|
|
@@ -86,7 +86,7 @@ module.exports = class UserService extends Schmervice.Service {
|
|
86
|
86
|
* @param {*} txn
|
|
87
|
87
|
* @returns
|
|
88
|
88
|
*/
|
|
89
|
|
- async signup({ password, userInfo }, txn) {
|
|
|
89
|
+ async signup({ password, userInfo, created_at }, txn) {
|
|
90
|
90
|
const { User, Auth } = this.server.models()
|
|
91
|
91
|
const matchingEmails = await User.query().where(
|
|
92
|
92
|
'user_email',
|
|
|
@@ -95,46 +95,24 @@ module.exports = class UserService extends Schmervice.Service {
|
|
95
|
95
|
if (matchingEmails.length > 0) {
|
|
96
|
96
|
throw `User ${userInfo.user_email} already exists: Cannot create a user without a unique email`
|
|
97
|
97
|
}
|
|
98
|
|
- // const todayTest = new Date.now()
|
|
99
|
|
- console.log("password passed to .signup()", password)
|
|
100
|
|
- console.log("steak", steak)
|
|
101
|
|
- console.log("user_email", userInfo.user_email)
|
|
102
|
|
-
|
|
103
|
|
- const { email } = await Auth.query(txn).insert({
|
|
104
|
|
- user_email: userInfo.user_email,
|
|
105
|
|
- created_at: new Date.now(),
|
|
106
|
|
- token: this.changePassword(
|
|
107
|
|
- userInfo.user_email,
|
|
108
|
|
- password,
|
|
109
|
|
- txn,
|
|
110
|
|
- ),
|
|
|
98
|
+ // Insert User Info to User table
|
|
|
99
|
+ const insertUser = await User.query().insert(userInfo)
|
|
|
100
|
+ // insert a row with blank password to be updated by changePassword()
|
|
|
101
|
+ await Auth.query().insert({
|
|
|
102
|
+ user_email: insertUser.user_email,
|
|
|
103
|
+ created_at: created_at,
|
|
|
104
|
+ token: null,
|
|
111
|
105
|
})
|
|
112
|
|
-
|
|
113
|
|
- return userInfo.user_email
|
|
114
|
|
- console.log("signup return finished")
|
|
115
|
|
- // Library: Secure-Password
|
|
116
|
|
- // console.log('data type of create_at', )
|
|
117
|
|
- // add pepper to pw and convert to buffer to prep for hash bytes
|
|
118
|
|
- // const steak = Buffer.from(password + pepper, 'utf-8')
|
|
119
|
|
- // console.log("steak", steak)
|
|
120
|
|
- // send peppered pw to (argon algorithm) library for salted hash
|
|
121
|
|
- // hashed is actually for logging in
|
|
122
|
|
- // const hashed = await hasher(this.pwd, steak)
|
|
123
|
|
- // console.log("hashed", hashed)
|
|
124
|
|
- // console.log ("user_email", userInfo.user_email)
|
|
125
|
|
- // const newAuth = await Auth.query(txn).insert({
|
|
126
|
|
- // user_email: userInfo.user_email,
|
|
127
|
|
- // created_at: new Date.now(),
|
|
128
|
|
- // token: steak,
|
|
129
|
|
- // })
|
|
130
|
|
- // console.log("newAuth", newAuth)
|
|
131
|
|
- // return newAuth
|
|
132
|
|
-
|
|
133
|
|
- // const user = await User.query(txn).insert(userInfo)
|
|
134
|
|
- // user.user_id = user.id
|
|
135
|
|
- // delete user.id
|
|
136
|
|
- // await this.changePassword(id, password, txn)
|
|
137
|
|
- // return user
|
|
|
106
|
+ // update null token with hashed password
|
|
|
107
|
+ await this.changePassword(insertUser.user_email, password, txn)
|
|
|
108
|
+ return {
|
|
|
109
|
+ user_id: insertUser.id,
|
|
|
110
|
