Merge pull request OWASP#171 from OWASP/revert-167-issue#152_data

UlisesGascon · web-flow · commit e83316d20099 · 2019-09-10T07:34:39.000+02:00
Revert "issue#152 data folder es6 migration"
diff --git a/app/data/benefits-dao.js b/app/data/benefits-dao.js
@@ -10,27 +10,27 @@ function BenefitsDAO(db) {
         return new BenefitsDAO(db);
     }
 
-    const usersCol = db.collection("users");
+    var usersCol = db.collection("users");
 
-    this.getAllNonAdminUsers = (callback) => {
+    this.getAllNonAdminUsers = function(callback) {
         usersCol.find({
             "isAdmin": {
                 $ne: true
             }
-        }).toArray((err, users) => {
+        }).toArray(function(err, users) {
             callback(null, users);
         });
     };
 
-    this.updateBenefits = (userId, startDate, callback) => {
+    this.updateBenefits = function(userId, startDate, callback) {
         usersCol.update({
                 _id: parseInt(userId)
             }, {
                 $set: {
                     benefitStartDate: startDate
                 }
             },
-            (err, result) => {
+            function(err, result) {
                 if (!err) {
                     console.log("Updated benefits");
                     return callback(null, result);
diff --git a/app/data/contributions-dao.js b/app/data/contributions-dao.js
@@ -1,4 +1,4 @@
-const UserDAO = require("./user-dao").UserDAO;
+var UserDAO = require("./user-dao").UserDAO;
 
 /* The ContributionsDAO must be constructed with a connected database object */
 function ContributionsDAO(db) {
@@ -11,31 +11,31 @@ function ContributionsDAO(db) {
         return new ContributionsDAO(db);
     }
 
-    const contributionsDB = db.collection("contributions");
-    const userDAO = new UserDAO(db);
+    var contributionsDB = db.collection("contributions");
+    var userDAO = new UserDAO(db);
 
-    this.update = (userId, preTax, afterTax, roth, callback) => {
-        const parsedUserId = parseInt(userId);
+    this.update = function(userId, preTax, afterTax, roth, callback) {
+        var parsedUserId = parseInt(userId);
 
         // Create contributions document
-        const contributions = {
+        var contributions = {
             userId: parsedUserId,
-            preTax,
-            afterTax,
-            roth
+            preTax: preTax,
+            afterTax: afterTax,
+            roth: roth
         };
-        const {} = contributions;
+
         contributionsDB.update({
                 userId: userId
             },
             contributions, {
                 upsert: true
             },
-            (err, result) => {
+            function(err, result) {
                 if (!err) {
                     console.log("Updated contributions");
                     // add user details
-                    userDAO.getUserById(parsedUserId, (err, user) => {
+                    userDAO.getUserById(parsedUserId, function(err, user) {
 
                         if (err) return callback(err, null);
 
@@ -53,11 +53,11 @@ function ContributionsDAO(db) {
         );
     };
 
-    this.getByUserId = (userId, callback) => {
+    this.getByUserId = function(userId, callback) {
         contributionsDB.findOne({
                 userId: userId
             },
-            (err, contributions) => {
+            function(err, contributions) {
                 if (err) return callback(err, null);
 
                 // Set defualt contributions if not set
@@ -68,7 +68,7 @@ function ContributionsDAO(db) {
                 };
 
                 // add user details
-                userDAO.getUserById(userId, (err, user) => {
+                userDAO.getUserById(userId, function(err, user) {
 
                     if (err) return callback(err, null);
 
diff --git a/app/data/memos-dao.js b/app/data/memos-dao.js
@@ -10,17 +10,17 @@ function MemosDAO(db) {
         return new MemosDAO(db);
     }
 
-    const memosCol = db.collection("memos");
+    var memosCol = db.collection("memos");
 
-    this.insert = (memo, callback) => {
+    this.insert = function(memo, callback) {
 
         // Create allocations document
-        const memos = {
+        var memos = {
             memo: memo,
             timestamp: new Date()
         };
 
