devops/encoach_frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Solved a bug where users could change their e-mail to another user's email

Browse Source
This commit is contained in:
Tiago Ribeiro
2024-03-26 16:13:39 +00:00
parent bf6c805487
commit 259ed03ee4
4 changed files with 244 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/constants/errors.ts
View File

@@ -1,4 +1,4 @@
export type Error = "E001" | "E002";
export type Error = "E001" | "E002" | "E003";
export interface ErrorMessage {
error: Error;
message: string;
@@ -7,4 +7,5 @@ export interface ErrorMessage {
export const errorMessages: {[key in Error]: string} = {
E001: "Wrong password!",
E002: "Invalid e-mail",
E003: "E-mail already in use!",
};

252
src/pages/api/register.ts
View File

@@ -1,24 +1,13 @@
import { NextApiRequest, NextApiResponse } from "next";
import { createUserWithEmailAndPassword, getAuth } from "firebase/auth";
import { app } from "@/firebase";
import { sessionOptions } from "@/lib/session";
import { withIronSessionApiRoute } from "iron-session/next";
import {
getFirestore,
doc,
setDoc,
query,
collection,
where,
getDocs,
} from "firebase/firestore";
import {
CorporateInformation,
DemographicInformation,
Type,
} from "@/interfaces/user";
import { addUserToGroupOnCreation } from "@/utils/registration";
import {NextApiRequest, NextApiResponse} from "next";
import {createUserWithEmailAndPassword, getAuth} from "firebase/auth";
import {app} from "@/firebase";
import {sessionOptions} from "@/lib/session";
import {withIronSessionApiRoute} from "iron-session/next";
import {getFirestore, doc, setDoc, query, collection, where, getDocs} from "firebase/firestore";
import {CorporateInformation, DemographicInformation, Group, Type} from "@/interfaces/user";
import {addUserToGroupOnCreation} from "@/utils/registration";
import moment from "moment";
import {v4} from "uuid";
const auth = getAuth(app);
const db = getFirestore(app);
@@ -26,140 +15,145 @@ const db = getFirestore(app);
export default withIronSessionApiRoute(register, sessionOptions);
const DEFAULT_DESIRED_LEVELS = {
reading: 9,
listening: 9,
writing: 9,
speaking: 9,
reading: 9,
listening: 9,
writing: 9,
speaking: 9,
};
const DEFAULT_LEVELS = {
reading: 0,
listening: 0,
writing: 0,
speaking: 0,
reading: 0,
listening: 0,
writing: 0,
speaking: 0,
};
async function register(req: NextApiRequest, res: NextApiResponse) {
const { type } = req.body as {
type: "individual" | "corporate";
};
const {type} = req.body as {
type: "individual" | "corporate";
};
if (type === "individual") return registerIndividual(req, res);
if (type === "corporate") return registerCorporate(req, res);
if (type === "individual") return registerIndividual(req, res);
if (type === "corporate") return registerCorporate(req, res);
}
async function registerIndividual(req: NextApiRequest, res: NextApiResponse) {
const { email, passport_id, password, code } = req.body as {
email: string;
passport_id?: string;
password: string;
code?: string;
};
const {email, passport_id, password, code} = req.body as {
email: string;
passport_id?: string;
password: string;
code?: string;
};
const codeQuery = query(collection(db, "codes"), where("code", "==", code));
const codeDocs = (await getDocs(codeQuery)).docs.filter(
(x) => !Object.keys(x.data()).includes("userId"),
);
const codeQuery = query(collection(db, "codes"), where("code", "==", code));
const codeDocs = (await getDocs(codeQuery)).docs.filter((x) => !Object.keys(x.data()).includes("userId"));
if (code && code.length > 0 && codeDocs.length === 0) {
res.status(400).json({ error: "Invalid Code!" });
return;
}
if (code && code.length > 0 && codeDocs.length === 0) {
res.status(400).json({error: "Invalid Code!"});
return;
}
const codeData =
codeDocs.length > 0
? (codeDocs[0].data() as {
code: string;
type: Type;
creator?: string;
expiryDate: Date | null;
})
: undefined;
const codeData =
codeDocs.length > 0
? (codeDocs[0].data() as {
code: string;
type: Type;
creator?: string;
expiryDate: Date | null;
})
: undefined;
createUserWithEmailAndPassword(auth, email.toLowerCase(), password)
.then(async (userCredentials) => {
const userId = userCredentials.user.uid;
delete req.body.password;
createUserWithEmailAndPassword(auth, email.toLowerCase(), password)
.then(async (userCredentials) => {
