1
00:00:01,054 --> 00:00:04,060
‫In this lecture, we will allow the currently logged in

2
00:00:04,060 --> 00:00:07,283
‫user to manipulate his user data.

3
00:00:09,020 --> 00:00:11,910
‫And so now, by implementing user updates,

4
00:00:11,910 --> 00:00:14,880
‫we're really leaving the domain of authentication

5
00:00:14,880 --> 00:00:19,030
‫and are moving more into real user related stuff, okay?

6
00:00:19,030 --> 00:00:22,180
‫And so instead of using the authentication controller now,

7
00:00:22,180 --> 00:00:24,840
‫let's implement this updating functionality

8
00:00:24,840 --> 00:00:26,743
‫right in their userController.

9
00:00:27,850 --> 00:00:28,970
‫Okay,

10
00:00:28,970 --> 00:00:31,710
‫so we have a bunch of handlers, so of routes,

11
00:00:31,710 --> 00:00:35,270
‫that are not really implemented here, okay?

12
00:00:35,270 --> 00:00:37,420
‫But let's leave them aside for now

13
00:00:37,420 --> 00:00:40,553
‫and create our new handler function down here.

14
00:00:42,800 --> 00:00:45,143
‫And this one is gonna be called updateMe.

15
00:00:48,312 --> 00:00:51,260
‫And so again, it's updateMe because it's for updating

16
00:00:51,260 --> 00:00:53,323
‫the currently authenticated user.

17
00:00:54,580 --> 00:00:56,620
‫Later on, we will then also implement

18
00:00:56,620 --> 00:01:00,070
‫this updateUser function here, but that is then

19
00:01:00,070 --> 00:01:03,680
‫for like an administrator to update all of the user data,

20
00:01:03,680 --> 00:01:07,490
‫while the user itself can only update, for now at least,

21
00:01:07,490 --> 00:01:09,293
‫the name and the email address.

22
00:01:12,180 --> 00:01:15,900
‫So, request, response, and next.

23
00:01:17,205 --> 00:01:20,205
‫(keyboard clacking)

24
00:01:22,550 --> 00:01:25,800
‫And we are actually doing this, so updating the user data,

25
00:01:25,800 --> 00:01:29,180
‫in a different route than updating the user password,

26
00:01:29,180 --> 00:01:32,040
‫well because usually in a typical web application

27
00:01:32,040 --> 00:01:33,773
‫that's always how it's done.

28
00:01:34,720 --> 00:01:36,370
‫So you have usually one place

29
00:01:36,370 --> 00:01:38,190
‫where you can update your password

30
00:01:38,190 --> 00:01:40,630
‫and then another place where you can update data

31
00:01:40,630 --> 00:01:43,700
‫about the user or the account itself.

32
00:01:43,700 --> 00:01:46,993
‫And so here, we're just basically following that pattern.

33
00:01:48,592 --> 00:01:52,410
‫So again, let's start by laying out our steps.

34
00:01:52,410 --> 00:01:54,140
‫And the first thing that we want to do here

35
00:01:54,140 --> 00:01:56,090
‫is to basically create an error

36
00:01:56,090 --> 00:01:58,703
‫if the user tries to update the password.

37
00:02:01,993 --> 00:02:05,737
‫So create error if user

38
00:02:07,330 --> 00:02:10,073
‫posts basically password data.

39
00:02:13,406 --> 00:02:17,980
‫But then if not, we simply need to update the user document.

40
00:02:20,610 --> 00:02:23,720
‫So simple enough, and let's of course start

41
00:02:23,720 --> 00:02:24,783
‫with the first one.

42
00:02:26,410 --> 00:02:28,180
‫Of course there will be a body

43
00:02:28,180 --> 00:02:30,220
‫where we're gonna pass in the data,

44
00:02:30,220 --> 00:02:33,933
‫and so if on that body there is data on password,

45
00:02:35,890 --> 00:02:37,929
‫or a password confirm...

46
00:02:37,929 --> 00:02:40,596
‫(keys clacking)

47
00:02:44,047 --> 00:02:45,350
‫Confirm.

48
00:02:45,350 --> 00:02:49,410
‫Well in that case, we want to return immediately

49
00:02:49,410 --> 00:02:51,833
‫and create a new Apperror.

