Merge branch 'pw-table' of fyindr/siimee into dev

backend/.eslintrc

@@ -11,10 +11,7 @@
         "ecmaVersion": 12
     },
     "rules": {
-        "indent": [
-            "error",
-            4
-        ],
+        "indent": ["error", 4, { "SwitchCase": 1 }],
         "linebreak-style": [
             "error",
             "unix"

backend/db/migrations/20220901171733_user_authentication.js

@@ -0,0 +1,12 @@
+exports.up = function (knex) {
+    return knex.schema.createTable('authentication', function (table) {
+        table.string('user_email', 90).primary().unique()
+        table.date('created_at').notNullable()
+        // table.char('token').notNullable()
+        table.binary('token')
+    })
+}
+
+exports.down = function (knex) {
+    return knex.schema.dropTable('authentication')
+}

backend/lib/models/authentication.js

@@ -0,0 +1,12 @@
+const Schwifty = require('@hapipal/schwifty')
+const Joi = require('joi')
+const { userAuth } = require('../schemas/authentication')
+
+module.exports = class Auth extends Schwifty.Model {
+    static get tableName() {
+        return 'authentication'
+    }
+    static get joiSchema() {
+        return userAuth
+    }
+}

backend/lib/plugins/user.js

@@ -5,12 +5,14 @@ const Jwt = require('@hapi/jwt')
 const JwtStrategy = require('../auth/strategies/jwt')
 
 const UserModel = require('../models/user')
+const AuthModel = require('../models/authentication')
 
 const UserCurrentRoute = require('../routes/user/current')
 const UserProfileCreateRoute = require('../routes/user/create-profile')
 const UserProfilesListRoute = require('../routes/user/list-profiles')
 const UserLoginRoute = require('../routes/user/login')
 const UserSignupRoute = require('../routes/user/signup')
+const UserPassword = require('../routes/user/authentication')
 
 const UserService = require('../services/user')
 const DisplayService = require('../services/display')
@@ -23,6 +25,7 @@ module.exports = {
         await server.register(Jwt)
         await server.register(Schwifty)
         await server.registerModel(UserModel)
+        await server.registerModel(AuthModel)
 
         const mainApp = server.registrations['main-app-plugin']
         const jwtOptions = JwtStrategy(mainApp.options)
@@ -46,5 +49,6 @@ module.exports = {
         await server.route(UserSignupRoute)
         await server.route(UserProfileCreateRoute)
         await server.route(UserProfilesListRoute)
+        await server.route(UserPassword)
     },
 }

backend/lib/routes/user/authentication.js

@@ -0,0 +1,65 @@
+'use strict'
+
+const Joi = require('joi')
+const params = require('../../schemas/params')
+
+const pluginConfig = {
+    handlerType: 'password',
+    docs: {
+        get: {
+            description: 'get password',
+            notes: 'Returns a password by the user email passed in the path',
+        },
+    },
+}
+
+/** Validator functions by request method */
+const validators = {
+    /** Validate the route params (/active/{thing}) */
+    params: params.userEmail
+}
+
+module.exports = {
+    method: 'GET',
+    path: '/{user_email}/password',
+    options: {
+        ...pluginConfig.docs.get,
+        tags: ['api'],
+        // auth: 'default_jwt',
+        auth: false,
+        cors: true,
+        handler: async function (request, h) {
+            try {
+                const { userService } = request.services()
+                const userEmail = request.params.user_email
+
+                const password = await userService.getPassword(userEmail)
+
+                return {
+                    ok: true,
+                    handler: pluginConfig.handlerType,
+                    data: { password: password },
+                }
+            } catch (err) {
+                return {
+                    ok: false,
+                    handler: pluginConfig.handlerType,
+                    data: { error: err },
+                }
+            }
+        },
+        validate: {
+            ...validators,
+            failAction: 'log',
+        },
+
+        response: {
+            schema: Joi.object({
+                ok: Joi.bool(),
+                handler: Joi.string(),
+                data: Joi.object(),
+            }).label('password_res'),
+            failAction: 'log',
+        },
+    },
+}

