Company - POST - A client with valid token cannot create a company

[sulenchy]

A client cannot create a company. How to recreate:

• log in as a client and get the token Payload

  {
  "firstName": "Client",
  "lastName": "test",
  "email": "abiodun.abudu+agency+client+test@noroff.no",
  "password": "**********",
  "role": "Client"
  }

• create a company: Token bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJhNjI0MGEyMi1hMWEwLTQ2NmItOGIxZS00ZmVmMTNlOWZiMGEiLCJlbWFpbCI6ImFiaW9kdW4uYWJ1ZHUrYWdlbmN5K2NsaWVudCt0ZXN0QG5vcm9mZi5ubyIsImlhdCI6MTcwNTMwODQ4MiwiZXhwIjoxNzA1Mzk0ODgyfQ.nbgJLwtvMDwKUbf8onC0SLftv6-sfspySjQSvsCq318 ` Payload

  {
  "name": "Tech Agency Inc",
  "sector": "Web Development.",
  "phone": 242424242424,
  "logo": "www.tech-agency-inc.com/logo.jpg",
  "admin": "a6240a22-a1a0-466b-8b1e-4fef13e9fb0a"
  }

• Response from the server

{
    "message": "Invalid authorization token provided, please re-log."
}

• Suggestion I think something is wrong in verifyToken

[chalund]

@chrisbekk can you make this issue a top priority? Team Kolsås needs it sorted out to get started on their work.

[KarenJoo]

@chalund Can confirm that this issue is assigned and prioritized

[runeunhjem]

Actually made a company - needed to make the phonenumber a string:

{ "name": "Holmenkollen Devs", "sector": "Listings.", "phone": "+47 12345678", "logo": "https://www.svgrepo.com/show/448058/logo.svg", "admin": "1345d9c4-6ceb-40a7-b1d0-32ab3de7033e" }

This worked.

[runeunhjem]

Altho while trying to create a new listing with that company i get this error.

{
    "message": "Unexpected internal server error.",
    "code": "P2025",
    "clientVersion": "4.9.0",
    "meta": {
        "cause": "No 'Company' record(s) (needed to inline the relation on 'Listing' record(s)) was found for a nested connect on one-to-many relation 'CompanyToListing'."
    }
}

Might need a separate ticket for this?

Here's the body i send:

{
  "company": "7533e4ca-9877-432b-9897-202d6b883b74",
  "title": "Quality Assurance",
  "tags": [
        "Check open tickets",
        "Check in with your SM",
        "Close finished tickets tickets"
    ],
  "description": "We want you that do look over tickets currently open or done in the frontend team board. Please do communicate with other dev's or your SM",
  "requirements": [
        "Minimum of 3 tickets without merge conflicts.",
        "Degree in communicating with other dev's.",
        "Ability to communication with your SM.",
        "Expertise in QA.",
        "Must be comfortable requesting changes from dev's that made PR's.",
        "Passion for thinking of the project and the team, putting the team first."
   ],
  "deadline": "2024-12-23T12:19:48.625Z"
}

[kimrm]

{ "name": "Tech Agency Inc", "sector": "Web Development.", "phone": "+47 12345345", "logo": "www.tech-agency-inc.com/logo.jpg", "admin": "804513e4-f68a-4697-861c-15bf694eb4d9" }

Response: {"message":"Only clients can create listings."}

In company/middleware/checkAuth.js (backend) it seems this code kicks in: if (verified.role === "Applicant") { return res .status(401) .json({ message: "Only clients can create listings." }); }

How can we change role for the user?

[chrisbekk]

Will get to work on this issue ASAP. Need to setup some dependencies first.

[runeunhjem]

You can create a client user using your postman. See example below:

Url

https://agency-api.noroff.dev/users

Payload

{ "firstName": "Client", "lastName": "test", "email": "abiodun.abudu+agency+client+test@noroff.no", "password": "Password123", "role": "Client" }

[runeunhjem]

Also i got the Create new listing to work -- was my bad - used wrong id.

[kimrm]

You can create a client user using your postman. See example below:

Url

https://agency-api.noroff.dev/users

Payload

{ "firstName": "Client", "lastName": "test", "email": "abiodun.abudu+agency+client+test@noroff.no", "password": "Password123", "role": "Client" }

But this is logging in with Abi's user? How will a user who has signed up be able to create a company when they get the Applicant role as default?

The way this is structured in the backend it looks like companies are supposed to be created only by admin users.

In company/controllers/createCompany.js there is a check for Admin role:

if (admin !== user.id && user.role !== "Admin") {
    return res
      .status(400)
      .send({ message: "User's Id doesn't match request admin Id." });
  }

[Anclagen]

Is this error using the main branch or the dev branch which will be more up to date in terms of code?

[runeunhjem]

I have been using only main today, but seems all is working now tho @Anclagen

[runeunhjem]

You can use any mail address and any name - point is to set the role as "Client" to be able to do the company stuff at least - The admin is another matter - I havnt touched that yet. @kimrm

[kimrm]

Ah. So when logging in, the frontend can decide the role for the user. That's a bit weird, but okay :)

[runeunhjem]

I am only using postman - Have not been able to log in with a client account @kimrm

[kimrm]

I am only using postman - Have not been able to log in with a client account @kimrm

Sorry, I misunderstood. My bad. I didn't know the role could be set when registering the user. This should be in the swagger docs.

[kimrm]

I'm able to register a company using Postman now, and also via the form on the website (after editing some code). So this seems to work actually.

[sulenchy]

@runeunhjem Can you share the working payload for Company POST?

[runeunhjem]

{
  "name": "Holmenkollen Devs",
  "sector": "Listings.",
  "phone": "+47 12345678",
  "logo": "https://www.svgrepo.com/show/448058/logo.svg",
  "admin": "1345d9c4-6ceb-40a7-b1d0-32ab3de7033e"
}

admin is the Client ID And auth token is also token from Client account.

@sulenchy

[kimrm]

What's the status here? Will this be kept as it is, or will there be some changes to how a company is created? We are waiting to make some changes to the registration form.

@NoroffFEU/grefsenkollen

[Anclagen]

I have had no problems creating a client user and company on the main or dev branches when trying to reproduce this error.

I also have a company setup currently running version of the API too.

Some thing to note while trying to reproduce this:

• We should remove the admin requirement from the payload as we can get the user id ourselves with the verification token.
• If you create a second company with the same user the old company remains and you are removed as admin, leaving companies without admins so a check for existing company is required, or an update to the schema to allow a client to have multiple companies. #122

[RamtinMoshtagh]

There was another one on this and he asked for someone else to look at it, so i have assigned myself to it. Will give it a look now @kimrm @Anclagen

Based on the comments, it looks like something is working, but ofc needs adjustments.

[Anclagen]

As people are able to create companies I will close this issue as it has spawned various issue that appear to have caused the problem in the first place.