bcgov · MacQSL · Jul 22, 2024 · Jul 19, 2024 · Jul 19, 2024 · Jul 19, 2024
diff --git a/api/src/__mocks__/db.ts b/api/src/__mocks__/db.ts
@@ -65,11 +65,6 @@ export class MockReq {
   query = {};
   params = {};
   body = {};
-  files: any[] = [];
-  // Exists on authenticated requests. @see authentication.ts and authorization.ts
-  keycloak_token?: Record<string, any>;
-  // Exists on authenticated requests. @see authentication.ts and authorization.ts
-  system_user?: Record<string, any>;
 }
 
 export type ExtendedMockRes = MockRes & Response;

diff --git a/api/src/database/db.ts b/api/src/database/db.ts
@@ -209,7 +209,7 @@ export interface IDBConnection {
  *
  * const sqlStatement = SQL\`select * from table where id = ${id};\`;
  *
- * const connection = await getDBConnection(req['keycloak_token']);
+ * const connection = await getDBConnection(req.keycloak_token);
  *
  * try {
  *   await connection.open();
@@ -225,7 +225,7 @@ export interface IDBConnection {
  * @param {object} keycloakToken
  * @return {*} {IDBConnection}
  */
-export const getDBConnection = function (keycloakToken: KeycloakUserInformation): IDBConnection {
+export const getDBConnection = function (keycloakToken?: KeycloakUserInformation): IDBConnection {
   if (!keycloakToken) {
     throw Error('Keycloak token is undefined');
   }

diff --git a/api/src/middleware/critterbase-proxy.ts b/api/src/middleware/critterbase-proxy.ts
@@ -104,7 +104,7 @@ export const getCritterbaseApiHostUrl = () => {
 export const authorizeAndAuthenticateMiddleware: RequestHandler = async (req, _, next) => {
   await authenticateRequest(req);
 
-  req['authorization_scheme'] = {
+  req.authorization_scheme = {
     and: [
       {
         discriminator: 'SystemUser'
@@ -165,8 +165,8 @@ export const getCritterbaseProxyMiddleware = () =>
       client.setHeader(
         'user',
         JSON.stringify({
-          keycloak_guid: req['system_user']?.user_guid,
-          username: req['system_user']?.user_identifier
+          keycloak_guid: req.system_user?.user_guid,
+          username: req.system_user?.user_identifier
         })
       );
     },

diff --git a/api/src/paths/administrative-activities.ts b/api/src/paths/administrative-activities.ts
@@ -140,7 +140,7 @@ GET.apiDoc = {
  */
 export function getAdministrativeActivities(): RequestHandler {
   return async (req, res) => {
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     try {
       // Only search for specified types if provided, otherwise search all types

diff --git a/api/src/paths/administrative-activity.test.ts b/api/src/paths/administrative-activity.test.ts
@@ -117,7 +117,7 @@ describe('getAdministrativeActivityStanding', () => {
 
     const { mockReq, mockRes, mockNext } = getRequestHandlerMocks();
 
-    mockReq['keycloak_token'] = {
+    mockReq.keycloak_token = {
       idir_user_guid: 'testguid',
       identity_provider: 'idir',
       idir_username: 'testuser',
@@ -158,7 +158,7 @@ describe('getAdministrativeActivityStanding', () => {
 
     const { mockReq, mockRes, mockNext } = getRequestHandlerMocks();
 
-    mockReq['keycloak_token'] = {
+    mockReq.keycloak_token = {
       idir_user_guid: 'testguid',
       identity_provider: 'idir',
       idir_username: 'testuser',

diff --git a/api/src/paths/administrative-activity.ts b/api/src/paths/administrative-activity.ts
@@ -5,6 +5,7 @@ import { HTTP400, HTTP500 } from '../errors/http-error';
 import { AdministrativeActivityService } from '../services/administrative-activity-service';
 import { getUserGuid } from '../utils/keycloak-utils';
 import { getLogger } from '../utils/logger';
+import { getKeycloakTokenFromRequest } from '../utils/request';
 
 const defaultLog = getLogger('paths/administrative-activity-request');
 
