Merge pull request #394 from hms-dbmi-cellenics/1903-add-two-checkbox…

…es-for-compliance 1903 add two checkboxes for compliance
hms-dbmi-cellenics · Jul 19, 2022 · 010588b · 010588b
2 parents 683c14f + 81de9bc
commit 010588b
Show file tree

Hide file tree

Showing 8 changed files with 242 additions and 22 deletions.
diff --git a/src/api.v2/middlewares/authMiddlewares.js b/src/api.v2/middlewares/authMiddlewares.js
@@ -15,6 +15,30 @@ const { CacheMissError } = require('../../cache/cache-utils');
 const { UnauthorizedError, UnauthenticatedError } = require('../../utils/responses');
 
 const UserAccess = require('../model/UserAccess');
+const NotAgreedToTermsError = require('../../utils/responses/NotAgreedToTermsError');
+const { BIOMAGE_DOMAIN_NAMES } = require('../../utils/constants');
+
+// Throws if the user isnt authenticated
+const checkUserAuthenticated = (req, next) => {
+  if (!req.user) {
+    next(new UnauthenticatedError('The request does not contain an authentication token.'));
+    return false;
+  }
+
+  return true;
+};
+
+// Throws if the user hasnt agreed to the privacy policy yet
+const checkForPrivacyPolicyAgreement = (req, next) => {
+  const isBiomageDeployment = BIOMAGE_DOMAIN_NAMES.includes(config.domainName) || config.clusterEnv === 'development';
+
+  if (req.user['custom:agreed_terms'] !== 'true' && isBiomageDeployment) {
+    next(new NotAgreedToTermsError('The user hasnt agreed to the privacy policy yet.'));
+    return false;
+  }
+
+  return true;
+};
 
 /**
  * General authorization middleware. Resolves with nothing on
@@ -51,10 +75,8 @@ const authorize = async (userId, resource, method, experimentId) => {
  * Calls `authorize()` internally.
  */
 const expressAuthorizationMiddleware = async (req, res, next) => {
-  if (!req.user) {
-    next(new UnauthenticatedError('The request does not contain an authentication token.'));
-    return;
-  }
+  if (!checkUserAuthenticated(req, next)) return;
+  if (!checkForPrivacyPolicyAgreement(req, next)) return;
 
   try {
     await authorize(req.user.sub, req.url, req.method, req.params.experimentId);
@@ -65,10 +87,9 @@ const expressAuthorizationMiddleware = async (req, res, next) => {
 };
 
 const expressAuthenticationOnlyMiddleware = async (req, res, next) => {
-  if (!req.user) {
-    next(new UnauthenticatedError('The request does not contain an authentication token.'));
-    return;
-  }
+  if (!checkUserAuthenticated(req, next)) return;
+  if (!checkForPrivacyPolicyAgreement(req, next)) return;
+
   next();
 };
 

diff --git a/src/config/test-config.js b/src/config/test-config.js
@@ -7,8 +7,8 @@ module.exports = {
   clusterEnv: 'test',
   awsAccountId: '000000000000',
   awsRegion: 'eu-west-1',
-  corsOriginUrl: 'https://scp.mockDomainName.com',
-  domainName: 'scp.mockDomainName.com',
+  corsOriginUrl: 'https://scp.biomage.net',
+  domainName: 'scp.biomage.net',
   podName: 'test',
   sandboxId: 'default',
   adminSub: 'mockAdminSub',