lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: naming and redundancy issues

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-06 00:39:52 +01:00 committed by Josh Harvey
parent fff9523988
commit 40974dd501
15 changed files with 194 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

102
lib/new-admin/graphql/modules/authentication.js
View file

@ -5,27 +5,28 @@ const loginHelper = require('../../services/login')
const T = require('../../../time')
const users = require('../../../users')
const sessionManager = require('../../../session-manager')
const authErrors = require('../errors/authentication')
const REMEMBER_ME_AGE = 90 * T.day
function authenticateUser (username, password) {
return loginHelper.checkUser(username).then(hashedPassword => {
if (!hashedPassword) return null
return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
}).then(([isMatch, hashedPassword]) => {
if (!isMatch) return null
return loginHelper.validateUser(username, hashedPassword)
}).then(user => {
if (!user) return null
return user
}).catch(e => {
console.error(e)
})
function authenticateUser(username, password) {
return loginHelper.checkUser(username)
.then(hashedPassword => {
if (!hashedPassword) throw new authErrors.InvalidCredentialsError()
return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
})
.then(([isMatch, hashedPassword]) => {
if (!isMatch) throw new authErrors.InvalidCredentialsError()
return loginHelper.validateUser(username, hashedPassword)
})
.catch(e => {
console.error(e)
})
}
const getUserData = context => {
const lidCookie = context.req.cookies && context.req.cookies.lid
if (!lidCookie) return null
if (!lidCookie) throw new authErrors.InvalidCredentialsError()
const user = context.req.session.user
return user
@ -33,7 +34,7 @@ const getUserData = context => {
const get2FASecret = (username, password) => {
return authenticateUser(username, password).then(user => {
if (!user) return null
if (!user) throw new authErrors.InvalidCredentialsError()
const secret = otplib.authenticator.generateSecret()
const otpauth = otplib.authenticator.keyuri(username, 'Lamassu Industries', secret)
@ -41,46 +42,45 @@ const get2FASecret = (username, password) => {
})
}
const confirm2FA = (codeArg, context) => {
const code = codeArg
const confirm2FA = (token, context) => {
const requestingUser = context.req.session.user
if (!requestingUser) return false
if (!requestingUser) throw new authErrors.InvalidCredentialsError()
return users.get2FASecret(requestingUser.id).then(user => {
const secret = user.twofa_code
const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
const isCodeValid = otplib.authenticator.verify({ token, secret })
if (!isCodeValid) return false
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
return true
})
}
const validateRegisterLink = token => {
if (!token) return null
if (!token) throw new authErrors.InvalidUrlError()
return users.validateUserRegistrationToken(token)
.then(r => {
if (!r.success) return null
if (!r.success) throw new authErrors.InvalidUrlError()
return { username: r.username, role: r.role }
})
.catch(err => console.error(err))
}
const validateResetPasswordLink = token => {
if (!token) return null
if (!token) throw new authErrors.InvalidUrlError()
return users.validatePasswordResetToken(token)
.then(r => {
if (!r.success) return null
if (!r.success) throw new authErrors.InvalidUrlError()
return { id: r.userID }
})
.catch(err => console.error(err))
}
const validateReset2FALink = token => {
if (!token) return null
if (!token) throw new authErrors.InvalidUrlError()
return users.validate2FAResetToken(token)
.then(r => {
if (!r.success) return null
if (!r.success) throw new authErrors.InvalidUrlError()
return users.findById(r.userID)
})
.then(user => {
@ -95,12 +95,12 @@ const deleteSession = (sessionID, context) => {
if (sessionID === context.req.session.id) {
context.req.session.destroy()
}
return sessionManager.deleteSession(sessionID)
return sessionManager.deleteSessionById(sessionID)
}
const login = (username, password) => {
return authenticateUser(username, password).then(user => {
if (!user) return 'FAILED'
if (!user) throw new authErrors.InvalidCredentialsError()
return users.get2FASecret(user.id).then(user => {
const twoFASecret = user.twofa_code
return twoFASecret ? 'INPUT2FA' : 'SETUP2FA'
@ -110,12 +110,12 @@ const login = (username, password) => {
const input2FA = (username, password, rememberMe, code, context) => {
return authenticateUser(username, password).then(user => {
if (!user) return false
if (!user) throw new authErrors.InvalidCredentialsError()
return users.get2FASecret(user.id).then(user => {
const secret = user.twofa_code
const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
if (!isCodeValid) return false
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
const finalUser = { id: user.id, username: user.username, role: user.role }
context.req.session.user = finalUser
@ -128,48 +128,39 @@ const input2FA = (username, password, rememberMe, code, context) => {
const setup2FA = (username, password, secret, codeConfirmation) => {
return authenticateUser(username, password).then(user => {
if (!user || !secret) return false
if (!user || !secret) throw new authErrors.InvalidCredentialsError()
const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: secret })
if (!isCodeValid) return false
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
users.save2FASecret(user.id, secret)
return true
return users.save2FASecret(user.id, secret).then(() => true)
})
}
const createResetPasswordToken = userID => {
return users.findById(userID)
.then(user => {
if (!user) return null
if (!user) throw new authErrors.InvalidCredentialsError()
return users.createResetPasswordToken(user.id)
})
.then(token => {
return token
})
.catch(err => console.error(err))
}
const createReset2FAToken = userID => {
return users.findById(userID)
.then(user => {
if (!user) return null
if (!user) throw new authErrors.InvalidCredentialsError()
return users.createReset2FAToken(user.id)
})
.then(token => {
return token
})
.catch(err => console.error(err))
}
const createRegisterToken = (username, role) => {
return users.getByName(username)
.then(user => {
if (user) return null
if (user) throw new authErrors.UserAlreadyExistsError()
return users.createUserRegistrationToken(username, role).then(token => {
return token
})
return users.createUserRegistrationToken(username, role)
})
.catch(err => console.error(err))
}
@ -177,29 +168,26 @@ const createRegisterToken = (username, role) => {
const register = (username, password, role) => {
return users.getByName(username)
.then(user => {
if (user) return false
users.createUser(username, password, role)
return true
if (user) throw new authErrors.UserAlreadyExistsError()
return users.createUser(username, password, role).then(() => true)
})
.catch(err => console.error(err))
}
const resetPassword = (userID, newPassword, context) => {
return users.findById(userID).then(user => {
if (!user) return false
if (!user) throw new authErrors.InvalidCredentialsError()
if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
return users.updatePassword(user.id, newPassword)
}).then(() => { return true }).catch(err => console.error(err))
}).then(() => true).catch(err => console.error(err))
}
const reset2FA = (userID, code, secret, context) => {
const reset2FA = (userID, token, secret, context) => {
return users.findById(userID).then(user => {
const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
if (!isCodeValid) return false
const isCodeValid = otplib.authenticator.verify({ token, secret })
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
return users.save2FASecret(user.id, secret).then(() => { return true })
return users.save2FASecret(user.id, secret).then(() => true)
}).catch(err => console.error(err))
}