'; import { Injectable } from '@angular/core'; +import * as fromRoot from '../../../src/app/store'; +import { Store, select } from '@ngrx/store'; -import { Observable } from 'rxjs'; +import { Observable, switchMap } from 'rxjs'; import { UserListApiModel } from '../models/userform.model'; @Injectable() export class InviteUserService { - constructor(private readonly http: HttpClient) {} - // TODO add type when server returns someting. - public inviteUser(data): Observable { - return this.http.post('api/inviteUser', data); + constructor( + private readonly http: HttpClient, + private readonly rootStore: Store, + ) {} + + public inviteUser(data): Observable { + return this.rootStore.pipe( + select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled), + switchMap((ogdEnabled) => { + const inviteUrl = ogdEnabled ? '/api/ogd-flow/invite' : '/api/inviteUser'; + return this.http.post(inviteUrl, data); + }) + ); } } diff --git a/src/users/services/org-profiles.service.ts b/src/users/services/org-profiles.service.ts new file mode 100644 index 000000000..7d06326d4 --- /dev/null +++ b/src/users/services/org-profiles.service.ts @@ -0,0 +1,18 @@ +import { Injectable } from '@angular/core'; +import { AppConstants } from 'src/app/app.constants'; + +@Injectable({ + providedIn: 'root' +}) +export class OrganisationProfileService { + private ogdProfileTypes = AppConstants.OGD_PROFILE_TYPES; + + public getOrganisationProfileType(organisationProfileIds: string[]) { + for (const key of Object.keys(this.ogdProfileTypes)) { + if (organisationProfileIds.includes(this.ogdProfileTypes[key])) { + return this.ogdProfileTypes[key]; + } + } + return ''; + } +} diff --git a/src/users/store/actions/invite-user.actions.ts b/src/users/store/actions/invite-user.actions.ts index 87922d374..b0e577734 100644 --- a/src/users/store/actions/invite-user.actions.ts +++ b/src/users/store/actions/invite-user.actions.ts @@ -8,13 +8,14 @@ export const INVITE_USER_FAIL_WITH_404 = '[Invite User] Invite User Fail With 40 export const INVITE_USER_FAIL_WITH_400 = '[Invite User] Invite User Fail With 400'; export const INVITE_USER_FAIL_WITH_429 = '[Invite User] Invite User Fail With 429'; export const INVITE_USER_FAIL_WITH_409 = '[Invite User] Invite User Fail With 409'; +export const INVITE_USER_FAIL_WITH_422 = '[Invite User] Invite User Fail With 422'; export const INVITE_USER_FAIL_WITH_500 = '[Invite User] Invite User Fail With 500 Range'; export const RESET = '[Invite User] Reset'; import { UserListApiModel } from '../../models/userform.model'; export class SendInviteUser implements Action { public readonly type = SEND_INVITE_USER; - constructor(public payload: UserListApiModel) {} + constructor(public payload: UserListApiModel, public orgProfileIds?: string[]) {} } export class InviteUserSuccess implements Action { @@ -46,6 +47,10 @@ export class InviteUserFailWith409 implements Action { public readonly type = INVITE_USER_FAIL_WITH_409; constructor(public payload: any) {} } +export class InviteUserFailWith422 implements Action { + public readonly type = INVITE_USER_FAIL_WITH_422; + constructor(public payload: any) {} +} export class InviteUserFailWith500 implements Action { public readonly type = INVITE_USER_FAIL_WITH_500; diff --git a/src/users/store/actions/user.actions.ts b/src/users/store/actions/user.actions.ts index c832dbf1c..10c23d6b9 100644 --- a/src/users/store/actions/user.actions.ts +++ b/src/users/store/actions/user.actions.ts @@ -1,5 +1,6 @@ // load login form import { Action } from '@ngrx/store'; +import { EditUserModel } from 'src/user-profile/models/editUser.model'; import { PrdUser } from 'src/users/models/prd-users.model'; export const LOAD_USERS = '[User] Load Users'; @@ -16,6 +17,8 @@ export const EDIT_USER_SUCCESS = '[User] Edit User Success'; export const EDIT_USER_FAILURE = '[User] Edit User Failure'; export const EDIT_USER_FAILURE_RESET = '[User] Edit User Failure Reset'; export const EDIT_USER_SERVER_ERROR = '[User] Edit User Server Error'; +export const REFRESH_USER = '[User] Refresh User'; +export const REFRESH_USER_FAIL = '[User] Refresh User Fail'; export const LOAD_USER_DETAILS = '[UserDetails] Load User Details'; export const LOAD_USER_DETAILS_SUCCESS = '[UserDetails] Load User Details Success'; export const SUSPEND_USER = '[User] Suspend User'; @@ -23,7 +26,11 @@ export const SUSPEND_USER_SUCCESS = '[User] Suspend User Success'; export const SUSPEND_USER_FAIL = '[User] Suspend User Fail'; export const INVITE_NEW_USER = '[User] Invite New User'; export const REINVITE_PENDING_USER = '[User] Reinvite Pending User'; +export const CHECK_USER_LIST_LOADED = '[User] Check user list loaded'; +export class CheckUserListLoaded implements Action{ + public readonly type = CHECK_USER_LIST_LOADED; +} export class LoadUsers { public readonly type = LOAD_USERS; constructor(public payload?: any) {} @@ -68,7 +75,7 @@ export class LoadAllUsersNoRoleDataFail implements Action { export class EditUser implements Action { public readonly type = EDIT_USER; - constructor(public payload: any) {} + constructor(public payload: EditUserModel, public orgProfileIds?: string[]) {} } export class EditUserSuccess implements Action { @@ -143,4 +150,5 @@ export type UserActions = | SuspendUserFail | EditUserServerError | ReinvitePendingUser - | InviteNewUser; + | InviteNewUser + | CheckUserListLoaded; diff --git a/src/users/store/effects/invite-user.effects.spec.ts b/src/users/store/effects/invite-user.effects.spec.ts index 7591cb723..68dda957f 100644 --- a/src/users/store/effects/invite-user.effects.spec.ts +++ b/src/users/store/effects/invite-user.effects.spec.ts @@ -43,22 +43,46 @@ describe('Invite User Effects', () => { })); describe('saveUser$', () => { - it('should return a collection from user details - InviteUserSuccess', waitForAsync(() => { - const payload = { payload: 'something' }; - inviteUsersServiceMock.inviteUser.and.returnValue(of(payload)); - const requestPayload = { + it('should handle dynamic payload correctly - InviteUserSuccess', waitForAsync(() => { + const userRequestPayload = { firstName: 'Captain', lastName: 'Caveman', email: 'thecap@cave.com', permissions: ['god'], resendInvite: false }; - const action = new fromUsersActions.SendInviteUser(requestPayload); - const completion = new fromUsersActions.InviteUserSuccess({ payload: 'something', userEmail: 'thecap@cave.com' }); + const orgProfileIdPayload = [ + 'Solicitor_Profile' + ]; + const mockUserDetails = { id: 'user123', name: 'Captain Caveman' }; + inviteUsersServiceMock.inviteUser.and.returnValue(of(mockUserDetails)); + const action = new fromUsersActions.SendInviteUser(userRequestPayload, orgProfileIdPayload); + const completion = new fromUsersActions.InviteUserSuccess({ ...mockUserDetails, userEmail: 'thecap@cave.com' }); + actions$ = hot('-a', { a: action }); const expected = cold('-b', { b: completion }); + expect(effects.saveUser$).toBeObservable(expected); })); + + it('should handle payload without orgProfileIds - InviteUserSuccess', waitForAsync(() => { + const requestPayloadWithoutOrgIds = { + firstName: 'Captain', + lastName: 'Caveman', + email: 'thecap@cave.com', + permissions: ['god'], + resendInvite: false + }; + const mockUserDetailsWithoutOrgIds = { id: 'user123', name: 'Captain Caveman' }; + inviteUsersServiceMock.inviteUser.and.returnValue(of(mockUserDetailsWithoutOrgIds)); + const actionWithoutOrgIds = new fromUsersActions.SendInviteUser(requestPayloadWithoutOrgIds); + const completionWithoutOrgIds = new fromUsersActions.InviteUserSuccess({ ...mockUserDetailsWithoutOrgIds, userEmail: 'thecap@cave.com' }); + + actions$ = hot('-a', { a: actionWithoutOrgIds }); + const expectedWithoutOrgIds = cold('-b', { b: completionWithoutOrgIds }); + + expect(effects.saveUser$).toBeObservable(expectedWithoutOrgIds); + })); }); describe('getUserInviteLoggerMessage', () => { @@ -140,6 +164,17 @@ describe('Invite User Effects', () => { const action = fromUsersEffects.InviteUserEffects.getErrorAction(error); expect(action.type).toEqual(fromUsersActions.INVITE_USER_FAIL_WITH_409); }); + + it('should return 422 Action', () => { + const error = { + apiError: '', + apiStatusCode: 422, + message: '' + }; + + const action = fromUsersEffects.InviteUserEffects.getErrorAction(error); + expect(action.type).toEqual(fromUsersActions.INVITE_USER_FAIL_WITH_422); + }); }); xdescribe('saveUser$ error', () => { diff --git a/src/users/store/effects/invite-user.effects.ts b/src/users/store/effects/invite-user.effects.ts index 773abe2b2..1ee83921e 100644 --- a/src/users/store/effects/invite-user.effects.ts +++ b/src/users/store/effects/invite-user.effects.ts @@ -8,7 +8,6 @@ import { LoggerService } from '../../../shared/services/logger.service'; import { ErrorReport } from '../../models/errorReport.model'; import { InviteUserService } from '../../services'; import * as usersActions from '../actions'; - @Injectable() export class InviteUserEffects { constructor( @@ -20,19 +19,18 @@ export class InviteUserEffects { @Effect() public saveUser$ = this.actions$.pipe( ofType(usersActions.SEND_INVITE_USER), - map((action: usersActions.SendInviteUser) => action.payload), - switchMap((inviteUserFormData) => { - const userEmail = (inviteUserFormData as any).email; - return this.inviteUserSevice.inviteUser(inviteUserFormData).pipe( + switchMap(({ payload, orgProfileIds }: usersActions.SendInviteUser) => { + const reqBody = orgProfileIds ? { userPayload: payload, orgIdsPayload: orgProfileIds } : payload; + const userEmail = payload.email; + return this.inviteUserSevice.inviteUser(reqBody).pipe( map((userDetails) => { - const userInvitedLoggerMessage = InviteUserEffects.getUserInviteLoggerMessage(inviteUserFormData.resendInvite); + const userInvitedLoggerMessage = InviteUserEffects.getUserInviteLoggerMessage(payload.resendInvite); this.loggerService.info(userInvitedLoggerMessage); return new usersActions.InviteUserSuccess({ ...userDetails, userEmail }); }), catchError((errorReport) => { this.loggerService.error(errorReport.message); - const action = InviteUserEffects.getErrorAction(errorReport.error); - return of(action); + return of(InviteUserEffects.getErrorAction(errorReport.error)); }) ); }) @@ -62,6 +60,8 @@ export class InviteUserEffects { return new usersActions.InviteUserFailWith404(error); case 409: return new usersActions.InviteUserFailWith409(error); + case 422: + return new usersActions.InviteUserFailWith422(error); case 429: return new usersActions.InviteUserFailWith429(error); case 500: diff --git a/src/users/store/effects/users.effects.spec.ts b/src/users/store/effects/users.effects.spec.ts index 1f935f41d..001b342cd 100644 --- a/src/users/store/effects/users.effects.spec.ts +++ b/src/users/store/effects/users.effects.spec.ts @@ -1,13 +1,17 @@ import { HttpClientTestingModule } from '@angular/common/http/testing'; import { TestBed, waitForAsync } from '@angular/core/testing'; import { provideMockActions } from '@ngrx/effects/testing'; +import { MockStore, provideMockStore } from '@ngrx/store/testing'; +import { MemoizedSelector } from '@ngrx/store'; import { addMatchers, cold, hot, initTestScheduler } from 'jasmine-marbles'; import { of, throwError } from 'rxjs'; import { LoggerService } from '../../../shared/services/logger.service'; import { UsersService } from '../../services/users.service'; -import { LoadAllUsersNoRoleData, LoadAllUsersNoRoleDataFail, LoadAllUsersNoRoleDataSuccess, LoadUserDetails, LoadUserDetailsSuccess, LoadUsers, LoadUsersFail, LoadUsersSuccess, SuspendUser, SuspendUserFail, SuspendUserSuccess } from '../actions/user.actions'; +import { CheckUserListLoaded, InviteNewUser, LoadAllUsersNoRoleData, LoadAllUsersNoRoleDataFail, LoadAllUsersNoRoleDataSuccess, LoadUserDetails, LoadUserDetailsSuccess, LoadUsers, LoadUsersFail, LoadUsersSuccess, SuspendUser, SuspendUserFail, SuspendUserSuccess } from '../actions/user.actions'; import * as orgActions from '../../../organisation/store/actions'; +import * as fromRoot from '../../../app/store'; import * as fromUsersEffects from './users.effects'; +import * as usersSelectors from '../selectors/user.selectors'; import { RawPrdUser, RawPrdUserListWithoutRoles, RawPrdUserLite, RawPrdUsersList } from 'src/users/models/prd-users.model'; describe('Users Effects', () => { @@ -18,6 +22,8 @@ describe('Users Effects', () => { ]); let loggerService: LoggerService; + let mockGetOgdInviteUserFlowFeatureIsEnabledSelector: MemoizedSelector; + let mockRootStore: MockStore; const mockedLoggerService = jasmine.createSpyObj('mockedLoggerService', ['trace', 'info', 'debug', 'log', 'warn', 'error', 'fatal']); beforeEach(waitForAsync(() => { @@ -33,17 +39,23 @@ describe('Users Effects', () => { useValue: mockedLoggerService }, fromUsersEffects.UsersEffects, - provideMockActions(() => actions$) + provideMockActions(() => actions$), + provideMockStore() ] }); effects = TestBed.inject(fromUsersEffects.UsersEffects); loggerService = TestBed.inject(LoggerService); - + mockRootStore = TestBed.inject(MockStore); + mockGetOgdInviteUserFlowFeatureIsEnabledSelector = mockRootStore.overrideSelector(fromRoot.getOgdInviteUserFlowFeatureIsEnabled, false); initTestScheduler(); addMatchers(); })); + afterEach(() => { + mockRootStore.resetSelectors(); + }); + describe('loadUsers$', () => { it('should return a collection from loadUsers$ - LoadUsersSuccess', waitForAsync(() => { const prdUser: RawPrdUser = { @@ -67,7 +79,7 @@ describe('Users Effects', () => { fullName: 'John Doe', routerLink: `user/${prdUser.userIdentifier}`, routerLinkTitle: 'User details for John Doe with id 123', - accessTypes: [] + userAccessTypes: [] } ] }); @@ -99,7 +111,7 @@ describe('Users Effects', () => { fullName: 'John Doe', routerLink: `user/${prdUser.userIdentifier}`, routerLinkTitle: 'User details for John Doe with id 123', - accessTypes: [] + userAccessTypes: [] } ] }); @@ -109,14 +121,14 @@ describe('Users Effects', () => { })); }); - it('should return a collection from loadUsers$ with accessTypes - LoadUsersSuccess', waitForAsync(() => { + it('should return a collection from loadUsers$ with userAccessTypes - LoadUsersSuccess', waitForAsync(() => { const prdUser: RawPrdUser = { email: 'madeup@test.com', firstName: 'John', lastName: 'Doe', idamStatus: 'PENDING', userIdentifier: '123', - accessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] + userAccessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] }; const payload:RawPrdUsersList = { organisationIdentifier: 'ABC123', @@ -132,7 +144,7 @@ describe('Users Effects', () => { fullName: 'John Doe', routerLink: `user/${prdUser.userIdentifier}`, routerLinkTitle: 'User details for John Doe with id 123', - accessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] + userAccessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] } ] }); @@ -202,69 +214,174 @@ describe('Users Effects', () => { }); }); + describe('inviteNewUser$', () => { + describe('inviteNewUser$ - OgdInviteUserFlowFeature disabled', () => { + it('should return a Go object with the path to users/invite-user', () => { + mockGetOgdInviteUserFlowFeatureIsEnabledSelector.setResult(false); + const action = new InviteNewUser(); + const completion = new fromRoot.Go({ path: ['users/invite-user'] }); + actions$ = hot('-a', { a: action }); + const expected = cold('-b', { b: completion }); + expect(effects.inviteNewUser$).toBeObservable(expected); + }); + }); + + describe('inviteNewUser$ - OgdInviteUserFlowFeature enabled', () => { + it('should return a Go object with the path to users/manage', () => { + mockGetOgdInviteUserFlowFeatureIsEnabledSelector.setResult(true); + const action = new InviteNewUser(); + const completion = new fromRoot.Go({ path: ['users/manage'] }); + actions$ = hot('-a', { a: action }); + const expected = cold('-b', { b: completion }); + expect(effects.inviteNewUser$).toBeObservable(expected); + }); + }); + }); + describe('loadAllUsersNoRoleData$', () => { - it('should return a collection from loadAllUsersNoRoleData$ - LoadAllUsersNoRoleDataSuccess', waitForAsync(() => { - const prdUser: RawPrdUserLite = { - email: 'madeup@test.com', - firstName: 'John', - lastName: 'Doe', - idamStatus: 'ACTIVE', - userIdentifier: '123' - }; - const payload : RawPrdUserListWithoutRoles = { - organisationIdentifier: 'ABC123', - users: [prdUser] - }; - usersServiceMock.getAllUsersList.and.returnValue(of(payload)); - const action = new LoadAllUsersNoRoleData(); - const orgUpdateProfileIdsActionCompletion = new orgActions.OrganisationUpdateUpdateProfileIds([]); - const loadUserSuccessActionCompletion = new LoadAllUsersNoRoleDataSuccess({ - users: [ - { - ...prdUser, - fullName: 'John Doe', - routerLink: `user/${prdUser.userIdentifier}`, - routerLinkTitle: 'User details for John Doe with id 123', - accessTypes: [] - } - ] + describe('OGD feature flag is enabled', () => { + beforeEach(() => { + mockGetOgdInviteUserFlowFeatureIsEnabledSelector.setResult(true); }); - actions$ = hot('-a', { a: action }); - const expected = cold('-(bc)', { b: orgUpdateProfileIdsActionCompletion, c: loadUserSuccessActionCompletion }); - expect(effects.loadAllUsersNoRoleData$).toBeObservable(expected); - })); - it('should return a collection from loadAllUsersNoRoleData$ with accessTypes - LoadAllUsersNoRoleDataSuccess', waitForAsync(() => { - const prdUser: RawPrdUserLite = { - email: 'madeup@test.com', - firstName: 'John', - lastName: 'Doe', - idamStatus: 'ACTIVE', - userIdentifier: '123', - accessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] - }; - const payload : RawPrdUserListWithoutRoles = { - organisationIdentifier: 'ABC123', - users: [prdUser] - }; - usersServiceMock.getAllUsersList.and.returnValue(of(payload)); - const action = new LoadAllUsersNoRoleData(); - const orgUpdateProfileIdsActionCompletion = new orgActions.OrganisationUpdateUpdateProfileIds(['orgProfileId']); - const loadUserSuccessActionCompletion = new LoadAllUsersNoRoleDataSuccess({ - users: [ - { - ...prdUser, - fullName: 'John Doe', - routerLink: `user/${prdUser.userIdentifier}`, - routerLinkTitle: 'User details for John Doe with id 123', - accessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] - } - ] + it('should return a collection from loadAllUsersNoRoleData$ - LoadAllUsersNoRoleDataSuccess', waitForAsync(() => { + const prdUser: RawPrdUserLite = { + email: 'madeup@test.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'ACTIVE', + userIdentifier: '123' + }; + const payload : RawPrdUserListWithoutRoles = { + organisationIdentifier: 'ABC123', + organisationProfileIds: [], + users: [prdUser] + }; + usersServiceMock.getAllUsersList.and.returnValue(of(payload)); + const action = new LoadAllUsersNoRoleData(); + const orgUpdateProfileIdsActionCompletion = new orgActions.OrganisationUpdateUpdateProfileIds([]); + const orgLoadOrgAccessTypesCompletion = new orgActions.LoadOrganisationAccessTypes([]); + const loadUserSuccessActionCompletion = new LoadAllUsersNoRoleDataSuccess({ + users: [ + { + ...prdUser, + fullName: 'John Doe', + routerLink: `user/${prdUser.userIdentifier}`, + routerLinkTitle: 'User details for John Doe with id 123', + userAccessTypes: [] + } + ] + }); + actions$ = hot('-a', { a: action }); + const expected = cold('-(bcd)', { b: orgUpdateProfileIdsActionCompletion, c: orgLoadOrgAccessTypesCompletion, d: loadUserSuccessActionCompletion }); + expect(effects.loadAllUsersNoRoleData$).toBeObservable(expected); + })); + + it('should return a collection from loadAllUsersNoRoleData$ with userAccessTypes - LoadAllUsersNoRoleDataSuccess', waitForAsync(() => { + const prdUser: RawPrdUserLite = { + email: 'madeup@test.