fix: multiple small fixes across auth

lib/new-admin/graphql/modules/authentication.js

@@ -21,8 +21,9 @@ function authenticateUser(username, password) {
       if (!isMatch) throw new authErrors.InvalidCredentialsError()
       return loginHelper.validateUser(username, hashedPassword)
     })
-    .catch(e => {
-      console.error(e)
+    .then(user => {
+      if (!user) throw new authErrors.InvalidCredentialsError()
+      return user
     })
 }
 
@@ -70,7 +71,7 @@ const validateRegisterLink = token => {
 
 const validateResetPasswordLink = token => {
   if (!token) throw new authErrors.InvalidUrlError()
-  return users.validatePasswordResetToken(token)
+  return users.validateAuthToken(token, 'reset_password')
     .then(r => {
       if (!r.success) throw new authErrors.InvalidUrlError()
       return { id: r.userID }
@@ -80,7 +81,7 @@ const validateResetPasswordLink = token => {
 
 const validateReset2FALink = token => {
   if (!token) throw new authErrors.InvalidUrlError()
-  return users.validate2FAResetToken(token)
+  return users.validateAuthToken(token, 'reset_twofa')
     .then(r => {
       if (!r.success) throw new authErrors.InvalidUrlError()
       return users.getUserById(r.userID)
@@ -111,10 +112,12 @@ const login = (username, password) => {
 }
 
 const input2FA = (username, password, rememberMe, code, context) => {
-  return authenticateUser(username, password).then(user => {
-    if (!user) throw new authErrors.InvalidCredentialsError()
-
-    return users.getUserById(user.id).then(user => {
+  return authenticateUser(username, password)
+    .then(user => {
+      if (!user) throw new authErrors.InvalidCredentialsError()
+      return users.getUserById(user.id)
+    })
+    .then(user => {
       const secret = user.twofa_code
       const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
       if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
@@ -125,25 +128,32 @@ const input2FA = (username, password, rememberMe, code, context) => {
 
       return true
     })
-  })
 }
 
-const setup2FA = (username, password, secret, codeConfirmation) => {
-  return authenticateUser(username, password).then(user => {
-    if (!user || !secret) throw new authErrors.InvalidCredentialsError()
+const setup2FA = (username, password, rememberMe, secret, codeConfirmation, context) => {
+  return authenticateUser(username, password)
+    .then(user => {
+      if (!user || !secret) throw new authErrors.InvalidCredentialsError()
 
-    const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: secret })
-    if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
+      const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: secret })
+      if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
 
-    return users.save2FASecret(user.id, secret).then(() => true)
-  })
+      return users.getUserById(user.id)
+    })
+    .then(user => {
+      const finalUser = { id: user.id, username: user.username, role: user.role }
+      context.req.session.user = finalUser
+      if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE
+
+      return true
+    })
 }
 
 const createResetPasswordToken = userID => {
   return users.getUserById(userID)
     .then(user => {
       if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createResetPasswordToken(user.id)
+      return users.createAuthToken(user.id, 'reset_password')
     })
     .catch(err => console.error(err))
 }
@@ -152,7 +162,7 @@ const createReset2FAToken = userID => {
   return users.getUserById(userID)
     .then(user => {
       if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createReset2FAToken(user.id)
+      return users.createAuthToken(user.id, 'reset_twofa')
     })
     .catch(err => console.error(err))
 }
@@ -177,20 +187,26 @@ const register = (token, username, password, role) => {
 }
 
 const resetPassword = (token, userID, newPassword, context) => {
-  return users.getUserById(userID).then(user => {
-    if (!user) throw new authErrors.InvalidCredentialsError()
-    if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
-    return users.updatePassword(token, user.id, newPassword)
-  }).then(() => true).catch(err => console.error(err))
+  return users.getUserById(userID)
+    .then(user => {
+      if (!user) throw new authErrors.InvalidCredentialsError()
+      if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
+      return users.updatePassword(token, user.id, newPassword)
+    })
+    .then(() => true)
+    .catch(err => console.error(err))
 }
 
