Merge pull request #2076 from HHS/mb/TTAHUB-2575/escape-html

bin/test-backend-ci

@@ -41,7 +41,7 @@ main(){
  check_exit "$?"
 
  # then list through the folders and run the tests
- targets=("lib" "middleware" "models" "policies" "routes" "scopes" "services" "tools" "widgets" "goalServices")
+ targets=("lib" "middleware" "models" "policies" "routes" "scopes" "services" "tools" "widgets" "goalServices" "hooks")
 
  for target in "${targets[@]}"; do
  # jest command to

package.json

@@ -52,7 +52,7 @@
  "db:seed:prod": "node_modules/.bin/sequelize db:seed:all --options-path .production.sequelizerc",
  "db:seed:undo": "node_modules/.bin/sequelize db:seed:undo:all",
  "db:seed:undo:prod": "node_modules/.bin/sequelize db:seed:undo:all --options-path .production.sequelizerc",
- "docker:deps": "docker-compose run --rm backend yarn install && docker-compose run --rm frontend yarn install",
+ "docker:deps": "docker-compose run --rm backend yarn install && docker-compose run --rm frontend yarn install && docker-compose run --rm testingonly yarn install",
  "docker:reset": "./bin/reset-all",
  "docker:start": "docker-compose up",
  "docker:start:debug": "docker-compose --compatibility -f docker-compose.yml -f docker-compose.debug.yml up",

packages/common/README.md

@@ -21,6 +21,9 @@ Note: On Windows you will need to use `yarn add @ttahub/[email protected]` to update
 
 ## Versions
 
+## 2.0.19
+Add "escapeHTML" function
+
 ## 1.4.0 
 Add SUPPORT_TYPE
 

packages/common/package.json

@@ -1,6 +1,6 @@
 {
  "name": "@ttahub/common",
- "version": "2.0.18",
+ "version": "2.1.2",
  "description": "The purpose of this package is to reduce code duplication between the frontend and backend projects.",
  "main": "src/index.js",
  "author": "",

packages/common/src/utils.js

@@ -31,5 +31,5 @@ function determineMergeGoalStatus(statuses) {
 }
 
 module.exports = {
- determineMergeGoalStatus
+ determineMergeGoalStatus,
 }

src/models/hooks/activityReport.js → src/hooks/activityReport.js

@@ -1,31 +1,35 @@
+import escapeFields from '../models/helpers/escapeFields';
+
 const { Op } = require('sequelize');
 const { REPORT_STATUSES } = require('@ttahub/common');
 const {
  OBJECTIVE_STATUS,
  AWS_ELASTIC_SEARCH_INDEXES,
  GOAL_COLLABORATORS,
  OBJECTIVE_COLLABORATORS,
-} = require('../../constants');
-const { auditLogger } = require('../../logger');
+} = require('../constants');
+const { auditLogger } = require('../logger');
 const { findOrCreateGoalTemplate } = require('./goal');
-const { GOAL_STATUS } = require('../../constants');
+const { GOAL_STATUS } = require('../constants');
 const { findOrCreateObjectiveTemplate } = require('./objective');
 const {
  scheduleUpdateIndexDocumentJob,
  scheduleDeleteIndexDocumentJob,
-} = require('../../lib/awsElasticSearch/queueManager');
-const { collectModelData } = require('../../lib/awsElasticSearch/datacollector');
-const { formatModelForAwsElasticsearch } = require('../../lib/awsElasticSearch/modelMapper');
-const { addIndexDocument, deleteIndexDocument } = require('../../lib/awsElasticSearch/index');
+} = require('../lib/awsElasticSearch/queueManager');
+const { collectModelData } = require('../lib/awsElasticSearch/datacollector');
+const { formatModelForAwsElasticsearch } = require('../lib/awsElasticSearch/modelMapper');
+const { addIndexDocument, deleteIndexDocument } = require('../lib/awsElasticSearch/index');
 const {
  findOrCreateCollaborator,
  removeCollaboratorsForType,
-} = require('../helpers/genericCollaborator');
+} = require('../models/helpers/genericCollaborator');
 const { destroyLinkedSimilarityGroups } = require('./activityReportGoal');
 