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'ACTIVE', + userIdentifier: '123', + userAccessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] + }; + const payload : RawPrdUserListWithoutRoles = { + organisationIdentifier: 'ABC123', + organisationProfileIds: ['orgProfileId'], + users: [prdUser] + }; + usersServiceMock.getAllUsersList.and.returnValue(of(payload)); + const action = new LoadAllUsersNoRoleData(); + const orgUpdateProfileIdsActionCompletion = new orgActions.OrganisationUpdateUpdateProfileIds(['orgProfileId']); + const orgLoadOrgAccessTypesCompletion = new orgActions.LoadOrganisationAccessTypes(['orgProfileId']); + const loadUserSuccessActionCompletion = new LoadAllUsersNoRoleDataSuccess({ + users: [ + { + ...prdUser, + fullName: 'John Doe', + routerLink: `user/${prdUser.userIdentifier}`, + routerLinkTitle: 'User details for John Doe with id 123', + userAccessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] + } + ] + }); + actions$ = hot('-a', { a: action }); + const expected = cold('-(bcd)', { b: orgUpdateProfileIdsActionCompletion, c: orgLoadOrgAccessTypesCompletion, d: loadUserSuccessActionCompletion }); + expect(effects.loadAllUsersNoRoleData$).toBeObservable(expected); + })); + }); + + describe('OGD feature flag is disabled', () => { + beforeEach(() => { + mockGetOgdInviteUserFlowFeatureIsEnabledSelector.setResult(false); }); - actions$ = hot('-a', { a: action }); - const expected = cold('-(bc)', { b: orgUpdateProfileIdsActionCompletion, c: loadUserSuccessActionCompletion }); - expect(effects.loadAllUsersNoRoleData$).toBeObservable(expected); - })); + + it('should return a collection from loadAllUsersNoRoleData$ - LoadAllUsersNoRoleDataSuccess', waitForAsync(() => { + const prdUser: RawPrdUserLite = { + email: 'madeup@test.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'ACTIVE', + userIdentifier: '123' + }; + const payload : RawPrdUserListWithoutRoles = { + organisationIdentifier: 'ABC123', + organisationProfileIds: [], + users: [prdUser] + }; + usersServiceMock.getAllUsersList.and.returnValue(of(payload)); + const action = new LoadAllUsersNoRoleData(); + + const loadUserSuccessActionCompletion = new LoadAllUsersNoRoleDataSuccess({ + users: [ + { + ...prdUser, + fullName: 'John Doe', + routerLink: `user/${prdUser.userIdentifier}`, + routerLinkTitle: 'User details for John Doe with id 123', + userAccessTypes: [] + } + ] + }); + actions$ = hot('-a', { a: action }); + const expected = cold('-(b)', { b: loadUserSuccessActionCompletion }); + expect(effects.loadAllUsersNoRoleData$).toBeObservable(expected); + })); + + it('should return a collection from loadAllUsersNoRoleData$ with userAccessTypes - LoadAllUsersNoRoleDataSuccess', waitForAsync(() => { + const prdUser: RawPrdUserLite = { + email: 'madeup@test.com', + firstName: 'John', + lastName: 'Doe', + idamStatus: 'ACTIVE', + userIdentifier: '123', + userAccessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] + }; + const payload : RawPrdUserListWithoutRoles = { + organisationIdentifier: 'ABC123', + organisationProfileIds: ['orgProfileId'], + users: [prdUser] + }; + usersServiceMock.getAllUsersList.and.returnValue(of(payload)); + const action = new LoadAllUsersNoRoleData(); + + const loadUserSuccessActionCompletion = new LoadAllUsersNoRoleDataSuccess({ + users: [ + { + ...prdUser, + fullName: 'John Doe', + routerLink: `user/${prdUser.userIdentifier}`, + routerLinkTitle: 'User details for John Doe with id 123', + userAccessTypes: [{ organisationProfileId: 'orgProfileId', accessTypeId: '1234', enabled: true, jurisdictionId: '1234' }] + } + ] + }); + actions$ = hot('-a', { a: action }); + const expected = cold('-(b)', { b: loadUserSuccessActionCompletion }); + expect(effects.loadAllUsersNoRoleData$).toBeObservable(expected); + })); + }); }); describe('loadAllUsersNoRoleData$ error', () => { @@ -278,4 +395,28 @@ describe('Users Effects', () => { expect(loggerService.error).toHaveBeenCalled(); })); }); + + describe('checkAndLoadUsers$', () => { + it('should dispatch LoadAllUsersNoRoleData if loading users list is needed', waitForAsync(() => { + const action = new CheckUserListLoaded(); + const completion = new LoadAllUsersNoRoleData(); + actions$ = hot('-a', { a: action }); + const expected = cold('-b', { b: completion }); + // Mocking the selector to return true for getLoadUserListNeeded + mockRootStore.overrideSelector(usersSelectors.getLoadUserListNeeded, true); + + expect(effects.checkAndLoadUsers$).toBeObservable(expected); + })); + + it('should not dispatch LoadAllUsersNoRoleData if loading users list is not needed', waitForAsync(() => { + const action = new CheckUserListLoaded(); + actions$ = hot('-a', { a: action }); + const expected = cold('', {}); + + // Mocking the selector to return false for getLoadUserListNeeded + mockRootStore.overrideSelector(usersSelectors.getLoadUserListNeeded, false); + + expect(effects.checkAndLoadUsers$).toBeObservable(expected); + })); + }); }); diff --git a/src/users/store/effects/users.effects.ts b/src/users/store/effects/users.effects.ts index 35a152542..0fa4bc926 100644 --- a/src/users/store/effects/users.effects.ts +++ b/src/users/store/effects/users.effects.ts @@ -1,22 +1,34 @@ import { Injectable } from '@angular/core'; import { Actions, createEffect, ofType } from '@ngrx/effects'; import { of } from 'rxjs'; -import { catchError, concatMap, map, switchMap } from 'rxjs/operators'; +import { catchError, concatMap, filter, map, switchMap, take } from 'rxjs/operators'; import * as fromRoot from '../../../app/store'; import { LoggerService } from '../../../shared/services/logger.service'; import { UsersService } from '../../services'; import * as usersActions from '../actions'; import * as orgActions from '../../../organisation/store/actions'; import { PrdUser } from 'src/users/models/prd-users.model'; +import { Store, select } from '@ngrx/store'; +import * as usersSelectors from '../selectors/user.selectors'; @Injectable() export class UsersEffects { constructor( private readonly actions$: Actions, private readonly usersService: UsersService, - private readonly loggerService: LoggerService + private readonly loggerService: LoggerService, + private readonly appStore: Store, ) {} + checkAndLoadUsers$ = createEffect(() => + this.actions$.pipe( + ofType(usersActions.CHECK_USER_LIST_LOADED), + switchMap(() => this.appStore.pipe(select(usersSelectors.getLoadUserListNeeded))), + filter((loadUserListNeeded) => loadUserListNeeded), + map(() => new usersActions.LoadAllUsersNoRoleData()) + ) + ); + public loadUsers$ = createEffect(() => this.actions$.pipe( ofType(usersActions.LOAD_USERS), @@ -27,19 +39,19 @@ export class UsersEffects { let organisationProfileIds = []; userDetails.users.forEach((element) => { const fullName = `${element.firstName} ${element.lastName}`; - const accessTypes = element?.accessTypes || []; + const accessTypes = element?.userAccessTypes || []; const user: PrdUser = { ...element, fullName: `${element.firstName} ${element.lastName}`, routerLink: `user/${element.userIdentifier}`, routerLinkTitle: `User details for ${fullName} with id ${element.userIdentifier}`, - accessTypes: accessTypes + userAccessTypes: accessTypes }; amendedUsers.push(user); - user.accessTypes = user?.accessTypes || []; + user.userAccessTypes = user?.userAccessTypes || []; organisationProfileIds = [ ...organisationProfileIds, - ...user.accessTypes.map( + ...user.userAccessTypes.map( (accessType) => accessType.organisationProfileId ) ]; @@ -80,36 +92,37 @@ export class UsersEffects { public loadAllUsersNoRoleData$ = createEffect(() => this.actions$.pipe( ofType(usersActions.LOAD_ALL_USERS_NO_ROLE_DATA), - switchMap(() => { + switchMap(() => this.appStore.pipe(select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled))), + switchMap((featureEnabled:boolean) => { return this.usersService.getAllUsersList().pipe( concatMap((userDetails) => { const amendedUsers: PrdUser[] = []; - let organisationProfileIds = []; + const organisationProfileIds = userDetails.organisationProfileIds; userDetails.users.forEach((element) => { const fullName = `${element.firstName} ${element.lastName}`; - const accessTypes = element?.accessTypes || []; + const accessTypes = element?.userAccessTypes || []; const user: PrdUser = { ...element, fullName: `${element.firstName} ${element.lastName}`, routerLink: `user/${element.userIdentifier}`, routerLinkTitle: `User details for ${fullName} with id ${element.userIdentifier}`, - accessTypes: accessTypes + userAccessTypes: accessTypes }; amendedUsers.push(user); - user.accessTypes = user?.accessTypes || []; - organisationProfileIds = [ - ...organisationProfileIds, - ...user.accessTypes.map( - (accessType) => accessType.organisationProfileId - ) - ]; + user.userAccessTypes = user?.userAccessTypes || []; }); - - organisationProfileIds = [...new Set(organisationProfileIds)]; + if (featureEnabled){ + return [ + new orgActions.OrganisationUpdateUpdateProfileIds( + organisationProfileIds + ), + new orgActions.LoadOrganisationAccessTypes( + organisationProfileIds + ), + new usersActions.LoadAllUsersNoRoleDataSuccess({ users: amendedUsers }) + ]; + } return [ - new orgActions.OrganisationUpdateUpdateProfileIds( - organisationProfileIds - ), new usersActions.LoadAllUsersNoRoleDataSuccess({ users: amendedUsers }) ]; }), @@ -165,14 +178,36 @@ export class UsersEffects { public inviteNewUser$ = createEffect(() => this.actions$.pipe( ofType(usersActions.INVITE_NEW_USER), - map(() => new fromRoot.Go({ path: ['users/invite-user'] })) + switchMap(() => { + return this.appStore.pipe( + select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled), + take(1), + map((isEnabled) => { + if (isEnabled) { + return new fromRoot.Go({ path: ['users/manage'] }); + } + return new fromRoot.Go({ path: ['users/invite-user'] }); + }) + ); + }) ) ); public reinviteUser$ = createEffect(() => this.actions$.pipe( ofType(usersActions.REINVITE_PENDING_USER), - map(() => new fromRoot.Go({ path: ['users/invite-user'] })) + switchMap(() => { + return this.appStore.pipe( + select(fromRoot.getOgdInviteUserFlowFeatureIsEnabled), + take(1), + map((isEnabled) => { + if (isEnabled) { + return new fromRoot.Go({ path: ['users/manage'] }); + } + return new fromRoot.Go({ path: ['users/invite-user'] }); + }) + ); + }) ) ); } diff --git a/src/users/store/reducers/users.reducer.spec.ts b/src/users/store/reducers/users.reducer.spec.ts index de3d4d398..52608d83b 100644 --- a/src/users/store/reducers/users.reducer.spec.ts +++ b/src/users/store/reducers/users.reducer.spec.ts @@ -13,7 +13,7 @@ const mockUserList: PrdUser[] = [ idamStatus: 'active', userIdentifier: 'userId1', roles: ['pui-organisation-manager', 'pui-user-manager', 'pui-case-manager', 'pui-finance-manager'], - accessTypes: [] + userAccessTypes: [] }, { firstName: 'Test2fggftfirstname', @@ -25,7 +25,7 @@ const mockUserList: PrdUser[] = [ idamStatus: 'active', userIdentifier: 'userId2', roles: ['pui-organisation-manager', 'pui-user-manager'], - accessTypes: [] + userAccessTypes: [] } ]; @@ -46,7 +46,7 @@ const resultUserList = [ manageUsers: 'Yes', manageCases: 'Yes', managePayments: 'Yes', - accessTypes: [] + userAccessTypes: [] }, { firstName: 'Test2fggftfirstname', @@ -64,7 +64,7 @@ const resultUserList = [ manageUsers: 'Yes', manageCases: 'No', managePayments: 'No', - accessTypes: [] + userAccessTypes: [] } ]; @@ -220,5 +220,18 @@ describe('Users Reducer', () => { expect(state.userList).toEqual([]); }); + + it('CHECK_USER_LIST_LOADED action should update loadUserListNeeded based on userList emptiness', () => { + const { initialState } = fromUsers; + let state = fromUsers.reducer(initialState, new fromUserActions.CheckUserListLoaded()); + + expect(state.loadUserListNeeded).toEqual(true); + + const action = new fromUserActions.LoadUsersSuccess({ users: mockUserList }); + state = fromUsers.reducer(state, action); + state = fromUsers.reducer(state, new fromUserActions.CheckUserListLoaded()); + + expect(state.loadUserListNeeded).toEqual(false); + }); }); diff --git a/src/users/store/reducers/users.reducer.ts b/src/users/store/reducers/users.reducer.ts index e873211fc..c379bd4a8 100644 --- a/src/users/store/reducers/users.reducer.ts +++ b/src/users/store/reducers/users.reducer.ts @@ -10,6 +10,7 @@ export interface UsersListState { reinvitePendingUser: User; editUserFailure: boolean; userDetails: User; + loadUserListNeeded?: boolean; } export const initialState: UsersListState = { @@ -18,7 +19,8 @@ export const initialState: UsersListState = { loading: false, reinvitePendingUser: null, editUserFailure: false, - userDetails: null + userDetails: null, + loadUserListNeeded: false }; export function reducer( @@ -26,6 +28,14 @@ export function reducer( action: fromUsers.UserActions ): UsersListState { switch (action.type) { + case fromUsers.CHECK_USER_LIST_LOADED: { + const isUserListEmpty = state.userList.length === 0; + return { + ...state, + loadUserListNeeded: isUserListEmpty + }; + } + case fromUsers.LOAD_USERS: case fromUsers.LOAD_ALL_USERS_NO_ROLE_DATA: { const userList = []; @@ -113,7 +123,8 @@ export function reducer( case fromUsers.INVITE_NEW_USER: { return { ...state, - reinvitePendingUser: null + reinvitePendingUser: null, + userDetails: null }; } @@ -187,3 +198,4 @@ export const getUsersLoaded = (state: UsersListState) => state.loaded; export const getReinvitePendingUser = (state: UsersListState) => state.reinvitePendingUser; export const getEditUserFailure = (state: UsersListState) => state.editUserFailure; export const getUserDetails = (state: UsersListState) => state.userDetails; +export const getLoadUserListNeeded = (state: UsersListState) => state.loadUserListNeeded; diff --git a/src/users/store/selectors/user.selectors.ts b/src/users/store/selectors/user.selectors.ts index 6dbacc8c4..85621c280 100644 --- a/src/users/store/selectors/user.selectors.ts +++ b/src/users/store/selectors/user.selectors.ts @@ -42,3 +42,8 @@ export const getUserDetails = createSelector( getUserState, fromUsers.getUserDetails ); + +export const getLoadUserListNeeded = createSelector( + getUserState, + fromUsers.getLoadUserListNeeded +); diff --git a/src/users/users.module.ts b/src/users/users.module.ts index 026bb6e3c..b63581cf0 100644 --- a/src/users/users.module.ts +++ b/src/users/users.module.ts @@ -20,6 +20,11 @@ import * as fromComponents from './components'; import { ExuiCommonLibModule } from '@hmcts/rpx-xui-common-lib'; import { InviteUserSuccessGuard } from './guards/invite-user-success.guard'; import * as fromServices from './services'; +import { MatAutocompleteModule } from '@angular/material/autocomplete'; +import { NgxPaginationModule } from 'ngx-pagination'; +import { RpxTranslationModule } from 'rpx-xui-translation'; +import { featureToggleOdgInviteUserFlowGuard } from './guards/feature-toggle-ogd-invite-user-flow.guard'; +import { ManageUserFailureComponent } from './containers/manage-user-failure/manage-user-failure.component'; @NgModule({ imports: [ @@ -30,15 +35,20 @@ import * as fromServices from './services'; StoreModule.forFeature('users', reducers), EffectsModule.forFeature(effects), FormsModule, - ExuiCommonLibModule + ExuiCommonLibModule, + MatAutocompleteModule, + NgxPaginationModule, + RpxTranslationModule.forChild() ], exports: [...fromContainers.containers, ...fromComponents.components], - declarations: [...fromContainers.containers, ...fromComponents.components], - providers: [...fromServices.services, InviteUserSuccessGuard] + declarations: [ + ...fromContainers.containers, + ...fromComponents.components + ], + providers: [...fromServices.services, InviteUserSuccessGuard, featureToggleOdgInviteUserFlowGuard] }) /** * Entry point to UsersModule */ - export class UsersModule {} diff --git a/src/users/users.routing.ts b/src/users/users.routing.ts index 1256e63b6..b4ef681ad 100644 --- a/src/users/users.routing.ts +++ b/src/users/users.routing.ts @@ -2,12 +2,14 @@ import { ModuleWithProviders } from '@angular/core'; import { RouterModule, Routes } from '@angular/router'; import { HealthCheckGuard } from 'src/shared/guards/health-check.guard'; -import { EditUserPermissionComponent, EditUserPermissionsFailureComponent, UserDetailsComponent, UsersComponent } from './containers'; +import { EditUserPermissionComponent, EditUserPermissionsFailureComponent, UserDetailsComponent, UsersComponent, ManageUserComponent, UserUpdatedSuccessComponent } from './containers'; import { InviteUserSuccessComponent } from './containers/invite-user-success/invite-user-success.component'; import { InviteUserComponent } from './containers/invite-user/invite-user.component'; import { FeatureToggleEditUserGuard } from './guards/feature-toggle-edit-user.guard'; import { InviteUserSuccessGuard } from './guards/invite-user-success.guard'; import { UsersModule } from './users.module'; +import { featureToggleOdgInviteUserFlowGuard } from './guards/feature-toggle-ogd-invite-user-flow.guard'; +import { ManageUserFailureComponent } from './containers/manage-user-failure/manage-user-failure.component'; export const ROUTES: Routes = [ { @@ -29,14 +31,33 @@ export const ROUTES: Routes = [ component: InviteUserSuccessComponent, canActivate: [InviteUserSuccessGuard] }, + { + path: 'updated-user-success', + component: UserUpdatedSuccessComponent, + canActivate: [featureToggleOdgInviteUserFlowGuard] + }, { path: 'user/:userId/editpermission-failure', component: EditUserPermissionsFailureComponent }, + { + path: 'user/:userId/manage-user-failure', + component: ManageUserFailureComponent + }, { path: 'user/:userId/editpermission', component: EditUserPermissionComponent, canActivate: [FeatureToggleEditUserGuard] + }, + { + path: 'user/:userId/manage', + component: ManageUserComponent, + canActivate: [featureToggleOdgInviteUserFlowGuard] + }, + { + path: 'manage', + component: ManageUserComponent, + canActivate: [featureToggleOdgInviteUserFlowGuard] } ]; diff --git a/test/e2e/features/step_definitions/inviteUser.steps.js b/test/e2e/features/step_definitions/inviteUser.steps.js index c45a0626d..57d15b63b 100644 --- a/test/e2e/features/step_definitions/inviteUser.steps.js +++ b/test/e2e/features/step_definitions/inviteUser.steps.js @@ -37,7 +37,7 @@ defineSupportCode(function ({ And, But, Given, Then, When }) { }); When(/^I navigate to invite user page$/, async function () { - const inviteUserPath = config.config.baseUrl.endsWith('/') ? 'users/invite-user' : '/users/invite-user'; + const inviteUserPath = config.config.baseUrl.endsWith('/') ? 