Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,054 --> 00:00:04,059 In this lecture, we will allow the currently logged in 2 00:00:04,059 --> 00:00:07,283 user to manipulate his user data. 3 00:00:09,020 --> 00:00:11,910 And so now, by implementing user updates, 4 00:00:11,910 --> 00:00:14,880 we're really leaving the domain of authentication 5 00:00:14,880 --> 00:00:19,030 and are moving more into real user related stuff, okay? 6 00:00:19,030 --> 00:00:22,180 And so instead of using the authentication controller now, 7 00:00:22,180 --> 00:00:24,840 let's implement this updating functionality 8 00:00:24,840 --> 00:00:26,743 right in their userController. 9 00:00:27,850 --> 00:00:28,970 Okay, 10 00:00:28,970 --> 00:00:31,710 so we have a bunch of handlers, so of routes, 11 00:00:31,710 --> 00:00:35,270 that are not really implemented here, okay? 12 00:00:35,270 --> 00:00:37,420 But let's leave them aside for now 13 00:00:37,420 --> 00:00:40,553 and create our new handler function down here. 14 00:00:42,800 --> 00:00:45,143 And this one is gonna be called updateMe. 15 00:00:48,312 --> 00:00:51,260 And so again, it's updateMe because it's for updating 16 00:00:51,260 --> 00:00:53,323 the currently authenticated user. 17 00:00:54,580 --> 00:00:56,620 Later on, we will then also implement 18 00:00:56,620 --> 00:01:00,070 this updateUser function here, but that is then 19 00:01:00,070 --> 00:01:03,680 for like an administrator to update all of the user data, 20 00:01:03,680 --> 00:01:07,490 while the user itself can only update, for now at least, 21 00:01:07,490 --> 00:01:09,293 the name and the email address. 22 00:01:12,180 --> 00:01:15,900 So, request, response, and next. 23 00:01:17,205 --> 00:01:20,205 (keyboard clacking) 24 00:01:22,550 --> 00:01:25,800 And we are actually doing this, so updating the user data, 25 00:01:25,800 --> 00:01:29,180 in a different route than updating the user password, 26 00:01:29,180 --> 00:01:32,040 well because usually in a typical web application 27 00:01:32,040 --> 00:01:33,773 that's always how it's done. 28 00:01:34,720 --> 00:01:36,370 So you have usually one place 29 00:01:36,370 --> 00:01:38,190 where you can update your password 30 00:01:38,190 --> 00:01:40,630 and then another place where you can update data 31 00:01:40,630 --> 00:01:43,700 about the user or the account itself. 32 00:01:43,700 --> 00:01:46,993 And so here, we're just basically following that pattern. 33 00:01:48,592 --> 00:01:52,410 So again, let's start by laying out our steps. 34 00:01:52,410 --> 00:01:54,140 And the first thing that we want to do here 35 00:01:54,140 --> 00:01:56,090 is to basically create an error 36 00:01:56,090 --> 00:01:58,703 if the user tries to update the password. 37 00:02:01,993 --> 00:02:05,737 So create error if user 38 00:02:07,330 --> 00:02:10,073 posts basically password data. 39 00:02:13,406 --> 00:02:17,980 But then if not, we simply need to update the user document. 40 00:02:20,610 --> 00:02:23,720 So simple enough, and let's of course start 41 00:02:23,720 --> 00:02:24,783 with the first one. 42 00:02:26,410 --> 00:02:28,180 Of course there will be a body 43 00:02:28,180 --> 00:02:30,220 where we're gonna pass in the data, 44 00:02:30,220 --> 00:02:33,933 and so if on that body there is data on password, 45 00:02:35,890 --> 00:02:37,929 or a password confirm... 46 00:02:37,929 --> 00:02:40,596 (keys clacking) 47 00:02:44,047 --> 00:02:45,350 Confirm. 48 00:02:45,350 --> 00:02:49,410 Well in that case, we want to return immediately 49 00:02:49,410 --> 00:02:51,833 and create a new Apperror. 