From 8d62b070cbcd1bc435194ad527cdb85da6e6fddb Mon Sep 17 00:00:00 2001
From: Markus Glutting <markus.glutting@student.htw-berlin.de>
Date: Mon, 31 May 2021 11:11:55 +0200
Subject: [PATCH 1/2] Do not read user password from DB closes #232

---
 .../server/templates/server/src/domain/user.entity.ts.ejs      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/generators/server/templates/server/src/domain/user.entity.ts.ejs b/generators/server/templates/server/src/domain/user.entity.ts.ejs
index 4c3fd1d0..fb72dfa8 100644
--- a/generators/server/templates/server/src/domain/user.entity.ts.ejs
+++ b/generators/server/templates/server/src/domain/user.entity.ts.ejs
@@ -35,7 +35,8 @@ export class User extends BaseEntity {
       algorithm: 'aes-256-cbc',
       ivLength: 16,
       iv: config.get('crypto.iv')
-    })
+    }),
+    select: false
   })
   password: string;
   @Column({ nullable: true })

From 9ecf3543e14b9ff8457b0f8bbb1709a2a57a330e Mon Sep 17 00:00:00 2001
From: Markus Glutting <markus.glutting@student.htw-berlin.de>
Date: Tue, 1 Jun 2021 10:06:10 +0200
Subject: [PATCH 2/2] Fix changePassword feature and integration tests

---
 .../templates/server/e2e/account.e2e-spec.ts.ejs    | 13 +++++++++++--
 .../templates/server/e2e/user.e2e-spec.ts.ejs       |  4 +++-
 .../server/src/service/auth.service.ts.ejs          |  2 +-
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/generators/server/templates/server/e2e/account.e2e-spec.ts.ejs b/generators/server/templates/server/e2e/account.e2e-spec.ts.ejs
index 30e7cf74..1f00db8f 100644
--- a/generators/server/templates/server/e2e/account.e2e-spec.ts.ejs
+++ b/generators/server/templates/server/e2e/account.e2e-spec.ts.ejs
@@ -7,10 +7,12 @@ import { RolesGuard } from '../src/security/guards/roles.guard';
 import { UserDTO } from '../src/service/dto/user.dto';
 import { UserService } from '../src/service/user.service';
 import { PasswordChangeDTO } from '../src/service/dto/password-change.dto';
+import { AuthService } from '../src/service/auth.service';
 
 describe('Account', () => {
     let app: INestApplication;
     let service: UserService;
+    let authService: AuthService;
 
     const testUserDTO: UserDTO = {
         login: 'userTestLogin',
@@ -23,6 +25,7 @@ describe('Account', () => {
         login: 'userlogged',
         email: 'userlogged@localhost.it',
         password: 'userloggedPassword',
+        activated: true
     };
 
     const testPasswordChange: PasswordChangeDTO = {
@@ -55,6 +58,7 @@ describe('Account', () => {
         app = moduleFixture.createNestApplication();
         await app.init();
         service = moduleFixture.get<UserService>(UserService);
+        authService = moduleFixture.get<AuthService>(AuthService);
         userAuthenticated = await service.save(testUserAuthenticated);
     });
 
@@ -127,8 +131,13 @@ describe('Account', () => {
             .send(testPasswordChange)
             .expect(201);
 
-        const updatedUserPassword: UserDTO = await service.findByfields({ where: { login: testUserAuthenticated.login } });
-        expect(updatedUserPassword.password).toEqual(testPasswordChange.newPassword);
+        const successFullyLoggedInWithNewPassword = await authService.login(
+            {
+                username: testUserAuthenticated.login,
+                password: testPasswordChange.newPassword
+            }).then(() => true, () => false);
+
+        expect(successFullyLoggedInWithNewPassword).toEqual(true);
     });
 
     it('/POST reset password init', async () => {
diff --git a/generators/server/templates/server/e2e/user.e2e-spec.ts.ejs b/generators/server/templates/server/e2e/user.e2e-spec.ts.ejs
index 2573800d..e7980011 100644
--- a/generators/server/templates/server/e2e/user.e2e-spec.ts.ejs
+++ b/generators/server/templates/server/e2e/user.e2e-spec.ts.ejs
@@ -86,6 +86,8 @@ describe('User', () => {
     it('/GET user with a login name', async () => {
         testUserDTO.login = 'TestUserGet';
         const savedUser: UserDTO = await service.save(testUserDTO);
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        const { password, ...savedUserWithoutPassword } = savedUser;
 
         const getUser: UserDTO = (
             await request(app.getHttpServer())
@@ -94,7 +96,7 @@ describe('User', () => {
         ).body;
 
         <%_ if (databaseType !== 'mongodb') { _%>
-        expect(getUser).toEqual(savedUser);
+        expect(getUser).toEqual(savedUserWithoutPassword);
         <%_ } else { _%>
         expect(getUser.login).toEqual(savedUser.login);
         <%_ } _%>
diff --git a/generators/server/templates/server/src/service/auth.service.ts.ejs b/generators/server/templates/server/src/service/auth.service.ts.ejs
index 54f95797..6ca5edc4 100644
--- a/generators/server/templates/server/src/service/auth.service.ts.ejs
+++ b/generators/server/templates/server/src/service/auth.service.ts.ejs
@@ -73,7 +73,7 @@ export class AuthService {
   }
 
   async changePassword(userLogin: string, currentClearTextPassword: string, newPassword: string): Promise<void> {
-    const userFind: UserDTO = await this.userService.findByfields({ where: { login: userLogin } });
+    const userFind: UserDTO = await this.userService.findByfields({ where: { login: userLogin }, select: [ 'id', 'password' ] });
     if (!userFind) {
         throw new HttpException('Invalid login name!', HttpStatus.BAD_REQUEST);
     }