refactor(api): update twoFactorRequired and related methods to improve type safety and ensure consistent handling of user context

Author: ggazzo

apps/meteor/app/2fa/server/twoFactorRequired.ts

@@ -3,16 +3,13 @@ import { Meteor } from 'meteor/meteor';
 import type { ITwoFactorOptions } from './code/index';
 import { checkCodeForUser } from './code/index';
 
-export function twoFactorRequired<TFunction extends (this: Meteor.MethodThisType & { token: string }, ...args: any[]) => any>(
-	fn: TFunction,
+export const twoFactorRequired = <TFunction extends (this: any, ...args: any) => any>(
+	fn: ThisParameterType<TFunction> extends Meteor.MethodThisType
+		? TFunction
+		: (this: Meteor.MethodThisType, ...args: Parameters<TFunction>) => ReturnType<TFunction>,
 	options?: ITwoFactorOptions,
-): (
-	this: Meteor.MethodThisType & {
-		token: string;
-	},
-	...args: Parameters<TFunction>
-) => Promise<ReturnType<TFunction>> {
-	return async function (this: Meteor.MethodThisType & { token: string }, ...args: Parameters<TFunction>): Promise<ReturnType<TFunction>> {
+) =>
+	async function (this, ...args) {
 		if (!this.userId) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'twoFactorRequired' });
 		}
@@ -40,5 +37,4 @@ export function twoFactorRequired<TFunction extends (this: Meteor.MethodThisType
 		}
 
 		return fn.apply(this, args);
-	};
-}
+	} as (this: ThisParameterType<TFunction>, ...args: Parameters<TFunction>) => ReturnType<TFunction>;

apps/meteor/app/api/server/v1/users.ts

@@ -31,7 +31,6 @@ import { regeneratePersonalAccessTokenOfUser } from '../../../../imports/persona
 import { removePersonalAccessTokenOfUser } from '../../../../imports/personal-access-tokens/server/api/methods/removeToken';
 import { UserChangedAuditStore } from '../../../../server/lib/auditServerEvents/userChanged';
 import { i18n } from '../../../../server/lib/i18n';
-import { removeOtherTokens } from '../../../../server/lib/removeOtherTokens';
 import { resetUserE2EEncriptionKey } from '../../../../server/lib/resetUserE2EKey';
 import { registerUser } from '../../../../server/methods/registerUser';
 import { requestDataDownload } from '../../../../server/methods/requestDataDownload';
@@ -188,7 +187,7 @@ API.v1.addRoute(
 					};
 
 			await executeSaveUserProfile.call(
-				this as unknown as Meteor.MethodThisType,
+				this as unknown as Meteor.MethodThisType & { token: string },
 				this.user,
 				userData,
 				this.bodyParams.customFields,
@@ -1239,7 +1238,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async post() {
-			return API.v1.success(await removeOtherTokens(this.userId, this.connection.id));
+			return API.v1.success(await Users.removeNonLoginTokensExcept(this.userId, this.token));
 		},
 	},
 );

apps/meteor/app/lib/server/methods/saveSetting.ts

@@ -1,4 +1,4 @@
-import type { SettingValue } from '@rocket.chat/core-typings';
+import type { SettingEditor, SettingValue } from '@rocket.chat/core-typings';
 import type { ServerMethods } from '@rocket.chat/ddp-client';
 import { Settings } from '@rocket.chat/models';
 import { Match, check } from 'meteor/check';
@@ -14,12 +14,12 @@ import { notifyOnSettingChanged } from '../lib/notifyListener';
 declare module '@rocket.chat/ddp-client' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention
 	interface ServerMethods {
-		saveSetting(_id: string, value: SettingValue, editor?: string): Promise<boolean>;
+		saveSetting(_id: string, value: SettingValue, editor: SettingEditor): Promise<boolean>;
 	}
 }
 
 Meteor.methods<ServerMethods>({
-	saveSetting: twoFactorRequired(async function (_id, value, editor) {
+	saveSetting: twoFactorRequired(async function (_id: string, value: SettingValue, editor: SettingEditor) {
 		const uid = Meteor.userId();
 		if (!uid) {
 			throw new Meteor.Error('error-action-not-allowed', 'Editing settings is not allowed', {

apps/meteor/imports/personal-access-tokens/server/api/methods/generateToken.ts

@@ -14,7 +14,15 @@ declare module '@rocket.chat/ddp-client' {
 	}
 }
 
-export const generatePersonalAccessTokenOfUser = async ({ bypassTwoFactor, tokenName, userId }: {tokenName: string, userId: string, bypassTwoFactor: boolean}): Promise<string> => {
+export const generatePersonalAccessTokenOfUser = async ({
+	bypassTwoFactor,
+	tokenName,
+	userId,
+}: {
+	tokenName: string;
+	userId: string;
+	bypassTwoFactor: boolean;
+}): Promise<string> => {
 	if (!(await hasPermissionAsync(userId, 'create-personal-access-tokens'))) {
 		throw new Meteor.Error('not-authorized', 'Not Authorized', {
 			method: 'personalAccessTokens:generateToken',
@@ -44,17 +52,23 @@ export const generatePersonalAccessTokenOfUser = async ({ bypassTwoFactor, token
 		},
 	});
 	return token;
-}
+};
 
 Meteor.methods<ServerMethods>({
-	'personalAccessTokens:generateToken': twoFactorRequired(async function ({ tokenName, bypassTwoFactor }) {
+	'personalAccessTokens:generateToken': twoFactorRequired(async function ({
+		tokenName,
+		bypassTwoFactor,
+	}: {
+		tokenName: string;
+		bypassTwoFactor: boolean;
+	}) {
 		const uid = Meteor.userId();
 		if (!uid) {
 			throw new Meteor.Error('not-authorized', 'Not Authorized', {
 				method: 'personalAccessTokens:generateToken',
 			});
 		}
-		
+
 		return generatePersonalAccessTokenOfUser({ tokenName, userId: uid, bypassTwoFactor });
 	}),
 });

apps/meteor/imports/personal-access-tokens/server/api/methods/regenerateToken.ts

@@ -44,7 +44,7 @@ export const regeneratePersonalAccessTokenOfUser = async (tokenName: string, use
 };
 
 Meteor.methods<ServerMethods>({
-	'personalAccessTokens:regenerateToken': twoFactorRequired(async function ({ tokenName }) {
+	'personalAccessTokens:regenerateToken': twoFactorRequired(async function ({ tokenName }: { tokenName: string }) {
 		const uid = Meteor.userId();
 		if (!uid) {
 			throw new Meteor.Error('not-authorized', 'Not Authorized', {

apps/meteor/imports/personal-access-tokens/server/api/methods/removeToken.ts

@@ -34,10 +34,10 @@ export const removePersonalAccessTokenOfUser = async (tokenName: string, userId:
 			name: tokenName,
 		},
 	});
-}
+};
 
 Meteor.methods<ServerMethods>({
-	'personalAccessTokens:removeToken': twoFactorRequired(async function ({ tokenName }) {
+	'personalAccessTokens:removeToken': twoFactorRequired(async function ({ tokenName }: { tokenName: string }) {
 		const uid = Meteor.userId();
 		if (!uid) {
 			throw new Meteor.Error('not-authorized', 'Not Authorized', {