Audit Bugs - 1148 , 1152 , 1153

ELEVATE-Project · Mar 19, 2024 · be6f151 · be6f151
1 parent 3ebb56e
commit be6f151
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 7 deletions.
diff --git a/src/constants/common.js b/src/constants/common.js
@@ -28,7 +28,7 @@ module.exports = {
 		'/user/v1/user-role/default',
 	],
 	notificationEmailType: 'email',
-	accessTokenExpiry: `${process.env.ACCESS_TOKEN_EXPIRY}d`,
+	accessTokenExpiry: process.env.ACCESS_TOKEN_EXPIRY,
 	refreshTokenExpiry: `${process.env.REFRESH_TOKEN_EXPIRY}d`,
 	refreshTokenExpiryInMs: Number(process.env.REFRESH_TOKEN_EXPIRY) * 24 * 60 * 60 * 1000,
 	refreshTokenLimit: 3,

diff --git a/src/envVariables.js b/src/envVariables.js
@@ -96,11 +96,11 @@ let enviromentVariables = {
 		optional: process.env.CLOUD_STORAGE === 'AZURE' ? false : true,
 	},
 	ACCESS_TOKEN_EXPIRY: {
-		message: 'Required access token expiry in days',
+		message: 'Required access token expiry',
 		optional: false,
 	},
 	REFRESH_TOKEN_EXPIRY: {
-		message: 'Required refresh token expiry in days',
+		message: 'Required refresh token expiry',
 		optional: false,
 	},
 	API_DOC_URL: {

diff --git a/src/locales/en.json b/src/locales/en.json
@@ -113,5 +113,6 @@
 	"ROLES_HAS_EMPTY_LIST": "Empty roles list",
 	"COLUMN_DOES_NOT_EXISTS": "Role column does not exists",
 	"PERMISSION_DENIED": "You do not have the required permissions to access this resource. Please contact your administrator for assistance.",
-	"RELATED_ORG_REMOVAL_FAILED": "Requested organization not related the organization. Please check the values."
+	"RELATED_ORG_REMOVAL_FAILED": "Requested organization not related the organization. Please check the values.",
+	"INAVLID_ORG_ROLE_REQ": "Invalid organisation request"
 }
diff --git a/src/services/org-admin.js b/src/services/org-admin.js
@@ -237,6 +237,19 @@ module.exports = class OrgAdminHelper {
 			const requestId = bodyData.request_id
 			delete bodyData.request_id
 
+			const requestDetail = await orgRoleReqQueries.requestDetails({
+				id: requestId,
+				organization_id: tokenInformation.organization_id,
+			})
+
+			if (requestDetail.status !== common.REQUESTED_STATUS) {
+				return responses.failureResponse({
+					message: 'INAVLID_ORG_ROLE_REQ',
+					statusCode: httpStatusCode.bad_request,
+					responseCode: 'CLIENT_ERROR',
+				})
+			}
+
 			bodyData.handled_by = tokenInformation.id
 			const rowsAffected = await orgRoleReqQueries.update(
 				{ id: requestId, organization_id: tokenInformation.organization_id },

diff --git a/src/validators/v1/account.js b/src/validators/v1/account.js
@@ -25,7 +25,15 @@ module.exports = {
 			.withMessage('email is invalid')
 			.normalizeEmail({ gmail_remove_dots: false })
 
-		req.checkBody('password').trim().notEmpty().withMessage('password field is empty')
+		req.checkBody('password')
+			.notEmpty()
+			.withMessage('Password field is empty')
+			.matches(/^(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+{}|:"<>?~`\-=[\];',.\/])[^ ]{10,}$/)
+			.withMessage(
+				'Password must have at least one uppercase letter, one number, one special character, and be at least 10 characters long'
+			)
+			.custom((value) => !/\s/.test(value))
+			.withMessage('Password cannot contain spaces')
 
 		if (req.body.role) {
 			req.checkBody('role').trim().not().isIn([common.ADMIN_ROLE]).withMessage("User does't have admin access")
@@ -64,7 +72,15 @@ module.exports = {
 
 	resetPassword: (req) => {
 		req.checkBody('email').notEmpty().withMessage('email field is empty').isEmail().withMessage('email is invalid')
-		req.checkBody('password').notEmpty().withMessage('password field is empty')
+		req.checkBody('password')
+			.notEmpty()
+			.withMessage('Password field is empty')
+			.matches(/^(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+{}|:"<>?~`\-=[\];',.\/])[^ ]{10,}$/)
+			.withMessage(
+				'Password must have at least one uppercase letter, one number, one special character, and be at least 10 characters long'
+			)
+			.custom((value) => !/\s/.test(value))
+			.withMessage('Password cannot contain spaces')
 
 		req.checkBody('otp')
 			.notEmpty()

diff --git a/src/validators/v1/admin.js b/src/validators/v1/admin.js
@@ -27,7 +27,15 @@ module.exports = {
 			.withMessage('email is invalid')
 			.normalizeEmail()
 
-		req.checkBody('password').trim().notEmpty().withMessage('password field is empty')
+		req.checkBody('password')
+			.notEmpty()
+			.withMessage('Password field is empty')
+			.matches(/^(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+{}|:"<>?~`\-=[\];',.\/])[^ ]{10,}$/)
+			.withMessage(
+				'Password must have at least one uppercase letter, one number, one special character, and be at least 10 characters long'
+			)
+			.custom((value) => !/\s/.test(value))
+			.withMessage('Password cannot contain spaces')
 	},
 
 	login: (req) => {