if password changed, other users cannot continue to send message

srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts

@@ -53,17 +53,19 @@ export class ChatController {
 		let fields = ["name", "type", "users", "protection", "allowed_users"];
 		const rooms = await this.chatService.getMyRooms(req.user.username, fields);
 
-		rooms.forEach(room => {
+		const ret_rooms = rooms.map(room =>
+		{
+			let new_room = this.format_room(room);
 			if (room.protection)
 			{
 				if (room.allowed_users.includes(req.user.username))
-					room.allowed = true;
+					new_room.allowed = true;
 				else
-					room.allowed = false;
+					new_room.allowed = false;
 			}
+			return new_room;
 		});
 
-		const ret_rooms = rooms.map(room => this.format_room(room));
 		res.status(HttpStatus.OK).json({ rooms: ret_rooms });
 		printCaller("- out ");
 	}
@@ -266,6 +268,7 @@ export class ChatController {
 		// inform other connected users
 		let socket: socketDto = this.chatGateway.sockets.get(req.user.username);
 		await socket.to(socket.room).emit('message', "SERVER", message);
+		await socket.to(socket.room).emit('new_password');
 
 		const ret_room = this.format_room(room);
 		res.status(HttpStatus.OK).json({ room: ret_room });

srcs/requirements/nestjs/api_back/src/chat/chat.service.ts

@@ -216,14 +216,20 @@ export class ChatService {
 			throw new HttpException({ error: true, code: 'DIRECT_PASSWORD_FORBIDDEN', message: `you cannot set a password in a direct message room` }, HttpStatus.FORBIDDEN);
 		}
 
-		const current_room = await this.getRoomByName(room.name);
+		const room_db = await this.getRoomByName(room.name);
+
+		if (!room_db.admins.includes(username))
+		{
+			console.log("throw error: error: true, code: 'NO_ADMIN', message: 'only admins are allowed to set or modify password'");
+			throw new HttpException({ error: true, code: 'NO_ADMIN', message: `only admins are allowed to set or modify password` }, HttpStatus.FORBIDDEN);
+		}
 
 		if (!room.password)
 		{
 			console.log("throw error: error: true, code: 'NO_PASSWORD', message: 'this room has no password protection'");
 			throw new HttpException({ error: true, code: 'NO_PASSWORD', message: `this room has no password protection` }, HttpStatus.FORBIDDEN);
 		}
-		if (current_room.protection)
+		if (room_db.protection)
 		{
 			if (room.protection && !old_password)
 			{
@@ -232,7 +238,13 @@ export class ChatService {
 			}
 			if (old_password)
 			{
-				const is_match = await bcrypt.compare(old_password, current_room.hash);
+				const is_old_match = await bcrypt.compare(room.password, room_db.hash);
+				if (is_old_match)
+				{
+					printCaller(`throw error: error: true, code: 'SAME_PASSWORD', message: 'you provided the same password'`);
+					throw new HttpException({ error: true, code: 'SAME_PASSWORD', message: `you provided the same password` }, HttpStatus.BAD_REQUEST);
+				}
+				const is_match = await bcrypt.compare(old_password, room_db.hash);
 				if (!is_match)
 				{
 					printCaller(`throw error: error: true, code: 'BAD_PASSWORD', message: 'you provided a bad password'`);
@@ -248,14 +260,14 @@ export class ChatService {
 			hash = await bcrypt.hash(password, saltOrRounds);
 
 		// add password to chatroom
-		current_room.allowed_users = room.allowed_users;
-		current_room.protection = room.protection;
+		room_db.allowed_users = room.allowed_users;
+		room_db.protection = room.protection;
 		if (room.protection)
-			current_room.hash = hash;
+			room_db.hash = hash;
 		else
-			delete current_room.hash;
-		current_room.messages.push({ name: "SERVER", message: message });
-		await this.chatroomRepository.save(current_room);
+			delete room_db.hash;
+		room_db.messages.push({ name: "SERVER", message: message });
+		await this.chatroomRepository.save(room_db);
 
 		printCaller("-- out ");
 	}
@@ -280,6 +292,7 @@ export class ChatService {
 		newChatroom.name = room.name;
 		newChatroom.type = room.type;
 		newChatroom.owner = username;
+		newChatroom.admins = [username];
 		newChatroom.users = room.users;
 		newChatroom.allowed_users = [];
 		newChatroom.protection = false;
@@ -416,8 +429,19 @@ export class ChatService {
 	{
 		printCaller("-- in ");
 
-		socket.to(socket.room).emit('message', socket.username, message);
 		let room_name = await this.getCurrentRoomName(socket.username);
+		const current_room = await this.getRoomByName(room_name);
+
+		if (current_room.protection)
+		{
+			if (!current_room.allowed_users.includes(socket.username))
+			{
+				socket.emit('message', "SERVER", "your message was not sent because you need to validate the password");
+				return;
+			}
+		}
+
+		socket.to(socket.room).emit('message', socket.username, message);
 		await this.addMessageToRoom(room_name, socket.username, message);
 
 		printCaller("-- out ");

srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts

@@ -31,6 +31,11 @@ export class roomDto
 	@IsOptional()
 	owner?: string;
 
+	@IsArray()
+	@IsString({ each: true })
+	@IsOptional()
+	admins?: string[];
+
 	@IsString()
 	@IsOptional()
 	client_name?: string;

srcs/requirements/nestjs/api_back/src/chat/dto/socket.dto.ts

@@ -8,6 +8,10 @@ export class socketDto extends Socket
 
 	@IsString()
 	room: string;
+
+	@IsBoolean()
+	@IsOptional()
+	new_password?: boolean;
 }
 
 

srcs/requirements/nestjs/api_back/src/chat/entities/chatroom.entity.ts

@@ -25,11 +25,6 @@ export class Chatroom
 	@IsBoolean()
 	protection: boolean = false;
 
-	@Column({ nullable: true })
-	@IsBoolean()
-	@IsOptional()
-	allowed?: boolean;
-
 	@Column({ nullable: true })
 	@IsString()
 	@IsOptional()
@@ -38,6 +33,11 @@ export class Chatroom
   @Column()
   owner: string; // username
 
+  @Column("simple-array")
+	@IsArray()
+	@IsString({ each: true })
+  admins: string[]; // username
+
   @Column("simple-array")
 	@IsArray()
 	@IsString({ each: true })