chore: release v1.5.1

50308cde · Philipp Berger · 78f28b96 · 50308cde · 50308cde · 50308cde
Unverified Commit 50308cde authored Jul 13, 2021 by Philipp Berger
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog

+### 1.5.1 (2021-07-13)
+* **backend:** ref: refactor input validations
+* **health-department:** fix: SORMAS import file
+
 ### 1.5.0 (2021-07-06)
 * **backend:** feat: replace node-mailjet with axios
 * **backend:** feat: move some error handling to cryto package
 * **backend:** feat: add GTX SMS provider
-* **backend** feat: add route to provide download url for signing tool
+* **backend:** feat: add route to provide download url for signing tool
 * **backend:** feat: return a different status code for expired SMS challenges
 * **backend:** feat: moved traceId calculation to backend
 * **backend:** feat: completely delete tracing processes after 28 days
@@ -12,24 +16,23 @@
 * **backend:** chore: colorize and improve dev logging output
 * **backend:** chore: publish traceIds for notifications when data was shared
 * **health-department:** fix: add missing mac check
-* **health-department** chore: add limit for private key file size
+* **health-department:** chore: add limit for private key file size
 * **health-department:** feat: visualise signed public keys
 * **health-department:** feat: set main font and remove duplicate definitions
 * **locations:** fix: "forgot password" displaying incorrect error message for not activated users
 * **locations:** fix: typos in registration email step
-* **locations** fix: private key modal issue
-* **locations** chore: add limit for private key file size
-* **location** feat: redesign header
-* **location** feat: checkin options for guests are directly accessible via location view
-* **location** feat: provide link to checkin options via qr code
+* **locations:** fix: private key modal issue
+* **locations:** chore: add limit for private key file size
+* **locations:** feat: redesign header
+* **locations:** feat: checkin options for guests are directly accessible via location view
+* **locations:** feat: provide link to checkin options via qr code
 * **webapp:** chore: fix typos
-* **webapp** feat: add gitlab link
+* **webapp:** feat: add gitlab link
 * **webapp:** feat: validate that private meeting is not spoofing a location
-* **webapp** feat: add a consent modal for data sharing with the health department
+* **webapp:** feat: add a consent modal for data sharing with the health department
 * security: update container base images and install security patches
 * feat: add husky for git hooks

-
 ### 1.4.0 (2021-06-29)
 * **backend:** feat: add test provider key route
 * **backend:** feat: add isTrusted to Operators
@@ -51,7 +54,6 @@
 * **locations:** feat: updated terms and conditions links for venues
 * **locations:** feat: trusted venues can register badges without phone validation

-
 ### 1.3.0 (2021-06-20)
 * **backend:** feat: improve IP blocks
 * **backend:** feat: improve email storage in postgres

--- a/e2e/package.json
+++ b/e2e/package.json
 {
  "name": "e2e",
-  "version": "1.5.0",
+  "version": "1.5.1",
  "main": "index.js",
  "private": true,
  "engines": {

--- a/e2e/specs/contact-form/helpers/functions.js
+++ b/e2e/specs/contact-form/helpers/functions.js
@@ -9,7 +9,7 @@ export function fillForm({
  houseNumber = faker.address.streetAddress(),
  zip = faker.address.zipCode(),
  city = faker.address.city(),
-  phoneNumber = faker.phone.phoneNumber('0049165#######'),
+  phoneNumber = faker.phone.phoneNumber('0049176#######'),
  email = faker.internet.email(),
 } = {}) {
  cy.getByCy('firstName').type(firstName);

--- a/e2e/specs/locations/group/create/createHotelAndBase.spec.js
+++ b/e2e/specs/locations/group/create/createHotelAndBase.spec.js
@@ -3,7 +3,7 @@ import { checkRadiusInput } from '../../helpers/inputValidation.helper';

 const HOTEL_NAME = 'Test Hotel';
 const HOTEL_ADDRESS = 'Nexenio';
-const HOTEL_PHONE = '0123456789';
+const HOTEL_PHONE = '017612345678';
 const HOTEL_AREA = 'Restaurant';
 const HOTEL_RADIUS = '100';


--- a/e2e/specs/locations/group/create/createNursingHome.spec.js
+++ b/e2e/specs/locations/group/create/createNursingHome.spec.js
@@ -3,7 +3,7 @@ import { checkRadiusInput } from '../../helpers/inputValidation.helper';

 const NURSING_HOME_NAME = 'Test Nursing Home';
 const NURSING_HOME_ADDRESS = 'Nexenio';
-const NURSING_HOME_PHONE = '0123456789';
+const NURSING_HOME_PHONE = '017612345678';
 const NURSING_HOME_RADIUS = '100';
 describe('Group creation', () => {
  beforeEach(() => login());