50 00:02:53,920 --> 00:02:57,110 Oh and I guess we didn't yet implement it here, 51 00:02:57,110 --> 00:02:58,780 or actually require, 52 00:02:58,780 --> 00:03:00,663 so let's just grab it from here. 53 00:03:01,660 --> 00:03:02,730 So AppError... 54 00:03:04,360 --> 00:03:05,580 It's not here, 55 00:03:05,580 --> 00:03:07,400 so the userController... 56 00:03:11,550 --> 00:03:13,550 So AppError, here we go. 57 00:03:15,700 --> 00:03:20,700 So 'This route is not for password updates. 58 00:03:26,280 --> 00:03:29,623 'Please use /updateMYPassword.' 59 00:03:32,160 --> 00:03:34,960 So basically the route that we specified before. 60 00:03:34,960 --> 00:03:36,720 So updateMYPassword. 61 00:03:39,226 --> 00:03:42,753 And then also, a code 400 for a bad request. 62 00:03:46,150 --> 00:03:48,743 And let's actually try this one out right away. 63 00:03:49,921 --> 00:03:51,770 And for that just two things, 64 00:03:51,770 --> 00:03:54,133 first we need to send back a response, 65 00:03:56,230 --> 00:04:00,660 so let's say res.status(200) for okay, 66 00:04:00,660 --> 00:04:01,993 and then json, 67 00:04:07,130 --> 00:04:09,070 add the status as success. 68 00:04:09,070 --> 00:04:11,860 And later we will then also send the updated user, 69 00:04:11,860 --> 00:04:13,563 but let's leave that for later. 70 00:04:14,610 --> 00:04:16,839 So that's the response, and now we of course 71 00:04:16,839 --> 00:04:19,892 also need to add this route to our user Router. 72 00:04:21,880 --> 00:04:24,993 So that's of course similar to update my password, 73 00:04:26,390 --> 00:04:29,663 so router, and of course a patch, 74 00:04:32,066 --> 00:04:32,899 /updateMe, 75 00:04:35,370 --> 00:04:38,080 then again, it is a protected route 76 00:04:38,080 --> 00:04:42,120 so only the currently authenticated user can update 77 00:04:42,120 --> 00:04:43,603 the data of the current user. 78 00:04:45,420 --> 00:04:48,240 And so all of this is of course really secure, 79 00:04:48,240 --> 00:04:51,540 again because the ID of the user that is gonna be updated 80 00:04:51,540 --> 00:04:53,960 come from request.user, 81 00:04:53,960 --> 00:04:58,120 which was set by this protect middleware here, 82 00:04:58,120 --> 00:05:01,700 which in turn got the idea from the json web token, 83 00:05:01,700 --> 00:05:05,180 and since no one can change the ID in that json web token 84 00:05:05,180 --> 00:05:07,920 without knowing the secret, well we know 85 00:05:07,920 --> 00:05:11,260 that the ID is then safe because of that. 86 00:05:11,260 --> 00:05:13,993 And so because of this, everything here is safe. 87 00:05:16,342 --> 00:05:18,675 So, userController.updateME. 88 00:05:21,554 --> 00:05:22,471 Now okay... 89 00:05:24,050 --> 00:05:26,003 So let's test this now. 90 00:05:28,830 --> 00:05:30,883 Go ahead and copy this again. 91 00:05:34,530 --> 00:05:37,363 And first of all, let's set the authorization. 92 00:05:38,300 --> 00:05:41,520 Again from the Bearer Token 93 00:05:41,520 --> 00:05:43,770 and of course with this environment variable. 94 00:05:45,788 --> 00:05:48,470 Also it needs to be a patch request, 95 00:05:48,470 --> 00:05:50,653 and we need to specify a body. 96 00:05:53,740 --> 00:05:56,110 And I want to start by testing it, 97 00:05:56,110 --> 00:05:57,930 causing this error of course, 98 00:05:57,930 --> 00:05:59,653 and so let's specify a password, 99 00:06:06,170 --> 00:06:07,613 and then a name. 100 00:06:12,620 --> 00:06:15,883 So let's say that this is the name that we want to update, 101 00:06:17,030 --> 00:06:18,620 so let's save this here. 102 00:06:20,911 --> 00:06:23,361 And actually it is of course in the Users folder. 