50
00:02:53,920 --> 00:02:57,110
‫Oh and I guess we didn't yet implement it here,

51
00:02:57,110 --> 00:02:58,780
‫or actually require,

52
00:02:58,780 --> 00:03:00,663
‫so let's just grab it from here.

53
00:03:01,660 --> 00:03:02,730
‫So AppError...

54
00:03:04,360 --> 00:03:05,580
‫It's not here,

55
00:03:05,580 --> 00:03:07,400
‫so the userController...

56
00:03:11,550 --> 00:03:13,550
‫So AppError, here we go.

57
00:03:15,700 --> 00:03:20,700
‫So 'This route is not for password updates.

58
00:03:26,280 --> 00:03:29,623
‫'Please use /updateMYPassword.'

59
00:03:32,160 --> 00:03:34,960
‫So basically the route that we specified before.

60
00:03:34,960 --> 00:03:36,720
‫So updateMYPassword.

61
00:03:39,226 --> 00:03:42,753
‫And then also, a code 400 for a bad request.

62
00:03:46,150 --> 00:03:48,743
‫And let's actually try this one out right away.

63
00:03:49,921 --> 00:03:51,770
‫And for that just two things,

64
00:03:51,770 --> 00:03:54,133
‫first we need to send back a response,

65
00:03:56,230 --> 00:04:00,660
‫so let's say res.status(200) for okay,

66
00:04:00,660 --> 00:04:01,993
‫and then json,

67
00:04:07,130 --> 00:04:09,070
‫add the status as success.

68
00:04:09,070 --> 00:04:11,860
‫And later we will then also send the updated user,

69
00:04:11,860 --> 00:04:13,563
‫but let's leave that for later.

70
00:04:14,610 --> 00:04:16,840
‫So that's the response, and now we of course

71
00:04:16,840 --> 00:04:19,893
‫also need to add this route to our user Router.

72
00:04:21,880 --> 00:04:24,993
‫So that's of course similar to update my password,

73
00:04:26,390 --> 00:04:29,663
‫so router, and of course a patch,

74
00:04:32,066 --> 00:04:32,899
‫/updateMe,

75
00:04:35,370 --> 00:04:38,080
‫then again, it is a protected route

76
00:04:38,080 --> 00:04:42,120
‫so only the currently authenticated user can update

77
00:04:42,120 --> 00:04:43,603
‫the data of the current user.

78
00:04:45,420 --> 00:04:48,240
‫And so all of this is of course really secure,

79
00:04:48,240 --> 00:04:51,540
‫again because the ID of the user that is gonna be updated

80
00:04:51,540 --> 00:04:53,960
‫come from request.user,

81
00:04:53,960 --> 00:04:58,120
‫which was set by this protect middleware here,

82
00:04:58,120 --> 00:05:01,700
‫which in turn got the idea from the json web token,

83
00:05:01,700 --> 00:05:05,180
‫and since no one can change the ID in that json web token

84
00:05:05,180 --> 00:05:07,920
‫without knowing the secret, well we know

85
00:05:07,920 --> 00:05:11,260
‫that the ID is then safe because of that.

86
00:05:11,260 --> 00:05:13,993
‫And so because of this, everything here is safe.

87
00:05:16,342 --> 00:05:18,675
‫So, userController.updateME.

88
00:05:21,554 --> 00:05:22,471
‫Now okay...

89
00:05:24,050 --> 00:05:26,003
‫So let's test this now.

90
00:05:28,830 --> 00:05:30,883
‫Go ahead and copy this again.

91
00:05:34,530 --> 00:05:37,363
‫And first of all, let's set the authorization.

92
00:05:38,300 --> 00:05:41,520
‫Again from the Bearer Token

93
00:05:41,520 --> 00:05:43,770
‫and of course with this environment variable.

94
00:05:45,788 --> 00:05:48,470
‫Also it needs to be a patch request,

95
00:05:48,470 --> 00:05:50,653
‫and we need to specify a body.

96
00:05:53,740 --> 00:05:56,110
‫And I want to start by testing it,

97
00:05:56,110 --> 00:05:57,930
‫causing this error of course,

98
00:05:57,930 --> 00:05:59,653
‫and so let's specify a password,

99
00:06:06,170 --> 00:06:07,613
‫and then a name.

100
00:06:12,620 --> 00:06:15,883
‫So let's say that this is the name that we want to update,

101
00:06:17,030 --> 00:06:18,620
‫so let's save this here.

