Fixed server crash bug when tokens not found in db

[andram11]

Description

Fix for bug: cannot read properties of undefined when user is logged in but database re-seeded, and user is still logged in (still has access and refresh tokens) and tries to access non public endpoints.

Issue link

Fixes bug

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Feature updates / changes
• Tests
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Before fix, I log in with a user and have an access & refresh token.
If I shut down server and reseed the database, then I try to access a non public endpoint (like get forms by id) using the access & refresh token, I received an http 500 Internal Server Error. In logs there is a 'cannot read properties of undefined'(reading 'map')...After some time, when the token expires, I get the usual 403 error. This error occurs because when treating the JWT token, we were retrieving the roles of a user even though the user id no longer existed in the db (after reseed). As such, the roles were undefined which caused issues when calculating the abilities of user.
After fix, If i reseed and use old access & refresh token I just get a 403.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have updated the change log

[cherylli]

Tested manually and ran all the tests, all good.
I'm glad you figured out how to reproduce the error I've completed forgotten to put that in and I've also forgotten how to trigger the error to test it 😂

Just need a small change on the changelog, since this didn't get merged before the release.

[JoshuaHinman]

All tests passed and swagger tests worked as described - no 500s

[cherylli]

thanks!

[JoshuaHinman]

All good!

[cherylli]

@andram11 could you please resolve merge conflicts when you have a chance? Thanks!

[cherylli]

hey @andram11, I noticed from the last couple of PR the changelog entries were in the wrong place, when you resolve conflict could you please update it like below? Thanks

https://github.com/chingu-x/chingu-dashboard-be/pull/235/files#diff-06572a96a58dc510037d5efa622f9bec8519bc1beab13c9f251e97e657a9d4ed

[JoshuaHinman]

Changes look good

[cherylli]

re-approve after fixing changelog

[cherylli]

re-approve again after resolving conflicts

[cherylli]

remove all changes to the changelog, since we've stopped manually updating changing

[davideastmond]

Would it be helpful to annotate the return type of this validate method? It looks like it would be Promise<UserReq | undefined>

[jenny-alexander]

I was able to replicate issue and get a 500 response.
After checking out these changes, I ran 'npm run seed' and accessed GET endpoint /api/v1/teams, received 401 error.

@cherylli - I get 401 (unauthorized) but the PR description explicitly states getting 403 (forbidden). I approved the PR anyway since this might be a typo in the PR text itself?

[cherylli]

I was able to replicate issue and get a 500 response. After checking out these changes, I ran 'npm run seed' and accessed GET endpoint /api/v1/teams, received 401 error.

@cherylli - I get 401 (unauthorized) but the PR description explicitly states getting 403 (forbidden). I approved the PR anyway since this might be a typo in the PR text itself?

yeah 401 makes more sense since the user is not logged in. I think I got 401 too, then the user will be required to relogin in this case