103 00:06:26,960 --> 00:06:28,973 User Data. 104 00:06:30,810 --> 00:06:32,750 And actually let's create a new folder here, 105 00:06:32,750 --> 00:06:35,670 and put the stuff that is related to authentication 106 00:06:35,670 --> 00:06:37,123 into its own folder. 107 00:06:39,998 --> 00:06:42,960 So up here, we create a new folder 108 00:06:42,960 --> 00:06:47,960 and call it Authentication. 109 00:06:48,150 --> 00:06:49,460 That's not correct. 110 00:06:49,460 --> 00:06:52,354 AH-THEN-TICATION. 111 00:06:52,354 --> 00:06:53,554 (chuckles) So that's it. 112 00:06:55,480 --> 00:06:58,593 And so the password is related to authentication, 113 00:06:59,550 --> 00:07:04,530 also resetting the password, forgetting the password, 114 00:07:04,530 --> 00:07:07,193 logging in, and signing out. 115 00:07:11,078 --> 00:07:13,245 So, let's close these two, 116 00:07:14,440 --> 00:07:16,800 and now log in as, 117 00:07:16,800 --> 00:07:18,600 or actually let's create a new user. 118 00:07:20,490 --> 00:07:22,043 So let's sign up here, 119 00:07:24,170 --> 00:07:28,600 as a normal user so we can get rid of these two here. 120 00:07:28,600 --> 00:07:33,150 And now I'm simply calling it, well, test again, all right? 121 00:07:33,150 --> 00:07:36,060 And let's take a look at what users we currently have 122 00:07:38,520 --> 00:07:40,100 in our database. 123 00:07:40,100 --> 00:07:41,950 So we have hello and admin, 124 00:07:41,950 --> 00:07:43,823 and so let's now use test. 125 00:07:47,400 --> 00:07:49,260 And I'm always again, using the same password 126 00:07:49,260 --> 00:07:50,483 to make it really easy. 127 00:07:52,310 --> 00:07:55,833 All right, we need to give the name as well, 128 00:07:59,530 --> 00:08:01,003 let's just call it J here. 129 00:08:03,180 --> 00:08:05,570 And now indeed we get our token, 130 00:08:05,570 --> 00:08:07,120 and we're already logged in, 131 00:08:07,120 --> 00:08:09,250 and so now when we update the user, 132 00:08:09,250 --> 00:08:12,083 that should be for this user that was just logged in. 133 00:08:13,734 --> 00:08:15,770 So I'm not trying to update and of course, 134 00:08:15,770 --> 00:08:19,180 no updating is yet implemented and so that's not gonna work. 135 00:08:19,180 --> 00:08:21,820 All I want to see is the error that should happen 136 00:08:21,820 --> 00:08:25,713 because I specified this password property here on the body. 137 00:08:27,361 --> 00:08:28,720 So let's try it out. 138 00:08:28,720 --> 00:08:31,973 And here we get this kind weird looking error, 139 00:08:33,190 --> 00:08:35,700 but I guess it is simply because we didn't 140 00:08:35,700 --> 00:08:37,150 actually update the route here, 141 00:08:37,150 --> 00:08:40,500 so remember I just copied a route, so the URL, 142 00:08:40,500 --> 00:08:42,159 and just pasted it here. 143 00:08:42,159 --> 00:08:46,610 But of course, it needs to be updateME. 144 00:08:46,610 --> 00:08:48,630 So let's try that again. 145 00:08:48,630 --> 00:08:51,617 And so now we actually get that error that we specified. 146 00:08:51,617 --> 00:08:53,627 "This route is not for password updates. 147 00:08:53,627 --> 00:08:56,300 "Please use /updateMyPassowrd." 148 00:08:56,300 --> 00:08:58,450 So great, that part is working, 149 00:08:58,450 --> 00:09:01,890 and it's also working that we need to be authenticated. 150 00:09:01,890 --> 00:09:05,700 Because let's say that we have no authentication, 151 00:09:05,700 --> 00:09:08,410 and so let's say that: No Auth. 152 00:09:08,410 --> 00:09:10,330 And so let's try that again now. 153 00:09:10,330 --> 00:09:12,867 And so indeed, "You are not logged in! 154 00:09:12,867 --> 00:09:15,157 "Please log in to get access." 