From edaf255e8f609185dcd6c2c0cd2e8b007b785e0c Mon Sep 17 00:00:00 2001
From: Philipp Dormann <philipp@philippdormann.de>
Date: Fri, 3 Feb 2023 14:12:28 +0100
Subject: [PATCH 1/5] move to 15min limit

---
 src/controllers/RunnerSelfServiceController.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/controllers/RunnerSelfServiceController.ts b/src/controllers/RunnerSelfServiceController.ts
index 822fa1b..ec98eda 100644
--- a/src/controllers/RunnerSelfServiceController.ts
+++ b/src/controllers/RunnerSelfServiceController.ts
@@ -119,7 +119,7 @@ export class RunnerSelfServiceController {
 	@Post('/runners/login')
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@OnUndefined(ResponseEmpty)
-	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice magic-login-link to be sent to your mail address (rate limited to one mail every 24hrs).' })
+	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice magic-login-link to be sent to your mail address (rate limited to one mail every 15mins).' })
 	async requestNewToken(@QueryParam('mail') mail: string, @QueryParam("locale") locale: string = "en") {
 		if (!mail) {
 			throw new RunnerNotFoundError();
@@ -127,7 +127,7 @@ export class RunnerSelfServiceController {
 		const runner = await this.runnerRepository.findOne({ email: mail });
 		if (!runner) { throw new RunnerNotFoundError(); }
 
-		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 60 * 24)) { throw new RunnerSelfserviceTimeoutError(); }
+		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 15)) { throw new RunnerSelfserviceTimeoutError(); }
 		const token = JwtCreator.createSelfService(runner);
 
 		try {

From e8b2e6f26140a18c06b017e4461742d7e7942f08 Mon Sep 17 00:00:00 2001
From: Philipp Dormann <philipp@philippdormann.de>
Date: Fri, 3 Feb 2023 16:12:20 +0100
Subject: [PATCH 2/5] =?UTF-8?q?=F0=9F=9A=80Bumped=20version=20to=20v0.13.2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 9 +++++++++
 package.json | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7bbbe15..f381e75 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,8 +2,17 @@
 
 All notable changes to this project will be documented in this file. Dates are displayed in UTC.
 
+#### [v0.13.2](https://git.odit.services/lfk/backend/compare/v0.13.1...v0.13.2)
+
+- Merge pull request 'move selfservice magic link endpoint to 15min rate limit' (#200) from feature/runner-selfservice-login-link-rate-limit into dev [`39f3b0e`](https://git.odit.services/lfk/backend/commit/39f3b0e01f03bfbcfcb0ea08d697268ce068e63d)
+- move to 15min limit [`edaf255`](https://git.odit.services/lfk/backend/commit/edaf255e8f609185dcd6c2c0cd2e8b007b785e0c)
+- Merge pull request 'Releases 0.12.0 and 0.13.0' (#199) from dev into main [`41c4ed4`](https://git.odit.services/lfk/backend/commit/41c4ed4d0faaed382801bbe480f31dafa6f3912d)
+
 #### [v0.13.1](https://git.odit.services/lfk/backend/compare/v0.13.0...v0.13.1)
 
+> 2 February 2023
+
+- 🚀Bumped version to v0.13.1 [`f2bd88a`](https://git.odit.services/lfk/backend/commit/f2bd88aadfcb6ffa0485ea6afac8c7664a37f5f4)
 - Updated description [`67a3661`](https://git.odit.services/lfk/backend/commit/67a36614485b2ea83c2de41e0684708b95a05b32)
 
 #### [v0.13.0](https://git.odit.services/lfk/backend/compare/v0.12.0...v0.13.0)
diff --git a/package.json b/package.json
index 684cddb..89edd3c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@odit/lfk-backend",
-  "version": "0.13.1",
+  "version": "0.13.2",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {

From 8fedd4ef3bdd48dc42abc1d53006eefc145175e3 Mon Sep 17 00:00:00 2001
From: Nicolai Ort <info@nicolai-ort.com>
Date: Wed, 15 Feb 2023 14:34:12 +0100
Subject: [PATCH 3/5] Added delete check for citizen org ref #201

