diff --git a/data/datacreator.ts b/data/datacreator.ts index c08318a0a87..f887cc85fa9 100644 --- a/data/datacreator.ts +++ b/data/datacreator.ts @@ -401,7 +401,7 @@ async function createBaskets () { return await Promise.all( baskets.map(async basket => { return await BasketModel.create({ - UserId: basket.UserId + UserModelId: basket.UserId }).catch((err: unknown) => { logger.error(`Could not insert Basket for UserId ${basket.UserId}: ${utils.getErrorMessage(err)}`) }) @@ -601,7 +601,7 @@ async function createSecurityQuestions () { } async function createSecurityAnswer (UserId: number, SecurityQuestionId: number, answer: string) { - return await SecurityAnswerModel.create({ SecurityQuestionId, UserId, answer }).catch((err: unknown) => { + return await SecurityAnswerModel.create({ SecurityQuestionModelId:SecurityQuestionId, UserModelId:UserId, answer }).catch((err: unknown) => { logger.error(`Could not insert SecurityAnswer ${answer} mapped to UserId ${UserId}: ${utils.getErrorMessage(err)}`) }) } diff --git a/models/basket.ts b/models/basket.ts index fc58af21146..75d6a5bca73 100644 --- a/models/basket.ts +++ b/models/basket.ts @@ -20,10 +20,10 @@ class BasketModel extends Model< InferAttributes, InferCreationAttributes > { - declare UserId: CreationOptional + declare UserModelId: CreationOptional declare id: CreationOptional declare coupon: CreationOptional | null - declare Products?: NonAttribute + declare ProductModels?: NonAttribute } const BasketModelInit=(sequelize:Sequelize)=>{ @@ -35,7 +35,7 @@ BasketModel.init( autoIncrement: true }, coupon: DataTypes.STRING, - UserId:{ + UserModelId:{ type: DataTypes.INTEGER } }, diff --git a/models/captcha.ts b/models/captcha.ts index 3d14d5173eb..a12f80fe21a 100644 --- a/models/captcha.ts +++ b/models/captcha.ts @@ -25,8 +25,6 @@ CaptchaModel.init( { captchaId: { type: DataTypes.INTEGER, - primaryKey: true, - autoIncrement: true }, captcha: DataTypes.STRING, answer: DataTypes.STRING diff --git a/models/quantity.ts b/models/quantity.ts index e4262971189..6d5714c15c7 100644 --- a/models/quantity.ts +++ b/models/quantity.ts @@ -26,8 +26,10 @@ InferCreationAttributes const QuantityModelInit=(sequelize:Sequelize)=>{ QuantityModel.init( - // @ts-expect-error { + ProductId:{ + type: DataTypes.INTEGER + }, id: { type: DataTypes.INTEGER, primaryKey: true, diff --git a/models/securityAnswer.ts b/models/securityAnswer.ts index 672f64c9f0d..0ba1ce144b4 100644 --- a/models/securityAnswer.ts +++ b/models/securityAnswer.ts @@ -18,8 +18,8 @@ class SecurityAnswerModel extends Model< InferAttributes, InferCreationAttributes > { - declare SecurityQuestionId: number - declare UserId: number + declare SecurityQuestionModelId: number + declare UserModelId: number declare id: CreationOptional declare answer: string } @@ -27,10 +27,11 @@ InferCreationAttributes const SecurityAnswerModelInit=(sequelize:Sequelize)=>{ SecurityAnswerModel.init( { - UserId:{ - type: DataTypes.INTEGER + UserModelId:{ + type: DataTypes.INTEGER, + unique: true }, - SecurityQuestionId:{ + SecurityQuestionModelId:{ type: DataTypes.INTEGER }, diff --git a/routes/2fa.ts b/routes/2fa.ts index b9abf2ea5e6..abb85106dac 100644 --- a/routes/2fa.ts +++ b/routes/2fa.ts @@ -43,7 +43,7 @@ async function verify (req: Request, res: Response) { } utils.solveIf(challenges.twoFactorAuthUnsafeSecretStorageChallenge, () => { return user.email === 'wurstbrot@' + config.get('application.domain') }) - const [basket] = await BasketModel.findOrCreate({ where: { UserId: userId } }) + const [basket] = await BasketModel.findOrCreate({ where: { UserModelId: userId } }) const token = security.authorize(plainUser) plainUser.bid = basket.id // keep track of original basket for challenge solution check diff --git a/routes/basket.ts b/routes/basket.ts index 984a07852c4..1e9bd3a6bd0 100644 --- a/routes/basket.ts +++ b/routes/basket.ts @@ -21,11 +21,13 @@ module.exports = function retrieveBasket () { const user = security.authenticatedUsers.from(req) return user && id && id !== 'undefined' && id !== 'null' && id !== 'NaN' && user.bid && user.bid != id // eslint-disable-line eqeqeq }) - if (basket?.Products && basket.Products.length > 0) { - for (let i = 0; i < basket.Products.length; i++) { - basket.Products[i].name = req.__(basket.Products[i].name) + if (basket?.ProductModels && basket.ProductModels.length > 0) { + for (let i = 0; i < basket.ProductModels.length; i++) { + basket.ProductModels[i].name = req.