102
00:06:20,911 --> 00:06:23,361
‫And actually it is of course in the Users folder.

103
00:06:26,960 --> 00:06:28,973
‫User Data.

104
00:06:30,810 --> 00:06:32,750
‫And actually let's create a new folder here,

105
00:06:32,750 --> 00:06:35,670
‫and put the stuff that is related to authentication

106
00:06:35,670 --> 00:06:37,123
‫into its own folder.

107
00:06:39,998 --> 00:06:42,960
‫So up here, we create a new folder

108
00:06:42,960 --> 00:06:47,960
‫and call it Authentication.

109
00:06:48,150 --> 00:06:49,460
‫That's not correct.

110
00:06:49,460 --> 00:06:52,354
‫AH-THEN-TICATION.

111
00:06:52,354 --> 00:06:53,554
‫(chuckles) So that's it.

112
00:06:55,480 --> 00:06:58,593
‫And so the password is related to authentication,

113
00:06:59,550 --> 00:07:04,530
‫also resetting the password, forgetting the password,

114
00:07:04,530 --> 00:07:07,193
‫logging in, and signing out.

115
00:07:11,078 --> 00:07:13,245
‫So, let's close these two,

116
00:07:14,440 --> 00:07:16,800
‫and now log in as,

117
00:07:16,800 --> 00:07:18,600
‫or actually let's create a new user.

118
00:07:20,490 --> 00:07:22,043
‫So let's sign up here,

119
00:07:24,170 --> 00:07:28,600
‫as a normal user so we can get rid of these two here.

120
00:07:28,600 --> 00:07:33,150
‫And now I'm simply calling it, well, test again, all right?

121
00:07:33,150 --> 00:07:36,060
‫And let's take a look at what users we currently have

122
00:07:38,520 --> 00:07:40,100
‫in our database.

123
00:07:40,100 --> 00:07:41,950
‫So we have hello and admin,

124
00:07:41,950 --> 00:07:43,823
‫and so let's now use test.

125
00:07:47,400 --> 00:07:49,260
‫And I'm always again, using the same password

126
00:07:49,260 --> 00:07:50,483
‫to make it really easy.

127
00:07:52,310 --> 00:07:55,833
‫All right, we need to give the name as well,

128
00:07:59,530 --> 00:08:01,003
‫let's just call it J here.

129
00:08:03,180 --> 00:08:05,570
‫And now indeed we get our token,

130
00:08:05,570 --> 00:08:07,120
‫and we're already logged in,

131
00:08:07,120 --> 00:08:09,250
‫and so now when we update the user,

132
00:08:09,250 --> 00:08:12,083
‫that should be for this user that was just logged in.

133
00:08:13,734 --> 00:08:15,770
‫So I'm not trying to update and of course,

134
00:08:15,770 --> 00:08:19,180
‫no updating is yet implemented and so that's not gonna work.

135
00:08:19,180 --> 00:08:21,820
‫All I want to see is the error that should happen

136
00:08:21,820 --> 00:08:25,713
‫because I specified this password property here on the body.

137
00:08:27,361 --> 00:08:28,720
‫So let's try it out.

138
00:08:28,720 --> 00:08:31,973
‫And here we get this kind weird looking error,

139
00:08:33,190 --> 00:08:35,700
‫but I guess it is simply because we didn't

140
00:08:35,700 --> 00:08:37,150
‫actually update the route here,

141
00:08:37,150 --> 00:08:40,500
‫so remember I just copied a route, so the URL,

142
00:08:40,500 --> 00:08:42,160
‫and just pasted it here.

143
00:08:42,160 --> 00:08:46,610
‫But of course, it needs to be updateME.

144
00:08:46,610 --> 00:08:48,630
‫So let's try that again.

145
00:08:48,630 --> 00:08:51,617
‫And so now we actually get that error that we specified.

146
00:08:51,617 --> 00:08:53,627
‫"This route is not for password updates.

147
00:08:53,627 --> 00:08:56,300
‫"Please use /updateMyPassowrd."

148
00:08:56,300 --> 00:08:58,450
‫So great, that part is working,

149
00:08:58,450 --> 00:09:01,890
‫and it's also working that we need to be authenticated.

150
00:09:01,890 --> 00:09:05,700
‫Because let's say that we have no authentication,

151
00:09:05,700 --> 00:09:08,410
‫and so let's say that: No Auth.

