From 39c5caf364550600ded374bcd84b2dae4e2b64f6 Mon Sep 17 00:00:00 2001
From: Kilian Klammt <s73072@beuth-hochschule.de>
Date: Tue, 18 May 2021 15:50:19 +0200
Subject: [PATCH 1/3] B01 [MOD] add functionality update users

---
 UebungII/endpoints/user/UserService.js | 55 +++++++++++++-------------
 UebungII/endpoints/user/router_user.js | 18 ++++++++-
 UebungII/tests/userRoute.http          |  8 ++--
 UebungII/util/verification.js          |  5 ++-
 4 files changed, 51 insertions(+), 35 deletions(-)

diff --git a/UebungII/endpoints/user/UserService.js b/UebungII/endpoints/user/UserService.js
index 237939c..66f9c01 100644
--- a/UebungII/endpoints/user/UserService.js
+++ b/UebungII/endpoints/user/UserService.js
@@ -29,22 +29,7 @@ const createUser = async (body, callback) => {
 	}
 }
 
-// CHECK IF USER DOES ALREADY EXIST ( BASED ON MAIL + USERNAME )
-const userExists = async (body) => {
-	console.log('( UserService) userExists ');
-	try {
-		// let user = await User.find({ $or: [{ username: body.username }, { email: body.email }] })
-		// or statement not working --- we need to make sure no user with email or username provided exists
-		let user = await User.findOne({ username: body.username })
-		let user2 = await User.findOne({ email: body.email })
-		if (user || user2) return true
-		return false
-	} catch (err) {
-		console.error(err);
-		callback(err, null);
-	}
 
-}
 
 const getAllUsers = (callback) => {
 	console.log('( User Service) getAllUsers ');
@@ -133,23 +118,39 @@ const getUserbyEmail = async (email, callback) => {
 	}
 }
 
-const isAdministrator = async (email, callback) => {
-	console.log('( User Service) getUserByEmail ');
+const updateUser = (userId, body, callback) => {
+	console.log('( User Service) updateUser ');
 
-	if (email) {
+	const filter = { userId: userId }
 
-		await User.findOne({ email: email }, (err, user) => {
+	User.findOneAndUpdate(filter, body, {
+			new: true,
+		}, (err, result) => {
 			if (err) {
-				return callback(err)
-			} else if (!user) {
-				callback('Could not find user')
+				callback(err, null)
 			} else {
-				callback(null, user)
+				callback(null, result)
 			}
-		})
-	} else {
-		console.log('Email is missing');
+		},
+	)
+}
+
+
+// CHECK IF USER DOES ALREADY EXIST ( BASED ON MAIL + USERNAME )
+const userExists = async (body) => {
+	console.log('( UserService) userExists ');
+	try {
+		// let user = await User.find({ $or: [{ username: body.username }, { email: body.email }] })
+		// or statement not working --- we need to make sure no user with email or username provided exists
+		let user = await User.findOne({ username: body.username })
+		let user2 = await User.findOne({ email: body.email })
+		if (user || user2) return true
+		return false
+	} catch (err) {
+		console.error(err);
+		callback(err, null);
 	}
+
 }
 
-module.exports = { createUser, getAllUsers, getUserbyUsername, getUserById, deleteUserById, getUserbyEmail }
\ No newline at end of file
+module.exports = { createUser, getAllUsers, updateUser, getUserbyUsername, getUserById, deleteUserById, getUserbyEmail }
\ No newline at end of file
diff --git a/UebungII/endpoints/user/router_user.js b/UebungII/endpoints/user/router_user.js
index dcfd2a6..5818f39 100644
--- a/UebungII/endpoints/user/router_user.js
+++ b/UebungII/endpoints/user/router_user.js
@@ -27,7 +27,7 @@ router_user.post('/new', (req, res) => {
     }
 })
 
-// GET ALL USERS ( not sure if needed )
+// GET ALL USERS ( not sure if needed in future project )
 router_user.get('/', Verification.authenticateUser, (req, res) => {
     console.log('GET ( RouterUser ) /user')
 
@@ -53,8 +53,22 @@ router_user.get('/:id', (req, res) => {
     })
 })
 
-// DELETE USER BY ID
+// UPDATE USER BY ID ( only if user is logged in and himself )
+router_user.put('/:id', Verification.authenticateUser, (req, res, next) => {
+    console.log('PUT ( RouterUser ) /user/:id')
 
