(feat) 100: account page (#101)

* move utils

* add delete account

* add profile page with delete account functionality

* adds integration tests for change password functions

* reset change password inputs

* return on password mismatch

* throwing error instead of returning false or number, pr feedback

* rename file to page-title

* pr improvements

* split up component

* refactoring, use form actions instead of endpoints

* fix validation not highlighting errors

* return error message

Author: sjaghori

components.json

@@ -8,7 +8,7 @@
 	},
 	"aliases": {
 		"components": "$components",
-		"utils": "$utils"
+		"utils": "$lib/utils/shadcn"
 	},
 	"typescript": true
 }

services/src/user/user-repository.integration.test.ts

@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it } from 'vitest'
-import { createUser, getUserById } from './user-repository'
+import { changeUserPasswordById, createUser, deleteUserById, getUserById } from './user-repository'
 import { runMigration } from '../db/database-migration-util'
 import { db } from '../db/database'
 import type { SelectableUser, UserCreationParams } from './user'
@@ -46,4 +46,55 @@ describe('User Repository', () => {
 			await expect(getUserById(-1)).rejects.toThrow()
 		})
 	})
+
+	describe('deleteUser', () => {
+		it('should delete a user by ID', async () => {
+			await createUser(userCreationObject)
+
+			const createdUser = await db.selectFrom('users').select('id').executeTakeFirstOrThrow()
+
+			await expect(deleteUserById(createdUser.id)).resolves.not.toThrowError()
+		})
+
+		it('should throw an error when the user not exists', async () => {
+			await expect(deleteUserById(512)).rejects.toThrowError()
+		})
+
+		it('should only delete the given user when multiple users exist', async () => {
+			const user1 = await createUser(userCreationObject)
+			const user2 = await createUser({ ...userCreationObject, email: 'another@user.com' })
+
+			await expect(deleteUserById(user1.id)).resolves.not.toThrowError()
+
+			const fetchedUser2 = await getUserById(user2.id)
+			expect(fetchedUser2).toEqual(user2)
+		})
+	})
+
+	describe('changeUserPasswordById', () => {
+		it('should correctly update users password', async () => {
+			await createUser(userCreationObject)
+
+			const createdUser = await db
+				.selectFrom('users')
+				.select(['id', 'password_hash'])
+				.executeTakeFirstOrThrow()
+
+			await expect(
+				changeUserPasswordById(createdUser.id, 'new-password')
+			).resolves.not.toThrowError()
+
+			const userAfterPasswordChange = await db
+				.selectFrom('users')
+				.select(['id', 'password_hash'])
+				.executeTakeFirstOrThrow()
+
+			expect(createdUser.id).toEqual(userAfterPasswordChange.id)
+			expect(createdUser.password_hash).not.toEqual(userAfterPasswordChange.password_hash)
+		})
+
+		it('should throw an error when trying to update a password for a user that does not exist', async () => {
+			await expect(changeUserPasswordById(51245, 'new-password')).rejects.toThrowError()
+		})
+	})
 })

services/src/user/user-repository.ts

@@ -24,3 +24,22 @@ export function getUserByEmail(email: string): Promise<SelectableUser> {
 		.where('email', '==', email)
 		.executeTakeFirstOrThrow(() => new Error('User not found'))
 }
+
+export async function deleteUserById(id: number): Promise<void> {
+	const result = await db
+		.deleteFrom('users')
+		.where('id', '==', id)
+		.executeTakeFirstOrThrow(() => new Error(`Could not delete user with id ${id}`))
+
+	if (!result.numDeletedRows) throw new Error('Could not delete any user')
+}
+
+export async function changeUserPasswordById(id: number, passwordHash: string): Promise<void> {
+	const result = await db
+		.updateTable('users')
+		.set({ password_hash: passwordHash })
+		.where('users.id', '==', id)
+		.executeTakeFirstOrThrow(() => new Error(`Could not update users password with id ${id}`))
+
+	if (!result.numUpdatedRows) throw new Error('Could not update users password')
+}

services/src/user/user-service.integration.test.ts

@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it } from 'vitest'
-import { getUser } from './user-service'
+import { changeUserPassword, deleteUser, getUser } from './user-service'
 import { createUser } from './user-repository'
 import { runMigration } from '../db/database-migration-util'
 import { db } from '../db/database'
@@ -11,16 +11,18 @@ beforeEach(async () => {
 })
 
 describe('User Service Integration', () => {
+	const newUserPlainPassword = 'securepassword'
+
+	const newUser = {
+		email: 'integration@test.com',
+		first_name: 'Integration',
+		last_name: 'Test',
+		password_hash: hash(newUserPlainPassword),
+		role: 'user'
+	}
+
 	describe('getUser', () => {
 		it('should return a user when found', async () => {
-			const newUser = {
-				email: 'integration@test.com',
-				first_name: 'Integration',
-				last_name: 'Test',
-				password_hash: hash('securepassword'),
-				role: 'user'
-			}
-
 			const createdUser = await createUser(newUser)
 
 			const result = await getUser(createdUser.id)
@@ -34,24 +36,60 @@ describe('User Service Integration', () => {
 			})
 		})
 