'users/manage' : '/users/manage'; await browser.driver.get(config.config.baseUrl + inviteUserPath); await inviteUserPage.waitForPage(); }); diff --git a/test/integration/tests/post_Manage_User.ts b/test/integration/tests/post_Manage_User.ts new file mode 100644 index 000000000..8a40c1f5a --- /dev/null +++ b/test/integration/tests/post_Manage_User.ts @@ -0,0 +1,38 @@ +import { generatePOSTAPIRequest } from './utils'; +const should = require('chai').should(); + +suite('Manage Org -> POST Manage User', function() { + this.timeout(50000); + const payload = { + orgIdsPayload: ['SOLICITOR_PROFILE'], + userPayload: { + email: 'xuiapiorganisation@mailnesia.com', + firstName: 'Jason', + lastName: 'Lee', + idamStatus: 'Active', + idamStatusCode: 'A', + roles: ['pui-case-manager', 'pui-user-manager', 'pui-caa'], + id: 'b5a4ad13-4e6a-4b1b-9c41-29ed273744a3', + userAccessTypes: [ + { + accessTypeId: '10', + jurisdictionId: '6', + organisationProfileId: 'SOLICITOR_PROFILE', + enabled: true + }, + { + accessTypeId: '101', + jurisdictionId: '6', + organisationProfileId: 'SOLICITOR_PROFILE', + enabled: false + } + ] } + }; + + test('POST Manage User', () => generatePOSTAPIRequest('PUT', `/api/ogd-flow/update/${payload.userPayload.id}`, payload) + // console.log('response', response.headers.get('cache-control')) + .then((response) => { + console.log('RESPONSE: ', response); + response.status.should.be.eql(200); + })); +}); diff --git a/test/integration/tests/test.ts b/test/integration/tests/test.ts index 7bd14be94..d9219f028 100644 --- a/test/integration/tests/test.ts +++ b/test/integration/tests/test.ts @@ -21,6 +21,8 @@ const mocha = new Mocha({ mocha.addFile('test/integration/tests/get_Organisation_Details.ts'); mocha.addFile('test/integration/tests/get_Organisation_User_Details.ts'); mocha.addFile('test/integration/tests/post_Invite_User.ts'); +// Test completed but commented out as it is failing due to dependent service code not being deployed +//mocha.addFile('test/integration/tests/post_Manage_User.ts'); mocha.addFile('test/integration/tests/post_register_org.ts'); mocha.addFile('test/integration/tests/post_ReInvite_User.ts'); mocha.run((failures) => { diff --git a/test/nodeMock/reqResMapping.js b/test/nodeMock/reqResMapping.js index b5fc9e0ec..370e81923 100644 --- a/test/nodeMock/reqResMapping.js +++ b/test/nodeMock/reqResMapping.js @@ -58,6 +58,16 @@ const requestMapping = { }, put: { + '/api/editUserPermissions/users/:id': (req, res) => { + res.send({ + 'roleAdditionResponse': null, + 'roleDeletionResponse': null, + 'statusUpdateResponse': { + 'idamStatusCode': '200', + 'idamMessage': '11 OK' + } + }); + } }, delete: { diff --git a/test_codecept/backendMock/app.js b/test_codecept/backendMock/app.js index 30432e0c7..ab5750995 100644 --- a/test_codecept/backendMock/app.js +++ b/test_codecept/backendMock/app.js @@ -17,6 +17,8 @@ const ccdRoutes = require('./services/ccd/routes') const rdCommonDataRoutes = require('./services/rdCommondata/routes') const acseAssignmentsRoutes = require('./services/caseAssignments/routes') const userApiData = require('./services/userApiData'); + +const retrieveAccessTypesRoutes = require('./services/accessTypes/routes') class MockApp { constructor() { @@ -74,6 +76,8 @@ class MockApp { app.use('/ccd', ccdRoutes) app.use('/case-assignments', acseAssignmentsRoutes ) + app.use('/retrieve-access-types',retrieveAccessTypesRoutes ) + // await this.stopServer(); this.server = await app.listen(8080); diff --git a/test_codecept/backendMock/services/accessTypes/routes.js b/test_codecept/backendMock/services/accessTypes/routes.js new file mode 100644 index 000000000..9813014f6 --- /dev/null +++ b/test_codecept/backendMock/services/accessTypes/routes.js @@ -0,0 +1,45 @@ + + +const express = require('express') + +const router = express.Router({ mergeParams: true }); + + + +router.post('/', (req, res) => { + res.send(accessTypesResponse) +}); + + +const accessTypesResponse = { + "jurisdictions": [ + { + "jurisdictionId": "BEFTA_JURISDICTION_1", + "jurisdictionName": "BEFTA_JURISDICTION_1", + "accessTypes": [ + { + "organisationProfileId": "SOLICITOR_PROFILE", + "accessTypeId": "BEFTA_SOLICITOR_1", + "accessMandatory": true, + "accessDefault": true, + "display": true, + "description": "BEFTA bulk Solicitor Respondant for Org description", + "hint": "BEFTA bulk Solicitor Respondant for Org hint", + "displayOrder": 1, + "roles": [ + { + "caseTypeId": "BEFTA_CASETYPE_1_1", + "organisationalRoleName": "Role1", + "groupRoleName": "Role1", + "caseGroupIdTemplate": "BEFTA_JURISDICTION_1:BEFTA_CaseType:[GrpRoleName1]:$ORGID$", + "groupAccessEnabled": false + } + ] + } + ] + } + ] +} + +module.exports = router; + diff --git a/test_codecept/e2e/features/app/editPermissions.feature b/test_codecept/e2e/features/app/editPermissions.feature index b4191825e..006773c7b 100644 --- a/test_codecept/e2e/features/app/editPermissions.feature +++ b/test_codecept/e2e/features/app/editPermissions.feature @@ -13,21 +13,21 @@ Feature: edit permissions and suspend user workflow Then I click on a Active User Then I see change link and suspend button -# @all -# Scenario: Change the permissions for Active Users -# When I click on user button -# Then I should be on display the user details -# Then I click on a Active User -# Then I see change link and suspend button -# Then I click on change link -# Then I edit the Manage User checkbox and click submit + @all + Scenario: Change the permissions for Active Users + When I click on user button + Then I should be on display the user details + Then I click on a Active User + Then I see change link and suspend button + Then I click on change link + Then I edit the Manage User checkbox and click submit @Flaky Scenario: Change the permissions for Active Users When I click on user button Then I should be on display the user details - Then I click on a Active User + Then I click on a Active User by using Active filter Then I see change link and suspend button Then I click the suspend button Then I see the suspend user page diff --git a/test_codecept/e2e/features/app/inviteUser.feature b/test_codecept/e2e/features/app/inviteUser.feature index ad123bfee..bf9a2e445 100644 --- a/test_codecept/e2e/features/app/inviteUser.feature +++ b/test_codecept/e2e/features/app/inviteUser.feature @@ -1,60 +1,64 @@ -@fullFunctional -Feature: invite user workflow - - Background: - - When I navigate to manage organisation Url - Given I am logged into Townley Services Org - - Then I should be redirected to manage organisation dashboard page - When I navigate to invite user page - Then I should be on display invite user page - - - Scenario: invite user workflow - When I enter mandatory fields firstname,lastname,emailaddress,permissions and click on send invitation button - Then user should be created successfuly - - - - Scenario: invited use with Manage Org and Users permission - When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button - |Permission| - |Manage Users| - | Manage Organisation | - | Manage Cases | - Then user should be created successfuly - - Scenario: Invite user with Manage Org permission - - When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button - | Permission | - | Manage Organisation | - # | Manage fee accounts | - Then user should be created successfuly - - - - Scenario: invited use with Manage Users permission - When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button - | Permission | - | Manage Users | - # | Manage fee accounts | - Then user should be created successfuly - - @fullFunctional - Scenario: invite user validation workflow - When I not enter the mandatory fields firstname,lastname,emailaddress,permissions and click on send invitation button - Then I should be display the validation error - -@fullFunctional - Scenario: invite user validation workflow - When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button - | Permission | - Then I should be display the validation error - - @fullFunctional - Scenario: back button workflow - When I click on back button - Then I should be on display the user details - +@fullFunctional +Feature: invite user workflow + + Background: + + When I navigate to manage organisation Url + Given I am logged into Townley Services Org + + Then I should be redirected to manage organisation dashboard page + When I click on user button + When I click on invite user button + Then I should be on display invite user page + + + Scenario: invite user workflow + When I enter mandatory fields firstname,lastname,emailaddress,permissions and click on send invitation button + Then user should be created successfuly + + + + Scenario: invited use with Manage Org and Users permission + When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button + |Permission| + |Manage Users| + | Manage Organisation | + |case access| + |fee accounts| + | Manage Cases | + + Then user should be created successfuly + + Scenario: Invite user with Manage Org permission + + When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button + | Permission | + | Manage Organisation | + # | Manage fee accounts | + Then user should be created successfuly + + + + Scenario: invited use with Manage Users permission + When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button + | Permission | + | Manage Users | + # | Manage fee accounts | + Then user should be created successfuly + + @fullFunctional + Scenario: invite user validation workflow + When I not enter the mandatory fields firstname,lastname,emailaddress,permissions and click on send invitation button + Then I should be display the validation error + +@fullFunctional + Scenario: invite user validation workflow + When I enter mandatory fields firstname,lastname,emailaddress with permissions and click on send invitation button + | Permission | + Then I should be display the validation error + + @fullFunctional + Scenario: back button workflow + When I click on back button + Then I should be on display the user details + diff --git a/test_codecept/e2e/features/pageObjects/inviteUserPage.js b/test_codecept/e2e/features/pageObjects/inviteUserPage.js index 41eeafbe4..288fe44f4 100644 --- a/test_codecept/e2e/features/pageObjects/inviteUserPage.js +++ b/test_codecept/e2e/features/pageObjects/inviteUserPage.js @@ -10,15 +10,24 @@ class InviteUserPage{ this.firstName = element(by.css('#firstName')); this.lastName = element(by.css('#lastName')); this.emailAddress = element(by.css('#email')); - this.sendInvitationButton = element(by.css('button[type=submit]')); - - this.manageCasesCheckbox = element(by.css('#roles')); - this.manageUserCheckbox = element(by.css('#pui-user-manager')); - this.manageOrgCheckbox = element(by.css('#pui-organisation-manager')); - this.manageCaaCheckbox = element(by.css('#pui-caa')); - this.manageFeeAccountsCheckbox = element(by.css('#pui-finance-manager')); - this.nextPageLink = element(by.css('li[class="hmcts-pagination__item hmcts-pagination__item--next"] a[class="hmcts-pagination__link"]')); + this.manageUserCheckbox = element(by.css('#isPuiUserManager')); + this.manageOrgCheckbox = element(by.css('#isPuiOrganisationManager')); + this.manageCaaCheckbox = element(by.css('#isCaseAccessAdmin')); + this.manageFeeAccountsCheckbox = element(by.css('#isPuiFinanceManager')); + this.manageCasesCheckbox = element(by.css('#enableCaseManagement')); + + this.manageUserCheckboxOld = element(by.css('#pui-user-manager')); + this.manageOrgCheckboxOld = element(by.css('#pui-organisation-manager')); + this.manageCaaCheckboxOld = element(by.css('#pui-caa')); + this.manageFeeAccountsCheckboxOld = element(by.css('#pui-finance-manager')); + this.manageCasesCheckboxOld = element(by.css('#roles')); + this.inviteUserHeading = element(by.css('#content > div > div > app-organisation-access-permissions')); + + this.sendInvitationButton = element(by.css('#saveUserBtn')); + this.sendInvitationButtonOld = element(by.css('form > button')); + + this.nextPageLink = element(by.xpath('//a[contains(text(), "Next")]')); this.failure_error_heading = element(by.css('#error-summary-title')); this.back = element(by.xpath('//a[contains(text(),\'Back\')]')); @@ -32,8 +41,13 @@ class InviteUserPage{ this.suspendButton = element(by.css('a.hmcts-button--secondary')); this.editUserText = element(by.css('.govuk-heading-xl')); this.suspendUserText = element(by.css('.govuk-heading-xl')); - - this.userDetailsComponent = $('xuilib-user-details') + this.userDetailsComponent = $('xuilib-user-details'); + this.searchBox = element(by.css('#content > div.hmcts-page-heading.govuk-row > div.hmcts-page-heading__actions-wrapper.govuk-grid-column-full.govuk-\\!-padding-0 > app-search-filter-users > div > div > input')); + this.searchResult = element(by.css('#townley\\.winchester\\@mailnesia\\.com > span')); + this.searchFilter = element(by.css('#statusFilter')); + this.clickOut = element(by.css('#content > div.hmcts-page-heading.govuk-row > div.hmcts-page-heading__actions-wrapper.govuk-grid-column-full.govuk-\\!-padding-0')); + this.successMessage = element(by.css('#confirmationHeader')); + this.subHeading = element(by.css('#content > div > div > app-user-personal-details > h1')); } /** @@ -44,41 +58,74 @@ class InviteUserPage{ await this.firstName.sendKeys(value); } - async selectPermission(permission, isSelect){ - + async selectPermissionInviteUser(permission, isSelect){ const normalizedPermission = permission.toLowerCase(); - if (normalizedPermission.includes('manage cases')){ - await this.manageCasesCheckbox.click() - } else if (normalizedPermission.includes('manage users')){ - await this.manageUserCheckbox.click() - } else if (normalizedPermission.includes('manage organisation')) { - await this.manageOrgCheckbox.click() - } else if (normalizedPermission.includes('case access')) { - await this.manageCaaCheckbox.click() - } else if (normalizedPermission.includes('fee accounts')) { - await this.manageFeeAccountsCheckbox.click() - }else{ - throw Error(`Invalid or unrecognised user permission ${permission}`); - } - + if (normalizedPermission.includes('manage users')){ + await this.manageUserCheckbox.click() + } else if (normalizedPermission.includes('manage organisation')) { + await this.manageOrgCheckbox.click() + } else if (normalizedPermission.includes('case access')) { + await this.manageCaaCheckbox.click() + } else if (normalizedPermission.includes('fee accounts')) { + await this.manageFeeAccountsCheckbox.click() + } else if (normalizedPermission.includes('manage cases')){ + await this.manageCasesCheckbox.click() + } else{ + throw Error(`Invalid or unrecognised user permission ${permission}`); + } } + async selectPermissionInviteUserOld(permission, isSelect){ + const normalizedPermission = permission.toLowerCase(); + if (normalizedPermission.includes('manage users')){ + await this.manageUserCheckboxOld.click() + } else if (normalizedPermission.includes('manage organisation')) { + await this.manageOrgCheckboxOld.click() + } else if (normalizedPermission.includes('case access')) { + await this.manageCaaCheckboxOld.click() + } else if (normalizedPermission.includes('fee accounts')) { + await this.manageFeeAccountsCheckboxOld.click() + } else if (normalizedPermission.includes('manage cases')){ + await this.manageCasesCheckboxOld.click() + } else{ + throw Error(`Invalid or unrecognised user permission ${permission}`); + } + } async findNextActiveUser(){ await BrowserWaits.waitForElement(this.nextPageLink); let activeUserVisible = await this.activeUser.isDisplayed(); - + while (!activeUserVisible) { console.log('Unable to find an active user, clicking next page link'); await BrowserWaits.retryWithActionCallback(async () => { await BrowserWaits.waitForElement(this.nextPageLink) }) activeUserVisible = await this.activeUser.isDisplayed(); - } + } + } + async findNextActiveUserBySearch(){ + let activeUserVisible = await this.activeUser.isDisplayed(); + while (!activeUserVisible) { + await this.searchBox.click(); + await this.searchBox.sendKeys('townley.winchester@mailnesia.com'); + await this.searchResult.click(); + activeUserVisible = await this.activeUser.isDisplayed(); + } } + async findNextActiveUserBySearchFilter(){ + let activeUserVisible = await this.activeUser.isDisplayed(); + + while (!activeUserVisible) { + await this.searchFilter.select('Active'); + await this.searchBox.click(); + await this.clickOut.click(); + activeUserVisible = await this.activeUser.isDisplayed(); + } + } /** * Enter random text into the Text field * @returns EUIStringField Object @@ -101,7 +148,13 @@ class InviteUserPage{ */ async clickSendInvitationButton(){ // browser.sleep(AMAZING_DELAY); - await this.sendInvitationButton.click(); + if(await this.inviteUserHeading.isDisplayed()){ + await this.sendInvitationButton.click(); + } + else { + await this.sendInvitationButtonOld.click(); + } + } async clickBackButton(){ @@ -118,7 +171,11 @@ class InviteUserPage{ async amOnPage(){ const header = await this.getPageHeader(); - return header === 'Invite user'; + if(header === 'Manage user'){ + return header === 'Manage user'; + }else{ + return header === 'Invite user'; + } } async amOnUserConfirmationPage(){ diff --git a/test_codecept/e2e/features/pageObjects/manageUserPage.js b/test_codecept/e2e/features/pageObjects/manageUserPage.js new file mode 100644 index 000000000..b8ac1a44b --- /dev/null +++ b/test_codecept/e2e/features/pageObjects/manageUserPage.js @@ -0,0 +1,63 @@ +const { element, by, ElementFinder } = require('protractor'); +const BrowserWaits = require('../../support/customWaits'); + +class ManageUserPage { + constructor() { + this.header = 'h1'; + this.firstName = element(by.css('#firstName')); + this.lastName = element(by.css('#lastName')); + this.emailAddress = element(by.css('#email')); + + this.submitButton = element(by.css('#saveUserBtn')); + this.back = element(by.xpath('//a[contains(text(),\'Back\')]')); + this.cancelButton = element(by.xpath('//a[contains(text(),\'Cancel\')]')); + + this.manageCaaCheckbox = element(by.css('#isCaseAccessAdmin')); + this.manageOrgCheckbox = element(by.css('#isPuiOrganisationManager')); + this.manageUserCheckbox = element(by.css('#isPuiUserManager')); + this.manageFeeAccountsCheckbox = element(by.css('#isPuiFinanceManager')); + + this.manageCasesForOrganisationCheckbox = element(by.css('#enableCaseManagement')); + } + + async selectPermission(permission, isSelect){ + const normalizedPermission = permission.toLowerCase(); + if (normalizedPermission.includes('manage cases for your organisation')){ + // get if the checkbox is checked + await this.setCheckbox(this.manageCasesForOrganisationCheckbox, isSelect); + } else if (normalizedPermission.includes('manage users')){ + await this.setCheckbox(this.manageUserCheckbox, isSelect); + } else if (normalizedPermission.includes('manage organisation')) { + await this.setCheckbox(this.manageOrgCheckbox, isSelect); + } else if (normalizedPermission.includes('case access administrator')) { + await this.setCheckbox(this.manageCaaCheckbox, isSelect); + } else if (normalizedPermission.includes('manage fee accounts')) { + await this.setCheckbox(this.manageFeeAccountsCheckbox, isSelect); + } else { + throw Error(`Invalid or unrecognised user permission ${permission}`); + } + } + + async selectAccessType(accessTypeDescription){ + // need to ensure the case access for org permission is chcked first + await this.setCheckbox(this.manageCasesForOrganisationCheckbox, true); + const checkbox = element(by.xpath(`//label[normalize-space()='${accessTypeDescription}']/preceding-sibling::input`)); + await this.setCheckbox(checkbox, true); + } + + async setCheckbox(checkbox, isSelect) { + const selected = await checkbox.isSelected(); + if (selected !== isSelect) { + return checkbox.click(); + } + } + + async clickBackButton(){ + await BrowserWaits.waitForElement(this.back); + await BrowserWaits.waitForSpinnerToDissappear(); + + await this.back.click(); + } +} + +module.exports = ManageUserPage; diff --git a/test_codecept/e2e/features/pageObjects/viewUserPage.js b/test_codecept/e2e/features/pageObjects/viewUserPage.js index 7be23510e..85434937e 100644 --- a/test_codecept/e2e/features/pageObjects/viewUserPage.js +++ b/test_codecept/e2e/features/pageObjects/viewUserPage.js @@ -63,7 +63,8 @@ class ViewUserPage { } async clickInviteUser() { - await BrowserWaits.waitForElementNotVisible(this.spinner); + //await BrowserWaits.waitForElement(this.spinner); + browser.sleep(MID_DELAY); await BrowserWaits.waitForElement(this.userstable); await BrowserWaits.waitForElementClickable(this.inviteUser); diff --git a/test_codecept/e2e/features/step_definitions/inviteUser.steps.js b/test_codecept/e2e/features/step_definitions/inviteUser.steps.js index aba7cc38e..91d1c6756 100644 --- a/test_codecept/e2e/features/step_definitions/inviteUser.steps.js +++ b/test_codecept/e2e/features/step_definitions/inviteUser.steps.js @@ -30,7 +30,9 @@ const { Error } = require('globalthis/implementation'); }); When(/^I navigate to invite user page$/, async function () { - const inviteUserPath = config.config.baseUrl.endsWith('/') ? 'users/invite-user' : '/users/invite-user'; + + const inviteUserPath = config.config.baseUrl.endsWith('/') ? 