refactor: full refactor of user management

2021-04-16 19:33:56 +01:00 · 2021-04-16 19:33:56 +01:00 · 9d028897bd
commit 9d028897bd
parent bbc37c0202
10 changed files with 328 additions and 225 deletions
--- a/lib/new-admin/graphql/modules/authentication.js
+++ b/lib/new-admin/graphql/modules/authentication.js
@ -29,7 +29,7 @@ function authenticateUser(username, password) {

 const getUserData = context => {
  const lidCookie = context.req.cookies && context.req.cookies.lid
-  if (!lidCookie) throw new AuthenticationError()
+  if (!lidCookie) return

  const user = context.req.session.user
  return user
@ -145,26 +145,78 @@ const setup2FA = (username, password, rememberMe, secret, codeConfirmation, cont
      context.req.session.user = finalUser
      if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE

-      return true
+      return users.save2FASecret(user.id, secret)
    })
+    .then(() => true)
 }

-const createResetPasswordToken = userID => {
-  return users.getUserById(userID)
-    .then(user => {
-      if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createAuthToken(user.id, 'reset_password')
-    })
-    .catch(err => console.error(err))
+const changeUserRole = (code, id, newRole, context) => {
+  const action = (id, newRole) => users.changeUserRole(id, newRole)
+
+  if (!code) {
+    return action(id, newRole)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(id, newRole))
 }

-const createReset2FAToken = userID => {
-  return users.getUserById(userID)
-    .then(user => {
-      if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createAuthToken(user.id, 'reset_twofa')
-    })
-    .catch(err => console.error(err))
+const enableUser = (code, id, context) => {
+  const action = id => users.enableUser(id)
+
+  if (!code) {
+    return action(id)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(id))
+}
+
+const disableUser = (code, id, context) => {
+  const action = id => users.disableUser(id)
+
+  if (!code) {
+    return action(id)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(id))
+}
+
+const createResetPasswordToken = (code, userID, context) => {
+  const action = userID => {
+    return users.getUserById(userID)
+      .then(user => {
+        if (!user) throw new authErrors.InvalidCredentialsError()
+        return users.createAuthToken(user.id, 'reset_password')
+      })
+      .catch(err => console.error(err))
+  }
+
+  if (!code) {
+    return action(userID)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(userID))
+}
+
+const createReset2FAToken = (code, userID, context) => {
+  const action = userID => {
+    return users.getUserById(userID)
+      .then(user => {
+        if (!user) throw new authErrors.InvalidCredentialsError()
+        return users.createAuthToken(user.id, 'reset_twofa')
+      })
+      .catch(err => console.error(err))
+  }
+
+  if (!code) {
+    return action(userID)
+  }
+
+  return confirm2FA(code, context)
+    .then(() => action(userID))
 }

 const createRegisterToken = (username, role) => {
@ -220,6 +272,9 @@ module.exports = {
  login,
  input2FA,
  setup2FA,
+  changeUserRole,
+  enableUser,
+  disableUser,
  createResetPasswordToken,
  createReset2FAToken,
  createRegisterToken,