const userId = userCredentials.user.uid;
delete req.body.password;
const user = {
...req.body,
email: email.toLowerCase(),
desiredLevels: DEFAULT_DESIRED_LEVELS,
levels: DEFAULT_LEVELS,
bio: "",
isFirstLogin: codeData ? codeData.type === "student" : true,
focus: "academic",
type: email.endsWith("@ecrop.dev")
? "developer"
: codeData
? codeData.type
: "student",
subscriptionExpirationDate: codeData
? codeData.expiryDate
: moment().subtract(1, "days").toISOString(),
...(passport_id ? { demographicInformation: { passport_id } } : {}),
registrationDate: new Date().toISOString(),
status: code ? "active" : "paymentDue",
};
const user = {
...req.body,
email: email.toLowerCase(),
desiredLevels: DEFAULT_DESIRED_LEVELS,
levels: DEFAULT_LEVELS,
bio: "",
isFirstLogin: codeData ? codeData.type === "student" : true,
focus: "academic",
type: email.endsWith("@ecrop.dev") ? "developer" : codeData ? codeData.type : "student",
subscriptionExpirationDate: codeData ? codeData.expiryDate : moment().subtract(1, "days").toISOString(),
...(passport_id ? {demographicInformation: {passport_id}} : {}),
registrationDate: new Date().toISOString(),
status: code ? "active" : "paymentDue",
};
await setDoc(doc(db, "users", userId), user);
await setDoc(doc(db, "users", userId), user);
if (codeDocs.length > 0 && codeData) {
await setDoc(codeDocs[0].ref, { userId: userId }, { merge: true });
if (codeData.creator)
await addUserToGroupOnCreation(
userId,
codeData.type,
codeData.creator,
);
}
if (codeDocs.length > 0 && codeData) {
await setDoc(codeDocs[0].ref, {userId: userId}, {merge: true});
if (codeData.creator) await addUserToGroupOnCreation(userId, codeData.type, codeData.creator);
}
req.session.user = { ...user, id: userId };
await req.session.save();
req.session.user = {...user, id: userId};
await req.session.save();
res.status(200).json({ user: { ...user, id: userId } });
})
.catch((error) => {
console.log(error);
res.status(401).json({ error });
});
res.status(200).json({user: {...user, id: userId}});
})
.catch((error) => {
console.log(error);
res.status(401).json({error});
});
}
async function registerCorporate(req: NextApiRequest, res: NextApiResponse) {
const { email, password } = req.body as {
email: string;
password: string;
corporateInformation: CorporateInformation;
};
const {email, password} = req.body as {
email: string;
password: string;
corporateInformation: CorporateInformation;
};
createUserWithEmailAndPassword(auth, email.toLowerCase(), password)
.then(async (userCredentials) => {
const userId = userCredentials.user.uid;
delete req.body.password;
createUserWithEmailAndPassword(auth, email.toLowerCase(), password)
.then(async (userCredentials) => {
const userId = userCredentials.user.uid;
delete req.body.password;
const user = {
...req.body,
email: email.toLowerCase(),
desiredLevels: DEFAULT_DESIRED_LEVELS,
levels: DEFAULT_LEVELS,
bio: "",
isFirstLogin: false,
focus: "academic",
type: "corporate",
subscriptionExpirationDate: req.body.subscriptionExpirationDate || null,
status: "paymentDue",
registrationDate: new Date().toISOString(),
};
const user = {
...req.body,
email: email.toLowerCase(),
desiredLevels: DEFAULT_DESIRED_LEVELS,
levels: DEFAULT_LEVELS,
bio: "",
isFirstLogin: false,
focus: "academic",
type: "corporate",
subscriptionExpirationDate: req.body.subscriptionExpirationDate || null,
status: "paymentDue",
registrationDate: new Date().toISOString(),
};
await setDoc(doc(db, "users", userId), user);
const defaultTeachersGroup: Group = {
admin: userId,
id: v4(),
name: "Teachers",
participants: [],
disableEditing: true,
};
req.session.user = { ...user, id: userId };
await req.session.save();
const defaultStudentsGroup: Group = {
admin: userId,
id: v4(),
name: "Students",
participants: [],
disableEditing: true,
};
res.status(200).json({ user: { ...user, id: userId } });
})
.catch((error) => {
console.log(error);
res.status(401).json({ error });
});
await setDoc(doc(db, "users", userId), user);
await setDoc(doc(db, "groups", defaultTeachersGroup.id), defaultTeachersGroup);
await setDoc(doc(db, "groups", defaultStudentsGroup.id), defaultStudentsGroup);
req.session.user = {...user, id: userId};
await req.session.save();
res.status(200).json({user: {...user, id: userId}});
})
.catch((error) => {
console.log(error);
res.status(401).json({error});
});
}