-		it('should throw an error when user is not found', async () => {
-			await expect(getUser(999)).rejects.toThrow('User not found')
+		it('should return undefined when user is not found', async () => {
+			await expect(getUser(999)).resolves.toEqual(undefined)
 		})
 
 		it('should not return the password hash', async () => {
-			const newUser = {
-				email: 'integration@test.com',
-				first_name: 'Integration',
-				last_name: 'Test',
-				password_hash: hash('securepassword'),
-				role: 'user'
-			}
-
 			const createdUser = await createUser(newUser)
 
 			const result = await getUser(createdUser.id)
 
 			expect(result).not.toHaveProperty('password_hash')
 		})
 	})
+
+	describe('deleteUser', () => {
+		it('should correctly delete an existing user', async () => {
+			const createdUser = await createUser(newUser)
+
+			await expect(deleteUser(createdUser.id)).resolves.not.toThrowError()
+		})
+
+		it('should return false when trying to delete a non-existing-user', async () => {
+			await expect(deleteUser(5123)).rejects.toThrowError()
+		})
+	})
+
+	describe('changeUserPassword', () => {
+		it('should correctly update a users password on valid input', async () => {
+			const createdUser = await createUser(newUser)
+
+			const newPassword = 'new-secure-password-123'
+			const confirmPassword = newPassword
+
+			await expect(
+				changeUserPassword(createdUser.id, {
+					currentPassword: newUserPlainPassword,
+					newPassword,
+					confirmPassword
+				})
+			).resolves.not.toThrowError()
+		})
+
+		it('should throw an error when current password hash does not match', async () => {
+			const createdUser = await createUser(newUser)
+
+			const newPassword = 'new-secure-password-123'
+			const confirmPassword = newPassword
+
+			await expect(
+				changeUserPassword(createdUser.id, {
+					currentPassword: 'wrong-current-password',
+					newPassword,
+					confirmPassword
+				})
+			).rejects.toThrowError('Invalid password')
+		})
+	})
 })

services/src/user/user-service.ts

@@ -1,9 +1,18 @@
+// TODO: Investigate why vitest integration tests doesn't work with path aliases
+//import { compare, hash } from 'services/crypto/hash'
+import { compare, hash } from '../crypto/hash'
+import type { ChangePasswordPayload } from '$components/container/profile/schema'
 import { omit } from '../util/omit'
 import type { SelectableUser, User } from './user'
-import { getUserById } from './user-repository'
+import { changeUserPasswordById, deleteUserById, getUserById } from './user-repository'
 
-export async function getUser(id: number): Promise<User> {
-	const user = await getUserById(id)
+export async function getUser(id: number): Promise<User | undefined> {
+	let user: SelectableUser
+	try {
+		user = await getUserById(id)
+	} catch (e: unknown) {
+		return undefined
+	}
 
 	return convertUserToNonAuthUser(user)
 }
@@ -13,3 +22,24 @@ function convertUserToNonAuthUser(user: SelectableUser): User {
 
 	return nonAuthUser as User
 }
+
+export async function deleteUser(id: number): Promise<void> {
+	await deleteUserById(id)
+	// TODO: add business logic to handle projects with or without other members
+}
+
+export async function changeUserPassword(
+	id: number,
+	changePasswordPayload: ChangePasswordPayload
+): Promise<void> {
+	const user = await getUserById(id)
+
+	const passwordMatches = compare(changePasswordPayload.currentPassword, user.password_hash)
+	if (!passwordMatches) {
+		throw new Error('Invalid password')
+	}
+
+	// TODO: add a password validation on client, display password strength requirement
+	const newPasswordHash = hash(changePasswordPayload.newPassword)
+	await changeUserPasswordById(id, newPasswordHash)
+}

