feat(#6289): Bumps CouchDb version to 3.3.2

api/src/db.js

@@ -40,7 +40,8 @@ if (UNIT_TEST_ENV) {
     'allDbs',
     'activeTasks',
     'saveDocs',
-    'createVault'
+    'createVault',
+    'addRoleToSecurity',
   ];
 
   const notStubbed = (first, second) => {
@@ -162,4 +163,37 @@ if (UNIT_TEST_ENV) {
 
     throw new Error(`Error while saving docs: ${errors.join(', ')}`);
   };
+
+  const DEFAULT_SECURITY_STRUCTURE = {
+    names: [],
+    roles: [],
+  };
+
+  module.exports.addRoleToSecurity = async (dbname, role, addAsAdmin) => {
+    if (!dbname || !role) {
+      return;
+    }
+
+    const securityUrl = new URL(environment.serverUrl);
+    securityUrl.pathname = `${dbname}/_security`;
+
+    const securityObject = await rpn.get({ url: securityUrl.toString(), json: true });
+    const property = addAsAdmin ? 'admins' : 'members';
+    if (!securityObject[property]) {
+      securityObject[property] = DEFAULT_SECURITY_STRUCTURE;
+    }
+
+    if (!securityObject[property].roles) {
+      throw new Error('Invalid database security %o', securityObject);
+    }
+
+    if (securityObject[property].roles.includes(role)) {
+      return;
+    }
+
+    logger.info(`Adding "${role}" role to ${dbname} ${property}`);
+    securityObject[property].roles.push(role);
+    await rpn.put({ url: securityUrl.toString(), json: true, body: securityObject });
+  };
+
 }

api/src/migrations/add-national_admin-role.js

@@ -1,61 +1,13 @@
-const request = require('request-promise-native');
-const url = require('url');
 const environment = require('../environment');
-const logger = require('../logger');
+const db = require('../db');
 
-const DEFAULT_STRUCTURE = {
-  names: [],
-  roles: [],
-};
-
-const addRole = (dbname, role) => {
-  return request.get({
-    url: url.format({
-      protocol: environment.protocol,
-      hostname: environment.host,
-      port: environment.port,
-      pathname: `${dbname}/_security`,
-    }),
-    auth: {
-      user: environment.username,
-      pass: environment.password
-    },
-    json: true
-  })
-    .then(body => {
-      // In CouchDB 1.x, if you have not written to the _security object before
-      // it is empty.
-      if (!body.admins) {
-        body.admins = DEFAULT_STRUCTURE;
-      }
-
-      if (!body.admins.roles.includes(role)) {
-        logger.info(`Adding ${role} role to ${dbname} admins`);
-        body.admins.roles.push(role);
-      }
-      return request.put({
-        url: url.format({
-          protocol: environment.protocol,
-          hostname: environment.host,
-          port: environment.port,
-          pathname: `${dbname}/_security`,
-        }),
-        auth: {
-          user: environment.username,
-          pass: environment.password
-        },
-        json: true,
-        body: body
-      });
-    });
-};
 
 module.exports = {
   name: 'add-national_admin-role',
   created: new Date(2017, 3, 30),
   run: () => {
     return Promise.resolve()
-      .then(() => addRole('_users', 'national_admin'))
-      .then(() => addRole(environment.db, 'national_admin'));
+      .then(() => db.addRoleToSecurity('_users', 'national_admin'))
+      .then(() => db.addRoleToSecurity(environment.db, 'national_admin'));
   }
 };

api/src/services/config-watcher.js

@@ -9,6 +9,7 @@ const generateXform = require('./generate-xform');
 const generateServiceWorker = require('../generate-service-worker');
 const manifest = require('./manifest');
 const config = require('../config');
+const environment = require('../environment');
 
 const MEDIC_DDOC_ID = '_design/medic';
 
@@ -87,6 +88,7 @@ const handleSettingsChange = () => {
       logger.error('Failed to reload settings: %o', err);
       process.exit(1);
     })
+    .then(() => addUserRolesToDb())
     .then(() => initTransitionLib())
     .then(() => logger.debug('Settings updated'));
 };
@@ -99,7 +101,7 @@ const handleTranslationsChange = () => {
 };
 
 const handleFormChange = (change) => {
-  logger.info('Detected form change for', change.id);
+  logger.info('Detected form change for: %s', change.id);
   if (change.deleted) {
     return Promise.resolve();
   }
@@ -131,6 +133,7 @@ const load = () => {
   loadViewMaps();
   return loadTranslations()
     .then(() => loadSettings())
+    .then(() => addUserRolesToDb())
     .then(() => initTransitionLib())
     .then(() => db.createVault());
 };
@@ -139,7 +142,6 @@ const listen = () => {
   db.medic
     .changes({ live: true, since: 'now', return_docs: false })
     .on('change', change => {
-
       if (tombstoneUtils.isTombstoneId(change.id)) {
         return Promise.resolve();
       }
@@ -170,9 +172,21 @@ const listen = () => {
     });
 };
 