+    UserService.updateUser(req.params.id, req.body, (err, result) => {
+        if (err) {
+            console.error(err);
+            res.send(err)
+        }else{
+            console.info('Updated user!')
+            res.status(204).send(result)
+        }
+    })
+})
+
+// DELETE USER BY ID
 router_user.delete('/:id', Verification.verifyAdmin, (req, res, next) => {
     console.log('DELETE ( RouterUser ) /user/:id')
     UserService.deleteUserById(req.params.id, (err, user) => {
diff --git a/UebungII/tests/userRoute.http b/UebungII/tests/userRoute.http
index 2a802f4..b7ecad6 100644
--- a/UebungII/tests/userRoute.http
+++ b/UebungII/tests/userRoute.http
@@ -36,8 +36,8 @@ GET http://localhost:8080/user/
 authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSm9oblRoZUFkbWluIiwiaWF0IjoxNjIxMjU2OTQ1LCJleHAiOjE2MjEyNTY5OTV9.TWdfoOsvVXpc9f98yR3t4XOZ4GiK9T1CAZ3UV1qZWB8
 
 ### GET ONE USER // (Logged in)
-GET http://localhost:8080/user/-rbaWTCivFB7uBY_7ics1
-authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSm9oblRoZUFkbWluIiwiaWF0IjoxNjIxMjU2MzI1LCJleHAiOjE2MjEyNTYzNzV9.5fQBPAOwJVg9yyHqPFw4ckXjQCTYwrbqFTAgyGs76cg
+GET http://localhost:8080/user/BZZ_Z-rzPr2ur3lBjyBS9
+authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMTM0Mjc2NCwiZXhwIjoxNjIxMzQyODE0fQ.rmCzEz8fXG9t6-_TTjckxqMnV_R5anDZC_GMAlmM90s
 
 ### DELETE USER BY ID // (Logged in + Admin)
 DELETE http://localhost:8080/user/xsj45RXki6HA2AE4yqvTu
@@ -45,11 +45,11 @@ authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmFuZXR0
 
 ### UPDATE USER // (Logged in)
 PUT http://localhost:8080/user/BZZ_Z-rzPr2ur3lBjyBS9
-authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMTI2NjM4NiwiZXhwIjoxNjIxMjY2NDM2fQ._ypH031WGfPCsEyrpDo4zK5B5FgwzSmFbIzxGfWH258
+authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMTM0NTczOCwiZXhwIjoxNjIxMzQ1Nzg4fQ.jOlyr0JDwsIJfXovO4sGZxO-5Sqry_SAvyLayN0FusY
 Content-type: application/json; charset=utf-8
 
 {
-    "email": "jeff@beanfriends.com"
+    "email": "jeffbes@beanfriends.com"
 }
 
 ### LOGIN USER // (not admin)
diff --git a/UebungII/util/verification.js b/UebungII/util/verification.js
index 33cf2f3..0166189 100644
--- a/UebungII/util/verification.js
+++ b/UebungII/util/verification.js
@@ -1,10 +1,11 @@
 const jwt = require('jsonwebtoken')
-const { jwtKey } = require('../config/config')
 const UserService = require('../endpoints/user/UserService')
 const BeanService = require('../endpoints/bean/BeanService')
-
 const CommentService = require('../endpoints/comment/CommentService')
 
+const { jwtKey } = require('../config/config')
+let jwtExpirySeconds = 50
+
 const authenticateUser = (req, res, next) => {
     console.log('(AuthService) authenticateUser()')
     if (typeof req.headers.authentication !== 'undefined') {
-- 
GitLab


From e5c5bfa33745d47941b8d607e6d506bee5ce9ac1 Mon Sep 17 00:00:00 2001
From: Kilian Klammt <s73072@beuth-hochschule.de>
Date: Tue, 18 May 2021 17:07:09 +0200
Subject: [PATCH 2/3] B01 [MOD] add put functionality

