@stamhoofd/backend 2.39.1 → 2.40.0

package/src/endpoints/auth/GetUserEndpoint.ts

@@ -10,13 +10,12 @@ type Body = undefined;
 type ResponseBody = UserWithMembers;
 
 export class GetUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
-
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "GET") {
+        if (request.method !== 'GET') {
             return [false];
         }
 
-        const params = Endpoint.parseParameters(request.url, "/user", {});
+        const params = Endpoint.parseParameters(request.url, '/user', {});
 
         if (params) {
             return [true, params as Params];
@@ -25,11 +24,11 @@ export class GetUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
     }
 
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        await Context.setOptionalOrganizationScope()
-        const {user} = await Context.authenticate({allowWithoutAccount: true})
+        await Context.setOptionalOrganizationScope();
+        const { user } = await Context.authenticate({ allowWithoutAccount: true });
 
         return new Response(
-            await AuthenticatedStructures.userWithMembers(user)
+            await AuthenticatedStructures.userWithMembers(user),
         );
     }
 }

package/src/endpoints/auth/PatchApiUserEndpoint.ts

@@ -1,25 +1,25 @@
 import { AutoEncoderPatchType, Decoder } from '@simonbackx/simple-encoding';
-import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
-import { SimpleError } from "@simonbackx/simple-errors";
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
 import { Token, User } from '@stamhoofd/models';
-import { ApiUser, PermissionLevel, UserPermissions } from "@stamhoofd/structures";
+import { ApiUser, PermissionLevel, UserPermissions } from '@stamhoofd/structures';
 
 import { Context } from '../../helpers/Context';
 
 type Params = { id: string };
 type Query = undefined;
-type Body = AutoEncoderPatchType<ApiUser>
-type ResponseBody = ApiUser
+type Body = AutoEncoderPatchType<ApiUser>;
+type ResponseBody = ApiUser;
 
 export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
-    bodyDecoder = ApiUser.patchType() as Decoder<AutoEncoderPatchType<ApiUser>>
+    bodyDecoder = ApiUser.patchType() as Decoder<AutoEncoderPatchType<ApiUser>>;
 
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "PATCH") {
+        if (request.method !== 'PATCH') {
             return [false];
         }
 
-        const params = Endpoint.parseParameters(request.url, "/api-keys/@id", { id: String });
+        const params = Endpoint.parseParameters(request.url, '/api-keys/@id', { id: String });
 
         if (params) {
             return [true, params as Params];
@@ -29,55 +29,57 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
 
     async handle(request: DecodedRequest<Params, Query, Body>) {
         const organization = await Context.setOrganizationScope();
-        const {user} = await Context.authenticate()
+        const { user } = await Context.authenticate();
 
         if (request.body.id !== request.params.id) {
             throw new SimpleError({
-                code: "invalid_request",
-                message: "Invalid request: id mismatch",
-                statusCode: 400
-            })
+                code: 'invalid_request',
+                message: 'Invalid request: id mismatch',
+                statusCode: 400,
+            });
         }
 
-        const editUser = request.body.id === user.id ? user : await User.getByID(request.body.id)
-        
+        const editUser = request.body.id === user.id ? user : await User.getByID(request.body.id);
+
         if (!editUser || !await Context.auth.canAccessUser(editUser, PermissionLevel.Write) || !editUser.isApiUser) {
-            throw Context.auth.notFoundOrNoAccess("Je hebt geen toegang om deze API-user te wijzigen")
+            throw Context.auth.notFoundOrNoAccess('Je hebt geen toegang om deze API-user te wijzigen');
         }
 
-        editUser.firstName = request.body.name ?? editUser.name
-        editUser.lastName = null
+        editUser.firstName = request.body.name ?? editUser.name;
+        editUser.lastName = null;
 
         if (request.body.permissions !== undefined && editUser.permissions) {
             if (!await Context.auth.canAccessUser(editUser, PermissionLevel.Full)) {
                 throw new SimpleError({
-                    code: "permission_denied",
-                    message: "Je hebt geen rechten om de rechten van deze API-user te wijzigen"
-                })
+                    code: 'permission_denied',
+                    message: 'Je hebt geen rechten om de rechten van deze API-user te wijzigen',
+                });
             }
 
             if (request.body.permissions) {
                 if (organization) {
-                    editUser.permissions = UserPermissions.limitedPatch(editUser.permissions, request.body.permissions, organization.id)
+                    editUser.permissions = UserPermissions.limitedPatch(editUser.permissions, request.body.permissions, organization.id);
 
