fix: naming and redundancy issues

2021-04-06 00:39:52 +01:00 · 2021-04-06 00:39:52 +01:00 · 40974dd501
commit 40974dd501
parent fff9523988
15 changed files with 194 additions and 143 deletions
--- a/lib/new-admin/graphql/errors/authentication.js
+++ b/lib/new-admin/graphql/errors/authentication.js
@ -0,0 +1,36 @@
+const { ApolloError } = require('apollo-server-express')
+
+class InvalidCredentialsError extends ApolloError {
+  constructor(message) {
+    super(message, 'INVALID_CREDENTIALS')
+    Object.defineProperty(this, 'name', { value: 'InvalidCredentialsError' })
+  }
+}
+
+class UserAlreadyExistsError extends ApolloError {
+  constructor(message) {
+    super(message, 'USER_ALREADY_EXISTS')
+    Object.defineProperty(this, 'name', { value: 'UserAlreadyExistsError' })
+  }
+}
+
+class InvalidTwoFactorError extends ApolloError {
+  constructor(message) {
+    super(message, 'INVALID_TWO_FACTOR_CODE')
+    Object.defineProperty(this, 'name', { value: 'InvalidTwoFactorError' })
+  }
+}
+
+class InvalidUrlError extends ApolloError {
+  constructor(message) {
+    super(message, 'INVALID_URL_TOKEN')
+    Object.defineProperty(this, 'name', { value: 'InvalidUrlError' })
+  }
+}
+
+module.exports = {
+  InvalidCredentialsError,
+  UserAlreadyExistsError,
+  InvalidTwoFactorError,
+  InvalidUrlError
+}
--- a/lib/new-admin/graphql/modules/authentication.js
+++ b/lib/new-admin/graphql/modules/authentication.js
@ -5,27 +5,28 @@ const loginHelper = require('../../services/login')
 const T = require('../../../time')
 const users = require('../../../users')
 const sessionManager = require('../../../session-manager')
+const authErrors = require('../errors/authentication')

 const REMEMBER_ME_AGE = 90 * T.day

-function authenticateUser (username, password) {
-  return loginHelper.checkUser(username).then(hashedPassword => {
-    if (!hashedPassword) return null
-    return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
-  }).then(([isMatch, hashedPassword]) => {
-    if (!isMatch) return null
-    return loginHelper.validateUser(username, hashedPassword)
-  }).then(user => {
-    if (!user) return null
-    return user
-  }).catch(e => {
-    console.error(e)
-  })
+function authenticateUser(username, password) {
+  return loginHelper.checkUser(username)
+    .then(hashedPassword => {
+      if (!hashedPassword) throw new authErrors.InvalidCredentialsError()
+      return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
+    })
+    .then(([isMatch, hashedPassword]) => {
+      if (!isMatch) throw new authErrors.InvalidCredentialsError()
+      return loginHelper.validateUser(username, hashedPassword)
+    })
+    .catch(e => {
+      console.error(e)
+    })
 }

 const getUserData = context => {
  const lidCookie = context.req.cookies && context.req.cookies.lid
-  if (!lidCookie) return null
+  if (!lidCookie) throw new authErrors.InvalidCredentialsError()

  const user = context.req.session.user
  return user
@ -33,7 +34,7 @@ const getUserData = context => {

 const get2FASecret = (username, password) => {
  return authenticateUser(username, password).then(user => {
-    if (!user) return null
+    if (!user) throw new authErrors.InvalidCredentialsError()

    const secret = otplib.authenticator.generateSecret()
    const otpauth = otplib.authenticator.keyuri(username, 'Lamassu Industries', secret)
@ -41,46 +42,45 @@ const get2FASecret = (username, password) => {
  })
 }

-const confirm2FA = (codeArg, context) => {
-  const code = codeArg
+const confirm2FA = (token, context) => {
  const requestingUser = context.req.session.user

-  if (!requestingUser) return false
+  if (!requestingUser) throw new authErrors.InvalidCredentialsError()

  return users.get2FASecret(requestingUser.id).then(user => {
    const secret = user.twofa_code
-    const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
+    const isCodeValid = otplib.authenticator.verify({ token, secret })

-    if (!isCodeValid) return false
+    if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
    return true
  })
 }

 const validateRegisterLink = token => {
-  if (!token) return null
+  if (!token) throw new authErrors.InvalidUrlError()
  return users.validateUserRegistrationToken(token)
    .then(r => {
-      if (!r.success) return null
+      if (!r.success) throw new authErrors.InvalidUrlError()
      return { username: r.username, role: r.role }
    })
    .catch(err => console.error(err))
 }

 const validateResetPasswordLink = token => {
-  if (!token) return null
+  if (!token) throw new authErrors.InvalidUrlError()
  return users.validatePasswordResetToken(token)
    .then(r => {
-      if (!r.success) return null
+      if (!r.success) throw new authErrors.InvalidUrlError()
      return { id: r.userID }
    })
    .catch(err => console.error(err))
 }

 const validateReset2FALink = token => {
-  if (!token) return null
+  if (!token) throw new authErrors.InvalidUrlError()
  return users.validate2FAResetToken(token)
    .then(r => {
-      if (!r.success) return null
+      if (!r.success) throw new authErrors.InvalidUrlError()
      return users.findById(r.userID)
    })
    .then(user => {
@ -95,12 +95,12 @@ const deleteSession = (sessionID, context) => {
  if (sessionID === context.req.session.id) {
    context.req.session.destroy()
  }
-  return sessionManager.deleteSession(sessionID)
+  return sessionManager.deleteSessionById(sessionID)
 }