+const addUserRolesToDb = async () => {
+  const roles = config.get('roles');
+  if (!roles || typeof roles !== 'object') {
+    return;
+  }
+
+  for (const role of Object.keys(roles)) {
+    await db.addRoleToSecurity(environment.db, role, false);
+  }
+};
+
 module.exports = {
   load,
   listen,
   updateServiceWorker,
   loadTranslations,
+  addUserRolesToDb,
 };

api/tests/mocha/db.spec.js

@@ -202,4 +202,135 @@ describe('db', () => {
       expect(db.close.args).to.deep.equal([[dbObject]]);
     });
   });
+
+  describe('addRoleToSecurity', () => {
+    it('should add role as member to db security', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').resolves({ admins: { roles: ['role1'] }, members: { roles: ['role2'] } });
+      sinon.stub(rpn, 'put').resolves();
+
+      await db.addRoleToSecurity('dbname', 'rolename');
+
+      expect(rpn.get.args).to.deep.equal([[ { url: 'http://admin:pass@couchdb:5984/dbname/_security', json: true } ]]);
+      expect(rpn.put.args).to.deep.equal([[
+        {
+          url: 'http://admin:pass@couchdb:5984/dbname/_security',
+          json: true,
+          body: {
+            admins: { roles: ['role1'] },
+            members: { roles: ['role2', 'rolename'] },
+          }
+        }
+      ]]);
+    });
+
+    it('should add role as admin to db security', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').resolves({ admins: { roles: ['role1'] }, members: { roles: ['role2'] } });
+      sinon.stub(rpn, 'put').resolves();
+
+      await db.addRoleToSecurity('dbname', 'rolename', true);
+
+      expect(rpn.get.args).to.deep.equal([[ { url: 'http://admin:pass@couchdb:5984/dbname/_security', json: true } ]]);
+      expect(rpn.put.args).to.deep.equal([[
+        {
+          url: 'http://admin:pass@couchdb:5984/dbname/_security',
+          json: true,
+          body: {
+            admins: { roles: ['role1', 'rolename'], },
+            members: { roles: ['role2'] },
+          }
+        }
+      ]]);
+    });
+
+    it('should skip member roles that already exist', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').resolves({ admins: { roles: ['role1'] }, members: { roles: ['role2'] } });
+      sinon.stub(rpn, 'put').resolves();
+
+      await db.addRoleToSecurity('dbname', 'role2');
+
+      expect(rpn.get.args).to.deep.equal([[ { url: 'http://admin:pass@couchdb:5984/dbname/_security', json: true } ]]);
+      expect(rpn.put.called).to.equal(false);
+    });
+
+    it('should skip admin roles that already exist', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').resolves({ admins: { roles: ['role1'] }, members: { roles: ['role2'] } });
+      sinon.stub(rpn, 'put').resolves();
+
+      await db.addRoleToSecurity('dbname', 'role1', true);
+
+      expect(rpn.get.args).to.deep.equal([[ { url: 'http://admin:pass@couchdb:5984/dbname/_security', json: true } ]]);
+      expect(rpn.put.called).to.equal(false);
+    });
+
+    it('should set members security property if not existing', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').resolves({ admins: { roles: ['role1'] } });
+      sinon.stub(rpn, 'put').resolves();
+
+      await db.addRoleToSecurity('dbname', 'rolename');
+
+      expect(rpn.get.args).to.deep.equal([[ { url: 'http://admin:pass@couchdb:5984/dbname/_security', json: true } ]]);
+      expect(rpn.put.args).to.deep.equal([[
+        {
+          url: 'http://admin:pass@couchdb:5984/dbname/_security',
+          json: true,
+          body: {
+            admins: { roles: ['role1'] },
+            members: { roles: ['rolename'], names: [], },
+          }
+        }
+      ]]);
+    });
+
+    it('should set admins security property if not existing', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pwd@host:6984');
+      sinon.stub(rpn, 'get').resolves({ members: { roles: ['role2'] } });
+      sinon.stub(rpn, 'put').resolves();
+
+      await db.addRoleToSecurity('name', 'arole', true);
+
+      expect(rpn.get.args).to.deep.equal([[ { url: 'http://admin:pwd@host:6984/name/_security', json: true } ]]);
+      expect(rpn.put.args).to.deep.equal([[
+        {
+          url: 'http://admin:pwd@host:6984/name/_security',
+          json: true,
+          body: {
+            admins: { roles: ['arole'], names: [] },
+            members: { roles: ['role2'] },
+          }
+        }
+      ]]);
+    });
+
+    it('should throw get security errors', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').rejects(new Error('not_found'));
+
+      await expect(db.addRoleToSecurity('data', 'attr')).to.be.rejectedWith(Error, 'not_found');
+    });
+
+    it('should throw put security errors', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').resolves({ members: { roles: ['role2'] } });
+      sinon.stub(rpn, 'put').rejects(new Error('forbidden or something'));
+
+      await expect(db.addRoleToSecurity('data', 'attr')).to.be.rejectedWith(Error, 'forbidden or something');
+    });
+
+    it('should throw error when security is invalid', async () => {
+      sinon.stub(env, 'serverUrl').get(() => 'http://admin:pass@couchdb:5984');
+      sinon.stub(rpn, 'get').resolves({ members: 'this is actually a string' });
+
+      await expect(db.addRoleToSecurity('data', 'attr')).to.be.rejectedWith(Error, 'Invalid database security');
+    });
+
+    it('should skip when missing dbname or role', async () => {
+      await db.addRoleToSecurity('', 'arole');
+      await db.addRoleToSecurity('dbanme', );
+    });
+  });
 });

