refactoring

1 year ago · f8cbb4195f
6 changed files with 63 additions and 54 deletions
--- a/apps/api/src/app/user/delete-own-user.dto.ts
+++ b/apps/api/src/app/user/delete-own-user.dto.ts
@ -0,0 +1,6 @@
+import { IsString } from 'class-validator';
+
+export class DeleteOwnUserDto {
+  @IsString()
+  accessToken: string;
+}
--- a/apps/api/src/app/user/user.controller.ts
+++ b/apps/api/src/app/user/user.controller.ts
@ -26,6 +26,7 @@ import { User as UserModel } from '@prisma/client';
 import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { size } from 'lodash';

+import { DeleteOwnUserDto } from './delete-own-user.dto';
 import { UserItem } from './interfaces/user-item.interface';
 import { UpdateUserSettingDto } from './update-user-setting.dto';
 import { UserService } from './user.service';
@ -40,47 +41,47 @@ export class UserController {
    private readonly userService: UserService
  ) {}

-  @Delete(':id')
-  @HasPermission(permissions.deleteUser)
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  public async deleteUser(@Param('id') id: string): Promise<UserModel> {
-    if (id === this.request.user.id) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    return this.userService.deleteUser({
-      id
-    });
-  }
-
-  @Delete('self/:accessToken')
+  @Delete()
  @HasPermission(permissions.deleteOwnUser)
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteOwnUser(
-    @Param('accessToken') accessToken: string
+    @Body() data: DeleteOwnUserDto
  ): Promise<UserModel> {
    const hashedAccessToken = this.userService.createAccessToken(
-      accessToken,
+      data.accessToken,
      this.configurationService.get('ACCESS_TOKEN_SALT')
    );

    const [user] = await this.userService.users({
-      where: { accessToken: hashedAccessToken }
+      where: { accessToken: hashedAccessToken, id: this.request.user.id }
    });

    if (!user) {
      throw new HttpException(
-        getReasonPhrase(StatusCodes.NOT_FOUND),
-        StatusCodes.NOT_FOUND
+        getReasonPhrase(StatusCodes.FORBIDDEN),
+        StatusCodes.FORBIDDEN
      );
    }

    return this.userService.deleteUser({
-      id: user.id,
-      accessToken: hashedAccessToken
+      accessToken: hashedAccessToken,
+      id: user.id
+    });
+  }
+
+  @Delete(':id')
+  @HasPermission(permissions.deleteUser)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async deleteUser(@Param('id') id: string): Promise<UserModel> {
+    if (id === this.request.user.id) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.FORBIDDEN),
+        StatusCodes.FORBIDDEN
+      );
+    }
+
+    return this.userService.deleteUser({
+      id
    });
  }

--- a/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts
+++ b/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts
@ -113,31 +113,6 @@ export class UserAccountSettingsComponent implements OnDestroy, OnInit {
    return !(this.language === 'de' || this.language === 'en');
  }

-  public onCloseAccount() {
-    const confirmation = confirm(
-      $localize`Do you really want to close your account?`
-    );
-
-    const accessToken = this.deleteOwnUserForm.get('accessToken').value;
-
-    if (confirmation) {
-      this.dataService
-        .deleteOwnUser(accessToken)
-        .pipe(takeUntil(this.unsubscribeSubject))
-        .subscribe({
-          next: () => {
-            this.tokenStorageService.signOut();
-            this.userService.remove();
-
-            document.location.href = `/${document.documentElement.lang}`;
-          },
-          error: () => {
-            alert($localize`Oops! Incorrect Security Token.`);
-          }
-        });
-    }
-  }
-
  public onChangeUserSetting(aKey: string, aValue: string) {
    this.dataService
      .putUserSetting({ [aKey]: aValue })
@ -164,6 +139,31 @@ export class UserAccountSettingsComponent implements OnDestroy, OnInit {
      });
  }

