From e4f40336c739efb7da2b05df7f8eac75b13cbf1c Mon Sep 17 00:00:00 2001
From: Maxime Lalo <maxime.lalo.pro@gmail.com>
Date: Wed, 24 Apr 2024 11:23:01 +0200
Subject: [PATCH 1/2] :sparkles: refresh token refreshes rules

---
 src/app/api/idnot/UserController.ts           | 71 ++++++++++---------
 .../common/AuthService/AuthService.ts         |  2 +-
 2 files changed, 38 insertions(+), 35 deletions(-)

diff --git a/src/app/api/idnot/UserController.ts b/src/app/api/idnot/UserController.ts
index 327db94b..f8c43ba2 100644
--- a/src/app/api/idnot/UserController.ts
+++ b/src/app/api/idnot/UserController.ts
@@ -2,7 +2,7 @@ import { Response, Request } from "express";
 import { Controller, Post } from "@ControllerPattern/index";
 import ApiController from "@Common/system/controller-pattern/ApiController";
 import { Service } from "typedi";
-import AuthService, { IUserJwtPayload } from "@Services/common/AuthService/AuthService";
+import AuthService, { IUserJwtPayload, PROVIDER_OPENID } from "@Services/common/AuthService/AuthService";
 
 import IdNotService from "@Services/common/IdNotService/IdNotService";
 import User, { RulesGroup } from "le-coffre-resources/dist/Admin";
@@ -22,7 +22,7 @@ export default class UserController extends ApiController {
 		private userService: UsersService,
 		private subscriptionsService: SubscriptionsService,
 		private seatsService: SeatsService,
-		private rulesGroupsService: RulesGroupsService
+		private rulesGroupsService: RulesGroupsService,
 	) {
 		super();
 	}
@@ -35,11 +35,11 @@ export default class UserController extends ApiController {
 	@Post("/api/v1/idnot/user/:code")
 	protected async getUserInfosFromIdnot(req: Request, response: Response) {
 		try {
-			const code = req.params["code"];			
+			const code = req.params["code"];
 
 			if (!code) throw new Error("code is required");
 
-			const idNotToken = await this.idNotService.getIdNotToken(code);						
+			const idNotToken = await this.idNotService.getIdNotToken(code);
 
 			if (!idNotToken) {
 				this.httpValidationError(response, "IdNot token undefined");
@@ -48,7 +48,6 @@ export default class UserController extends ApiController {
 
 			const user = await this.idNotService.getOrCreateUser(idNotToken);
 			console.log(user);
-						
 
 			if (!user) {
 				this.httpUnauthorized(response, "User not found");
@@ -61,7 +60,6 @@ export default class UserController extends ApiController {
 			//Get user with contact
 			const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true });
 			console.log(prismaUser);
-						
 
 			if (!prismaUser) {
 				this.httpNotFoundRequest(response, "user not found");
@@ -71,7 +69,6 @@ export default class UserController extends ApiController {
 			//Hydrate user to be able to use his contact
 			const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" });
 			console.log(userHydrated);
-						
 
 			if (!userHydrated.contact?.email || userHydrated.contact?.email === "") {
 				this.httpUnauthorized(response, "Email not found");
@@ -79,21 +76,20 @@ export default class UserController extends ApiController {
 			}
 			let isSubscribed = false;
 
-			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });	
+			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });
 			console.log(subscriptions);
-											
+
 			if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
 				console.log("no subscription");
-				
+
 				isSubscribed = false;
-			}
-			else if (subscriptions[0]?.type === EType.Unlimited) {
+			} else if (subscriptions[0]?.type === EType.Unlimited) {
 				console.log("unlimited subscription");
-				
+
 				isSubscribed = true;
 			} else {
 				console.log("Seats");
-				
+
 				const hasSeat = await this.subscriptionsService.get({
 					where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } },
 				});
@@ -127,32 +123,36 @@ export default class UserController extends ApiController {
 			// 	return;
 			// }
 
-			await this.idNotService.updateOffice(user.office_uid);			
+			await this.idNotService.updateOffice(user.office_uid);
 
-			const payload = await this.authService.getUserJwtPayload(user.idNot);			
-			if(!payload) return;
+			const payload = await this.authService.getUserJwtPayload(user.idNot);
+			if (!payload) return;
 
 			console.log(isSubscribed, userHydrated.role?.name);
-			
-			if(!isSubscribed && userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin"){
-				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, include: { rules: true } });
-				console.log(manageSubscriptionRulesEntity);
-				
-				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, { strategy: "excludeAll" });				
-				if(!manageSubscriptionRules[0]) return;
-	
-				payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];	
-				console.log(payload);
-							
-				isSubscribed = true;					
-			}
 
+			if ((!isSubscribed && userHydrated.role?.name === "admin") || userHydrated.role?.name === "super-admin") {
+				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
+					where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
+					include: { rules: true },
+				});
+				console.log(manageSubscriptionRulesEntity);
+
+				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
+					strategy: "excludeAll",
+				});
+				if (!manageSubscriptionRules[0]) return;
+
+				payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
+				console.log(payload);
+
+				isSubscribed = true;
+			}
 
 			if (!isSubscribed) {
 				this.httpUnauthorized(response, "User not subscribed");
 				return;
 			}
-	
+
 			const accessToken = this.authService.generateAccessToken(payload);
 			const refreshToken = this.authService.generateRefreshToken(payload);
 
