lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: multiple small fixes across auth

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-16 05:53:22 +01:00 committed by Josh Harvey
parent 9fa97725ec
commit bbc37c0202
22 changed files with 296 additions and 291 deletions
Download patch file Download diff file Expand all files Collapse all files

44
lib/users.js
View file

@ -72,16 +72,16 @@ function save2FASecret (id, secret) {
})
}
function validate2FAResetToken (token) {
function validateAuthToken (token, type) {
const sql = `SELECT user_id, now() < expire AS success FROM auth_tokens
WHERE token=$1 AND type='reset_twofa'`
WHERE token=$1 AND type=$2`
return db.one(sql, [token])
return db.one(sql, [token, type])
.then(res => ({ userID: res.user_id, success: res.success }))
}
function reset2FASecret (token, id, secret) {
return validate2FAResetToken(token).then(res => {
return validateAuthToken(token, 'reset_twofa').then(res => {
if (!res.success) throw new Error('Failed to verify 2FA reset token')
return db.tx(t => {
const q1 = t.none('UPDATE users SET twofa_code=$1 WHERE id=$2', [secret, id])
@ -92,23 +92,15 @@ function reset2FASecret (token, id, secret) {
})
}
function createReset2FAToken (userID) {
function createAuthToken (userID, type) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_twofa', $2) ON CONFLICT (user_id, type) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, $2, $3) ON CONFLICT (user_id, type) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
return db.one(sql, [token, userID])
}
function validatePasswordResetToken (token) {
const sql = `SELECT user_id, now() < expire AS success FROM auth_tokens
WHERE token=$1 AND type='reset_password'`
return db.one(sql, [token])
.then(res => ({ userID: res.user_id, success: res.success }))
return db.one(sql, [token, type, userID])
}
function updatePassword (token, id, password) {
return validatePasswordResetToken(token).then(res => {
return validateAuthToken(token, 'reset_password').then(res => {
if (!res.success) throw new Error('Failed to verify password reset token')
return bcrypt.hash(password, 12).then(function (hash) {
return db.tx(t => {
@ -121,13 +113,6 @@ function updatePassword (token, id, password) {
})
}
function createResetPasswordToken (userID) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_password', $2) ON CONFLICT (user_id, type) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
return db.one(sql, [token, userID])
}
function createUserRegistrationToken (username, role) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `INSERT INTO user_register_tokens (token, username, role) VALUES ($1, $2, $3) ON CONFLICT (username)
@ -162,11 +147,8 @@ function changeUserRole (id, newRole) {
}
function enableUser (id) {
return db.tx(t => {
const q1 = t.none(`UPDATE users SET enabled=true WHERE id=$1`, [id])
const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
return t.batch([q1, q2])
})
const sql = `UPDATE users SET enabled=true WHERE id=$1`
return db.none(sql, [id])
}
function disableUser (id) {
@ -187,10 +169,8 @@ module.exports = {
updatePassword,
save2FASecret,
reset2FASecret,
validate2FAResetToken,
createReset2FAToken,
validatePasswordResetToken,
createResetPasswordToken,
validateAuthToken,
createAuthToken,
createUserRegistrationToken,
validateUserRegistrationToken,
register,