'users/manage' : '/users/manage'; + await browser.get(config.config.baseUrl + inviteUserPath); await inviteUserPage.waitForPage(); }); @@ -51,7 +53,11 @@ const { Error } = require('globalthis/implementation'); global.latestInvitedUserPassword = 'Monday01'; await inviteUserPage.enterIntoTextFieldEmailAddress(global.latestInvitedUser); - await inviteUserPage.manageUserCheckbox.click(); + if(await inviteUserPage.inviteUserHeading.isDisplayed()) { + await inviteUserPage.manageUserCheckbox.click(); + } else{ + await inviteUserPage.manageUserCheckboxOld.click(); + } browser.sleep(LONG_DELAY); await inviteUserPage.clickSendInvitationButton(); // browser.sleep(LONG_DELAY); @@ -81,8 +87,14 @@ const { Error } = require('globalthis/implementation'); await inviteUserPage.enterIntoTextFieldEmailAddress(global.latestInvitedUser); const permissions = table.parse().hashes(); - for (let permCounter = 0; permCounter < permissions.length; permCounter++){ - await inviteUserPage.selectPermission(permissions[permCounter].Permission, true); + if(await inviteUserPage.inviteUserHeading.isDisplayed()) { + for (let permCounter = 0; permCounter < permissions.length; permCounter++) { + await inviteUserPage.selectPermissionInviteUser(permissions[permCounter].Permission, true); + } + }else { + for (let permCounter = 0; permCounter < permissions.length; permCounter++) { + await inviteUserPage.selectPermissionInviteUserOld(permissions[permCounter].Permission, true); + } } await inviteUserPage.clickSendInvitationButton(); }); @@ -124,14 +136,31 @@ const { Error } = require('globalthis/implementation'); }); Then(/^I click on a Active User$/, async function () { - await inviteUserPage.findNextActiveUser(); + let searchBox = await inviteUserPage.searchBox.isDisplayed(); + if(searchBox){ + await inviteUserPage.findNextActiveUserBySearch(); + } else{ + await inviteUserPage.findNextActiveUser(); + } await browserWaits.waitForElement(inviteUserPage.activeUser) await expect(inviteUserPage.activeUser.isDisplayed()).to.eventually.be.true; await inviteUserPage.activeUser.click(); }); +Then(/^I click on a Active User by using Active filter$/, async function () { + let searchBox = await inviteUserPage.searchBox.isDisplayed(); + if(searchBox){ + await inviteUserPage.findNextActiveUserBySearchFilter(); + }else{ + await inviteUserPage.findNextActiveUser(); + } + await browserWaits.waitForElement(inviteUserPage.activeUser) + await expect(inviteUserPage.activeUser.isDisplayed()).to.eventually.be.true; + await inviteUserPage.activeUser.click(); +}); + Then(/^I see change link and suspend button$/, async function () { - + await browserWaits.waitForElement(inviteUserPage.userDetailsComponent); await browserWaits.waitForElement(inviteUserPage.changeLink); await browserWaits.waitForElement(inviteUserPage.suspendButton); @@ -143,20 +172,41 @@ const { Error } = require('globalthis/implementation'); Then(/^I click on change link$/, async function () { browser.sleep(MID_DELAY); await inviteUserPage.changeLink.click(); - await expect(inviteUserPage.editUserText.isDisplayed()).to.eventually.be.true; - await expect(inviteUserPage.editUserText.getText()) - .to - .eventually - .equal('Edit user'); + browser.sleep(MID_DELAY); + if(await inviteUserPage.inviteUserHeading.isDisplayed()){ + console.log(inviteUserPage.inviteUserHeading.getText()); + }else { + await expect(inviteUserPage.editUserText.getText()) + .to + .eventually + .equal('Edit user'); + } }); Then(/^I edit the Manage User checkbox and click submit$/, async function () { browser.sleep(MID_DELAY); - await inviteUserPage.manageUserCheckbox.click(); - await inviteUserPage.clickSendInvitationButton(); - browser.sleep(MID_DELAY); - await viewUserPage.waitForUserDetailsPage(); - await expect(inviteUserPage.suspendButton.isDisplayed()).to.eventually.be.true; + if(await inviteUserPage.inviteUserHeading.isDisplayed()){ + await inviteUserPage.manageUserCheckbox.click(); + await inviteUserPage.manageOrgCheckbox.click(); + await inviteUserPage.manageCaaCheckbox.click(); + await inviteUserPage.manageFeeAccountsCheckbox.click(); + await inviteUserPage.manageCasesCheckbox.click(); + await inviteUserPage.clickSendInvitationButton(); + browser.sleep(MID_DELAY); + await expect(inviteUserPage.successMessage.getText()) + .to + .eventually + .equal(' User account updated '); + }else{ + await inviteUserPage.manageUserCheckboxOld.click(); + await inviteUserPage.manageOrgCheckboxOld.click(); + await inviteUserPage.manageCaaCheckboxOld.click(); + await inviteUserPage.manageFeeAccountsCheckboxOld.click(); + await inviteUserPage.manageCasesCheckboxOld.click(); + await inviteUserPage.clickSendInvitationButton(); + browser.sleep(MID_DELAY); + //await expect(inviteUserPage.suspendButton.isDisplayed()).to.eventually.be.true; + } }); Then(/^I click the suspend button$/, async function () { diff --git a/test_codecept/e2e/features/step_definitions/loginLogout.steps.js b/test_codecept/e2e/features/step_definitions/loginLogout.steps.js index ecb961a37..9c8771837 100644 --- a/test_codecept/e2e/features/step_definitions/loginLogout.steps.js +++ b/test_codecept/e2e/features/step_definitions/loginLogout.steps.js @@ -12,6 +12,7 @@ const acceptTermsAndConditionsPage = require('../pageObjects/termsAndConditionsC const HeaderPage = require('../pageObjects/headerPage'); const browser = require('../../../codeceptCommon/browser'); +const reportLogger = require('../../../codeceptCommon/reportLogger.js'); const headerPage = new HeaderPage(); async function waitForElement(el) { @@ -242,7 +243,9 @@ Then('I see login to MC with invited user is {string}', async function (loginSta }); -async function loginWithCredentials(username, password, world) { + +async function loginWithCredentials(username, password, world){ + reportLogger.AddMessage(`Login user: ${username}`) await browserWaits.waitForElement(loginPage.emailAddress); await loginPage.emailAddress.sendKeys(username); await loginPage.password.sendKeys(password); diff --git a/test_codecept/e2e/features/step_definitions/viewUser.steps.js b/test_codecept/e2e/features/step_definitions/viewUser.steps.js index 319a41367..9fe087608 100644 --- a/test_codecept/e2e/features/step_definitions/viewUser.steps.js +++ b/test_codecept/e2e/features/step_definitions/viewUser.steps.js @@ -8,41 +8,41 @@ const { config } = require('../../config/common.conf.js'); const { defineSupportCode } = require('cucumber'); const browserWaits = require('../../support/customWaits'); - const viewUserPage = new ViewUserPage(); - const headerPage = new HeaderPage(); +const viewUserPage = new ViewUserPage(); +const headerPage = new HeaderPage(); - When(/^I click on user button$/, async function () { - // browser.sleep(LONG_DELAY); - const world = this; +When(/^I click on user button$/, async function () { + // browser.sleep(LONG_DELAY); + const world = this; - await headerPage.clickUser(); + await headerPage.clickUser(); - await browserWaits.retryWithActionCallback( async function (message) { - await browser.get(config.config.baseUrl+'/users'); - await browserWaits.waitForElement(viewUserPage.header) - // await headerPage.clickUser(); - }); + await browserWaits.retryWithActionCallback(async function (message) { + await browser.get(config.config.baseUrl+'/users'); + await browserWaits.waitForElement(viewUserPage.header); + // await headerPage.clickUser(); + }); - await viewUserPage.amOnPage(); + await viewUserPage.amOnPage(); - // browser.sleep(AMAZING_DELAY); - }); + // browser.sleep(AMAZING_DELAY); +}); - Then(/^I should be on display the user details$/, async function () { - // browser.sleep(AMAZING_DELAY); - expect(await viewUserPage.amOnPage()).to.be.true; - // browser.sleep(LONG_DELAY); - }); +Then(/^I should be on display the user details$/, async function () { + // browser.sleep(AMAZING_DELAY); + expect(await viewUserPage.amOnPage()).to.be.true; + // browser.sleep(LONG_DELAY); +}); - Then('I should see invited user is listed in users table', async function () { - await viewUserPage.validateUserWithEmailListed(global.latestInvitedUser); - }); +Then('I should see invited user is listed in users table', async function () { + await viewUserPage.validateUserWithEmailListed(global.latestInvitedUser); +}); - Then('I should see all user details displayed in table', async function () { - await viewUserPage.validateUsersTableDisplaysAllDetails(); - }); +Then('I should see all user details displayed in table', async function () { + await viewUserPage.validateUsersTableDisplaysAllDetails(); +}); - Then('I should see no empty cells in table', async function () { - await viewUserPage.validateTableHasNoEmptyCells(); - }); +Then('I should see no empty cells in table', async function () { + await viewUserPage.validateTableHasNoEmptyCells(); +}); diff --git a/test_codecept/integration/tests/post_Manage_User.ts b/test_codecept/integration/tests/post_Manage_User.ts new file mode 100644 index 000000000..839745242 --- /dev/null +++ b/test_codecept/integration/tests/post_Manage_User.ts @@ -0,0 +1,38 @@ +import { generatePOSTAPIRequest } from './utils'; +const should = require('chai').should(); + +suite('Manage Org -> POST Manage User', function() { + this.timeout(50000); + const payload = { + orgIdsPayload: ['SOLICITOR_PROFILE'], + userPayload: { + email: 'xuiapiorganisation@mailnesia.com', + firstName: 'Jason', + lastName: 'Lee', + idamStatus: 'Active', + idamStatusCode: 'A', + roles: ['pui-case-manager', 'pui-user-manager', 'pui-caa'], + id: 'b5a4ad13-4e6a-4b1b-9c41-29ed273744a3', + userAccessTypes: [ + { + accessTypeId: '10', + jurisdictionId: '6', + organisationProfileId: 'SOLICITOR_PROFILE', + enabled: true + }, + { + accessTypeId: '101', + jurisdictionId: '6', + organisationProfileId: 'SOLICITOR_PROFILE', + enabled: false + } + ] } + }; + + test('POST Manage User', () => generatePOSTAPIRequest('PUT', `/api/ogd-flow/update/${payload.userPayload.id}`, payload) + // console.log('response', response.headers.get('cache-control')) + .then((response) => { + response.status.should.be.eql(200); + console.log(response); + })); +}); diff --git a/test_codecept/integration/tests/test.ts b/test_codecept/integration/tests/test.ts index 249a8e8f0..0f9dd5b10 100644 --- a/test_codecept/integration/tests/test.ts +++ b/test_codecept/integration/tests/test.ts @@ -21,6 +21,8 @@ const mocha = new Mocha({ mocha.addFile('test_codecept/integration/tests/get_Organisation_Details.ts'); mocha.addFile('test_codecept/integration/tests/get_Organisation_User_Details.ts'); mocha.addFile('test_codecept/integration/tests/post_Invite_User.ts'); +// Test completed but commented out as it is failing due to dependent service code not being deployed +//mocha.addFile('test/integration/tests/post_Manage_User.ts'); mocha.addFile('test_codecept/integration/tests/post_register_org.ts'); mocha.addFile('test_codecept/integration/tests/post_ReInvite_User.ts'); mocha.run((failures) => { diff --git a/test_codecept/nodeMock/reqResMapping.js b/test_codecept/nodeMock/reqResMapping.js index b5fc9e0ec..1f97f3cbe 100644 --- a/test_codecept/nodeMock/reqResMapping.js +++ b/test_codecept/nodeMock/reqResMapping.js @@ -58,6 +58,26 @@ const requestMapping = { }, put: { + '/api/editUserPermissions/users/:id': (req, res) => { + res.send({ + 'roleAdditionResponse': null, + 'roleDeletionResponse': null, + 'statusUpdateResponse': { + 'idamStatusCode': '200', + 'idamMessage': '11 OK' + } + }); + }, + '/api/ogd-flow/update/:id': (req, res) => { + res.send({ + 'roleAdditionResponse': null, + 'roleDeletionResponse': null, + 'statusUpdateResponse': { + 'idamStatusCode': '200', + 'idamMessage': '11 OK' + } + }); + } }, delete: { diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index 3f6edadcf..80b836d8e 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1 +1 @@ -{"actions":[],"advisories":{"1085685":{"findings":[{"version":"1.1.0","paths":["@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>yargs>os-locale>mem"]}],"metadata":null,"vulnerable_versions":"<4.0.0","module_name":"mem","severity":"moderate","github_advisory_id":"GHSA-4xcv-9jjx-gfj3","cves":[],"access":"public","patched_versions":">=4.0.0","cvss":{"score":5.1,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},"updated":"2023-01-09T05:01:45.000Z","recommendation":"Upgrade to version 4.0.0 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1085685,"references":"- https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b\n- https://bugzilla.redhat.com/show_bug.cgi?id=1623744\n- https://www.npmjs.com/advisories/1084\n- https://snyk.io/vuln/npm:mem:20180117\n- https://github.com/advisories/GHSA-4xcv-9jjx-gfj3","created":"2019-07-05T21:07:58.000Z","reported_by":null,"title":"Denial of Service in mem","npm_advisory_id":null,"overview":"Versions of `mem` prior to 4.0.0 are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its `maxAge` property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging.\n\n\n## Recommendation\n\nUpgrade to version 4.0.0 or later.","url":"https://github.com/advisories/GHSA-4xcv-9jjx-gfj3"},"1088208":{"findings":[{"version":"0.8.4","paths":["git-rev-sync>shelljs"]}],"metadata":null,"vulnerable_versions":"<0.8.5","module_name":"shelljs","severity":"moderate","github_advisory_id":"GHSA-64g7-mvw6-v9qj","cves":[],"access":"public","patched_versions":">=0.8.5","cvss":{"score":0,"vectorString":null},"updated":"2023-01-11T05:03:39.000Z","recommendation":"Upgrade to version 0.8.5 or later","cwe":["CWE-269"],"found_by":null,"deleted":null,"id":1088208,"references":"- https://github.com/shelljs/shelljs/security/advisories/GHSA-64g7-mvw6-v9qj\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n- https://github.com/advisories/GHSA-64g7-mvw6-v9qj","created":"2022-01-14T21:09:50.000Z","reported_by":null,"title":"Improper Privilege Management in shelljs","npm_advisory_id":null,"overview":"### Impact\nOutput from the synchronous version of `shell.exec()` may be visible to other users on the same system. You may be affected if you execute `shell.exec()` in multi-user Mac, Linux, or WSL environments, or if you execute `shell.exec()` as the root user.\n\nOther shelljs functions (including the asynchronous version of `shell.exec()`) are not impacted.\n\n### Patches\nPatched in shelljs 0.8.5\n\n### Workarounds\nRecommended action is to upgrade to 0.8.5.\n\n### References\nhttps://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Ask at https://github.com/shelljs/shelljs/issues/1058\n* Open an issue at https://github.com/shelljs/shelljs/issues/new\n","url":"https://github.com/advisories/GHSA-64g7-mvw6-v9qj"},"1088811":{"findings":[{"version":"8.1.0","paths":["@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>yargs>yargs-parser"]}],"metadata":null,"vulnerable_versions":">=6.0.0 <13.1.2","module_name":"yargs-parser","severity":"moderate","github_advisory_id":"GHSA-p9pc-299p-vxgp","cves":["CVE-2020-7608"],"access":"public","patched_versions":">=13.1.2","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},"updated":"2023-01-27T05:00:51.000Z","recommendation":"Upgrade to version 13.1.2 or later","cwe":["CWE-915","CWE-1321"],"found_by":null,"deleted":null,"id":1088811,"references":"- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381\n- https://www.npmjs.com/advisories/1500\n- https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2\n- https://nvd.nist.gov/vuln/detail/CVE-2020-7608\n- https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36\n- https://github.com/advisories/GHSA-p9pc-299p-vxgp","created":"2020-09-04T18:00:54.000Z","reported_by":null,"title":"yargs-parser Vulnerable to Prototype Pollution","npm_advisory_id":null,"overview":"Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. \nParsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.\n\n\n\n## Recommendation\n\nUpgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.","url":"https://github.com/advisories/GHSA-p9pc-299p-vxgp"},"1088948":{"findings":[{"version":"9.6.0","paths":["@hmcts/rpx-xui-node-lib>openid-client>got"]}],"metadata":null,"vulnerable_versions":"<11.8.5","module_name":"got","severity":"moderate","github_advisory_id":"GHSA-pfrx-2q88-qq97","cves":["CVE-2022-33987"],"access":"public","patched_versions":">=11.8.5","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"updated":"2023-01-27T05:05:01.000Z","recommendation":"Upgrade to version 11.8.5 or later","cwe":[],"found_by":null,"deleted":null,"id":1088948,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-33987\n- https://github.com/sindresorhus/got/pull/2047\n- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0\n- https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc\n- https://github.com/sindresorhus/got/releases/tag/v11.8.5\n- https://github.com/sindresorhus/got/releases/tag/v12.1.0\n- https://github.com/advisories/GHSA-pfrx-2q88-qq97","created":"2022-06-19T00:00:21.000Z","reported_by":null,"title":"Got allows a redirect to a UNIX socket","npm_advisory_id":null,"overview":"The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.","url":"https://github.com/advisories/GHSA-pfrx-2q88-qq97"},"1089270":{"findings":[{"version":"2.7.4","paths":["ejs"]}],"metadata":null,"vulnerable_versions":"<3.1.7","module_name":"ejs","severity":"critical","github_advisory_id":"GHSA-phwq-j96m-2c2q","cves":["CVE-2022-29078"],"access":"public","patched_versions":">=3.1.7","cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2023-01-30T05:02:57.000Z","recommendation":"Upgrade to version 3.1.7 or later","cwe":["CWE-74"],"found_by":null,"deleted":null,"id":1089270,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-29078\n- https://eslam.io/posts/ejs-server-side-template-injection-rce/\n- https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf\n- https://github.com/mde/ejs/releases\n- https://security.netapp.com/advisory/ntap-20220804-0001/\n- https://github.com/advisories/GHSA-phwq-j96m-2c2q","created":"2022-04-26T00:00:40.000Z","reported_by":null,"title":"ejs template injection vulnerability","npm_advisory_id":null,"overview":"The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).","url":"https://github.com/advisories/GHSA-phwq-j96m-2c2q"},"1089434":{"findings":[{"version":"8.5.1","paths":["jsonwebtoken"]}],"metadata":null,"vulnerable_versions":"<=8.5.1","module_name":"jsonwebtoken","severity":"moderate","github_advisory_id":"GHSA-8cf7-32gw-wr33","cves":["CVE-2022-23539"],"access":"public","patched_versions":">=9.0.0","cvss":{"score":0,"vectorString":null},"updated":"2023-01-31T05:01:09.000Z","recommendation":"Upgrade to version 9.0.0 or later","cwe":["CWE-327"],"found_by":null,"deleted":null,"id":1089434,"references":"- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33\n- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3\n- https://nvd.nist.gov/vuln/detail/CVE-2022-23539\n- https://github.com/advisories/GHSA-8cf7-32gw-wr33","created":"2022-12-22T03:32:22.000Z","reported_by":null,"title":"jsonwebtoken unrestricted key type could lead to legacy keys usage ","npm_advisory_id":null,"overview":"# Overview\n\nVersions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. \n\n# Am I affected?\n\nYou are affected if you are using an algorithm and a key type other than the combinations mentioned below\n\n| Key type | algorithm |\n|----------|------------------------------------------|\n| ec | ES256, ES384, ES512 |\n| rsa | RS256, RS384, RS512, PS256, PS384, PS512 |\n| rsa-pss | PS256, PS384, PS512 |\n\nAnd for Elliptic Curve algorithms:\n\n| `alg` | Curve |\n|-------|------------|\n| ES256 | prime256v1 |\n| ES384 | secp384r1 |\n| ES512 | secp521r1 |\n\n# How do I fix it?\n\nUpdate to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, If you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.\n\n# Will the fix impact my users?\n\nThere will be no impact, if you update to version 9.0.0 and you already use a valid secure combination of key type and algorithm. Otherwise, use the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and `verify()` functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility. \n\n","url":"https://github.com/advisories/GHSA-8cf7-32gw-wr33"},"1089698":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.17.0","module_name":"xlsx","severity":"moderate","github_advisory_id":"GHSA-g973-978j-2c3p","cves":["CVE-2021-32014"],"access":"public","patched_versions":">=0.17.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"updated":"2023-02-01T05:05:54.000Z","recommendation":"Upgrade to version 0.17.0 or later","cwe":["CWE-345","CWE-400"],"found_by":null,"deleted":null,"id":1089698,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-32014\n- https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/\n- https://sheetjs.com/pro\n- https://www.npmjs.com/package/xlsx/v/0.17.0\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-g973-978j-2c3p","created":"2021-07-22T19:47:15.000Z","reported_by":null,"title":"Denial of Service in SheetJS Pro","npm_advisory_id":null,"overview":"SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.","url":"https://github.com/advisories/GHSA-g973-978j-2c3p"},"1089699":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.17.0","module_name":"xlsx","severity":"moderate","github_advisory_id":"GHSA-3x9f-74h4-2fqr","cves":["CVE-2021-32012"],"access":"public","patched_versions":">=0.17.