lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: privileged actions

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-19 23:59:21 +01:00 committed by Josh Harvey
parent 357fe75427
commit 7680b2f85a
5 changed files with 29 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

98
lib/new-admin/graphql/modules/authentication.js
View file

@ -52,6 +52,18 @@ const initializeSession = (context, user, rememberMe) => {
if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE
}
const executeProtectedAction = (code, id, context, action) => {
return users.getUserById(id)
.then(user => {
if (user.role !== 'superuser') {
return action()
}
return confirm2FA(code, context)
.then(() => action())
})
}
const getUserData = context => {
const lidCookie = getLamassuCookie(context)
if (!lidCookie) return
@ -93,7 +105,6 @@ const validateRegisterLink = token => {
if (!r.success) throw new authErrors.InvalidUrlError()
return { username: r.username, role: r.role }
})
.catch(err => console.error(err))
}
const validateResetPasswordLink = token => {
@ -103,7 +114,6 @@ const validateResetPasswordLink = token => {
if (!r.success) throw new authErrors.InvalidUrlError()
return { id: r.userID }
})
.catch(err => console.error(err))
}
const validateReset2FALink = token => {
@ -121,7 +131,6 @@ const validateReset2FALink = token => {
.then(([_, user, secret, otpauth]) => {
return { user_id: user.id, secret, otpauth }
})
.catch(err => console.error(err))
}
const deleteSession = (sessionID, context) => {
@ -148,92 +157,41 @@ const input2FA = (username, password, rememberMe, code, context) => {
})
}
const setup2FA = (username, password, rememberMe, secret, codeConfirmation, context) => {
if (!secret) throw new authErrors.InvalidTwoFactorError()
const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: secret })
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
const setup2FA = (username, password, rememberMe, codeConfirmation, context) => {
return authenticateUser(username, password)
.then(user => {
if (user.temp_twofa_code !== secret) {
throw new authErrors.InvalidTwoFactorError()
}
const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: user.temp_twofa_code })
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
initializeSession(context, user, rememberMe)
return users.save2FASecret(user.id, secret)
return users.save2FASecret(user.id, user.temp_twofa_code)
})
.then(() => true)
}
const changeUserRole = (code, id, newRole, context) => {
const action = (id, newRole) => users.changeUserRole(id, newRole)
return users.getUserById(id)
.then(user => {
if (user.role !== 'superuser') {
return action(id, newRole)
}
return confirm2FA(code, context)
})
.then(() => action(id, newRole))
const action = () => users.changeUserRole(id, newRole)
return executeProtectedAction(code, id, context, action)
}
const enableUser = (code, id, context) => {
const action = id => users.enableUser(id)
return users.getUserById(id)
.then(user => {
if (user.role !== 'superuser') {
return action(id)
}
return confirm2FA(code, context)
})
.then(() => action(id))
const action = () => users.enableUser(id)
return executeProtectedAction(code, id, context, action)
}
const disableUser = (code, id, context) => {
const action = id => users.disableUser(id)
return users.getUserById(id)
.then(user => {
if (user.role !== 'superuser') {
return action(id)
}
return confirm2FA(code, context)
})
.then(() => action(id))
const action = () => users.disableUser(id)
return executeProtectedAction(code, id, context, action)
}
const createResetPasswordToken = (code, userID, context) => {
const action = user => users.createAuthToken(user.id, 'reset_password')
return users.getUserById(userID)
.then(user => {
if (user.role !== 'superuser') {
return action(user.id)
}
return confirm2FA(code, context)
.then(() => action(user))
})
const action = () => users.createAuthToken(userID, 'reset_password')
return executeProtectedAction(code, id, context, action)
}
const createReset2FAToken = (code, userID, context) => {
const action = user => users.createAuthToken(user.id, 'reset_twofa')
return users.getUserById(userID)
.then(user => {
if (user.role !== 'superuser') {
return action(user)
}
return confirm2FA(code, context)
.then(() => action(user))
})
const action = () => users.createAuthToken(userID, 'reset_twofa')
return executeProtectedAction(code, id, context, action)
}
const createRegisterToken = (username, role) => {
@ -243,7 +201,6 @@ const createRegisterToken = (username, role) => {
return users.createUserRegistrationToken(username, role)
})
.catch(err => console.error(err))
}
const register = (token, username, password, role) => {
@ -252,7 +209,6 @@ const register = (token, username, password, role) => {
if (user) throw new authErrors.UserAlreadyExistsError()
return users.register(token, username, password, role).then(() => true)
})
.catch(err => console.error(err))
}
const resetPassword = (token, userID, newPassword, context) => {
@ -262,7 +218,6 @@ const resetPassword = (token, userID, newPassword, context) => {
return users.updatePassword(token, user.id, newPassword)
})
.then(() => true)
.catch(err => console.error(err))
}
const reset2FA = (token, userID, code, secret, context) => {
@ -278,7 +233,6 @@ const reset2FA = (token, userID, code, secret, context) => {
return users.reset2FASecret(token, user.id, secret)
})
.then(() => true)
.catch(err => console.error(err))
}
module.exports = {