From 6cd13d03c1ebc91e2be49a9d8ffd4243ff289756 Mon Sep 17 00:00:00 2001 From: Jiayee Lim Date: Mon, 10 May 2021 19:41:53 +0800 Subject: [PATCH 1/5] feat: store only user ID in session --- src/app/modules/auth/auth.controller.ts | 9 ++++----- src/types/vendor/express.d.ts | 4 ++-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/app/modules/auth/auth.controller.ts b/src/app/modules/auth/auth.controller.ts index d649f9a95b..a3efb10007 100644 --- a/src/app/modules/auth/auth.controller.ts +++ b/src/app/modules/auth/auth.controller.ts @@ -159,16 +159,15 @@ export const handleLoginVerifyOtp: RequestHandler< .json(coreErrorMessage) } - // TODO(#212): Should store only userId in session. // Add user info to session. - const userObj = user.toObject() as SessionUser - req.session.user = userObj + const { _id } = user.toObject() as SessionUser + req.session.user = { _id } logger.info({ - message: `Successfully logged in user ${user.email}`, + message: `Successfully logged in user ${user}`, meta: logMeta, }) - return res.status(StatusCodes.OK).json(userObj) + return res.status(StatusCodes.OK).json(user) }) // Step 3b: Error occured in one of the steps. .mapErr((error) => { diff --git a/src/types/vendor/express.d.ts b/src/types/vendor/express.d.ts index eab0c7af59..4ef1e09a9e 100644 --- a/src/types/vendor/express.d.ts +++ b/src/types/vendor/express.d.ts @@ -7,11 +7,11 @@ declare global { } export interface Session { - user?: IUserSchema + user?: IUserSchema['_id'] } export interface AuthedSession extends Session { - user: IUserSchema + user: IUserSchema['_id'] } } } From 27e34d304cff7a942783c1caaca5fe33684a5b7d Mon Sep 17 00:00:00 2001 From: Jiayee Lim Date: Tue, 25 May 2021 21:09:37 +0800 Subject: [PATCH 2/5] fix: fix test breakage --- src/app/modules/auth/__tests__/auth.controller.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app/modules/auth/__tests__/auth.controller.spec.ts b/src/app/modules/auth/__tests__/auth.controller.spec.ts index 94f7d8fe05..b75a6d001d 100644 --- a/src/app/modules/auth/__tests__/auth.controller.spec.ts +++ b/src/app/modules/auth/__tests__/auth.controller.spec.ts @@ -187,7 +187,7 @@ describe('auth.controller', () => { // Assert expect(mockRes.status).toBeCalledWith(200) - expect(mockRes.json).toBeCalledWith(mockUser.toObject()) + expect(mockRes.json).toBeCalledWith(mockUser) }) it('should return 401 when retrieving agency returns InvalidDomainError', async () => { From bbf665196363e742a48d1b9f2edfa4d7d52739ea Mon Sep 17 00:00:00 2001 From: Jiayee Lim Date: Mon, 7 Jun 2021 08:43:59 +0800 Subject: [PATCH 3/5] fix: update schema correctly --- src/app/modules/auth/auth.controller.ts | 2 +- src/types/vendor/express.d.ts | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/app/modules/auth/auth.controller.ts b/src/app/modules/auth/auth.controller.ts index a3efb10007..cacb1469b9 100644 --- a/src/app/modules/auth/auth.controller.ts +++ b/src/app/modules/auth/auth.controller.ts @@ -163,7 +163,7 @@ export const handleLoginVerifyOtp: RequestHandler< const { _id } = user.toObject() as SessionUser req.session.user = { _id } logger.info({ - message: `Successfully logged in user ${user}`, + message: `Successfully logged in user ${user._id}`, meta: logMeta, }) diff --git a/src/types/vendor/express.d.ts b/src/types/vendor/express.d.ts index 4ef1e09a9e..64ad20ce90 100644 --- a/src/types/vendor/express.d.ts +++ b/src/types/vendor/express.d.ts @@ -7,11 +7,15 @@ declare global { } export interface Session { - user?: IUserSchema['_id'] + user?: { + _id: IUserSchema['_id'] + } } export interface AuthedSession extends Session { - user: IUserSchema['_id'] + user: { + _id: IUserSchema['_id'] + } } } } From af76823cf6d4e2cefaef33f799f583bed9fb6032 Mon Sep 17 00:00:00 2001 From: Jiayee Lim Date: Tue, 8 Jun 2021 18:34:15 +0800 Subject: [PATCH 4/5] chore: remove TODO because done --- src/app/modules/auth/auth.utils.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/app/modules/auth/auth.utils.ts b/src/app/modules/auth/auth.utils.ts index b6de7e1d51..829cb8d7f3 100644 --- a/src/app/modules/auth/auth.utils.ts +++ b/src/app/modules/auth/auth.utils.ts @@ -57,7 +57,6 @@ export const isUserInSession = ( return !!session?.user?._id } -// TODO(#212): Save userId instead of entire user collection in session. export const getUserIdFromSession = ( session?: Express.Session, ): string | undefined => { From f842a7e1bc261417ae9d2dbedfbde23b9417d2b0 Mon Sep 17 00:00:00 2001 From: Kar Rui Lau Date: Wed, 9 Jun 2021 10:38:47 +0800 Subject: [PATCH 5/5] fix: update login logger to reference sessionUser._id instead of email email is now removed from the logged in user --- src/app/modules/billing/billing.controller.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app/modules/billing/billing.controller.ts b/src/app/modules/billing/billing.controller.ts index 2d2886501c..d191cd6855 100644 --- a/src/app/modules/billing/billing.controller.ts +++ b/src/app/modules/billing/billing.controller.ts @@ -56,7 +56,7 @@ export const handleGetBillInfo: RequestHandler< // Retrieved login stats successfully. logger.info({ - message: `Billing search for ${esrvcId} by ${authedUser.email}`, + message: `Billing search for ${esrvcId} by ${authedUser._id}`, meta: { action: 'handleGetBillInfo', ...createReqMeta(req),