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"updated":"2023-02-01T05:06:10.000Z","recommendation":"Upgrade to version 0.17.0 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1089699,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-32012\n- https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/\n- https://sheetjs.com/pro\n- https://www.npmjs.com/package/xlsx/v/0.17.0\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-3x9f-74h4-2fqr","created":"2021-07-22T19:48:17.000Z","reported_by":null,"title":"Denial of Service in SheetJS Pro","npm_advisory_id":null,"overview":"SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).","url":"https://github.com/advisories/GHSA-3x9f-74h4-2fqr"},"1089700":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.17.0","module_name":"xlsx","severity":"moderate","github_advisory_id":"GHSA-8vcr-vxm8-293m","cves":["CVE-2021-32013"],"access":"public","patched_versions":">=0.17.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"updated":"2023-02-01T05:06:00.000Z","recommendation":"Upgrade to version 0.17.0 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1089700,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-32013\n- https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/\n- https://sheetjs.com/pro\n- https://www.npmjs.com/package/xlsx/v/0.17.0\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-8vcr-vxm8-293m","created":"2021-07-22T19:48:13.000Z","reported_by":null,"title":"Denial of Service in SheetsJS Pro","npm_advisory_id":null,"overview":"SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).","url":"https://github.com/advisories/GHSA-8vcr-vxm8-293m"},"1091087":{"findings":[{"version":"8.5.1","paths":["jsonwebtoken"]}],"metadata":null,"vulnerable_versions":"<=8.5.1","module_name":"jsonwebtoken","severity":"moderate","github_advisory_id":"GHSA-hjrf-2m68-5959","cves":["CVE-2022-23541"],"access":"public","patched_versions":">=9.0.0","cvss":{"score":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},"updated":"2023-01-29T05:06:34.000Z","recommendation":"Upgrade to version 9.0.0 or later","cwe":["CWE-287"],"found_by":null,"deleted":null,"id":1091087,"references":"- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959\n- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3\n- https://nvd.nist.gov/vuln/detail/CVE-2022-23541\n- https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0\n- https://github.com/advisories/GHSA-hjrf-2m68-5959","created":"2022-12-22T03:33:19.000Z","reported_by":null,"title":"jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC","npm_advisory_id":null,"overview":"# Overview\n\nVersions `<=8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the `secretOrPublicKey` argument from the [readme link](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback)) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. \n\n# Am I affected?\n\nYou will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. \n\n# How do I fix it?\n \nUpdate to version 9.0.0.\n\n# Will the fix impact my users?\n\nThere is no impact for end users","url":"https://github.com/advisories/GHSA-hjrf-2m68-5959"},"1092549":{"findings":[{"version":"8.5.1","paths":["jsonwebtoken"]}],"metadata":null,"vulnerable_versions":"<9.0.0","module_name":"jsonwebtoken","severity":"moderate","github_advisory_id":"GHSA-qwph-4952-7xr6","cves":["CVE-2022-23540"],"access":"public","patched_versions":">=9.0.0","cvss":{"score":6.4,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L"},"updated":"2023-07-14T22:03:14.000Z","recommendation":"Upgrade to version 9.0.0 or later","cwe":["CWE-287","CWE-327","CWE-347"],"found_by":null,"deleted":null,"id":1092549,"references":"- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6\n- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3\n- https://nvd.nist.gov/vuln/detail/CVE-2022-23540\n- https://github.com/advisories/GHSA-qwph-4952-7xr6","created":"2022-12-22T03:32:59.000Z","reported_by":null,"title":"jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()","npm_advisory_id":null,"overview":"# Overview\n\nIn versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification.\n\n# Am I affected?\nYou will be affected if all the following are true in the `jwt.verify()` function:\n- a token with no signature is received\n- no algorithms are specified \n- a falsy (e.g. null, false, undefined) secret or key is passed \n\n# How do I fix it?\n \nUpdate to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. \n\n# Will the fix impact my users?\n\nThere will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.\n","url":"https://github.com/advisories/GHSA-qwph-4952-7xr6"},"1093639":{"findings":[{"version":"0.4.1","paths":["@hmcts/rpx-xui-node-lib>passport"]}],"metadata":null,"vulnerable_versions":"<0.6.0","module_name":"passport","severity":"moderate","github_advisory_id":"GHSA-v923-w3x8-wh69","cves":["CVE-2022-25896"],"access":"public","patched_versions":">=0.6.0","cvss":{"score":4.8,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},"updated":"2023-09-11T16:22:18.000Z","recommendation":"Upgrade to version 0.6.0 or later","cwe":["CWE-384"],"found_by":null,"deleted":null,"id":1093639,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-25896\n- https://github.com/jaredhanson/passport/pull/900\n- https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608\n- https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631\n- https://github.com/advisories/GHSA-v923-w3x8-wh69","created":"2022-07-02T00:00:19.000Z","reported_by":null,"title":"Passport vulnerable to session regeneration when a users logs in or out","npm_advisory_id":null,"overview":"This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.","url":"https://github.com/advisories/GHSA-v923-w3x8-wh69"},"1094599":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.19.3","module_name":"xlsx","severity":"high","github_advisory_id":"GHSA-4r6h-8v6p-xvw6","cves":["CVE-2023-30533"],"access":"public","patched_versions":">=0.19.3","cvss":{"score":7.8,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},"updated":"2023-11-06T05:04:13.000Z","recommendation":"Upgrade to version 0.19.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1094599,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-30533\n- https://cdn.sheetjs.com/advisories/CVE-2023-30533\n- https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md\n- https://git.sheetjs.com/sheetjs/sheetjs/issues/2667\n- https://git.sheetjs.com/sheetjs/sheetjs/issues/2986\n- https://github.com/advisories/GHSA-4r6h-8v6p-xvw6","created":"2023-04-24T09:30:19.000Z","reported_by":null,"title":"Prototype Pollution in sheetJS","npm_advisory_id":null,"overview":"All versions of SheetJS CE through 0.19.2 are vulnerable to \"Prototype Pollution\" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.\n\nA non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package `xlsx` are no longer maintained.","url":"https://github.com/advisories/GHSA-4r6h-8v6p-xvw6"},"1095051":{"findings":[{"version":"0.7.0","paths":["ngx-md>marked"]}],"metadata":null,"vulnerable_versions":"<4.0.10","module_name":"marked","severity":"high","github_advisory_id":"GHSA-rrrm-qjm4-v8hf","cves":["CVE-2022-21680"],"access":"public","patched_versions":">=4.0.10","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2023-11-29T20:51:52.000Z","recommendation":"Upgrade to version 4.0.10 or later","cwe":["CWE-400","CWE-1333"],"found_by":null,"deleted":null,"id":1095051,"references":"- https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21680\n- https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n- https://github.com/markedjs/marked/releases/tag/v4.0.10\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\n- https://github.com/advisories/GHSA-rrrm-qjm4-v8hf","created":"2022-01-14T21:04:41.000Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in marked","npm_advisory_id":null,"overview":"### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `block.def` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from \"marked\";\n\nmarked.parse(`[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x`);\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n","url":"https://github.com/advisories/GHSA-rrrm-qjm4-v8hf"},"1095052":{"findings":[{"version":"0.7.0","paths":["ngx-md>marked"]}],"metadata":null,"vulnerable_versions":"<4.0.10","module_name":"marked","severity":"high","github_advisory_id":"GHSA-5v2h-r2cx-5xgj","cves":["CVE-2022-21681"],"access":"public","patched_versions":">=4.0.10","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2023-11-29T20:51:17.000Z","recommendation":"Upgrade to version 4.0.10 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1095052,"references":"- https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21681\n- https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\n- https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n- https://github.com/advisories/GHSA-5v2h-r2cx-5xgj","created":"2022-01-14T21:04:46.000Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in marked","npm_advisory_id":null,"overview":"### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from 'marked';\n\nconsole.log(marked.parse(`[x]: x\n\n\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](`));\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n","url":"https://github.com/advisories/GHSA-5v2h-r2cx-5xgj"},"1095097":{"findings":[{"version":"1.8.3","paths":["@pact-foundation/pact-node>underscore","@pact-foundation/pact>@pact-foundation/pact-node>underscore"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <1.12.1","module_name":"underscore","severity":"critical","github_advisory_id":"GHSA-cf4h-3jhx-xvhq","cves":["CVE-2021-23358"],"access":"public","patched_versions":">=1.12.1","cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2023-11-29T22:34:54.000Z","recommendation":"Upgrade to version 1.12.1 or later","cwe":["CWE-94"],"found_by":null,"deleted":null,"id":1095097,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-23358\n- https://github.com/jashkenas/underscore/pull/2917\n- https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66\n- https://github.com/jashkenas/underscore/releases/tag/1.12.1\n- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\n- https://www.npmjs.com/package/underscore\n- https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\n- https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\n- https://www.debian.org/security/2021/dsa-4883\n- https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E\n- https://www.tenable.com/security/tns-2021-14\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\n- https://github.com/advisories/GHSA-cf4h-3jhx-xvhq","created":"2021-05-06T16:09:43.000Z","reported_by":null,"title":"Arbitrary Code Execution in underscore","npm_advisory_id":null,"overview":"The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.","url":"https://github.com/advisories/GHSA-cf4h-3jhx-xvhq"},"1095126":{"findings":[{"version":"0.8.4","paths":["git-rev-sync>shelljs"]}],"metadata":null,"vulnerable_versions":"<0.8.5","module_name":"shelljs","severity":"high","github_advisory_id":"GHSA-4rq4-32rv-6wp6","cves":["CVE-2022-0144"],"access":"public","patched_versions":">=0.8.5","cvss":{"score":7.1,"vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},"updated":"2023-11-29T22:21:11.000Z","recommendation":"Upgrade to version 0.8.5 or later","cwe":["CWE-269"],"found_by":null,"deleted":null,"id":1095126,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0144\n- https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c\n- https://github.com/advisories/GHSA-4rq4-32rv-6wp6","created":"2022-01-21T23:37:28.000Z","reported_by":null,"title":"Improper Privilege Management in shelljs","npm_advisory_id":null,"overview":"shelljs is vulnerable to Improper Privilege Management","url":"https://github.com/advisories/GHSA-4rq4-32rv-6wp6"},"1095531":{"findings":[{"version":"6.2.1","paths":["log4js"]}],"metadata":null,"vulnerable_versions":"<6.4.0","module_name":"log4js","severity":"moderate","github_advisory_id":"GHSA-82v2-mx6x-wq7q","cves":["CVE-2022-21704"],"access":"public","patched_versions":">=6.4.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},"updated":"2024-01-24T08:54:14.000Z","recommendation":"Upgrade to version 6.4.0 or later","cwe":["CWE-276"],"found_by":null,"deleted":null,"id":1095531,"references":"- https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q\n- https://github.com/log4js-node/log4js-node/pull/1141/commits/8042252861a1b65adb66931fdf702ead34fa9b76\n- https://github.com/log4js-node/streamroller/pull/87\n- https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21704\n- https://lists.debian.org/debian-lts-announce/2022/12/msg00014.html\n- https://github.com/advisories/GHSA-82v2-mx6x-wq7q","created":"2022-01-21T18:53:27.000Z","reported_by":null,"title":"Incorrect Default Permissions in log4js","npm_advisory_id":null,"overview":"### Impact\r\nDefault file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config.\r\n\r\n### Patches\r\nFixed by:\r\n* https://github.com/log4js-node/log4js-node/pull/1141\r\n* https://github.com/log4js-node/streamroller/pull/87\r\n\r\nReleased to NPM in log4js@6.4.0\r\n\r\n### Workarounds\r\nEvery version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details.\r\n\r\n### References\r\n\r\nThanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem.\r\n\r\n### For more information\r\nIf you have any questions or comments about this advisory:\r\n* Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node)\r\n* Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI)\r\n* Email us at [gareth.nomiddlename@gmail.com](mailto:gareth.nomiddlename@gmail.com)\r\n","url":"https://github.com/advisories/GHSA-82v2-mx6x-wq7q"},"1096353":{"findings":[{"version":"1.15.3","paths":["axios>follow-redirects","@hmcts/rpx-xui-node-lib>axios>follow-redirects"]}],"metadata":null,"vulnerable_versions":"<1.15.4","module_name":"follow-redirects","severity":"moderate","github_advisory_id":"GHSA-jchw-25xp-jwwc","cves":["CVE-2023-26159"],"access":"public","patched_versions":">=1.15.4","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"updated":"2024-01-31T05:07:10.000Z","recommendation":"Upgrade to version 1.15.4 or later","cwe":["CWE-20","CWE-601"],"found_by":null,"deleted":null,"id":1096353,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26159\n- https://github.com/follow-redirects/follow-redirects/issues/235\n- https://github.com/follow-redirects/follow-redirects/pull/236\n- https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137\n- https://github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19d\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/\n- https://github.com/advisories/GHSA-jchw-25xp-jwwc","created":"2024-01-02T06:30:30.000Z","reported_by":null,"title":"Follow Redirects improperly handles URLs in the url.parse() function","npm_advisory_id":null,"overview":"Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.","url":"https://github.com/advisories/GHSA-jchw-25xp-jwwc"},"1096365":{"findings":[{"version":"3.3.0","paths":["crypto-js"]}],"metadata":null,"vulnerable_versions":"<4.2.0","module_name":"crypto-js","severity":"critical","github_advisory_id":"GHSA-xwcq-pm8m-c4vf","cves":["CVE-2023-46233"],"access":"public","patched_versions":">=4.2.0","cvss":{"score":9.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},"updated":"2024-02-01T16:30:31.000Z","recommendation":"Upgrade to version 4.2.0 or later","cwe":["CWE-327","CWE-328","CWE-916"],"found_by":null,"deleted":null,"id":1096365,"references":"- https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf\n- https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a\n- https://nvd.nist.gov/vuln/detail/CVE-2023-46233\n- https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html\n- https://github.com/advisories/GHSA-xwcq-pm8m-c4vf","created":"2023-10-25T21:15:52.000Z","reported_by":null,"title":"crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard","npm_advisory_id":null,"overview":"### Impact\n#### Summary\nCrypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and [at least 1,300,000 times weaker than current industry standard][OWASP PBKDF2 Cheatsheet]. This is because it both (1) defaults to [SHA1][SHA1 wiki], a cryptographic hash algorithm considered insecure [since at least 2005][Cryptanalysis of SHA-1] and (2) defaults to [one single iteration][one iteration src], a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to [preimage][preimage attack] and [collision][collision attack] attacks.\n\nPotential Impact:\n\n1. If used to protect passwords, the impact is high.\n2. If used to generate signatures, the impact is high.\n\nProbability / risk analysis / attack enumeration:\n\n1. [For at most $45,000][SHA1 is a Shambles], an attacker, given control of only the beginning of a crypto-js PBKDF2 input, can create a value which has _identical cryptographic signature_ to any chosen known value.\n4. Due to the [length extension attack] on SHA1, we can create a value that has identical signature to any _unknown_ value, provided it is prefixed by a known value. It does not matter if PBKDF2 applies '[salt][cryptographic salt]' or '[pepper][cryptographic pepper]' or any other secret unknown to the attacker. It will still create an identical signature.\n\nUpdate: PBKDF2 requires a pseudo-random function that takes two inputs, so HMAC-SHA1 is used rather than plain SHA1. HMAC is not affected by [length extension attacks][Length Extension attack]. However, by defaulting to a single PBKDF2 iteration, the hashes do not benefit from the extra computational complexity that PBKDF2 is supposed to provide. The resulting hashes therefore have little protection against an offline brute-force attack.\n \n[cryptographic salt]: https://en.wikipedia.org/wiki/Salt_(cryptography) \"Salt (cryptography), Wikipedia\"\n[cryptographic pepper]: https://en.wikipedia.org/wiki/Pepper_(cryptography) \"Pepper (cryptography), Wikipedia\"\n[SHA1 wiki]: https://en.wikipedia.org/wiki/SHA-1 \"SHA-1, Wikipedia\"\n[Cryptanalysis of SHA-1]: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html \"Cryptanalysis of SHA-1\"\n[one iteration src]: https://github.com/brix/crypto-js/blob/1da3dabf93f0a0435c47627d6f171ad25f452012/src/pbkdf2.js#L22-L26 \"crypto-js/src/pbkdf2.js lines 22-26\"\n[collision attack]: https://en.wikipedia.org/wiki/Hash_collision \"Collision Attack, Wikipedia\"\n[preimage attack]: https://en.wikipedia.org/wiki/Preimage_attack \"Preimage Attack, Wikipedia\"\n[SHA1 is a Shambles]: https://eprint.iacr.org/2020/014.pdf \"SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1\nand Application to the PGP Web of Trust, Gaëtan Leurent and Thomas Peyrin\"\n[Length Extension attack]: https://en.wikipedia.org/wiki/Length_extension_attack \"Length extension attack, Wikipedia\"\n\ncrypto-js has 10,642 public users [as displayed on NPM][crypto-js, NPM], today October 11th 2023. The number of transient dependents is likely several orders of magnitude higher.\n\nA very rough GitHub search[ shows 432 files][GitHub search: affected files] cross GitHub using PBKDF2 in crypto-js in Typescript or JavaScript, but not specifying any number of iterations.\n\n[OWASP PBKDF2 Cheatsheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 \"OWASP PBKDF2 Cheatsheet\"\n[crypto-js, NPM]: https://www.npmjs.com/package/crypto-js \"crypto-js on NPM\"\n[GitHub search: affected files]: https://github.com/search?q=%22crypto-js%22+AND+pbkdf2+AND+%28lang%3AJavaScript+OR+lang%3ATypeScript%29++NOT+%22iterations%22&type=code&p=2 \"GitHub search: crypto-js AND pbkdf2 AND (lang:JavaScript OR lang:TypeScript) NOT iterations\"\n\n#### Affected versions\nAll versions are impacted. This code has been the same since crypto-js was first created.