---
 .../authentication/AuthenticationService.js   |  2 +-
 UebungII/endpoints/user/UserService.js        | 17 ++++++----
 UebungII/endpoints/user/router_user.js        |  6 ++--
 UebungII/tests/userRoute.http                 |  4 +--
 UebungII/util/verification.js                 | 34 +++++++++++++++----
 5 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/UebungII/endpoints/authentication/AuthenticationService.js b/UebungII/endpoints/authentication/AuthenticationService.js
index d215307..76592e6 100644
--- a/UebungII/endpoints/authentication/AuthenticationService.js
+++ b/UebungII/endpoints/authentication/AuthenticationService.js
@@ -3,7 +3,7 @@ var Logger = require('../../util/Logger').logger
 const jwt = require('jsonwebtoken')
 const Verification = require('../../util/verification')
 const { jwtKey } = require('../../config/config')
-let jwtExpirySeconds = 50
+let jwtExpirySeconds = 500
 
 const createSessionToken = (userCredentials, callback) => {
     console.log('( AuthService ) createSessionToken() ')
diff --git a/UebungII/endpoints/user/UserService.js b/UebungII/endpoints/user/UserService.js
index 66f9c01..0026c95 100644
--- a/UebungII/endpoints/user/UserService.js
+++ b/UebungII/endpoints/user/UserService.js
@@ -119,19 +119,22 @@ const getUserbyEmail = async (email, callback) => {
 }
 
 const updateUser = (userId, body, callback) => {
-	console.log('( User Service) updateUser ');
+	console.log('( User Service ) updateUser ');
 
-	const filter = { userId: userId }
+	options = {
+		useFindAndModify: false, new: true 
+	}
+
+	filter = { userId: userId }
 
-	User.findOneAndUpdate(filter, body, {
-			new: true,
-		}, (err, result) => {
+	User.findOneAndUpdate(filter, body, options, (err, result) => {
 			if (err) {
 				callback(err, null)
-			} else {
+			}else {
 				callback(null, result)
 			}
-		},
+
+		}
 	)
 }
 
diff --git a/UebungII/endpoints/user/router_user.js b/UebungII/endpoints/user/router_user.js
index 5818f39..7a34621 100644
--- a/UebungII/endpoints/user/router_user.js
+++ b/UebungII/endpoints/user/router_user.js
@@ -28,7 +28,7 @@ router_user.post('/new', (req, res) => {
 })
 
 // GET ALL USERS ( not sure if needed in future project )
-router_user.get('/', Verification.authenticateUser, (req, res) => {
+router_user.get('/', (req, res) => {
     console.log('GET ( RouterUser ) /user')
 
     UserService.getAllUsers((err, result) => {
@@ -54,7 +54,7 @@ router_user.get('/:id', (req, res) => {
 })
 
 // UPDATE USER BY ID ( only if user is logged in and himself )
-router_user.put('/:id', Verification.authenticateUser, (req, res, next) => {
+router_user.put('/:id', Verification.isSelf, (req, res, next) => {
     console.log('PUT ( RouterUser ) /user/:id')
 
     UserService.updateUser(req.params.id, req.body, (err, result) => {
@@ -63,7 +63,7 @@ router_user.put('/:id', Verification.authenticateUser, (req, res, next) => {
             res.send(err)
         }else{
             console.info('Updated user!')
-            res.status(204).send(result)
+            res.status(204).send('Updated user!')
         }
     })
 })
diff --git a/UebungII/tests/userRoute.http b/UebungII/tests/userRoute.http
index b7ecad6..677b892 100644
--- a/UebungII/tests/userRoute.http
+++ b/UebungII/tests/userRoute.http
@@ -45,11 +45,11 @@ authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmFuZXR0
 
 ### UPDATE USER // (Logged in)
 PUT http://localhost:8080/user/BZZ_Z-rzPr2ur3lBjyBS9
-authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMTM0NTczOCwiZXhwIjoxNjIxMzQ1Nzg4fQ.jOlyr0JDwsIJfXovO4sGZxO-5Sqry_SAvyLayN0FusY
+authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMTM0OTgxOCwiZXhwIjoxNjIxMzUwMzE4fQ.DxryWnaiHLMazD3w-_lyU6ebubdlj366NBjYAPP5eEA
 Content-type: application/json; charset=utf-8
 
 {
-    "email": "jeffbes@beanfriends.com"
+    "email": "jeff@beanfriends.com"
 }
 
 ### LOGIN USER // (not admin)
diff --git a/UebungII/util/verification.js b/UebungII/util/verification.js
index 0166189..1b186c8 100644
--- a/UebungII/util/verification.js
+++ b/UebungII/util/verification.js
@@ -4,10 +4,10 @@ const BeanService = require('../endpoints/bean/BeanService')
 const CommentService = require('../endpoints/comment/CommentService')
 
 const { jwtKey } = require('../config/config')
-let jwtExpirySeconds = 50
+let jwtExpirySeconds = 500
 
 const authenticateUser = (req, res, next) => {
-    console.log('(AuthService) authenticateUser()')
+    console.log('(Verification) authenticateUser()')
     if (typeof req.headers.authentication !== 'undefined') {
         let token = req.headers.authentication.split(' ')[1]
         jwt.verify(token, jwtKey, { algorithm: 'HS256' }, (err, decoded) => {
@@ -36,18 +36,39 @@ const authenticateUser = (req, res, next) => {
     }
 }
 