__(basket.ProductModels[i].name) } } + // TODO: This works but in response it sends [ProductModels] field but the API and tests + // expect [Products] named field res.json(utils.queryResultToJson(basket)) }).catch((error: Error) => { next(error) diff --git a/routes/basketItems.ts b/routes/basketItems.ts index 19cfb4cfd5f..f194e5f171f 100644 --- a/routes/basketItems.ts +++ b/routes/basketItems.ts @@ -11,9 +11,13 @@ const utils = require('../lib/utils') const challenges = require('../data/datacache').challenges const security = require('../lib/insecurity') +interface RequestWithRawBody extends Request { + rawBody: string +} + module.exports.addBasketItem = function addBasketItem () { - return (req: Request, res: Response, next: NextFunction) => { - const result = utils.parseJsonCustom(req.body) // Discuss this change once + return (req: RequestWithRawBody, res: Response, next: NextFunction) => { + const result = utils.parseJsonCustom(req.rawBody) const productIds = [] const basketIds = [] const quantities = [] @@ -40,7 +44,7 @@ module.exports.addBasketItem = function addBasketItem () { utils.solveIf(challenges.basketManipulateChallenge, () => { return user && basketItem.BasketId && basketItem.BasketId !== 'undefined' && user.bid != basketItem.BasketId }) // eslint-disable-line eqeqeq const basketItemInstance = BasketItemModel.build(basketItem) - basketItemInstance.save().then((addedBasketItem: BasketItemModel) => { + basketItemInstance.save().then((addedBasketItem: BasketItemModel) => { res.json({ status: 'success', data: addedBasketItem }) }).catch((error: Error) => { next(error) diff --git a/routes/dataErasure.ts b/routes/dataErasure.ts index 1799113d29c..65c18edefcd 100644 --- a/routes/dataErasure.ts +++ b/routes/dataErasure.ts @@ -33,7 +33,7 @@ router.get('/', async (req: Request, res: Response, next: NextFunction): Promise if (!answer) { throw new Error('No answer found!') } - const question = await SecurityQuestionModel.findByPk(answer.SecurityQuestionId) + const question = await SecurityQuestionModel.findByPk(answer.SecurityQuestionModelId) if (!question) { throw new Error('No question found!') } diff --git a/routes/fileUpload.ts b/routes/fileUpload.ts index 2848ff8b1c5..cc9241195ed 100644 --- a/routes/fileUpload.ts +++ b/routes/fileUpload.ts @@ -14,12 +14,12 @@ const vm = require('vm') const unzipper = require('unzipper') const path = require('path') -function matchesSystemIniFile (text) { +function matchesSystemIniFile (text: string) { const match = text.match(/(; for 16-bit app support|drivers|mci|driver32|386enh|keyboard|boot|display)/gi) return match && match.length >= 2 } -function matchesEtcPasswdFile (text) { +function matchesEtcPasswdFile (text: string) { const match = text.match(/\w*:\w*:\d*:\d*:\w*:.*/gi) return match && match.length >= 2 } @@ -52,7 +52,7 @@ function handleZipFileUpload ({ file }: Request, res: Response, next: NextFuncti } else { entry.autodrain() } - }).on('error', function (err) { next(err) }) + }).on('error', function (err: unknown) { next(err) }) }) }) }) diff --git a/routes/login.ts b/routes/login.ts index 3b8d730eba3..8c64b1f62d5 100644 --- a/routes/login.ts +++ b/routes/login.ts @@ -19,7 +19,7 @@ const config = require('config') module.exports = function login () { function afterLogin (user: { data: User, bid: number }, res: Response, next: NextFunction) { verifyPostLoginChallenges(user) // vuln-code-snippet hide-line - BasketModel.findOrCreate({ where: { UserId: user.data.id } }) + BasketModel.findOrCreate({ where: { UserModelId: user.data.id } }) .then(([basket]: [BasketModel, boolean]) => { const token = security.authorize(user) user.bid = basket.id // keep track of original basket diff --git a/routes/order.ts b/routes/order.ts index 614e7230be5..42262c76842 100644 --- a/routes/order.ts +++ b/routes/order.ts @@ -57,7 +57,7 @@ module.exports = function placeOrder () { let totalPrice = 0 const basketProducts: Product[] = [] let totalPoints = 0 - basket.Products?.forEach(({ BasketItem, price, deluxePrice, name, id }) => { + basket.ProductModels?.forEach(({ BasketItem, price, deluxePrice, name, id }) => { if (BasketItem) { utils.solveIf(challenges.christmasSpecialChallenge, () => { return BasketItem.ProductId === products.christmasSpecial.id }) diff --git a/routes/resetPassword.ts b/routes/resetPassword.ts index b6bd045b006..23e03aad3ae 100644 --- a/routes/resetPassword.ts +++ b/routes/resetPassword.ts @@ -34,7 +34,7 @@ module.exports = function resetPassword () { }] }).then((data: SecurityAnswerModel | null) => { if (data && security.hmac(answer) === data.answer) { - UserModel.findByPk(data.UserId).then((user: UserModel | null) => { + UserModel.findByPk(data.UserModelId).then((user: UserModel | null) => { user?.update({ password: newPassword }).then((user: UserModel) => { verifySecurityAnswerChallenges(user, answer) res.json({ user }) diff --git a/routes/securityQuestion.ts b/routes/securityQuestion.ts index 0bd191f6430..58dbb075440 100644 --- a/routes/securityQuestion.ts +++ b/routes/securityQuestion.ts @@ -18,7 +18,7 @@ module.exports = function securityQuestion () { }] }).then((answer: SecurityAnswerModel | null) => { if (answer) { - SecurityQuestionModel.findByPk(answer.SecurityQuestionId).then((question: SecurityQuestionModel | null) => { + SecurityQuestionModel.findByPk(answer.SecurityQuestionModelId).then((question: SecurityQuestionModel | null) => { res.json({ question }) }).catch((error: Error) => { next(error)