From 986c8353a6059145ea3be7e9308f3478010d8fd8 Mon Sep 17 00:00:00 2001
From: ColinBuyck <53269332+ColinBuyck@users.noreply.github.com>
Date: Thu, 13 Jun 2024 09:16:10 -0700
Subject: [PATCH] fix: looser isUserSiteMatch (#4120)

* fix: looser isUserSiteMatch

* fix: updated public url matching

* fix: update testing
---
 api/.env.template                           |  2 +-
 api/src/services/user.service.ts            | 22 ++++++++++++++++-----
 api/test/unit/services/user.service.spec.ts |  4 ++++
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/api/.env.template b/api/.env.template
index ff433dfd8c..fa96fc1afd 100644
--- a/api/.env.template
+++ b/api/.env.template
@@ -31,7 +31,7 @@ TWILIO_ACCOUNT_SID=
 # account auth token for twilio
 TWILIO_AUTH_TOKEN=
 # url for the partner front end
-PARTNERS_PORTAL_URL=http://localhost:3001/
+PARTNERS_PORTAL_URL=http://localhost:3001
 # sendgrid email api key
 EMAIL_API_KEY=SG.ExampleApiKey
 # controls the repetition of the afs cron job
diff --git a/api/src/services/user.service.ts b/api/src/services/user.service.ts
index da2fcb93e3..ba3064f096 100644
--- a/api/src/services/user.service.ts
+++ b/api/src/services/user.service.ts
@@ -405,12 +405,24 @@ export class UserService {
       storedUser.userRoles?.isAdmin ||
       storedUser.userRoles?.isJurisdictionalAdmin ||
       storedUser.userRoles?.isPartner;
-    const isUserSiteMatch =
-      (isPartnerPortalUser && dto.appUrl === process.env.PARTNERS_PORTAL_URL) ||
-      (!isPartnerPortalUser &&
-        dto.appUrl === storedUser.jurisdictions?.[0]?.publicUrl);
+    const isUserSiteMatch = async () => {
+      if (isPartnerPortalUser) {
+        return dto.appUrl === process.env.PARTNERS_PORTAL_URL;
+      } else {
+        //temporary solution since users can currently log into other jurisdictions' public site
+        const juris = await this.prisma.jurisdictions.findFirst({
+          select: {
+            id: true,
+          },
+          where: {
+            publicUrl: dto.appUrl,
+          },
+        });
+        return !!juris;
+      }
+    };
     // user on wrong site, return neutral message and don't send email
-    if (!isUserSiteMatch) return { success: true };
+    if (!(await isUserSiteMatch())) return { success: true };
 
     const payload = {
       id: storedUser.id,
diff --git a/api/test/unit/services/user.service.spec.ts b/api/test/unit/services/user.service.spec.ts
index 4a6a905249..9c83d25c05 100644
--- a/api/test/unit/services/user.service.spec.ts
+++ b/api/test/unit/services/user.service.spec.ts
@@ -676,6 +676,9 @@ describe('Testing user service', () => {
         id,
         resetToken: 'example reset token',
       });
+      prisma.jurisdictions.findFirst = jest.fn().mockResolvedValue({
+        id,
+      });
       emailService.forgotPassword = jest.fn();
 
       await service.forgotPassword({ email, appUrl: 'http://localhost:3000' });
@@ -712,6 +715,7 @@ describe('Testing user service', () => {
         id,
         resetToken: 'example reset token',
       });
+      prisma.jurisdictions.findFirst = jest.fn().mockResolvedValue(null);
       emailService.forgotPassword = jest.fn();
 
       await service.forgotPassword({