-        memosCol.insert(memos, (err, result) => {
+        memosCol.insert(memos, function(err, result) {
 
             if (!err) {
                 return callback(null, result);
@@ -30,11 +30,11 @@ function MemosDAO(db) {
         });
     };
 
-    this.getAllMemos = (callback) => {
+    this.getAllMemos = function(callback) {
 
         memosCol.find({}).sort({
             timestamp: -1
-        }).toArray((err, memos) => {
+        }).toArray(function(err, memos) {
             if (err) return callback(err, null);
             if (!memos) return callback("ERROR: No memos found", null);
 
diff --git a/app/data/profile-dao.js b/app/data/profile-dao.js
@@ -10,7 +10,7 @@ function ProfileDAO(db) {
         return new ProfileDAO(db);
     }
 
-    const users = db.collection("users");
+    var users = db.collection("users");
 
     /* Fix for A6 - Sensitive Data Exposure
 
@@ -39,10 +39,10 @@ function ProfileDAO(db) {
     };
     */
 
-    this.updateUser = (userId, firstName, lastName, ssn, dob, address, bankAcc, bankRouting, callback) => {
+    this.updateUser = function(userId, firstName, lastName, ssn, dob, address, bankAcc, bankRouting, callback) {
 
         // Create user document
-        const user = {};
+        var user = {};
         if (firstName) {
             user.firstName = firstName;
         }
@@ -80,7 +80,7 @@ function ProfileDAO(db) {
             }, {
                 $set: user
             },
-            (err, result) => {
+            function(err, result) {
                 if (!err) {
                     console.log("Updated user profile");
                     return callback(null, user);
@@ -91,11 +91,11 @@ function ProfileDAO(db) {
         );
     };
 
-    this.getByUserId = (userId, callback) => {
+    this.getByUserId = function(userId, callback) {
         users.findOne({
                 _id: parseInt(userId)
             },
-            (err, user) => {
+            function(err, user) {
                 if (err) return callback(err, null);
                 /*
                 // Fix for A6 - Sensitive Data Exposure
diff --git a/app/data/research-dao.js b/app/data/research-dao.js
@@ -10,9 +10,9 @@ function ResearchDAO(db) {
         return new ResearchDAO(db);
     }
 
-    this.getBySymbol= (symbol, callback) =>{
+    this.getBySymbol= function(symbol, callback) {
 
-        const searchCriteria = () => {
+        function searchCriteria() {
 
             if (symbol) {
                 console.log("in if symbol");
@@ -21,8 +21,6 @@ function ResearchDAO(db) {
                 };
             }
         }
-
-        return searchCriteria;
     }
 }
 
diff --git a/app/data/user-dao.js b/app/data/user-dao.js
@@ -1,4 +1,4 @@
-const bcrypt = require("bcrypt-nodejs");
+var bcrypt = require("bcrypt-nodejs");
 
 /* The UserDAO must be constructed with a connected database object */
 function UserDAO(db) {
@@ -12,12 +12,12 @@ function UserDAO(db) {
         return new UserDAO(db);
     }
 
-    const usersCol = db.collection("users");
+    var usersCol = db.collection("users");
 
-    this.addUser = (userName, firstName, lastName, password, email, callback) => {
+    this.addUser = function(userName, firstName, lastName, password, email, callback) {
 
         // Create user document
-        const user = {
+        var user = {
             userName: userName,
             firstName: firstName,
             lastName: lastName,
@@ -35,15 +35,15 @@ function UserDAO(db) {
             user.email = email;
         }
 
-        this.getNextSequence("userId", (err, id) => {
+        this.getNextSequence("userId", function(err, id) {
             if (err) {
                 return callback(err, null);
             }
             console.log(typeof(id));
 
             user._id = id;
 
-            usersCol.insert(user, (err, result) => {
+            usersCol.insert(user, function(err, result) {
 
                 if (!err) {
                     return callback(null, result.ops[0]);
@@ -54,18 +54,18 @@ function UserDAO(db) {
         });
     };
 
