Enable Password Hashing in Registration

backend/src/api/user/user.controller.ts

@@ -14,17 +14,13 @@ import { AutoGuard } from '../../auth/auto.guard';
 import { PatchUserDTO } from './patch.user.dto';
 import { RegisterUserDTO } from './register.user.dto';
 import { AuthService } from '../../auth/auth.service';
-import { UserRepository } from '../../db/repositories/user.repository';
 import { NestRequest } from '../../types/request.type';
 
 type SanitizedUser = Omit<User, 'password'>;
 
 @Controller('user')
 export class UserController {
-  constructor(
-    private authService: AuthService,
-    private userRepository: UserRepository,
-  ) {}
+  constructor(private authService: AuthService) {}
 
   _sanitizeUser(user: User): SanitizedUser {
     const sanitizedUser: SanitizedUser & { password?: string } = user;
@@ -34,13 +30,20 @@ export class UserController {
   }
 
   @Post('/')
-  async postRegister(@Body() userPatch: RegisterUserDTO) {
-    this.userRepository.createUser(
+  async postRegister(@Body() userPatch: RegisterUserDTO, @Res() res: Response) {
+    const user = await this.authService.createUser(
       userPatch.email,
       userPatch.displayName,
       userPatch.password,
-      false,
     );
+
+    if (user) {
+      return res.status(201).json({ status: 'Registration was successfull' });
+    } else {
+      return res
+        .status(500)
+        .json({ status: 'Registration was not successfull' });
+    }
   }
 
   /**
@@ -84,10 +87,7 @@ export class UserController {
     }
 
     if (Object.keys(userChanges).length > 0) {
-      const user = await this.userRepository.updateUser(
-        req.user.id,
-        userChanges,
-      );
+      const user = await this.authService.updateUser(req.user.id, userChanges);
 
       res.status(200).json(this._sanitizeUser(user));
     } else {

backend/src/auth/auth.service.spec.ts

@@ -4,6 +4,7 @@ import { DeepMockProxy, mockDeep } from 'jest-mock-extended';
 import { hashSync } from 'bcrypt';
 import { PrismaClient } from '@prisma/client';
 import { UserRepository } from '../db/repositories/user.repository';
+import { TestConstants } from '../../test/lib/constants';
 
 describe('AuthService', () => {
   let service: AuthService;
@@ -58,4 +59,24 @@ describe('AuthService', () => {
       await service.validateUserPassword('[email protected]', 'incorrect'),
     ).toBeNull();
   });
+
+  it('should be able to create a user and hash the password', async () => {
+    jest
+      .spyOn(service, 'hashPassword')
+      .mockImplementation(async () => 'HASHED');
+
+    userRepository.createUser.mockResolvedValue(
+      TestConstants.database.users.exampleUser,
+    );
+
+    const result = await service.createUser('MOCKED', 'MOCKED', 'MOCKED');
+
+    expect(result).toStrictEqual(TestConstants.database.users.exampleUser);
+    expect(userRepository.createUser).toHaveBeenCalledWith(
+      'MOCKED',
+      'MOCKED',
+      'HASHED',
+      false,
+    );
+  });
 });

backend/src/auth/auth.service.ts

@@ -1,5 +1,5 @@
 import { Injectable } from '@nestjs/common';
-import { User } from '@prisma/client';
+import { Prisma, User } from '@prisma/client';
 import * as bcrypt from 'bcrypt';
 import { UserRepository } from '../db/repositories/user.repository';
 
@@ -40,4 +40,31 @@ export class AuthService {
   async hashPassword(password: string): Promise<string> {
     return await bcrypt.hash(password, 12);
   }
+
+  /**
+   * Creates a new user
+   *
+   * @param email
+   * @param displayName
+   * @param password Plain text password, will be hashed before creation
+   * @returns Created User
+   */
+  async createUser(
+    email: string,
+    displayName: string,
+    password: string,
+  ): Promise<User> {
+    const hashedPassword = await this.hashPassword(password);
+
+    return await this.userRepository.createUser(
+      email,
+      displayName,
+      hashedPassword,
+      false,
+    );
+  }
+
+  async updateUser(userId, data: Prisma.UserUpdateInput) {
+    return await this.userRepository.updateUser(userId, data);
+  }
 }