Merge pull request #54 from Horizontal-org/development

Development
Horizontal-org · Jul 17, 2024 · 382d1c0 · 382d1c0
2 parents d9a3ccb + 09f9c03
commit 382d1c0
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 10 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:16.14-alpine as production
+FROM node:20.14.0-alpine as production
 
 ARG NODE_ENV=production
 ENV NODE_ENV=${NODE_ENV}

diff --git a/src/modules/auth/controllers/disable-otp.auth.controller.ts b/src/modules/auth/controllers/disable-otp.auth.controller.ts
@@ -6,6 +6,7 @@ import { JwtTypes } from 'modules/jwt/domain/jwt-types.auth.enum';
 import { ReadUserDto } from 'modules/user/dto';
 import { DisableOtpAuthDto } from '../dto/disable-otp.auth.dto';
 import { TYPES } from '../interfaces';
+import { ICheckPasswordUserApplication, TYPES as USER_TYPES } from '../../user/interfaces';
 import { IDisableOtpAuthService } from '../interfaces/services/disable-otp.auth.service.interface';
 import { IValidateRecoveryKeysService } from '../interfaces/services/validate.recovery-keys.service.interface';
 import { IVerifyOtpAuthService } from '../interfaces/services/verify-otp.auth.service.interface';
@@ -14,6 +15,8 @@ import { IVerifyOtpAuthService } from '../interfaces/services/verify-otp.auth.se
 @AuthController('auth', [], JwtTypes.WEB)
 export class DisableOtpAuthController {
   constructor(
+    @Inject(USER_TYPES.applications.ICheckPasswordUserApplication)
+    private readonly checkPasswordUserApplication: ICheckPasswordUserApplication,
     @Inject(TYPES.services.IVerifyOtpAuthService)
     private verifyOtpService: IVerifyOtpAuthService,
     @Inject(TYPES.services.IDisableOtpAuthService)
@@ -24,6 +27,12 @@ export class DisableOtpAuthController {
 
   @Post('/otp/disable')
   async handler(@Body() body: DisableOtpAuthDto, @LoggedUser() loggedUser: ReadUserDto): Promise<boolean> {
+
+    await this.checkPasswordUserApplication.execute({
+      username: loggedUser.username,
+      password: body.confirm_password,
+    });
+
     if (body.is_otp) {
       await this.verifyOtpService.execute(body.code, loggedUser.id)
     } else {

diff --git a/src/modules/auth/dto/disable-otp.auth.dto.ts b/src/modules/auth/dto/disable-otp.auth.dto.ts
@@ -9,4 +9,9 @@ export class DisableOtpAuthDto {
   @ApiProperty()
   @IsBoolean()
   is_otp: boolean;
+
+
+  @ApiProperty()
+  @IsString()
+  confirm_password: string;
 }
diff --git a/src/modules/report/controllers/index.ts b/src/modules/report/controllers/index.ts
@@ -6,7 +6,7 @@ import { BatchDeleteReportController } from './batch-delete.report.controller';
 import { EditReportController } from './edit.report.controller';
 
 export const reportControllers = [
-  CreateReportController,
+  // CreateReportController,
   GetByIdReportController,
   ListReportController,
   DeleteByIdReportController,

diff --git a/src/modules/resource/controllers/get-asset.resource.controller.ts b/src/modules/resource/controllers/get-asset.resource.controller.ts
@@ -36,8 +36,6 @@ export class GetAssetResourceController {
     @Response() res,
   ) {
 
-    console.log("🚀 ~ GetAssetResourceController ~ role:", username, role)
-
     if (role !== 'admin') {
       const hasResource = await this.userHasResourceService.execute(id, fileName)
       if (!hasResource) {

diff --git a/src/modules/user/controllers/edit-self.user.controller.ts b/src/modules/user/controllers/edit-self.user.controller.ts
@@ -17,7 +17,9 @@ import { EditSelfUserDto } from '../dto/edit-self.user.dto';
 
 @AuthController('user', [RolesUser.VIEWER, RolesUser.EDITOR, RolesUser.ADMIN], JwtTypes.WEB)
 export class EditSelfUserController {
-  constructor(    
+  constructor(
+    @Inject(TYPES.applications.ICheckPasswordUserApplication)
+    private readonly checkPasswordUserApplication: ICheckPasswordUserApplication,
     @Inject(TYPES.applications.IEditUserApplication)
     private readonly editUserApplication: IEditUserApplication,
   ) {}
@@ -27,10 +29,17 @@ export class EditSelfUserController {
   async handler(
     @LoggedUser() { id, username, role }: ReadUserDto,
     @Body() editSelfUserDto: EditSelfUserDto,
-  ): Promise<ReadUserDto> {    
+  ): Promise<ReadUserDto> {
+
+    await this.checkPasswordUserApplication.execute({
+      username,
+      password: editSelfUserDto.confirmPassword,
+    });
+
+
     const user = await this.editUserApplication.execute({
-      id,
-      ...editSelfUserDto
+      id: id,
+      username: editSelfUserDto.username
     });
 
     return user;

diff --git a/src/modules/user/dto/edit-self.user.dto.ts b/src/modules/user/dto/edit-self.user.dto.ts
@@ -1,11 +1,15 @@
 import { ApiProperty } from '@nestjs/swagger';
 import { Exclude, Expose } from 'class-transformer';
-import { IsEmail } from 'class-validator';
+import { IsEmail, IsString } from 'class-validator';
 
-@Exclude()
 export class EditSelfUserDto {
   @ApiProperty({ type: String })
   @IsEmail()
   @Expose()
   username?: string;
+
+  @ApiProperty({ type: String })
+  @IsString()
+  @Expose()
+  confirmPassword?: string;
 }