api/tests/mocha/services/config-watcher.spec.js

@@ -11,6 +11,7 @@ const generateXform = require('../../../src/services/generate-xform');
 const config = require('../../../src/config');
 const bootstrap = require('../../../src/services/config-watcher');
 const manifest = require('../../../src/services/manifest');
+const environment = require('../../../src/environment');
 
 let on;
 const emitChange = (change) => {
@@ -226,12 +227,46 @@ describe('Configuration', () => {
       it('reloads settings settings doc is updated', () => {
         settingsService.update.resolves();
         settingsService.get.resolves({ settings: 'yes' });
+        sinon.stub(db, 'addRoleToSecurity');
+        sinon.stub(config, 'get').withArgs('roles').returns({ chw: {} });
+        sinon.stub(environment, 'db').get(() => 'medicdb');
 
         return emitChange({ id: 'settings' }).then(() => {
           chai.expect(settingsService.update.callCount).to.equal(1);
           chai.expect(settingsService.get.callCount).to.equal(1);
           chai.expect(config.set.callCount).to.equal(1);
           chai.expect(config.set.args[0]).to.deep.equal([{ settings: 'yes' }]);
+          chai.expect(config.get.withArgs('roles').callCount).to.equal(1);
+          chai.expect(db.addRoleToSecurity.args).to.deep.equal([['medicdb', 'chw', false]]);
+        });
+      });
+
+      it('should add all configured user roles to the main database', () => {
+        settingsService.update.resolves();
+        settingsService.get.resolves({ settings: 'yes' });
+        sinon.stub(db, 'addRoleToSecurity');
+        sinon.stub(config, 'get')
+          .withArgs('roles')
+          .returns({
+            chw1: {},
+            chw2: {},
+            chw3: {},
+            chw4: {},
+          });
+        sinon.stub(environment, 'db').get(() => 'medicdb');
+
+        return emitChange({ id: 'settings' }).then(() => {
+          chai.expect(settingsService.update.callCount).to.equal(1);
+          chai.expect(settingsService.get.callCount).to.equal(1);
+          chai.expect(config.set.callCount).to.equal(1);
+          chai.expect(config.set.args[0]).to.deep.equal([{ settings: 'yes' }]);
+          chai.expect(config.get.withArgs('roles').callCount).to.equal(1);
+          chai.expect(db.addRoleToSecurity.args).to.deep.equal([
+            ['medicdb', 'chw1', false],
+            ['medicdb', 'chw2', false],
+            ['medicdb', 'chw3', false],
+            ['medicdb', 'chw4', false],
+          ]);
         });
       });