                     if (editUser.id === user.id && (!editUser.permissions || !editUser.permissions.forOrganization(organization)?.hasFullAccess())) {
                         throw new SimpleError({
-                            code: "permission_denied",
-                            message: "Je kan jezelf niet verwijderen als hoofdbeheerder"
-                        })
+                            code: 'permission_denied',
+                            message: 'Je kan jezelf niet verwijderen als hoofdbeheerder',
+                        });
                     }
-                } else {
+                }
+                else {
                     if (editUser.permissions) {
-                        editUser.permissions.patchOrPut(request.body.permissions)
-                    } else {
-                        editUser.permissions = request.body.permissions.isPut() ? request.body.permissions : null
+                        editUser.permissions.patchOrPut(request.body.permissions);
+                    }
+                    else {
+                        editUser.permissions = request.body.permissions.isPut() ? request.body.permissions : null;
                     }
 
                     if (editUser.id === user.id && !editUser.permissions?.platform?.hasFullAccess()) {
                         throw new SimpleError({
-                            code: "permission_denied",
-                            message: "Je kan jezelf niet verwijderen als hoofdbeheerder"
-                        })
+                            code: 'permission_denied',
+                            message: 'Je kan jezelf niet verwijderen als hoofdbeheerder',
+                        });
                     }
                 }
             }
@@ -85,6 +87,6 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
 
         await editUser.save();
 
-        return new Response(await Token.getAPIUserWithToken(editUser));      
+        return new Response(await Token.getAPIUserWithToken(editUser));
     }
 }

package/src/endpoints/auth/PatchUserEndpoint.ts

@@ -1,8 +1,8 @@
 import { AutoEncoderPatchType, Decoder } from '@simonbackx/simple-encoding';
-import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
-import { SimpleError } from "@simonbackx/simple-errors";
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
 import { EmailVerificationCode, Member, PasswordToken, Token, User } from '@stamhoofd/models';
-import { NewUser, PermissionLevel, SignupResponse, UserPermissions, UserWithMembers } from "@stamhoofd/structures";
+import { NewUser, PermissionLevel, SignupResponse, UserPermissions, UserWithMembers } from '@stamhoofd/structures';
 
 import { Context } from '../../helpers/Context';
 import { MemberUserSyncer } from '../../helpers/MemberUserSyncer';
@@ -10,18 +10,18 @@ import { AuthenticatedStructures } from '../../helpers/AuthenticatedStructures';
 
 type Params = { id: string };
 type Query = undefined;
-type Body = AutoEncoderPatchType<NewUser>
-type ResponseBody = UserWithMembers
+type Body = AutoEncoderPatchType<NewUser>;
+type ResponseBody = UserWithMembers;
 
 export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
-    bodyDecoder = NewUser.patchType() as Decoder<AutoEncoderPatchType<NewUser>>
+    bodyDecoder = NewUser.patchType() as Decoder<AutoEncoderPatchType<NewUser>>;
 
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "PATCH") {
+        if (request.method !== 'PATCH') {
             return [false];
         }
 
-        const params = Endpoint.parseParameters(request.url, "/user/@id", { id: String });
+        const params = Endpoint.parseParameters(request.url, '/user/@id', { id: String });
 
         if (params) {
             return [true, params as Params];
@@ -31,76 +31,79 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
 
     async handle(request: DecodedRequest<Params, Query, Body>) {
         const organization = await Context.setOptionalOrganizationScope();
-        const {user, token} = await Context.authenticate({allowWithoutAccount: true})
+        const { user, token } = await Context.authenticate({ allowWithoutAccount: true });
 
         if (request.body.id !== request.params.id) {
             throw new SimpleError({
-                code: "invalid_request",
-                message: "Invalid request: id mismatch",
-                statusCode: 400
-            })
+                code: 'invalid_request',
+                message: 'Invalid request: id mismatch',
+                statusCode: 400,
+            });
         }
 
-        const editUser = request.body.id === user.id ? user : await User.getByID(request.body.id)
-        
+        const editUser = request.body.id === user.id ? user : await User.getByID(request.body.id);
+
         if (!editUser || !await Context.auth.canAccessUser(editUser, PermissionLevel.Write) || editUser.isApiUser) {
-            throw Context.auth.notFoundOrNoAccess("Je hebt geen toegang om deze gebruiker te wijzigen")
+            throw Context.auth.notFoundOrNoAccess('Je hebt geen toegang om deze gebruiker te wijzigen');
         }
 
         if (await Context.auth.canEditUserName(editUser)) {
             if (editUser.memberId) {
-                const member = await Member.getWithRegistrations(editUser.memberId)
+                const member = await Member.getWithRegistrations(editUser.memberId);
                 if (member) {
-                    member.details.firstName = request.body.firstName ?? member.details.firstName
-                    member.details.lastName = request.body.lastName ?? member.details.lastName
+                    member.details.firstName = request.body.firstName ?? member.details.firstName;
+                    member.details.lastName = request.body.lastName ?? member.details.lastName;
 
