feat: endpoint for updating users profile details

Author: eleanorreem

src/auth/auth.service.ts

@@ -73,6 +73,44 @@ export class AuthService {
     }
   }
 
+  public async updateFirebaseUserEmail(firebaseUid: string, newEmail: string) {
+    try {
+      const firebaseUser = await this.firebase.admin.auth().updateUser(firebaseUid, {
+        email: newEmail,
+      });
+      return firebaseUser;
+    } catch (err) {
+      const errorCode = err.code;
+
+      if (errorCode === 'auth/invalid-email') {
+        this.logger.warn({
+          error: FIREBASE_ERRORS.UPDATE_USER_INVALID_EMAIL,
+          status: HttpStatus.BAD_REQUEST,
+        });
+        throw new HttpException(FIREBASE_ERRORS.UPDATE_USER_INVALID_EMAIL, HttpStatus.BAD_REQUEST);
+      } else if (
+        errorCode === 'auth/email-already-in-use' ||
+        errorCode === 'auth/email-already-exists'
+      ) {
+        this.logger.warn({
+          error: FIREBASE_ERRORS.UPDATE_USER_ALREADY_EXISTS,
+          status: HttpStatus.BAD_REQUEST,
+        });
+        throw new HttpException(FIREBASE_ERRORS.UPDATE_USER_ALREADY_EXISTS, HttpStatus.BAD_REQUEST);
+      } else {
+        this.logger.warn({
+          error: FIREBASE_ERRORS.UPDATE_USER_FIREBASE_ERROR,
+          errorMessage: errorCode,
+          status: HttpStatus.INTERNAL_SERVER_ERROR,
+        });
+        throw new HttpException(
+          FIREBASE_ERRORS.CREATE_USER_FIREBASE_ERROR,
+          HttpStatus.INTERNAL_SERVER_ERROR,
+        );
+      }
+    }
+  }
+
   public async getFirebaseUser(email: string) {
     const firebaseUser = await this.firebase.admin.auth().getUserByEmail(email);
     return firebaseUser;

src/firebase/firebase-auth.guard.ts

@@ -8,13 +8,8 @@ import {
   UnauthorizedException,
 } from '@nestjs/common';
 import { Request } from 'express';
-import {
-  AUTH_GUARD_MISSING_HEADER,
-  AUTH_GUARD_PARSING_ERROR,
-  AUTH_GUARD_TOKEN_EXPIRED,
-  AUTH_GUARD_USER_NOT_FOUND,
-} from 'src/logger/constants';
-import { FIREBASE_ERRORS } from 'src/utils/errors';
+
+import { AUTH_GUARD_ERRORS, FIREBASE_ERRORS } from 'src/utils/errors';
 import { AuthService } from '../auth/auth.service';
 import { UserService } from '../user/user.service';
 import { IFirebaseUser } from './firebase-user.interface';
@@ -35,7 +30,7 @@ export class FirebaseAuthGuard implements CanActivate {
 
     if (!authorization) {
       this.logger.warn({
-        error: AUTH_GUARD_MISSING_HEADER,
+        error: AUTH_GUARD_ERRORS.MISSING_HEADER,
         errorMessage: `FirebaseAuthGuard: Authorisation failed for ${request.originalUrl}`,
       });
       throw new UnauthorizedException('Unauthorized: missing required Authorization token');
@@ -47,14 +42,14 @@ export class FirebaseAuthGuard implements CanActivate {
     } catch (error) {
       if (error.code === 'auth/id-token-expired') {
         this.logger.warn({
-          error: AUTH_GUARD_TOKEN_EXPIRED,
+          error: AUTH_GUARD_ERRORS.TOKEN_EXPIRED,
           errorMessage: `FireabaseAuthGuard: Authorisation failed for ${request.originalUrl}`,
           status: HttpStatus.UNAUTHORIZED,
         });
         throw new HttpException(FIREBASE_ERRORS.ID_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED);
       }
       this.logger.warn({
-        error: AUTH_GUARD_PARSING_ERROR,
+        error: AUTH_GUARD_ERRORS.PARSING_ERROR,
         errorMessage: `FirebaseAuthGuard: Authorisation failed for ${request.originalUrl}`,
         status: HttpStatus.INTERNAL_SERVER_ERROR,
       });
@@ -74,7 +69,7 @@ export class FirebaseAuthGuard implements CanActivate {
     } catch (error) {
       if (error.message === 'USER NOT FOUND') {
         this.logger.warn({
-          error: AUTH_GUARD_USER_NOT_FOUND,
+          error: AUTH_GUARD_ERRORS.USER_NOT_FOUND,
           errorMessage: `FirebaseAuthGuard: Authorisation failed for ${request.originalUrl}`,
           status: HttpStatus.INTERNAL_SERVER_ERROR,
         });

