Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 3x 3x 2x 2x 1x 8x 8x 1x 7x 1x 1x 6x 6x 1x 1x 1x 5x 5x 1x 7x 7x 1x 6x 6x 6x 5x 5x 5x 3x 2x 2x 2x 2x 2x | import {
HttpException,
Injectable,
InternalServerErrorException,
Logger,
UnauthorizedException,
} from '@nestjs/common'
import { compare } from 'bcrypt'
import { ObjectId } from 'mongoose'
import { AuthService } from '../auth/auth.service'
import { MailData } from '../db/entities/mail-event.entity'
import { LastWillDBService } from '../db/services/lastwill.service'
import { UserDBService } from '../db/services/user.service'
import { MailTemplates } from '../mail/interfaces/mail.interface'
import { MailScheduleService } from '../mail/services/scheduler.service'
@Injectable()
export class ProfileService {
private readonly logger = new Logger(ProfileService.name)
constructor(
private readonly userService: UserDBService,
private readonly authService: AuthService,
private readonly mailService: MailScheduleService,
private readonly lastwillDbService: LastWillDBService,
) {}
async updatePassword(
id: ObjectId,
oldPassword: string,
newPassword: string,
): Promise<void> {
// Verify that old password is right
const user = await this.userService.findOneById(id)
if (!user || !(await compare(oldPassword, user.password))) {
this.logger.warn(`Invalid credentials for password change.`)
throw new UnauthorizedException(
'This is not allowed...either you do not exist or the provided password was invalid',
)
}
await this.userService.updateUserPassword(id, newPassword)
}
async updateUserEmail(id: ObjectId, newEmail: string): Promise<void> {
const user = await this.userService.findOneById(id)
if (!user) {
throw new UnauthorizedException()
}
if (user.email === newEmail) {
this.logger.log(
`Skipping email update for user as new email equaled the old one`,
)
// Do not throw error here
// Throwing an error would allow for an attacker to brute force their way to the accounts email address
return
}
try {
await this.userService.updateUserEmail(id, newEmail)
} catch (error) {
this.logger.error(`Could not update user email ${error}`)
// If error is already httpexception => Continue throwing
if (error instanceof HttpException) {
throw error
}
// This should only happen on DB failure...which we do not test
/* istanbul ignore next */
this.logger.warn(`Could not update user email due to an error ${error}`)
throw new InternalServerErrorException(
'Something went wrong, please try again later',
)
}
try {
await this.authService.requestUserVerifyMail(id)
} catch (error) {
this.logger.warn(
`Updated email for user did not receive verify email due to an error. The user update continues anyways. ${error}`,
)
}
}
async deleteProfile(id: ObjectId): Promise<void> {
const user = await this.userService.findOneById(id)
if (!user) {
throw new UnauthorizedException()
}
await this.userService.deleteUserById(id)
await this.lastwillDbService.deleteAllByUser(id)
if (!user.hasVerifiedEmail) return
const mailData: MailData = {
content: {
subject: 'Account gelöscht',
contentTemplate: MailTemplates.ACCOUNT_DELETED,
},
recipient: {
recipient: user.email,
},
}
try {
await this.mailService.scheduleMailNow(mailData)
return
} catch (error) {
this.logger.error(
`Could not send email regarding account deletion. Deletion will continue anyway.`,
)
}
// If we get here the mail could not be send as of now => Fallback to just scheduling it
const newSendDate = new Date()
// Reschedule 5 hours later by default
newSendDate.setHours(newSendDate.getHours() + 5)
try {
await this.mailService.scheduleMailAtDate(newSendDate, mailData)
} catch (error) {
this.logger.warn(
`Mail could not be scheduled due to an error. Account deletion continues anyways ${error}`,
)
}
}
}
|