From 70a6e5df543acb935deaec5b0c503e132f9240f2 Mon Sep 17 00:00:00 2001
From: Mathis <yidhra@tuta.io>
Date: Thu, 2 May 2024 16:12:21 +0200
Subject: [PATCH] refactor(controllers): enhance error handling in auth
 controller

Update error handling in `auth.controller.ts` to provide more accurate responses based on operation results. This includes rigorous checking of response types before proceeding with particular operations. Notable changes include switching from string errors to error codes, and ensuring necessary properties exist in objects before accessing them.

Issue: #19
Signed-off-by: Mathis <yidhra@tuta.io>
---
 src/controllers/auth.controller.ts | 78 ++++++++++++++++++++----------
 1 file changed, 52 insertions(+), 26 deletions(-)

diff --git a/src/controllers/auth.controller.ts b/src/controllers/auth.controller.ts
index 1da2e91..83746b4 100644
--- a/src/controllers/auth.controller.ts
+++ b/src/controllers/auth.controller.ts
@@ -123,14 +123,19 @@ async function loginUser(req: Request, res: Response): Promise<void> {
 	const LoginServiceResult = await UserService.login(loginData);
 	console.log(LoginServiceResult);
 
-	if (LoginServiceResult.error === "userNotFound") {
-		console.log("POOL");
+	if (
+		typeof LoginServiceResult !== "string" &&
+		LoginServiceResult.error === 3
+	) {
 		res.type("application/json").status(HttpStatusCode.NotFound).json({
 			error: LoginServiceResult.error,
 			message: "User not found.",
 		});
 	}
-	if (LoginServiceResult.error === "invalidPassword") {
+	if (
+		typeof LoginServiceResult !== "string" &&
+		LoginServiceResult.error === 5
+	) {
 		res.type("application/json").status(HttpStatusCode.NotAcceptable).json({
 			error: LoginServiceResult.error,
 			message: "Invalid password.",
@@ -161,13 +166,13 @@ async function getAllUsers(req: Request, res: Response) {
 			error: "You dont exist anymore",
 		});
 	}
-	if (!sourceUser.is_admin) {
+	if ("id" in sourceUser && !sourceUser.is_admin) {
 		return res.type("application/json").status(HttpStatusCode.Forbidden).json({
 			error: "Unauthorized",
 		});
 	}
 	const AllUserResponse = await UserService.getAll();
-	if (!AllUserResponse.users) {
+	if (typeof AllUserResponse === "object") {
 		return res
 			.type("application/json")
 			.status(HttpStatusCode.InternalServerError)
@@ -218,6 +223,12 @@ async function getUser(req: Request, res: Response) {
 			});
 	}
 	const userId = req.params["id"];
+	if (!userId) {
+		logger.warn(`User ID not provided (${req.ip})`);
+		return res.type("application/json").status(HttpStatusCode.BadRequest).json({
+			error: "User ID not provided",
+		});
+	}
 	const dbUser = await UserService.getFromId(userId);
 	if (!dbUser) {
 		logger.warn(`User not found (${req.ip})`);
@@ -267,7 +278,10 @@ async function editUser(req: Request, res: Response) {
 			error: "You dont exist anymore",
 		});
 	}
-	if (sourceUser.is_admin || sourceUser.id === payload.sub) {
+	if (
+		("id" in sourceUser && sourceUser.is_admin) ||
+		("id" in sourceUser && sourceUser.id === payload.sub)
+	) {
 		if (sourceUser.is_admin) {
 			logger.info(
 				`EDIT :> Source user is an admin (${sourceUser.firstname} ${sourceUser.lastname})`,
@@ -294,13 +308,19 @@ async function editUser(req: Request, res: Response) {
 			`${targetUserId}`,
 			modifiedData,
 		);
-		if (EditUserServiceResult.error === "userNotFound") {
+		if (
+			typeof EditUserServiceResult !== "boolean" &&
+			EditUserServiceResult.error === 3
+		) {
 			logger.warn(`User not found (${req.ip})`);
 			return res.type("application/json").status(404).json({
 				error: "User not found",
 			});
 		}
-		if (EditUserServiceResult.error !== "none") {
+		if (
+			typeof EditUserServiceResult !== "boolean" &&
+			EditUserServiceResult.error
+		) {
 			logger.error(`Error occurred during user edit (${req.ip})`);
 			return res.type("application/json").status(500).json({
 				error: "Internal server error",
@@ -340,7 +360,10 @@ async function deleteUser(req: Request, res: Response): Promise<Response> {
 			error: "You dont exist anymore",
 		});
 	}
-	if (sourceUser.is_admin || sourceUser.id === payload.sub) {
+	if (
+		("id" in sourceUser && sourceUser.is_admin) ||
+		("id" in sourceUser && sourceUser.id === payload.sub)
+	) {
 		const deleteUserServiceResult = await UserService.delete(`${targetUserId}`);
 		if (!deleteUserServiceResult) {
 			logger.error(`Error occurred during user delete (${req.ip})`);
@@ -368,7 +391,7 @@ async function deleteSelf(req: Request, res: Response) {
 		});
 	}
 	const payload = await JwtService.verify(bearerToken);
-	if (!payload) {
+	if (!payload || !payload.sub) {
 		logger.warn(`Unauthorized access attempt (${req.ip})`);
 		return res.type("application/json").status(401).json({
 			error: "Unauthorized",
@@ -380,17 +403,20 @@ async function deleteSelf(req: Request, res: Response) {
 			error: "You dont exist anymore",
 		});
 	}
-	if (sourceUser.id !== req.params["id"]) {
+	if ("id" in sourceUser && sourceUser.id !== req.params["id"]) {
 		return res.type("application/json").status(403).json({
 			error: "Unauthorized",
 		});
 	}
-	const deleteResult = await UserService.delete(sourceUser.id);
-	if (!deleteResult) {
-		logger.error(`Failed to delete user (${req.ip})`);
-		return res.type("application/json").status(500).json({
-			error: "Failed to delete user",
-		});
+	if ("id" in sourceUser) {
+		const deleteResult = await UserService.delete(sourceUser.id);
+
+		if (!deleteResult) {
+			logger.error(`Failed to delete user (${req.ip})`);
+			return res.type("application/json").status(500).json({
+				error: "Failed to delete user",
+			});
+		}
 	}
 	return res.type("application/json").status(200).json({
 		message: "User deleted successfully",
@@ -413,17 +439,17 @@ async function getSelf(req: Request, res: Response) {
 		});
 	}
 	const GetUserResult = await UserService.getFromId(payload.sub);
-	if (!GetUserResult) {
-		return res.type("application/json").status(404).json({
-			error: "User not found",
+	if ("id" in GetUserResult) {
+		return res.type("application/json").status(200).json({
+			id: GetUserResult.id,
+			username: GetUserResult.username,
+			firstName: GetUserResult.firstname,
+			lastName: GetUserResult.lastname,
+			isAdmin: GetUserResult.is_admin,
 		});
 	}
-	return res.type("application/json").status(200).json({
-		id: GetUserResult.id,
-		username: GetUserResult.username,
-		firstName: GetUserResult.firstname,
-		lastName: GetUserResult.firstname,
-		isAdmin: GetUserResult.firstname,
+	return res.type("application/json").status(404).json({
+		error: "User not found",
 	});
 }