🐛 fix faille refresh token

src/app/api/idnot/UserController.ts

@@ -8,9 +8,6 @@ import IdNotService from "@Services/common/IdNotService/IdNotService";
 import User, { RulesGroup } from "le-coffre-resources/dist/Admin";
 import UsersService from "@Services/super-admin/UsersService/UsersService";
 import SubscriptionsService from "@Services/admin/SubscriptionsService/SubscriptionsService.ts";
-import { ESubscriptionStatus } from "@prisma/client";
-import SeatsService from "@Services/admin/SeatsService/SeatsService";
-import { EType } from "le-coffre-resources/dist/Admin/Subscription";
 import RulesGroupsService from "@Services/admin/RulesGroupsService/RulesGroupsService";
 
 @Controller()
@@ -21,7 +18,6 @@ export default class UserController extends ApiController {
 		private idNotService: IdNotService,
 		private userService: UsersService,
 		private subscriptionsService: SubscriptionsService,
-		private seatsService: SeatsService,
 		private rulesGroupsService: RulesGroupsService,
 	) {
 		super();
@@ -71,35 +67,7 @@ export default class UserController extends ApiController {
 				this.httpUnauthorized(response, "Email not found");
 				return;
 			}
-			let isSubscribed = false;
+			let isSubscribed = await this.subscriptionsService.isUserSubscribed(user.uid, userHydrated.office_membership?.uid!);
-
-			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });
-
-			if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
-				isSubscribed = false;
-			} else if (subscriptions[0]?.type === EType.Unlimited) {
-				isSubscribed = true;
-			} else {
-				const hasSeat = await this.subscriptionsService.get({
-					where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } },
-				});
-
-				if (hasSeat && hasSeat.length > 0) {
-					isSubscribed = true;
-				} else {
-					const nbMaxSeats = subscriptions[0]!.nb_seats;
-
-					const nbCurrentSeats = await this.seatsService.get({ where: { subscription_uid: subscriptions[0]!.uid } });
-
-					//if nbMaxSeats < nbCurrentSeats, create a new seat for the user
-					if (nbMaxSeats > nbCurrentSeats.length) {
-						const seatAdded = await this.seatsService.create(user.uid, subscriptions[0]!.uid);
-						if (seatAdded) {
-							isSubscribed = true;
-						}
-					}
-				}
-			}
 
 			//Check if user is whitelisted
 			// const isWhitelisted = await this.whitelistService.getByEmail(userHydrated.contact!.email);
@@ -118,22 +86,7 @@ export default class UserController extends ApiController {
 			const payload = await this.authService.getUserJwtPayload(user.idNot);
 			if (!payload) return;
 
-			if (!isSubscribed && userHydrated.role?.name === "admin") {
+			if (!isSubscribed && (userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin")) {
-				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
-					where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
-					include: { rules: true },
-				});
-
-				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
-					strategy: "excludeAll",
-				});
-				if (!manageSubscriptionRules[0]) return;
-
-				payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
-
-				isSubscribed = true;
-			}
-			if (!isSubscribed && userHydrated.role?.name === "super-admin") {
 				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
 					where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
 					include: { rules: true },
@@ -186,11 +139,30 @@ export default class UserController extends ApiController {
 
 				const openId = (userPayload as IUserJwtPayload).openId.userId;
 				if (!openId) return;
-				const newUserPayload = await this.authService.getUserJwtPayload(openId.toString(), PROVIDER_OPENID.idNot);
+				const newUserPayload = (await this.authService.getUserJwtPayload(
-				const user = newUserPayload as IUserJwtPayload;
+					openId.toString(),
-				delete user.iat;
+					PROVIDER_OPENID.idNot,
-				delete user.exp;
+				)) as IUserJwtPayload;
-				accessToken = this.authService.generateAccessToken(user);
+				let isSubscribed = await this.subscriptionsService.isUserSubscribed(newUserPayload.userId, newUserPayload.office_Id);
+
+				if (!isSubscribed && (newUserPayload.role === "admin" || newUserPayload.role === "super-admin")) {
+					const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
+						where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
+						include: { rules: true },
+					});
+
+					const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
+						strategy: "excludeAll",
+					});
+					if (!manageSubscriptionRules[0]) return;
+
+					newUserPayload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
+
+					isSubscribed = true;
+				}
+				delete newUserPayload.iat;
+				delete newUserPayload.exp;
+				accessToken = this.authService.generateAccessToken(newUserPayload);
 				this.httpSuccess(response, { accessToken });
 			});
 

src/services/admin/SubscriptionsService/SubscriptionsService.ts.ts

@@ -1,10 +1,11 @@
 import BaseService from "@Services/BaseService";
 import "reflect-metadata";
 import { Service } from "typedi";
-import { Prisma, Subscriptions } from "@prisma/client";
+import { ESubscriptionStatus, Prisma, Subscriptions } from "@prisma/client";
 import SubscriptionsRepository from "@Repositories/SubscriptionsRepository";
 import { Subscription } from "le-coffre-resources/dist/Admin";
 import SeatsService from "../SeatsService/SeatsService";
+import { EType } from "le-coffre-resources/dist/Admin/Subscription";
 
 @Service()
 export default class SubscriptionsService extends BaseService {
@@ -41,8 +42,8 @@ export default class SubscriptionsService extends BaseService {
 	 * @throws {Error} If subscription cannot be modified
 	 */
 	public async update(uid: string, subscriptionEntity: Subscription): Promise<Subscriptions> {
-		if(subscriptionEntity.type === "STANDARD"){
+		if (subscriptionEntity.type === "STANDARD") {
-			const seats = await this.seatsService.get({ where: { subscription: { uid: uid } }, orderBy: {created_at: 'asc'} });
+			const seats = await this.seatsService.get({ where: { subscription: { uid: uid } }, orderBy: { created_at: "asc" } });
 			const seatsToKeep = subscriptionEntity.nb_seats;
 			const seatsToDelete = seats.slice(seatsToKeep);
 
@@ -60,4 +61,37 @@ export default class SubscriptionsService extends BaseService {
 	public async delete(uid: string) {
 		return this.subscriptionsRepository.delete(uid);
 	}
+
+	public async isUserSubscribed(userUid: string, officeUid: string): Promise<boolean> {
+		let isSubscribed = false;
+
+		const subscriptions = await this.get({ where: { office_uid: officeUid } });
+
+		if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
+			isSubscribed = false;
+		} else if (subscriptions[0]?.type === EType.Unlimited) {
+			isSubscribed = true;
+		} else {
+			const hasSeat = await this.get({
+				where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userUid } } },
+			});
+
+			if (hasSeat && hasSeat.length > 0) {
+				isSubscribed = true;
+			} else {
+				const nbMaxSeats = subscriptions[0]!.nb_seats;
+
+				const nbCurrentSeats = await this.seatsService.get({ where: { subscription_uid: subscriptions[0]!.uid } });
+
+				//if nbMaxSeats < nbCurrentSeats, create a new seat for the user
+				if (nbMaxSeats > nbCurrentSeats.length) {
+					const seatAdded = await this.seatsService.create(userUid, subscriptions[0]!.uid);
+					if (seatAdded) {
+						isSubscribed = true;
+					}
+				}
+			}
+		}
+		return isSubscribed;
+	}
 }