152
00:09:08,410 --> 00:09:10,330
‫And so let's try that again now.

153
00:09:10,330 --> 00:09:12,867
‫And so indeed, "You are not logged in!

154
00:09:12,867 --> 00:09:15,157
‫"Please log in to get access."

155
00:09:17,300 --> 00:09:19,800
‫So just to prove you that our authentication

156
00:09:19,800 --> 00:09:21,853
‫is actually also doing its job here.

157
00:09:23,260 --> 00:09:25,450
‫But of course, we want our Bearer Token,

158
00:09:25,450 --> 00:09:27,933
‫and so now we get that other error.

159
00:09:29,990 --> 00:09:32,790
‫Great, so let's now go ahead implement

160
00:09:32,790 --> 00:09:36,943
‫the rest of the functionality for the updateMe handler.

161
00:09:38,170 --> 00:09:40,970
‫So updating the user document,

162
00:09:40,970 --> 00:09:43,910
‫and we could try to do it with user.safe.

163
00:09:43,910 --> 00:09:46,860
‫So just like before, basically getting the user

164
00:09:46,860 --> 00:09:49,430
‫then updating the properties, and then by the end,

165
00:09:49,430 --> 00:09:51,030
‫saving the document.

166
00:09:51,030 --> 00:09:53,500
‫But the problem with that is that there are some fields

167
00:09:53,500 --> 00:09:56,320
‫that are required which we're not updating,

168
00:09:56,320 --> 00:09:57,680
‫and then because of that,

169
00:09:57,680 --> 00:09:59,490
‫we will some error.

170
00:09:59,490 --> 00:10:01,330
‫And so just to quickly demonstrate to you,

171
00:10:01,330 --> 00:10:02,530
‫let me actually do that.

172
00:10:03,430 --> 00:10:06,403
‫Okay, so very quickly, getting the user here.

173
00:10:09,490 --> 00:10:14,490
‫So findbyId, so request.user as we already know, .id.

174
00:10:17,540 --> 00:10:22,540
‫And then let's say, user.name = 'Jonas'

175
00:10:25,582 --> 00:10:27,297
‫and then await user.save.

176
00:10:30,660 --> 00:10:33,763
‫But again you see that this will give us an error then.

177
00:10:35,277 --> 00:10:37,320
‫But for now let's also of course declare it

178
00:10:37,320 --> 00:10:38,763
‫as an async function.

179
00:10:45,700 --> 00:10:47,970
‫And all right.

180
00:10:47,970 --> 00:10:49,690
‫So let's test it now,

181
00:10:49,690 --> 00:10:52,780
‫but we should expect to see an error now.

182
00:10:52,780 --> 00:10:55,113
‫So let's of course get rid of this one,

183
00:10:58,910 --> 00:11:02,560
‫and indeed we get: "Please confirm your password".

184
00:11:02,560 --> 00:11:06,380
‫And so that's because passwordConfirm is a required field

185
00:11:06,380 --> 00:11:08,763
‫but we did of course not specify it.

186
00:11:09,770 --> 00:11:12,940
‫And so the safe method is not really the correct option

187
00:11:12,940 --> 00:11:14,760
‫in this case.

188
00:11:14,760 --> 00:11:16,560
‫So instead what we can do now is

189
00:11:16,560 --> 00:11:19,453
‫to actually use findById and update.

190
00:11:20,540 --> 00:11:23,560
‫So we could not use that before for all the reasons

191
00:11:23,560 --> 00:11:25,970
‫that I explained to you multiple times by now.

192
00:11:25,970 --> 00:11:28,460
‫But now since we're not dealing with passwords,

193
00:11:28,460 --> 00:11:32,380
‫but only with this non-sensitive data like name or email,

194
00:11:32,380 --> 00:11:36,263
‫we can now use findById and update.

195
00:11:38,810 --> 00:11:40,343
‫So, let's get rid of this.

196
00:11:42,380 --> 00:11:46,040
‫Let's also call it here updatedUser.

197
00:11:46,040 --> 00:11:48,950
‫And then in here, we need to pass not only the ID,

198
00:11:48,950 --> 00:11:51,400
‫but also the data that should be updated,

199
00:11:51,400 --> 00:11:53,040
‫and then some options.

