Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move validations done in the user controllers into DTO #459

Merged
merged 9 commits into from
Dec 11, 2024
3 changes: 3 additions & 0 deletions apps/drec-api/src/guards/PermissionGuard.ts
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ export class PermissionGuard implements CanActivate {
const request = context.switchToHttp().getRequest();
let user: IUser;
user = request.user;
if (!user) {
return false;
}
if (request.url.split('/')[3] === 'register') {
this.logger.verbose(`When ${request.url.split('/')[3]}`);
if (request.body.organizationType === Role.ApiUser) {
Expand Down
13 changes: 7 additions & 6 deletions apps/drec-api/src/pods/user/dto/create-user.dto.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import { ApiProperty, PickType, IntersectionType } from '@nestjs/swagger';
import { ApiProperty, PickType } from '@nestjs/swagger';
import { UserDTO } from './user.dto';
import { OrganizationDTO } from '../../organization/dto/organization.dto';
import {
IsNotEmpty,
IsString,
Expand Down Expand Up @@ -36,10 +35,7 @@ import { Match } from '../decorators/match.decorator';
// }

export class CreateUserORGDTO
extends IntersectionType(
PickType(UserDTO, ['firstName', 'lastName', 'email'] as const),
PickType(OrganizationDTO, ['organizationType'] as const),
)
extends PickType(UserDTO, ['firstName', 'lastName', 'email'] as const)
implements UserORGRegistrationData
{
@ApiProperty({ type: String })
Expand Down Expand Up @@ -91,4 +87,9 @@ export class CreateUserORGDTO

@IsOptional()
orgid?: number;

@ApiProperty({ type: String })
@IsString()
@IsNotEmpty()
organizationType: string;
}
41 changes: 6 additions & 35 deletions apps/drec-api/src/pods/user/user.controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ import { Permission } from '../permission/decorators/permission.decorator';
import { ACLModules } from '../access-control-layer-module-service/decorator/aclModule.decorator';
import { Roles } from './decorators/roles.decorator';
import { Role } from '../../utils/enums';
import { IsEmail } from 'class-validator';

@ApiTags('user')
@ApiBearerAuth('access-token')
Expand Down Expand Up @@ -127,35 +128,6 @@ export class UserController {
@Req() request: Request,
): Promise<UserDTO> {
const user = request.user;
if (
userRegistrationData.organizationType === '' ||
userRegistrationData.organizationType === null ||
userRegistrationData.organizationType === undefined
) {
throw new ConflictException({
success: false,
message: `organizationType should not be empty`,
});
}
if (
userRegistrationData.organizationType.toLowerCase() !=
'Buyer'.toLowerCase() &&
userRegistrationData.organizationType.toLowerCase() !=
'Developer'.toLowerCase() &&
userRegistrationData.organizationType.toLowerCase() !=
'ApiUser'.toLowerCase()
) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here you have removed the validation to check if the organization type matches certain values and this validation wasn't added to the DTO

throw new ConflictException({
success: false,
message: `organizationType value should be Developer/Buyer/ApiUser`,
});
}
Comment on lines -140 to -152
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validation is not implemented because when I send an organizationType with buyer I get a forbidden error.

Example
{ "firstName": "babous", "lastName": "cedrus", "email": "babouce@gmail.com", "organizationType": "buyer", "password": "King@123", "confirmPassword": "King@123", "orgName": "BC group", "orgAddress": "KN150" }
response
{ "statusCode": 403, "message": "Forbidden resource", "error": "Forbidden" }

if (userRegistrationData.orgName.trim() === '') {
throw new ConflictException({
success: false,
message: `orgName should not be empty`,
});
}
Comment on lines -153 to -158
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validation is not done because if I send an empty string with space inside it I don't get any error and the response becomes successful.
example:
{ "firstName": "babous", "lastName": "cedrus", "email": "babouce@gmail.com", "organizationType": "Buyer", "password": "King@123", "confirmPassword": "King@123", "orgName": " ", "orgAddress": "KN150" }

if (!userRegistrationData.api_user_id) {
userRegistrationData.api_user_id = (user as any).api_user_id;
}
Expand Down Expand Up @@ -233,14 +205,13 @@ export class UserController {
@Param('token') token: IEmailConfirmationToken['token'],
@Body() body: UpdateChangePasswordDTO,
): Promise<UserDTO> {
const emailregex =
/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}))$/;
let emailConfirmation: any;
if (emailregex.test(token)) {
emailConfirmation = await this.userService.findOne({ email: token });
if (IsEmail(token)) {
const emailConfirmation = await this.userService.findOne({
email: token,
});
return this.userService.updatechangePassword(emailConfirmation, body);
} else {
emailConfirmation = await this.emailConfirmationService.findOne({
const emailConfirmation = await this.emailConfirmationService.findOne({
token,
});
if (!emailConfirmation) {
Expand Down