:construction: Starting in on stage 2 of email verification

backend/lib/routes/user/email.js

@@ -24,7 +24,7 @@ module.exports = {
             const { userService } = request.server.services()
             const userEmail = request.payload.email
             try {
-                const emailSent = userService.emailSent(userEmail)
+                const emailSent = await userService.emailSent(userEmail)
                 return {
                     ok: true,
                     handler: pluginConfig.handlerType,

backend/lib/routes/user/generatejwt.js

@@ -23,7 +23,6 @@ module.exports = {
         handler: async function (request, h) {
             const { userService } = request.server.services()
             const res = request.payload
-
             const token = await userService.createToken(res)
             try {
                 return {

backend/lib/routes/user/verifyemail.js

@@ -14,7 +14,7 @@ const pluginConfig = {
 
 module.exports = {
     method: 'GET',
-    path: '/verify/{hash}',
+    path: '/verify/{hashedEmail}',
     options: {
         ...pluginConfig.docs.get,
         tags: ['api'],
@@ -22,18 +22,34 @@ module.exports = {
         cors: true,
         handler: async function (request, h) {
             const { userService } = request.server.services()
-            const hashToMatch = await userService.hashedEmail
-            const hash = request.params.hash
-            const hashesMatch = hashToMatch === hash ? true : false
+            const hash = request.params.hashedEmail
+
             try {
-                if (hashesMatch) {
-                    return {
-                        ok: true,
-                        handler: pluginConfig.handlerType,
-                        data: { hashesMatch: hashesMatch },
-                    }
+                const hashToMatch = Object.keys(userService.hashedEmails).find(
+                    email => {
+                        return email === hash
+                    },
+                )
+                const now = Date.now()
+                // TODO: convert this back to a date object
+                const expiration = userService.hashedEmails[hashToMatch]
+                if (now > expiration) {
+                    delete userService.hashedEmails[hashToMatch]
+                    throw new Error(
+                        'you took to long to respond to the email...',
+                    )
+                }
+                if (!hashToMatch) {
+                    throw new Error('no record of email in cache')
+                }
+
+                return {
+                    ok: true,
+                    handler: pluginConfig.handlerType,
+                    data: { hashesMatch: hashToMatch === hash },
                 }
             } catch (err) {
+                console.log('err :=>', err)
                 return {
                     ok: false,
                     handler: pluginConfig.handlerType,

backend/lib/services/profile/profiler.js

@@ -9,7 +9,7 @@ class CompleteProfile {
     constructor(profile, includeResponses = false, type) {
         this.user_id = profile.user_id // int user_id
         this.profile_id = profile.profile_id // int profile_id
-        this.user_name = 'hidden_name'// string user_name
+        this.user_name = 'hidden_name' // string user_name
         this.user_email = 'hidden@email.com'
         this.responses = []
         this.user_type = type
@@ -48,15 +48,16 @@ class CompleteProfile {
                     r => r.response_key_id === prefsKeys[i],
                 )
             })
-            this.profile_description = this.responses.find(
-                r => r.response_key_id === config.blurbKey,
-            ).val
-            this.profile_media = this.responses
-                .filter(r => r.response_key_id === config.mediaKey)
-                .map(r => r.val)
-            this.profile_languages = this.responses
-                .filter(r => r.response_key_id === config.langKey)
-                .map(r => r.val)
+            // TODO: uncomment, changed to get Onboarding Auth working...
+            // this.profile_description = this.responses.find(
+            // r => r.response_key_id === config.blurbKey,
+            // ).val
+            // this.profile_media = this.responses
+            // .filter(r => r.response_key_id === config.mediaKey)
+            // .map(r => r.val)
+            // this.profile_languages = this.responses
+            // .filter(r => r.response_key_id === config.langKey)
+            // .map(r => r.val)
         }
     }
 }

backend/lib/services/user.js

@@ -22,7 +22,7 @@ const hashEmail = async email => {
         return undefined
     }
 }
-
+// const emailsSent = {}
 const hasher = async (pwd, steak) => {
     const hash = await pwd.hash(steak)
     const result = await pwd.verify(steak, hash)
@@ -62,8 +62,12 @@ module.exports = class UserService extends Schmervice.Service {
     constructor(...args) {
         super(...args)
         const pwd = new SecurePassword()
-        this.hashedEmail = ''
-        // this.hashedEmails = []
+        // TODO: Invalidate this cache somehow after a certain time period has
+        // passed
+        this.hashedEmails = {
+            // NOTE: key is email hash and value is timestamp in ms
+            // abc123456: '123456689',
+        }
         this.pwd = {
             hash: Util.promisify(pwd.hash.bind(pwd)),
             verify: Util.promisify(pwd.verify.bind(pwd)),
@@ -191,6 +195,7 @@ module.exports = class UserService extends Schmervice.Service {
      * @param {User} user
      * @returns {Token}
      */
+
     createToken(user) {
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
 
