From cb9c98f43fb0280bae0382552d43fdaa22a8bed7 Mon Sep 17 00:00:00 2001 From: Maxime Lalo Date: Mon, 29 Apr 2024 15:23:42 +0200 Subject: [PATCH] :bug: fix faille refresh token --- src/app/api/idnot/UserController.ts | 80 ++++++------------- .../SubscriptionsService.ts.ts | 42 +++++++++- 2 files changed, 64 insertions(+), 58 deletions(-) diff --git a/src/app/api/idnot/UserController.ts b/src/app/api/idnot/UserController.ts index 69227cde..36d6ed57 100644 --- a/src/app/api/idnot/UserController.ts +++ b/src/app/api/idnot/UserController.ts @@ -8,9 +8,6 @@ import IdNotService from "@Services/common/IdNotService/IdNotService"; import User, { RulesGroup } from "le-coffre-resources/dist/Admin"; import UsersService from "@Services/super-admin/UsersService/UsersService"; import SubscriptionsService from "@Services/admin/SubscriptionsService/SubscriptionsService.ts"; -import { ESubscriptionStatus } from "@prisma/client"; -import SeatsService from "@Services/admin/SeatsService/SeatsService"; -import { EType } from "le-coffre-resources/dist/Admin/Subscription"; import RulesGroupsService from "@Services/admin/RulesGroupsService/RulesGroupsService"; @Controller() @@ -21,7 +18,6 @@ export default class UserController extends ApiController { private idNotService: IdNotService, private userService: UsersService, private subscriptionsService: SubscriptionsService, - private seatsService: SeatsService, private rulesGroupsService: RulesGroupsService, ) { super(); @@ -71,35 +67,7 @@ export default class UserController extends ApiController { this.httpUnauthorized(response, "Email not found"); return; } - let isSubscribed = false; - - const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } }); - - if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) { - isSubscribed = false; - } else if (subscriptions[0]?.type === EType.Unlimited) { - isSubscribed = true; - } else { - const hasSeat = await this.subscriptionsService.get({ - where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } }, - }); - - if (hasSeat && hasSeat.length > 0) { - isSubscribed = true; - } else { - const nbMaxSeats = subscriptions[0]!.nb_seats; - - const nbCurrentSeats = await this.seatsService.get({ where: { subscription_uid: subscriptions[0]!.uid } }); - - //if nbMaxSeats < nbCurrentSeats, create a new seat for the user - if (nbMaxSeats > nbCurrentSeats.length) { - const seatAdded = await this.seatsService.create(user.uid, subscriptions[0]!.uid); - if (seatAdded) { - isSubscribed = true; - } - } - } - } + let isSubscribed = await this.subscriptionsService.isUserSubscribed(user.uid, userHydrated.office_membership?.uid!); //Check if user is whitelisted // const isWhitelisted = await this.whitelistService.getByEmail(userHydrated.contact!.email); @@ -118,22 +86,7 @@ export default class UserController extends ApiController { const payload = await this.authService.getUserJwtPayload(user.idNot); if (!payload) return; - if (!isSubscribed && userHydrated.role?.name === "admin") { - const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ - where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, - include: { rules: true }, - }); - - const manageSubscriptionRules = RulesGroup.hydrateArray(manageSubscriptionRulesEntity, { - strategy: "excludeAll", - }); - if (!manageSubscriptionRules[0]) return; - - payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || []; - - isSubscribed = true; - } - if (!isSubscribed && userHydrated.role?.name === "super-admin") { + if (!isSubscribed && (userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin")) { const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, include: { rules: true }, @@ -186,11 +139,30 @@ export default class UserController extends ApiController { const openId = (userPayload as IUserJwtPayload).openId.userId; if (!openId) return; - const newUserPayload = await this.authService.getUserJwtPayload(openId.toString(), PROVIDER_OPENID.idNot); - const user = newUserPayload as