-const getUsernameFromHeader = (headers) => {
+const isSelf = (req, res, next) => {
+    console.log('(Verification) isSelf()')
+    UserService.getUserById(req.params.id, (err, user) => {
+        if (err) {
+            console.error(err);
+        }else{
+            getUsernameFromHeader(req.headers, (err, username) => {
+                if (err) {
+                    console.error(err);
+                }else{
+                    if (user.username == username) {
+                        console.log('You are the logged in User!');
+                        next()
+                    }else{
+                        console.error('Not Authorized')
+                    }
+                }
+            })
+        }
+    })
+}
+
+const getUsernameFromHeader = (headers, callback) => {
     console.log('(Verification) getUsernameFromHeader()')
     try {
         let token = headers.authentication.split(' ')[1]
         let encrypt = jwt.verify(token, jwtKey, { algorithm: 'HS256' })
         console.log('--- Retrieved username from header', encrypt.user);
-        return encrypt.user
+        callback(null, encrypt.user)
     } catch (err) {
         console.error(err);
+        callback(err, null)
     }
-    console.error('Could not retrieve username from header');
-    return null
 }
 
 const isAuthorOfComment = async (req, res, next) => {
@@ -108,6 +129,7 @@ const verifyAdmin = (req, res, next) => {
 module.exports = {
     authenticateUser,
     getUsernameFromHeader,
+    isSelf,
     verifyAdmin,
     isAuthorOfComment,
     isAuthorOfBean
-- 
GitLab


From d5fdd75ba7905f05d74caa9af747a6fcaf90a6ff Mon Sep 17 00:00:00 2001
From: Kilian Klammt <s73072@beuth-hochschule.de>
Date: Wed, 19 May 2021 09:52:53 +0200
Subject: [PATCH 3/3] B01 [MOD] add final CRUD Functionality DELETE

---
 UebungII/app.js                        |  3 +++
 UebungII/endpoints/user/UserService.js |  9 +++++---
 UebungII/endpoints/user/router_user.js | 10 ++++-----
 UebungII/package-lock.json             |  5 +++++
 UebungII/package.json                  |  1 +
 UebungII/tests/beanRoute.http          |  8 +++++--
 UebungII/tests/userRoute.http          | 30 ++++++++++++--------------
 7 files changed, 40 insertions(+), 26 deletions(-)

diff --git a/UebungII/app.js b/UebungII/app.js
index 2413250..0592f7e 100644
--- a/UebungII/app.js
+++ b/UebungII/app.js
@@ -3,6 +3,7 @@ const key_cert = require('./config/config')
 const https = require('https')
 const dbConnection = require('./util/db_connection')
 const mongooseConnection = require('./util/mongoose_connection')
+const helmet = require('helmet')
 
 const app = express();
 
@@ -23,6 +24,8 @@ const mg = mongooseConnection.initMGConnection()
 
 app.use(express.json())
 app.use(express.urlencoded({ extended: false }))
+// -- -- security -- --
+app.use(helmet())
 
 // ROUTER HANDLING
 
diff --git a/UebungII/endpoints/user/UserService.js b/UebungII/endpoints/user/UserService.js
index 0026c95..0a95b51 100644
--- a/UebungII/endpoints/user/UserService.js
+++ b/UebungII/endpoints/user/UserService.js
@@ -70,11 +70,14 @@ const deleteUserById = async (userId, callback) => {
 
 	await User.deleteOne({ userId: userId }, function (err, user) {
 		if (err) {
-			callback(err);
+			console.error('An error occured: ', err)
+			callback(err, null);
 		} else if (!user) {
-			callback('User not found');
+			console.err('User not found');
+			callback('User not found', null);
 		} else {
-			callback('User deleted');
+			console.log('Deleted User');
+			callback(null, user);
 		}
 	})
 
diff --git a/UebungII/endpoints/user/router_user.js b/UebungII/endpoints/user/router_user.js
index 7a34621..27ec9e5 100644
--- a/UebungII/endpoints/user/router_user.js
+++ b/UebungII/endpoints/user/router_user.js
@@ -7,8 +7,8 @@ const Verification = require('../../util/verification')
 var UserService = require('./UserService')
 
