feat: delete workspace member (#987)

* add delete user endpoint (server) * delete user (UI) * prevent token generation * more checks
2025-11-24 06:01:28 +10:00 · 2025-04-07 19:26:03 +01:00
parent 3559358d14
commit 7431804a46
15 changed files with 250 additions and 23 deletions
--- a/apps/server/src/core/auth/services/auth.service.ts
+++ b/apps/server/src/core/auth/services/auth.service.ts
@ -43,18 +43,16 @@ export class AuthService {
  ) {}

  async login(loginDto: LoginDto, workspaceId: string) {
-    const user = await this.userRepo.findByEmail(
-      loginDto.email,
-      workspaceId,
-      {
-        includePassword: true
-      }
+    const user = await this.userRepo.findByEmail(loginDto.email, workspaceId, {
+      includePassword: true,
+    });
+
+    const isPasswordMatch = await comparePasswordHash(
+      loginDto.password,
+      user.password,
    );

-    if (
-      !user ||
-      !(await comparePasswordHash(loginDto.password, user.password))
-    ) {
+    if (!user || !isPasswordMatch || user.deletedAt) {
      throw new UnauthorizedException('email or password does not match');
    }

@ -86,7 +84,7 @@ export class AuthService {
      includePassword: true,
    });

-    if (!user) {
+    if (!user || user.deletedAt) {
      throw new NotFoundException('User not found');
    }

@ -125,7 +123,7 @@ export class AuthService {
      workspace.id,
    );

-    if (!user) {
+    if (!user || user.deletedAt) {
      return;
    }

@ -168,7 +166,7 @@ export class AuthService {
    }

    const user = await this.userRepo.findById(userToken.userId, workspaceId);
-    if (!user) {
+    if (!user || user.deletedAt) {
      throw new NotFoundException('User not found');
    }

--- a/apps/server/src/core/auth/services/token.service.ts
+++ b/apps/server/src/core/auth/services/token.service.ts
@ -1,4 +1,8 @@
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import {
+  ForbiddenException,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { EnvironmentService } from '../../../integrations/environment/environment.service';
 import {
@ -17,6 +21,10 @@ export class TokenService {
  ) {}

  async generateAccessToken(user: User): Promise<string> {
+    if (user.deletedAt) {
+      throw new ForbiddenException();
+    }
+
    const payload: JwtPayload = {
      sub: user.id,
      email: user.email,
--- a/apps/server/src/core/auth/strategies/jwt.strategy.ts
+++ b/apps/server/src/core/auth/strategies/jwt.strategy.ts
@ -1,9 +1,4 @@
-import {
-  BadRequestException,
-  Injectable,
-  Logger,
-  UnauthorizedException,
-} from '@nestjs/common';
+import { Injectable, Logger, UnauthorizedException } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { Strategy } from 'passport-jwt';
 import { EnvironmentService } from '../../../integrations/environment/environment.service';
@ -47,7 +42,7 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
    }
    const user = await this.userRepo.findById(payload.sub, payload.workspaceId);

-    if (!user) {
+    if (!user || user.deletedAt) {
      throw new UnauthorizedException();
    }