\n\n#### Further Cryptanalysis\n\nThe issue here is especially egregious because the length extension attack makes useless any secret that might be appended to the plaintext before calculating its signature.\n\nConsider a scheme in which a secret is created for a user's username, and that secret is used to protect e.g. their passwords. Let's say that password is 'fake-password', and their username is 'example-username'.\n\nTo encrypt the user password via symmetric encryption we might do `encrypt(plaintext: 'fake-password', encryption_key: cryptojs.pbkdf2(value: 'example username' + salt_or_pepper))`. By this means, we would, in theory, create an `encryption_key` that can be determined from the public username, but which requires the secret `salt_or_pepper` to generate. This is a common scheme for protecting passwords, as exemplified in bcrypt & scrypt. Because the encryption key is symmetric, we can use this derived key to also decrypt the ciphertext.\n\nBecause of the length extension issue, if the attacker obtains (via attack 1), a collision with 'example username', the attacker _does not need to know_ `salt_or_pepper` to decrypt their account data, only their public username.\n\n### Description\n\nPBKDF2 is a key-derivation is a key-derivation function that is used for two main purposes: (1) to stretch or squash a variable length password's entropy into a fixed size for consumption by another cryptographic operation and (2) to reduce the chance of downstream operations recovering the password input (for example, for password storage).\n\nUnlike the modern [webcrypto](https://w3c.github.io/webcrypto/#pbkdf2-operations) standard, crypto-js does not throw an error when a number of iterations is not specified, and defaults to one single iteration. In the year 2000, when PBKDF2 was originally specified, the minimum number of iterations suggested was set at 1,000. Today, [OWASP recommends 1,300,000][OWASP PBKDF2 Cheatsheet]:\n\nhttps://github.com/brix/crypto-js/blob/4dcaa7afd08f48cd285463b8f9499cdb242605fa/src/pbkdf2.js#L22-L26\n\n### Patches\nNo available patch. The package is not maintained.\n\n### Workarounds\nConsult the [OWASP PBKDF2 Cheatsheet]. Configure to use SHA256 with at least 250,000 iterations.\n\n### Coordinated disclosure\nThis issue was simultaneously submitted to [crypto-js](https://github.com/brix/crypto-js) and [crypto-es](https://github.com/entronad/crypto-es) on the 23rd of October 2023.\n\n### Caveats\n\nThis issue was found in a security review that was _not_ scoped to crypto-js. This report is not an indication that crypto-js has undergone a formal security assessment by the author.\n\n","url":"https://github.com/advisories/GHSA-xwcq-pm8m-c4vf"},"1096525":{"findings":[{"version":"0.26.1","paths":["axios","@hmcts/rpx-xui-node-lib>axios"]}],"metadata":null,"vulnerable_versions":">=0.8.1 <0.28.0","module_name":"axios","severity":"moderate","github_advisory_id":"GHSA-wf5p-g6vw-rhxx","cves":["CVE-2023-45857"],"access":"public","patched_versions":">=0.28.0","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},"updated":"2024-02-20T20:02:28.000Z","recommendation":"Upgrade to version 0.28.0 or later","cwe":["CWE-352"],"found_by":null,"deleted":null,"id":1096525,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-45857\n- https://github.com/axios/axios/issues/6006\n- https://github.com/axios/axios/issues/6022\n- https://github.com/axios/axios/pull/6028\n- https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0\n- https://github.com/axios/axios/releases/tag/v1.6.0\n- https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459\n- https://github.com/axios/axios/pull/6091\n- https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967\n- https://github.com/axios/axios/releases/tag/v0.28.0\n- https://github.com/advisories/GHSA-wf5p-g6vw-rhxx","created":"2023-11-08T21:30:37.000Z","reported_by":null,"title":"Axios Cross-Site Request Forgery Vulnerability","npm_advisory_id":null,"overview":"An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.","url":"https://github.com/advisories/GHSA-wf5p-g6vw-rhxx"},"1096570":{"findings":[{"version":"1.1.8","paths":["playwright>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-resolve-dependencies>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>@jest/core>jest-resolve-dependencies>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-runner>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>@jest/core>jest-runner>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip"]}],"metadata":null,"vulnerable_versions":"<1.1.9","module_name":"ip","severity":"moderate","github_advisory_id":"GHSA-78xj-cgh5-2h22","cves":["CVE-2023-42282"],"access":"public","patched_versions":">=1.1.9","cvss":{"score":0,"vectorString":null},"updated":"2024-02-20T18:30:41.000Z","recommendation":"Upgrade to version 1.1.9 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1096570,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-42282\n- https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\n- https://github.com/JoshGlazebrook/socks/issues/93#issue-2128357447\n- https://github.com/github/advisory-database/pull/3504#issuecomment-1937179999\n- https://github.com/indutny/node-ip/pull/138\n- https://github.com/indutny/node-ip/commit/32f468f1245574785ec080705737a579be1223aa\n- https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\n- https://github.com/advisories/GHSA-78xj-cgh5-2h22","created":"2024-02-08T18:30:39.000Z","reported_by":null,"title":"NPM IP package incorrectly identifies some private IP addresses as public","npm_advisory_id":null,"overview":"The `isPublic()` function in the NPM package `ip` doesn't correctly identify certain private IP addresses in uncommon formats such as `0x7F.1` as private. Instead, it reports them as public by returning `true`. This can lead to security issues such as Server-Side Request Forgery (SSRF) if `isPublic()` is used to protect sensitive code paths when passed user input. Versions 1.1.9 and 2.0.1 fix the issue.","url":"https://github.com/advisories/GHSA-78xj-cgh5-2h22"},"1096592":{"findings":[{"version":"0.10.62","paths":["@pact-foundation/pact>cli-color>es5-ext","@pact-foundation/pact>cli-color>d>es5-ext","@pact-foundation/pact>cli-color>es6-iterator>d>es5-ext","@pact-foundation/pact>cli-color>es6-iterator>es6-symbol>d>es5-ext","@pact-foundation/pact>cli-color>d>es5-ext>es6-iterator>d>es5-ext","@pact-foundation/pact>cli-color>d>es5-ext>es6-iterator>es6-symbol>d>es5-ext"]}],"metadata":null,"vulnerable_versions":">=0.10.0 <0.10.63","module_name":"es5-ext","severity":"low","github_advisory_id":"GHSA-4gmj-3p3h-gm8h","cves":["CVE-2024-27088"],"access":"public","patched_versions":">=0.10.63","cvss":{"score":0,"vectorString":null},"updated":"2024-02-26T20:01:29.000Z","recommendation":"Upgrade to version 0.10.63 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1096592,"references":"- https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h\n- https://nvd.nist.gov/vuln/detail/CVE-2024-27088\n- https://github.com/medikoo/es5-ext/issues/201\n- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2\n- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602\n- https://github.com/advisories/GHSA-4gmj-3p3h-gm8h","created":"2024-02-26T20:01:28.000Z","reported_by":null,"title":"es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`","npm_advisory_id":null,"overview":"### Impact\n\nPassing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall\n\n### Patches\nFixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602\nPublished with v0.10.63\n\n### Workarounds\nNo real workaround aside of refraining from using above utilities.\n\n### References\nhttps://github.com/medikoo/es5-ext/issues/201\n","url":"https://github.com/advisories/GHSA-4gmj-3p3h-gm8h"},"1096643":{"findings":[{"version":"2.5.0","paths":["rx-polling-hmcts>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-03-07T05:09:24.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096643,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"},"1096781":{"findings":[{"version":"1.15.3","paths":["axios>follow-redirects","@hmcts/rpx-xui-node-lib>axios>follow-redirects"]}],"metadata":null,"vulnerable_versions":"<=1.15.5","module_name":"follow-redirects","severity":"moderate","github_advisory_id":"GHSA-cxjh-pqwp-8mfp","cves":["CVE-2024-28849"],"access":"public","patched_versions":">=1.15.6","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},"updated":"2024-03-23T03:30:25.000Z","recommendation":"Upgrade to version 1.15.6 or later","cwe":["CWE-200"],"found_by":null,"deleted":null,"id":1096781,"references":"- https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp\n- https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b\n- https://fetch.spec.whatwg.org/#authentication-entries\n- https://nvd.nist.gov/vuln/detail/CVE-2024-28849\n- https://github.com/psf/requests/issues/1885\n- https://hackerone.com/reports/2390009\n- https://github.com/advisories/GHSA-cxjh-pqwp-8mfp","created":"2024-03-14T17:19:42.000Z","reported_by":null,"title":"follow-redirects' Proxy-Authorization header kept across hosts","npm_advisory_id":null,"overview":"When using axios, its dependency library follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.\n\nSteps To Reproduce & PoC\n\naxios Test Code\n\nconst axios = require('axios');\n\naxios.get('http://127.0.0.1:10081/',{\n headers: {\n 'AuThorization': 'Rear Test',\n 'ProXy-AuthoriZation': 'Rear Test',\n 'coOkie': 't=1'\n }\n }).then(function (response) {\n console.log(response);\n})\nWhen I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.\n\nRequest sent by axios\n\nimage-20240314130755052.png\nRequest sent by follow-redirects after redirectimage-20240314130809838.png\n\nImpact\n\nThis vulnerability may lead to credentials leak.\n\nRecommendations\n\nRemove proxy-authentication header during cross-domain redirect\nRecommended Patch\n\nfollow-redirects/index.js:464\n\nremoveMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);\nchange to\n\nremoveMatchingHeaders(/^(?:authorization|proxy-authorization|cookie)$/i, this._options.headers);\nRef\n\nhttps://fetch.spec.whatwg.org/#authentication-entries\nhttps://hackerone.com/reports/2390009","url":"https://github.com/advisories/GHSA-cxjh-pqwp-8mfp"},"1096782":{"findings":[{"version":"1.28.2","paths":["@hmcts/rpx-xui-node-lib>openid-client>jose"]}],"metadata":null,"vulnerable_versions":"<2.0.7","module_name":"jose","severity":"moderate","github_advisory_id":"GHSA-hhhv-q57g-882q","cves":["CVE-2024-28176"],"access":"public","patched_versions":">=2.0.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-03-23T03:30:25.000Z","recommendation":"Upgrade to version 2.0.7 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1096782,"references":"- https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q\n- https://github.com/panva/jose/commit/02a65794f7873cdaf12e81e80ad076fcdc4a9314\n- https://github.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b\n- https://nvd.nist.gov/vuln/detail/CVE-2024-28176\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY\n- https://github.com/advisories/GHSA-hhhv-q57g-882q","created":"2024-03-07T17:40:57.000Z","reported_by":null,"title":"jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext","npm_advisory_id":null,"overview":"A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the [support for decompressing plaintext after its decryption](https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.3). This allows an adversary to exploit specific scenarios where the compression ratio becomes exceptionally high. As a result, the length of the JWE token, which is determined by the compressed content's size, can land below application-defined limits. In such cases, other existing application level mechanisms for preventing resource exhaustion may be rendered ineffective.\n\nNote that as per [RFC 8725](https://www.rfc-editor.org/rfc/rfc8725.html#name-avoid-compression-of-encryp) compression of data SHOULD NOT be done before encryption, because such compressed data often reveals information about the plaintext. For this reason the v5.x major version of `jose` removed support for compressed payloads entirely and is therefore NOT affected by this advisory.\n\n### Impact\n\nUnder certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations.\n\n### Affected users\n\nThe impact is limited only to Node.js users utilizing the JWE decryption APIs to decrypt JWEs from untrusted sources.\n\nYou are NOT affected if any of the following applies to you\n\n- Your code uses jose version v5.x where JWE Compression is not supported anymore\n- Your code runs in an environment other than Node.js (e.g. Deno, CF Workers), which is the only runtime where JWE Compression is implemented out of the box\n- Your code does not use the JWE decryption APIs\n- Your code only accepts JWEs produced by trusted sources\n\n### Patches\n\n`v2.0.7` and `v4.15.5` releases limit the decompression routine to only allow decompressing up to 250 kB of plaintext. In v4.x it is possible to further adjust this limit via the `inflateRaw` decryption option implementation. In v2.x it is possible to further adjust this limit via the `inflateRawSyncLimit` decryption option.\n\n### Workarounds\n\nIf you cannot upgrade and do not want to support compressed JWEs you may detect and reject these tokens early by checking the token's protected header\n\n```js\nconst { zip } = jose.decodeProtectedHeader(token)\nif (zip !== undefined) {\n throw new Error('JWE Compression is not supported')\n}\n```\n\nIf you wish to continue supporting JWEs with compressed payloads in these legacy release lines you must upgrade (v1.x and v2.x to version v2.0.7, v3.x and v4.x to version v4.15.5) and review the limits put forth by the patched releases.\n\n### For more information\nIf you have any questions or comments about this advisory please open a discussion in the project's [repository](https://github.com/panva/jose/discussions/new?category=q-a&title=GHSA-hhhv-q57g-882q%20advisory%20question)","url":"https://github.com/advisories/GHSA-hhhv-q57g-882q"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":6,"moderate":30,"high":4,"critical":4},"dependencies":892,"devDependencies":6,"optionalDependencies":0,"totalDependencies":898}} +{"actions":[],"advisories":{"1085685":{"findings":[{"version":"1.1.0","paths":["@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>yargs>os-locale>mem"]}],"metadata":null,"vulnerable_versions":"<4.0.0","module_name":"mem","severity":"moderate","github_advisory_id":"GHSA-4xcv-9jjx-gfj3","cves":[],"access":"public","patched_versions":">=4.0.0","cvss":{"score":5.1,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},"updated":"2023-01-09T05:01:45.000Z","recommendation":"Upgrade to version 4.0.0 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1085685,"references":"- https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b\n- https://bugzilla.redhat.com/show_bug.cgi?id=1623744\n- https://www.npmjs.com/advisories/1084\n- https://snyk.io/vuln/npm:mem:20180117\n- https://github.com/advisories/GHSA-4xcv-9jjx-gfj3","created":"2019-07-05T21:07:58.000Z","reported_by":null,"title":"Denial of Service in mem","npm_advisory_id":null,"overview":"Versions of `mem` prior to 4.0.0 are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its `maxAge` property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging.\n\n\n## Recommendation\n\nUpgrade to version 4.0.0 or later.","url":"https://github.com/advisories/GHSA-4xcv-9jjx-gfj3"},"1088208":{"findings":[{"version":"0.8.4","paths":["git-rev-sync>shelljs"]}],"metadata":null,"vulnerable_versions":"<0.8.5","module_name":"shelljs","severity":"moderate","github_advisory_id":"GHSA-64g7-mvw6-v9qj","cves":[],"access":"public","patched_versions":">=0.8.5","cvss":{"score":0,"vectorString":null},"updated":"2023-01-11T05:03:39.000Z","recommendation":"Upgrade to version 0.8.5 or later","cwe":["CWE-269"],"found_by":null,"deleted":null,"id":1088208,"references":"- https://github.com/shelljs/shelljs/security/advisories/GHSA-64g7-mvw6-v9qj\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n- https://github.com/advisories/GHSA-64g7-mvw6-v9qj","created":"2022-01-14T21:09:50.000Z","reported_by":null,"title":"Improper Privilege Management in shelljs","npm_advisory_id":null,"overview":"### Impact\nOutput from the synchronous version of `shell.exec()` may be visible to other users on the same system. You may be affected if you execute `shell.exec()` in multi-user Mac, Linux, or WSL environments, or if you execute `shell.exec()` as the root user.\n\nOther shelljs functions (including the asynchronous version of `shell.exec()`) are not impacted.\n\n### Patches\nPatched in shelljs 0.8.5\n\n### Workarounds\nRecommended action is to upgrade to 0.8.5.\n\n### References\nhttps://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Ask at https://github.com/shelljs/shelljs/issues/1058\n* Open an issue at https://github.com/shelljs/shelljs/issues/new\n","url":"https://github.com/advisories/GHSA-64g7-mvw6-v9qj"},"1088811":{"findings":[{"version":"8.1.0","paths":["@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>yargs>yargs-parser"]}],"metadata":null,"vulnerable_versions":">=6.0.0 <13.1.2","module_name":"yargs-parser","severity":"moderate","github_advisory_id":"GHSA-p9pc-299p-vxgp","cves":["CVE-2020-7608"],"access":"public","patched_versions":">=13.1.2","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},"updated":"2023-01-27T05:00:51.000Z","recommendation":"Upgrade to version 13.1.2 or later","cwe":["CWE-915","CWE-1321"],"found_by":null,"deleted":null,"id":1088811,"references":"- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381\n- https://www.npmjs.com/advisories/1500\n- https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2\n- https://nvd.nist.gov/vuln/detail/CVE-2020-7608\n- https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36\n- https://github.com/advisories/GHSA-p9pc-299p-vxgp","created":"2020-09-04T18:00:54.000Z","reported_by":null,"title":"yargs-parser Vulnerable to Prototype Pollution","npm_advisory_id":null,"overview":"Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. \nParsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.\n\n\n\n## Recommendation\n\nUpgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.","url":"https://github.com/advisories/GHSA-p9pc-299p-vxgp"},"1088948":{"findings":[{"version":"9.6.0","paths":["@hmcts/rpx-xui-node-lib>openid-client>got"]}],"metadata":null,"vulnerable_versions":"<11.8.5","module_name":"got","severity":"moderate","github_advisory_id":"GHSA-pfrx-2q88-qq97","cves":["CVE-2022-33987"],"access":"public","patched_versions":">=11.8.5","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"updated":"2023-01-27T05:05:01.000Z","recommendation":"Upgrade to version 11.8.5 or later","cwe":[],"found_by":null,"deleted":null,"id":1088948,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-33987\n- https://github.com/sindresorhus/got/pull/2047\n- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0\n- https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc\n- https://github.com/sindresorhus/got/releases/tag/v11.8.5\n- https://github.com/sindresorhus/got/releases/tag/v12.1.0\n- https://github.com/advisories/GHSA-pfrx-2q88-qq97","created":"2022-06-19T00:00:21.000Z","reported_by":null,"title":"Got allows a redirect to a UNIX socket","npm_advisory_id":null,"overview":"The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.","url":"https://github.com/advisories/GHSA-pfrx-2q88-qq97"},"1089270":{"findings":[{"version":"2.7.4","paths":["ejs"]}],"metadata":null,"vulnerable_versions":"<3.1.7","module_name":"ejs","severity":"critical","github_advisory_id":"GHSA-phwq-j96m-2c2q","cves":["CVE-2022-29078"],"access":"public","patched_versions":">=3.1.7","cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2023-01-30T05:02:57.000Z","recommendation":"Upgrade to version 3.1.7 or later","cwe":["CWE-74"],"found_by":null,"deleted":null,"id":1089270,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-29078\n- https://eslam.io/posts/ejs-server-side-template-injection-rce/\n- https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf\n- https://github.com/mde/ejs/releases\n- https://security.netapp.com/advisory/ntap-20220804-0001/\n- https://github.com/advisories/GHSA-phwq-j96m-2c2q","created":"2022-04-26T00:00:40.000Z","reported_by":null,"title":"ejs template injection vulnerability","npm_advisory_id":null,"overview":"The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).","url":"https://github.com/advisories/GHSA-phwq-j96m-2c2q"},"1089434":{"findings":[{"version":"8.5.1","paths":["jsonwebtoken"]}],"metadata":null,"vulnerable_versions":"<=8.5.1","module_name":"jsonwebtoken","severity":"moderate","github_advisory_id":"GHSA-8cf7-32gw-wr33","cves":["CVE-2022-23539"],"access":"public","patched_versions":">=9.0.0","cvss":{"score":0,"vectorString":null},"updated":"2023-01-31T05:01:09.000Z","recommendation":"Upgrade to version 9.0.0 or later","cwe":["CWE-327"],"found_by":null,"deleted":null,"id":1089434,"references":"- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33\n- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3\n- https://nvd.nist.gov/vuln/detail/CVE-2022-23539\n- https://github.com/advisories/GHSA-8cf7-32gw-wr33","created":"2022-12-22T03:32:22.000Z","reported_by":null,"title":"jsonwebtoken unrestricted key type could lead to legacy keys usage ","npm_advisory_id":null,"overview":"# Overview\n\nVersions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. \n\n# Am I affected?