-                    editUser.firstName = member.details.firstName
-                    editUser.lastName = member.details.lastName
-                    await member.save()
+                    editUser.firstName = member.details.firstName;
+                    editUser.lastName = member.details.lastName;
+                    await member.save();
 
                     // Also propage the name change to other users of the same member if needed
-                    await MemberUserSyncer.onChangeMember(member)
+                    await MemberUserSyncer.onChangeMember(member);
                 }
-            } else {
-                editUser.firstName = request.body.firstName ?? editUser.firstName
-                editUser.lastName = request.body.lastName ?? editUser.lastName
+            }
+            else {
+                editUser.firstName = request.body.firstName ?? editUser.firstName;
+                editUser.lastName = request.body.lastName ?? editUser.lastName;
             }
         }
 
         if (request.body.permissions !== undefined) {
             if (!await Context.auth.canAccessUser(editUser, PermissionLevel.Full)) {
                 throw new SimpleError({
-                    code: "permission_denied",
-                    message: "Je hebt geen rechten om de rechten van deze gebruiker te wijzigen"
-                })
+                    code: 'permission_denied',
+                    message: 'Je hebt geen rechten om de rechten van deze gebruiker te wijzigen',
+                });
             }
 
             if (request.body.permissions) {
                 if (organization) {
-                    editUser.permissions = UserPermissions.limitedPatch(editUser.permissions, request.body.permissions, organization.id)
+                    editUser.permissions = UserPermissions.limitedPatch(editUser.permissions, request.body.permissions, organization.id);
 
                     if (editUser.id === user.id && (!editUser.permissions || !editUser.permissions.forOrganization(organization)?.hasFullAccess()) && STAMHOOFD.environment !== 'development') {
                         throw new SimpleError({
-                            code: "permission_denied",
-                            message: "Je kan jezelf niet verwijderen als hoofdbeheerder"
-                        })
+                            code: 'permission_denied',
+                            message: 'Je kan jezelf niet verwijderen als hoofdbeheerder',
+                        });
                     }
-                } else {
+                }
+                else {
                     if (editUser.permissions) {
-                        editUser.permissions.patchOrPut(request.body.permissions)
-                    } else {
-                        editUser.permissions = request.body.permissions.isPut() ? request.body.permissions : null
+                        editUser.permissions.patchOrPut(request.body.permissions);
+                    }
+                    else {
+                        editUser.permissions = request.body.permissions.isPut() ? request.body.permissions : null;
                     }
 
                     if (editUser.permissions && editUser.permissions.isEmpty) {
-                        editUser.permissions = null
+                        editUser.permissions = null;
                     }
 
                     if (editUser.id === user.id && !editUser.permissions?.platform?.hasFullAccess() && STAMHOOFD.environment !== 'development') {
                         throw new SimpleError({
-                            code: "permission_denied",
-                            message: "Je kan jezelf niet verwijderen als hoofdbeheerder"
-                        })
+                            code: 'permission_denied',
+                            message: 'Je kan jezelf niet verwijderen als hoofdbeheerder',
+                        });
                     }
                 }
             }
@@ -108,9 +111,9 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
 
         if (editUser.id == user.id && request.body.password) {
             // password changes
-            await editUser.changePassword(request.body.password)
-            await PasswordToken.clearFor(editUser.id)
-            await Token.clearFor(editUser.id, token.accessToken)
+            await editUser.changePassword(request.body.password);
+            await PasswordToken.clearFor(editUser.id);
+            await Token.clearFor(editUser.id, token.accessToken);
         }
 
         await editUser.save();
@@ -119,23 +122,23 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
             if (request.body.email && request.body.email !== editUser.email) {
                 // Create an validation code
                 // We always need the code, to return it. Also on password recovery -> may not be visible to the client whether the user exists or not
-                const code = await EmailVerificationCode.createFor(editUser, request.body.email)
-                code.send(editUser, organization, request.i18n, editUser.id === user.id)
+                const code = await EmailVerificationCode.createFor(editUser, request.body.email);
+                code.send(editUser, organization, request.i18n, editUser.id === user.id).catch(console.error);
 