 // CREATE NEW USER
-router_user.post('/new', (req, res) => {
-    console.log('POST ( RouterUser ) /user/new')
+router_user.post('/', (req, res) => {
+    console.log('POST ( RouterUser ) /user/')
     if (req.body) {
         UserService.createUser(req.body, (err, user) => {
             if (err) {
@@ -41,7 +41,7 @@ router_user.get('/', (req, res) => {
 })
 
 // GET USER BY ID
-router_user.get('/:id', (req, res) => {
+router_user.get('/:id', Verification.authenticateUser, (req, res) => {
     console.log('GET ( RouterUser ) /user/:id')
 
     UserService.getUserById(req.params.id, (err, user) => {
@@ -54,7 +54,7 @@ router_user.get('/:id', (req, res) => {
 })
 
 // UPDATE USER BY ID ( only if user is logged in and himself )
-router_user.put('/:id', Verification.isSelf, (req, res, next) => {
+router_user.patch('/:id', Verification.isSelf, (req, res, next) => {
     console.log('PUT ( RouterUser ) /user/:id')
 
     UserService.updateUser(req.params.id, req.body, (err, result) => {
@@ -75,7 +75,7 @@ router_user.delete('/:id', Verification.verifyAdmin, (req, res, next) => {
         if (err) {
             res.status(404).send()
         } else {
-            res.status(204)
+            res.status(204).send()
         }
     })
 })
diff --git a/UebungII/package-lock.json b/UebungII/package-lock.json
index d2445e7..d9c9608 100644
--- a/UebungII/package-lock.json
+++ b/UebungII/package-lock.json
@@ -1041,6 +1041,11 @@
       "resolved": "https://registry.npmjs.org/has-yarn/-/has-yarn-2.1.0.tgz",
       "integrity": "sha512-UqBRqi4ju7T+TqGNdqAO0PaSVGsDGJUBQvk9eUWNGRY1CFGDzYhLWoM7JQEemnlvVcv/YEmc2wNW8BC24EnUsw=="
     },
+    "helmet": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-4.6.0.tgz",
+      "integrity": "sha512-HVqALKZlR95ROkrnesdhbbZJFi/rIVSoNq6f3jA/9u6MIbTsPh3xZwihjeI5+DO/2sOV6HMHooXcEOuwskHpTg=="
+    },
     "http-cache-semantics": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz",
diff --git a/UebungII/package.json b/UebungII/package.json
index 5748ba5..5967978 100644
--- a/UebungII/package.json
+++ b/UebungII/package.json
@@ -14,6 +14,7 @@
     "dotenv": "^8.2.0",
     "ejs": "^3.1.6",
     "express": "^4.17.1",
+    "helmet": "^4.6.0",
     "jsonwebtoken": "^8.5.1",
     "mongodb": "^3.6.6",
     "mongoose": "^5.12.5",
diff --git a/UebungII/tests/beanRoute.http b/UebungII/tests/beanRoute.http
index 448719c..fb5d4b3 100644
--- a/UebungII/tests/beanRoute.http
+++ b/UebungII/tests/beanRoute.http
@@ -1,3 +1,9 @@
+### GET BEANS
+GET http://localhost:8080/beans/
+
+### GET SINGLE BEAN
+GET http://localhost:8080/beans/wfOy-aJmJmeddljPmi5_n
+
 ### POST NEW BEAN (user/admin)
 POST http://localhost:8080/beans/ HTTP/1.1
 Content-type: application/json; charset=utf-8
@@ -13,5 +19,3 @@ authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRo
 DELETE http://localhost:8080/beans/kKF3oVd8H_iCKR5lrg4Pb HTTP/1.1
 authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMDI5NTA1OCwiZXhwIjoxNjIwMjk1MzU4fQ.c5hR-9dKqzs7urCKaZ_HbzdhXYU-UWCidhxEW_C0sp4
 