200
00:11:53,040 --> 00:11:56,303
‫So the data, let's for now call it x here,

201
00:11:57,650 --> 00:11:59,140
‫and I'm telling you why in a second,

202
00:11:59,140 --> 00:12:02,250
‫and then the options that we want to pass in.

203
00:12:02,250 --> 00:12:04,180
‫And so that's just like before,

204
00:12:04,180 --> 00:12:07,240
‫the new option set to true,

205
00:12:07,240 --> 00:12:09,090
‫so that it returns the new object,

206
00:12:09,090 --> 00:12:12,033
‫so basically the updated object instead of the old one.

207
00:12:12,880 --> 00:12:16,393
‫And the also runValidators set to true.

208
00:12:17,670 --> 00:12:22,000
‫Because indeed we want the models to validate our document.

209
00:12:22,000 --> 00:12:25,490
‫So for example, if we put in an invalid email address,

210
00:12:25,490 --> 00:12:28,490
‫that should be catched by the Validator and return an error.

211
00:12:29,770 --> 00:12:34,770
‫Now why am I putting x here, and not simply request.body?

212
00:12:35,040 --> 00:12:37,510
‫Well that's because we actually do not want

213
00:12:37,510 --> 00:12:40,010
‫to update everything that's in the body,

214
00:12:40,010 --> 00:12:43,130
‫because let's say the user puts, in the body,

215
00:12:43,130 --> 00:12:44,513
‫the role for example.

216
00:12:46,550 --> 00:12:51,550
‫We could have body.role set to admin for example,

217
00:12:52,510 --> 00:12:55,040
‫and so this would then allow any user

218
00:12:55,040 --> 00:12:57,860
‫to change the role, for example, to administrator.

219
00:12:57,860 --> 00:13:00,200
‫And of course that can not be allowed.

220
00:13:00,200 --> 00:13:02,850
‫Or the user could also change their reset token,

221
00:13:02,850 --> 00:13:05,350
‫or when that reset token expires,

222
00:13:05,350 --> 00:13:08,290
‫and all of that should not be allowed of course.

223
00:13:08,290 --> 00:13:10,440
‫So doing something like this would

224
00:13:10,440 --> 00:13:12,520
‫of course be a huge mistake.

225
00:13:12,520 --> 00:13:14,773
‫And so we need to make sure that the object

226
00:13:14,773 --> 00:13:16,640
‫that we pass here,

227
00:13:16,640 --> 00:13:19,460
‫so again that object that will contain the data

228
00:13:19,460 --> 00:13:20,860
‫that's gonna be updated,

229
00:13:20,860 --> 00:13:23,540
‫only contains name and email,

230
00:13:23,540 --> 00:13:25,940
‫because for now these are the only fields

231
00:13:25,940 --> 00:13:27,623
‫that we want to allow to update.

232
00:13:28,640 --> 00:13:31,150
‫And so basically we want to filter the body

233
00:13:31,150 --> 00:13:34,370
‫so that in the end, it only contains name and email

234
00:13:34,370 --> 00:13:35,610
‫and nothing else.

235
00:13:35,610 --> 00:13:38,620
‫So if then the user tries to change the role,

236
00:13:38,620 --> 00:13:40,250
‫that will then be filtered out

237
00:13:40,250 --> 00:13:43,483
‫so that it never finds its way to our database.

238
00:13:44,769 --> 00:13:48,400
‫So what we want to do is to basically create a variable

239
00:13:48,400 --> 00:13:49,750
‫and let's say filteredBody,

240
00:13:52,400 --> 00:13:56,240
‫and then we're gonna create function in a second,

241
00:13:56,240 --> 00:13:58,620
‫but let's just already use it here,

242
00:13:58,620 --> 00:14:00,420
‫just so you see how it's gonna work.

243
00:14:01,450 --> 00:14:03,250
‫And then in here we pass the data,

244
00:14:03,250 --> 00:14:05,850
‫so the object that we want to filter,

245
00:14:05,850 --> 00:14:09,890
‫so req.body, because that's where all the data is,

246
00:14:09,890 --> 00:14:12,440
‫and then we pass a couple of arguments.

247
00:14:12,440 --> 00:14:15,170
‫One for each of the fields that we want to keep

248
00:14:15,170 --> 00:14:16,183
‫in the object.

249
00:14:17,950 --> 00:14:20,343
‫So we want to keep the field called name,

250
00:14:21,400 --> 00:14:23,653
‫and the field called email.

251
00:14:25,120 --> 00:14:28,790
‫And again, a bit later we might then add more fields here,

252
00:14:28,790 --> 00:14:30,910
‫for example later we might allow the user

253
00:14:30,910 --> 00:14:32,850
‫to upload an image.

254
00:14:32,850 --> 00:14:35,709
‫And of course that we then also need to update

255
00:14:35,709 --> 00:14:37,220
‫in the database.

256
00:14:37,220 --> 00:14:39,010
‫But for now, all we want to keep

257
00:14:39,010 --> 00:14:43,343
‫in the body is name and email and filter out all the rest.

258
00:14:45,410 --> 00:14:48,067
‫And so here, let's now use filteredBody,

259
00:14:49,730 --> 00:14:51,573
‫instead of x of course.

260
00:14:54,400 --> 00:14:57,200
‫And so now what we need to do is to actually implement

261
00:14:57,200 --> 00:15:00,833
‫this function which will take care of filtering the object.

262
00:15:02,640 --> 00:15:03,893
‫So let's do that here.

263
00:15:09,151 --> 00:15:09,984
‫FilterObj,

264
00:15:12,350 --> 00:15:15,050
‫which will take in an object

265
00:15:15,050 --> 00:15:18,853
‫and then the rest parameters for all the allowed fields.

266
00:15:21,320 --> 00:15:23,670
‫And so this will then basically create an array

267
00:15:23,670 --> 00:15:27,203
‫containing all of the arguments that we passed in.

268
00:15:28,690 --> 00:15:31,750
‫So basically that were passed in after this first one.

269
00:15:31,750 --> 00:15:36,750
‫So in that case, it is an array containing name and email.

270
00:15:39,610 --> 00:15:41,260
‫So what we need to do now is basically

271
00:15:41,260 --> 00:15:44,560
‫to loop through the object and for each element check

272
00:15:44,560 --> 00:15:46,240
‫if it's one of the allowed fields,

273
00:15:46,240 --> 00:15:49,110
‫and if it is, simply add it to a new object,

274
00:15:49,110 --> 00:15:51,160
‫that we're then gonna return in the end.

275
00:15:51,160 --> 00:15:53,840
‫And probably there are more efficient of better ways

276
00:15:53,840 --> 00:15:55,140
‫to implement this,

277
00:15:55,140 --> 00:15:56,990
‫but let's just do it very quick here.

278
00:15:58,810 --> 00:16:00,790
‫So we're gonna loop the object by saying

279
00:16:00,790 --> 00:16:04,893
‫Object.keys of the object that we pass in.

280
00:16:05,940 --> 00:16:08,210
‫So that's one of the easy ways to loop

281
00:16:08,210 --> 00:16:09,883
‫through an object in JavaScript.

282
00:16:12,612 --> 00:16:15,710
‫So, this here then basically returns an array

283
00:16:15,710 --> 00:16:17,560
‫containing all the key names,

284
00:16:17,560 --> 00:16:19,850
‫so the field names of this object,

285
00:16:19,850 --> 00:16:21,713
‫and then we can loop through them.

286
00:16:22,570 --> 00:16:24,023
‫Then our callback function.

287
00:16:24,960 --> 00:16:27,933
‫And for each element, this is what we're gonna do.

288
00:16:29,080 --> 00:16:32,680
‫So, if the allowed field array

289
00:16:33,680 --> 00:16:38,680
‫includes the current element, so the current field name,

290
00:16:38,840 --> 00:16:41,310
‫then we want to add that to a new object.

291
00:16:41,310 --> 00:16:43,533
‫So let's quickly create that one here,

292
00:16:44,580 --> 00:16:47,340
‫so const newObj

293
00:16:48,540 --> 00:16:50,260
‫which is empty for now,

294
00:16:50,260 --> 00:16:53,010
‫and in the end, that's the one that we're gonna return.

295
00:16:54,820 --> 00:16:57,500
‫So newObj.

296
00:16:57,500 --> 00:17:00,770
‫So if the current field is one of the allowed fields,

297
00:17:00,770 --> 00:17:05,770
‫well then newObj with the field name of the current field,

298
00:17:07,260 --> 00:17:10,970
‫should be equal to whatever is in the object

299
00:17:10,970 --> 00:17:13,743
‫at the current element, so the current field name.

