:construction: Closer and closer still to finalizing auth

backend/lib/routes/user/create-profile.js

@@ -67,10 +67,14 @@ module.exports = {
                 }
                 /** Grab payload info */
                 const res = request.payload
+                /** Don't log password in response table */
+                const resWithoutPass = res.filter(r => {
+                    return r.response_key_id !== 9
+                })
                 const profile =
                     await profileService.saveResponsesCreateProfileFor(
                         userId,
-                        res,
+                        resWithoutPass,
                     )
                 return h
                     .response({

backend/lib/services/user.js

@@ -206,6 +206,7 @@ module.exports = class UserService extends Schmervice.Service {
                 email: user.email,
                 name: user.name,
                 seeking: user.seeking,
+                profile_id: user.profile_id,
             },
             {
                 key: key,
@@ -227,7 +228,6 @@ module.exports = class UserService extends Schmervice.Service {
     validateToken(token) {
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
         const decodedToken = Jwt.token.decode(token)
-        console.log('decodedToken :=>', decodedToken)
         // NOTE: reveals email...perhaps unhashed email belongs here instead...
         try {
             Jwt.token.verify(decodedToken, key)

frontend/src/components/onboarding/Auth.vue

@@ -34,30 +34,36 @@ export default {
             default: () => {},
         },
     },
-    emits: ['update-answers', 'set-pid'],
+    emits: ['update-answers'],
     data: () => ({
         authenticator: {},
     }),
     async created() {
-        // establishes new user and emits it up to onboarding for login purposes
+        // Establishes New User And Sends Auth Email
         this.authenticator = new Authenticator()
-        if (this.survey.hasMinResponsesToCreateProfile(this.answered)) {
-            const newUser = await signupUser(this.answered)
+        if (this.survey.hasMinResponsesToCreateProfile(this.responses)) {
+            const userPass = this.responses.find(
+                response => response.response_key_id === 9,
+            )
+            const newUser = await signupUser({
+                ...this.answered,
+                password: userPass.val,
+            })
             const newUserId = newUser.user_id
-            await createProfileForUserId(newUserId, this.responses)
+            const newProfile = await createProfileForUserId(
+                newUserId,
+                this.responses,
+            )
             const jwt = await this.authenticator.generateJwt({
                 ...this.answered,
                 expiration: 60 * 10,
+                profile_id: newProfile.profile_id,
             })
-            document.cookie = `siimee_jwt=${jwt}; path=/verify`
+            document.cookie = `siimee_jwt=${jwt}; path=/verify; secure`
+            await this.authenticator.sendAuthEmail(this.answered)
+        } else {
+            console.error('ERROR :=>')
         }
-
-        // sets jwt authentication cookie to be used in VerifyView.vue and
-        // OnboardingView.vue
-        // TODO: Instead of having this.answered here, simply pass profile_id?
-
-        // sends authentication email
-        await this.authenticator.sendAuthEmail(this.answered)
     },
     methods: {
         // TODO: remove test button above and use a watcher instead to emit this

frontend/src/entities/survey/survey.js

@@ -44,14 +44,13 @@ class Survey extends _baseRecord {
     }
 
     hasMinResponsesToCreateProfile(responses) {
-        if (
-            responses.name &&
-            responses.email &&
-            responses.seeking &&
-            responses.password
-        ) {
-            return true
-        } else return false
+        const neededResponseKeys = [8, 7, 11, 9]
+        const hasNeededResponseKey = responses => {
+            return responses.every(response => {
+                neededResponseKeys.includes(response.response_key_id)
+            })
+        }
+        return hasNeededResponseKey
     }
 
     validateAnswer(payload) {

frontend/src/views/OnboardingView.vue

@@ -18,7 +18,6 @@ main.view--onboarding
                 :surveyStepsCount='survey.steps.length'
                 @handle-submit='onSubmit'
                 @update-answers='updateAnswers'
-                @set-pid='setPid'
                 v-if='step && currentStep == i'
             ) 
         .invalidResponseMessage(
@@ -31,7 +30,7 @@ main.view--onboarding
             p(v-if='currentStep != 0') You have completed: {{ currentStep }} / {{ survey.steps.length }} survey steps
 
     article(v-else)
-        SurveyCompleteView(:answers='answered' :surveySteps='survey.steps')
+        SurveyCompleteView(:answers='answered' :surveySteps='survey.steps' :currentProfileId='currentProfileId')
 </template>
 
