The former deleteFile was moved to the public apis media controller and the actual deletion functionality was moved in a separate function to be called on user deletion.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add test to createUser method to ensure an already used username triggers a AlreadyInDBError.
Add debug entry if user is deleted.
Add changeDisplayName method.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This makes it possible to create permissions by setting them in the note entity and delete them when either the user or note is deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This functions makes it possible to make a partial order of the Loglevel enum. This simplifies the if statements in ConsoleLogger.
This is done, because the Loglevel enum already has a string backing for easy conversion from the config environmental variables and therefore can't also have a ordinal number assigned…
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is used to import a whole list of history entries rather than creating a single history entry (there is no way of doing that at the moment)
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The cache is never null, because it defaults to undefined, and therefore this function always returns undefined.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
All urls should be of the form `uploads/<filename>.<extension>` regardless of what the uploadDirectory is, because the backend proxies all locally uploaded files.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
These are used in the /config private API call and needed to distinguish with which of the multiple auth providers a login should occur.
This also fixes the types of the multiple auth provider arrays to something that works, as `[{}]` specifics exactly on object in an array.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
CustomizationConfig holds all possible customization configs.
ExternalConfig holds external services that may be configured.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
We need this function in at least on other part of the application so extracting it into an util file was only logical.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This makes it possible for the autogenerated openapi file to contain all the dtos instead of nothing.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
'...use' tries to go up one level and grab the value of 'use' there and not the same level 'use' as we want here
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This re-enables the `@typescript-eslint/explicit-module-boundary-types`
check and also enables the
`@typescript-eslint/explicit-function-return-type` check.
Signed-off-by: David Mehren <git@herrmehren.de>
This ensures stack traces are helpful at the cost of a slightly
lower performance (one more tick in the event loop).
Fixes#838
Signed-off-by: David Mehren <git@herrmehren.de>
This is necessary as typescript is unable to determine that `year` in this object is of type "numeric" and not string.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Handle the AlreadyInDB and PermissionsUpdateInconsistent errors and correctly show them to the api user as BadRequest errors.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Fixed toUserDto method of UsersService: If a user has no email an empty string should be returned (like with the photoUrl) instead of null.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This service is necessary as we plan to have functions to create and manipulate groups in the future.
The GroupInfoDto was moved from the file note-permissions.dto.ts to mimic the UserInfoDto.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As discussed in #835 we don't want to have default constructors and prefer .create methods.
Because the created NoteGroupPermission and NoteUserPermission are not saved to the DB by themselves, but are saved via a change to the Note using a Pick<Class, attributes>-style return type is not helpful here as every single time the .create functions are called a full object is required.
The mock calls in the PermissionService test are not needed and break the .create calls so they got removed.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The permission check also tries to get the note and a non existing note needs to be handled there too.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The unit test now uses per test mocking of the necessary functions instead of one mock in the beforeEach call.
Also some tests got expanded to cover more error cases.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Using nest-router for this purpose as it is a rather easy addition to our structure. As we don't add the Router to any e2e tests we don't need to change them.
fixes#523
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Our custom logger supports providing the name of the function that
calls the logger, this commit adds this context string where it
was previously missing.
Signed-off-by: David Mehren <git@herrmehren.de>
For a better structure of the autogenerated apidoc website tags are used. Each Controller get it's own tag and will be put in a separate section.
See https://docs.nestjs.com/openapi/operations#tags
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This makes it possible to create the user before the mock auth guard does it's magic. This is necessary for some test, where we need the user object before the api is called.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add history service to allow for CRUD operations.
Use history service in controllers to:
1. Allow manipulating of history entries
2. Guaranty the correct existence of history entries
Signed-off-by: Philip Molares <philip.molares@udo.edu>
With this the backend now can hold a history entry.
Also included in this commit are some minor changes to tests and services so they can still work.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
DTO should only be used for sending information to and from user.
Services now have methods which return normal internal objects and
methods which convert them to DTOs. This conversion is done in the
controlers
Signed-off-by: Yannick Bungers <git@innay.de>
Move conversion of Errors from AuthService to TokenStrategy.
This is necessary to correctly test the validateToken method.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th.
This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message.
This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This should make the translation from env var name to config name and vice versa more consistent.
Fixes#751
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
