fix: should retrieve user inactive error in login response API.

fix: prevent from delete or inactivate the current authorized user.

server/src/services/Authentication/index.ts

@@ -59,20 +59,20 @@ export default class AuthenticationService {
       this.logger.info('[login] invalid data');
       throw new ServiceError('invalid_details');
     }
-    this.logger.info('[login] check password validation.');
+    this.logger.info('[login] check password validation.', { emailOrPhone, password });
     if (!user.verifyPassword(password)) {
       throw new ServiceError('invalid_password');
     }
 
     if (!user.active) {
-      this.logger.info('[login] user inactive.');
+      this.logger.info('[login] user inactive.', { userId: user.id });
       throw new ServiceError('user_inactive');
     }
 
-    this.logger.info('[login] generating JWT token.');
+    this.logger.info('[login] generating JWT token.', { userId: user.id });
     const token = this.generateToken(user);
 
-    this.logger.info('[login] updating user last login at.');
+    this.logger.info('[login] updating user last login at.', { userId: user.id });
     await systemUserRepository.patchLastLoginAt(user.id);
 
     this.logger.info('[login] Logging success.', { user, token });

server/src/services/Users/UsersService.ts

@@ -53,7 +53,7 @@ export default class UsersService {
    * @param {number} userId -
    * @returns {ISystemUser}
    */
-  async getUserOrThrowError(tenantId: number, userId: number): void {
+  async getUserOrThrowError(tenantId: number, userId: number): Promise<ISystemUser> {
     const { systemUserRepository } = this.repositories;
     const user = await systemUserRepository.getByIdAndTenant(userId, tenantId);
 
@@ -72,7 +72,7 @@ export default class UsersService {
   async deleteUser(tenantId: number, userId: number): Promise<void> {
     const { systemUserRepository } = this.repositories;
     await this.getUserOrThrowError(tenantId, userId);
-    
+
     this.logger.info('[users] trying to delete the given user.', { tenantId, userId });
     await systemUserRepository.deleteById(userId);
      
@@ -84,7 +84,8 @@ export default class UsersService {
    * @param {number} tenantId 
    * @param {number} userId 
    */
-  async activateUser(tenantId: number, userId: number): Promise<void> {
+  async activateUser(tenantId: number, userId: number, authorizedUser: ISystemUser): Promise<void> {
+    this.throwErrorIfUserIdSameAuthorizedUser(userId, authorizedUser);
     const { systemUserRepository } = this.repositories;
 
     const user = await this.getUserOrThrowError(tenantId, userId);
@@ -99,8 +100,10 @@ export default class UsersService {
    * @param {number} userId 
    * @return {Promise<void>}
    */
-  async inactivateUser(tenantId: number, userId: number): Promise<void> {
+  async inactivateUser(tenantId: number, userId: number, authorizedUser: ISystemUser): Promise<void> {
+    this.throwErrorIfUserIdSameAuthorizedUser(userId, authorizedUser);
     const { systemUserRepository } = this.repositories;
+
     const user = await this.getUserOrThrowError(tenantId, userId);
     this.throwErrorIfUserInactive(user);
 
@@ -114,6 +117,7 @@ export default class UsersService {
    */
   async getList(tenantId: number) {
     const users = await SystemUser.query()
+      .whereNotDeleted()
       .where('tenant_id', tenantId);
 
     return users;
@@ -149,4 +153,15 @@ export default class UsersService {
       throw new ServiceError('user_already_inactive');
     }
   }
+
+  /**
+   * Throw service error in case the given user same the authorized user. 
+   * @param {number} userId 
+   * @param {ISystemUser} authorizedUser 
+   */
+  throwErrorIfUserIdSameAuthorizedUser(userId: number, authorizedUser: ISystemUser) {
+    if (userId === authorizedUser.id) {
+      throw new ServiceError('user_same_the_authorized_user');
+    }
+  }
 }