backend/lib/routes/user/login.js

@@ -16,13 +16,13 @@ const pluginConfig = {
 const validators = {
     post: {
         payload: Joi.object({
-            user: userSchema.single,
-            error: errorSchema.single,
-        })
-            .append()
-            .label('login_payload'),
+            user_email: Joi.string(),
+            password: Joi.string(),
+        }),
+        
     },
     user: userSchema.single,
+    error: errorSchema.single,
 }
 
 module.exports = {
@@ -34,7 +34,7 @@ module.exports = {
         auth: false,
         handler: async function (request, h) {
             try {
-                const { userService, displayService } = request.services()
+                const { userService } = request.services()
 
                 const res = request.payload
 
@@ -42,8 +42,8 @@ module.exports = {
                 const login = async txn => {
                     return await userService.login(
                         {
-                            email: res.user.email,
-                            password: res.user.password,
+                            email: res.user_email,
+                            password: res.password,
                         },
                         txn,
                     )
@@ -56,7 +56,7 @@ module.exports = {
                 return {
                     ok: true,
                     handler: pluginConfig.handlerType,
-                    data: displayService.user(user, token),
+                    data: { user_email: user.user_email, jwtToken: token },
                 }
             } catch (err) {
                 console.error(err)
@@ -69,12 +69,21 @@ module.exports = {
         },
         validate: validators.post,
         response: {
-            schema: Joi.object({
-                ok: Joi.bool(),
-                handler: Joi.string(),
-                data: validators.user,
-            }).label('login_res'),
-            failAction: 'log',
+            status: {
+                201: Joi.object({
+                    ok: Joi.bool(),
+                    handler: Joi.string(),
+                    data: Joi.object({
+                        user_email: Joi.string(),
+                        jwtToken: Joi.string(),
+                    }),
+                }).label('login_res'),
+                409: Joi.object({
+                    ok: Joi.bool(),
+                    handler: Joi.string(),
+                    data: validators.error,
+                }).label('login_error'),
+            },
         },
     },
 }

backend/lib/routes/user/signup.js

@@ -56,6 +56,7 @@ module.exports = {
                         is_admin: 0,
                         is_verified: 0,
                     },
+                    created_at: Date.now()
                 })
                 return h
                     .response({

backend/lib/schemas/authentication.js

@@ -0,0 +1,13 @@
+'use strict'
+
+const Joi = require('joi')
+
+const userAuth = Joi.object({
+    user_email: Joi.string(),
+    created_at: Joi.date(),
+    token: Joi.binary().allow(null)
+}).label('user_auth')
+
+module.exports = {
+    userAuth
+}

backend/lib/schemas/params.js

@@ -7,5 +7,6 @@ module.exports = {
     userName: Joi.object({
         name: Joi.string().min(3).max(11),
         all: Joi.array(),
-    }).label('user_name_param')
+    }).label('user_name_param'),
+    userEmail: Joi.object({ user_email: Joi.string() }).label('user_email_param')
 }

backend/lib/schemas/user.js

@@ -17,6 +17,7 @@ const userSignup = Joi.object({
     is_poster: Joi.number(),
     is_admin: Joi.number(),
     is_verified: Joi.number(),
+    user_pass: Joi.string()
 }).label('user_signup')
 
 module.exports = {

backend/lib/services/user.js

@@ -1,10 +1,40 @@
 'use strict'
-
+require('dotenv').config()
 const Util = require('util')
 const Jwt = require('@hapi/jwt')
 const Schmervice = require('@hapipal/schmervice')
 const SecurePassword = require('secure-password')
 