IUserJwtPayload; - delete user.iat; - delete user.exp; - accessToken = this.authService.generateAccessToken(user); + const newUserPayload = (await this.authService.getUserJwtPayload( + openId.toString(), + PROVIDER_OPENID.idNot, + )) as IUserJwtPayload; + let isSubscribed = await this.subscriptionsService.isUserSubscribed(newUserPayload.userId, newUserPayload.office_Id); + + if (!isSubscribed && (newUserPayload.role === "admin" || newUserPayload.role === "super-admin")) { + const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ + where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, + include: { rules: true }, + }); + + const manageSubscriptionRules = RulesGroup.hydrateArray(manageSubscriptionRulesEntity, { + strategy: "excludeAll", + }); + if (!manageSubscriptionRules[0]) return; + + newUserPayload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || []; + + isSubscribed = true; + } + delete newUserPayload.iat; + delete newUserPayload.exp; + accessToken = this.authService.generateAccessToken(newUserPayload); this.httpSuccess(response, { accessToken }); }); diff --git a/src/services/admin/SubscriptionsService/SubscriptionsService.ts.ts b/src/services/admin/SubscriptionsService/SubscriptionsService.ts.ts index 77120e70..78b1696e 100644 --- a/src/services/admin/SubscriptionsService/SubscriptionsService.ts.ts +++ b/src/services/admin/SubscriptionsService/SubscriptionsService.ts.ts @@ -1,10 +1,11 @@ import BaseService from "@Services/BaseService"; import "reflect-metadata"; import { Service } from "typedi"; -import { Prisma, Subscriptions } from "@prisma/client"; +import { ESubscriptionStatus, Prisma, Subscriptions } from "@prisma/client"; import SubscriptionsRepository from "@Repositories/SubscriptionsRepository"; import { Subscription } from "le-coffre-resources/dist/Admin"; import SeatsService from "../SeatsService/SeatsService"; +import { EType } from "le-coffre-resources/dist/Admin/Subscription"; @Service() export default class SubscriptionsService extends BaseService { @@ -40,9 +41,9 @@ export default class SubscriptionsService extends BaseService { * @description : Modify a subscription * @throws {Error} If subscription cannot be modified */ - public async update(uid: string, subscriptionEntity: Subscription): Promise { - if(subscriptionEntity.type === "STANDARD"){ - const seats = await this.seatsService.get({ where: { subscription: { uid: uid } }, orderBy: {created_at: 'asc'} }); + public async update(uid: string, subscriptionEntity: Subscription): Promise { + if (subscriptionEntity.type === "STANDARD") { + const seats = await this.seatsService.get({ where: { subscription: { uid: uid } }, orderBy: { created_at: "asc" } }); const seatsToKeep = subscriptionEntity.nb_seats; const seatsToDelete = seats.slice(seatsToKeep); @@ -60,4 +61,37 @@ export default class SubscriptionsService extends BaseService { public async delete(uid: string) { return this.subscriptionsRepository.delete(uid); } + + public async isUserSubscribed(userUid: string, officeUid: string): Promise { + let isSubscribed = false; + + const subscriptions = await this.get({ where: { office_uid: officeUid } }); + + if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) { + isSubscribed = false; + } else if (subscriptions[0]?.type === EType.Unlimited) { + isSubscribed = true; + } else { + const hasSeat = await this.get({ + where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userUid } } }, + }); + + if (hasSeat && hasSeat.length > 0) { + isSubscribed = true; + } else { + const nbMaxSeats = subscriptions[0]!.nb_seats; + + const nbCurrentSeats = await this.seatsService.get({ where: { subscription_uid: subscriptions[0]!.uid } }); + + //if nbMaxSeats < nbCurrentSeats, create a new seat for the user + if (nbMaxSeats > nbCurrentSeats.length) { + const seatAdded = await this.seatsService.create(userUid, subscriptions[0]!.uid); + if (seatAdded) { + isSubscribed = true; + } + } + } + } + return isSubscribed; + } }