code review changes

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### Added
+
+- Added support for generating a new _Security Token_ via the user's account access panel
+
 ### Changed
 
 - Renamed `Account` to `account` in the `Order` database schema
@@ -42,7 +46,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Set up the language localization for the static portfolio analysis rule: _Account Cluster Risks_ (Current Investment)
 - Extended the data providers management of the admin control panel by the online status
-- Added support for generating a new _Security Token_ via the user's account access panel
 
 ### Changed
 

apps/api/src/app/user/user.controller.ts

@@ -54,7 +54,10 @@ export class UserController {
   public async deleteOwnUser(
     @Body() data: DeleteOwnUserDto
   ): Promise<UserModel> {
-    const user = await this.validateOwnAccessToken(data.accessToken);
+    const user = await this.validateOwnAccessToken(
+      data.accessToken,
+      this.request.user.id
+    );
 
     return this.userService.deleteUser({
       id: user.id
@@ -83,18 +86,21 @@ export class UserController {
   public async updateUserAccessToken(
     @Param('id') id: string
   ): Promise<AccessTokenResponse> {
-    return await this.rotateUserAccessToken(id);
+    return this.rotateUserAccessToken(id);
   }
 
-  @HasPermission(permissions.updateOwnAccess)
+  @HasPermission(permissions.updateOwnAccessToken)
   @Post('access-token')
   @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async updateOwnAccessToken(
     @Body() data: UpdateOwnAccessTokenDto
   ): Promise<AccessTokenResponse> {
-    const user = await this.validateOwnAccessToken(data.accessToken);
+    const user = await this.validateOwnAccessToken(
+      data.accessToken,
+      this.request.user.id
+    );
 
-    return await this.rotateUserAccessToken(user.id);
+    return this.rotateUserAccessToken(user.id);
   }
 
   @Get()
@@ -178,7 +184,8 @@ export class UserController {
   }
 
   private async validateOwnAccessToken(
-    accessToken: string
+    accessToken: string,
+    userId: string
   ): Promise<UserModel> {
     const hashedAccessToken = this.userService.createAccessToken({
       password: accessToken,
@@ -186,7 +193,7 @@ export class UserController {
     });
 
     const [user] = await this.userService.users({
-      where: { accessToken: hashedAccessToken, id: this.request.user.id }
+      where: { accessToken: hashedAccessToken, id: userId }
     });
 
     if (!user) {

apps/client/src/app/components/user-account-access/user-account-access.html

@@ -4,8 +4,8 @@
   (ngSubmit)="onGenerateAccessToken()"
 >
   <div class="container">
-    <h1 class="d-flex align-items-center justify-content-center h3 mb-3">
+    <h1 class="d-flex align-items-center justify-content-center h3 mb-3" i18n>
-      <span i18n>Security Token</span>
+      Security Token
     </h1>
     <div class="d-flex align-items-center justify-content-center">
       <mat-form-field

apps/client/src/app/services/data.service.ts

@@ -704,20 +704,6 @@ export class DataService {
     return this.http.get<WatchlistResponse>('/api/v1/watchlist');
   }
 
-  public updateUserAccessToken(aUserId: string) {
-    return this.http.post<AccessTokenResponse>(
-      `/api/v1/user/${aUserId}/access-token`,
-      {}
-    );
-  }
-
-  public updateOwnAccessToken(aAccessToken: UpdateOwnAccessTokenDto) {
-    return this.http.post<AccessTokenResponse>(
-      `/api/v1/user/access-token`,
-      aAccessToken
-    );
-  }
-
   public loginAnonymous(accessToken: string) {
     return this.http.post<OAuthResponse>('/api/v1/auth/anonymous', {
       accessToken
@@ -826,6 +812,20 @@ export class DataService {
     });
   }
 
+  public updateOwnAccessToken(aAccessToken: UpdateOwnAccessTokenDto) {
+    return this.http.post<AccessTokenResponse>(
+      '/api/v1/user/access-token',
+      aAccessToken
+    );
+  }
+
+  public updateUserAccessToken(aUserId: string) {
+    return this.http.post<AccessTokenResponse>(
+      `/api/v1/user/${aUserId}/access-token`,
+      {}
+    );
+  }
+
   public updateInfo() {
     this.http.get<InfoItem>('/api/v1/info').subscribe((info) => {
       const utmSource = window.localStorage.getItem('utm_source') as

libs/common/src/lib/permissions.ts

@@ -52,7 +52,7 @@ export const permissions = {
   updateMarketData: 'updateMarketData',
   updateMarketDataOfOwnAssetProfile: 'updateMarketDataOfOwnAssetProfile',
   updateOrder: 'updateOrder',
-  updateOwnAccess: 'updateOwnAccess',
+  updateOwnAccessToken: 'updateOwnAccessToken',
   updatePlatform: 'updatePlatform',
   updateTag: 'updateTag',
   updateUserSettings: 'updateUserSettings',
@@ -137,7 +137,7 @@ export function getPermissions(aRole: Role): string[] {
         permissions.updateAuthDevice,
         permissions.updateMarketDataOfOwnAssetProfile,
         permissions.updateOrder,
-        permissions.updateOwnAccess,
+        permissions.updateOwnAccessToken,
         permissions.updateUserSettings,
         permissions.updateViewMode
       ];