155 00:09:17,300 --> 00:09:19,800 So just to prove you that our authentication 156 00:09:19,800 --> 00:09:21,853 is actually also doing its job here. 157 00:09:23,260 --> 00:09:25,450 But of course, we want our Bearer Token, 158 00:09:25,450 --> 00:09:27,933 and so now we get that other error. 159 00:09:29,990 --> 00:09:32,790 Great, so let's now go ahead implement 160 00:09:32,790 --> 00:09:36,943 the rest of the functionality for the updateMe handler. 161 00:09:38,170 --> 00:09:40,970 So updating the user document, 162 00:09:40,970 --> 00:09:43,910 and we could try to do it with user.safe. 163 00:09:43,910 --> 00:09:46,860 So just like before, basically getting the user 164 00:09:46,860 --> 00:09:49,430 then updating the properties, and then by the end, 165 00:09:49,430 --> 00:09:51,030 saving the document. 166 00:09:51,030 --> 00:09:53,500 But the problem with that is that there are some fields 167 00:09:53,500 --> 00:09:56,320 that are required which we're not updating, 168 00:09:56,320 --> 00:09:57,680 and then because of that, 169 00:09:57,680 --> 00:09:59,490 we will some error. 170 00:09:59,490 --> 00:10:01,330 And so just to quickly demonstrate to you, 171 00:10:01,330 --> 00:10:02,530 let me actually do that. 172 00:10:03,430 --> 00:10:06,403 Okay, so very quickly, getting the user here. 173 00:10:09,490 --> 00:10:14,490 So findbyId, so request.user as we already know, .id. 174 00:10:17,540 --> 00:10:22,540 And then let's say, user.name = 'Jonas' 175 00:10:25,582 --> 00:10:27,297 and then await user.save. 176 00:10:30,660 --> 00:10:33,763 But again you see that this will give us an error then. 177 00:10:35,277 --> 00:10:37,320 But for now let's also of course declare it 178 00:10:37,320 --> 00:10:38,763 as an async function. 179 00:10:45,700 --> 00:10:47,970 And all right. 180 00:10:47,970 --> 00:10:49,690 So let's test it now, 181 00:10:49,690 --> 00:10:52,780 but we should expect to see an error now. 182 00:10:52,780 --> 00:10:55,113 So let's of course get rid of this one, 183 00:10:58,910 --> 00:11:02,560 and indeed we get: "Please confirm your password". 184 00:11:02,560 --> 00:11:06,380 And so that's because passwordConfirm is a required field 185 00:11:06,380 --> 00:11:08,763 but we did of course not specify it. 186 00:11:09,770 --> 00:11:12,940 And so the safe method is not really the correct option 187 00:11:12,940 --> 00:11:14,760 in this case. 188 00:11:14,760 --> 00:11:16,560 So instead what we can do now is 189 00:11:16,560 --> 00:11:19,453 to actually use findById and update. 190 00:11:20,540 --> 00:11:23,560 So we could not use that before for all the reasons 191 00:11:23,560 --> 00:11:25,970 that I explained to you multiple times by now. 192 00:11:25,970 --> 00:11:28,460 But now since we're not dealing with passwords, 193 00:11:28,460 --> 00:11:32,380 but only with this non-sensitive data like name or email, 194 00:11:32,380 --> 00:11:36,263 we can now use findById and update. 195 00:11:38,810 --> 00:11:40,343 So, let's get rid of this. 196 00:11:42,380 --> 00:11:46,040 Let's also call it here updatedUser. 197 00:11:46,040 --> 00:11:48,950 And then in here, we need to pass not only the ID, 198 00:11:48,950 --> 00:11:51,400 but also the data that should be updated, 199 00:11:51,400 --> 00:11:53,040 and then some options. 