From ba7845891dff3aaf79491b1b4c1163cdbad19be9 Mon Sep 17 00:00:00 2001
From: Cameron Clough <cameronjclough@gmail.com>
Date: Fri, 25 Mar 2022 00:40:07 +0000
Subject: [PATCH] fix(useradmin): fix unpair_device endpoint

---
 src/server/controllers/devices.js  |  4 ++--
 src/server/router/api/useradmin.js | 10 +++++++---
 src/server/router/useradmin.js     | 23 ++++++++++++++++++++---
 3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/src/server/controllers/devices.js b/src/server/controllers/devices.js
index 2bc7f53..fd00fc6 100644
--- a/src/server/controllers/devices.js
+++ b/src/server/controllers/devices.js
@@ -73,7 +73,7 @@ async function pairDeviceToAccountId(dongleId, accountId) {
 }
 
 async function unpairDevice(dongleId, accountId) {
-  const device = await Devices.getOne(
+  const device = await Devices.findOne(
     { where: { account_id: accountId, dongle_id: dongleId } },
   );
 
@@ -89,7 +89,7 @@ async function unpairDevice(dongleId, accountId) {
 }
 
 async function setDeviceNickname(account, dongleId, nickname) {
-  const device = await Devices.getOne(
+  const device = await Devices.findOne(
     { where: { account_id: account.id, dongle_id: dongleId } },
   );
 
diff --git a/src/server/router/api/useradmin.js b/src/server/router/api/useradmin.js
index 2839f9d..93df176 100644
--- a/src/server/router/api/useradmin.js
+++ b/src/server/router/api/useradmin.js
@@ -5,6 +5,7 @@ import cookieParser from 'cookie-parser';
 import controllers from '../../controllers';
 import deviceController from '../../controllers/devices';
 import { requireAuthenticated } from '../../middlewares/authentication';
+import { getDevice } from '../../middlewares/devices';
 
 // TODO Remove this, pending on removing all auth logic from routes
 
@@ -74,10 +75,13 @@ router.get('/overview', requireAuthenticated, runAsyncWrapper(async (req, res) =
   });
 }));
 
-router.get('/unpair_device/:dongleId', requireAuthenticated, runAsyncWrapper(async (req, res) => {
-  const { account, params: { dongleId } } = req;
+router.get('/unpair_device/:dongleId', [requireAuthenticated, getDevice], runAsyncWrapper(async (req, res) => {
+  const {
+    account,
+    device,
+    params: { dongleId },
+  } = req;
 
-  const device = await deviceController.getDeviceFromDongleId(dongleId);
   if (!device) {
     return res.status(404).json({ success: false, msg: 'NOT_FOUND' });
   } else if (device.accountId !== account.id) {
diff --git a/src/server/router/useradmin.js b/src/server/router/useradmin.js
index b1f9939..f28eef0 100644
--- a/src/server/router/useradmin.js
+++ b/src/server/router/useradmin.js
@@ -14,6 +14,7 @@ import mailingController from '../controllers/mailing';
 import deviceController from '../controllers/devices';
 import userController from '../controllers/users';
 import { getAccount } from '../middlewares/authentication';
+import { getDevice } from '../middlewares/devices';
 
 const logger = log4js.getLogger('useradmin');
 const router = express.Router();
@@ -207,6 +208,7 @@ router.get('/overview', requireAuthenticated, runAsyncWrapper(async (req, res) =
 
   let response = `<html style="font-family: monospace">
     <h2>Welcome To The RetroPilot Server Dashboard!</h2>
+    ${req.query.status ? `<dialog open>${htmlspecialchars(req.query.status)}</dialog>` : ''}
     <br><br>
     <h3>Account Overview</h3>
     <b>Account:</b> #${account.id}<br>
@@ -248,11 +250,26 @@ ${req.query.linkstatus !== undefined ? `<br><u>${htmlspecialchars(req.query.link
 }));
 
 // TODO: move to useradmin api
-router.get('/api/useradmin/unpair_device/:dongleId', requireAuthenticated, runAsyncWrapper(async (req, res) => {
-  // TODO: implement unpair_device?
-  return res.redirect('/useradmin/overview');
+router.get('/unpair_device/:dongleId', [requireAuthenticated, getDevice], runAsyncWrapper(async (req, res) => {
+  const { device } = req;
+  if (!device) {
+    return res.redirect(`/useradmin/overview?status=${encodeURIComponent('Device not found')}`);
+  }
+
+  if (device.account_id !== req.account.id) {
+    return res.redirect(`/useradmin/overview?status=${encodeURIComponent('Not authorized')}`);
+  }
+
+  const result = await deviceController.unpairDevice(device.dongle_id, req.account.id);
+  if (!result.success) {
+    logger.warn(`Failed to unpair device ${device.dongle_id} for account ${req.account.id}: ${result}`);
+    return res.redirect(`/useradmin/overview?status=${encodeURIComponent('An unknown error occurred')}`);
+  }
+
+  return res.redirect(`/useradmin/overview?status=${encodeURIComponent('Device unpaired successfully')}`);
 }));
 
+// TODO: move to useradmin api
 router.post('/pair_device', [requireAuthenticated, bodyParser.urlencoded({ extended: true })], runAsyncWrapper(async (req, res) => {
   const { account, body: { qrString } } = req;