From 9fde6e3a49f2c3f1ab7aa0cf1417baf6c4a7d8fb Mon Sep 17 00:00:00 2001 From: SevenWaysDP Date: Wed, 25 Sep 2024 11:54:32 +0200 Subject: [PATCH 1/2] BC-8054 - fix log of email from user --- .../src/modules/account/domain/services/account.service.ts | 7 ++++--- src/middleware/errorHandler.js | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/apps/server/src/modules/account/domain/services/account.service.ts b/apps/server/src/modules/account/domain/services/account.service.ts index 1bf1cbe2e02..ed857beaa73 100644 --- a/apps/server/src/modules/account/domain/services/account.service.ts +++ b/apps/server/src/modules/account/domain/services/account.service.ts @@ -196,6 +196,7 @@ export class AccountService extends AbstractAccountService implements DeletionSe } public async replaceMyTemporaryPassword(userId: EntityId, password: string, confirmPassword: string): Promise { + console.log(userId); if (password !== confirmPassword) { throw new ForbiddenOperationError('Password and confirm password do not match.'); } @@ -211,17 +212,17 @@ export class AccountService extends AbstractAccountService implements DeletionSe const firstLoginPassed = userPreferences ? userPreferences.firstLogin : false; if (!user.forcePasswordChange && firstLoginPassed) { - throw new ForbiddenOperationError('The password is not temporary, hence can not be changed.'); + throw new ForbiddenOperationError('The password is not temporary, hence can not be changed.', { userId }); } // Password change was forces or this is a first logon for the user const account: Account = await this.findByUserIdOrFail(userId); if (account.systemId) { - throw new ForbiddenOperationError('External account details can not be changed.'); + throw new ForbiddenOperationError('External account details can not be changed.', { userId }); } if (await this.validatePassword(account, password)) { - throw new ForbiddenOperationError('New password can not be same as old password.'); + throw new ForbiddenOperationError('New password can not be same as old password.', { userId }); } try { diff --git a/src/middleware/errorHandler.js b/src/middleware/errorHandler.js index 463e924ee98..abf01a5803d 100644 --- a/src/middleware/errorHandler.js +++ b/src/middleware/errorHandler.js @@ -126,6 +126,7 @@ const secretDataKeys = (() => '_csrf', 'searchUserPassword', 'authorization', + 'student-email', ].map((k) => k.toLocaleLowerCase()))(); const filterSecretValue = (key, value) => { From a0997723563fb7287f478ffc1353844b28244518 Mon Sep 17 00:00:00 2001 From: SevenWaysDP Date: Wed, 25 Sep 2024 12:09:53 +0200 Subject: [PATCH 2/2] fixup! BC-8054 - fix log of email from user --- .../src/modules/account/domain/services/account.service.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/server/src/modules/account/domain/services/account.service.ts b/apps/server/src/modules/account/domain/services/account.service.ts index ed857beaa73..67ed50641ce 100644 --- a/apps/server/src/modules/account/domain/services/account.service.ts +++ b/apps/server/src/modules/account/domain/services/account.service.ts @@ -196,7 +196,6 @@ export class AccountService extends AbstractAccountService implements DeletionSe } public async replaceMyTemporaryPassword(userId: EntityId, password: string, confirmPassword: string): Promise { - console.log(userId); if (password !== confirmPassword) { throw new ForbiddenOperationError('Password and confirm password do not match.'); }