@@ -173,7 +174,8 @@ export function getAdministrativeActivityStanding(): RequestHandler {
     const connection = getAPIUserDBConnection();
 
     try {
-      const userGUID = getUserGuid(req['keycloak_token']);
+      const keycloakToken = getKeycloakTokenFromRequest(req);
+      const userGUID = getUserGuid(keycloakToken);
 
       if (!userGUID) {
         throw new HTTP400('Failed to identify user');

diff --git a/api/src/paths/administrative-activity/system-access/{administrativeActivityId}/approve.ts b/api/src/paths/administrative-activity/system-access/{administrativeActivityId}/approve.ts
@@ -139,7 +139,7 @@ export function approveAccessRequest(): RequestHandler {
 
     const roleIds: number[] = req.body.roleIds || [];
 
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     try {
       await connection.open();

diff --git a/api/src/paths/administrative-activity/system-access/{administrativeActivityId}/reject.ts b/api/src/paths/administrative-activity/system-access/{administrativeActivityId}/reject.ts
@@ -68,7 +68,7 @@ export function rejectAccessRequest(): RequestHandler {
   return async (req, res) => {
     const administrativeActivityId = Number(req.params.administrativeActivityId);
 
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     try {
       await connection.open();

diff --git a/api/src/paths/animal/index.test.ts b/api/src/paths/animal/index.test.ts
@@ -5,7 +5,9 @@ import sinonChai from 'sinon-chai';
 import { SYSTEM_ROLE } from '../../constants/roles';
 import * as db from '../../database/db';
 import { HTTPError } from '../../errors/http-error';
+import { SystemUser } from '../../repositories/user-repository';
 import { FindCrittersResponse, SurveyCritterService } from '../../services/survey-critter-service';
+import { KeycloakUserInformation } from '../../utils/keycloak-utils';
 import { getMockDBConnection, getRequestHandlerMocks } from '../../__mocks__/db';
 import { findAnimals } from './index';
 
@@ -59,10 +61,10 @@ describe('findAnimals', () => {
       sort: undefined,
       order: undefined
     };
-    mockReq['keycloak_token'] = {};
-    mockReq['system_user'] = {
+    mockReq.keycloak_token = {} as KeycloakUserInformation;
+    mockReq.system_user = {
       role_names: [SYSTEM_ROLE.SYSTEM_ADMIN]
-    };
+    } as SystemUser;
 
     const requestHandler = findAnimals();
 
@@ -126,10 +128,10 @@ describe('findAnimals', () => {
       sort: undefined,
       order: undefined
     };
-    mockReq['keycloak_token'] = {};
-    mockReq['system_user'] = {
+    mockReq.keycloak_token = {} as KeycloakUserInformation;
+    mockReq.system_user = {
       role_names: [SYSTEM_ROLE.PROJECT_CREATOR]
-    };
+    } as SystemUser;
 
     const requestHandler = findAnimals();
 

diff --git a/api/src/paths/animal/index.ts b/api/src/paths/animal/index.ts
@@ -12,6 +12,7 @@ import {
   makePaginationOptionsFromRequest,
   makePaginationResponse
 } from '../../utils/pagination';
+import { getSystemUserFromRequest } from '../../utils/request';
 
 const defaultLog = getLogger('paths/animal');
 
@@ -184,16 +185,18 @@ export function findAnimals(): RequestHandler {
   return async (req, res) => {
     defaultLog.debug({ label: 'findAnimals' });
 
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     try {
       await connection.open();
 
       const systemUserId = connection.systemUserId();
 