---
 src/controllers/RunnerOrganizationController.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/controllers/RunnerOrganizationController.ts b/src/controllers/RunnerOrganizationController.ts
index de19d49..5cf4183 100644
--- a/src/controllers/RunnerOrganizationController.ts
+++ b/src/controllers/RunnerOrganizationController.ts
@@ -1,4 +1,4 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, BadRequestError, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerOrganizationHasRunnersError, RunnerOrganizationHasTeamsError, RunnerOrganizationIdsNotMatchingError, RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
@@ -114,6 +114,10 @@ export class RunnerOrganizationController {
 	@OnUndefined(204)
 	@OpenAPI({ description: 'Delete the organsisation whose id you provided. <br> If the organization still has runners and/or teams associated this will fail. <br> To delete the organization with all associated runners and teams set the force QueryParam to true (cascading deletion might take a while). <br> This won\'t delete the associated contact. <br> If no organization with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		if (id == 1) {
+			throw new BadRequestError("You can't delete the citizen runner org.");
+		}
+
 		let organization = await this.runnerOrganizationRepository.findOne({ id: id });
 		if (!organization) { return null; }
 		let runnerOrganization = await this.runnerOrganizationRepository.findOne(organization, { relations: ['contact', 'runners', 'teams'] });

From d5c689d6937288df7dca14ce26fbbd4f46a8752a Mon Sep 17 00:00:00 2001
From: Nicolai Ort <info@nicolai-ort.com>
Date: Wed, 15 Feb 2023 14:35:58 +0100
Subject: [PATCH 4/5] Updated tests ref #201

---
 src/tests/runnerOrgs/org_delete.spec.ts |   6 ++++++
 test.sqlite-journal                     | Bin 0 -> 12824 bytes
 2 files changed, 6 insertions(+)
 create mode 100644 test.sqlite-journal