src/logger/constants.ts

@@ -9,12 +9,7 @@ import {
 import { InjectRepository } from '@nestjs/typeorm';
 import { Request } from 'express';
 import { UserEntity } from 'src/entities/user.entity';
-import {
-  AUTH_GUARD_MISSING_HEADER,
-  AUTH_GUARD_PARSING_ERROR,
-  AUTH_GUARD_TOKEN_EXPIRED,
-} from 'src/logger/constants';
-import { FIREBASE_ERRORS } from 'src/utils/errors';
+import { AUTH_GUARD_ERRORS } from 'src/utils/errors';
 import { Repository } from 'typeorm';
 import { AuthService } from '../auth/auth.service';
 
@@ -32,7 +27,7 @@ export class PartnerAdminAuthGuard implements CanActivate {
     const { authorization } = request.headers;
     if (!authorization) {
       this.logger.warn({
-        error: AUTH_GUARD_MISSING_HEADER,
+        error: AUTH_GUARD_ERRORS.MISSING_HEADER,
         errorMessage: `PartnerAdminAuthGuard: Authorisation failed for ${request.originalUrl}`,
       });
       return false;
@@ -45,14 +40,14 @@ export class PartnerAdminAuthGuard implements CanActivate {
     } catch (error) {
       if (error.code === 'auth/id-token-expired') {
         this.logger.warn({
-          error: AUTH_GUARD_TOKEN_EXPIRED,
+          error: AUTH_GUARD_ERRORS.TOKEN_EXPIRED,
           errorMessage: `PartnerAdminAuthGuard: Authorisation failed for ${request.originalUrl}`,
         });
-        throw new HttpException(FIREBASE_ERRORS.ID_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED);
+        throw new HttpException(AUTH_GUARD_ERRORS.TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED);
       }
 
       this.logger.warn({
-        error: AUTH_GUARD_PARSING_ERROR,
+        error: AUTH_GUARD_ERRORS.PARSING_ERROR,
         errorMessage: `PartnerAdminAuthGuard: Authorisation failed for ${request.originalUrl}`,
       });
 

src/partner-admin/partner-admin-auth.guard.ts

@@ -9,8 +9,7 @@ import {
 import { InjectRepository } from '@nestjs/typeorm';
 import { Request } from 'express';
 import { UserEntity } from 'src/entities/user.entity';
-import { AUTH_GUARD_PARSING_ERROR, AUTH_GUARD_TOKEN_EXPIRED } from 'src/logger/constants';
-import { FIREBASE_ERRORS } from 'src/utils/errors';
+import { AUTH_GUARD_ERRORS, FIREBASE_ERRORS } from 'src/utils/errors';
 import { Repository } from 'typeorm';
 import { AuthService } from '../auth/auth.service';
 
@@ -41,14 +40,16 @@ export class SuperAdminAuthGuard implements CanActivate {
     } catch (error) {
       if (error.code === 'auth/id-token-expired') {
         this.logger.warn({
-          error: AUTH_GUARD_TOKEN_EXPIRED,
+          error: AUTH_GUARD_ERRORS.TOKEN_EXPIRED,
           errorMessage: `Authorisation failed for ${request.originalUrl}`,
+          status: HttpStatus.UNAUTHORIZED,
         });
         throw new HttpException(FIREBASE_ERRORS.ID_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED);
       }
       this.logger.warn({
-        error: AUTH_GUARD_PARSING_ERROR,
+        error: AUTH_GUARD_ERRORS.PARSING_ERROR,
         errorMessage: `Authorisation failed for ${request.originalUrl}`,
+        status: HttpStatus.INTERNAL_SERVER_ERROR,
       });
       throw new HttpException(
         `SuperAdminAuthGuard - Error parsing firebase user: ${error}`,