--- a/e2e/specs/locations/group/create/createRestaurant.spec.js
+++ b/e2e/specs/locations/group/create/createRestaurant.spec.js
@@ -3,7 +3,7 @@ import { checkRadiusInput } from '../../helpers/inputValidation.helper';

 const RESTAURANT_NAME = 'Test Restaurant';
 const RESTAURANT_ADDRESS = 'Nexenio';
-const RESTAURANT_PHONE = '0123456789';
+const RESTAURANT_PHONE = '017612345678';
 const RESTAURANT_TABLE_COUNT = '12';
 const RESTAURANT_RADIUS = '100';
 describe('Group creation', () => {

--- a/e2e/specs/locations/group/create/createWithManuelAddressInput.spec.js
+++ b/e2e/specs/locations/group/create/createWithManuelAddressInput.spec.js
 import { login } from '../../helpers/functions';

-const HOTEL_PHONE = '0123456789';
+const HOTEL_PHONE = '017612345678';

 const BASE_NAME = 'Test Group';
 const BASE_AREA = 'Some area';

--- a/e2e/specs/locations/helpers/functions.helper.js
+++ b/e2e/specs/locations/helpers/functions.helper.js
@@ -5,7 +5,7 @@ export const createGroupPayload = {
  name: 'Testing group',
  firstName: 'Torsten',
  lastName: 'Tester',
-  phone: '0123456789',
+  phone: '017612345678',
  streetName: 'Charlottenstr.',
  streetNr: '59',
  zipCode: '10117',
@@ -24,7 +24,7 @@ export const getCreateLocationPayload = (groupId, locationName) => ({
  firstName: 'Torsten',
  lastName: 'Tester',
  streetName: 'Charlottenstr.',
-  phone: '017681######',
+  phone: '017612345678',
  streetNr: '59',
  zipCode: '10117',
  city: 'Berlin',

