server/types/PublicUser: update with accurate PublicUser apiKeys, should be sanitisedApiKeys. Add method for sanitisingApiKeys

Author: clairep94

server/controllers/user.controller/__testUtils__.ts

@@ -59,9 +59,15 @@ export const mockBaseUserFull: Omit<User, 'createdAt'> = {
 export function createMockUser(
   overrides: Partial<UserDocument> = {},
   unSanitised: boolean = false
-): (PublicUser | UserDocument) & Record<string, any> {
+): PublicUser | UserDocument {
+  if (unSanitised) {
+    return {
+      ...mockBaseUserFull,
+      ...overrides
+    } as UserDocument;
+  }
   return {
-    ...(unSanitised ? mockBaseUserFull : mockBaseUserSanitised),
+    ...mockBaseUserSanitised,
     ...overrides
-  };
+  } as PublicUser;
 }

server/controllers/user.controller/__tests__/authManagement/3rdPartyManagement.test.ts

@@ -5,6 +5,7 @@ import { Request, Response } from 'express';
 import { unlinkGithub, unlinkGoogle } from '../../authManagement';
 import { saveUser } from '../../helpers';
 import { createMockUser } from '../../__testUtils__';
+import { UserDocument } from '../../../../types';
 
 jest.mock('../../helpers', () => ({
   ...jest.requireActual('../../helpers'),
@@ -50,10 +51,13 @@ describe('user.controller > auth management > 3rd party auth', () => {
       });
     });
     describe('and when there is a user in the request', () => {
-      const user = createMockUser({
-        github: 'testuser',
-        tokens: [{ kind: 'github' }, { kind: 'google' }]
-      });
+      const user = createMockUser(
+        {
+          github: 'testuser',
+          tokens: [{ kind: 'github' }, { kind: 'google' }]
+        },
+        true
+      ) as UserDocument;
 
       beforeEach(async () => {
         request.user = user;
@@ -96,10 +100,13 @@ describe('user.controller > auth management > 3rd party auth', () => {
       });
     });
     describe('and when there is a user in the request', () => {
-      const user = createMockUser({
-        google: 'testuser',
-        tokens: [{ kind: 'github' }, { kind: 'google' }]
-      });
+      const user = createMockUser(
+        {
+          google: 'testuser',
+          tokens: [{ kind: 'github' }, { kind: 'google' }]
+        },
+        true
+      ) as UserDocument;
 
       beforeEach(async () => {
         request.user = user;

server/controllers/user.controller/__tests__/helpers.test.ts

@@ -10,14 +10,17 @@ import { UserDocument } from '../../../types';
 
 jest.mock('../../../models/user');
 
-const mockFullUser = createMockUser({
-  // sensitive fields to be removed:
-  name: 'bob dylan',
-  tokens: [],
-  password: 'password12314',
-  resetPasswordToken: 'wijroaijwoer',
-  banned: true
-});
+const mockFullUser = createMockUser(
+  {
+    // sensitive fields to be removed:
+    name: 'bob dylan',
+    tokens: [],
+    password: 'password12314',
+    resetPasswordToken: 'wijroaijwoer',
+    banned: true
+  },
+  true
+) as UserDocument;
 
 const {
   name,

server/controllers/user.controller/helpers.ts

@@ -1,19 +1,33 @@
 import crypto from 'crypto';
 import type { Response } from 'express';
 import { User } from '../../models/user';
-import { PublicUser, UserDocument } from '../../types';
+import {
+  ApiKeyDocument,
+  PublicUser,
+  SanitisedApiKey,
+  UserDocument
+} from '../../types';
+
+export function sanitiseApiKey(key: ApiKeyDocument): SanitisedApiKey {
+  return {
+    id: key.id,
+    label: key.label,
+    lastUsedAt: key.lastUsedAt,
+    createdAt: key.createdAt
+  };
+}
 
 /**
  * Sanitise user objects to remove sensitive fields
  * @param user
  * @returns Sanitised user
  */
-export function userResponse(user: PublicUser | UserDocument): PublicUser {
+export function userResponse(user: UserDocument): PublicUser {
   return {
     email: user.email,
     username: user.username,
     preferences: user.preferences,
-    apiKeys: user.apiKeys,
+    apiKeys: user.apiKeys.map((el) => sanitiseApiKey(el)),
     verified: user.verified,
     id: user.id,
     totalSize: user.totalSize,