+      const systemUser = getSystemUserFromRequest(req);
+
       const isUserAdmin = userHasValidRole(
         [SYSTEM_ROLE.SYSTEM_ADMIN, SYSTEM_ROLE.DATA_ADMINISTRATOR],
-        req['system_user']['role_names']
+        systemUser.role_names
       );
 
       const filterFields = parseQueryParams(req);

diff --git a/api/src/paths/codes.test.ts b/api/src/paths/codes.test.ts
@@ -1,10 +1,10 @@
 import chai, { expect } from 'chai';
-import { describe } from 'mocha';
 import sinon from 'sinon';
 import sinonChai from 'sinon-chai';
 import * as db from '../database/db';
 import { HTTPError } from '../errors/http-error';
 import { CodeService } from '../services/code-service';
+import { KeycloakUserInformation } from '../utils/keycloak-utils';
 import { getMockDBConnection, getRequestHandlerMocks } from '../__mocks__/db';
 import * as codes from './codes';
 
@@ -24,7 +24,7 @@ describe('codes', () => {
 
       const { mockReq, mockRes, mockNext } = getRequestHandlerMocks();
 
-      mockReq.keycloak_token = {};
+      mockReq.keycloak_token = {} as KeycloakUserInformation;
 
       try {
         const requestHandler = codes.getAllCodes();
@@ -47,7 +47,7 @@ describe('codes', () => {
 
       const { mockReq, mockRes, mockNext } = getRequestHandlerMocks();
 
-      mockReq.keycloak_token = {};
+      mockReq.keycloak_token = {} as KeycloakUserInformation;
 
       const requestHandler = codes.getAllCodes();
 
@@ -66,7 +66,7 @@ describe('codes', () => {
 
       const { mockReq, mockRes, mockNext } = getRequestHandlerMocks();
 
-      mockReq.keycloak_token = {};
+      mockReq.keycloak_token = {} as KeycloakUserInformation;
 
       try {
         const requestHandler = codes.getAllCodes();

diff --git a/api/src/paths/funding-sources/index.test.ts b/api/src/paths/funding-sources/index.test.ts
@@ -67,7 +67,7 @@ describe('getFundingSources', () => {
         agency: null
       };
       // system_user would be set by the authorization-service, if this endpoint was called for real
-      mockReq['system_user'] = systemUser;
+      mockReq.system_user = systemUser;
 
       const requestHandler = getFundingSources();
 
@@ -128,7 +128,7 @@ describe('getFundingSources', () => {
         agency: null
       };
       // system_user would be set by the authorization-service, if this endpoint was called for real
-      mockReq['system_user'] = systemUser;
+      mockReq.system_user = systemUser;
 
       const requestHandler = getFundingSources();
 

diff --git a/api/src/paths/funding-sources/index.ts b/api/src/paths/funding-sources/index.ts
@@ -3,11 +3,11 @@ import { Operation } from 'express-openapi';
 import { SYSTEM_ROLE } from '../../constants/roles';
 import { getDBConnection } from '../../database/db';
 import { FundingSource, FundingSourceSupplementaryData } from '../../repositories/funding-source-repository';
-import { SystemUser } from '../../repositories/user-repository';
 import { authorizeRequestHandler } from '../../request-handlers/security/authorization';
 import { FundingSourceService, IFundingSourceSearchParams } from '../../services/funding-source-service';
 import { UserService } from '../../services/user-service';
 import { getLogger } from '../../utils/logger';
+import { getSystemUserFromRequest } from '../../utils/request';
 
 const defaultLog = getLogger('paths/funding-sources/index');
 
@@ -113,7 +113,7 @@ GET.apiDoc = {
  */
 export function getFundingSources(): RequestHandler {
   return async (req, res) => {
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
     const filterFields: IFundingSourceSearchParams = req.query || {};
     try {
       await connection.open();
@@ -124,8 +124,9 @@ export function getFundingSources(): RequestHandler {
 
       await connection.commit();
 