--- a/e2e/yarn.lock
+++ b/e2e/yarn.lock
--- a/package.json
+++ b/package.json
 {
-    "name": "@lucaapp/web",
-    "version": "1.5.0",
-    "private": true,
-    "license": "Apache-2.0",
-    "author": "Culture4Life <hello@luca-app.de> (https://www.luca-app.de/)",
-    "scripts": {
-        "latest": ". ./scripts/getGITEnvironmentVariables.sh && docker-compose -f docker-compose.yml",
-        "prod": ". ./scripts/getGITEnvironmentVariables.sh && IMAGE_TAG=prod docker-compose -f docker-compose.yml",
-        "dev": ". ./scripts/getGITEnvironmentVariables.sh && IMAGE_TAG=dev docker-compose -f docker-compose.yml -f docker-compose.dev.yml",
-        "test": ". ./scripts/getGITEnvironmentVariables.sh && IMAGE_TAG=test docker-compose -f docker-compose.yml -f docker-compose.test.yml",
-        "all": ". ./scripts/yarnAll.sh",
-        "prepare": "husky install",
-        "lint:backend": "npm run lint --prefix services/backend",
-        "lint:contact-form": "npm run lint --prefix services/contact-form",
-        "lint:health-department": "npm run lint --prefix services/health-department",
-        "lint:locations": "npm run lint --prefix services/locations",
-        "lint:scanner": "npm run lint --prefix services/scanner",
-        "lint:webapp": "npm run lint --prefix services/webapp"
-    },
-    "lint-staged": {
-        "services/backend/**/*.{js,jsx}": [
-            "npm run --silent lint:backend"
-        ],
-        "services/contact-form/**/*.{js,jsx}": [
-            "npm run --silent lint:contact-form"
-        ],
-        "services/health-department/**/*.{js,jsx}": [
-            "npm run --silent lint:health-department"
-        ],
-        "services/locations/**/*.{js,jsx}": [
-            "npm run --silent lint:locations"
-        ],
-        "services/scanner/**/*.{js,jsx}": [
-            "npm run --silent lint:scanner"
-        ],
-        "services/webapp/**/*.{js,jsx}": [
-            "npm run --silent lint:webapp"
-        ]
-    },
-    "devDependencies": {
-        "husky": "6.0.0",
-        "lint-staged": "11.0.0"
-    }
+  "name": "@lucaapp/web",
+  "version": "1.5.1",
+  "private": true,
+  "license": "Apache-2.0",
+  "author": "Culture4Life <hello@luca-app.de> (https://www.luca-app.de/)",
+  "scripts": {
+    "latest": ". ./scripts/getGITEnvironmentVariables.sh && docker-compose -f docker-compose.yml",
+    "prod": ". ./scripts/getGITEnvironmentVariables.sh && IMAGE_TAG=prod docker-compose -f docker-compose.yml",
+    "dev": ". ./scripts/getGITEnvironmentVariables.sh && IMAGE_TAG=dev docker-compose -f docker-compose.yml -f docker-compose.dev.yml",
+    "test": ". ./scripts/getGITEnvironmentVariables.sh && IMAGE_TAG=test docker-compose -f docker-compose.yml -f docker-compose.test.yml",
+    "all": ". ./scripts/yarnAll.sh",
+    "prepare": "husky install",
+    "lint:backend": "npm run lint --prefix services/backend",
+    "lint:contact-form": "npm run lint --prefix services/contact-form",
+    "lint:health-department": "npm run lint --prefix services/health-department",
+    "lint:locations": "npm run lint --prefix services/locations",
+    "lint:scanner": "npm run lint --prefix services/scanner",
+    "lint:webapp": "npm run lint --prefix services/webapp"
+  },
+  "lint-staged": {
+    "services/backend/**/*.{js,jsx}": [
+      "npm run --silent lint:backend"
+    ],
+    "services/contact-form/**/*.{js,jsx}": [
+      "npm run --silent lint:contact-form"
+    ],
+    "services/health-department/**/*.{js,jsx}": [
+      "npm run --silent lint:health-department"
+    ],
+    "services/locations/**/*.{js,jsx}": [
+      "npm run --silent lint:locations"
+    ],
+    "services/scanner/**/*.{js,jsx}": [
+      "npm run --silent lint:scanner"
+    ],
+    "services/webapp/**/*.{js,jsx}": [
+      "npm run --silent lint:webapp"
+    ]
+  },
+  "devDependencies": {
+    "husky": "6.0.0",
+    "lint-staged": "11.0.0"
+  }
 }
--- a/services/backend/package.json
+++ b/services/backend/package.json
 {
  "name": "@lucaapp/backend",
-  "version": "1.5.0",
+  "version": "1.5.1",
  "private": true,
  "license": "Apache-2.0",
  "author": "Culture4Life <hello@luca-app.de> (https://www.luca-app.de/)",
@@ -62,9 +62,10 @@
    "swagger-ui-express": "4.1.6",
    "triple-beam": "1.3.0",
    "uuid": "8.3.2",
+    "validator": "13.6.0",
    "winston": "3.3.3",
    "xml2js": "0.4.23",
-    "zod": "1.11.12"
+    "zod": "3.2.0"
  },
  "devDependencies": {
    "chai": "4.3.4",

--- a/services/backend/src/middlewares/validateSchema.js
+++ b/services/backend/src/middlewares/validateSchema.js
-const z = require('zod');
 const express = require('express');
 const status = require('http-status');
-const parsePhoneNumber = require('libphonenumber-js/max');
 const logger = require('../utils/logger');
-const passwordCheck = require('../utils/passwordCheck');

 const defaultJsonMiddleware = express.json();

@@ -59,24 +56,8 @@ const validateParametersSchema = schema => async (request, response, next) => {
  }
 };

-const supportedLanguagesEnum = z.union([z.literal('de'), z.literal('en')]);
-
-z.telephoneNumber = () =>
-  z.string(32).refine(
-    value => {
-      const number = parsePhoneNumber(value, 'DE');
-      return !!number && number.isValid();
-    },
-    {
-      message: 'invalid phonenumber',
-    }
-  );
-
 module.exports = {
-  z,
  validateSchema,
  validateQuerySchema,
  validateParametersSchema,
-  supportedLanguagesEnum,
-  passwordMeetsCriteria: passwordCheck,
 };
--- a/services/backend/src/routes/internal/end2end.js
+++ b/services/backend/src/routes/internal/end2end.js
@@ -20,18 +20,19 @@ router.post('/clean', async (request, response) => {
  ]);

  await Promise.all([
-    workflowOperator.update({
+    workflowOperator?.update({
      publicKey: null,
      password: 'workflowTesting!',
    }),
-    healthDepartmentEmployee.update({
+    healthDepartmentEmployee?.update({
      password: 'testing',
    }),
-    database.LocationGroup.destroy({
-      where: {
-        operatorId: workflowOperator.uuid,
-      },
-    }),
+    workflowOperator &&
+      database.LocationGroup.destroy({
+        where: {
+          operatorId: workflowOperator.uuid,
+        },
+      }),
    database.HealthDepartment.update(
      {
        publicHDEKP: null,