 <script>
@@ -57,15 +56,14 @@ export default {
         survey: null,
         currentProfileId: null,
         invalidResponse: false,
-        // TODO: CURRENTLY WORKING ON**
         authenticator: {},
         sessionToken: '',
         accessToken: '',
     }),
     computed: {
-        // NOTE: perhaps start this off as returning nothing
-        // and then add currentProfile in created()?
-        profile: () => currentProfile,
+        cP() {
+            return currentProfile ? currentProfile : null
+        },
     },
     async created() {
         this.survey = await surveyFactory.createSurvey()
@@ -74,25 +72,34 @@ export default {
         if (document.cookie.length) {
             // TODO: Remove this this.answered section when:
             // SurveyCompleteView calls all responses from db
-            // BUG: NEEDS BROWSER REFRESH TO BE HIT
-            const siimeeAnswers = JSON.parse(
-                this.grabCookie(document.cookie, 'siimee_answered'),
-            )
-            this.sessionToken = this.grabCookie(
+            // BUG: NEEDS BROWSER REFRESH TO SEE UPDATED COOKIES
+            const siimeeAnswered = this.grabCookie(
                 document.cookie,
-                'siimee_session',
-            )
-            const sessionTokenIsValid = await this.authenticator.validateJwt(
-                this.sessionToken,
+                'siimee_answered',
             )
-            this.accessToken = this.grabCookie(document.cookie, 'siimee_access')
-            if (sessionTokenIsValid.isValid) {
-                this.answered = {
-                    name: siimeeAnswers.name,
-                    email: siimeeAnswers.email,
-                    seeking: siimeeAnswers.seeking,
+            if (siimeeAnswered) {
+                const siimeeAnswers = JSON.parse(
+                    this.grabCookie(document.cookie, 'siimee_answered'),
+                )
+                this.sessionToken = this.grabCookie(
+                    document.cookie,
+                    'siimee_session',
+                )
+                const sessionTokenIsValid =
+                    await this.authenticator.validateJwt(this.sessionToken)
+                this.accessToken = this.grabCookie(
+                    document.cookie,
+                    'siimee_access',
+                )
+                if (sessionTokenIsValid.isValid) {
+                    this.answered = {
+                        name: siimeeAnswers.name,
+                        email: siimeeAnswers.email,
+                        seeking: siimeeAnswers.seeking,
+                    }
+                    this.currentProfileId = siimeeAnswers.profile_id
+                    this.goToStep(6)
                 }
-                this.goToStep(6)
             } else this.goToStep(0)
         }
     },
@@ -106,6 +113,7 @@ export default {
             }
             this.currentStep = num
         },
+        // TODO: Refactor to use cookie's max-age attribute instead of network call for jwt auth
         async validateAccessToken() {
             const validatedAccessToken = await this.authenticator.validateJwt(
                 this.accessToken,
@@ -138,7 +146,6 @@ export default {
             return cookieKey in cookies ? cookies[`${cookieKey}`] : undefined
         },
         async updateAnswers(payload) {
-            // null payload is passed on splash page
             if (payload) {
                 // this.invalidResponse = false
                 const k = payload.question.survey_stage
@@ -150,7 +157,7 @@ export default {
                 }
 
                 // once validated, don't log password in answered object
-                // this.answered[k] = k === 'password' ? undefined : payload.input
+                this.answered[k] = k === 'password' ? undefined : payload.input
 
                 // formats initial responses for response table
                 const response = {}
@@ -174,23 +181,6 @@ export default {
                 this.goToStep(this.currentStep + 1)
             }
         },
-        // NOTE: Brought in from App.vue, might not be necessary...
-        // Allows for login after initial email sign up is set
-        async setPid(profileId) {
-            if (currentProfile.isLoggedIn) {
-                currentProfile.logout()
-            }
-            // ERROR: this._profile is undefinedin login service
-            this.profile.id = await currentProfile.login(
-                profileId,
-                this.$waveui.notify,
-            )
-            console.log('---')
-
-            // Change if survey isn't complete...
-            // const toRoute = { name: 'HomeView' }
-            // this.$router.push(toRoute)
-        },
     },
 }
 </script>

frontend/src/views/VerifyView.vue

@@ -5,6 +5,9 @@
 </template>
 
 <script>
+// NOTE: If the httponly flag is to be used with these cookies,
+// this file will need to be rewritten as an .html file due to the way
+// that Hapi sets cookies via the h.state() method
 import { Authenticator } from '../services/auth.service.js'
 export default {
     name: 'VerifyView',
@@ -17,7 +20,7 @@ export default {
         const hashEmail = this.$route.params.email
 
         // TODO: generate a token on the backend here and have it sent over in
-        // the headers intead of setting it directly with document.cookie
+        // the headers intead of setting it directly with document.cookie (see note above)
 
         const hashesMatch = await this.authenticator.verifyAuthEmail(hashEmail)
         const siimeeToken = this.grabToken(document.cookie)
@@ -27,12 +30,10 @@ export default {
         this.answers = jwt.payload
         const accessToken = await this.generateAccessToken()
         if (jwt.isValid && hashesMatch) {
-            // TODO: establish session access token cookie here
             const siimeeAnswers = JSON.stringify(this.answers)
-            document.cookie = `siimee_answered=${siimeeAnswers} ; path=/onboarding; secure`
-            // TODO: for session/access cookies, make sure to set http only flag and expiration
-            document.cookie = `siimee_session=${siimeeToken} ; path=/onboarding; secure`
-            document.cookie = `siimee_access=${accessToken}; path=/onboarding; secure`
+            document.cookie = `siimee_answered=${siimeeAnswers}; max-age=360 ; path=/onboarding; secure`
+            document.cookie = `siimee_session=${siimeeToken} ; max-age=360 ; path=/onboarding; secure`
+            document.cookie = `siimee_access=${accessToken}; max-age=360 ; path=/onboarding; secure`
             this.$router.push('/onboarding')
         }
         // else {