diff --git a/src/tests/runnerOrgs/org_delete.spec.ts b/src/tests/runnerOrgs/org_delete.spec.ts
index 92cbfce..293b5a6 100644
--- a/src/tests/runnerOrgs/org_delete.spec.ts
+++ b/src/tests/runnerOrgs/org_delete.spec.ts
@@ -22,6 +22,12 @@ describe('deletion (non-existant)', () => {
         expect(res2.status).toEqual(204);
     });
 });
+describe('deletion of citizen sould fail', () => {
+    it('delete', async () => {
+        const res3 = await axios.delete(base + '/api/organizations/1', axios_config);
+        expect(res3.status).toEqual(400);
+    });
+});
 // ---------------
 describe('adding + deletion (successfull)', () => {
     let added_org_id
diff --git a/test.sqlite-journal b/test.sqlite-journal
new file mode 100644
index 0000000000000000000000000000000000000000..b494b9359cdeb52cafea030d5e22f5109e6f4cc4
GIT binary patch
literal 12824
zcmeHNPi))P85bqX)E`S!;<&8WxuWGc2`z6BMg7fTndYd07F%{48AwjT6ZzzDktmg-
z+SC|U*hvHAHekhy4m-4`^|I5j6$N@|5un8`J+&CR-8!Jx?hq6hI-q@zlIZs+TXDSs
z#V`txNWS-dAHU!4``-6HO8WE@|G$JcmA`sC9^Yfu`zLf<^mx4J5JPYG^?$&C5J4c%
z2j22<A9KIw_PER3Z1nT!JJDZ8Z$vLdzKXmbc`ee4lp=wdzt8+(=H;2SnPB*%@UO!^
z3onGe2)!SAC3G{i68v}Yz2K|C-QcCb*MX0bG56&%;4<Jc;4<Jc;4<Jc@LynH<$TOD
z8-E5{nrAF~J0_^Xo+;EIXqWGTcDDt$`??MdpSX-==Z}%y==V%$3`L7Sh<WDXc|x?N
z>Cm>jqiae>g_l16)q@Y;`thUJKY8PWKmKB<nq0!Fq(_wM#-n#zE&D#n#6)4*|CL27
zO!`k-CIMU$Vji9XumQ}ylOb4*V_gyftxH2#eRi@mjUl;!rAZ79+Z2fJJ3(wg6r&S`
zVf7iOTePkN#P=pkJ3!1kK{#xaAg(?g^T-QiDvh$|(Qh8zzx>(nUj6L1Z&;8vjos1I
z5sBq3^4Jg=mXY)khA4R6;#1#3mBQ*R%wbhBV3Y1j0QX)x7xT<hz@GyR4d^Gqx;l$>
zNvyOk4R7`AWN8{v@(h+H5jkv=Ao4L(Gbj+F`tpQmi5ylW5fF;B`(kv0DDC^j2o@!M
zC#{l>7iLhgpd7c0#S=VV31dytb5fIbeI+zWmiAo?Vp-C6$}Z`AF@P2r<@{llc!Kvy
z7ORrpQ>wK4$?1v0wEru9EKK@OTc!X^IRPA2h$jK?Iens39RR!&g&hDGCji<q3E(k1
zRYkj>Kf=B432|3F+*R%$+~2sraPOe+1AfjuMBfSAw6<IK!)3r_z-7Q?z-7Q?z-7Q?
zz-7Q?z-7Q?z-7Q?V8j5&_?DP1FicI+x<EJ2$3ngf!Cj-%@79%$ZUV)Ovc5&83yrqc
z>uDYRS|sR;GhIW|u|~@q4fvJ<{T?*xNEXd=|MWzIws>sXx6ByU*W7i>sxRtC^1~4Y
z7%DgATMqOTpx1jQzy?^KZ_XMBdwmN5wWC|3$l+L!aCG?p59Y@8b<KoAvtzV@Dah!b
zAPnRAi69{PJ@iKZ53&9ng1>^#q4yMek6weX<wsXXANM>zy8Njh&3U;mu|%Bviu*GB
z=g^0tji4BKJHSrA$$sSjdMe@nfSL7u;d|Hj(DNFS+dIedl{m9MujwkhTe)(x4xyTp
z3bG>QaygjJHu5<olTx$AOxoshZf(0<s+EOG^-B4skeIBM5H_nq!q!a)7Zc`7U6>Gs
z`@I;;$K%YytO*(|Xp7h<XNLEwm43QjcG%F=grMmr+=Yg)wO!dLZQl~Em2U~9o!Vxl
ziWE1>)tXS<MDLyT^;IFEgEmYEF91Wi4GeUx!k%JiT^vbrxZlT?55-^`Xf1M}d%L4k
zhHy?fjW;!;XF3PlnyR*-bF>A<CA*;4d$D8Cj_8;qG}P#HS`g?6f&rTb?A@+)?m&I5
z)7Q;IO0JZjEA6b;go~1h1iMD3skPvirjSUGE;P5{^L_Md4^(Sf8y(TlJ+={~Xhmwo
z2EpdqX7xsGyHr6GCw8vabD2h}nN4T&xkg%2in(;NDK(oYXH?|xPPKA<r;NgGQH$Jh
zC>Lc}YNVi)PG{5UOrZ$Wf|AYwInyW-%7ZwJYd0F82qZ-<z&uE2)l4CqOJ|COLS9Z2
z+IEaYQJS6R%W=kIC4BGs7Fv~c&^J5Qb=}Urx@@1Glg^$@<#2_}N@q@{BH4F2dv7ty
z^2^K21HZK#$YMmEbM&Ghr|{bP&(;MI;=~>J5}7T>r9xs@ek&-{!v%>m4j523uj2Yl
zPXJX#dDklq4ib3>dJ2W_a1{=xwmK+7Tlkm5BPQ20lX7^dV=WAWoN?qINHtQRAm_4j
z3ZgX5K{=gMB#_G%&|U20#cYUTo}1>cEgzRWWGw0uc@^7_M_7Joi8-Kxi}#hG7(R_2
z8CpDZs>q^JLsbkixP!YAp%D*O!dCj-=dJW3cRKQXhW3%1I+c^hl;JL_ZQ5Ns%B1UL
zUXtTZxVU^7K)FMJB*dLbpvr0r)r>}7$)_4hwpmOyGqRM2IMwVV7<z^BU}jPtkfhWl
z@+z|b!w}2!JabUAShgIrKEgDw*4U{CrS=yBa6;A4;?Wg^XS8n;yJK6^wRXR~4!U?B
zutmgf5cLOh%syxL2kBHQr#9qVF$If_Oe5Qrv&B?CBV{reXlMw7Xbp~67_<gh4I>?P
z1qX`(mY<tr?l0SUh$VtFKO-gWu<D$w4R`^xu+DH3CHbk35ri}7s9mw;U}?fenHXDW
z<Sm`~i45V@PGl?^8Md3mpm>)>QCVR2c{?g8NovX|NmcU&AT{Jn20$4Wn#Fu-)R+dw
zBXhjcATlFWB0Br6X_jADVD2TY=!_&rN0yG#X!ul#+y$CiYEx|uVgpzsThO@TOlLG%
zAI#e6i-wNfwvcZfgCG^jj>Ss6SM^(E`+;J?CHi{ebeaZD%$y4Mc<)H2%n6%FQe~`T
z9qVZgs6f;TS5fcp>@ZK=A||ZID4Jk;hyM;Xe{pMSnolN~TZ7s%=>B@R1xAH&*bI&?
z{Zv>TlNWKBT}7heLCeST7cMZb4E9axk(9caqU;Um89lrHuO!NMAHbIxYeDXptq7vt
zv#IUYn=P<QoO)@di5bjuhkoXxwhdxOL>omPZG^)f)Lu_w);rBtmX2!yiF?&0rGuWZ
PpI$~E{IieQ;H_@}qVINi