300
00:17:15,330 --> 00:17:17,593
‫So don't if this looks a bit confusing,

301
00:17:18,460 --> 00:17:20,740
‫this is again just standard JavaScript,

302
00:17:20,740 --> 00:17:24,450
‫it has nothing to do with no JS or eXpress

303
00:17:24,450 --> 00:17:25,593
‫or anything like that.

304
00:17:26,810 --> 00:17:29,510
‫So again, all we do here is to basically loop

305
00:17:29,510 --> 00:17:32,090
‫through all the fields that are in the object

306
00:17:32,090 --> 00:17:33,710
‫and then for each field, we check

307
00:17:33,710 --> 00:17:35,700
‫if it's one of the allowed fields.

308
00:17:35,700 --> 00:17:39,300
‫And if it is, then we create a new field in the new object,

309
00:17:39,300 --> 00:17:40,610
‫of course with the same name,

310
00:17:40,610 --> 00:17:43,700
‫so still name element, with the exact same value

311
00:17:43,700 --> 00:17:46,317
‫as it has in the original object.

312
00:17:46,317 --> 00:17:49,193
‫And then in the end of course, we return that one.

313
00:17:51,880 --> 00:17:55,323
‫And so this should now all be working here.

314
00:17:56,260 --> 00:17:58,520
‫Then all we need to do in the end

315
00:17:58,520 --> 00:18:01,603
‫is to send that updated user to the client.

316
00:18:03,040 --> 00:18:04,083
‫So, user.

317
00:18:06,120 --> 00:18:11,120
‫Now of course, we need to put the udatedUser then here,

318
00:18:11,160 --> 00:18:15,400
‫give it a save again, and so now it should work.

319
00:18:15,400 --> 00:18:17,877
‫Se really what we did here was..

320
00:18:21,310 --> 00:18:24,003
‫update the user last, and before we did that,

321
00:18:25,450 --> 00:18:30,450
‫we actually filtered out unwanted field names

322
00:18:34,490 --> 00:18:39,303
‫that are not allowed to be updated.

323
00:18:40,758 --> 00:18:42,460
‫So let's try that now.

324
00:18:42,460 --> 00:18:46,423
‫And this user here is a regular user,

325
00:18:47,780 --> 00:18:49,150
‫so we just created him,

326
00:18:49,150 --> 00:18:50,813
‫remember with the name of J.

327
00:18:51,920 --> 00:18:55,100
‫And so let's quickly take a look at Compass.

328
00:18:56,900 --> 00:19:00,870
‫So it's a normal user, with a name of J.

329
00:19:00,870 --> 00:19:02,450
‫And so let's now update then name,

330
00:19:02,450 --> 00:19:05,160
‫and also try to update the role,

331
00:19:05,160 --> 00:19:07,460
‫which again is not allowed.

332
00:19:07,460 --> 00:19:11,090
‫But to see if our code is working, let's try it.

333
00:19:11,090 --> 00:19:14,470
‫So there is the name already, and let's say

334
00:19:14,470 --> 00:19:15,970
‫we're a malicious user

335
00:19:15,970 --> 00:19:19,313
‫trying to change our role to admin.

336
00:19:20,620 --> 00:19:23,150
‫So, everything is correct I guess,

337
00:19:23,150 --> 00:19:25,190
‫so let's send this now,

338
00:19:25,190 --> 00:19:28,520
‫and indeed here is our updated object.

339
00:19:28,520 --> 00:19:32,150
‫So we get our new name, which is Jonas Schmedtmann,

340
00:19:32,150 --> 00:19:35,250
‫and then the role, which is still user.

341
00:19:35,250 --> 00:19:37,913
‫It didn't update the role to admin.

342
00:19:39,460 --> 00:19:42,380
‫Perfect. That's exactly what we wanted.

343
00:19:42,380 --> 00:19:46,230
‫So, give this a save and let's go back

344
00:19:46,230 --> 00:19:49,513
‫and actually with this we just finished this video.

345
00:19:50,590 --> 00:19:53,770
‫Next up, we will then implement a functionality

346
00:19:53,770 --> 00:19:55,913
‫of deleting the current user.

347
00:19:56,890 --> 00:20:00,730
‫So we worked on updating, next up we want to allow a user

348
00:20:00,730 --> 00:20:03,970
‫to basically delete himself when he no longer wants

349
00:20:03,970 --> 00:20:06,143
‫to be part of our application.