@@ -176,21 +176,24 @@ export default class UserController extends ApiController {
 			}
 
 			let accessToken;
-			this.authService.verifyRefreshToken(token, (err, userPayload) => {
+			this.authService.verifyRefreshToken(token, async (err, userPayload) => {
 				if (err) {
 					console.log(err);
 					this.httpUnauthorized(response);
 					return;
 				}
 
-				const user = userPayload as IUserJwtPayload;
+				const openId = (userPayload as IUserJwtPayload).openId.userId;
+				if (!openId) return;
+				const newUserPayload = await this.authService.getUserJwtPayload(openId.toString(), PROVIDER_OPENID.idNot);
+				const user = newUserPayload as IUserJwtPayload;
 				delete user.iat;
 				delete user.exp;
 				accessToken = this.authService.generateAccessToken(user);
+				this.httpSuccess(response, { accessToken });
 			});
 
 			//success
-			this.httpSuccess(response, { accessToken });
 		} catch (error) {
 			console.log(error);
 			this.httpInternalError(response);
diff --git a/src/services/common/AuthService/AuthService.ts b/src/services/common/AuthService/AuthService.ts
index 6be3ae25..b3fa7591 100644
--- a/src/services/common/AuthService/AuthService.ts
+++ b/src/services/common/AuthService/AuthService.ts
@@ -8,7 +8,7 @@ import { ECustomerStatus } from "@prisma/client";
 import { Customer } from "le-coffre-resources/dist/Notary";
 import bcrypt from "bcrypt";
 
-enum PROVIDER_OPENID {
+export enum PROVIDER_OPENID {
 	idNot = "idNot",
 }
 

From 7d16243f3269e88b86a5d097e06f4732a736550c Mon Sep 17 00:00:00 2001
From: Vins <vincent.alamelle@smart-chain.fr>
Date: Wed, 24 Apr 2024 11:26:54 +0200
Subject: [PATCH 2/2] all fix

---
 src/app/api/idnot/UserController.ts | 63 ++++++++++-------------------
 1 file changed, 22 insertions(+), 41 deletions(-)

diff --git a/src/app/api/idnot/UserController.ts b/src/app/api/idnot/UserController.ts
index f8c43ba2..dc749489 100644
--- a/src/app/api/idnot/UserController.ts
+++ b/src/app/api/idnot/UserController.ts
@@ -46,8 +46,7 @@ export default class UserController extends ApiController {
 				return;
 			}
 
-			const user = await this.idNotService.getOrCreateUser(idNotToken);
-			console.log(user);
+			const user = await this.idNotService.getOrCreateUser(idNotToken);						
 
 			if (!user) {
 				this.httpUnauthorized(response, "User not found");
@@ -58,38 +57,29 @@ export default class UserController extends ApiController {
 
 			//Whitelist feature
 			//Get user with contact
-			const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true });
-			console.log(prismaUser);
+			const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true, office_membership: true});						
 
 			if (!prismaUser) {
 				this.httpNotFoundRequest(response, "user not found");
 				return;
-			}
-
+			}			
 			//Hydrate user to be able to use his contact
 			const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" });
-			console.log(userHydrated);
-
+					
 			if (!userHydrated.contact?.email || userHydrated.contact?.email === "") {
 				this.httpUnauthorized(response, "Email not found");
 				return;
 			}
 			let isSubscribed = false;
 
-			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });
-			console.log(subscriptions);
-
-			if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
-				console.log("no subscription");
-
+			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });	
+											
+			if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {				
 				isSubscribed = false;
-			} else if (subscriptions[0]?.type === EType.Unlimited) {
-				console.log("unlimited subscription");
-
+			}
+			else if (subscriptions[0]?.type === EType.Unlimited) {				
 				isSubscribed = true;
-			} else {
-				console.log("Seats");
-
+			} else {				
 				const hasSeat = await this.subscriptionsService.get({
 					where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } },
 				});
@@ -125,27 +115,18 @@ export default class UserController extends ApiController {
 
 			await this.idNotService.updateOffice(user.office_uid);
 
-			const payload = await this.authService.getUserJwtPayload(user.idNot);
-			if (!payload) return;
-
-			console.log(isSubscribed, userHydrated.role?.name);
-
-			if ((!isSubscribed && userHydrated.role?.name === "admin") || userHydrated.role?.name === "super-admin") {
-				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
-					where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
-					include: { rules: true },
-				});
-				console.log(manageSubscriptionRulesEntity);
-
-				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
-					strategy: "excludeAll",
-				});
-				if (!manageSubscriptionRules[0]) return;
-
-				payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
-				console.log(payload);
-
-				isSubscribed = true;
+			const payload = await this.authService.getUserJwtPayload(user.idNot);			
+			if(!payload) return;
+			
+			if(!isSubscribed && userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin"){
+				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, include: { rules: true } });
+				
+				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, { strategy: "excludeAll" });				
+				if(!manageSubscriptionRules[0]) return;
+	
+				payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];	
+							
+				isSubscribed = true;					
 			}
 
 			if (!isSubscribed) {