src/partner-admin/super-admin-auth.guard.ts

@@ -1,5 +1,5 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { IsBoolean, IsDate, IsOptional, IsString } from 'class-validator';
+import { IsBoolean, IsDate, IsEmail, IsOptional, IsString } from 'class-validator';
 import { EMAIL_REMINDERS_FREQUENCY } from '../../utils/constants';
 
 export class UpdateUserDto {
@@ -32,4 +32,9 @@ export class UpdateUserDto {
   @IsOptional()
   @ApiProperty({ type: 'date' })
   lastActiveAt: Date;
+
+  @IsEmail({})
+  @IsOptional()
+  @ApiProperty({ type: 'email' })
+  email: string;
 }

src/user/dtos/update-user.dto.ts

@@ -46,7 +46,7 @@ export class UserController {
   @UseGuards(FirebaseAuthGuard)
   async getUserByFirebaseId(@Req() req: Request): Promise<GetUserDto> {
     const user = req['user'];
-    this.userService.updateUser({ lastActiveAt: new Date() }, user);
+    this.userService.updateUser({ lastActiveAt: new Date() }, user.id);
     return user;
   }
 
@@ -100,7 +100,14 @@ export class UserController {
   @Patch()
   @UseGuards(FirebaseAuthGuard)
   async updateUser(@Body() updateUserDto: UpdateUserDto, @Req() req: Request) {
-    return await this.userService.updateUser(updateUserDto, req['user'] as GetUserDto);
+    return await this.userService.updateUser(updateUserDto, req['user'].user.id);
+  }
+
+  @ApiBearerAuth()
+  @Patch('/admin/:id')
+  @UseGuards(SuperAdminAuthGuard)
+  async adminUpdateUser(@Param() { id }, @Body() updateUserDto: UpdateUserDto) {
+    return await this.userService.updateUser(updateUserDto, id);
   }
 
   @ApiBearerAuth()

src/user/user.controller.ts

@@ -48,6 +48,7 @@ const updateUserDto: Partial<UpdateUserDto> = {
   contactPermission: true,
   serviceEmailsPermission: false,
   signUpLanguage: 'en',
+  email: '[email protected]',
 };
 
 const mockSubscriptionUserServiceMethods = {};
@@ -279,26 +280,31 @@ describe('UserService', () => {
   describe('updateUser', () => {
     it('when supplied a firebase user dto, it should return a user', async () => {
       const repoSaveSpy = jest.spyOn(repo, 'save');
+      const authServiceUpdateEmailSpy = jest.spyOn(mockAuthService, 'updateFirebaseUserEmail');
 
-      const user = await service.updateUser(updateUserDto, { user: mockUserEntity });
-      expect(user.name).toBe('new name');
-      expect(user.email).toBe('[email protected]');
+      const user = await service.updateUser(updateUserDto, mockUserEntity.id);
+      expect(user.name).toBe(updateUserDto.name);
+      expect(user.email).toBe(updateUserDto.email);
       expect(user.contactPermission).toBe(true);
       expect(user.serviceEmailsPermission).toBe(false);
 
       expect(repoSaveSpy).toHaveBeenCalledWith({ ...mockUserEntity, ...updateUserDto });
       expect(repoSaveSpy).toHaveBeenCalled();
+      expect(authServiceUpdateEmailSpy).toHaveBeenCalledWith(
+        mockUserEntity.firebaseUid,
+        updateUserDto.email,
+      );
     });
 
     it('should not fail update on crisp api call errors', async () => {
       const mocked = jest.mocked(updateCrispProfile);
       mocked.mockRejectedValue(new Error('Crisp API call failed'));
 
-      const user = await service.updateUser(updateUserDto, { user: mockUserEntity });
+      const user = await service.updateUser(updateUserDto, mockUserEntity.id);
       await new Promise(process.nextTick); // wait for async funcs to resolve
       expect(mocked).toHaveBeenCalled();
-      expect(user.name).toBe('new name');
-      expect(user.email).toBe('[email protected]');
+      expect(user.name).toBe(updateUserDto.name);
+      expect(user.email).toBe(updateUserDto.email);
 
       mocked.mockReset();
     });
@@ -307,11 +313,11 @@ describe('UserService', () => {
       const mocked = jest.mocked(updateMailchimpProfile);
       mocked.mockRejectedValue(new Error('Mailchimp API call failed'));
 
