Merge branch 'main' into ci-ubuntu22-postgis3

Author: pleary

lib/controllers/v1/users_controller.js

@@ -77,7 +77,7 @@ const UsersController = class UsersController {
     if ( !req.query.q ) {
       return InaturalistAPI.basicResponse( req );
     }
-    const filters = [];
+    const filters = [esClient.termFilter( "suspended", false )];
     if ( req.query.project_id ) {
       if ( !Number( req.query.project_id ) ) {
         // { error: "Invalid project_id", status: 422 }

lib/controllers/v2/users_controller.js

@@ -56,7 +56,7 @@ const show = async req => {
 
 const index = async req => {
   const { page, perPage } = InaturalistAPI.paginationData( req, { default: 10, max: 200 } );
-  const filters = [];
+  const filters = [esClient.termFilter( "suspended", false )];
   if ( req.query.following ) {
     const followingUser = await User.findByLoginOrID( req.query.following );
     if ( !followingUser ) {

lib/logstasher.js

@@ -141,9 +141,26 @@ const Logstasher = class Logstasher {
     } else if ( req.inat.requestContext ) {
       payload.context = req.inat.requestContext;
     }
+    Logstasher.appendLogExtra( req, payload );
     return payload;
   }
 
+  static appendLogExtra( req, payload ) {
+    // for log routes, add key/values from the `extra` request body payload if present
+    if ( !payload?.route?.match( /^\/v[12]\/log$/ )
+      || !_.isObject( req?.body?.extra )
+    ) {
+      return;
+    }
+
+    _.each( req.body.extra, ( v, k ) => {
+      if ( !_.isObject( v ) ) {
+        payload.extra ||= { };
+        payload.extra[k] = v;
+      }
+    } );
+  }
+
   static errorPayload( err ) {
     const payload = { };
     payload["@timestamp"] = new Date( ).toISOString( );

lib/models/observation.js

@@ -192,9 +192,22 @@ const Observation = class Observation extends Model {
     );
   }
 
+  static preloadLastUpdaterObservationValue( obs ) {
+    const updaterOptions = {
+      foreignKey: "updater_id",
+      attrName: "updater"
+    };
+    return ESModel.fetchBelongsTo(
+      _.flattenDeep( _.map( obs, "ofvs" ) ),
+      User,
+      updaterOptions
+    );
+  }
+
   static async preloadAllAssociations( req, obs, localeOpts ) {
     await Observation.preloadAnnotationControlledTerms( obs );
     await Observation.preloadMinimal( req, obs, localeOpts );
+    await Observation.preloadLastUpdaterObservationValue( obs );
     await Observation.preloadObservationFields( obs );
     const withProjects = _.filter(
       _.flattenDeep( [

lib/models/project.js

@@ -256,14 +256,12 @@ const Project = class Project extends Model {
         } );
       }
     } );
-    await Promise.all( [
-      ESModel.fetchBelongsTo( projects, Place, { source: { excludes: ["geometry_geojson"] } } ),
-      ESModel.fetchBelongsTo( taxonRules, Taxon, taxonOpts ),
-      ESModel.fetchBelongsTo( userRules, User, { foreignKey: "operand_id" } ),
-      ESModel.fetchBelongsTo( placeRules, Place, placeOpts ),
-      ESModel.fetchBelongsTo( projectRules, Project, { foreignKey: "operand_id" } ),
-      ESModel.fetchBelongsTo( controlledTermRules, ControlledTerm, { foreignKey: "value" } )
-    ] );
+    await ESModel.fetchBelongsTo( projects, Place, { source: { excludes: ["geometry_geojson"] } } );
+    await ESModel.fetchBelongsTo( taxonRules, Taxon, taxonOpts );
+    await ESModel.fetchBelongsTo( userRules, User, { foreignKey: "operand_id" } );
+    await ESModel.fetchBelongsTo( placeRules, Place, placeOpts );
+    await ESModel.fetchBelongsTo( projectRules, Project, { foreignKey: "operand_id" } );
+    await ESModel.fetchBelongsTo( controlledTermRules, ControlledTerm, { foreignKey: "value" } );
   }
 };
 

lib/util.js

@@ -137,7 +137,7 @@ const util = class util {
     res.header( "Access-Control-Allow-Origin", "*" );
     res.header( "Access-Control-Allow-Headers",
       "Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Methods, "
-      + "X-Installation-ID, X-Via, X-HTTP-Method-Override" );
+      + "X-Installation-ID, X-Via, X-HTTP-Method-Override, User-Agent" );
     res.header( "Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE" );
     next( );
   }

