TypeORM promises to support composite primary keys,
but that does not work in reality.
This replaces the composite key used in the permission entities with
a single generated primary key and
a unique index on the relation columns.
See https://github.com/typeorm/typeorm/issues/8513
Signed-off-by: David Mehren <git@herrmehren.de>
For reasons, the typeorm 0.3 started to always return all notes in the database.
This adds a regression test to check for that.
Signed-off-by: David Mehren <git@herrmehren.de>
The primary address is never null.
If no alias is set, the id is returned.
To still easily get the primary alias, the complete Alias DTOs
are now included in the metadata.
Signed-off-by: David Mehren <git@herrmehren.de>
This renames the argument in the POST /profile route to `displayName`
to be more consistent with the UserDTO.
It also adds OpenAPI docs.
Signed-off-by: David Mehren <git@herrmehren.de>
This information is supposed to be used by the frontend
to identify the login method that was used.
The used login method is saved as a string into the session data
and extracted via a new SessionAuthProvider decorator.
Signed-off-by: David Mehren <git@herrmehren.de>
MariaDB seems to order the returned media objects in a different way,
making our tests fail.
This refactors the tests to be independent of the order of returned data.
Signed-off-by: David Mehren <git@herrmehren.de>
The email address should only be available
in /me routes.
This commit splits the email address into a new FullUserInfoDto.
Signed-off-by: David Mehren <git@herrmehren.de>
In the e2e tests the global filter must be added via the special provider 'APP_FILTER' and not with useGlobalFilters, because if not the filter breaks, because of the way supertest handles the http-connection.
See: https://github.com/nestjs/nest/issues/1160#issuecomment-468698640
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit separates the app config object from a new note config object. This was done to separate different concerns in different config files. Especially if the number of settings that are about notes increase, it is a good idea to keep them separate from the app config.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The previous pattern used async methods for the builder pattern,
which were hideous to use when chained multiple times.
This extracts the builder into a separate class
and uses normal functions in the builder.
These queue async functions in arrays, which are executed
at the correct time, when the new async `build` function is called.
Signed-off-by: David Mehren <git@herrmehren.de>
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401
Signed-off-by: Philip Molares <philip.molares@udo.edu>
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.
Signed-off-by: David Mehren <git@herrmehren.de>
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.
Signed-off-by: David Mehren <git@herrmehren.de>
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.
Signed-off-by: David Mehren <git@herrmehren.de>
