add validation for user profile update, add getToken

[gibkigonzo]

• Added validation for user profile update.
• add getToken to handle getting token from header

[netzkollektiv]

@gibkigonzo
This validation makes it really hard to customize the user profile update form. If you remove a field, the validation in the api needs to be updated. How is it intended to do this? Is there any reason why this needs to be validated in vsf-api additionally?

Thanks!

[gibkigonzo]

You can use src/models/userProfileUpdate.schema.extension.json to customize validation. Logic that I've added only checks if update action came from valid user. Magento allows to modify user address by using id of different user. So we needed to add this validation https://github.com/vuestorefront/vue-storefront-api/pull/488/files#diff-f70a8489a60f3ab71b81acf5b38e95c81b2355b960608e008156bf77e3ca4a13R29 to make it more secure

[netzkollektiv]

Thanks! That's a good thing! However, is it intended to change the core (src/models/userProfileUpdate.schema.extension.json) for custom functionality? Shouldn't there be a hook or something like that?

[gibkigonzo]

It is intended. This file will not be changed so you shouldnt be afraid of conflicts.

I agree that hooks will be better, but as I know vsf1 is now LTS and vsf-api is part of it. So I'm not sure if there will be such a change. You can also ask on discord channel :) gl