added error handling for objectID

Code-4-Community · Oct 3, 2023 · ebd101b · ebd101b
1 parent e2dc648
commit ebd101b
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/apps/backend/src/users/user.entity.ts b/apps/backend/src/users/user.entity.ts
@@ -18,7 +18,6 @@ export class User {
 
   @Column()
   email: string;
-
   @Column()
   profilePicture: string;
 
@@ -30,7 +29,6 @@ export class User {
 
   @Column()
   team: string | null;
-
   @Column()
   role: string | null;
 }
diff --git a/apps/backend/src/users/users.service.ts b/apps/backend/src/users/users.service.ts
@@ -26,16 +26,24 @@ export class UsersService {
     UpdateUserDTO: UpdateUserDTO,
     userId: string,
   ): Promise<User> {
-    const id = new ObjectId(userId);
+    let id;
+    try {
+      id = new ObjectId(userId);
+    } catch (err) {
+      //TODO maybe check for other errors that might be thrown in line 31
+      //right now this assumes that the error is a BSONError when an id is passed in that's not a 24 character hex
+      throw new BadRequestException(
+        'Invalid user ID format. UserID must be a 24 character hex string, 12 byte Uint8Array, or an integer',
+      );
+    }
 
     const user: User = await this.usersRepository.findOne({
       where: {
         _id: { $eq: id },
       },
     });
-
     if (!user) {
-      throw new BadRequestException(`User ${userId} not found.`);
+      throw new BadRequestException(`Invalid user: ${userId}`);
     }
 
     const exampleUser: User = {
@@ -53,26 +61,26 @@ export class UsersService {
 
     if (
       exampleUser.status === Status.APPLICANT &&
-      userId !== exampleUser.id.toString()
+      userId != exampleUser.id.toString()
     ) {
       throw new BadRequestException(
-        'Invalid update permissions; applicant cannot update another applicant',
+        'Invalid update permissions; applicant cannot update another  applicant',
       );
     }
 
     if (
       (exampleUser.status === Status.MEMBER ||
         exampleUser.status === Status.ALUMNI) &&
-      user.status === Status.APPLICANT
+      user.status == Status.APPLICANT
     ) {
       throw new BadRequestException(
         'Invalid update permissions; members and alumni cannot update applicants',
       );
     }
 
     if (
-      exampleUser.status !== Status.ADMIN &&
-      userId !== exampleUser.id.toString()
+      exampleUser.status != Status.ADMIN &&
+      userId != exampleUser.id.toString()
     ) {
       throw new UnauthorizedException();
     }