feature(fouloscopieAuthGuard): check for email validity

Sorikairox · Nov 14, 2021 · d553daf · d553daf
1 parent 857842d
commit d553daf
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/back/flag-service/src/user/guards/FouloscopieAuthGuard.ts b/back/flag-service/src/user/guards/FouloscopieAuthGuard.ts
@@ -27,9 +27,11 @@ export class FouloscopieAuthGuard implements CanActivate {
       if (!await directus.auth.static(token)) {
         throw new InvalidDirectusTokenError();
       }
-
-      request.userId = (await directus.users.me.read({ fields: 'id' })).id;
-
+      const user = (await directus.users.me.read({ fields: ['id', 'email_valid'] }));
+      if (!user.email_valid) {
+        return false;
+      }
+      request.userId = user.id;
       return true;
     }
   }

diff --git a/back/flag-service/src/user/guards/spec/FouloscopieAuthGuard.spec.ts b/back/flag-service/src/user/guards/spec/FouloscopieAuthGuard.spec.ts
@@ -49,7 +49,7 @@ describe('FouloscopieAuthGuard', () => {
     } as ExecutionContext;
   }
 
-  function testDirectusStaticAuth(handler: Function, token: string | undefined, allows: boolean, shouldCallDirectusApi: boolean, shouldPopulateRequestFields: boolean) {
+  function testDirectusStaticAuth(handler: Function, token: string | undefined, allows: boolean, shouldCallDirectusApi: boolean, shouldPopulateRequestFields: boolean, isEmailValid = true) {
     function doesNotPopulateFields(context: ExecutionContext) {
       it('does not add userId field to request', async () => {
         const userId = context.switchToHttp().getRequest().userId;
@@ -79,7 +79,7 @@ describe('FouloscopieAuthGuard', () => {
           me: {
             // eslint-disable-next-line @typescript-eslint/no-unused-vars
             async read(query?: QueryOne<UserItem<TypeOf<any, "directus_users">>>): Promise<PartialItem<UserItem<TypeOf<any, "directus_users">>>> {
-              return { id: USER_ID_SAMPLE };
+              return { id: USER_ID_SAMPLE, email_valid: isEmailValid };
             },
           },
         },
@@ -132,6 +132,9 @@ describe('FouloscopieAuthGuard', () => {
     describe('Denies access for invalid Directus static token', () => {
       testDirectusStaticAuth(Test.defaultRoute, INVALID_DIRECTUS_TOKEN, false, true, false);
     });
+    describe('Denies access for unverified email', () => {
+      testDirectusStaticAuth(Test.defaultRoute, INVALID_DIRECTUS_TOKEN, false, true, false, false);
+    });
     describe('Denies access without Directus static token', () => {
       testDirectusStaticAuth(Test.defaultRoute, undefined, false, false, false);
     });

diff --git a/back/flag-service/test/flag.spec-e2e.ts b/back/flag-service/test/flag.spec-e2e.ts
@@ -57,7 +57,7 @@ describe('Flag (e2e)', () => {
               me: {
                 // eslint-disable-next-line @typescript-eslint/no-unused-vars
                 async read(query?: QueryOne<UserItem<TypeOf<any, "directus_users">>>): Promise<PartialItem<UserItem<TypeOf<any, "directus_users">>>> {
-                  return { id: USER_ID_SAMPLE };
+                  return { id: USER_ID_SAMPLE, email_valid: true };
                 },
               },
             },