literal 0
HcmV?d00001


From 3bac75e7ab9f16ecab1fbfa9915a7edb923883f6 Mon Sep 17 00:00:00 2001
From: Nicolai Ort <info@nicolai-ort.com>
Date: Wed, 15 Feb 2023 14:55:41 +0100
Subject: [PATCH 5/5] =?UTF-8?q?=F0=9F=9A=80Bumped=20version=20to=20v0.13.3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 9 +++++++++
 package.json | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f381e75..6156c6e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,8 +2,17 @@
 
 All notable changes to this project will be documented in this file. Dates are displayed in UTC.
 
+#### [v0.13.3](https://git.odit.services/lfk/backend/compare/v0.13.2...v0.13.3)
+
+- Merge pull request 'feature/201-no_citizen-deletion' (#202) from feature/201-no_citizen-deletion into dev [`d05eddc`](https://git.odit.services/lfk/backend/commit/d05eddcae198427ce9a334096563b3aadcff2b56)
+- Updated tests [`d5c689d`](https://git.odit.services/lfk/backend/commit/d5c689d6937288df7dca14ce26fbbd4f46a8752a)
+- Added delete check for citizen org [`8fedd4e`](https://git.odit.services/lfk/backend/commit/8fedd4ef3bdd48dc42abc1d53006eefc145175e3)
+
 #### [v0.13.2](https://git.odit.services/lfk/backend/compare/v0.13.1...v0.13.2)
 
+> 3 February 2023
+
+- 🚀Bumped version to v0.13.2 [`e8b2e6f`](https://git.odit.services/lfk/backend/commit/e8b2e6f26140a18c06b017e4461742d7e7942f08)
 - Merge pull request 'move selfservice magic link endpoint to 15min rate limit' (#200) from feature/runner-selfservice-login-link-rate-limit into dev [`39f3b0e`](https://git.odit.services/lfk/backend/commit/39f3b0e01f03bfbcfcb0ea08d697268ce068e63d)
 - move to 15min limit [`edaf255`](https://git.odit.services/lfk/backend/commit/edaf255e8f609185dcd6c2c0cd2e8b007b785e0c)
 - Merge pull request 'Releases 0.12.0 and 0.13.0' (#199) from dev into main [`41c4ed4`](https://git.odit.services/lfk/backend/commit/41c4ed4d0faaed382801bbe480f31dafa6f3912d)
diff --git a/package.json b/package.json
index 89edd3c..e9b0f1e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@odit/lfk-backend",
-  "version": "0.13.2",
+  "version": "0.13.3",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {