Merged in feat/sw-2967-mystay (pull request #2666)
feat(mystay):SW-2967 - allow access if booking.guest == logged in user * feat(mystay):SW-2967 - allow access if booking.guest == logged in user * Fixed failing tests Approved-by: Hrishikesh Vaipurkar
This commit is contained in:
Linus Flood
@@ -34,11 +34,6 @@ describe("Access booking", () => {
|
|||||||
accessBooking(loggedInGuest, "Booking", badAuthenticatedUser)
|
accessBooking(loggedInGuest, "Booking", badAuthenticatedUser)
|
||||||
).toBe(ERROR_UNAUTHORIZED)
|
).toBe(ERROR_UNAUTHORIZED)
|
||||||
})
|
})
|
||||||
it("should deny access if refId mismatch", () => {
|
|
||||||
expect(
|
|
||||||
accessBooking(loggedInGuest, "NotBooking", authenticatedUser)
|
|
||||||
).toBe(ERROR_UNAUTHORIZED)
|
|
||||||
})
|
|
||||||
})
|
})
|
||||||
|
|
||||||
describe("for anonymous booking", () => {
|
describe("for anonymous booking", () => {
|
||||||
@@ -145,7 +140,7 @@ const authenticatedUser: SafeUser = {
|
|||||||
zipCode: undefined,
|
zipCode: undefined,
|
||||||
},
|
},
|
||||||
dateOfBirth: "",
|
dateOfBirth: "",
|
||||||
email: "",
|
email: "logged+in@scandichotels.com",
|
||||||
firstName: "Authenticated",
|
firstName: "Authenticated",
|
||||||
language: undefined,
|
language: undefined,
|
||||||
lastName: "Booking",
|
lastName: "Booking",
|
||||||
|
|||||||
@@ -21,30 +21,25 @@ function accessBooking(
|
|||||||
user: SafeUser | null,
|
user: SafeUser | null,
|
||||||
cookie: string = ""
|
cookie: string = ""
|
||||||
) {
|
) {
|
||||||
if (guest.membershipNumber) {
|
if (
|
||||||
if (user) {
|
user &&
|
||||||
if (
|
user.membershipNumber === guest.membershipNumber &&
|
||||||
user.membershipNumber === guest.membershipNumber &&
|
user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
|
||||||
user.lastName.toLowerCase() === lastName.toLowerCase() &&
|
user.email.toLowerCase() === guest.email?.toLowerCase()
|
||||||
lastName.toLowerCase() === guest.lastName?.toLowerCase()
|
) {
|
||||||
) {
|
return ACCESS_GRANTED
|
||||||
return ACCESS_GRANTED
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return ERROR_UNAUTHORIZED
|
if (guest.membershipNumber) {
|
||||||
|
if (!user) {
|
||||||
|
return ERROR_UNAUTHORIZED
|
||||||
|
}
|
||||||
|
if (guest.membershipNumber !== user.membershipNumber) {
|
||||||
|
return ERROR_UNAUTHORIZED
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (guest.lastName?.toLowerCase() === lastName.toLowerCase()) {
|
if (guest.lastName?.toLowerCase() === lastName.toLowerCase()) {
|
||||||
if (user) {
|
|
||||||
if (
|
|
||||||
user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
|
|
||||||
user.email.toLowerCase() === guest.email?.toLowerCase()
|
|
||||||
) {
|
|
||||||
return ACCESS_GRANTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
const values =
|
const values =
|
||||||
cookie && (JSON.parse(cookie) as Partial<AdditionalInfoCookieValue>)
|
cookie && (JSON.parse(cookie) as Partial<AdditionalInfoCookieValue>)
|
||||||
if (
|
if (
|
||||||
|
|||||||
Reference in New Issue
Block a user