openapi/schema/request/log_create.js

@@ -11,7 +11,15 @@ module.exports = Joi.object( ).keys( {
   context: Joi.string( ).description( "Brief description of where the log event came from, e.g. a file or class name" ),
   timestamp: Joi.date( ).description( "Datetime the event was logged in the client in case of asynchronous logging" ),
   error_type: Joi.string( ).description( "Type of error, e.g. java.lang.NoClassDefFoundError. Only used when level is error" ),
-  backtrace: Joi.string( ).description( "Only used when level is error" )
+  backtrace: Joi.string( ).description( "Only used when level is error" ),
+  extra: Joi.object( ).pattern(
+    Joi.string( ),
+    Joi.alternatives( ).try(
+      Joi.string( ),
+      Joi.number( ),
+      Joi.boolean( )
+    )
+  ).description( "Accepts key/values where the values are not objects, and logs the contents" )
 } ).description(
   "Log an event that occurred in a client application"
 ).meta( { unpublished: true } );

schema/fixtures.js

@@ -1851,92 +1851,109 @@
           "login_autocomplete": "userloginautocomplete",
           "name": "username",
           "name_autocomplete": "usernameautocomplete",
-          "site_id": 1
+          "site_id": 1,
+          "suspended": false
         },
         {
           "id": 2,
           "login": "search_test_user",
           "login_autocomplete": "search_test_user",
           "name": "Search Test User",
-          "name_autocomplete": "Search Test User"
+          "name_autocomplete": "Search Test User",
+          "suspended": false
         },
         {
           "id": 5,
           "login": "b-user",
-          "name": "B User"
+          "name": "B User",
+          "suspended": false
         },
         {
           "id": 6,
           "login": "z-user",
-          "name": "Z User"
+          "name": "Z User",
+          "suspended": false
         },
         {
           "id": 121,
           "login": "user121",
-          "name": "user121"
+          "name": "user121",
+          "suspended": false
         },
         {
           "id": 122,
           "login": "user122",
-          "name": "user122"
+          "name": "user122",
+          "suspended": false
         },
         {
           "id": 123,
           "login": "a-user",
           "name": "A User",
-          "orcid": "0000-0001-0002-0004"
+          "orcid": "0000-0001-0002-0004",
+          "suspended": false
         },
         {
           "id": 124,
           "login": "es-user",
           "name": "ES User",
           "locale": "es",
-          "place_id": 222
+          "place_id": 222,
+          "suspended": false
         },
         {
           "id": 125,
-          "login": "totally-trustworthy"
+          "login": "totally-trustworthy",
+          "suspended": false
         },
         {
           "id": 126,
-          "login": "totally-trusting"
+          "login": "totally-trusting",
+          "suspended": false
         },
         {
           "id": 127,
           "login": "user127",
-          "name": "Observer that trusts user 123"
+          "name": "Observer that trusts user 123",
+          "suspended": false
         },
         {
           "id": 128,
           "login": "user125",
-          "name": "Observer that does NOT trust user 123"
+          "name": "Observer that does NOT trust user 123",
+          "suspended": false
         },
         {
           "id": 2,
           "login": "search_test_user",
           "login_autocomplete": "search_test_user",
           "name": "Search Test User",
-          "name_autocomplete": "Search Test User"
+          "name_autocomplete": "Search Test User",
+          "suspended": false
         },
         {
           "id": 129,
           "login": "prefers-no-common-names",
-          "name": "Prefers No Common Names"
+          "name": "Prefers No Common Names",
+          "suspended": false
         },
         {
           "id": 1234,
           "login": "user1234",
-          "name": "user1234"
+          "name": "user1234",
+          "suspended": false
         },
         {
           "id": 2020110501,
           "login": "user2020110501",
-          "name": "User that follows user 126 and trusts them"
+          "name": "User that follows user 126 and trusts them",
+          "suspended": false
         },
         {
           "id": 2020111201,
           "login": "user2020111201",
-          "name": "User that follows user 126 and does NOT trusts them"
+          "name": "User that follows user 126 and does NOT trusts them",
+          "suspended": false
         },
         {
           "id": 2021111401,
@@ -1947,33 +1964,38 @@
         {
           "id": 2021121601,
           "login": "user2021121601",
-          "name": "User that will be blocked"
+          "name": "User that will be blocked",
+          "suspended": false
         },
         {
           "id": 2021121602,
           "login": "user2021121602",
-          "name": "User that blocks user2021121601"
+          "name": "User that blocks user2021121601",
+          "suspended": false
         },
         {
           "id": 2023092501,
           "login": "user2023092501",
           "name": "User2023092501 with email and IP",
           "email": "user2023092501@gmail.com",
-          "last_ip": "192.168.0.1"
+          "last_ip": "192.168.0.1",
+          "suspended": false
         },
         {
           "id": 2023092502,
           "login": "user2023092502",
           "name": "User2023092502 with email and IP",
           "email": "user2023092502@gmail.com",
-          "last_ip": "192.168.0.2"
+          "last_ip": "192.168.0.2",
+          "suspended": false
         },
         {
           "id": 2023092503,
           "login": "user2023092503",
           "name": "User2023092503 with email and IP",
           "email": "user2023092503@gmail.com",
-          "last_ip": "192.168.0.3"
+          "last_ip": "192.168.0.3",
+          "suspended": false
         }
       ]
     },

