diff --git a/Common/Server/API/UserCallAPI.ts b/Common/Server/API/UserCallAPI.ts index a38cb15bf8..593ec26042 100644 --- a/Common/Server/API/UserCallAPI.ts +++ b/Common/Server/API/UserCallAPI.ts @@ -136,6 +136,35 @@ export default class UserCallAPI extends BaseAPI< ); } + const item: UserCall | null = await this.service.findOneById({ + id: req.body["itemId"], + props: { + isRoot: true, + }, + select: { + userId: true, + }, + }); + + if (!item) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Item not found"), + ); + } + + if ( + item.userId?.toString() !== + (req as OneUptimeRequest)?.userAuthorization?.userId?.toString() + ) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Invalid user ID"), + ); + } + await this.service.resendVerificationCode(req.body.itemId); return Response.sendEmptySuccessResponse(req, res); diff --git a/Common/Server/API/UserEmailAPI.ts b/Common/Server/API/UserEmailAPI.ts index 8a3e8e806e..90cb3111ac 100644 --- a/Common/Server/API/UserEmailAPI.ts +++ b/Common/Server/API/UserEmailAPI.ts @@ -137,6 +137,35 @@ export default class UserEmailAPI extends BaseAPI< ); } + const item: UserEmail | null = await this.service.findOneById({ + id: req.body["itemId"], + props: { + isRoot: true, + }, + select: { + userId: true, + }, + }); + + if (!item) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Item not found"), + ); + } + + if ( + item.userId?.toString() !== + (req as OneUptimeRequest)?.userAuthorization?.userId?.toString() + ) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Invalid user ID"), + ); + } + await this.service.resendVerificationCode(req.body.itemId); return Response.sendEmptySuccessResponse(req, res); diff --git a/Common/Server/API/UserSmsAPI.ts b/Common/Server/API/UserSmsAPI.ts index ffe588a7c2..47f55f54ed 100644 --- a/Common/Server/API/UserSmsAPI.ts +++ b/Common/Server/API/UserSmsAPI.ts @@ -132,6 +132,35 @@ export default class UserSMSAPI extends BaseAPI { ); } + const item: UserSMS | null = await this.service.findOneById({ + id: req.body["itemId"], + props: { + isRoot: true, + }, + select: { + userId: true, + }, + }); + + if (!item) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Item not found"), + ); + } + + if ( + item.userId?.toString() !== + (req as OneUptimeRequest)?.userAuthorization?.userId?.toString() + ) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Invalid user ID"), + ); + } + await this.service.resendVerificationCode(req.body.itemId); return Response.sendEmptySuccessResponse(req, res); diff --git a/Common/Server/API/UserWhatsAppAPI.ts b/Common/Server/API/UserWhatsAppAPI.ts index b7679d7253..7a388acda4 100644 --- a/Common/Server/API/UserWhatsAppAPI.ts +++ b/Common/Server/API/UserWhatsAppAPI.ts @@ -143,6 +143,35 @@ export default class UserWhatsAppAPI extends BaseAPI< ); } + const item: UserWhatsApp | null = await this.service.findOneById({ + id: req.body["itemId"], + props: { + isRoot: true, + }, + select: { + userId: true, + }, + }); + + if (!item) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Item not found"), + ); + } + + if ( + item.userId?.toString() !== + (req as OneUptimeRequest)?.userAuthorization?.userId?.toString() + ) { + return Response.sendErrorResponse( + req, + res, + new BadDataException("Invalid user ID"), + ); + } + await this.service.resendVerificationCode(req.body.itemId); return Response.sendEmptySuccessResponse(req, res);