 const reset2FA = (token, userID, code, secret, context) => {
-  return users.getUserById(userID).then(user => {
-    const isCodeValid = otplib.authenticator.verify({ token: code, secret })
-    if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
-    if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
-    return users.reset2FASecret(token, user.id, secret).then(() => true)
-  }).catch(err => console.error(err))
+  const isCodeValid = otplib.authenticator.verify({ token: code, secret })
+  if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
+
+  return users.getUserById(userID)
+    .then(user => {
+      if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
+      return users.reset2FASecret(token, user.id, secret).then(() => true)
+    })
+    .catch(err => console.error(err))
 }
 
 module.exports = {

lib/new-admin/graphql/resolvers/users.resolver.js

@@ -7,9 +7,9 @@ const resolver = {
     users: () => users.getUsers(),
     sessions: () => sessionManager.getSessions(),
     userSessions: (...[, { username }]) => sessionManager.getSessionsByUsername(username),
-    userData: (root, args, context, info) => authentication.getUserData(context),
+    userData: (...[, {}, context]) => authentication.getUserData(context),
     get2FASecret: (...[, { username, password }]) => authentication.get2FASecret(username, password),
-    confirm2FA: (root, args, context, info) => authentication.confirm2FA(args.code, context),
+    confirm2FA: (...[, { code }, context]) => authentication.confirm2FA(code, context),
     validateRegisterLink: (...[, { token }]) => authentication.validateRegisterLink(token),
     validateResetPasswordLink: (...[, { token }]) => authentication.validateResetPasswordLink(token),
     validateReset2FALink: (...[, { token }]) => authentication.validateReset2FALink(token)
@@ -17,18 +17,18 @@ const resolver = {
   Mutation: {
     enableUser: (...[, { id }]) => users.enableUser(id),
     disableUser: (...[, { id }]) => users.disableUser(id),
-    deleteSession: (root, args, context, info) => authentication.deleteSession(args.sid, context),
+    deleteSession: (...[, { sid }, context]) => authentication.deleteSession(sid, context),
     deleteUserSessions: (...[, { username }]) => sessionManager.deleteSessionsByUsername(username),
     changeUserRole: (...[, { id, newRole }]) => users.changeUserRole(id, newRole),
     login: (...[, { username, password }]) => authentication.login(username, password),
-    input2FA: (root, args, context, info) => authentication.input2FA(args.username, args.password, args.rememberMe, args.code, context),
-    setup2FA: (...[, { username, password, secret, codeConfirmation }]) => authentication.setup2FA(username, password, secret, codeConfirmation),
+    input2FA: (...[, { username, password, rememberMe, code }, context]) => authentication.input2FA(username, password, rememberMe, code, context),
+    setup2FA: (...[, { username, password, rememberMe, secret, codeConfirmation }, context]) => authentication.setup2FA(username, password, rememberMe, secret, codeConfirmation, context),
     createResetPasswordToken: (...[, { userID }]) => authentication.createResetPasswordToken(userID),
     createReset2FAToken: (...[, { userID }]) => authentication.createReset2FAToken(userID),
     createRegisterToken: (...[, { username, role }]) => authentication.createRegisterToken(username, role),
     register: (...[, { token, username, password, role }]) => authentication.register(token, username, password, role),
-    resetPassword: (root, args, context, info) => authentication.resetPassword(args.token, args.userID, args.newPassword, context),
-    reset2FA: (root, args, context, info) => authentication.reset2FA(args.token, args.userID, args.code, args.secret, context)
+    resetPassword: (...[, { token, userID, newPassword }, context]) => authentication.resetPassword(token, userID, newPassword, context),
+    reset2FA: (...[, { token, userID, code, secret }, context]) => authentication.reset2FA(token, userID, code, secret, context)
   }
 }
 

lib/new-admin/graphql/types/users.type.js

@@ -65,7 +65,7 @@ const typeDef = `
     toggleUserEnable(id: ID!): User @auth(requires: [SUPERUSER])
     login(username: String!, password: String!): String
     input2FA(username: String!, password: String!, code: String!, rememberMe: Boolean!): Boolean
-    setup2FA(username: String!, password: String!, secret: String!, codeConfirmation: String!): Boolean
+    setup2FA(username: String!, password: String!, rememberMe: Boolean!, secret: String!, codeConfirmation: String!): Boolean
     createResetPasswordToken(userID: ID!): ResetToken @auth(requires: [SUPERUSER])
     createReset2FAToken(userID: ID!): ResetToken @auth(requires: [SUPERUSER])
     createRegisterToken(username: String!, role: String!): RegistrationToken @auth(requires: [SUPERUSER])