From f27c6b9dd63e801eb3b1cfeefb27f43357c67654 Mon Sep 17 00:00:00 2001
From: Anand Chowdhary <mail@anandchowdhary.com>
Date: Fri, 23 Oct 2020 18:51:13 +0530
Subject: [PATCH] :bug: Ensure result exists before accessing user

---
 src/modules/access-tokens/access-tokens.service.ts | 8 +++++++-
 src/modules/emails/emails.service.ts               | 4 +++-
 src/modules/memberships/memberships.service.ts     | 4 +++-
 src/modules/sessions/sessions.service.ts           | 4 ++++
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/modules/access-tokens/access-tokens.service.ts b/src/modules/access-tokens/access-tokens.service.ts
index 25c36a436..65faacab4 100644
--- a/src/modules/access-tokens/access-tokens.service.ts
+++ b/src/modules/access-tokens/access-tokens.service.ts
@@ -57,9 +57,9 @@ export class AccessTokensService {
     const accessToken = await this.prisma.accessTokens.findOne({
       where: { id },
     });
-    if (accessToken.userId !== userId) throw new UnauthorizedException();
     if (!accessToken)
       throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
+    if (accessToken.userId !== userId) throw new UnauthorizedException();
     return this.prisma.expose<accessTokens>(accessToken);
   }
 
@@ -71,6 +71,8 @@ export class AccessTokensService {
     const testAccessToken = await this.prisma.accessTokens.findOne({
       where: { id },
     });
+    if (!testAccessToken)
+      throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
     if (testAccessToken.userId !== userId) throw new UnauthorizedException();
     const accessToken = await this.prisma.accessTokens.update({
       where: { id },
@@ -87,6 +89,8 @@ export class AccessTokensService {
     const testAccessToken = await this.prisma.accessTokens.findOne({
       where: { id },
     });
+    if (!testAccessToken)
+      throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
     if (testAccessToken.userId !== userId) throw new UnauthorizedException();
     const accessToken = await this.prisma.accessTokens.update({
       where: { id },
@@ -102,6 +106,8 @@ export class AccessTokensService {
     const testAccessToken = await this.prisma.accessTokens.findOne({
       where: { id },
     });
+    if (!testAccessToken)
+      throw new HttpException('AccessToken not found', HttpStatus.NOT_FOUND);
     if (testAccessToken.userId !== userId) throw new UnauthorizedException();
     const accessToken = await this.prisma.accessTokens.delete({
       where: { id },
diff --git a/src/modules/emails/emails.service.ts b/src/modules/emails/emails.service.ts
index d17011333..b8528d875 100644
--- a/src/modules/emails/emails.service.ts
+++ b/src/modules/emails/emails.service.ts
@@ -61,9 +61,9 @@ export class EmailsService {
     const email = await this.prisma.emails.findOne({
       where: { id },
     });
-    if (email.userId !== userId) throw new UnauthorizedException();
     if (!email)
       throw new HttpException('Email not found', HttpStatus.NOT_FOUND);
+    if (email.userId !== userId) throw new UnauthorizedException();
     return this.prisma.expose<emails>(email);
   }
 
@@ -71,6 +71,8 @@ export class EmailsService {
     const testEmail = await this.prisma.emails.findOne({
       where: { id },
     });
+    if (!testEmail)
+      throw new HttpException('Email not found', HttpStatus.NOT_FOUND);
     if (testEmail.userId !== userId) throw new UnauthorizedException();
     const email = await this.prisma.emails.delete({
       where: { id },
diff --git a/src/modules/memberships/memberships.service.ts b/src/modules/memberships/memberships.service.ts
index 35f3eaef2..96ef04a11 100644
--- a/src/modules/memberships/memberships.service.ts
+++ b/src/modules/memberships/memberships.service.ts
@@ -46,9 +46,9 @@ export class MembershipsService {
       where: { id },
       include: { group: true },
     });
-    if (membership.userId !== userId) throw new UnauthorizedException();
     if (!membership)
       throw new HttpException('Membership not found', HttpStatus.NOT_FOUND);
+    if (membership.userId !== userId) throw new UnauthorizedException();
     return this.prisma.expose<memberships>(membership);
   }
 
@@ -59,6 +59,8 @@ export class MembershipsService {
     const testMembership = await this.prisma.memberships.findOne({
       where: { id },
     });
+    if (!testMembership)
+      throw new HttpException('Membership not found', HttpStatus.NOT_FOUND);
     if (testMembership.userId !== userId) throw new UnauthorizedException();
     await this.verifyDeleteMembership(testMembership.groupId, id);
     const membership = await this.prisma.memberships.delete({
diff --git a/src/modules/sessions/sessions.service.ts b/src/modules/sessions/sessions.service.ts
index dd6cbd440..d920bed4d 100644
--- a/src/modules/sessions/sessions.service.ts
+++ b/src/modules/sessions/sessions.service.ts
@@ -44,6 +44,8 @@ export class SessionsService {
     const session = await this.prisma.sessions.findOne({
       where: { id },
     });
+    if (!session)
+      throw new HttpException('Session not found', HttpStatus.NOT_FOUND);
     if (session.userId !== userId) throw new UnauthorizedException();
     if (!session)
       throw new HttpException('Session not found', HttpStatus.NOT_FOUND);
@@ -54,6 +56,8 @@ export class SessionsService {
     const testSession = await this.prisma.sessions.findOne({
       where: { id },
     });
+    if (!testSession)
+      throw new HttpException('Session not found', HttpStatus.NOT_FOUND);
     if (testSession.userId !== userId) throw new UnauthorizedException();
     const session = await this.prisma.sessions.delete({
       where: { id },