feat: add user management screen

feat: login screen fix: login routing and layout feat: add users migration feat: passport login strategy fix: users migration feat: simple authentication fix: request body feat: JWT authorization feat: 2fa step on login feat: 2fa flow feat: add rememberme to req body fix: hide 2fa secret from jwt fix: block login access to logged in user fix: rerouting to wizard refactor: login screen feat: setup 2fa state on login feat: 2fa secret qr code fix: remove jwt from 2fa secret fix: wizard redirect after login fix: 2fa setup flow fix: user id to uuid feat: user roles feat: user sessions and db persistence feat: session saving on DB and cookie refactor: unused code feat: cookie auto renew on request feat: get user data endpoint fix: repeated requests feat: react routing fix: private routes refactor: auth feat: sessions aware of ua and ip feat: sessions on gql feat: session management screen feat: replace user_tokens usage for users feat: user deletion also deletes active sessions feat: remember me alters session cookie accordingly feat: last session by all users fix: login feedback fix: page loading UX feat: routes based on user role feat: header aware of roles feat: reset password fix: reset password endpoint feat: handle password change feat: reset 2FA feat: user role on management screen feat: change user role fix: user last session query fix: context fix: destroy own session feat: reset password now resets sessions feat: reset 2fa now resets sessions refactor: user data refactor: user management screen feat: user enable feat: schema directives fix: remove schema directive temp feat: create new users feat: register endpoint feat: modals for reset links fix: directive Date errors feat: superuser directive feat: create user url modal fix: user management layout feat: confirmation modals fix: info text feat: 2fa input component feat: code input on 2fa state feat: add button styling feat: confirmation modal on superuser action feat: rework 2fa setup screen feat: rework reset 2fa screen fix: session management screen fix: user management screen fix: blacklist roles chore: migrate old customer values to new columns fix: value migration fix: value migration refactor: remove old code
2020-10-27 10:05:06 +00:00 · 2020-10-27 10:05:06 +00:00 · fded22f39a
commit fded22f39a
parent 368781864e
50 changed files with 9839 additions and 4501 deletions
--- a/lib/new-admin/services/login.js
+++ b/lib/new-admin/services/login.js
@ -1,48 +1,20 @@
-const crypto = require('crypto')
-
 const db = require('../../db')

-function generateOTP (name) {
-  const otp = crypto.randomBytes(32).toString('hex')
-
-  const sql = 'insert into one_time_passes (token, name) values ($1, $2)'
-
-  return db.none(sql, [otp, name])
-    .then(() => otp)
+function checkUser (username) {
+  const sql = 'select * from users where username=$1'
+  return db.oneOrNone(sql, [username]).then(value => { return value.password }).catch(() => false)
 }

-function validateOTP (otp) {
-  const sql = `delete from one_time_passes
-    where token=$1
-    returning name, created < now() - interval '1 hour' as expired`
+function validateUser (username, password) {
+  const sql = 'select id, username from users where username=$1 and password=$2'
+  const sqlUpdateLastAccessed = 'update users set last_accessed = now() where username=$1'

-  return db.one(sql, [otp])
-    .then(r => ({ success: !r.expired, expired: r.expired, name: r.name }))
-    .catch(() => ({ success: false, expired: false }))
-}
-
-function register (otp, ua, ip) {
-  return validateOTP(otp)
-    .then(r => {
-      if (!r.success) return r
-
-      const token = crypto.randomBytes(32).toString('hex')
-      const sql = 'insert into user_tokens (token, name, user_agent, ip_address) values ($1, $2, $3, $4)'
-
-      return db.none(sql, [token, r.name, ua, ip])
-        .then(() => ({ success: true, token: token }))
-    })
-    .catch(() => ({ success: false, expired: false }))
-}
-
-function authenticate (token) {
-  const sql = 'select token from user_tokens where token=$1'
-
-  return db.one(sql, [token]).then(() => true).catch(() => false)
+  return db.oneOrNone(sql, [username, password])
+    .then(user => { db.none(sqlUpdateLastAccessed, [user.username]); return user })
+    .catch(() => false)
 }

 module.exports = {
-  generateOTP,
-  register,
-  authenticate
+  checkUser,
+  validateUser
 }