\n\nYou are affected if you are using an algorithm and a key type other than the combinations mentioned below\n\n| Key type | algorithm |\n|----------|------------------------------------------|\n| ec | ES256, ES384, ES512 |\n| rsa | RS256, RS384, RS512, PS256, PS384, PS512 |\n| rsa-pss | PS256, PS384, PS512 |\n\nAnd for Elliptic Curve algorithms:\n\n| `alg` | Curve |\n|-------|------------|\n| ES256 | prime256v1 |\n| ES384 | secp384r1 |\n| ES512 | secp521r1 |\n\n# How do I fix it?\n\nUpdate to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, If you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.\n\n# Will the fix impact my users?\n\nThere will be no impact, if you update to version 9.0.0 and you already use a valid secure combination of key type and algorithm. Otherwise, use the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and `verify()` functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility. \n\n","url":"https://github.com/advisories/GHSA-8cf7-32gw-wr33"},"1089698":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.17.0","module_name":"xlsx","severity":"moderate","github_advisory_id":"GHSA-g973-978j-2c3p","cves":["CVE-2021-32014"],"access":"public","patched_versions":">=0.17.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"updated":"2023-02-01T05:05:54.000Z","recommendation":"Upgrade to version 0.17.0 or later","cwe":["CWE-345","CWE-400"],"found_by":null,"deleted":null,"id":1089698,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-32014\n- https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/\n- https://sheetjs.com/pro\n- https://www.npmjs.com/package/xlsx/v/0.17.0\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-g973-978j-2c3p","created":"2021-07-22T19:47:15.000Z","reported_by":null,"title":"Denial of Service in SheetJS Pro","npm_advisory_id":null,"overview":"SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.","url":"https://github.com/advisories/GHSA-g973-978j-2c3p"},"1089699":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.17.0","module_name":"xlsx","severity":"moderate","github_advisory_id":"GHSA-3x9f-74h4-2fqr","cves":["CVE-2021-32012"],"access":"public","patched_versions":">=0.17.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"updated":"2023-02-01T05:06:10.000Z","recommendation":"Upgrade to version 0.17.0 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1089699,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-32012\n- https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/\n- https://sheetjs.com/pro\n- https://www.npmjs.com/package/xlsx/v/0.17.0\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-3x9f-74h4-2fqr","created":"2021-07-22T19:48:17.000Z","reported_by":null,"title":"Denial of Service in SheetJS Pro","npm_advisory_id":null,"overview":"SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).","url":"https://github.com/advisories/GHSA-3x9f-74h4-2fqr"},"1089700":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.17.0","module_name":"xlsx","severity":"moderate","github_advisory_id":"GHSA-8vcr-vxm8-293m","cves":["CVE-2021-32013"],"access":"public","patched_versions":">=0.17.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"updated":"2023-02-01T05:06:00.000Z","recommendation":"Upgrade to version 0.17.0 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1089700,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-32013\n- https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/\n- https://sheetjs.com/pro\n- https://www.npmjs.com/package/xlsx/v/0.17.0\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-8vcr-vxm8-293m","created":"2021-07-22T19:48:13.000Z","reported_by":null,"title":"Denial of Service in SheetsJS Pro","npm_advisory_id":null,"overview":"SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).","url":"https://github.com/advisories/GHSA-8vcr-vxm8-293m"},"1091087":{"findings":[{"version":"8.5.1","paths":["jsonwebtoken"]}],"metadata":null,"vulnerable_versions":"<=8.5.1","module_name":"jsonwebtoken","severity":"moderate","github_advisory_id":"GHSA-hjrf-2m68-5959","cves":["CVE-2022-23541"],"access":"public","patched_versions":">=9.0.0","cvss":{"score":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},"updated":"2023-01-29T05:06:34.000Z","recommendation":"Upgrade to version 9.0.0 or later","cwe":["CWE-287"],"found_by":null,"deleted":null,"id":1091087,"references":"- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959\n- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3\n- https://nvd.nist.gov/vuln/detail/CVE-2022-23541\n- https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0\n- https://github.com/advisories/GHSA-hjrf-2m68-5959","created":"2022-12-22T03:33:19.000Z","reported_by":null,"title":"jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC","npm_advisory_id":null,"overview":"# Overview\n\nVersions `<=8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the `secretOrPublicKey` argument from the [readme link](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback)) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. \n\n# Am I affected?\n\nYou will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. \n\n# How do I fix it?\n \nUpdate to version 9.0.0.\n\n# Will the fix impact my users?\n\nThere is no impact for end users","url":"https://github.com/advisories/GHSA-hjrf-2m68-5959"},"1092549":{"findings":[{"version":"8.5.1","paths":["jsonwebtoken"]}],"metadata":null,"vulnerable_versions":"<9.0.0","module_name":"jsonwebtoken","severity":"moderate","github_advisory_id":"GHSA-qwph-4952-7xr6","cves":["CVE-2022-23540"],"access":"public","patched_versions":">=9.0.0","cvss":{"score":6.4,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L"},"updated":"2023-07-14T22:03:14.000Z","recommendation":"Upgrade to version 9.0.0 or later","cwe":["CWE-287","CWE-327","CWE-347"],"found_by":null,"deleted":null,"id":1092549,"references":"- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6\n- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3\n- https://nvd.nist.gov/vuln/detail/CVE-2022-23540\n- https://github.com/advisories/GHSA-qwph-4952-7xr6","created":"2022-12-22T03:32:59.000Z","reported_by":null,"title":"jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()","npm_advisory_id":null,"overview":"# Overview\n\nIn versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification.\n\n# Am I affected?\nYou will be affected if all the following are true in the `jwt.verify()` function:\n- a token with no signature is received\n- no algorithms are specified \n- a falsy (e.g. null, false, undefined) secret or key is passed \n\n# How do I fix it?\n \nUpdate to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. \n\n# Will the fix impact my users?\n\nThere will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.\n","url":"https://github.com/advisories/GHSA-qwph-4952-7xr6"},"1093639":{"findings":[{"version":"0.4.1","paths":["@hmcts/rpx-xui-node-lib>passport"]}],"metadata":null,"vulnerable_versions":"<0.6.0","module_name":"passport","severity":"moderate","github_advisory_id":"GHSA-v923-w3x8-wh69","cves":["CVE-2022-25896"],"access":"public","patched_versions":">=0.6.0","cvss":{"score":4.8,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},"updated":"2023-09-11T16:22:18.000Z","recommendation":"Upgrade to version 0.6.0 or later","cwe":["CWE-384"],"found_by":null,"deleted":null,"id":1093639,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-25896\n- https://github.com/jaredhanson/passport/pull/900\n- https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608\n- https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631\n- https://github.com/advisories/GHSA-v923-w3x8-wh69","created":"2022-07-02T00:00:19.000Z","reported_by":null,"title":"Passport vulnerable to session regeneration when a users logs in or out","npm_advisory_id":null,"overview":"This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.","url":"https://github.com/advisories/GHSA-v923-w3x8-wh69"},"1094599":{"findings":[{"version":"0.15.6","paths":["xlsx"]}],"metadata":null,"vulnerable_versions":"<0.19.3","module_name":"xlsx","severity":"high","github_advisory_id":"GHSA-4r6h-8v6p-xvw6","cves":["CVE-2023-30533"],"access":"public","patched_versions":">=0.19.3","cvss":{"score":7.8,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},"updated":"2023-11-06T05:04:13.000Z","recommendation":"Upgrade to version 0.19.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1094599,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-30533\n- https://cdn.sheetjs.com/advisories/CVE-2023-30533\n- https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md\n- https://git.sheetjs.com/sheetjs/sheetjs/issues/2667\n- https://git.sheetjs.com/sheetjs/sheetjs/issues/2986\n- https://github.com/advisories/GHSA-4r6h-8v6p-xvw6","created":"2023-04-24T09:30:19.000Z","reported_by":null,"title":"Prototype Pollution in sheetJS","npm_advisory_id":null,"overview":"All versions of SheetJS CE through 0.19.2 are vulnerable to \"Prototype Pollution\" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.\n\nA non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package `xlsx` are no longer maintained.","url":"https://github.com/advisories/GHSA-4r6h-8v6p-xvw6"},"1095051":{"findings":[{"version":"0.7.0","paths":["ngx-md>marked"]}],"metadata":null,"vulnerable_versions":"<4.0.10","module_name":"marked","severity":"high","github_advisory_id":"GHSA-rrrm-qjm4-v8hf","cves":["CVE-2022-21680"],"access":"public","patched_versions":">=4.0.10","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2023-11-29T20:51:52.000Z","recommendation":"Upgrade to version 4.0.10 or later","cwe":["CWE-400","CWE-1333"],"found_by":null,"deleted":null,"id":1095051,"references":"- https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21680\n- https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n- https://github.com/markedjs/marked/releases/tag/v4.0.10\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\n- https://github.com/advisories/GHSA-rrrm-qjm4-v8hf","created":"2022-01-14T21:04:41.000Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in marked","npm_advisory_id":null,"overview":"### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `block.def` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from \"marked\";\n\nmarked.parse(`[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x`);\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n","url":"https://github.com/advisories/GHSA-rrrm-qjm4-v8hf"},"1095052":{"findings":[{"version":"0.7.0","paths":["ngx-md>marked"]}],"metadata":null,"vulnerable_versions":"<4.0.10","module_name":"marked","severity":"high","github_advisory_id":"GHSA-5v2h-r2cx-5xgj","cves":["CVE-2022-21681"],"access":"public","patched_versions":">=4.0.10","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2023-11-29T20:51:17.000Z","recommendation":"Upgrade to version 4.0.10 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1095052,"references":"- https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21681\n- https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\n- https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n- https://github.com/advisories/GHSA-5v2h-r2cx-5xgj","created":"2022-01-14T21:04:46.000Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in marked","npm_advisory_id":null,"overview":"### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from 'marked';\n\nconsole.log(marked.parse(`[x]: x\n\n\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](`));\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n","url":"https://github.com/advisories/GHSA-5v2h-r2cx-5xgj"},"1095097":{"findings":[{"version":"1.8.3","paths":["@pact-foundation/pact-node>underscore","@pact-foundation/pact>@pact-foundation/pact-node>underscore"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <1.12.1","module_name":"underscore","severity":"critical","github_advisory_id":"GHSA-cf4h-3jhx-xvhq","cves":["CVE-2021-23358"],"access":"public","patched_versions":">=1.12.1","cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2023-11-29T22:34:54.000Z","recommendation":"Upgrade to version 1.12.1 or later","cwe":["CWE-94"],"found_by":null,"deleted":null,"id":1095097,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-23358\n- https://github.com/jashkenas/underscore/pull/2917\n- https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66\n- https://github.com/jashkenas/underscore/releases/tag/1.12.1\n- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\n- https://www.npmjs.com/package/underscore\n- https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\n- https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\n- https://www.debian.org/security/2021/dsa-4883\n- https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E\n- https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E\n- https://www.tenable.com/security/tns-2021-14\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\n- https://github.com/advisories/GHSA-cf4h-3jhx-xvhq","created":"2021-05-06T16:09:43.000Z","reported_by":null,"title":"Arbitrary Code Execution in underscore","npm_advisory_id":null,"overview":"The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.","url":"https://github.com/advisories/GHSA-cf4h-3jhx-xvhq"},"1095126":{"findings":[{"version":"0.8.4","paths":["git-rev-sync>shelljs"]}],"metadata":null,"vulnerable_versions":"<0.8.5","module_name":"shelljs","severity":"high","github_advisory_id":"GHSA-4rq4-32rv-6wp6","cves":["CVE-2022-0144"],"access":"public","patched_versions":">=0.8.5","cvss":{"score":7.1,"vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},"updated":"2023-11-29T22:21:11.000Z","recommendation":"Upgrade to version 0.8.5 or later","cwe":["CWE-269"],"found_by":null,"deleted":null,"id":1095126,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0144\n- https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c\n- https://github.com/advisories/GHSA-4rq4-32rv-6wp6","created":"2022-01-21T23:37:28.000Z","reported_by":null,"title":"Improper Privilege Management in shelljs","npm_advisory_id":null,"overview":"shelljs is vulnerable to Improper Privilege Management","url":"https://github.com/advisories/GHSA-4rq4-32rv-6wp6"},"1095531":{"findings":[{"version":"6.2.1","paths":["log4js"]}],"metadata":null,"vulnerable_versions":"<6.4.0","module_name":"log4js","severity":"moderate","github_advisory_id":"GHSA-82v2-mx6x-wq7q","cves":["CVE-2022-21704"],"access":"public","patched_versions":">=6.4.0","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},"updated":"2024-01-24T08:54:14.000Z","recommendation":"Upgrade to version 6.4.0 or later","cwe":["CWE-276"],"found_by":null,"deleted":null,"id":1095531,"references":"- https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q\n- https://github.com/log4js-node/log4js-node/pull/1141/commits/8042252861a1b65adb66931fdf702ead34fa9b76\n- https://github.com/log4js-node/streamroller/pull/87\n- https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21704\n- https://lists.debian.org/debian-lts-announce/2022/12/msg00014.html\n- https://github.com/advisories/GHSA-82v2-mx6x-wq7q","created":"2022-01-21T18:53:27.000Z","reported_by":null,"title":"Incorrect Default Permissions in log4js","npm_advisory_id":null,"overview":"### Impact\r\nDefault file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config.\r\n\r\n### Patches\r\nFixed by:\r\n* https://github.com/log4js-node/log4js-node/pull/1141\r\n* https://github.com/log4js-node/streamroller/pull/87\r\n\r\nReleased to NPM in log4js@6.4.0\r\n\r\n### Workarounds\r\nEvery version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details.\r\n\r\n### References\r\n\r\nThanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @lamweili for fixing the problem.\r\n\r\n### For more information\r\nIf you have any questions or comments about this advisory:\r\n* Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node)\r\n* Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI)\r\n* Email us at [gareth.nomiddlename@gmail.com](mailto:gareth.nomiddlename@gmail.com)\r\n","url":"https://github.com/advisories/GHSA-82v2-mx6x-wq7q"},"1096353":{"findings":[{"version":"1.15.3","paths":["axios>follow-redirects","@hmcts/rpx-xui-node-lib>axios>follow-redirects"]}],"metadata":null,"vulnerable_versions":"<1.15.4","module_name":"follow-redirects","severity":"moderate","github_advisory_id":"GHSA-jchw-25xp-jwwc","cves":["CVE-2023-26159"],"access":"public","patched_versions":">=1.15.4","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"updated":"2024-01-31T05:07:10.000Z","recommendation":"Upgrade to version 1.15.4 or later","cwe":["CWE-20","CWE-601"],"found_by":null,"deleted":null,"id":1096353,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26159\n- https://github.com/follow-redirects/follow-redirects/issues/235\n- https://github.com/follow-redirects/follow-redirects/pull/236\n- https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137\n- https://github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19d\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/\n- https://github.com/advisories/GHSA-jchw-25xp-jwwc","created":"2024-01-02T06:30:30.000Z","reported_by":null,"title":"Follow Redirects improperly handles URLs in the url.parse() function","npm_advisory_id":null,"overview":"Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.","url":"https://github.com/advisories/GHSA-jchw-25xp-jwwc"},"1096365":{"findings":[{"version":"3.3.0","paths":["crypto-js"]}],"metadata":null,"vulnerable_versions":"<4.2.0","module_name":"crypto-js","severity":"critical","github_advisory_id":"GHSA-xwcq-pm8m-c4vf","cves":["CVE-2023-46233"],"access":"public","patched_versions":">=4.2.0","cvss":{"score":9.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},"updated":"2024-02-01T16:30:31.000Z","recommendation":"Upgrade to version 4.2.0 or later","cwe":["CWE-327","CWE-328","CWE-916"],"found_by":null,"deleted":null,"id":1096365,"references":"- https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf\n- https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a\n- https://nvd.nist.gov/vuln/detail/CVE-2023-46233\n- https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html\n- https://github.com/advisories/GHSA-xwcq-pm8m-c4vf","created":"2023-10-25T21:15:52.000Z","reported_by":null,"title":"crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard","npm_advisory_id":null,"overview":"### Impact\n#### Summary\nCrypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and [at least 1,300,000 times weaker than current industry standard][OWASP PBKDF2 Cheatsheet]. This is because it both (1) defaults to [SHA1][SHA1 wiki], a cryptographic hash algorithm considered insecure [since at least 2005][Cryptanalysis of SHA-1] and (2) defaults to [one single iteration][one iteration src], a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to [preimage][preimage attack] and [collision][collision attack] attacks.