feat: Integrated Dicebear Library To Enhance Security

[akhilender-bongirwar]

What kind of change does this PR introduce?
This PR introduces Dicebear library integration in our application.

Issue Number:

Fixes #1391

Did you add tests for your changes?
Yes

Snapshots/Videos:

2024-02-15.17-14-25.mp4

If relevant, did you update the documentation?
No

Summary

• Added the Dicebear library as a dependency to the project.
• Imported the necessary functions from the library.
• Created a new Avatar component that utilizes the Dicebear library locally.
• Updated the component to accept name, alt, and size as props.
• Utilized the Dicebear library to generate avatars with initials.
• Removed direct HTTP API calls from the codebase.
• Replaced instances of direct HTTP API calls with the newly created Avatar component.
• Updated the exisiting tests and ensured the tests are still valid.
• Mitigated security risks associated with SSRF and XSS attacks by eliminating direct HTTP API calls.
• By using the Dicebear library locally, we reduce potential vulnerabilities.
• Ensured no other functionality is affected.

Does this PR introduce a breaking change?
No

Other information

Have you read the contributing guide?
Yes

[github-actions]

Our Pull Request Approval Process

We have these basic policies to make the approval process smoother for our volunteer team.

Testing Your Code

Please make sure your code passes all tests. Our test code coverage system will fail if these conditions occur:

1. The overall code coverage drops below the target threshold of the repository
2. Any file in the pull request has code coverage levels below the repository threshold
3. Merge conflicts

The process helps maintain the overall reliability of the code base and is a prerequisite for getting your PR approved. Assigned reviewers regularly review the PR queue and tend to focus on PRs that are passing.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.10%. Comparing base (092b9f6) to head (9923e69).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #1585   +/-   ##
========================================
  Coverage    98.09%   98.10%           
========================================
  Files          138      139    +1     
  Lines         3681     3689    +8     
  Branches      1132     1135    +3     
========================================
+ Hits          3611     3619    +8     
  Misses          64       64           
  Partials         6        6           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[akhilender-bongirwar]

I was also getting this error

 FAIL  src/components/Avatar/Avatar.test.tsx
  ● Test suite failed to run

    Jest encountered an unexpected token

    Jest failed to parse a file. This happens e.g. when your code or its dependencies use non-standard JavaScript syntax, or when Jest is not configured to support such syntax.

    Out of the box Jest supports Babel, which will be used to transform your files into valid JS based on your Babel configuration.

    By default "node_modules" folder is ignored by transformers.

    Here's what you can do:
     • If you are trying to use ECMAScript Modules, see https://jestjs.io/docs/ecmascript-modules for how to enable it.
     • If you are trying to use TypeScript, see https://jestjs.io/docs/getting-started#using-typescript
     • To have some of your "node_modules" files transformed, you can specify a custom "transformIgnorePatterns" in your config.
     • If you need a custom transformation specify a "transform" option in your config.
     • If you simply want to mock your non-JS modules (e.g. binary assets) you can stub them out with the "moduleNameMapper" config option.

    You'll find more details and examples of these config options in the docs:
    https://jestjs.io/docs/configuration
    For information about custom transformations, see:
    https://jestjs.io/docs/code-transformation

    Details:

    /Users/mahendradani/Documents/Programming/GSOC24/Palisadoes/talawa-admin/node_modules/@dicebear/core/lib/index.js:7
    import * as license from './utils/license.js';
    ^^^^^^

    SyntaxError: Cannot use import statement outside a module

      1 | import React from 'react';
    > 2 | import { createAvatar } from '@dicebear/core';
        | ^
      3 | import { initials } from '@dicebear/collection';
      4 | import { useMemo } from 'react';
      5 |

      at Runtime.createScriptFromCode (node_modules/jest-runtime/build/index.js:1728:14)
      at Object.<anonymous> (src/components/Avatar/Avatar.tsx:2:1)
      at Object.<anonymous> (src/components/Avatar/Avatar.test.tsx:3:1)
      at TestScheduler.scheduleTests (node_modules/@jest/core/build/TestScheduler.js:333:13)
      at runJest (node_modules/@jest/core/build/runJest.js:404:19)

• Encountered an issue in Avatar tests due to Jest's inability to handle non-standard syntax.
• Explored various approaches and found a solution by creating a mocks folder to mock @dicebear/core and @dicebear/collection.
• Updated jest.config.js to include necessary configuration for handling non-standard syntax.
• Successfully resolved the "SyntaxError: Cannot use import statement outside a module" issue.
• Ensured no other functionality is affected, and the Avatar tests run smoothly.

@rishav-jha-mech, I would like to hear your views on the approach I followed to solve the above problem.

[Cioppolo14]

@rishav-jha-mech @noman2002 Could you help answer this question?

[Cioppolo14]

@Kevoniat @beingnoble03 Can you review this PR?