+const AR_FIELDS_TO_ESCAPE = ['additionalNotes', 'context'];
+
 const processForEmbeddedResources = async (sequelize, instance, options) => {
  // eslint-disable-next-line global-require
- const { calculateIsAutoDetectedForActivityReport, processActivityReportForResourcesById } = require('../../services/resource');
+ const { calculateIsAutoDetectedForActivityReport, processActivityReportForResourcesById } = require('../services/resource');
  const changed = instance.changed() || Object.keys(instance);
  if (calculateIsAutoDetectedForActivityReport(changed)) {
  await processActivityReportForResourcesById(instance.id);
@@ -816,6 +820,7 @@ const automaticGoalObjectiveStatusCachingOnApproval = async (sequelize, instance
 
 const beforeCreate = async (instance) => {
  copyStatus(instance);
+ escapeFields(instance, AR_FIELDS_TO_ESCAPE);
 };
 
 const getActivityReportDocument = async (sequelize, instance) => {
@@ -1033,6 +1038,7 @@ const beforeValidate = async (sequelize, instance, options) => {
 };
 
 const beforeUpdate = async (sequelize, instance, options) => {
+ escapeFields(instance, AR_FIELDS_TO_ESCAPE);
  copyStatus(instance);
  setSubmittedDate(sequelize, instance, options);
  clearAdditionalNotes(sequelize, instance, options);

src/models/hooks/activityReport.test.js → src/hooks/activityReport.test.js

@@ -12,16 +12,16 @@ import db, {
  Recipient,
  Grant,
  User,
-} from '..';
-import { unlockReport } from '../../routes/activityReports/handlers';
-import ActivityReportPolicy from '../../policies/activityReport';
+} from '../models';
+import { unlockReport } from '../routes/activityReports/handlers';
+import ActivityReportPolicy from '../policies/activityReport';
 import {
  moveDraftGoalsToNotStartedOnSubmission,
  propagateSubmissionStatus,
 } from './activityReport';
-import { auditLogger } from '../../logger';
+import { auditLogger } from '../logger';
 
-jest.mock('../../policies/activityReport');
+jest.mock('../policies/activityReport');
 
 describe('activity report model hooks', () => {
  describe('automatic goal status changes', () => {

src/models/hooks/activityReportApprover.js → src/hooks/activityReportApprover.js

@@ -1,4 +1,7 @@
 const { APPROVER_STATUSES, REPORT_STATUSES } = require('@ttahub/common');
+const { default: escapeFields } = require('../models/helpers/escapeFields');
+
+const FIELDS_TO_ESCAPE = ['note'];
 
 /**
  * Helper function called by model hooks.
@@ -124,9 +127,19 @@ const afterUpdate = async (sequelize, instance) => {
  await updateReportStatus(sequelize, instance);
 };
 
+const beforeUpdate = async (_sequelize, instance) => {
+ escapeFields(instance, FIELDS_TO_ESCAPE);
+};
+
+const beforeCreate = async (_sequelize, instance) => {
+ escapeFields(instance, FIELDS_TO_ESCAPE);
+};
+
 export {
  calculateReportStatusFromApprovals,
  calculateReportStatus,
+ beforeCreate,
+ beforeUpdate,
  afterCreate,
  afterDestroy,
  afterRestore,

src/models/hooks/activityReportApprover.test.js → src/hooks/activityReportApprover.test.js

@@ -4,7 +4,7 @@ import {
  User,
  ActivityReport,
  ActivityReportApprover,
-} from '..';
+} from '../models';
 import {
  calculateReportStatusFromApprovals,
  afterDestroy,

src/models/hooks/activityReportFile.js → src/hooks/activityReportFile.js

@@ -1,7 +1,7 @@
 import { REPORT_STATUSES } from '@ttahub/common';
 import { propagateDestroyToFile } from './genericFile';
 
-const { cleanupOrphanFiles } = require('../helpers/orphanCleanupHelper');
+const { cleanupOrphanFiles } = require('../models/helpers/orphanCleanupHelper');
 
 const checkForUseOnApprovedReport = async (sequelize, instance, options) => {
  const activityReport = await sequelize.models.ActivityReport.findOne({

src/models/hooks/activityReportFile.test.js → src/hooks/activityReportFile.test.js

@@ -7,16 +7,16 @@ import {
  sequelize,
  User,
  ActivityReport,
-} from '..';
+} from '../models';
 import { propagateDestroyToFile } from './genericFile';
-import { cleanupOrphanFiles } from '../helpers/orphanCleanupHelper';
+import { cleanupOrphanFiles } from '../models/helpers/orphanCleanupHelper';
 import { draftObject, mockApprovers, approverUserIds } from './testHelpers';
 
 jest.mock('./genericFile', () => ({
  propagateDestroyToFile: jest.fn(),
 }));
 