12
src/pages/api/users/update.ts
View File

@@ -12,7 +12,7 @@ import moment from "moment";
import ShortUniqueId from "short-unique-id";
import {Payment} from "@/interfaces/paypal";
import {toFixedNumber} from "@/utils/number";
import { propagateStatusChange } from '@/utils/propagate.user.changes';
import {propagateStatusChange} from "@/utils/propagate.user.changes";
const db = getFirestore(app);
const auth = getAuth(app);
@@ -85,7 +85,7 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
const user = await setDoc(userRef, updatedUser, {merge: true});
await managePaymentRecords(updatedUser, updatedUser.id);
if(updatedUser.status) {
if (updatedUser.status) {
// there's no await as this does not affect the user
propagateStatusChange(queryId, updatedUser.status);
}
@@ -117,6 +117,12 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
if (updatedUser.email !== req.session.user.email && updatedUser.password) {
try {
const usersWithSameEmail = await getDocs(query(collection(db, "users"), where("email", "==", updatedUser.email.toLowerCase())));
if (usersWithSameEmail.docs.length > 0) {
res.status(400).json({error: "E003", message: errorMessages.E003});
return;
}
const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password);
await updateEmail(credential.user, updatedUser.email);
@@ -142,7 +148,7 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
}
}
if(updatedUser.status) {
if (updatedUser.status) {
// there's no await as this does not affect the user
propagateStatusChange(req.session.user.id, updatedUser.status);
}

