Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 | 1x 1x 1x 1x 1x 1x 1x 1x 20x 20x 20x 20x 20x 3x 3x 2x 1x 8x 8x 1x 7x 1x 6x 6x 1x 1x 5x 5x 1x 6x 6x 1x 5x 5x 5x 4x 4x 4x 1x | import {
HttpException,
Injectable,
InternalServerErrorException,
Logger,
UnauthorizedException,
} from '@nestjs/common'
import { compare } from 'bcrypt'
import { ObjectId } from 'mongoose'
import { AuthService } from '../auth/auth.service'
import { MailData } from '../db/entities/mail-event.entity'
import { LastWillDBService } from '../db/services/lastwill.service'
import { UserDBService } from '../db/services/user.service'
import { MailTemplates } from '../mail/interfaces/mail.interface'
import { MailScheduleService } from '../mail/services/scheduler.service'
@Injectable()
export class ProfileService {
private readonly logger = new Logger(ProfileService.name)
constructor(
private readonly userService: UserDBService,
private readonly authService: AuthService,
private readonly mailService: MailScheduleService,
private readonly lastwillDbService: LastWillDBService,
) {}
async updatePassword(id: ObjectId, oldPassword: string, newPassword: string) {
// Verify that old password is right
const user = await this.userService.findOneById(id)
if (!user || !(await compare(oldPassword, user.password))) {
throw new UnauthorizedException(
'This is not allowed...either you do not exist or the provided password was invalid',
)
}
await this.userService.updateUserPassword(id, newPassword)
}
async updateUserEmail(id: ObjectId, newEmail: string) {
const user = await this.userService.findOneById(id)
if (!user) {
throw new UnauthorizedException()
}
if (user.email === newEmail) {
// Do not throw error here
// Throwing an error would allow for an attacker to brute force their way to the accounts email address
return
}
try {
await this.userService.updateUserEmail(id, newEmail)
} catch (error) {
// If error is already httpexception => Continue throwing
if (error instanceof HttpException) {
throw error
}
// This should only happen on DB failure...which we do not test
/* istanbul ignore next */
this.logger.warn(`Could not update user email due to an error ${error}`)
throw new InternalServerErrorException(
'Something went wrong, please try again later',
)
}
try {
await this.authService.requestUserVerifyMail(id)
} catch (error) {
this.logger.warn(
`Updated email for user did not receive verify email due to an error. The user update continues anyways. ${error}`,
)
}
}
async deleteProfile(id: ObjectId) {
const user = await this.userService.findOneById(id)
if (!user) {
throw new UnauthorizedException()
}
await this.userService.deleteUserById(id)
await this.lastwillDbService.deleteAllByUser(id)
if (!user.hasVerifiedEmail) return
const mailData: MailData = {
content: {
subject: 'Account gelöscht',
contentTemplate: MailTemplates.ACCOUNT_DELETED,
},
recipient: {
recipient: user.email,
},
}
try {
await this.mailService.scheduleMailNow(mailData)
} catch (error) {
this.logger.error(
`Could not send email regarding account deletion. Deletion will continue anyway.`,
)
}
}
}
|