200 00:11:53,040 --> 00:11:56,303 So the data, let's for now call it x here, 201 00:11:57,650 --> 00:11:59,140 and I'm telling you why in a second, 202 00:11:59,140 --> 00:12:02,250 and then the options that we want to pass in. 203 00:12:02,250 --> 00:12:04,180 And so that's just like before, 204 00:12:04,180 --> 00:12:07,240 the new option set to true, 205 00:12:07,240 --> 00:12:09,090 so that it returns the new object, 206 00:12:09,090 --> 00:12:12,033 so basically the updated object instead of the old one. 207 00:12:12,880 --> 00:12:16,393 And the also runValidators set to true. 208 00:12:17,670 --> 00:12:22,000 Because indeed we want the models to validate our document. 209 00:12:22,000 --> 00:12:25,490 So for example, if we put in an invalid email address, 210 00:12:25,490 --> 00:12:28,490 that should be catched by the Validator and return an error. 211 00:12:29,770 --> 00:12:34,770 Now why am I putting x here, and not simply request.body? 212 00:12:35,040 --> 00:12:37,510 Well that's because we actually do not want 213 00:12:37,510 --> 00:12:40,010 to update everything that's in the body, 214 00:12:40,010 --> 00:12:43,130 because let's say the user puts, in the body, 215 00:12:43,130 --> 00:12:44,513 the role for example. 216 00:12:46,550 --> 00:12:51,550 We could have body.role set to admin for example, 217 00:12:52,510 --> 00:12:55,040 and so this would then allow any user 218 00:12:55,040 --> 00:12:57,860 to change the role, for example, to administrator. 219 00:12:57,860 --> 00:13:00,200 And of course that can not be allowed. 220 00:13:00,200 --> 00:13:02,850 Or the user could also change their reset token, 221 00:13:02,850 --> 00:13:05,350 or when that reset token expires, 222 00:13:05,350 --> 00:13:08,290 and all of that should not be allowed of course. 223 00:13:08,290 --> 00:13:10,440 So doing something like this would 224 00:13:10,440 --> 00:13:12,520 of course be a huge mistake. 225 00:13:12,520 --> 00:13:14,773 And so we need to make sure that the object 226 00:13:14,773 --> 00:13:16,640 that we pass here, 227 00:13:16,640 --> 00:13:19,460 so again that object that will contain the data 228 00:13:19,460 --> 00:13:20,860 that's gonna be updated, 229 00:13:20,860 --> 00:13:23,540 only contains name and email, 230 00:13:23,540 --> 00:13:25,940 because for now these are the only fields 231 00:13:25,940 --> 00:13:27,623 that we want to allow to update. 232 00:13:28,640 --> 00:13:31,150 And so basically we want to filter the body 233 00:13:31,150 --> 00:13:34,370 so that in the end, it only contains name and email 234 00:13:34,370 --> 00:13:35,610 and nothing else. 235 00:13:35,610 --> 00:13:38,620 So if then the user tries to change the role, 236 00:13:38,620 --> 00:13:40,250 that will then be filtered out 237 00:13:40,250 --> 00:13:43,483 so that it never finds its way to our database. 238 00:13:44,769 --> 00:13:48,400 So what we want to do is to basically create a variable 239 00:13:48,400 --> 00:13:49,750 and let's say filteredBody, 240 00:13:52,400 --> 00:13:56,240 and then we're gonna create function in a second, 241 00:13:56,240 --> 00:13:58,620 but let's just already use it here, 242 00:13:58,620 --> 00:14:00,420 just so you see how it's gonna work. 243 00:14:01,450 --> 00:14:03,250 And then in here we pass the data, 244 00:14:03,250 --> 00:14:05,850 so the object that we want to filter, 245 00:14:05,850 --> 00:14:09,890 so req.body, because that's where all the data is, 246 00:14:09,890 --> 00:14:12,440 and then we pass a couple of arguments. 247 00:14:12,440 --> 00:14:15,170 One for each of the fields that we want to keep 248 00:14:15,170 --> 00:14:16,183 in the object. 249 00:14:17,950 --> 00:14:20,343 So we want to keep the field called name, 250 00:14:21,400 --> 00:14:23,653 and the field called email. 