+const hasher = async (pwd, steak) => {
+    const hash = await pwd.hash(steak)
+    const result = await pwd.verify(steak, hash)
+    let squirtle = null
+
+    switch (result) {
+        case SecurePassword.INVALID_UNRECOGNIZED_HASH:
+            return console.error(
+                'This hash was not made with secure-password. Attempt legacy algorithm',
+            )
+        case SecurePassword.INVALID:
+            return console.log('Invalid password')
+        case SecurePassword.VALID:
+            return result
+        case SecurePassword.VALID_NEEDS_REHASH:
+            console.log('Yay you made it, wait for us to improve your safety')
+            try {
+                squirtle = await pwd.hash(steak)
+                // console.log('improvedHash', squirtle)
+                // const saveHash = Auth.insert({user_email: matchingEmails}, ).into('token')
+                return squirtle
+            } catch (err) {
+                console.error(
+                    'You are authenticated, but we could not improve your safety this time around',
+                )
+            }
+            break
+    }
+}
+
 /** Class for methods used in the User plugin */
 module.exports = class UserService extends Schmervice.Service {
     /**
@@ -56,21 +86,33 @@ module.exports = class UserService extends Schmervice.Service {
      * @param {*} txn
      * @returns
      */
-    async signup({ password, userInfo }, txn) {
-        const { User } = this.server.models()
+    async signup({ password, userInfo, created_at }, txn) {
+        const { User, Auth } = this.server.models()
         const matchingEmails = await User.query().where(
             'user_email',
             userInfo.user_email,
         )
-
         if (matchingEmails.length > 0) {
             throw `User ${userInfo.user_email} already exists: Cannot create a user without a unique email`
         }
-        const user = await User.query(txn).insert(userInfo)
-        user.user_id = user.id
-        delete user.id
-        // await this.changePassword(id, password, txn)
-        return user
+        // Insert User Info to User table
+        const insertUser = await User.query().insert(userInfo)
+        // insert a row with blank password to be updated by changePassword()
+        await Auth.query().insert({
+            user_email: insertUser.user_email,
+            created_at: created_at,
+            token: null,
+        })
+        // update null token with hashed password
+        await this.changePassword(insertUser.user_email, password, txn)
+        return {
+            user_id: insertUser.id,
+            user_name: insertUser.user_name,
+            user_email: insertUser.user_email,
+            is_poster: insertUser.is_poster,
+            is_admin: insertUser.is_admin,
+            is_verified: insertUser.is_verified,
+        }
     }
 
     /**
@@ -104,21 +146,26 @@ module.exports = class UserService extends Schmervice.Service {
      * @returns
      */
     async login({ email, password }, txn) {
-        const { User } = this.server.models()
+        const { User, Auth } = this.server.models()
 
-        const user = await User.query(txn)
+        
+        
+        const user = await Auth.query(txn)
             .throwIfNotFound()
             .first()
             .where({ user_email: email })
 
+        const bufferPepper = Buffer.from(process.env.PEPPER + password)
+
         /** Uncomment to run password check using SecurePassword */
-        // const passwordCheck = await this.pwd.verify(Buffer.from(password), user.password)
-        // if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {
-        //     await this.changePassword(user.id, password, txn)
-        // }
-        // else if (passwordCheck !== SecurePassword.VALID) {
-        //     throw User.createNotFoundError()
-        // }
+        const passwordCheck = await this.pwd.verify(bufferPepper, user.token)
+        console.log("passwordCheck", passwordCheck)
+        if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {
+            await this.changePassword(user.user_email, password, txn)
+        }
+        else if (passwordCheck !== SecurePassword.VALID) {
+            throw User.createNotFoundError()
+        }
 
         return user
     }
@@ -154,9 +201,23 @@ module.exports = class UserService extends Schmervice.Service {
      * @param {*} txn
      * @returns {number}
      */
-    async changePassword(id, password, txn) {
-        const { User } = this.server.models()
-        return 'done'
+    async changePassword(email, password, txn) {
+        const { User, Auth } = this.server.models()
+
+        console.log('email passed to changePassword', email)
+
+        const hashed = await this.pwd.hash(Buffer.from(process.env.PEPPER + password))
+        console.log('hashed', hashed)
+
+        await Auth.query(txn)
+            .throwIfNotFound()
+            .where({ user_email: email })
+            .patch({
+                // user_email: email,
+                token: hashed
+            })
+        console.log('changePassword query completed')
+        return email
 
         // await User.query(txn)
         //     .throwIfNotFound()
@@ -166,4 +227,14 @@ module.exports = class UserService extends Schmervice.Service {
         //     })
         // return id
     }
+
+    async getPassword(email, txn) {
+        const { Auth } = this.server.models()
+
+        const passwordRow = await Auth.query(txn)
+            .where('user_email', email)
+            .first()
+
+        return passwordRow ? passwordRow.token : null
+    }
 }