Merge pull request #288 from chaynHQ/develop

Release therapy email case sensitivity fix, cypress delete user route and better error handling
chaynHQ · May 29, 2023 · 3a10ae7 · 3a10ae7
2 parents 77d4965 + d5b142c
commit 3a10ae7
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 14 deletions.
diff --git a/src/partner-admin/super-admin-auth.guard.ts b/src/partner-admin/super-admin-auth.guard.ts
@@ -1,4 +1,10 @@
-import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import {
+  CanActivate,
+  ExecutionContext,
+  HttpException,
+  HttpStatus,
+  Injectable,
+} from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Request } from 'express';
 import { AuthService } from '../auth/auth.service';
@@ -17,13 +23,34 @@ export class SuperAdminAuthGuard implements CanActivate {
     const { authorization } = request.headers;
 
     if (!authorization) {
-      throw new UnauthorizedException('Unauthorized: missing required Authorization token');
+      throw new HttpException(
+        `SuperAdminAuthGuard: Unauthorised missing Authorization token`,
+        HttpStatus.UNAUTHORIZED,
+      );
     }
+    let userUid;
+    try {
+      const { uid } = await this.authService.parseAuth(authorization);
+      userUid = uid;
+    } catch (error) {
+      if (error.code === 'auth/id-token-expired') {
+        throw new HttpException(`SuperAdminAuthGuard - ${error}`, HttpStatus.UNAUTHORIZED);
+      }
 
-    const { uid } = await this.authService.parseAuth(authorization);
-
-    const user = await this.usersRepository.findOne({ firebaseUid: uid });
+      throw new HttpException(
+        `SuperAdminAuthGuard - Error parsing firebase user: ${error}`,
+        HttpStatus.INTERNAL_SERVER_ERROR,
+      );
+    }
+    try {
+      const user = await this.usersRepository.findOne({ firebaseUid: userUid });
 
-    return !!user.isSuperAdmin && user.email.indexOf('@chayn.co') !== -1;
+      return !!user.isSuperAdmin && user.email.indexOf('@chayn.co') !== -1;
+    } catch (error) {
+      throw new HttpException(
+        `SuperAdminAuthGuard - Error finding user: ${error}`,
+        HttpStatus.INTERNAL_SERVER_ERROR,
+      );
+    }
   }
 }
diff --git a/src/user/user.controller.ts b/src/user/user.controller.ts
@@ -50,6 +50,13 @@ export class UserController {
   async deleteUser(@Req() req: Request): Promise<string> {
     return await this.userService.deleteUser(req['user'] as GetUserDto);
   }
+  // This route must go before the Delete user route below as we want nestjs to check against this one first
+  @ApiBearerAuth('access-token')
+  @Delete('/cypress')
+  @UseGuards(SuperAdminAuthGuard)
+  async deleteCypressUsers(): Promise<UserEntity[]> {
+    return await this.userService.deleteCypressTestUsers();
+  }
 
   @ApiBearerAuth()
   @Delete(':id')
@@ -59,13 +66,6 @@ export class UserController {
     return await this.userService.deleteUserById(id);
   }
 
-  @ApiBearerAuth('access-token')
-  @Delete('/cypress')
-  @UseGuards(SuperAdminAuthGuard)
-  async deleteCypressUsers(): Promise<UserEntity[]> {
-    return await this.userService.deleteCypressTestUsers();
-  }
-
   @ApiBearerAuth()
   @Put()
   @UseGuards(FirebaseAuthGuard)

diff --git a/src/webhooks/webhooks.service.ts b/src/webhooks/webhooks.service.ts
@@ -148,7 +148,10 @@ export class WebhooksService {
   async updatePartnerAccessTherapy(
     simplyBookDto: SimplybookBodyDto,
   ): Promise<TherapySessionEntity> {
-    const { action, client_email, booking_code } = simplyBookDto;
+    const { action, booking_code } = simplyBookDto;
+    // this ensures that the client email can be matched against the db which contains lower case emails
+    const client_email = simplyBookDto.client_email.toLowerCase();
+
     this.logger.log(
       `UpdatePartnerAccessService method initiated for ${action} - ${client_email} - ${booking_code}`,
     );