251 00:14:25,120 --> 00:14:28,790 And again, a bit later we might then add more fields here, 252 00:14:28,790 --> 00:14:30,910 for example later we might allow the user 253 00:14:30,910 --> 00:14:32,850 to upload an image. 254 00:14:32,850 --> 00:14:35,709 And of course that we then also need to update 255 00:14:35,709 --> 00:14:37,220 in the database. 256 00:14:37,220 --> 00:14:39,010 But for now, all we want to keep 257 00:14:39,010 --> 00:14:43,343 in the body is name and email and filter out all the rest. 258 00:14:45,410 --> 00:14:48,067 And so here, let's now use filteredBody, 259 00:14:49,730 --> 00:14:51,573 instead of x of course. 260 00:14:54,400 --> 00:14:57,200 And so now what we need to do is to actually implement 261 00:14:57,200 --> 00:15:00,833 this function which will take care of filtering the object. 262 00:15:02,640 --> 00:15:03,893 So let's do that here. 263 00:15:09,151 --> 00:15:09,984 FilterObj, 264 00:15:12,350 --> 00:15:15,050 which will take in an object 265 00:15:15,050 --> 00:15:18,853 and then the rest parameters for all the allowed fields. 266 00:15:21,320 --> 00:15:23,670 And so this will then basically create an array 267 00:15:23,670 --> 00:15:27,203 containing all of the arguments that we passed in. 268 00:15:28,690 --> 00:15:31,750 So basically that were passed in after this first one. 269 00:15:31,750 --> 00:15:36,750 So in that case, it is an array containing name and email. 270 00:15:39,610 --> 00:15:41,260 So what we need to do now is basically 271 00:15:41,260 --> 00:15:44,560 to loop through the object and for each element check 272 00:15:44,560 --> 00:15:46,240 if it's one of the allowed fields, 273 00:15:46,240 --> 00:15:49,110 and if it is, simply add it to a new object, 274 00:15:49,110 --> 00:15:51,160 that we're then gonna return in the end. 275 00:15:51,160 --> 00:15:53,840 And probably there are more efficient of better ways 276 00:15:53,840 --> 00:15:55,140 to implement this, 277 00:15:55,140 --> 00:15:56,990 but let's just do it very quick here. 278 00:15:58,810 --> 00:16:00,790 So we're gonna loop the object by saying 279 00:16:00,790 --> 00:16:04,893 Object.keys of the object that we pass in. 280 00:16:05,940 --> 00:16:08,210 So that's one of the easy ways to loop 281 00:16:08,210 --> 00:16:09,883 through an object in JavaScript. 282 00:16:12,612 --> 00:16:15,710 So, this here then basically returns an array 283 00:16:15,710 --> 00:16:17,560 containing all the key names, 284 00:16:17,560 --> 00:16:19,850 so the field names of this object, 285 00:16:19,850 --> 00:16:21,713 and then we can loop through them. 286 00:16:22,570 --> 00:16:24,023 Then our callback function. 287 00:16:24,960 --> 00:16:27,933 And for each element, this is what we're gonna do. 288 00:16:29,080 --> 00:16:32,680 So, if the allowed field array 289 00:16:33,680 --> 00:16:38,680 includes the current element, so the current field name, 290 00:16:38,840 --> 00:16:41,310 then we want to add that to a new object. 291 00:16:41,310 --> 00:16:43,533 So let's quickly create that one here, 292 00:16:44,580 --> 00:16:47,340 so const newObj 293 00:16:48,540 --> 00:16:50,260 which is empty for now, 294 00:16:50,260 --> 00:16:53,010 and in the end, that's the one that we're gonna return. 295 00:16:54,820 --> 00:16:57,500 So newObj. 