refactor: full refactor of user management

lib/new-admin/graphql/modules/authentication.js

@@ -29,7 +29,7 @@ function authenticateUser(username, password) {
 
 const getUserData = context => {
   const lidCookie = context.req.cookies && context.req.cookies.lid
-  if (!lidCookie) throw new AuthenticationError()
+  if (!lidCookie) return
 
   const user = context.req.session.user
   return user
@@ -145,26 +145,78 @@ const setup2FA = (username, password, rememberMe, secret, codeConfirmation, cont
       context.req.session.user = finalUser
       if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE
 
-      return true
+      return users.save2FASecret(user.id, secret)
     })
+    .then(() => true)
 }
 
-const createResetPasswordToken = userID => {
-  return users.getUserById(userID)
-    .then(user => {
-      if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createAuthToken(user.id, 'reset_password')
-    })
-    .catch(err => console.error(err))
+const changeUserRole = (code, id, newRole, context) => {
+  const action = (id, newRole) => users.changeUserRole(id, newRole)
+
+  if (!code) {
+    return action(id, newRole)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(id, newRole))
 }
 
-const createReset2FAToken = userID => {
-  return users.getUserById(userID)
-    .then(user => {
-      if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createAuthToken(user.id, 'reset_twofa')
-    })
-    .catch(err => console.error(err))
+const enableUser = (code, id, context) => {
+  const action = id => users.enableUser(id)
+
+  if (!code) {
+    return action(id)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(id))
+}
+
+const disableUser = (code, id, context) => {
+  const action = id => users.disableUser(id)
+
+  if (!code) {
+    return action(id)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(id))
+}
+
+const createResetPasswordToken = (code, userID, context) => {
+  const action = userID => {
+    return users.getUserById(userID)
+      .then(user => {
+        if (!user) throw new authErrors.InvalidCredentialsError()
+        return users.createAuthToken(user.id, 'reset_password')
+      })
+      .catch(err => console.error(err))
+  }
+
+  if (!code) {
+    return action(userID)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(userID))
+}
+
+const createReset2FAToken = (code, userID, context) => {
+  const action = userID => {
+    return users.getUserById(userID)
+      .then(user => {
+        if (!user) throw new authErrors.InvalidCredentialsError()
+        return users.createAuthToken(user.id, 'reset_twofa')
+      })
+      .catch(err => console.error(err))
+  }
+
+  if (!code) {
+    return action(userID)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(userID))
 }
 
 const createRegisterToken = (username, role) => {
@@ -220,6 +272,9 @@ module.exports = {
   login,
   input2FA,
   setup2FA,
+  changeUserRole,
+  enableUser,
+  disableUser,
   createResetPasswordToken,
   createReset2FAToken,
   createRegisterToken,

lib/new-admin/graphql/resolvers/users.resolver.js

@@ -15,16 +15,16 @@ const resolver = {
     validateReset2FALink: (...[, { token }]) => authentication.validateReset2FALink(token)
   },
   Mutation: {
-    enableUser: (...[, { id }]) => users.enableUser(id),
-    disableUser: (...[, { id }]) => users.disableUser(id),
+    enableUser: (...[, { confirmationCode, id }, context]) => authentication.enableUser(confirmationCode, id, context),
+    disableUser: (...[, { confirmationCode, id }, context]) => authentication.disableUser(confirmationCode, id, context),
     deleteSession: (...[, { sid }, context]) => authentication.deleteSession(sid, context),
     deleteUserSessions: (...[, { username }]) => sessionManager.deleteSessionsByUsername(username),
-    changeUserRole: (...[, { id, newRole }]) => users.changeUserRole(id, newRole),
+    changeUserRole: (...[, { confirmationCode, id, newRole }, context]) => authentication.changeUserRole(confirmationCode, id, newRole, context),
     login: (...[, { username, password }]) => authentication.login(username, password),
     input2FA: (...[, { username, password, rememberMe, code }, context]) => authentication.input2FA(username, password, rememberMe, code, context),
     setup2FA: (...[, { username, password, rememberMe, secret, codeConfirmation }, context]) => authentication.setup2FA(username, password, rememberMe, secret, codeConfirmation, context),
-    createResetPasswordToken: (...[, { userID }]) => authentication.createResetPasswordToken(userID),
-    createReset2FAToken: (...[, { userID }]) => authentication.createReset2FAToken(userID),
+    createResetPasswordToken: (...[, { confirmationCode, userID }, context]) => authentication.createResetPasswordToken(confirmationCode, userID, context),
+    createReset2FAToken: (...[, { confirmationCode, userID }, context]) => authentication.createReset2FAToken(confirmationCode, userID, context),
     createRegisterToken: (...[, { username, role }]) => authentication.createRegisterToken(username, role),
     register: (...[, { token, username, password, role }]) => authentication.register(token, username, password, role),
     resetPassword: (...[, { token, userID, newPassword }, context]) => authentication.resetPassword(token, userID, newPassword, context),

lib/new-admin/graphql/types/users.type.js

@@ -57,17 +57,17 @@ const typeDef = `
   }
 
   type Mutation {
-    enableUser(id: ID!): User @auth(requires: [SUPERUSER])
-    disableUser(id: ID!): User @auth(requires: [SUPERUSER])
+    enableUser(confirmationCode: String, id: ID!): User @auth(requires: [SUPERUSER])
+    disableUser(confirmationCode: String, id: ID!): User @auth(requires: [SUPERUSER])
     deleteSession(sid: String!): UserSession @auth(requires: [SUPERUSER])
     deleteUserSessions(username: String!): [UserSession] @auth(requires: [SUPERUSER])
-    changeUserRole(id: ID!, newRole: String!): User @auth(requires: [SUPERUSER])
+    changeUserRole(confirmationCode: String, id: ID!, newRole: String!): User @auth(requires: [SUPERUSER])
     toggleUserEnable(id: ID!): User @auth(requires: [SUPERUSER])
     login(username: String!, password: String!): String
     input2FA(username: String!, password: String!, code: String!, rememberMe: Boolean!): Boolean
     setup2FA(username: String!, password: String!, rememberMe: Boolean!, secret: String!, codeConfirmation: String!): Boolean
-    createResetPasswordToken(userID: ID!): ResetToken @auth(requires: [SUPERUSER])
-    createReset2FAToken(userID: ID!): ResetToken @auth(requires: [SUPERUSER])
+    createResetPasswordToken(confirmationCode: String, userID: ID!): ResetToken @auth(requires: [SUPERUSER])
+    createReset2FAToken(confirmationCode: String, userID: ID!): ResetToken @auth(requires: [SUPERUSER])
     createRegisterToken(username: String!, role: String!): RegistrationToken @auth(requires: [SUPERUSER])
     register(token: String!, username: String!, password: String!, role: String!): Boolean
     resetPassword(token: String!, userID: ID!, newPassword: String!): Boolean