Skip to content

Commit 4825070

Browse files
rootelementrootelement
authored
Merge pull request #162 from topcoder-platform/issue-161
Sanitize challenge object on PUT/PATCH
2 parents b3e2a4d + 4c32764 commit 4825070

File tree

1 file changed

+73
-17
lines changed

1 file changed

+73
-17
lines changed

src/services/ChallengeService.js

Lines changed: 73 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1133,6 +1133,62 @@ async function update (currentUser, challengeId, data, userToken, isFull) {
11331133
return challenge
11341134
}
11351135

1136+
/**
1137+
* Remove unwanted properties from the challenge object
1138+
* @param {Object} challenge the challenge object
1139+
*/
1140+
function sanitizeChallenge (challenge) {
1141+
const sanitized = _.pick(challenge, [
1142+
'typeId',
1143+
'name',
1144+
'description',
1145+
'privateDescription',
1146+
'descriptionFormat',
1147+
'timelineTemplateId',
1148+
'tags',
1149+
'projectId',
1150+
'legacyId',
1151+
'startDate',
1152+
'status',
1153+
'attachmentIds',
1154+
'groups'
1155+
])
1156+
if (challenge.legacy) {
1157+
sanitized.legacy = _.pick(challenge.legacy, [
1158+
'track',
1159+
'reviewType',
1160+
'confidentialityType',
1161+
'forumId',
1162+
'directProjectId',
1163+
'screeningScorecardId',
1164+
'reviewScorecardId',
1165+
'informixModified'
1166+
])
1167+
}
1168+
if (challenge.metadata) {
1169+
sanitized.metadata = _.map(challenge.metadata, meta => _.pick(meta, ['name', 'value']))
1170+
}
1171+
if (challenge.phases) {
1172+
sanitized.phases = _.map(challenge.phases, phase => _.pick(phase, ['phaseId', 'duration']))
1173+
}
1174+
if (challenge.prizeSets) {
1175+
sanitized.prizeSets = _.map(challenge.prizeSets, prizeSet => ({
1176+
..._.pick(prizeSet, ['type', 'description']),
1177+
prizes: _.map(prizeSet.prizes, prize => _.pick(prize, ['description', 'type', 'value']))
1178+
}))
1179+
}
1180+
if (challenge.events) {
1181+
sanitized.events = _.map(challenge.events, event => _.pick(event, ['id', 'name', 'key']))
1182+
}
1183+
if (challenge.winners) {
1184+
sanitized.winners = _.map(challenge.winners, winner => _.pick(winner, ['userId', 'handle', 'placement']))
1185+
}
1186+
if (challenge.terms) {
1187+
sanitized.terms = _.map(challenge.terms, term => _.pick(term, ['id', 'roleId']))
1188+
}
1189+
return sanitized
1190+
}
1191+
11361192
/**
11371193
* Fully update challenge.
11381194
* @param {Object} currentUser the user who perform operation
@@ -1142,7 +1198,7 @@ async function update (currentUser, challengeId, data, userToken, isFull) {
11421198
* @returns {Object} the updated challenge
11431199
*/
11441200
async function fullyUpdateChallenge (currentUser, challengeId, data, userToken) {
1145-
return update(currentUser, challengeId, data, userToken, true)
1201+
return update(currentUser, challengeId, sanitizeChallenge(data), userToken, true)
11461202
}
11471203

