diff --git a/api/.env.template b/api/.env.template index ff433dfd8c..fa96fc1afd 100644 --- a/api/.env.template +++ b/api/.env.template @@ -31,7 +31,7 @@ TWILIO_ACCOUNT_SID= # account auth token for twilio TWILIO_AUTH_TOKEN= # url for the partner front end -PARTNERS_PORTAL_URL=http://localhost:3001/ +PARTNERS_PORTAL_URL=http://localhost:3001 # sendgrid email api key EMAIL_API_KEY=SG.ExampleApiKey # controls the repetition of the afs cron job diff --git a/api/src/services/user.service.ts b/api/src/services/user.service.ts index da2fcb93e3..ba3064f096 100644 --- a/api/src/services/user.service.ts +++ b/api/src/services/user.service.ts @@ -405,12 +405,24 @@ export class UserService { storedUser.userRoles?.isAdmin || storedUser.userRoles?.isJurisdictionalAdmin || storedUser.userRoles?.isPartner; - const isUserSiteMatch = - (isPartnerPortalUser && dto.appUrl === process.env.PARTNERS_PORTAL_URL) || - (!isPartnerPortalUser && - dto.appUrl === storedUser.jurisdictions?.[0]?.publicUrl); + const isUserSiteMatch = async () => { + if (isPartnerPortalUser) { + return dto.appUrl === process.env.PARTNERS_PORTAL_URL; + } else { + //temporary solution since users can currently log into other jurisdictions' public site + const juris = await this.prisma.jurisdictions.findFirst({ + select: { + id: true, + }, + where: { + publicUrl: dto.appUrl, + }, + }); + return !!juris; + } + }; // user on wrong site, return neutral message and don't send email - if (!isUserSiteMatch) return { success: true }; + if (!(await isUserSiteMatch())) return { success: true }; const payload = { id: storedUser.id, diff --git a/api/test/unit/services/user.service.spec.ts b/api/test/unit/services/user.service.spec.ts index 4a6a905249..9c83d25c05 100644 --- a/api/test/unit/services/user.service.spec.ts +++ b/api/test/unit/services/user.service.spec.ts @@ -676,6 +676,9 @@ describe('Testing user service', () => { id, resetToken: 'example reset token', }); + prisma.jurisdictions.findFirst = jest.fn().mockResolvedValue({ + id, + }); emailService.forgotPassword = jest.fn(); await service.forgotPassword({ email, appUrl: 'http://localhost:3000' }); @@ -712,6 +715,7 @@ describe('Testing user service', () => { id, resetToken: 'example reset token', }); + prisma.jurisdictions.findFirst = jest.fn().mockResolvedValue(null); emailService.forgotPassword = jest.fn(); await service.forgotPassword({