Add checkUserData utility function to check if user is an admin or he…

…lpdesk user and if they have no BAP combo keys, and use it in the empty BAP combo keys conditional in BAP /submissions endpoint to return an empty array instead of a 401 Unauthorized response for admin or helpdesk users
USEPA · Nov 27, 2024 · 06d11fc · 06d11fc
1 parent 9fe2a8d
commit 06d11fc
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 6 deletions.
diff --git a/app/server/app/routes/bap.js b/app/server/app/routes/bap.js
@@ -6,6 +6,7 @@ const {
   getSamEntities,
   getBapFormSubmissionsStatuses,
 } = require("../utilities/bap");
+const { checkUserData } = require("../utilities/user");
 const log = require("../utilities/logger");
 
 const router = express.Router();
@@ -26,10 +27,9 @@ router.use(ensureAuthenticated);
 
 // --- get user's SAM.gov data from the BAP
 router.get("/sam", (req, res) => {
-  const { mail, memberof } = req.user;
-  const userRoles = memberof.split(",");
-  const adminOrHelpdeskUser =
-    userRoles.includes("csb_admin") || userRoles.includes("csb_helpdesk");
+  const { mail } = req.user;
+
+  const { adminOrHelpdeskUser } = checkUserData({ req });
 
   if (!mail) {
     const logMessage = `User with no email address attempted to fetch SAM.gov records.`;
@@ -76,10 +76,15 @@ router.get("/sam", (req, res) => {
 
 // --- get user's form submissions statuses from the BAP
 router.get("/submissions", storeBapComboKeys, (req, res) => {
-  const { bapComboKeys } = req;
   const { mail } = req.user;
 
-  if (bapComboKeys.length === 0) {
+  const { adminOrHelpdeskUser, noBapComboKeys } = checkUserData({ req });
+
+  if (noBapComboKeys) {
+    if (adminOrHelpdeskUser) {
+      return res.json([]);
+    }
+
     const logMessage =
       `User with email '${mail}' attempted to fetch form submissions ` +
       `from the BAP without any SAM.gov combo keys.`;

diff --git a/app/server/app/utilities/user.js b/app/server/app/utilities/user.js
@@ -0,0 +1,37 @@
+const express = require("express");
+
+/**
+ * @typedef {Object} User
+ * @property {string} mail
+ * @property {string} memberof
+ * @property {string} nameID
+ * @property {string} nameIDFormat
+ * @property {string} spNameQualifier
+ * @property {string} sessionIndex
+ * @property {number} iat
+ * @property {number} exp
+ */
+
+/**
+ * Determines if the user is an admin or helpdesk user and if they have any BAP
+ * combo keys.
+ *
+ * @param {Object} param
+ * @param {express.Request} param.req
+ */
+function checkUserData({ req }) {
+  /** @type {{ bapComboKeys: string[]; user: User }} */
+  const { bapComboKeys, user } = req;
+
+  const userRoles = user.memberof.split(",");
+  const adminOrHelpdeskUser =
+    userRoles.includes("csb_admin") || userRoles.includes("csb_helpdesk");
+
+  const noBapComboKeys = bapComboKeys?.length === 0;
+
+  return { adminOrHelpdeskUser, noBapComboKeys };
+}
+
+module.exports = {
+  checkUserData,
+};