test/controllers/v2/log_controller.js

@@ -49,6 +49,36 @@ describe( "LogController", ( ) => {
         .expect( 204, done );
     } );
 
+    describe( "extra payload", ( ) => {
+      it( "accepts extra payloads", function ( done ) {
+        request( this.app ).post( "/v2/log" )
+          .set( "Authorization", userToken )
+          .set( "Content-Type", "application/json" )
+          .send( {
+            extra: {
+              string: "string",
+              number: 123.4,
+              boolean: true
+            }
+          } )
+          .expect( 204, done );
+      } );
+
+      it( "does not accept objects in extra payloads", function ( done ) {
+        request( this.app ).post( "/v2/log" )
+          .set( "Authorization", userToken )
+          .set( "Content-Type", "application/json" )
+          .send( {
+            extra: {
+              object: {
+                string: "string"
+              }
+            }
+          } )
+          .expect( 422, done );
+      } );
+    } );
+
     describe( "Logstasher.afterRequestPayload", ( ) => {
       const sandbox = sinon.createSandbox( );
 
@@ -104,6 +134,28 @@ describe( "LogController", ( ) => {
             done( );
           } );
       } );
+
+      it( "logs extra payloads", function ( done ) {
+        const body = {
+          extra: {
+            string: "string",
+            number: 123.4,
+            boolean: true
+          }
+        };
+        request( this.app ).post( "/v2/log" )
+          .set( "Authorization", [userToken, applicationToken].join( ", " ) )
+          .set( "Content-Type", "application/json" )
+          .send( body )
+          .expect( 204, ( ) => {
+            expect( Logstasher.afterRequestPayload ).to.have.been.called;
+            const payload = Logstasher.afterRequestPayload.returnValues[0];
+            expect( payload.extra.string ).to.eq( body.extra.string );
+            expect( payload.extra.number ).to.eq( body.extra.number );
+            expect( payload.extra.boolean ).to.eq( body.extra.boolean );
+            done( );
+          } );
+      } );
     } );
   } );
 } );

test/integration/v2/users.js

@@ -83,6 +83,15 @@ describe( "Users", ( ) => {
         } ).expect( "Content-Type", /json/ )
         .expect( 200, done );
     } );
+    it( "never returns suspended users", function ( done ) {
+      const suspendedUser = fixtures.elasticsearch.users.user.find( u => u.suspended );
+      expect( suspendedUser ).not.to.be.undefined;
+      request( this.app ).get( `/v2/users/autocomplete?q=${suspendedUser.login}` )
+        .expect( res => {
+          expect( res.body.results.find( u => u.id === suspendedUser.id ) ).to.be.undefined;
+        } ).expect( "Content-Type", /json/ )
+        .expect( 200, done );
+    } );
   } );
 
   describe( "update_session", ( ) => {
@@ -256,6 +265,20 @@ describe( "Users", ( ) => {
         } ).expect( "Content-Type", /json/ )
         .expect( 200, done );
     } );
+
+    it( "never returns suspended users", function ( done ) {
+      const suspendedUser = fixtures.elasticsearch.users.user.find( u => u.suspended );
+      const okUser = fixtures.elasticsearch.users.user.find( u => !u.suspended );
+      expect( suspendedUser ).not.to.be.undefined;
+      expect( okUser ).not.to.be.undefined;
+      request( this.app ).get( "/v2/users?per_page=100" )
+        .expect( res => {
+          expect( res.body.results ).not.to.be.empty;
+          expect( res.body.results.find( u => u.id === suspendedUser.id ) ).not.to.exist;
+          expect( res.body.results.find( u => u.id === okUser.id ) ).to.exist;
+        } ).expect( "Content-Type", /json/ )
+        .expect( 200, done );
+    } );
   } );
 
   describe( "update", ( ) => {