code review changes

6 days ago · 9531ce9ec5
6 changed files with 2777 additions and 4859 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## Unreleased

+### Added
+
+- Added support for generating a new _Security Token_ via the user's account access panel
+
 ### Changed

 - Renamed `Account` to `account` in the `Order` database schema
@ -42,7 +46,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 - Set up the language localization for the static portfolio analysis rule: _Account Cluster Risks_ (Current Investment)
 - Extended the data providers management of the admin control panel by the online status
- Added support for generating a new _Security Token_ via the user's account access panel

 ### Changed

--- a/apps/api/src/app/user/user.controller.ts
+++ b/apps/api/src/app/user/user.controller.ts
@ -54,7 +54,10 @@ export class UserController {
  public async deleteOwnUser(
    @Body() data: DeleteOwnUserDto
  ): Promise<UserModel> {
-    const user = await this.validateOwnAccessToken(data.accessToken);
+    const user = await this.validateOwnAccessToken(
+      data.accessToken,
+      this.request.user.id
+    );

    return this.userService.deleteUser({
      id: user.id
@ -83,18 +86,21 @@ export class UserController {
  public async updateUserAccessToken(
    @Param('id') id: string
  ): Promise<AccessTokenResponse> {
-    return await this.rotateUserAccessToken(id);
+    return this.rotateUserAccessToken(id);
  }

-  @HasPermission(permissions.updateOwnAccess)
+  @HasPermission(permissions.updateOwnAccessToken)
  @Post('access-token')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async updateOwnAccessToken(
    @Body() data: UpdateOwnAccessTokenDto
  ): Promise<AccessTokenResponse> {
-    const user = await this.validateOwnAccessToken(data.accessToken);
+    const user = await this.validateOwnAccessToken(
+      data.accessToken,
+      this.request.user.id
+    );

-    return await this.rotateUserAccessToken(user.id);
+    return this.rotateUserAccessToken(user.id);
  }

  @Get()
@ -178,7 +184,8 @@ export class UserController {
  }

  private async validateOwnAccessToken(
-    accessToken: string
+    accessToken: string,
+    userId: string
  ): Promise<UserModel> {
    const hashedAccessToken = this.userService.createAccessToken({
      password: accessToken,
@ -186,7 +193,7 @@ export class UserController {
    });

    const [user] = await this.userService.users({
-      where: { accessToken: hashedAccessToken, id: this.request.user.id }
+      where: { accessToken: hashedAccessToken, id: userId }
    });

    if (!user) {
--- a/apps/client/src/app/components/user-account-access/user-account-access.html
+++ b/apps/client/src/app/components/user-account-access/user-account-access.html
@ -4,8 +4,8 @@
  (ngSubmit)="onGenerateAccessToken()"
 >
  <div class="container">
-    <h1 class="d-flex align-items-center justify-content-center h3 mb-3">
-      <span i18n>Security Token</span>
+    <h1 class="d-flex align-items-center justify-content-center h3 mb-3" i18n>
+      Security Token
    </h1>
    <div class="d-flex align-items-center justify-content-center">
      <mat-form-field
--- a/apps/client/src/app/services/data.service.ts
+++ b/apps/client/src/app/services/data.service.ts
@ -704,20 +704,6 @@ export class DataService {
    return this.http.get<WatchlistResponse>('/api/v1/watchlist');
  }

-  public updateUserAccessToken(aUserId: string) {
-    return this.http.post<AccessTokenResponse>(
-      `/api/v1/user/${aUserId}/access-token`,
-      {}
-    );
-  }
-
-  public updateOwnAccessToken(aAccessToken: UpdateOwnAccessTokenDto) {
-    return this.http.post<AccessTokenResponse>(
-      `/api/v1/user/access-token`,
-      aAccessToken
-    );
-  }
-
  public loginAnonymous(accessToken: string) {
    return this.http.post<OAuthResponse>('/api/v1/auth/anonymous', {
      accessToken
@ -826,6 +812,20 @@ export class DataService {
    });
  }

+  public updateOwnAccessToken(aAccessToken: UpdateOwnAccessTokenDto) {
+    return this.http.post<AccessTokenResponse>(
+      '/api/v1/user/access-token',
+      aAccessToken
+    );
+  }
+
+  public updateUserAccessToken(aUserId: string) {
+    return this.http.post<AccessTokenResponse>(
+      `/api/v1/user/${aUserId}/access-token`,
+      {}
+    );
+  }
+
  public updateInfo() {
    this.http.get<InfoItem>('/api/v1/info').subscribe((info) => {
      const utmSource = window.localStorage.getItem('utm_source') as
--- a/libs/common/src/lib/permissions.ts
+++ b/libs/common/src/lib/permissions.ts
@ -52,7 +52,7 @@ export const permissions = {
  updateMarketData: 'updateMarketData',
  updateMarketDataOfOwnAssetProfile: 'updateMarketDataOfOwnAssetProfile',
  updateOrder: 'updateOrder',
-  updateOwnAccess: 'updateOwnAccess',
+  updateOwnAccessToken: 'updateOwnAccessToken',
  updatePlatform: 'updatePlatform',
  updateTag: 'updateTag',
  updateUserSettings: 'updateUserSettings',
@ -137,7 +137,7 @@ export function getPermissions(aRole: Role): string[] {
        permissions.updateAuthDevice,
        permissions.updateMarketDataOfOwnAssetProfile,
        permissions.updateOrder,
-        permissions.updateOwnAccess,
+        permissions.updateOwnAccessToken,
        permissions.updateUserSettings,
        permissions.updateViewMode
      ];
--- a/package-lock.json
+++ b/package-lock.json