-jest.mock('../helpers/orphanCleanupHelper', () => ({
+jest.mock('../models/helpers/orphanCleanupHelper', () => ({
  cleanupOrphanFiles: jest.fn(),
 }));
 

src/models/hooks/activityReportGoal.js → src/hooks/activityReportGoal.js

@@ -1,14 +1,14 @@
 const { REPORT_STATUSES } = require('@ttahub/common');
-const { GOAL_COLLABORATORS } = require('../../constants');
+const { GOAL_COLLABORATORS } = require('../constants');
 const {
  currentUserPopulateCollaboratorForType,
  removeCollaboratorsForType,
-} = require('../helpers/genericCollaborator');
-const { onlyAllowTrGoalSourceForGoalsCreatedViaTr } = require('../helpers/goalSource');
+} = require('../models/helpers/genericCollaborator');
+const { onlyAllowTrGoalSourceForGoalsCreatedViaTr } = require('../models/helpers/goalSource');
 
 const processForEmbeddedResources = async (sequelize, instance, options) => {
  // eslint-disable-next-line global-require
- const { calculateIsAutoDetectedForActivityReportGoal, processActivityReportGoalForResourcesById } = require('../../services/resource');
+ const { calculateIsAutoDetectedForActivityReportGoal, processActivityReportGoalForResourcesById } = require('../services/resource');
  const changed = instance.changed() || Object.keys(instance);
  if (calculateIsAutoDetectedForActivityReportGoal(changed)) {
  await processActivityReportGoalForResourcesById(instance.id);

src/models/hooks/activityReportGoalResource.js → src/hooks/activityReportGoalResource.js

@@ -1,5 +1,5 @@
-const { getSingularOrPluralData } = require('../helpers/hookMetadata');
-const { cleanupOrphanResources } = require('../helpers/orphanCleanupHelper');
+const { getSingularOrPluralData } = require('../models/helpers/hookMetadata');
+const { cleanupOrphanResources } = require('../models/helpers/orphanCleanupHelper');
 
 const propagateOnAR = async (sequelize, instance, options) => sequelize.models.GoalResource
  .update(

src/models/hooks/activityReportGoalResource.test.js → src/hooks/activityReportGoalResource.test.js

@@ -8,7 +8,7 @@ import {
  ActivityReportGoalResource,
  User,
  Resource,
-} from '..';
+} from '../models';
 import { recalculateOnAR } from './activityReportGoalResource';
 
 const draftObject = {

src/models/hooks/activityReportObjective.js → src/hooks/activityReportObjective.js

@@ -1,10 +1,10 @@
-import { Op } from 'sequelize';
-import { validateChangedOrSetEnums } from '../helpers/enum';
-import { OBJECTIVE_COLLABORATORS, OBJECTIVE_STATUS } from '../../constants';
-import {
+const { Op } = require('sequelize');
+const { validateChangedOrSetEnums } = require('../models/helpers/enum');
+const { OBJECTIVE_COLLABORATORS, OBJECTIVE_STATUS } = require('../constants');
+const {
  currentUserPopulateCollaboratorForType,
  removeCollaboratorsForType,
-} from '../helpers/genericCollaborator';
+} = require('../models/helpers/genericCollaborator');
 
 const propagateDestroyToMetadata = async (sequelize, instance, options) => Promise.all(
  [
@@ -97,7 +97,7 @@ const afterCreate = async (sequelize, instance, options) => {
  await propagateSupportTypeToObjective(sequelize, instance, options);
 };
 
-const beforeValidate = async (sequelize, instance, options) => {
+const beforeValidate = async (sequelize, instance) => {
  validateChangedOrSetEnums(sequelize, instance);
 };
 
@@ -110,7 +110,7 @@ const afterDestroy = async (sequelize, instance, options) => {
  await recalculateOnAR(sequelize, instance, options);
 };
 
-export {
+module.exports = {
  propagateDestroyToMetadata,
  recalculateOnAR,
  afterCreate,

src/models/hooks/activityReportObjective.test.js → src/hooks/activityReportObjective.test.js