+ user_name: insertUser.user_name,
|
|
|
111
|
+ user_email: insertUser.user_email,
|
|
|
112
|
+ is_poster: insertUser.is_poster,
|
|
|
113
|
+ is_admin: insertUser.is_admin,
|
|
|
114
|
+ is_verified: insertUser.is_verified,
|
|
|
115
|
+ }
|
|
138
|
116
|
}
|
|
139
|
117
|
|
|
140
|
118
|
/**
|
|
|
@@ -168,21 +146,26 @@ module.exports = class UserService extends Schmervice.Service {
|
|
168
|
146
|
* @returns
|
|
169
|
147
|
*/
|
|
170
|
148
|
async login({ email, password }, txn) {
|
|
171
|
|
- const { User } = this.server.models()
|
|
|
149
|
+ const { User, Auth } = this.server.models()
|
|
172
|
150
|
|
|
173
|
|
- const user = await User.query(txn)
|
|
|
151
|
+
|
|
|
152
|
+
|
|
|
153
|
+ const user = await Auth.query(txn)
|
|
174
|
154
|
.throwIfNotFound()
|
|
175
|
155
|
.first()
|
|
176
|
156
|
.where({ user_email: email })
|
|
177
|
157
|
|
|
|
158
|
+ const bufferPepper = Buffer.from(process.env.PEPPER + password)
|
|
|
159
|
+
|
|
178
|
160
|
/** Uncomment to run password check using SecurePassword */
|
|
179
|
|
- // const passwordCheck = await this.pwd.verify(Buffer.from(password), user.password)
|
|
180
|
|
- // if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {
|
|
181
|
|
- // await this.changePassword(user.id, password, txn)
|
|
182
|
|
- // }
|
|
183
|
|
- // else if (passwordCheck !== SecurePassword.VALID) {
|
|
184
|
|
- // throw User.createNotFoundError()
|
|
185
|
|
- // }
|
|
|
161
|
+ const passwordCheck = await this.pwd.verify(bufferPepper, user.token)
|
|
|
162
|
+ console.log("passwordCheck", passwordCheck)
|
|
|
163
|
+ if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {
|
|
|
164
|
+ await this.changePassword(user.user_email, password, txn)
|
|
|
165
|
+ }
|
|
|
166
|
+ else if (passwordCheck !== SecurePassword.VALID) {
|
|
|
167
|
+ throw User.createNotFoundError()
|
|
|
168
|
+ }
|
|
186
|
169
|
|
|
187
|
170
|
return user
|
|
188
|
171
|
}
|
|
|
@@ -221,17 +204,19 @@ module.exports = class UserService extends Schmervice.Service {
|
|
221
|
204
|
async changePassword(email, password, txn) {
|
|
222
|
205
|
const { User, Auth } = this.server.models()
|
|
223
|
206
|
|
|
|
207
|
+ console.log('email passed to changePassword', email)
|
|
|
208
|
+
|
|
|
209
|
+ const hashed = await this.pwd.hash(Buffer.from(process.env.PEPPER + password))
|
|
|
210
|
+ console.log('hashed', hashed)
|
|
|
211
|
+
|
|
224
|
212
|
await Auth.query(txn)
|
|
225
|
213
|
.throwIfNotFound()
|
|
226
|
|
- .where({ email })
|
|
|
214
|
+ .where({ user_email: email })
|
|
227
|
215
|
.patch({
|
|
228
|
216
|
// user_email: email,
|
|
229
|
|
- token: await this.pwd.hash(
|
|
230
|
|
- Buffer.from(process.env.PEPPER + password),
|
|
231
|
|
- ),
|
|
|
217
|
+ token: hashed
|
|
232
|
218
|
})
|
|
233
|
|
- console.log("changed pw return", email)
|
|
234
|
|
- console.log("token created in changePassword", this.pwd.hash(Buffer.from(password)))
|
|
|
219
|
+ console.log('changePassword query completed')
|
|
235
|
220
|
return email
|
|
236
|
221
|
|
|
237
|
222
|
// await User.query(txn)
|
diaseu
3 년 전