lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lamassu-server/lib/users.js
Sérgio Salgado fded22f39a feat: add user management screen 
feat: login screen

fix: login routing and layout

feat: add users migration

feat: passport login strategy

fix: users migration

feat: simple authentication

fix: request body

feat: JWT authorization

feat: 2fa step on login

feat: 2fa flow

feat: add rememberme to req body

fix: hide 2fa secret from jwt

fix: block login access to logged in user

fix: rerouting to wizard

refactor: login screen

feat: setup 2fa state on login

feat: 2fa secret qr code

fix: remove jwt from 2fa secret

fix: wizard redirect after login

fix: 2fa setup flow

fix: user id to uuid

feat: user roles

feat: user sessions and db persistence

feat: session saving on DB and cookie

refactor: unused code

feat: cookie auto renew on request

feat: get user data endpoint

fix: repeated requests

feat: react routing

fix: private routes

refactor: auth

feat: sessions aware of ua and ip

feat: sessions on gql

feat: session management screen

feat: replace user_tokens usage for users

feat: user deletion also deletes active sessions

feat: remember me alters session cookie accordingly

feat: last session by all users

fix: login feedback

fix: page loading UX

feat: routes based on user role

feat: header aware of roles

feat: reset password

fix: reset password endpoint

feat: handle password change

feat: reset 2FA

feat: user role on management screen

feat: change user role

fix: user last session query

fix: context

fix: destroy own session

feat: reset password now resets sessions

feat: reset 2fa now resets sessions

refactor: user data

refactor: user management screen

feat: user enable

feat: schema directives

fix: remove schema directive temp

feat: create new users

feat: register endpoint

feat: modals for reset links

fix: directive Date errors

feat: superuser directive

feat: create user url modal

fix: user management layout

feat: confirmation modals

fix: info text

feat: 2fa input component

feat: code input on 2fa state

feat: add button styling

feat: confirmation modal on superuser action

feat: rework 2fa setup screen

feat: rework reset 2fa screen

fix: session management screen

fix: user management screen

fix: blacklist roles

chore: migrate old customer values to new columns

fix: value migration

fix: value migration

refactor: remove old code
2021-05-03 23:00:41 +01:00

178 lines
5.2 KiB
JavaScript
Raw Blame History

const _ = require('lodash/fp')
const pgp = require('pg-promise')()
const crypto = require('crypto')
const bcrypt = require('bcrypt')
const uuid = require('uuid')
const db = require('./db')
/**
* Get user by token
*
* @name get
* @function
*
* @param {string} token User's token to query by
*
* @returns {user object} User object (containing name)
*/
function get (token) {
const sql = 'select * from user_tokens where token=$1'
return db.oneOrNone(sql, [token])
}
/**
* Get multiple users given an array of tokens
*
* @name getByIds
* @function
*
* @param {array} tokens Array with users' tokens
*
* @returns {array} Array of users found
*/
function getByIds (tokens) {
const sql = 'select * from user_tokens where token in ($1^)'
const tokensClause = _.map(pgp.as.text, tokens).join(',')
return db.any(sql, [tokensClause])
}
function getUsers () {
const sql = `select id, username, role, enabled, last_accessed, last_accessed_from, last_accessed_address from users order by username`
return db.any(sql)
}
function getByName (username) {
const sql = `select id, username, role, last_accessed from users where username=$1 limit 1`
return db.oneOrNone(sql, [username])
}
function verifyAndUpdateUser (id, ua, ip) {
const sql = `select id, username, role, enabled from users where id=$1 limit 1`
return db.oneOrNone(sql, [id]).then(user => {
if (!user) return null
const sql2 = `update users set last_accessed=now(), last_accessed_from=$1, last_accessed_address=$2 where id=$3 returning id, role, enabled`
return db.one(sql2, [ua, ip, id]).then(user => {
return user
})
})
}
function createUser (username, password, role) {
const sql = `insert into users (id, username, password, role) values ($1, $2, $3, $4)`
bcrypt.hash(password, 12).then(function (hash) {
return db.none(sql, [uuid.v4(), username, hash, role])
})
}
function deleteUser (id) {
const sql = `delete from users where id=$1`
const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1`
return db.none(sql, [id]).then(() => db.none(sql2, [id]))
}
function findById (id) {
const sql = 'select id, username from users where id=$1'
return db.oneOrNone(sql, [id])
}
function get2FASecret (id) {
const sql = 'select id, username, twofa_code, role from users where id=$1'
return db.oneOrNone(sql, [id])
}
function save2FASecret (id, secret) {
const sql = 'update users set twofa_code=$1 where id=$2'
const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1`
return db.none(sql, [secret, id]).then(() => db.none(sql2, [id]))
}
function validate2FAResetToken (token) {
const sql = `delete from reset_twofa
where token=$1
returning user_id, now() < expire as success`
return db.one(sql, [token])
.then(res => ({ userID: res.user_id, success: res.success }))
}
function createReset2FAToken (userID) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `insert into reset_twofa (token, user_id) values ($1, $2) on conflict (user_id) do update set token=$1, expire=now() + interval '30 minutes' returning *`
return db.one(sql, [token, userID])
}
function updatePassword (id, password) {
bcrypt.hash(password, 12).then(function (hash) {
const sql = `update users set password=$1 where id=$2`
const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1`
return db.none(sql, [hash, id]).then(() => db.none(sql2, [id]))
})
}
function validatePasswordResetToken (token) {
const sql = `delete from reset_password
where token=$1
returning user_id, now() < expire as success`
return db.one(sql, [token])
.then(res => ({ userID: res.user_id, success: res.success }))
}
function createResetPasswordToken (userID) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `insert into reset_password (token, user_id) values ($1, $2) on conflict (user_id) do update set token=$1, expire=now() + interval '30 minutes' returning *`
return db.one(sql, [token, userID])
}
function createUserRegistrationToken (username, role) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `insert into user_register_tokens (token, username, role) values ($1, $2, $3) on conflict (username)
do update set token=$1, expire=now() + interval '30 minutes' returning *`
return db.one(sql, [token, username, role])
}
function validateUserRegistrationToken (token) {
const sql = `delete from user_register_tokens where token=$1
returning username, role, now() < expire as success`
return db.one(sql, [token])
.then(res => ({ username: res.username, role: res.role, success: res.success }))
}
function changeUserRole (id, newRole) {
const sql = `update users set role=$1 where id=$2`
return db.none(sql, [newRole, id])
}
function toggleUserEnable (id) {
const sql = `update users set enabled=not enabled where id=$1`
return db.none(sql, [id])
}
module.exports = {
get,
getByIds,
getUsers,
getByName,
verifyAndUpdateUser,
createUser,
deleteUser,
findById,
updatePassword,
get2FASecret,
save2FASecret,
validate2FAResetToken,
createReset2FAToken,
validatePasswordResetToken,
createResetPasswordToken,
createUserRegistrationToken,
validateUserRegistrationToken,
changeUserRole,
toggleUserEnable
}
Reference in a new issue View git blame Copy permalink