Merge branch 'hin-920-create-user-api' into 'develop'

create user api See merge request !44

Merge branch 'hin-920-create-user-api' into 'develop'
create user api See merge request !44
dd25c75d · Sebastian Mihalache · 9e7e917c · d243aee6 · dd25c75d · dd25c75d
Commit dd25c75d authored 6 years ago by Sebastian Mihalache
--- a/packages/component-user-manager/src/Users.js
+++ b/packages/component-user-manager/src/Users.js
+const config = require('config')
+const jwt = require('jsonwebtoken')
 const bodyParser = require('body-parser')
 const orcidRoutes = require('./routes/users/linkOrcid')
@@ -167,6 +169,7 @@ const Users = app => {
   * @apiGroup Users
   * @apiSuccessExample {json} Success
   *    HTTP/1.1 200 OK
+   *    { users:
   *    [{
   *      "id": "a6184463-b17a-42f8-b02b-ae1d755cdc6b",
   *      "type": "user",
@@ -201,6 +204,7 @@ const Users = app => {
   *      "isSubmitting": false,
   *      "isCorresponding": false,
   *    }]
+   *    }
   * @apiErrorExample {json} List errors
   *    HTTP/1.1 403 Unauthorized
   */
@@ -209,9 +213,65 @@ const Users = app => {
    authBearer,
    require(`./routes/users/get`)(app.locals.models),
  )
+  /**
+   * @api {post} /api/users Create user
+   * @apiGroup Users
+   * @apiParamExample {json} Body
+   *    {
+   *      "password": "currentPassword",
+   *      "email": "email@example.com",
+   *      "firstName": "John",
+   *      "lastName": "Smith",
+   *      "affiliation": "UCLA",
+   *      "title": "Mr"
+   *    }
+   * @apiSuccessExample {json} Success
+   *    HTTP/1.1 200 OK
+   *    {
+   *      "id": "a6184463-b17a-42f8-b02b-ae1d755cdc6b",
+   *      "type": "user",
+   *      "admin": false,
+   *      "email": "email@example.com",
+   *      "teams": [],
+   *      "username": "email@example.com",
+   *      "fragments": [],
+   *      "collections": [],
+   *      "isConfirmed": true,
+   *      "editorInChief": false,
+   *      "handlingEditor": false,
+   *      "notifications": {
+   *        "email": {
+   *           "system": true,
+   *           "user": true
+   *         }
+   *       }
+   *    }
+   * @apiErrorExample {json} Reset password errors
+   *    HTTP/1.1 400 Bad Request
+   *    HTTP/1.1 404 Not Found
+   */
+  app.post(
+    '/api/users',
+    authorize,
+    require('./routes/users/post')(app.locals.models),
+  )
  // register ORCID authentication strategy
  orcidRoutes(app)
 }
+const authorize = async (req, res, next) => {
+  if (req.headers.authorization) {
+    const [, bToken] = req.headers.authorization.split(' ')
+    try {
+      const payload = jwt.verify(bToken, config.get('pubsweet-server.secret'))
+      req.user = payload.id
+      return next()
+    } catch (e) {
+      return res.status(403).json({ error: 'Unauthorized' })
+    }
+  }
+  return next()
+}
 module.exports = Users
--- a/packages/component-user-manager/src/routes/users/post.js
+++ b/packages/component-user-manager/src/routes/users/post.js
+const { pick } = require('lodash')
+const Chance = require('chance')
+const chance = new Chance()
+module.exports = models => async (req, res) => {
+  if (req.user) {
+    const admin = await models.User.find(req.user)
+    if (!admin.admin) {
+      return res.status(403).json({ error: 'Unauthorized' })
+    }
+  } else {
+    if (!req.body.agreeTC) {
+      return res.status(403).json({
+        error: 'Terms & Conditions must be read and approved.',
+      })
+    }
+    req.body = pick(req.body, [
+      'email',
+      'title',
+      'country',
+      'firstName',
+      'lastName',
+      'password',
+      'affiliation',
+    ])
+    req.body = {
+      ...req.body,
+      admin: false,
+      isActive: true,
+      isConfirmed: false,
+      handlingEditor: false,
+      editorInChief: false,
+      username: req.body.email,
+      confirmationToken: chance.hash(),
+      notifications: {
+        email: {
+          system: true,
+          user: true,
+        },
+      },
+    }
+  }
+  let user = new models.User(req.body)
+  try {
+    user = await user.save()
+    return res.status(201).json(user)
+  } catch (err) {
+    return res.status(400).json({ error: err.message })
+  }
+}
--- a/packages/components-faraday/src/components/SignUp/utils.js
+++ b/packages/components-faraday/src/components/SignUp/utils.js
@@ -5,28 +5,8 @@ import { loginUser } from 'pubsweet-component-login/actions'
 import { handleFormError } from '../utils'
-const generatePasswordHash = () =>
-  Array.from({ length: 4 }, () =>
-    Math.random()
-      .toString(36)
-      .slice(4),
-  ).join('')
 export const parseSignupAuthor = ({ token, confirmPassword, ...values }) => ({
  ...values,
-  admin: false,
-  isActive: true,
-  isConfirmed: false,
-  editorInChief: false,
-  handlingEditor: false,
-  username: values.email,
-  confirmationToken: generatePasswordHash(),
-  notifications: {
-    email: {
-      system: true,
-      user: true,
-    },
-  },
 })
 export const parseSearchParams = url => {