215
src/pages/profile.tsx
View File

@@ -64,6 +64,8 @@ interface Props {
mutateUser: Function;
}
const DoubleColumnRow = ({children}: {children: ReactNode}) => <div className="flex flex-col md:flex-row gap-8 w-full">{children}</div>;
function UserProfile({user, mutateUser}: Props) {
const [bio, setBio] = useState(user.bio || "");
const [name, setName] = useState(user.name || "");
@@ -150,106 +152,45 @@ function UserProfile({user, mutateUser}: Props) {
}
}
const request = await axios.post("/api/users/update", {
bio,
name,
email,
password,
newPassword,
profilePicture,
desiredLevels,
preferredGender,
preferredTopics,
demographicInformation: {
phone,
country,
employment: user?.type === "corporate" ? undefined : employment,
position: user?.type === "corporate" ? position : undefined,
gender,
passport_id,
timezone,
},
...(user.type === "corporate" ? {corporateInformation} : {}),
});
if (request.status === 200) {
toast.success("Your profile has been updated!");
mutateUser((request.data as {user: User}).user);
setIsLoading(false);
return;
}
toast.error((request.data as ErrorMessage).message);
setIsLoading(false);
axios
.post("/api/users/update", {
bio,
name,
email,
password,
newPassword,
profilePicture,
desiredLevels,
preferredGender,
preferredTopics,
demographicInformation: {
phone,
country,
employment: user?.type === "corporate" ? undefined : employment,
position: user?.type === "corporate" ? position : undefined,
gender,
passport_id,
timezone,
},
...(user.type === "corporate" ? {corporateInformation} : {}),
})
.then((response) => {
if (response.status === 200) {
toast.success("Your profile has been updated!");
mutateUser((response.data as {user: User}).user);
setIsLoading(false);
return;
}
})
.catch((error) => {
console.log(error);
toast.error((error.response.data as ErrorMessage).message);
})
.finally(() => {
setIsLoading(false);
});
};
const DoubleColumnRow = ({children}: {children: ReactNode}) => <div className="flex flex-col md:flex-row gap-8 w-full">{children}</div>;
const PasswordInput = () => (
<DoubleColumnRow>
<Input
label="Current Password"
type="password"
name="password"
onChange={(e) => setPassword(e)}
placeholder="Enter your password"
required
/>
<Input
label="New Password"
type="password"
name="newPassword"
onChange={(e) => setNewPassword(e)}
placeholder="Enter your new password (optional)"
/>
</DoubleColumnRow>
);
const NameInput = () => (
<Input label="Name" type="text" name="name" onChange={(e) => setName(e)} placeholder="Enter your name" defaultValue={name} required />
);
const AgentInformationInput = () => (
<div className="grid grid-cols-1 md:grid-cols-2 gap-8 w-full">
<Input
label="Corporate Name"
type="text"
name="companyName"
onChange={() => null}
placeholder="Enter corporate name"
defaultValue={companyName}
disabled
/>
<Input
label="Commercial Registration"
type="text"
name="commercialRegistration"
onChange={() => null}
placeholder="Enter commercial registration"
defaultValue={commercialRegistration}
disabled
/>
</div>
);
const CountryInput = () => (
<div className="flex flex-col gap-3 w-full">
<label className="font-normal text-base text-mti-gray-dim">Country *</label>
<CountrySelect value={country} onChange={setCountry} />
</div>
);
const PhoneInput = () => (
<Input
type="tel"
name="phone"
label="Phone number"
onChange={(e) => setPhone(e)}
placeholder="Enter phone number"
defaultValue={phone}
required
/>
);
const ExpirationDate = () => (
<div className="flex flex-col gap-3 w-full">
<label className="font-normal text-base text-mti-gray-dim">Expiry Date (click to purchase)</label>
@@ -276,7 +217,7 @@ function UserProfile({user, mutateUser}: Props) {
</div>
);
const manualDownloadLink = ['student', 'teacher', 'corporate'].includes(user.type) ? `/manuals/${user.type}.pdf` : '';
const manualDownloadLink = ["student", "teacher", "corporate"].includes(user.type) ? `/manuals/${user.type}.pdf` : "";
return (
<Layout user={user}>
@@ -288,7 +229,15 @@ function UserProfile({user, mutateUser}: Props) {
<form className="flex flex-col items-center gap-6 w-full">
<DoubleColumnRow>
{user.type !== "corporate" ? (
<NameInput />
<Input
label="Name"
type="text"
name="name"
onChange={(e) => setName(e)}
placeholder="Enter your name"
defaultValue={name}
required
/>
) : (
<Input
label="Company name"
@@ -316,12 +265,60 @@ function UserProfile({user, mutateUser}: Props) {
required
/>
</DoubleColumnRow>
<PasswordInput />
{user.type === "agent" && <AgentInformationInput />}
<DoubleColumnRow>
<Input
label="Current Password"
type="password"
name="password"
onChange={(e) => setPassword(e)}
placeholder="Enter your password"
required
/>
<Input
label="New Password"
type="password"
name="newPassword"
onChange={(e) => setNewPassword(e)}
placeholder="Enter your new password (optional)"
/>
</DoubleColumnRow>
{user.type === "agent" && (
<div className="grid grid-cols-1 md:grid-cols-2 gap-8 w-full">
<Input
label="Corporate Name"
type="text"
name="companyName"
onChange={() => null}
placeholder="Enter corporate name"
defaultValue={companyName}
disabled
/>
<Input
label="Commercial Registration"
type="text"
name="commercialRegistration"
onChange={() => null}
placeholder="Enter commercial registration"
defaultValue={commercialRegistration}
disabled
/>
</div>
)}
<DoubleColumnRow>
<CountryInput />
<PhoneInput />
<div className="flex flex-col gap-3 w-full">
<label className="font-normal text-base text-mti-gray-dim">Country *</label>
<CountrySelect value={country} onChange={setCountry} />
</div>
<Input
type="tel"
name="phone"
label="Phone number"
onChange={(e) => setPhone(e)}
placeholder="Enter phone number"
defaultValue={phone}
required
/>
</DoubleColumnRow>
{user.type === "student" ? (
@@ -426,7 +423,15 @@ function UserProfile({user, mutateUser}: Props) {
<>
<Divider />
<DoubleColumnRow>
<NameInput />
<Input
label="Name"
type="text"
name="name"
onChange={(e) => setName(e)}
placeholder="Enter your name"
defaultValue={name}
required
/>
<Input
name="position"
onChange={setPosition}