src/components/container/profile/change-password.svelte

@@ -0,0 +1,102 @@
+<script lang="ts">
+	import { buttonVariants } from '$components/ui/button'
+	import * as Dialog from '$components/ui/dialog'
+	import * as Form from '$components/ui/form'
+	import { KeyRound } from 'lucide-svelte'
+	import { page } from '$app/stores'
+	import { toast } from 'svelte-sonner'
+	import Input from '$components/ui/input/input.svelte'
+	import { changePasswordSchema } from './schema'
+	import { type Infer, type SuperValidated, superForm } from 'sveltekit-superforms'
+	import { zodClient } from 'sveltekit-superforms/adapters'
+
+	export let data: SuperValidated<Infer<typeof changePasswordSchema>>
+
+	const form = superForm(data, {
+		validators: zodClient(changePasswordSchema),
+		async onUpdated({ form }) {
+			if (form.message) {
+				if ($page.status >= 400) {
+					toast.error(form.message)
+				} else {
+					toast.success(form.message)
+					open = false
+				}
+			}
+		}
+	})
+
+	const { form: formData, enhance } = form
+
+	let open: boolean
+</script>
+
+<div class="flex flex-col gap-1">
+	<h3 class="text-xl font-medium">Credentials</h3>
+	<p class="text-muted-foreground">Update your password</p>
+
+	<div class="flex">
+		<Dialog.Root bind:open>
+			<Dialog.Trigger class={buttonVariants({ variant: 'outline' })}>
+				<KeyRound class="mr-2 h-5 w-5" />Edit password
+			</Dialog.Trigger>
+
+			<Dialog.Content class="sm:max-w-[425px]">
+				<form method="POST" action="?/changePassword" use:enhance>
+					<Dialog.Header>
+						<Dialog.Title>Edit password</Dialog.Title>
+						<!-- <Dialog.Description></Dialog.Description> -->
+					</Dialog.Header>
+
+					<div class="my-3 flex flex-col gap-3">
+						<Form.Field {form} name="currentPassword">
+							<Form.Control let:attrs>
+								<Form.Label>Current Password</Form.Label>
+								<Input
+									type="password"
+									data-testid="current-password"
+									placeholder="Enter current password"
+									{...attrs}
+									bind:value={$formData.currentPassword}
+								/>
+							</Form.Control>
+							<Form.FieldErrors />
+						</Form.Field>
+
+						<Form.Field {form} name="newPassword">
+							<Form.Control let:attrs>
+								<Form.Label>New Password</Form.Label>
+								<Input
+									type="password"
+									data-testid="new-password"
+									placeholder="Enter new password"
+									{...attrs}
+									bind:value={$formData.newPassword}
+								/>
+							</Form.Control>
+							<Form.FieldErrors />
+						</Form.Field>
+
+						<Form.Field {form} name="confirmPassword">
+							<Form.Control let:attrs>
+								<Form.Label>Confirm Password</Form.Label>
+								<Input
+									type="password"
+									data-testid="confirm-password"
+									placeholder="Confirm password"
+									{...attrs}
+									bind:value={$formData.confirmPassword}
+								/>
+							</Form.Control>
+							<Form.FieldErrors />
+						</Form.Field>
+					</div>
+
+					<Dialog.Footer>
+						<Form.Button variant="default">Update Password</Form.Button>
+					</Dialog.Footer>
+				</form>
+			</Dialog.Content>
+		</Dialog.Root>
+	</div>
+</div>

src/components/container/profile/delete-profile.svelte

@@ -0,0 +1,40 @@
+<script lang="ts">
+	import { enhance } from '$app/forms'
+	import { buttonVariants } from '$components/ui/button'
+	import Button from '$components/ui/button/button.svelte'
+	import * as Dialog from '$components/ui/dialog'
+	import * as Form from '$components/ui/form'
+	import { LogOut, Trash } from 'lucide-svelte'
+</script>
+
+<div class="rounded border-2 border-dashed border-destructive">
+	<div class="m-2 flex flex-col gap-1">
+		<h3 class="text-xl font-medium text-destructive">Danger Zone</h3>
+		<p class="text-muted-foreground">
+			Deleting the profile would remove all your data and your current subscription.
+		</p>
+
+		<div class="flex gap-2">
+			<Dialog.Root>
+				<Dialog.Trigger class={buttonVariants({ variant: 'destructive' })}>
+					<Trash class="mr-2 h-5 w-5" />Delete your account
+				</Dialog.Trigger>
+				<Dialog.Content class="sm:max-w-[425px]">
+					<form method="POST" action="?/deleteProfile" use:enhance>
+						<Dialog.Header>
+							<Dialog.Title>Delete profile</Dialog.Title>
+							<Dialog.Description>Are you sure you want to delete your profile?</Dialog.Description>
+						</Dialog.Header>
+
+						<Dialog.Footer class="mt-2">
+							<Form.Button variant="destructive">
+								Delete now <Trash class="ml-2 h-5 w-5" />
+							</Form.Button>
+						</Dialog.Footer>
+					</form>
+				</Dialog.Content>
+			</Dialog.Root>
+			<Button href="/logout" variant="outline"><LogOut class="mr-2 h-4 w-4" /> Logout</Button>
+		</div>
+	</div>
+</div>