Skip to content
This repository has been archived by the owner on Apr 19, 2023. It is now read-only.

Commit

Permalink
🐛 Ensure result exists before accessing user
Browse files Browse the repository at this point in the history
  • Loading branch information
@AnandChowdhary
AnandChowdhary committed Oct 23, 2020
1 parent f7082e0 commit f27c6b9
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 3 deletions.
8 changes: 7 additions & 1 deletion src/modules/access-tokens/access-tokens.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,9 @@ export class AccessTokensService {
const accessToken = await this.prisma.accessTokens.findOne({
where: { id },
});
if (accessToken.userId !== userId) throw new UnauthorizedException();
if (!accessToken)
throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
if (accessToken.userId !== userId) throw new UnauthorizedException();
return this.prisma.expose<accessTokens>(accessToken);
}

Expand All @@ -71,6 +71,8 @@ export class AccessTokensService {
const testAccessToken = await this.prisma.accessTokens.findOne({
where: { id },
});
if (!testAccessToken)
throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
if (testAccessToken.userId !== userId) throw new UnauthorizedException();
const accessToken = await this.prisma.accessTokens.update({
where: { id },
Expand All @@ -87,6 +89,8 @@ export class AccessTokensService {
const testAccessToken = await this.prisma.accessTokens.findOne({
where: { id },
});
if (!testAccessToken)
throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
if (testAccessToken.userId !== userId) throw new UnauthorizedException();
const accessToken = await this.prisma.accessTokens.update({
where: { id },
Expand All @@ -102,6 +106,8 @@ export class AccessTokensService {
const testAccessToken = await this.prisma.accessTokens.findOne({
where: { id },
});
if (!testAccessToken)
throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
if (testAccessToken.userId !== userId) throw new UnauthorizedException();
const accessToken = await this.prisma.accessTokens.delete({
where: { id },
Expand Down
4 changes: 3 additions & 1 deletion src/modules/emails/emails.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,16 +61,18 @@ export class EmailsService {
const email = await this.prisma.emails.findOne({
where: { id },
});
if (email.userId !== userId) throw new UnauthorizedException();
if (!email)
throw new HttpException('Email not found', HttpStatus.NOT_FOUND);
if (email.userId !== userId) throw new UnauthorizedException();
return this.prisma.expose<emails>(email);
}

async deleteEmail(userId: number, id: number): Promise<Expose<emails>> {
const testEmail = await this.prisma.emails.findOne({
where: { id },
});
if (!testEmail)
throw new HttpException('Email not found', HttpStatus.NOT_FOUND);
if (testEmail.userId !== userId) throw new UnauthorizedException();
const email = await this.prisma.emails.delete({
where: { id },
Expand Down
4 changes: 3 additions & 1 deletion src/modules/memberships/memberships.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@ export class MembershipsService {
where: { id },
include: { group: true },
});
if (membership.userId !== userId) throw new UnauthorizedException();
if (!membership)
throw new HttpException('Membership not found', HttpStatus.NOT_FOUND);
if (membership.userId !== userId) throw new UnauthorizedException();
return this.prisma.expose<memberships>(membership);
}

Expand All @@ -59,6 +59,8 @@ export class MembershipsService {
const testMembership = await this.prisma.memberships.findOne({
where: { id },
});
if (!testMembership)
throw new HttpException('Membership not found', HttpStatus.NOT_FOUND);
if (testMembership.userId !== userId) throw new UnauthorizedException();
await this.verifyDeleteMembership(testMembership.groupId, id);
const membership = await this.prisma.memberships.delete({
Expand Down
4 changes: 4 additions & 0 deletions src/modules/sessions/sessions.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ export class SessionsService {
const session = await this.prisma.sessions.findOne({
where: { id },
});
if (!session)
throw new HttpException('Session not found', HttpStatus.NOT_FOUND);
if (session.userId !== userId) throw new UnauthorizedException();
if (!session)
throw new HttpException('Session not found', HttpStatus.NOT_FOUND);
Expand All @@ -54,6 +56,8 @@ export class SessionsService {
const testSession = await this.prisma.sessions.findOne({
where: { id },
});
if (!testSession)
throw new HttpException('Session not found', HttpStatus.NOT_FOUND);
if (testSession.userId !== userId) throw new UnauthorizedException();
const session = await this.prisma.sessions.delete({
where: { id },
Expand Down

0 comments on commit f27c6b9

Please sign in to comment.