@@ -1,3 +1,4 @@
+import { SUPPORT_TYPES } from '@ttahub/common';
 import {
  sequelize,
  ActivityReportObjective,
@@ -9,17 +10,20 @@ import {
  File,
  ActivityReport,
  Topic,
-} from '..';
+} from '../models';
 
 import { draftObject } from './testHelpers';
-import { FILE_STATUSES, OBJECTIVE_STATUS } from '../../constants';
+import { FILE_STATUSES, OBJECTIVE_STATUS } from '../constants';
 import { beforeDestroy } from './activityReportObjective';
-import { processObjectiveForResourcesById, processActivityReportObjectiveForResourcesById } from '../../services/resource';
+import { processObjectiveForResourcesById, processActivityReportObjectiveForResourcesById } from '../services/resource';
 
 describe('activityReportObjective hooks', () => {
  let ar;
  let topic;
  let objective;
+ let secondObjective;
+ let thirdObjective;
+
  let aro;
  let file;
 
@@ -31,10 +35,32 @@ describe('activityReportObjective hooks', () => {
  status: OBJECTIVE_STATUS.IN_PROGRESS,
  });
 
+ secondObjective = await Objective.create({
+ title: 'second test objective',
+ status: OBJECTIVE_STATUS.IN_PROGRESS,
+ });
+
+ thirdObjective = await Objective.create({
+ title: 'third test objective',
+ status: OBJECTIVE_STATUS.IN_PROGRESS,
+ supportType: SUPPORT_TYPES[0],
+ });
+
  aro = await ActivityReportObjective.create({
  activityReportId: ar.id,
  objectiveId: objective.id,
- });
+ supportType: SUPPORT_TYPES[0],
+ }, { individualHooks: true });
+
+ await ActivityReportObjective.create({
+ activityReportId: ar.id,
+ objectiveId: secondObjective.id,
+ }, { individualHooks: true });
+
+ await ActivityReportObjective.create({
+ activityReportId: ar.id,
+ objectiveId: thirdObjective.id,
+ }, { individualHooks: true });
 
  topic = await Topic.create({
  name: 'Javascript Mastery',
@@ -87,11 +113,23 @@ describe('activityReportObjective hooks', () => {
  });
 
  await ActivityReportObjective.destroy({
- where: { id: aro.id },
+ where: {
+ objectiveId: [
+ objective.id,
+ secondObjective.id,
+ thirdObjective.id,
+ ],
+ },
  });
 
  await Objective.destroy({
- where: { id: objective.id },
+ where: {
+ id: [
+ objective.id,
+ secondObjective.id,
+ thirdObjective.id,
+ ],
+ },
  force: true,
  });
 
@@ -102,6 +140,18 @@ describe('activityReportObjective hooks', () => {
  await sequelize.close();
  });
 
+ describe('supportType', () => {
+ it('should propogate supportType to objective', async () => {
+ const objective1 = await Objective.findByPk(objective.id);
+ const objective2 = await Objective.findByPk(secondObjective.id);
+ const objective3 = await Objective.findByPk(thirdObjective.id);
+
+ expect(objective1.supportType).toBe(SUPPORT_TYPES[0]);
+ expect(objective2.supportType).toBe(null);
+ expect(objective3.supportType).toBe(SUPPORT_TYPES[0]);
+ });
+ });
+
  describe('beforeDestroy', () => {
  it('should propagate destroy to metadata', async () => {
  const transaction = await sequelize.transaction();

src/models/hooks/activityReportObjectiveFile.js → src/hooks/activityReportObjectiveFile.js

@@ -1,5 +1,5 @@
-const { getSingularOrPluralData } = require('../helpers/hookMetadata');
-const { cleanupOrphanFiles } = require('../helpers/orphanCleanupHelper');
+const { getSingularOrPluralData } = require('../models/helpers/hookMetadata');
+const { cleanupOrphanFiles } = require('../models/helpers/orphanCleanupHelper');
 
 const recalculateOnAR = async (sequelize, instance, options) => {
  // check to see if objectiveId or objectiveIds is validly defined
@@ -9,8 +9,7 @@ const recalculateOnAR = async (sequelize, instance, options) => {
  let fileOnReport;
  // by using the passed in objectives we can use a more performant version of the query
  if (objectiveIds !== undefined
- && Array.isArray(objectiveIds)
- && objectiveIds.map((i) => typeof i).every((i) => i === 'number')) {
+ && Array.isArray(objectiveIds)) {
  fileOnReport = `
  SELECT
  f."id",