11481204
fullyUpdateChallenge.schema = {
@@ -1158,7 +1214,7 @@ fullyUpdateChallenge.schema = {
11581214
screeningScorecardId: Joi.number().integer(),
11591215
reviewScorecardId: Joi.number().integer(),
11601216
informixModified: Joi.string()
1161-
}),
1217+
}).unknown(true),
11621218
typeId: Joi.optionalId(),
11631219
name: Joi.string().required(),
11641220
description: Joi.string(),
@@ -1167,12 +1223,12 @@ fullyUpdateChallenge.schema = {
11671223
metadata: Joi.array().items(Joi.object().keys({
11681224
name: Joi.string().required(),
11691225
value: Joi.required()
1170-
})).unique((a, b) => a.name === b.name),
1226+
}).unknown(true)).unique((a, b) => a.name === b.name),
11711227
timelineTemplateId: Joi.string(), // Joi.optionalId(),
11721228
phases: Joi.array().items(Joi.object().keys({
11731229
phaseId: Joi.id(),
11741230
duration: Joi.number().positive()
1175-
})),
1231+
}).unknown(true)),
11761232
prizeSets: Joi.array().items(Joi.object().keys({
11771233
type: Joi.string().valid(_.values(constants.prizeSetTypes)).required(),
11781234
description: Joi.string(),
@@ -1181,12 +1237,12 @@ fullyUpdateChallenge.schema = {
11811237
type: Joi.string().required(),
11821238
value: Joi.number().min(0).required()
11831239
})).min(1).required()
1184-
})),
1240+
}).unknown(true)),
11851241
events: Joi.array().items(Joi.object().keys({
11861242
id: Joi.number().required(),
11871243
name: Joi.string(),
11881244
key: Joi.string()
1189-
})),
1245+
}).unknown(true)),
11901246
tags: Joi.array().items(Joi.string().required()), // tag names
11911247
projectId: Joi.number().integer().positive().required(),
11921248
legacyId: Joi.number().integer().positive(),
@@ -1199,12 +1255,12 @@ fullyUpdateChallenge.schema = {
11991255
userId: Joi.number().integer().positive().required(),
12001256
handle: Joi.string().required(),
12011257
placement: Joi.number().integer().positive().required()
1202-
})).min(1),
1258+
}).unknown(true)).min(1),
12031259
terms: Joi.array().items(Joi.object().keys({
12041260
id: Joi.id(),
12051261
roleId: Joi.id()
1206-
})).optional().allow([])
1207-
}).required(),
1262+
}).unknown(true)).optional().allow([])
1263+
}).unknown(true).required(),
12081264
userToken: Joi.any()
12091265
}
12101266

@@ -1217,7 +1273,7 @@ fullyUpdateChallenge.schema = {
12171273
* @returns {Object} the updated challenge
12181274
*/
12191275
async function partiallyUpdateChallenge (currentUser, challengeId, data, userToken) {
1220-
return update(currentUser, challengeId, data, userToken)
1276+
return update(currentUser, challengeId, sanitizeChallenge(data), userToken)
12211277
}
12221278

12231279
partiallyUpdateChallenge.schema = {
@@ -1231,7 +1287,7 @@ partiallyUpdateChallenge.schema = {
12311287
directProjectId: Joi.number(),
12321288
forumId: Joi.number().integer().positive(),
12331289
informixModified: Joi.string()
1234-
}),
1290+
}).unknown(true),
12351291
typeId: Joi.optionalId(),
12361292
name: Joi.string(),
12371293
description: Joi.string(),
@@ -1240,17 +1296,17 @@ partiallyUpdateChallenge.schema = {
12401296
metadata: Joi.array().items(Joi.object().keys({
12411297
name: Joi.string().required(),
12421298
value: Joi.required()
1243-
})).unique((a, b) => a.name === b.name),
1299+
}).unknown(true)).unique((a, b) => a.name === b.name),
12441300
timelineTemplateId: Joi.string(), // changing this to update migrated challenges
12451301
phases: Joi.array().items(Joi.object().keys({
12461302
phaseId: Joi.id(),
12471303
duration: Joi.number().positive()
1248-
})).min(1),
1304+
}).unknown(true)).min(1),
12491305
events: Joi.array().items(Joi.object().keys({
12501306
id: Joi.number().required(),
12511307
name: Joi.string(),
12521308
key: Joi.string()
1253-
})),
1309+
}).unknown(true)),
12541310
startDate: Joi.date(),
12551311
prizeSets: Joi.array().items(Joi.object().keys({
12561312
type: Joi.string().valid(_.values(constants.prizeSetTypes)).required(),
@@ -1260,7 +1316,7 @@ partiallyUpdateChallenge.schema = {
12601316
type: Joi.string().required(),
12611317
value: Joi.number().min(0).required()
12621318
})).min(1).required()
1263-
})).min(1),
1319+
}).unknown(true)).min(1),
12641320
tags: Joi.array().items(Joi.string().required()).min(1), // tag names
12651321
projectId: Joi.number().integer().positive(),
12661322
legacyId: Joi.number().integer().positive(),
@@ -1272,9 +1328,9 @@ partiallyUpdateChallenge.schema = {
12721328
userId: Joi.number().integer().positive().required(),
12731329
handle: Joi.string().required(),
12741330
placement: Joi.number().integer().positive().required()
1275-
})).min(1),
1331+
}).unknown(true)).min(1),
12761332
terms: Joi.array().items(Joi.id().optional()).optional().allow([])
1277-
}).required(),
1333+
}).unknown(true).required(),
12781334
userToken: Joi.any()
12791335
}
12801336

0 commit comments

Comments
 (0)