+  public onCloseAccount() {
+    const confirmation = confirm(
+      $localize`Do you really want to close your account?`
+    );
+
+    const accessToken = this.deleteOwnUserForm.get('accessToken').value;
+
+    if (confirmation) {
+      this.dataService
+        .deleteOwnUser({ accessToken })
+        .pipe(takeUntil(this.unsubscribeSubject))
+        .subscribe({
+          next: () => {
+            this.tokenStorageService.signOut();
+            this.userService.remove();
+
+            document.location.href = `/${document.documentElement.lang}`;
+          },
+          error: () => {
+            alert($localize`Oops! Incorrect Security Token.`);
+          }
+        });
+    }
+  }
+
  public onExperimentalFeaturesChange(aEvent: MatSlideToggleChange) {
    this.dataService
      .putUserSetting({ isExperimentalFeatures: aEvent.checked })
--- a/apps/client/src/app/components/user-account-settings/user-account-settings.html
+++ b/apps/client/src/app/components/user-account-settings/user-account-settings.html
@ -247,6 +247,7 @@
                  appearance="outline"
                  class="without-hint w-100"
                  color="warn"
+                  [hideRequiredMarker]="true"
                >
                  <mat-label class="danger-zone-text" i18n
                    >Security Token</mat-label
@ -274,7 +275,7 @@

            <div class="align-items-center d-flex py-1">
              <div class="pr-1 w-50"></div>
-              <div class="pl-1 text-monospace w-50">
+              <div class="pl-1 w-50">
                <button
                  color="warn"
                  mat-flat-button
--- a/apps/client/src/app/services/data.service.ts
+++ b/apps/client/src/app/services/data.service.ts
@ -9,6 +9,7 @@ import { UpdateOrderDto } from '@ghostfolio/api/app/order/update-order.dto';
 import { PortfolioHoldingDetail } from '@ghostfolio/api/app/portfolio/interfaces/portfolio-holding-detail.interface';
 import { LookupItem } from '@ghostfolio/api/app/symbol/interfaces/lookup-item.interface';
 import { SymbolItem } from '@ghostfolio/api/app/symbol/interfaces/symbol-item.interface';
+import { DeleteOwnUserDto } from '@ghostfolio/api/app/user/delete-own-user.dto';
 import { UserItem } from '@ghostfolio/api/app/user/interfaces/user-item.interface';
 import { UpdateUserSettingDto } from '@ghostfolio/api/app/user/update-user-setting.dto';
 import { IDataProviderHistoricalResponse } from '@ghostfolio/api/services/interfaces/interfaces';
@ -271,8 +272,8 @@ export class DataService {
    return this.http.delete<any>(`/api/v1/benchmark/${dataSource}/${symbol}`);
  }

-  public deleteOwnUser(accessToken: string) {
-    return this.http.delete<any>(`/api/v1/user/self/${accessToken}`);
+  public deleteOwnUser(aData: DeleteOwnUserDto) {
+    return this.http.delete<any>(`/api/v1/user`, { body: aData });
  }

  public deleteUser(aId: string) {
--- a/libs/common/src/lib/permissions.ts
+++ b/libs/common/src/lib/permissions.ts
@ -57,11 +57,11 @@ export function getPermissions(aRole: Role): string[] {
        permissions.deleteAccess,
        permissions.deleteAccount,
        permissions.deleteAuthDevice,
-        permissions.deleteOwnUser,
        permissions.deleteOrder,
        permissions.deletePlatform,
        permissions.deleteTag,
        permissions.deleteUser,
+        permissions.deleteOwnUser,
        permissions.updateAccount,
        permissions.updateAuthDevice,
        permissions.updateOrder,
@ -81,12 +81,12 @@ export function getPermissions(aRole: Role): string[] {
        permissions.createAccount,
        permissions.createAccountBalance,
        permissions.createOrder,
-        permissions.deleteOwnUser,
        permissions.deleteAccess,
        permissions.deleteAccount,
        permissions.deleteAccountBalance,
        permissions.deleteAuthDevice,
        permissions.deleteOrder,
+        permissions.deleteOwnUser,
        permissions.updateAccount,
        permissions.updateAuthDevice,
        permissions.updateOrder,