-    this.getRandomFutureDate = () => {
-        const today = new Date();
-        const day = (Math.floor(Math.random() * 10) + today.getDay()) % 29;
-        const month = (Math.floor(Math.random() * 10) + today.getMonth()) % 12;
-        const year = Math.ceil(Math.random() * 30) + today.getFullYear();
+    this.getRandomFutureDate = function() {
+        var today = new Date();
+        var day = (Math.floor(Math.random() * 10) + today.getDay()) % 29;
+        var month = (Math.floor(Math.random() * 10) + today.getMonth()) % 12;
+        var year = Math.ceil(Math.random() * 30) + today.getFullYear();
         return year + "-" + ("0" + month).slice(-2) + "-" + ("0" + day).slice(-2);
     };
 
-    this.validateLogin = (userName, password, callback) => {
+    this.validateLogin = function(userName, password, callback) {
 
         // Helper function to compare passwords
-        const comparePassword = (fromDB, fromUser) => {
+        function comparePassword(fromDB, fromUser) {
             return fromDB === fromUser;
             /*
             // Fix for A2-Broken Auth
@@ -75,21 +75,21 @@ function UserDAO(db) {
         }
 
         // Callback to pass to MongoDB that validates a user document
-        const validateUserDoc = (err, user) => {
+        function validateUserDoc(err, user) {
 
             if (err) return callback(err, null);
 
             if (user) {
                 if (comparePassword(password, user.password)) {
                     callback(null, user);
                 } else {
-                    const invalidPasswordError = new Error("Invalid password");
+                    var invalidPasswordError = new Error("Invalid password");
                     // Set an extra field so we can distinguish this from a db error
                     invalidPasswordError.invalidPassword = true;
                     callback(invalidPasswordError, null);
                 }
             } else {
-                const noSuchUserError = new Error("User: " + user + " does not exist");
+                var noSuchUserError = new Error("User: " + user + " does not exist");
                 // Set an extra field so we can distinguish this from a db error
                 noSuchUserError.noSuchUser = true;
                 callback(noSuchUserError, null);
@@ -102,19 +102,19 @@ function UserDAO(db) {
     };
 
     // This is the good one, see the next function
-    this.getUserById = (userId, callback) => {
+    this.getUserById = function(userId, callback) {
         usersCol.findOne({
             _id: parseInt(userId)
         }, callback);
     };
 
-    this.getUserByUserName = (userName, callback) => {
+    this.getUserByUserName = function(userName, callback) {
         usersCol.findOne({
             userName: userName
         }, callback);
     };
 
-    this.getNextSequence = (name, callback) => {
+    this.getNextSequence = function(name, callback) {
         db.collection("counters").findAndModify({
                 _id: name
             }, [], {
@@ -124,7 +124,7 @@ function UserDAO(db) {
             }, {
                 new: true
             },
-            (err, data) => {
+            function(err, data) {
                 if (err) {
                     return callback(err, null);
                 }

Original file line number	Diff line number	Diff line change
`@@ -10,9 +10,9 @@ function ResearchDAO(db) {`
`10`	`10`	`return new ResearchDAO(db);`
`11`	`11`	`}`
`12`	`12`
`13`		`- this.getBySymbol= (symbol, callback) =>{`
	`13`	`+ this.getBySymbol= function(symbol, callback) {`
`14`	`14`
`15`		`- const searchCriteria = () => {`
	`15`	`+ function searchCriteria() {`
`16`	`16`
`17`	`17`	`if (symbol) {`
`18`	`18`	`console.log("in if symbol");`
`@@ -21,8 +21,6 @@ function ResearchDAO(db) {`
`21`	`21`	`};`
`22`	`22`	`}`
`23`	`23`	`}`
`24`		`-`
`25`		`- return searchCriteria;`
`26`	`24`	`}`
`27`	`25`	`}`
`28`	`26`