-### GET BEAN
-GET http://localhost:8080/beans/wfOy-aJmJmeddljPmi5_n
\ No newline at end of file
diff --git a/UebungII/tests/userRoute.http b/UebungII/tests/userRoute.http
index 677b892..2e13506 100644
--- a/UebungII/tests/userRoute.http
+++ b/UebungII/tests/userRoute.http
@@ -1,55 +1,53 @@
 ### POST NEW USER (admin)
-POST http://localhost:8080/user/new HTTP/1.1
+POST http://localhost:8080/user/ HTTP/1.1
 Content-type: application/json; charset=utf-8
 X-User: 1
 
 {
-    "username": "JanetteTheAdmin",
+    "username": "JarvinTheAdmin",
     "password": "admin",
-    "email": "theSecondAdmin@beanfriends.com",
+    "email": "theThirdAdmin@beanfriends.com",
     "isAdministrator": true
 }
 
 ### POST NEW USER (not admin) 
-POST http://localhost:8080/user/new HTTP/1.1
+POST http://localhost:8080/user/ HTTP/1.1
 Content-type: application/json; charset=utf-8
 X-User: 1
 
 {
-    "username": "JeffTheCasual",
+    "username": "JeffACasual",
     "password": "notAdmin",
-    "email": "jeff@beanfriends.com"
+    "email": "jeffos@beanfriends.com"
 }
 
 
 ### LOGIN USER // (admin)
 POST http://localhost:8080/authentication/login
-Authorization: Basic SmFuZXR0ZVRoZUFkbWluOmFkbWlu
+Authorization: Basic SmFydmluVGhlQWRtaW46YWRtaW4=
 
 ### LOGIN USER // (not admin)
 POST http://localhost:8080/authentication/login
 Authorization: Basic SmVmZlRoZUNhc3VhbDpub3RBZG1pbg==
 
 
-### GET USERS // (Logged in)
+### GET USERS // 
 GET http://localhost:8080/user/
-authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSm9oblRoZUFkbWluIiwiaWF0IjoxNjIxMjU2OTQ1LCJleHAiOjE2MjEyNTY5OTV9.TWdfoOsvVXpc9f98yR3t4XOZ4GiK9T1CAZ3UV1qZWB8
 
 ### GET ONE USER // (Logged in)
 GET http://localhost:8080/user/BZZ_Z-rzPr2ur3lBjyBS9
-authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMTM0Mjc2NCwiZXhwIjoxNjIxMzQyODE0fQ.rmCzEz8fXG9t6-_TTjckxqMnV_R5anDZC_GMAlmM90s
+authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmFydmluVGhlQWRtaW4iLCJpYXQiOjE2MjE0MDk3MjksImV4cCI6MTYyMTQxMDIyOX0.qrivqrxTnPBJlFZSvPIJAxS_UKmV_ld-J1W-xoInOgI
 
 ### DELETE USER BY ID // (Logged in + Admin)
-DELETE http://localhost:8080/user/xsj45RXki6HA2AE4yqvTu
-authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmFuZXR0ZVRoZUFkbWluIiwiaWF0IjoxNjIxMjU4Mzk4LCJleHAiOjE2MjEyNTg0NDh9.RRWd4JZDm8uguivRTBFs6Mp3nIqPpwR3kA3VL05wWto
-
+DELETE http://localhost:8080/user/V7WBDe-NGUnxU4cmsnl50
+authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmFydmluVGhlQWRtaW4iLCJpYXQiOjE2MjE0MTAxMTIsImV4cCI6MTYyMTQxMDYxMn0.tKMKFGOMNu2Nitev4PY1hPJVVhBMeWqSHhIy2Qgk5ag
 ### UPDATE USER // (Logged in)
-PUT http://localhost:8080/user/BZZ_Z-rzPr2ur3lBjyBS9
-authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmVmZlRoZUNhc3VhbCIsImlhdCI6MTYyMTM0OTgxOCwiZXhwIjoxNjIxMzUwMzE4fQ.DxryWnaiHLMazD3w-_lyU6ebubdlj366NBjYAPP5eEA
+PATCH http://localhost:8080/user/BZZ_Z-rzPr2ur3lBjyBS9
+authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiSmFydmluVGhlQWRtaW4iLCJpYXQiOjE2MjE0MTAyODMsImV4cCI6MTYyMTQxMDc4M30.Q3fWUVjIDoRCYEZREXpK7Vp9jrtdp5pJ2vGsWrGiyG0
 Content-type: application/json; charset=utf-8
 
 {
-    "email": "jeff@beanfriends.com"
+    "password": "jeff@oberAdmin.com"
 }
 
 ### LOGIN USER // (not admin)
-- 
GitLab