Skip to content

Commit

Permalink
feat: removing sensative info from leasing agent (#3409)
Browse files Browse the repository at this point in the history 
* feat: removing sensative info from leasing agent

* fix: adding swagger changes

* fix: updates for tests
  • Loading branch information
@YazeedLoonat
YazeedLoonat committed Apr 20, 2023
1 parent cb48ea7 commit b66fa19
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 60 deletions.
14 changes: 14 additions & 0 deletions backend/core/src/auth/dto/user-basic.dto.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,20 @@ export class UserBasicDto extends OmitType(User, [
"jurisdictions",
"mfaCode",
"mfaCodeUpdatedAt",
"passwordUpdatedAt",
"confirmedAt",
"createdAt",
"updatedAt",
"mfaEnabled",
"lastLoginAt",
"failedLoginAttemptsCount",
"phoneNumberVerified",
"agreedToTermsOfService",
"hitConfirmationURL",
"activeAccessToken",
"activeRefreshToken",
"dob",
"passwordValidForDays",
] as const) {
@Expose()
@IsDefined({ groups: [ValidationsGroupsEnum.default] })
Expand Down
6 changes: 1 addition & 5 deletions backend/core/src/main.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,7 @@ async function bootstrap() {
process.exit(1)
}
}
const options = new DocumentBuilder()
.setTitle("Bloom API")
.setVersion("1.0")
.addBearerAuth()
.build()
const options = new DocumentBuilder().setTitle("Bloom API").setVersion("1.0").build()
const document = SwaggerModule.createDocument(app, options)
SwaggerModule.setup("docs", app, document)
const configService: ConfigService = app.get(ConfigService)
Expand Down
34 changes: 21 additions & 13 deletions backend/core/test/user/user.e2e-spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,10 @@ describe("UsersService", () => {
.send(userCreateDto)
.expect(201)

expect(userCreateResponse.body.confirmedAt).toBe(null)
const userRepository = await app.resolve<UserRepository>(UserRepository)
const user = await userRepository.findById(userCreateResponse.body.id)

expect(user.confirmedAt).toBe(null)

// Not confirmed user should not be able to log in
await supertest(app.getHttpServer())
Expand All @@ -156,7 +159,7 @@ describe("UsersService", () => {
.put(`/user/${userCreateResponse.body.id}`)
.set(...setAuthorization(adminAccessToken))
.send({
...userCreateResponse.body,
...user,
confirmedAt: new Date(),
})
.expect(200)
Expand All @@ -171,7 +174,7 @@ describe("UsersService", () => {
await supertest(app.getHttpServer())
.put(`/user/${userCreateResponse.body.id}`)
.send({
...userCreateResponse.body,
...user,
confirmedAt: new Date(),
})
.set(...setAuthorization(getTokenFromCookie(userLoginResponse)))
Expand All @@ -197,9 +200,8 @@ describe("UsersService", () => {
expect(mockWelcome.mock.calls.length).toBe(1)
expect(res.body).toHaveProperty("id")
expect(res.body).not.toHaveProperty("passwordHash")
expect(res.body).toHaveProperty("passwordUpdatedAt")
expect(res.body).toHaveProperty("passwordValidForDays")
expect(res.body.passwordValidForDays).toBe(180)
expect(res.body).not.toHaveProperty("passwordUpdatedAt")
expect(res.body).not.toHaveProperty("passwordValidForDays")
})

it("should not allow user to sign in before confirming the account", async () => {
Expand Down Expand Up @@ -476,7 +478,7 @@ describe("UsersService", () => {
createdAt: userCreateResponse.body.createdAt,
updatedAt: userCreateResponse.body.updatedAt,
jurisdictions: userCreateResponse.body.jurisdictions,
...userCreateDto,
...user,
currentPassword: userCreateDto.password,
firstName: "NewFirstName",
phoneNumber: "+12025550194",
Expand Down Expand Up @@ -694,11 +696,14 @@ describe("UsersService", () => {
expect(res.body).toHaveProperty("email")
expect(res.body.email).toBe("testinglowercasing@lowercasing.com")

const userRepository = await app.resolve<UserRepository>(UserRepository)
const user = await userRepository.findById(res.body.id)

const confirmation = await supertest(app.getHttpServer())
.put(`/user/${res.body.id}`)
.set(...setAuthorization(adminAccessToken))
.send({
...res.body,
...user,
confirmedAt: new Date(),
})
.expect(200)
Expand All @@ -723,7 +728,7 @@ describe("UsersService", () => {
dob: new Date(),
}

const res = await supertest(app.getHttpServer())
await supertest(app.getHttpServer())
.post(`/user/`)
.set("jurisdictionName", "Alameda")
.send(userCreateDto)
Expand All @@ -745,7 +750,7 @@ describe("UsersService", () => {
const newEmail = "test+confirm@example.com"
await supertest(app.getHttpServer())
.put(`/userProfile/${user.id}`)
.send({ ...res.body, newEmail, appUrl: "http://localhost" })
.send({ ...user, newEmail, appUrl: "http://localhost" })
.set(...setAuthorization(userAccessToken))
.expect(200)

Expand Down Expand Up @@ -984,11 +989,15 @@ describe("UsersService", () => {
.set("jurisdictionName", "Alameda")
.send(userCreateDto)
.expect(201)

const userRepository = await app.resolve<UserRepository>(UserRepository)
let user = await userRepository.findByEmail(userCreateDto.email)

await supertest(app.getHttpServer())
.put(`/user/${userCreateResponse.body.id}`)
.set(...setAuthorization(adminAccessToken))
.send({
...userCreateResponse.body,
...user,
confirmedAt: new Date(),
})
.expect(200)
Expand Down Expand Up @@ -1025,8 +1034,7 @@ describe("UsersService", () => {
.send({ email: userCreateDto.email, password: userCreateDto.password })
.expect(429)

const userRepository = await app.resolve<UserRepository>(UserRepository)
const user = await userRepository.findByEmail(userCreateDto.email)
user = await userRepository.findByEmail(userCreateDto.email)
user.lastLoginAt = dayjs(new Date()).subtract(31, "minutes").toDate()
await usersRepository.save(user)

Expand Down
42 changes: 0 additions & 42 deletions backend/core/types/src/backend-swagger.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3909,15 +3909,6 @@ export interface UserBasic {
/** */
id: string

/** */
passwordUpdatedAt: Date

/** */
passwordValidForDays: number

/** */
confirmedAt?: Date

/** */
email: string

Expand All @@ -3930,41 +3921,8 @@ export interface UserBasic {
/** */
lastName: string

/** */
dob?: Date

/** */
phoneNumber?: string

/** */
createdAt: Date

/** */
updatedAt: Date

/** */
mfaEnabled?: boolean

/** */
lastLoginAt?: Date

/** */
failedLoginAttemptsCount?: number

/** */
phoneNumberVerified?: boolean

/** */
agreedToTermsOfService: boolean

/** */
hitConfirmationURL?: Date

/** */
activeAccessToken?: string

/** */
activeRefreshToken?: string
}

export interface Email {
Expand Down

0 comments on commit b66fa19

Please sign in to comment.