-      const user = await service.updateUser(updateUserDto, { user: mockUserEntity });
+      const user = await service.updateUser(updateUserDto, mockUserEntity.id);
       await new Promise(process.nextTick); // wait for async funcs to resolve
       expect(mocked).toHaveBeenCalled();
-      expect(user.name).toBe('new name');
-      expect(user.email).toBe('[email protected]');
+      expect(user.name).toBe(updateUserDto.name);
+      expect(user.email).toBe(updateUserDto.email);
 
       mocked.mockReset();
     });

src/user/user.service.spec.ts

@@ -10,6 +10,7 @@ import { SubscriptionUserService } from 'src/subscription-user/subscription-user
 import { TherapySessionService } from 'src/therapy-session/therapy-session.service';
 import { SIGNUP_TYPE } from 'src/utils/constants';
 import { FIREBASE_ERRORS } from 'src/utils/errors';
+import { FIREBASE_EVENTS } from 'src/utils/logs';
 import {
   createServiceUserProfiles,
   updateServiceUserProfilesUser,
@@ -191,12 +192,27 @@ export class UserService {
     return await this.deleteUser(user);
   }
 
-  public async updateUser(updateUserDto: Partial<UpdateUserDto>, { user: { id } }: GetUserDto) {
-    const user = await this.userRepository.findOneBy({ id });
+  public async updateUser(updateUserDto: Partial<UpdateUserDto>, userId: string) {
+    const user = await this.userRepository.findOneBy({ id: userId });
 
     if (!user) {
       throw new HttpException('USER NOT FOUND', HttpStatus.NOT_FOUND);
     }
+
+    if (updateUserDto.email) {
+      // check whether email has been updated already in firebase
+      const firebaseUser = await this.authService.getFirebaseUser(user.email);
+      if (firebaseUser.email !== updateUserDto.email) {
+        await this.authService.updateFirebaseUserEmail(user.firebaseUid, updateUserDto.email);
+        this.logger.log({ event: FIREBASE_EVENTS.UPDATE_FIREBASE_USER_EMAIL, userId: user.id });
+      } else {
+        this.logger.log({
+          event: FIREBASE_EVENTS.UPDATE_FIREBASE_EMAIL_ALREADY_UPDATED,
+          userId: user.id,
+        });
+      }
+    }
+
     const newUserData: UserEntity = {
       ...user,
       ...updateUserDto,

src/user/user.service.ts

@@ -7,4 +7,15 @@ export enum FIREBASE_ERRORS {
   CREATE_USER_WEAK_PASSWORD = 'CREATE_USER_WEAK_PASSWORD',
   CREATE_USER_ALREADY_EXISTS = 'CREATE_USER_ALREADY_EXISTS',
   ID_TOKEN_EXPIRED = 'ID_TOKEN_EXPIRED',
+  UPDATE_USER_INVALID_EMAIL = 'UPDATE_USER_INVALID_EMAIL',
+  UPDATE_USER_WEAK_PASSWORD = 'UPDATE_USER_WEAK_PASSWORD',
+  UPDATE_USER_ALREADY_EXISTS = 'UPDATE_USER_ALREADY_EXISTS',
+  UPDATE_USER_FIREBASE_ERROR = 'UPDATE_USER_FIREBASE_ERROR',
+}
+
+export enum AUTH_GUARD_ERRORS {
+  TOKEN_EXPIRED = 'TOKEN_EXPIRED',
+  PARSING_ERROR = 'PARSING_ERROR',
+  MISSING_HEADER = 'MISSING_HEADER',
+  USER_NOT_FOUND = 'USER_NOT_FOUND',
 }

src/utils/errors.ts

@@ -0,0 +1,4 @@
+export enum FIREBASE_EVENTS {
+  UPDATE_FIREBASE_USER_EMAIL = 'UPDATE_FIREBASE_USER_EMAIL',
+  UPDATE_FIREBASE_EMAIL_ALREADY_UPDATED = 'UPDATE_FIREBASE_EMAIL_ALREADY_UPDATED',
+}