--- a/services/backend/src/routes/v3/auth.schemas.js
+++ b/services/backend/src/routes/v3/auth.schemas.js
-const { z } = require('../../middlewares/validateSchema');
+const { z } = require('../../utils/validation');

 const authSchema = z.object({
-  username: z.string().email(),
+  username: z.email(),
  password: z.string().max(255),
 });


--- a/services/backend/src/routes/v3/badges.schemas.js
+++ b/services/backend/src/routes/v3/badges.schemas.js
-const { z } = require('../../middlewares/validateSchema');
+const { z } = require('../../utils/validation');

 const badgeCreateSchema = z.object({
-  userId: z.string().uuid(),
-  publicKey: z.string().max(88),
-  data: z.string().length(44),
-  signature: z.string().max(96),
+  userId: z.uuid(),
+  publicKey: z.ecPublicKey(),
+  data: z.base64({ rawLength: 32 }),
+  signature: z.ecSignature(),
 });

 module.exports = { badgeCreateSchema };
--- a/services/backend/src/routes/v3/forms.schemas.js
+++ b/services/backend/src/routes/v3/forms.schemas.js
-const { z } = require('../../middlewares/validateSchema');
+const { z } = require('../../utils/validation');

 const formIdParametersSchema = z.object({
-  formId: z.string().uuid(),
+  formId: z.uuid(),
 });

 module.exports = {

--- a/services/backend/src/routes/v3/healthDepartmentEmployees.schemas.js
+++ b/services/backend/src/routes/v3/healthDepartmentEmployees.schemas.js
-const { z } = require('../../middlewares/validateSchema');
+const { z } = require('../../utils/validation');

 const createSchema = z.object({
-  email: z.string().email().max(255),
-  firstName: z.string().max(255),
-  lastName: z.string().max(255),
-  phone: z.string().max(255),
+  email: z.email(),
+  firstName: z.safeString().max(255),
+  lastName: z.safeString().max(255),
+  phone: z.safeString().max(255),
 });

 const updateSchema = z.object({
  isAdmin: z.boolean().optional(),
-  firstName: z.string().max(255).optional(),
-  lastName: z.string().max(255).optional(),
-  phone: z.string().max(255).optional(),
+  firstName: z.safeString().max(255).optional(),
+  lastName: z.safeString().max(255).optional(),
+  phone: z.safeString().max(255).optional(),
 });

 const employeeIdParametersSchema = z.object({
-  employeeId: z.string().uuid(),
+  employeeId: z.uuid(),
 });

 module.exports = {

--- a/services/backend/src/routes/v3/healthDepartmentEmployees/locations.schemas.js
+++ b/services/backend/src/routes/v3/healthDepartmentEmployees/locations.schemas.js
-const { z } = require('../../../middlewares/validateSchema');
+const { z } = require('../../../utils/validation');

 const locationIdParametersSchema = z.object({
-  locationId: z.string().uuid(),
+  locationId: z.uuid(),
 });

 module.exports = {

--- a/services/backend/src/routes/v3/healthDepartmentEmployees/password.schemas.js
+++ b/services/backend/src/routes/v3/healthDepartmentEmployees/password.schemas.js
-const {
-  z,
-  passwordMeetsCriteria,
-} = require('../../../middlewares/validateSchema');
+const { z } = require('../../../utils/validation');

 const changePasswordSchema = z.object({
  currentPassword: z.string().max(255),
-  newPassword: z.string().refine(password => passwordMeetsCriteria(password)),
+  newPassword: z.strongPassword(),
 });

 const renewSchema = z.object({
-  employeeId: z.string().uuid(),
+  employeeId: z.uuid(),
 });

 module.exports = {

--- a/services/backend/src/routes/v3/healthDepartments.js
+++ b/services/backend/src/routes/v3/healthDepartments.js
@@ -63,7 +63,7 @@ router.post(
      return response.sendStatus(status.NOT_FOUND);
    }

-    if (department.publicHDEKP) {
+    if (department.publicHDEKP || department.publicHDSKP) {
      return response.sendStatus(status.FORBIDDEN);
    }