feat(core): Add user.profile.beforeUpdate hook (#8144)

Add `user.profile.beforeUpdate` hook so we can prevent user email change if it overlaps with other users email.
2025-12-18 02:21:13 +00:00 · 2024-01-02 10:15:12 +02:00
parent ece48d6a13
commit e126ed74f3
3 changed files with 53 additions and 1 deletions
--- a/packages/cli/test/unit/controllers/me.controller.test.ts
+++ b/packages/cli/test/unit/controllers/me.controller.test.ts
@@ -53,6 +53,12 @@ describe('MeController', () => {

 			await controller.updateCurrentUser(req, res);

+			expect(externalHooks.run).toHaveBeenCalledWith('user.profile.beforeUpdate', [
+				user.id,
+				user.email,
+				reqBody,
+			]);
+
 			expect(userService.update).toHaveBeenCalled();

 			const cookieOptions = captor<CookieOptions>();
@@ -93,6 +99,28 @@ describe('MeController', () => {
 			expect(updatedUser.id).not.toBe('0');
 			expect(updatedUser.globalRoleId).not.toBe('42');
 		});
+
+		it('should throw BadRequestError if beforeUpdate hook throws BadRequestError', async () => {
+			const user = mock<User>({
+				id: '123',
+				password: 'password',
+				authIdentities: [],
+				globalRoleId: '1',
+			});
+			const reqBody = { email: 'valid@email.com', firstName: 'John', lastName: 'Potato' };
+			const req = mock<MeRequest.UserUpdate>({ user, body: reqBody });
+			userService.findOneOrFail.mockResolvedValue(user);
+
+			externalHooks.run.mockImplementationOnce(async (hookName) => {
+				if (hookName === 'user.profile.beforeUpdate') {
+					throw new BadRequestError('Invalid email address');
+				}
+			});
+
+			await expect(controller.updateCurrentUser(req, mock())).rejects.toThrowError(
+				new BadRequestError('Invalid email address'),
+			);
+		});
 	});

 	describe('updatePassword', () => {