4nk/lecoffre-back
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛 fix faille refresh token

Browse Source
This commit is contained in:
Maxime Lalo 2024-04-29 15:23:42 +02:00
parent f68d527dc1
commit cb9c98f43f
2 changed files with 64 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/app/api/idnot/UserController.ts
View File

@ -8,9 +8,6 @@ import IdNotService from "@Services/common/IdNotService/IdNotService";
import User, { RulesGroup } from "le-coffre-resources/dist/Admin";
import UsersService from "@Services/super-admin/UsersService/UsersService";
import SubscriptionsService from "@Services/admin/SubscriptionsService/SubscriptionsService.ts";
import { ESubscriptionStatus } from "@prisma/client";
import SeatsService from "@Services/admin/SeatsService/SeatsService";
import { EType } from "le-coffre-resources/dist/Admin/Subscription";
import RulesGroupsService from "@Services/admin/RulesGroupsService/RulesGroupsService";
@Controller()
@ -21,7 +18,6 @@ export default class UserController extends ApiController {
private idNotService: IdNotService,
private userService: UsersService,
private subscriptionsService: SubscriptionsService,
private seatsService: SeatsService,
private rulesGroupsService: RulesGroupsService,
) {
super();
@ -71,35 +67,7 @@ export default class UserController extends ApiController {
this.httpUnauthorized(response, "Email not found");
return;
}
let isSubscribed = false;
const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });
if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
isSubscribed = false;
} else if (subscriptions[0]?.type === EType.Unlimited) {
isSubscribed = true;
} else {
const hasSeat = await this.subscriptionsService.get({
where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } },
});
if (hasSeat && hasSeat.length > 0) {
isSubscribed = true;
} else {
const nbMaxSeats = subscriptions[0]!.nb_seats;
const nbCurrentSeats = await this.seatsService.get({ where: { subscription_uid: subscriptions[0]!.uid } });
//if nbMaxSeats < nbCurrentSeats, create a new seat for the user
if (nbMaxSeats > nbCurrentSeats.length) {
const seatAdded = await this.seatsService.create(user.uid, subscriptions[0]!.uid);
if (seatAdded) {
isSubscribed = true;
}
}
}
}
let isSubscribed = await this.subscriptionsService.isUserSubscribed(user.uid, userHydrated.office_membership?.uid!);
//Check if user is whitelisted
// const isWhitelisted = await this.whitelistService.getByEmail(userHydrated.contact!.email);
@ -118,22 +86,7 @@ export default class UserController extends ApiController {
const payload = await this.authService.getUserJwtPayload(user.idNot);
if (!payload) return;
if (!isSubscribed && userHydrated.role?.name === "admin") {
const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
include: { rules: true },
});
const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
strategy: "excludeAll",
});
if (!manageSubscriptionRules[0]) return;
payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
isSubscribed = true;
}
if (!isSubscribed && userHydrated.role?.name === "super-admin") {
if (!isSubscribed && (userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin")) {
const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
include: { rules: true },
@ -186,11 +139,30 @@ export default class UserController extends ApiController {
const openId = (userPayload as IUserJwtPayload).openId.userId;
if (!openId) return;
const newUserPayload = await this.authService.getUserJwtPayload(openId.toString(), PROVIDER_OPENID.idNot);
const user = newUserPayload as IUserJwtPayload;
delete user.iat;
delete user.exp;
accessToken = this.authService.generateAccessToken(user);
const newUserPayload = (await this.authService.getUserJwtPayload(
openId.toString(),
PROVIDER_OPENID.idNot,
)) as IUserJwtPayload;
let isSubscribed = await this.subscriptionsService.isUserSubscribed(newUserPayload.userId, newUserPayload.office_Id);
if (!isSubscribed && (newUserPayload.role === "admin" || newUserPayload.role === "super-admin")) {
const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
include: { rules: true },
});
const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
strategy: "excludeAll",
});
if (!manageSubscriptionRules[0]) return;
newUserPayload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
isSubscribed = true;
}
delete newUserPayload.iat;
delete newUserPayload.exp;
accessToken = this.authService.generateAccessToken(newUserPayload);
this.httpSuccess(response, { accessToken });
});

40
src/services/admin/SubscriptionsService/SubscriptionsService.ts.ts
View File

@ -1,10 +1,11 @@
import BaseService from "@Services/BaseService";
import "reflect-metadata";
import { Service } from "typedi";
import { Prisma, Subscriptions } from "@prisma/client";
import { ESubscriptionStatus, Prisma, Subscriptions } from "@prisma/client";
import SubscriptionsRepository from "@Repositories/SubscriptionsRepository";
import { Subscription } from "le-coffre-resources/dist/Admin";
import SeatsService from "../SeatsService/SeatsService";
import { EType } from "le-coffre-resources/dist/Admin/Subscription";
@Service()
export default class SubscriptionsService extends BaseService {
@ -41,8 +42,8 @@ export default class SubscriptionsService extends BaseService {
* @throws {Error} If subscription cannot be modified
*/
public async update(uid: string, subscriptionEntity: Subscription): Promise<Subscriptions> {
if(subscriptionEntity.type === "STANDARD"){
const seats = await this.seatsService.get({ where: { subscription: { uid: uid } }, orderBy: {created_at: 'asc'} });
if (subscriptionEntity.type === "STANDARD") {
const seats = await this.seatsService.get({ where: { subscription: { uid: uid } }, orderBy: { created_at: "asc" } });
const seatsToKeep = subscriptionEntity.nb_seats;
const seatsToDelete = seats.slice(seatsToKeep);
@ -60,4 +61,37 @@ export default class SubscriptionsService extends BaseService {
public async delete(uid: string) {
return this.subscriptionsRepository.delete(uid);
}
public async isUserSubscribed(userUid: string, officeUid: string): Promise<boolean> {
let isSubscribed = false;
const subscriptions = await this.get({ where: { office_uid: officeUid } });
if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
isSubscribed = false;
} else if (subscriptions[0]?.type === EType.Unlimited) {
isSubscribed = true;
} else {
const hasSeat = await this.get({
where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userUid } } },
});
if (hasSeat && hasSeat.length > 0) {
isSubscribed = true;
} else {
const nbMaxSeats = subscriptions[0]!.nb_seats;
const nbCurrentSeats = await this.seatsService.get({ where: { subscription_uid: subscriptions[0]!.uid } });
//if nbMaxSeats < nbCurrentSeats, create a new seat for the user
if (nbMaxSeats > nbCurrentSeats.length) {
const seatAdded = await this.seatsService.create(userUid, subscriptions[0]!.uid);
if (seatAdded) {
isSubscribed = true;
}
}
}
}
return isSubscribed;
}
}