\n\nPotential Impact:\n\n1. If used to protect passwords, the impact is high.\n2. If used to generate signatures, the impact is high.\n\nProbability / risk analysis / attack enumeration:\n\n1. [For at most $45,000][SHA1 is a Shambles], an attacker, given control of only the beginning of a crypto-js PBKDF2 input, can create a value which has _identical cryptographic signature_ to any chosen known value.\n4. Due to the [length extension attack] on SHA1, we can create a value that has identical signature to any _unknown_ value, provided it is prefixed by a known value. It does not matter if PBKDF2 applies '[salt][cryptographic salt]' or '[pepper][cryptographic pepper]' or any other secret unknown to the attacker. It will still create an identical signature.\n\nUpdate: PBKDF2 requires a pseudo-random function that takes two inputs, so HMAC-SHA1 is used rather than plain SHA1. HMAC is not affected by [length extension attacks][Length Extension attack]. However, by defaulting to a single PBKDF2 iteration, the hashes do not benefit from the extra computational complexity that PBKDF2 is supposed to provide. The resulting hashes therefore have little protection against an offline brute-force attack.\n \n[cryptographic salt]: https://en.wikipedia.org/wiki/Salt_(cryptography) \"Salt (cryptography), Wikipedia\"\n[cryptographic pepper]: https://en.wikipedia.org/wiki/Pepper_(cryptography) \"Pepper (cryptography), Wikipedia\"\n[SHA1 wiki]: https://en.wikipedia.org/wiki/SHA-1 \"SHA-1, Wikipedia\"\n[Cryptanalysis of SHA-1]: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html \"Cryptanalysis of SHA-1\"\n[one iteration src]: https://github.com/brix/crypto-js/blob/1da3dabf93f0a0435c47627d6f171ad25f452012/src/pbkdf2.js#L22-L26 \"crypto-js/src/pbkdf2.js lines 22-26\"\n[collision attack]: https://en.wikipedia.org/wiki/Hash_collision \"Collision Attack, Wikipedia\"\n[preimage attack]: https://en.wikipedia.org/wiki/Preimage_attack \"Preimage Attack, Wikipedia\"\n[SHA1 is a Shambles]: https://eprint.iacr.org/2020/014.pdf \"SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1\nand Application to the PGP Web of Trust, Gaëtan Leurent and Thomas Peyrin\"\n[Length Extension attack]: https://en.wikipedia.org/wiki/Length_extension_attack \"Length extension attack, Wikipedia\"\n\ncrypto-js has 10,642 public users [as displayed on NPM][crypto-js, NPM], today October 11th 2023. The number of transient dependents is likely several orders of magnitude higher.\n\nA very rough GitHub search[ shows 432 files][GitHub search: affected files] cross GitHub using PBKDF2 in crypto-js in Typescript or JavaScript, but not specifying any number of iterations.\n\n[OWASP PBKDF2 Cheatsheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 \"OWASP PBKDF2 Cheatsheet\"\n[crypto-js, NPM]: https://www.npmjs.com/package/crypto-js \"crypto-js on NPM\"\n[GitHub search: affected files]: https://github.com/search?q=%22crypto-js%22+AND+pbkdf2+AND+%28lang%3AJavaScript+OR+lang%3ATypeScript%29++NOT+%22iterations%22&type=code&p=2 \"GitHub search: crypto-js AND pbkdf2 AND (lang:JavaScript OR lang:TypeScript) NOT iterations\"\n\n#### Affected versions\nAll versions are impacted. This code has been the same since crypto-js was first created.\n\n#### Further Cryptanalysis\n\nThe issue here is especially egregious because the length extension attack makes useless any secret that might be appended to the plaintext before calculating its signature.\n\nConsider a scheme in which a secret is created for a user's username, and that secret is used to protect e.g. their passwords. Let's say that password is 'fake-password', and their username is 'example-username'.\n\nTo encrypt the user password via symmetric encryption we might do `encrypt(plaintext: 'fake-password', encryption_key: cryptojs.pbkdf2(value: 'example username' + salt_or_pepper))`. By this means, we would, in theory, create an `encryption_key` that can be determined from the public username, but which requires the secret `salt_or_pepper` to generate. This is a common scheme for protecting passwords, as exemplified in bcrypt & scrypt. Because the encryption key is symmetric, we can use this derived key to also decrypt the ciphertext.\n\nBecause of the length extension issue, if the attacker obtains (via attack 1), a collision with 'example username', the attacker _does not need to know_ `salt_or_pepper` to decrypt their account data, only their public username.\n\n### Description\n\nPBKDF2 is a key-derivation is a key-derivation function that is used for two main purposes: (1) to stretch or squash a variable length password's entropy into a fixed size for consumption by another cryptographic operation and (2) to reduce the chance of downstream operations recovering the password input (for example, for password storage).\n\nUnlike the modern [webcrypto](https://w3c.github.io/webcrypto/#pbkdf2-operations) standard, crypto-js does not throw an error when a number of iterations is not specified, and defaults to one single iteration. In the year 2000, when PBKDF2 was originally specified, the minimum number of iterations suggested was set at 1,000. Today, [OWASP recommends 1,300,000][OWASP PBKDF2 Cheatsheet]:\n\nhttps://github.com/brix/crypto-js/blob/4dcaa7afd08f48cd285463b8f9499cdb242605fa/src/pbkdf2.js#L22-L26\n\n### Patches\nNo available patch. The package is not maintained.\n\n### Workarounds\nConsult the [OWASP PBKDF2 Cheatsheet]. Configure to use SHA256 with at least 250,000 iterations.\n\n### Coordinated disclosure\nThis issue was simultaneously submitted to [crypto-js](https://github.com/brix/crypto-js) and [crypto-es](https://github.com/entronad/crypto-es) on the 23rd of October 2023.\n\n### Caveats\n\nThis issue was found in a security review that was _not_ scoped to crypto-js. This report is not an indication that crypto-js has undergone a formal security assessment by the author.\n\n","url":"https://github.com/advisories/GHSA-xwcq-pm8m-c4vf"},"1096525":{"findings":[{"version":"0.26.1","paths":["axios","@hmcts/rpx-xui-node-lib>axios"]}],"metadata":null,"vulnerable_versions":">=0.8.1 <0.28.0","module_name":"axios","severity":"moderate","github_advisory_id":"GHSA-wf5p-g6vw-rhxx","cves":["CVE-2023-45857"],"access":"public","patched_versions":">=0.28.0","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},"updated":"2024-02-20T20:02:28.000Z","recommendation":"Upgrade to version 0.28.0 or later","cwe":["CWE-352"],"found_by":null,"deleted":null,"id":1096525,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-45857\n- https://github.com/axios/axios/issues/6006\n- https://github.com/axios/axios/issues/6022\n- https://github.com/axios/axios/pull/6028\n- https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0\n- https://github.com/axios/axios/releases/tag/v1.6.0\n- https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459\n- https://github.com/axios/axios/pull/6091\n- https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967\n- https://github.com/axios/axios/releases/tag/v0.28.0\n- https://github.com/advisories/GHSA-wf5p-g6vw-rhxx","created":"2023-11-08T21:30:37.000Z","reported_by":null,"title":"Axios Cross-Site Request Forgery Vulnerability","npm_advisory_id":null,"overview":"An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.","url":"https://github.com/advisories/GHSA-wf5p-g6vw-rhxx"},"1096570":{"findings":[{"version":"1.1.8","paths":["playwright>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-resolve-dependencies>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>@jest/core>jest-resolve-dependencies>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>@jest/core>jest-runner>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>@jest/core>jest-runner>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","@hmcts/rpx-xui-node-lib>jest-mock-axios>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-runtime>@jest/globals>@jest/expect>jest-snapshot>@jest/transform>jest-haste-map>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip"]}],"metadata":null,"vulnerable_versions":"<1.1.9","module_name":"ip","severity":"moderate","github_advisory_id":"GHSA-78xj-cgh5-2h22","cves":["CVE-2023-42282"],"access":"public","patched_versions":">=1.1.9","cvss":{"score":0,"vectorString":null},"updated":"2024-02-20T18:30:41.000Z","recommendation":"Upgrade to version 1.1.9 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1096570,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-42282\n- https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\n- https://github.com/JoshGlazebrook/socks/issues/93#issue-2128357447\n- https://github.com/github/advisory-database/pull/3504#issuecomment-1937179999\n- https://github.com/indutny/node-ip/pull/138\n- https://github.com/indutny/node-ip/commit/32f468f1245574785ec080705737a579be1223aa\n- https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\n- https://github.com/advisories/GHSA-78xj-cgh5-2h22","created":"2024-02-08T18:30:39.000Z","reported_by":null,"title":"NPM IP package incorrectly identifies some private IP addresses as public","npm_advisory_id":null,"overview":"The `isPublic()` function in the NPM package `ip` doesn't correctly identify certain private IP addresses in uncommon formats such as `0x7F.1` as private. Instead, it reports them as public by returning `true`. This can lead to security issues such as Server-Side Request Forgery (SSRF) if `isPublic()` is used to protect sensitive code paths when passed user input. Versions 1.1.9 and 2.0.1 fix the issue.","url":"https://github.com/advisories/GHSA-78xj-cgh5-2h22"},"1096592":{"findings":[{"version":"0.10.62","paths":["@pact-foundation/pact>cli-color>es5-ext","@pact-foundation/pact>cli-color>d>es5-ext","@pact-foundation/pact>cli-color>es6-iterator>d>es5-ext","@pact-foundation/pact>cli-color>es6-iterator>es6-symbol>d>es5-ext","@pact-foundation/pact>cli-color>d>es5-ext>es6-iterator>d>es5-ext","@pact-foundation/pact>cli-color>d>es5-ext>es6-iterator>es6-symbol>d>es5-ext"]}],"metadata":null,"vulnerable_versions":">=0.10.0 <0.10.63","module_name":"es5-ext","severity":"low","github_advisory_id":"GHSA-4gmj-3p3h-gm8h","cves":["CVE-2024-27088"],"access":"public","patched_versions":">=0.10.63","cvss":{"score":0,"vectorString":null},"updated":"2024-02-26T20:01:29.000Z","recommendation":"Upgrade to version 0.10.63 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1096592,"references":"- https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h\n- https://nvd.nist.gov/vuln/detail/CVE-2024-27088\n- https://github.com/medikoo/es5-ext/issues/201\n- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2\n- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602\n- https://github.com/advisories/GHSA-4gmj-3p3h-gm8h","created":"2024-02-26T20:01:28.000Z","reported_by":null,"title":"es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`","npm_advisory_id":null,"overview":"### Impact\n\nPassing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall\n\n### Patches\nFixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602\nPublished with v0.10.63\n\n### Workarounds\nNo real workaround aside of refraining from using above utilities.\n\n### References\nhttps://github.com/medikoo/es5-ext/issues/201\n","url":"https://github.com/advisories/GHSA-4gmj-3p3h-gm8h"},"1096643":{"findings":[{"version":"2.5.0","paths":["rx-polling-hmcts>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-03-07T05:09:24.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096643,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"},"1096781":{"findings":[{"version":"1.15.3","paths":["axios>follow-redirects","@hmcts/rpx-xui-node-lib>axios>follow-redirects"]}],"metadata":null,"vulnerable_versions":"<=1.15.5","module_name":"follow-redirects","severity":"moderate","github_advisory_id":"GHSA-cxjh-pqwp-8mfp","cves":["CVE-2024-28849"],"access":"public","patched_versions":">=1.15.6","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},"updated":"2024-03-23T03:30:25.000Z","recommendation":"Upgrade to version 1.15.6 or later","cwe":["CWE-200"],"found_by":null,"deleted":null,"id":1096781,"references":"- https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp\n- https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b\n- https://fetch.spec.whatwg.org/#authentication-entries\n- https://nvd.nist.gov/vuln/detail/CVE-2024-28849\n- https://github.com/psf/requests/issues/1885\n- https://hackerone.com/reports/2390009\n- https://github.com/advisories/GHSA-cxjh-pqwp-8mfp","created":"2024-03-14T17:19:42.000Z","reported_by":null,"title":"follow-redirects' Proxy-Authorization header kept across hosts","npm_advisory_id":null,"overview":"When using axios, its dependency library follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.\n\nSteps To Reproduce & PoC\n\naxios Test Code\n\nconst axios = require('axios');\n\naxios.get('http://127.0.0.1:10081/',{\n headers: {\n 'AuThorization': 'Rear Test',\n 'ProXy-AuthoriZation': 'Rear Test',\n 'coOkie': 't=1'\n }\n }).then(function (response) {\n console.log(response);\n})\nWhen I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.\n\nRequest sent by axios\n\nimage-20240314130755052.png\nRequest sent by follow-redirects after redirectimage-20240314130809838.png\n\nImpact\n\nThis vulnerability may lead to credentials leak.\n\nRecommendations\n\nRemove proxy-authentication header during cross-domain redirect\nRecommended Patch\n\nfollow-redirects/index.js:464\n\nremoveMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);\nchange to\n\nremoveMatchingHeaders(/^(?:authorization|proxy-authorization|cookie)$/i, this._options.headers);\nRef\n\nhttps://fetch.spec.whatwg.org/#authentication-entries\nhttps://hackerone.com/reports/2390009","url":"https://github.com/advisories/GHSA-cxjh-pqwp-8mfp"},"1096782":{"findings":[{"version":"1.28.2","paths":["@hmcts/rpx-xui-node-lib>openid-client>jose"]}],"metadata":null,"vulnerable_versions":"<2.0.7","module_name":"jose","severity":"moderate","github_advisory_id":"GHSA-hhhv-q57g-882q","cves":["CVE-2024-28176"],"access":"public","patched_versions":">=2.0.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-03-23T03:30:25.000Z","recommendation":"Upgrade to version 2.0.7 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1096782,"references":"- https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q\n- https://github.com/panva/jose/commit/02a65794f7873cdaf12e81e80ad076fcdc4a9314\n- https://github.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b\n- https://nvd.nist.gov/vuln/detail/CVE-2024-28176\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY\n- https://github.com/advisories/GHSA-hhhv-q57g-882q","created":"2024-03-07T17:40:57.000Z","reported_by":null,"title":"jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext","npm_advisory_id":null,"overview":"A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the [support for decompressing plaintext after its decryption](https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.3). This allows an adversary to exploit specific scenarios where the compression ratio becomes exceptionally high. As a result, the length of the JWE token, which is determined by the compressed content's size, can land below application-defined limits. In such cases, other existing application level mechanisms for preventing resource exhaustion may be rendered ineffective.\n\nNote that as per [RFC 8725](https://www.rfc-editor.org/rfc/rfc8725.html#name-avoid-compression-of-encryp) compression of data SHOULD NOT be done before encryption, because such compressed data often reveals information about the plaintext. For this reason the v5.x major version of `jose` removed support for compressed payloads entirely and is therefore NOT affected by this advisory.\n\n### Impact\n\nUnder certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations.\n\n### Affected users\n\nThe impact is limited only to Node.js users utilizing the JWE decryption APIs to decrypt JWEs from untrusted sources.\n\nYou are NOT affected if any of the following applies to you\n\n- Your code uses jose version v5.x where JWE Compression is not supported anymore\n- Your code runs in an environment other than Node.js (e.g. Deno, CF Workers), which is the only runtime where JWE Compression is implemented out of the box\n- Your code does not use the JWE decryption APIs\n- Your code only accepts JWEs produced by trusted sources\n\n### Patches\n\n`v2.0.7` and `v4.15.5` releases limit the decompression routine to only allow decompressing up to 250 kB of plaintext. In v4.x it is possible to further adjust this limit via the `inflateRaw` decryption option implementation. In v2.x it is possible to further adjust this limit via the `inflateRawSyncLimit` decryption option.\n\n### Workarounds\n\nIf you cannot upgrade and do not want to support compressed JWEs you may detect and reject these tokens early by checking the token's protected header\n\n```js\nconst { zip } = jose.decodeProtectedHeader(token)\nif (zip !== undefined) {\n throw new Error('JWE Compression is not supported')\n}\n```\n\nIf you wish to continue supporting JWEs with compressed payloads in these legacy release lines you must upgrade (v1.x and v2.x to version v2.0.7, v3.x and v4.x to version v4.15.5) and review the limits put forth by the patched releases.\n\n### For more information\nIf you have any questions or comments about this advisory please open a discussion in the project's [repository](https://github.com/panva/jose/discussions/new?category=q-a&title=GHSA-hhhv-q57g-882q%20advisory%20question)","url":"https://github.com/advisories/GHSA-hhhv-q57g-882q"},"1096807":{"findings":[{"version":"4.18.2","paths":["express","@hmcts/rpx-xui-node-lib>express"]}],"metadata":null,"vulnerable_versions":"<4.19.2","module_name":"express","severity":"moderate","github_advisory_id":"GHSA-rv95-896h-c2vc","cves":["CVE-2024-29041"],"access":"public","patched_versions":">=4.19.2","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"updated":"2024-03-25T22:25:02.000Z","recommendation":"Upgrade to version 4.19.2 or later","cwe":["CWE-601","CWE-1286"],"found_by":null,"deleted":null,"id":1096807,"references":"- https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\n- https://github.com/koajs/koa/issues/1800\n- https://github.com/expressjs/express/pull/5539\n- https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\n- https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\n- https://expressjs.com/en/4x/api.html#res.location\n- https://nvd.nist.gov/vuln/detail/CVE-2024-29041\n- https://github.com/advisories/GHSA-rv95-896h-c2vc","created":"2024-03-25T19:40:26.000Z","reported_by":null,"title":"Express.js Open Redirect in malformed URLs","npm_advisory_id":null,"overview":"### Impact\n\nVersions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.\n\nWhen a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.\n\nThe main method impacted is `res.location()` but this is also called from within `res.redirect()`.\n\n### Patches\n\nhttps://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\nhttps://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\n\nAn initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`.\n\n### Workarounds\n\nThe fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`.\n\n### References\n\nhttps://github.com/expressjs/express/pull/5539\nhttps://github.com/koajs/koa/issues/1800\nhttps://expressjs.com/en/4x/api.html#res.location","url":"https://github.com/advisories/GHSA-rv95-896h-c2vc"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":6,"moderate":32,"high":4,"critical":4},"dependencies":892,"devDependencies":6,"optionalDependencies":0,"totalDependencies":898}}