feat(users): add endpoint to lookup user from nfc code (#424)

GEWIS · Jan 13, 2025 · c1aefda · c1aefda
1 parent ecee703
commit c1aefda
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 0 deletions.
diff --git a/src/controller/user-controller.ts b/src/controller/user-controller.ts
@@ -133,6 +133,14 @@ export default class UserController extends BaseController {
           restrictions: { acceptedTOS: false },
         },
       },
+      '/nfc/:nfcCode': {
+        GET: {
+          policy: async (req) => this.roleManager.can(
+            req.token.roles, 'get', 'all', 'User', ['*'],
+          ),
+          handler: this.findUserNfc.bind(this),
+        },
+      },
       '/:id(\\d+)/authenticator/pin': {
         PUT: {
           body: { modelName: 'UpdatePinRequest' },
@@ -876,6 +884,36 @@ export default class UserController extends BaseController {
     }
   }
 
+  /**
+   * GET /users/nfc/{id}
+   * @summary Get a user using the nfc code
+   * @operationId findUserNfc
+   * @tags users - Operations of the user controller
+   * @security JWT
+   * @param {integer} nfcCode.path.required - The nfc code of the user
+   * @return {UserResponse} 200 - The requested user
+   * @return {string} 404 - The user with the given nfc code does not exist
+   */
+  public async findUserNfc(req: RequestWithToken, res: Response): Promise<void> {
+    const parameters = req.params;
+    this.logger.trace('Find user nfc', parameters, 'by user', req.token.user);
+
+    try {
+      const nfcCode = String(parameters.nfcCode);
+      const nfc = await NfcAuthenticator.findOne({ where: { nfcCode } });
+
+      if (nfc === null) {
+        res.status(404).json('Unknown nfc code');
+        return;
+      }
+
+      res.status(200).json(parseUserToResponse(nfc.user));
+    } catch (error) {
+      this.logger.error('Could not find user using nfc:', error);
+      res.status(500).json('Internal server error.');
+    }
+  }
+
   /**
    * POST /users/acceptTos
    * @summary Accept the Terms of Service if you have not accepted it yet

diff --git a/test/unit/controller/user-controller.ts b/test/unit/controller/user-controller.ts
@@ -79,6 +79,7 @@ import { Client } from 'pdf-generator-client';
 import { BasePdfService } from '../../../src/service/pdf/pdf-service';
 import { RbacSeeder } from '../../seed';
 import Dinero from 'dinero.js';
+import NfcAuthenticator from '../../../src/entity/authenticator/nfc-authenticator';
 
 chai.use(deepEqualInAnyOrder);
 
@@ -424,6 +425,55 @@ describe('UserController', (): void => {
     });
   });
 
+  describe('GET /users/nfc/:id', () => {
+    it('should return correct model', async () => {
+      const user = ctx.users[0];
+      const nfc = await NfcAuthenticator.save({
+        userId: user.id,
+        nfcCode: 'vo-de-ledenABC41',
+      });
+      const res = await request(ctx.app)
+        .get(`/users/nfc/${nfc.nfcCode}`)
+        .set('Authorization', `Bearer ${ctx.adminToken}`);
+      expect(res.status).to.equal(200);
+      expect(ctx.specification.validateModel('UserResponse', res.body, false, true).valid).to.be.true;
+    });
+    it('should return an HTTP 404 if the nfc code does not exist', async () => {
+      const res = await request(ctx.app)
+        .get('/users/nfc/12345')
+        .set('Authorization', `Bearer ${ctx.adminToken}`);
+      expect(res.status).to.equal(404);
+      expect(res.body).to.equal('Unknown nfc code');
+    });
+    it('should return an HTTP 403 if not admin', async () => {
+      const user = ctx.users[0];
+      const nfc = await NfcAuthenticator.save({
+        userId: user.id,
+        nfcCode: 'vo-de-ledenABC41',
+      });
+      const res = await request(ctx.app)
+        .get(`/users/nfc/${nfc.nfcCode}`)
+        .set('Authorization', `Bearer ${ctx.userToken}`);
+      expect(res.status).to.equal(403);
+    });
+    it('should return the correct user if nfc code is correct', async () => {
+      const user = ctx.users[0];
+      const nfc = await NfcAuthenticator.save({
+        userId: user.id,
+        nfcCode: 'vo-de-ledenABC41',
+      });
+      const res = await request(ctx.app)
+        .get(`/users/nfc/${nfc.nfcCode}`)
+        .set('Authorization', `Bearer ${ctx.adminToken}`);
+      expect(res.status).to.equal(200);
+      expect(ctx.specification.validateModel(
+        'UserResponse',
+        res.body,
+      ).valid).to.be.true;
+      expect(res.body.id).to.equal(user.id);
+    });
+  });
+
   describe('GET /users/usertype/:userType', () => {
     it('should return correct model', async () => {
       const res = await request(ctx.app)