-      const systemUserObject: SystemUser = req['system_user'];
-      if (!UserService.isAdmin(systemUserObject)) {
+      const systemUser = getSystemUserFromRequest(req);
+
+      if (!UserService.isAdmin(systemUser)) {
         // User is not an admin, strip sensitive fields from response
         response = removeNonAdminFieldsFromFundingSourcesResponse(response);
       }
@@ -260,7 +261,7 @@ POST.apiDoc = {
  */
 export function postFundingSource(): RequestHandler {
   return async (req, res) => {
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
     const service = new FundingSourceService(connection);
     const data = req.body;
     try {

diff --git a/api/src/paths/funding-sources/{fundingSourceId}.ts b/api/src/paths/funding-sources/{fundingSourceId}.ts
@@ -172,7 +172,7 @@ GET.apiDoc = {
  */
 export function getFundingSource(): RequestHandler {
   return async (req, res) => {
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     const fundingSourceId = Number(req.params.fundingSourceId);
 
@@ -309,7 +309,7 @@ PUT.apiDoc = {
  */
 export function putFundingSource(): RequestHandler {
   return async (req, res) => {
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     try {
       await connection.open();
@@ -408,7 +408,7 @@ DELETE.apiDoc = {
  */
 export function deleteFundingSource(): RequestHandler {
   return async (req, res) => {
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     const fundingSourceId = Number(req.params.fundingSourceId);
 

diff --git a/api/src/paths/observation/index.test.ts b/api/src/paths/observation/index.test.ts
@@ -6,7 +6,9 @@ import { SYSTEM_ROLE } from '../../constants/roles';
 import * as db from '../../database/db';
 import { HTTPError } from '../../errors/http-error';
 import { ObservationRecordWithSamplingAndSubcountData } from '../../repositories/observation-repository/observation-repository';
+import { SystemUser } from '../../repositories/user-repository';
 import { ObservationService } from '../../services/observation-service';
+import { KeycloakUserInformation } from '../../utils/keycloak-utils';
 import { getMockDBConnection, getRequestHandlerMocks } from '../../__mocks__/db';
 import { findObservations } from './index';
 
@@ -79,10 +81,10 @@ describe('findObservations', () => {
       sort: undefined,
       order: undefined
     };
-    mockReq['keycloak_token'] = {};
-    mockReq['system_user'] = {
+    mockReq.keycloak_token = {} as KeycloakUserInformation;
+    mockReq.system_user = {
       role_names: [SYSTEM_ROLE.SYSTEM_ADMIN]
-    };
+    } as SystemUser;
 
     const requestHandler = findObservations();
 
@@ -172,10 +174,10 @@ describe('findObservations', () => {
       sort: undefined,
       order: undefined
     };
-    mockReq['keycloak_token'] = {};
-    mockReq['system_user'] = {
+    mockReq.keycloak_token = {} as KeycloakUserInformation;
+    mockReq.system_user = {
       role_names: [SYSTEM_ROLE.PROJECT_CREATOR]
-    };
+    } as SystemUser;
 
     const requestHandler = findObservations();
 

diff --git a/api/src/paths/observation/index.ts b/api/src/paths/observation/index.ts
@@ -13,6 +13,7 @@ import {
   makePaginationOptionsFromRequest,
   makePaginationResponse
 } from '../../utils/pagination';
+import { getSystemUserFromRequest } from '../../utils/request';
 
 const defaultLog = getLogger('paths/observation/index');
 
@@ -169,16 +170,18 @@ export function findObservations(): RequestHandler {
   return async (req, res) => {
     defaultLog.debug({ label: 'getObservations' });
 
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     try {
       await connection.open();
 
       const systemUserId = connection.systemUserId();
 
+      const systemUser = getSystemUserFromRequest(req);
+
       const isUserAdmin = userHasValidRole(
         [SYSTEM_ROLE.SYSTEM_ADMIN, SYSTEM_ROLE.DATA_ADMINISTRATOR],
-        req['system_user']['role_names']
+        systemUser.role_names
       );
 
       const filterFields = parseQueryParams(req);

diff --git a/api/src/paths/project/create.ts b/api/src/paths/project/create.ts
@@ -87,7 +87,7 @@ POST.apiDoc = {
  */
 export function createProject(): RequestHandler {
   return async (req, res) => {
-    const connection = getDBConnection(req['keycloak_token']);
+    const connection = getDBConnection(req.keycloak_token);
 
     const sanitizedProjectPostData = new PostProjectObject(req.body);