296 00:16:57,500 --> 00:17:00,770 So if the current field is one of the allowed fields, 297 00:17:00,770 --> 00:17:05,770 well then newObj with the field name of the current field, 298 00:17:07,260 --> 00:17:10,970 should be equal to whatever is in the object 299 00:17:10,970 --> 00:17:13,742 at the current element, so the current field name. 300 00:17:15,329 --> 00:17:17,593 So don't if this looks a bit confusing, 301 00:17:18,460 --> 00:17:20,740 this is again just standard JavaScript, 302 00:17:20,740 --> 00:17:24,450 it has nothing to do with no JS or eXpress 303 00:17:24,450 --> 00:17:25,593 or anything like that. 304 00:17:26,810 --> 00:17:29,510 So again, all we do here is to basically loop 305 00:17:29,510 --> 00:17:32,090 through all the fields that are in the object 306 00:17:32,090 --> 00:17:33,710 and then for each field, we check 307 00:17:33,710 --> 00:17:35,700 if it's one of the allowed fields. 308 00:17:35,700 --> 00:17:39,300 And if it is, then we create a new field in the new object, 309 00:17:39,300 --> 00:17:40,610 of course with the same name, 310 00:17:40,610 --> 00:17:43,700 so still name element, with the exact same value 311 00:17:43,700 --> 00:17:46,317 as it has in the original object. 312 00:17:46,317 --> 00:17:49,193 And then in the end of course, we return that one. 313 00:17:51,880 --> 00:17:55,323 And so this should now all be working here. 314 00:17:56,260 --> 00:17:58,520 Then all we need to do in the end 315 00:17:58,520 --> 00:18:01,603 is to send that updated user to the client. 316 00:18:03,040 --> 00:18:04,083 So, user. 317 00:18:06,120 --> 00:18:11,120 Now of course, we need to put the udatedUser then here, 318 00:18:11,160 --> 00:18:15,400 give it a save again, and so now it should work. 319 00:18:15,400 --> 00:18:17,877 Se really what we did here was.. 320 00:18:21,310 --> 00:18:24,003 update the user last, and before we did that, 321 00:18:25,450 --> 00:18:30,450 we actually filtered out unwanted field names 322 00:18:34,490 --> 00:18:39,303 that are not allowed to be updated. 323 00:18:40,758 --> 00:18:42,460 So let's try that now. 324 00:18:42,460 --> 00:18:46,423 And this user here is a regular user, 325 00:18:47,780 --> 00:18:49,150 so we just created him, 326 00:18:49,150 --> 00:18:50,813 remember with the name of J. 327 00:18:51,920 --> 00:18:55,100 And so let's quickly take a look at Compass. 328 00:18:56,900 --> 00:19:00,870 So it's a normal user, with a name of J. 329 00:19:00,870 --> 00:19:02,450 And so let's now update then name, 330 00:19:02,450 --> 00:19:05,160 and also try to update the role, 331 00:19:05,160 --> 00:19:07,460 which again is not allowed. 332 00:19:07,460 --> 00:19:11,090 But to see if our code is working, let's try it. 333 00:19:11,090 --> 00:19:14,470 So there is the name already, and let's say 334 00:19:14,470 --> 00:19:15,970 we're a malicious user 335 00:19:15,970 --> 00:19:19,313 trying to change our role to admin. 336 00:19:20,620 --> 00:19:23,150 So, everything is correct I guess, 337 00:19:23,150 --> 00:19:25,190 so let's send this now, 338 00:19:25,190 --> 00:19:28,520 and indeed here is our updated object. 339 00:19:28,520 --> 00:19:32,150 So we get our new name, which is Jonas Schmedtmann, 340 00:19:32,150 --> 00:19:35,250 and then the role, which is still user. 341 00:19:35,250 --> 00:19:37,913 It didn't update the role to admin. 342 00:19:39,460 --> 00:19:42,380 Perfect. That's exactly what we wanted. 343 00:19:42,380 --> 00:19:46,230 So, give this a save and let's go back 344 00:19:46,230 --> 00:19:49,513 and actually with this we just finished this video. 345 00:19:50,590 --> 00:19:53,770 Next up, we will then implement a functionality 346 00:19:53,770 --> 00:19:55,913 of deleting the current user. 347 00:19:56,890 --> 00:20:00,730 So we worked on updating, next up we want to allow a user 348 00:20:00,730 --> 00:20:03,970 to basically delete himself when he no longer wants 349 00:20:03,970 --> 00:20:06,143 to be part of our application. 27066