Do not allow a logged-in user to search for another user's info. #50
Description
Currently, if you are logged in, you can search for a user using the get user by id route by passing another user's ID as a query parameter.
This happens because the route uses the JWT token just for authentication and not to search for the user.
This would also prevent us from needing to export the userId from the create-authenticate-user.ts file, which is used for our tests, and to complete the route path (through query parameters) in the tests.
Remove the query param for the following routes:
- /user/:id
- /user/:userId/edit
- /user/:userId/photo
- /user/:userId/project
- /projects/:userId
Delete the following routes:
- /user ---- getUserByEmail - we can use the route by id - can be deprecated
With those changes, we need to fix the front-end o exclude these query parameters.
@pedrodecf could you create an issue on the front-end repo and link here ?
More context: #49