                 throw new SimpleError({
-                    code: "verify_email",
-                    message: "Your email address needs verification",
-                    human: editUser.id === user.id ? "Verifieer jouw nieuwe e-mailadres via de link in de e-mail, daarna passen we het automatisch aan." : "Er is een verificatie e-mail verstuurd naar "+request.body.email+" om het e-mailadres te verifiëren. Zodra dat is gebeurd, wordt het e-mailadres gewijzigd.",
+                    code: 'verify_email',
+                    message: 'Your email address needs verification',
+                    human: editUser.id === user.id ? 'Verifieer jouw nieuwe e-mailadres via de link in de e-mail, daarna passen we het automatisch aan.' : 'Er is een verificatie e-mail verstuurd naar ' + request.body.email + ' om het e-mailadres te verifiëren. Zodra dat is gebeurd, wordt het e-mailadres gewijzigd.',
                     meta: SignupResponse.create({
                         token: code.token,
                     }).encode({ version: request.request.getVersion() }),
-                    statusCode: 403
+                    statusCode: 403,
                 });
             }
         }
 
         return new Response(
-            await AuthenticatedStructures.userWithMembers(editUser)
-        );      
+            await AuthenticatedStructures.userWithMembers(editUser),
+        );
     }
 }

package/src/endpoints/auth/PollEmailVerificationEndpoint.ts

@@ -1,7 +1,7 @@
 import { Decoder } from '@simonbackx/simple-encoding';
-import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { EmailVerificationCode } from '@stamhoofd/models';
-import { PollEmailVerificationRequest, PollEmailVerificationResponse } from "@stamhoofd/structures";
+import { PollEmailVerificationRequest, PollEmailVerificationResponse } from '@stamhoofd/structures';
 
 import { Context } from '../../helpers/Context';
 
@@ -14,11 +14,11 @@ export class PollEmailVerificationEndpoint extends Endpoint<Params, Query, Body,
     bodyDecoder = PollEmailVerificationRequest as Decoder<PollEmailVerificationRequest>;
 
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "POST") {
+        if (request.method !== 'POST') {
             return [false];
         }
 
-        const params = Endpoint.parseParameters(request.url, "/verify-email/poll", {});
+        const params = Endpoint.parseParameters(request.url, '/verify-email/poll', {});
 
         if (params) {
             return [true, params as Params];
@@ -27,11 +27,11 @@ export class PollEmailVerificationEndpoint extends Endpoint<Params, Query, Body,
     }
 
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        const organization = await Context.setOptionalOrganizationScope()
-        const valid = await EmailVerificationCode.poll(organization?.id ?? null, request.body.token)
-        
+        const organization = await Context.setOptionalOrganizationScope();
+        const valid = await EmailVerificationCode.poll(organization?.id ?? null, request.body.token);
+
         return new Response(PollEmailVerificationResponse.create({
-            valid
+            valid,
         }));
     }
-}
+}

package/src/endpoints/auth/RetryEmailVerificationEndpoint.ts

@@ -1,7 +1,7 @@
 import { Decoder } from '@simonbackx/simple-encoding';
-import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { EmailVerificationCode } from '@stamhoofd/models';
-import { PollEmailVerificationRequest, PollEmailVerificationResponse } from "@stamhoofd/structures";
+import { PollEmailVerificationRequest, PollEmailVerificationResponse } from '@stamhoofd/structures';
 
 import { Context } from '../../helpers/Context';
 
@@ -14,11 +14,11 @@ export class PollEmailVerificationEndpoint extends Endpoint<Params, Query, Body,
     bodyDecoder = PollEmailVerificationRequest as Decoder<PollEmailVerificationRequest>;
 
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "POST") {
+        if (request.method !== 'POST') {
             return [false];
         }
 
-        const params = Endpoint.parseParameters(request.url, "/verify-email/retry", {});
+        const params = Endpoint.parseParameters(request.url, '/verify-email/retry', {});
 
         if (params) {
             return [true, params as Params];
@@ -27,15 +27,15 @@ export class PollEmailVerificationEndpoint extends Endpoint<Params, Query, Body,
     }
 
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        const organization = await Context.setOptionalOrganizationScope()
+        const organization = await Context.setOptionalOrganizationScope();
         const valid = await EmailVerificationCode.poll(organization?.id ?? null, request.body.token);
 
         if (valid) {
-            EmailVerificationCode.resend(organization, request.body.token, request.i18n).catch(console.error)
+            EmailVerificationCode.resend(organization, request.body.token, request.i18n).catch(console.error);
         }
 
         return new Response(PollEmailVerificationResponse.create({
-            valid
+            valid,
         }));
     }
-}
+}

package/src/endpoints/auth/SignupEndpoint.ts

@@ -1,8 +1,8 @@
 import { Decoder } from '@simonbackx/simple-encoding';
-import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
 import { EmailVerificationCode, PasswordToken, sendEmailTemplate, User } from '@stamhoofd/models';
-import { EmailTemplateType, NewUser, Recipient, Replacement, SignupResponse } from "@stamhoofd/structures";
+import { EmailTemplateType, NewUser, Recipient, Replacement, SignupResponse } from '@stamhoofd/structures';
 
 import { Context } from '../../helpers/Context';
 