 const login = (username, password) => {
  return authenticateUser(username, password).then(user => {
-    if (!user) return 'FAILED'
+    if (!user) throw new authErrors.InvalidCredentialsError()
    return users.get2FASecret(user.id).then(user => {
      const twoFASecret = user.twofa_code
      return twoFASecret ? 'INPUT2FA' : 'SETUP2FA'
@ -110,12 +110,12 @@ const login = (username, password) => {

 const input2FA = (username, password, rememberMe, code, context) => {
  return authenticateUser(username, password).then(user => {
-    if (!user) return false
+    if (!user) throw new authErrors.InvalidCredentialsError()

    return users.get2FASecret(user.id).then(user => {
      const secret = user.twofa_code
      const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
-      if (!isCodeValid) return false
+      if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()

      const finalUser = { id: user.id, username: user.username, role: user.role }
      context.req.session.user = finalUser
@ -128,48 +128,39 @@ const input2FA = (username, password, rememberMe, code, context) => {

 const setup2FA = (username, password, secret, codeConfirmation) => {
  return authenticateUser(username, password).then(user => {
-    if (!user || !secret) return false
+    if (!user || !secret) throw new authErrors.InvalidCredentialsError()

    const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: secret })
-    if (!isCodeValid) return false
+    if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()

-    users.save2FASecret(user.id, secret)
-    return true
+    return users.save2FASecret(user.id, secret).then(() => true)
  })
 }

 const createResetPasswordToken = userID => {
  return users.findById(userID)
    .then(user => {
-      if (!user) return null
+      if (!user) throw new authErrors.InvalidCredentialsError()
      return users.createResetPasswordToken(user.id)
    })
-    .then(token => {
-      return token
-    })
    .catch(err => console.error(err))
 }

 const createReset2FAToken = userID => {
  return users.findById(userID)
    .then(user => {
-      if (!user) return null
+      if (!user) throw new authErrors.InvalidCredentialsError()
      return users.createReset2FAToken(user.id)
    })
-    .then(token => {
-      return token
-    })
    .catch(err => console.error(err))
 }

 const createRegisterToken = (username, role) => {
  return users.getByName(username)
    .then(user => {
-      if (user) return null
+      if (user) throw new authErrors.UserAlreadyExistsError()

-      return users.createUserRegistrationToken(username, role).then(token => {
-        return token
-      })
+      return users.createUserRegistrationToken(username, role)
    })
    .catch(err => console.error(err))
 }
@ -177,29 +168,26 @@ const createRegisterToken = (username, role) => {
 const register = (username, password, role) => {
  return users.getByName(username)
    .then(user => {
-      if (user) return false
-
-      users.createUser(username, password, role)
-      return true
+      if (user) throw new authErrors.UserAlreadyExistsError()
+      return users.createUser(username, password, role).then(() => true)
    })
    .catch(err => console.error(err))
 }

 const resetPassword = (userID, newPassword, context) => {
  return users.findById(userID).then(user => {
-    if (!user) return false
+    if (!user) throw new authErrors.InvalidCredentialsError()
    if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
    return users.updatePassword(user.id, newPassword)
-  }).then(() => { return true }).catch(err => console.error(err))
+  }).then(() => true).catch(err => console.error(err))
 }

-const reset2FA = (userID, code, secret, context) => {
+const reset2FA = (userID, token, secret, context) => {
  return users.findById(userID).then(user => {
-    const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
-    if (!isCodeValid) return false
-
+    const isCodeValid = otplib.authenticator.verify({ token, secret })
+    if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
    if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
-    return users.save2FASecret(user.id, secret).then(() => { return true })
+    return users.save2FASecret(user.id, secret).then(() => true)
  }).catch(err => console.error(err))
 }

--- a/lib/new-admin/graphql/resolvers/users.resolver.js
+++ b/lib/new-admin/graphql/resolvers/users.resolver.js
@ -5,8 +5,8 @@ const sessionManager = require('../../../session-manager')
 const resolver = {
  Query: {
    users: () => users.getUsers(),
-    sessions: () => sessionManager.getSessionList(),
-    userSessions: (...[, { username }]) => sessionManager.getUserSessions(username),
+    sessions: () => sessionManager.getSessions(),
+    userSessions: (...[, { username }]) => sessionManager.getSessionsByUsername(username),
    userData: (root, args, context, info) => authentication.getUserData(context),
    get2FASecret: (...[, { username, password }]) => authentication.get2FASecret(username, password),
    confirm2FA: (root, args, context, info) => authentication.confirm2FA(args.code, context),
@ -17,7 +17,7 @@ const resolver = {
  Mutation: {
    deleteUser: (...[, { id }]) => users.deleteUser(id),
    deleteSession: (root, args, context, info) => authentication.deleteSession(args.sid, context),
-    deleteUserSessions: (...[, { username }]) => sessionManager.deleteUserSessions(username),
+    deleteUserSessions: (...[, { username }]) => sessionManager.deleteSessionsByUsername(username),
    changeUserRole: (...[, { id, newRole }]) => users.changeUserRole(id, newRole),
    toggleUserEnable: (...[, { id }]) => users.toggleUserEnable(id),
    login: (...[, { username, password }]) => authentication.login(username, password),