fix: multiple small fixes across auth

2021-04-16 05:53:22 +01:00 · 2021-04-16 05:53:22 +01:00 · bbc37c0202
commit bbc37c0202
parent 9fa97725ec
22 changed files with 296 additions and 291 deletions
--- a/lib/new-admin/graphql/modules/authentication.js
+++ b/lib/new-admin/graphql/modules/authentication.js
@ -21,8 +21,9 @@ function authenticateUser(username, password) {
      if (!isMatch) throw new authErrors.InvalidCredentialsError()
      return loginHelper.validateUser(username, hashedPassword)
    })
-    .catch(e => {
-      console.error(e)
+    .then(user => {
+      if (!user) throw new authErrors.InvalidCredentialsError()
+      return user
    })
 }

@ -70,7 +71,7 @@ const validateRegisterLink = token => {

 const validateResetPasswordLink = token => {
  if (!token) throw new authErrors.InvalidUrlError()
-  return users.validatePasswordResetToken(token)
+  return users.validateAuthToken(token, 'reset_password')
    .then(r => {
      if (!r.success) throw new authErrors.InvalidUrlError()
      return { id: r.userID }
@ -80,7 +81,7 @@ const validateResetPasswordLink = token => {

 const validateReset2FALink = token => {
  if (!token) throw new authErrors.InvalidUrlError()
-  return users.validate2FAResetToken(token)
+  return users.validateAuthToken(token, 'reset_twofa')
    .then(r => {
      if (!r.success) throw new authErrors.InvalidUrlError()
      return users.getUserById(r.userID)
@ -111,10 +112,12 @@ const login = (username, password) => {
 }

 const input2FA = (username, password, rememberMe, code, context) => {
-  return authenticateUser(username, password).then(user => {
-    if (!user) throw new authErrors.InvalidCredentialsError()
-
-    return users.getUserById(user.id).then(user => {
+  return authenticateUser(username, password)
+    .then(user => {
+      if (!user) throw new authErrors.InvalidCredentialsError()
+      return users.getUserById(user.id)
+    })
+    .then(user => {
      const secret = user.twofa_code
      const isCodeValid = otplib.authenticator.verify({ token: code, secret: secret })
      if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
@ -125,25 +128,32 @@ const input2FA = (username, password, rememberMe, code, context) => {

      return true
    })
-  })
 }

-const setup2FA = (username, password, secret, codeConfirmation) => {
-  return authenticateUser(username, password).then(user => {
-    if (!user || !secret) throw new authErrors.InvalidCredentialsError()
+const setup2FA = (username, password, rememberMe, secret, codeConfirmation, context) => {
+  return authenticateUser(username, password)
+    .then(user => {
+      if (!user || !secret) throw new authErrors.InvalidCredentialsError()

-    const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: secret })
-    if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
+      const isCodeValid = otplib.authenticator.verify({ token: codeConfirmation, secret: secret })
+      if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()

-    return users.save2FASecret(user.id, secret).then(() => true)
-  })
+      return users.getUserById(user.id)
+    })
+    .then(user => {
+      const finalUser = { id: user.id, username: user.username, role: user.role }
+      context.req.session.user = finalUser
+      if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE
+
+      return true
+    })
 }

 const createResetPasswordToken = userID => {
  return users.getUserById(userID)
    .then(user => {
      if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createResetPasswordToken(user.id)
+      return users.createAuthToken(user.id, 'reset_password')
    })
    .catch(err => console.error(err))
 }
@ -152,7 +162,7 @@ const createReset2FAToken = userID => {
  return users.getUserById(userID)
    .then(user => {
      if (!user) throw new authErrors.InvalidCredentialsError()
-      return users.createReset2FAToken(user.id)
+      return users.createAuthToken(user.id, 'reset_twofa')
    })
    .catch(err => console.error(err))
 }
@ -177,20 +187,26 @@ const register = (token, username, password, role) => {
 }

 const resetPassword = (token, userID, newPassword, context) => {
-  return users.getUserById(userID).then(user => {
-    if (!user) throw new authErrors.InvalidCredentialsError()
-    if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
-    return users.updatePassword(token, user.id, newPassword)
-  }).then(() => true).catch(err => console.error(err))
+  return users.getUserById(userID)
+    .then(user => {
+      if (!user) throw new authErrors.InvalidCredentialsError()
+      if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
+      return users.updatePassword(token, user.id, newPassword)
+    })
+    .then(() => true)
+    .catch(err => console.error(err))
 }

 const reset2FA = (token, userID, code, secret, context) => {
-  return users.getUserById(userID).then(user => {
-    const isCodeValid = otplib.authenticator.verify({ token: code, secret })
-    if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
-    if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
-    return users.reset2FASecret(token, user.id, secret).then(() => true)
-  }).catch(err => console.error(err))
+  const isCodeValid = otplib.authenticator.verify({ token: code, secret })
+  if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
+
+  return users.getUserById(userID)
+    .then(user => {
+      if (context.req.session.user && user.id === context.req.session.user.id) context.req.session.destroy()
+      return users.reset2FASecret(token, user.id, secret).then(() => true)
+    })
+    .catch(err => console.error(err))
 }

 module.exports = {