@@ -15,11 +15,11 @@ export class SignupEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
     bodyDecoder = NewUser as Decoder<NewUser>;
 
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "POST") {
+        if (request.method !== 'POST') {
             return [false];
         }
 
-        const params = Endpoint.parseParameters(request.url, "/sign-up", {});
+        const params = Endpoint.parseParameters(request.url, '/sign-up', {});
 
         if (params) {
             return [true, params as Params];
@@ -28,32 +28,34 @@ export class SignupEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
     }
 
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        const organization = await Context.setUserOrganizationScope()
+        const organization = await Context.setUserOrganizationScope();
 
-        const u = await User.getForRegister(organization?.id ?? null, request.body.email)
+        const u = await User.getForRegister(organization?.id ?? null, request.body.email);
 
         // Don't optimize. Always run two queries atm.
-        let user = u ? undefined : (await User.register(
-            organization,
-            request.body
-        ));
+        let user = u
+            ? undefined
+            : (await User.register(
+                    organization,
+                    request.body,
+                ));
 
-        let sendCode = true
+        let sendCode = true;
 
         if (!user) {
             if (!u) {
                 // Fail silently because user did exist, and we don't want to expose that the user doesn't exists
-                console.error("Could not register, but user doesn't exist: "+request.body.email)
+                console.error("Could not register, but user doesn't exist: " + request.body.email);
 
                 throw new SimpleError({
-                    code: "unexpected_error",
-                    message: "Something went wrong",
-                    human: "Er ging iets mis",
-                    statusCode: 500
-                })
+                    code: 'unexpected_error',
+                    message: 'Something went wrong',
+                    human: 'Er ging iets mis',
+                    statusCode: 500,
+                });
             }
 
-            user = u
+            user = u;
 
             if (u.hasAccount()) {
                 // Don't send the code
@@ -62,7 +64,7 @@ export class SignupEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
                 // We don't await this block to avoid user enumeration attack using request response time
                 (async () => {
                     // Send an e-mail to say you already have an account + follow password forgot flow
-                    const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(user, organization, request.i18n)
+                    const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(user, organization, request.i18n);
 
                     // Create e-mail builder
                     await sendEmailTemplate(organization, {
@@ -74,42 +76,41 @@ export class SignupEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
                                 replacements: [
                                     Replacement.create({
                                         token: 'resetUrl',
-                                        value: recoveryUrl
-                                    })
-                                ]
-                            })
+                                        value: recoveryUrl,
+                                    }),
+                                ],
+                            }),
                         ],
                         template: {
                             type: EmailTemplateType.SignupAlreadyHasAccount,
                         },
-                        type: 'transactional'
-                    })
-
+                        type: 'transactional',
+                    });
                 })().catch(console.error);
-
-            } else {
+            }
+            else {
                 // This is safe, because we are the first one. There is no password yet.
                 // If a hacker tries this, he won't be able to sign in, because he needs to
                 // verify the e-mail first (same as if the user didn't exist)
                 // If we didn't set the password, we would allow a different kind of attack:
                 // a hacker could send an e-mail to the user (try to register again, seindgin a new email which would trigger a different password change), right after the user registered (without verifying yet), when he had set a different password
-                // user clicks on second e-mail -> this sets the hackers password instead 
-                user.verified = false
-                await user.changePassword(request.body.password)
-                await PasswordToken.clearFor(user.id)
-                await user.save()
+                // user clicks on second e-mail -> this sets the hackers password instead
+                user.verified = false;
+                await user.changePassword(request.body.password);
+                await PasswordToken.clearFor(user.id);
+                await user.save();
             }
         }
 
         // We always need the code, to return it. Also on password recovery -> may not be visible to the client whether the user exists or not
-        const code = await EmailVerificationCode.createFor(user, user.email)
+        const code = await EmailVerificationCode.createFor(user, user.email);
 
         if (sendCode) {
-            code.send(user, organization, request.i18n).catch(console.error)
+            code.send(user, organization, request.i18n).catch(console.error);
         }
 
         return new Response(SignupResponse.create({
-            token: code.token
+            token: code.token,
         }));
     }
 }