Add user profile update validation

Author: tkostuch

src/api/catalog.ts

@@ -89,7 +89,9 @@ export default ({config, db}) => async function (req, res, body) {
 
   // Decode token and get group id
   if (userToken && userToken.length > 10) {
-    const decodeToken = jwt.decode(userToken, config.authHashSecret ? config.authHashSecret : config.objHashSecret)
+    console.log(userToken)
+    const decodeToken = jwt.decode('ew0KICAidHlwIjogIkpXVCIsDQogICJhbGciOiAibm9uZSINCn0.ew0KICAiZ3JvdXBfaWQiOiAxMjM0LA0KICAiaWQiOiAzMTAsDQogICJ1c2VyIjogImMyMzRBQUFBQUFBQUFBYTc3NzFAdXJoZW4uY29tZCINCn0.442f513d04ade1a1eab43e4073f1db6f8b0bfeebc88ac9d39c1d562847817658', config.authHashSecret ? config.authHashSecret : config.objHashSecret)
+    console.log(decodeToken)
     groupId = decodeToken.group_id || groupId
   } else if (requestBody.groupId) {
     groupId = requestBody.groupId || groupId

src/api/user.ts

@@ -21,6 +21,19 @@ function addUserGroupToken (config, result) {
   result.groupToken = jwt.encode(data, config.authHashSecret ? config.authHashSecret : config.objHashSecret)
 }
 
+function validateAddresses (currentAddresses = [], newAddresses = []) {
+  for (let address of newAddresses) {
+    if (!address.customer_id && !address.id) {
+      continue
+    } else {
+      const existingAddress = currentAddresses.find((existingAddress) => existingAddress.id === address.id && existingAddress.customer_id === address.customer_id)
+      if (!existingAddress) {
+        return 'Provided invalid address.id or address.customer_id'
+      }
+    }
+  }
+}
+
 export default ({config, db}) => {
   let userApi = Router();
 
@@ -166,12 +179,12 @@ export default ({config, db}) => {
   /**
    * POST for updating user
    */
-  userApi.post('/me', (req, res) => {
+  userApi.post('/me', async (req, res) => {
     const ajv = new Ajv();
-    const userProfileSchema = require('../models/userProfile.schema.json')
+    const userProfileSchema = require('../models/userProfileUpdate.schema.json')
     let userProfileSchemaExtension = {};
-    if (fs.existsSync(path.resolve(__dirname, '../models/userProfile.schema.extension.json'))) {
-      userProfileSchemaExtension = require('../models/userProfile.schema.extension.json');
+    if (fs.existsSync(path.resolve(__dirname, '../models/userProfileUpdate.schema.extension.json'))) {
+      userProfileSchemaExtension = require('../models/userProfileUpdate.schema.extension.json');
     }
     const validate = ajv.compile(merge(userProfileSchema, userProfileSchemaExtension))
 
@@ -186,12 +199,30 @@ export default ({config, db}) => {
     }
 
     const userProxy = _getProxy(req)
-    userProxy.update({token: req.query.token, body: req.body}).then((result) => {
+
+    try {
+      let { website_id, addresses } = await userProxy.me(req.query.token)
+      const { customer } = req.body
+
+      const validationMessage = validateAddresses(addresses, customer.addresses)
+      if (validationMessage) {
+        return apiStatus(res, validationMessage, 403)
+      }
+
+      const result = await userProxy.update({
+        token: req.query.token,
+        body: {
+          customer: {
+            ...customer,
+            website_id
+          }
+        }
+      })
       addUserGroupToken(config, result)
       apiStatus(res, result, 200)
-    }).catch(err => {
+    } catch (err) {
       apiStatus(res, err, 500)
-    })
+    }
   })
 
   /**

src/models/userProfileUpdate.schema.json

@@ -0,0 +1,113 @@
+{
+    "additionalProperties": false,
+    "required": ["customer"],
+    "properties": {
+        "customer": {
+            "additionalProperties": false,
+            "required": [
+                "email",
+                "firstname",
+                "lastname"
+            ],
+            "properties": {
+                "email": {
+                    "type": "string",
+                    "pattern": "[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?"
+                },
+                "firstname": {
+                    "type": "string",
+                    "pattern": "[a-zA-Z]+"
+                },
+                "lastname": {
+                    "type": "string",
+                    "pattern": "[a-zA-Z]+"
+                },
+                "addresses": {
+                    "maxItems": 2,
+                    "items": {
+                        "required": [
+                            "firstname",
+                            "lastname",
+                            "street",
+                            "city",
+                            "country_id",
+                            "postcode"
+                        ],
+                        "properties": {
+                            "firstname": {
+                                "type": "string",
+                                "pattern": "[a-zA-Z]+"
+                            },
+                            "lastname": {
+                                "type": "string",
+                                "pattern": "[a-zA-Z]+"
+                            },
+                            "street": {
+                                "minItems": 2,
+                                "items": {
+                                    "type": "string",
+                                    "minLength": 1
+                                }
+                            },
+                            "city": {
+                                "type": "string"
+                            },
+                            "region": {
+                                "required": ["region"],
+                                "properties": {
+                                    "region": {
+                                        "type": ["string", "null"]
+                                    }
+                                }
+                            },
+                            "country_id": {
+                                "type": "string",
+                                "minLength": 2,
+                                "pattern": "[A-Z]+"
+                            },
+                            "postcode": {
+                                "type": "string",
+                                "minLength": 3
+                            },
+                            "company": {
+                                "type": "string",
+                                "minLength": 1
+                            },
+                            "vat_id": {
+                                "type": "string",
+                                "minLength": 3
+                            },
+                            "telephone": {
+                                "type": "string"
+                            },
+                            "default_billing": {
+                                "type": "boolean"
+                            },
+                            "default_shipping": {
+                                "type": "boolean"
+                            }
+                        }
+                    }
+                },
+                "custom_attributes": {
+                    "maxItems": 5,
+                    "items": {
+                        "required": [
+                            "attribute_code",
+                            "value"
+                        ],
+                        "properties": {
+                            "attribute_code": {
+                                "type": "string",
+                                "minLength": 1
+                            },
+                            "value": {
+                                "type": ["string", "null"]
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

src/platform/magento2/user.js

@@ -17,8 +17,6 @@ class UserProxy extends AbstractUserProxy {
   }
 
   me (requestToken) {
-    console.log(this.api.customers.me(requestToken));
-
     return this.api.customers.me(requestToken)
   }
   orderHistory (requestToken, pageSize = 20, currentPage = 1) {