[palisadoes]

NOTE Read very carefully

1. We just merged this PR which upgraded the prettier package.
   1. Upgraded prettier from 2.3.2 to 3.2.5 #1599
2. It reformatted over 150 files.

This will put your PR at risk of extensive merge conflicts. Do the following IN THIS ORDER:

1. upgrade your prettier in your local branch to the same version
2. run prettier on your local branch
3. update your local branch with the latest upstream

This will help to reduce the number of existing and future merge conflicts for your PR.

[akhilender-bongirwar]

@beingnoble03 @Kevoniat please review : )

[akhilender-bongirwar]

Why didn't the GitHub Action: authorized-changes-detection not run ?

// @palisadoes

[akhilender-bongirwar]

@rishav-jha-mech @beingnoble03 @Kevoniat please review, I have modified the code as suggested : )

[akhilender-bongirwar]

@palisadoes, could you please review

[rishav-jha-mech]

@akhilender-bongirwar please fix the failing test for Introspection

[palisadoes]

@rishav-jha-mech the introspection tests are going to fail at this time. The API has a significant amount of new features not present in admin

Please review

[akhilender-bongirwar]

@akhilender-bongirwar please fix the failing test for Introspection

@rishav-jha-mech, the introspection test failures are not caused by my changes. Please check issue number #1542.

[palisadoes]

@akhilender-bongirwar

This PR created a __mocks__ directory under root. We'd prefer not to have that.

1. Is this temporary for testing?
2. Should we add it to .gitignore?
3. If it's necessary, the scripts/ directory would be a better place to put it.

[akhilender-bongirwar]

I was also getting this error

 FAIL  src/components/Avatar/Avatar.test.tsx
  ● Test suite failed to run

    Jest encountered an unexpected token

    Jest failed to parse a file. This happens e.g. when your code or its dependencies use non-standard JavaScript syntax, or when Jest is not configured to support such syntax.

    Out of the box Jest supports Babel, which will be used to transform your files into valid JS based on your Babel configuration.

    By default "node_modules" folder is ignored by transformers.

    Here's what you can do:
     • If you are trying to use ECMAScript Modules, see https://jestjs.io/docs/ecmascript-modules for how to enable it.
     • If you are trying to use TypeScript, see https://jestjs.io/docs/getting-started#using-typescript
     • To have some of your "node_modules" files transformed, you can specify a custom "transformIgnorePatterns" in your config.
     • If you need a custom transformation specify a "transform" option in your config.
     • If you simply want to mock your non-JS modules (e.g. binary assets) you can stub them out with the "moduleNameMapper" config option.

    You'll find more details and examples of these config options in the docs:
    https://jestjs.io/docs/configuration
    For information about custom transformations, see:
    https://jestjs.io/docs/code-transformation

    Details:

    /Users/mahendradani/Documents/Programming/GSOC24/Palisadoes/talawa-admin/node_modules/@dicebear/core/lib/index.js:7
    import * as license from './utils/license.js';
    ^^^^^^

    SyntaxError: Cannot use import statement outside a module

      1 | import React from 'react';
    > 2 | import { createAvatar } from '@dicebear/core';
        | ^
      3 | import { initials } from '@dicebear/collection';
      4 | import { useMemo } from 'react';
      5 |

      at Runtime.createScriptFromCode (node_modules/jest-runtime/build/index.js:1728:14)
      at Object.<anonymous> (src/components/Avatar/Avatar.tsx:2:1)
      at Object.<anonymous> (src/components/Avatar/Avatar.test.tsx:3:1)
      at TestScheduler.scheduleTests (node_modules/@jest/core/build/TestScheduler.js:333:13)
      at runJest (node_modules/@jest/core/build/runJest.js:404:19)

* Encountered an issue in Avatar tests due to Jest's inability to handle non-standard syntax.

* Explored various approaches and found a solution by creating a **mocks** folder to mock @dicebear/core and @dicebear/collection.

* Updated jest.config.js to include necessary configuration for handling non-standard syntax.

* Successfully resolved the "SyntaxError: Cannot use import statement outside a module" issue.

* Ensured no other functionality is affected, and the Avatar tests run smoothly.

@rishav-jha-mech, I would like to hear your views on the approach I followed to solve the above problem.

@palisadoes, I added the __mocks__ directory to address an issue encountered during Avatar component tests. The problem arose from Jest's inability to handle non-standard syntax.

1. No, it is not temporary; it is required for testing the Avatar component.
2. No, we should not add it to gitignore file, as it will result in the failure of Avatar component tests.
3. As it is necessary, would you like to create a new issue for this and raise a PR to migrate it to the scripts directory?

[palisadoes]

1. Raise another PR against the original issue.
2. Name the directory to better reflect it's purpose of possible

[akhilender-bongirwar]

1. Raise another PR against the original issue.

   2. Name the directory to better reflect it's purpose of possible

Sure, sir. I will do it asap.