@@ -208,7 +213,8 @@ module.exports = class UserService extends Schmervice.Service {
             },
             {
                 // ttlSec: 4 * 60 * 60, // 7 days
-                ttlSec: 60 * 3, // 3 minutes
+                // ttlSec: 60 * 3, // 3 minutes
+                ttlSec: user.expiration,
             },
         )
     }
@@ -270,6 +276,13 @@ module.exports = class UserService extends Schmervice.Service {
      * @ returns {Object}
      */
     async emailSent(userEmail) {
+        const hashedEmail = await hashEmail(userEmail)
+        if (Object.keys(this.hashedEmails).includes(hashedEmail)) {
+            return new Error('email address already in cache!!')
+        }
+        // Set expiration time for five minutes from now
+        const duration = 1000 * 60 * 5
+        this.hashedEmails[hashedEmail] = Date.now() + duration
         const sendSmtpEmail = {
             to: [
                 {
@@ -279,7 +292,7 @@ module.exports = class UserService extends Schmervice.Service {
             templateId: 1,
             params: {
                 // TODO: Change this in production...
-                link: `localhost:3000/verify/${await hashEmail(userEmail)}`,
+                link: `localhost:3000/verify/${hashedEmail}`,
             },
         }
 
@@ -297,7 +310,5 @@ module.exports = class UserService extends Schmervice.Service {
                 }
             },
         )
-        this.hashedEmail = hashEmail(userEmail)
-        // this.hashedEmails.push(hashEmail(userEmail))
     }
 }

backend/package-lock.json

@@ -12,7 +12,7 @@
                 "@hapi/glue": "^8.0.0",
                 "@hapi/hapi": "^20.1.3",
                 "@hapi/inert": "^6.0.3",
-                "@hapi/jwt": "^2.0.1",
+                "@hapi/jwt": "^2.2.0",
                 "@hapi/vision": "^6.0.1",
                 "@hapipal/confidence": "^6.0.1",
                 "@hapipal/schmervice": "^2.0.0",
@@ -776,9 +776,9 @@
             }
         },
         "node_modules/@hapi/jwt": {
-            "version": "2.0.1",
-            "resolved": "https://registry.npmjs.org/@hapi/jwt/-/jwt-2.0.1.tgz",
-            "integrity": "sha512-6/nX/yOIk9mvs+r72LFhF177yOB4yVv3e0Nqn7cIx2CU+VruBHxMKkHraARXx6oUAtiwNuyhW+trO5QeGm9ESQ==",
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@hapi/jwt/-/jwt-2.2.0.tgz",
+            "integrity": "sha512-hOzQ/E0O9XemapjYddGH4ReCG5JEHz62zLeNou4Mt282yx7JknCPTTsnsqkxRE+EPVWNGXGz2E3SDlST80hjMw==",
             "dependencies": {
                 "@hapi/b64": "5.x.x",
                 "@hapi/boom": "9.x.x",
@@ -9198,9 +9198,9 @@
             }
         },
         "@hapi/jwt": {
-            "version": "2.0.1",
-            "resolved": "https://registry.npmjs.org/@hapi/jwt/-/jwt-2.0.1.tgz",
-            "integrity": "sha512-6/nX/yOIk9mvs+r72LFhF177yOB4yVv3e0Nqn7cIx2CU+VruBHxMKkHraARXx6oUAtiwNuyhW+trO5QeGm9ESQ==",
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@hapi/jwt/-/jwt-2.2.0.tgz",
+            "integrity": "sha512-hOzQ/E0O9XemapjYddGH4ReCG5JEHz62zLeNou4Mt282yx7JknCPTTsnsqkxRE+EPVWNGXGz2E3SDlST80hjMw==",
             "requires": {
                 "@hapi/b64": "5.x.x",
                 "@hapi/boom": "9.x.x",

backend/package.json

@@ -20,7 +20,7 @@
         "@hapi/glue": "^8.0.0",
         "@hapi/hapi": "^20.1.3",
         "@hapi/inert": "^6.0.3",
-        "@hapi/jwt": "^2.0.1",
+        "@hapi/jwt": "^2.2.0",
         "@hapi/vision": "^6.0.1",
         "@hapipal/confidence": "^6.0.1",
         "@hapipal/schmervice": "^2.0.0",

frontend/src/components/onboarding/Auth.vue

@@ -44,20 +44,20 @@ export default {
         if (this.survey.hasMinResponsesToCreateProfile(this.answered)) {
             const newUser = await signupUser(this.answered)
             const newUserId = newUser.user_id
-            const newProfile = await createProfileForUserId(
-                newUserId,
-                this.responses,
-            )
-
-            // sets jwt authentication cookie to be used in VerifyView.vue
-            // TODO: Instead of having this.answered here, simply pass profile_id?
-            const jwt = await this.authenticator.generateJwt(this.answered)
+            await createProfileForUserId(newUserId, this.responses)
+            const jwt = await this.authenticator.generateJwt({
+                ...this.answered,
+                expiration: 60 * 10,
+            })
             document.cookie = `siimee_jwt=${jwt}; path=/verify`
-            // this.$emit('set-pid', newProfile.profile_id)
-
-            // sends authentication email
-            this.authenticator.sendAuthEmail(this.answered)
         }
+
+        // sets jwt authentication cookie to be used in VerifyView.vue and
+        // OnboardingView.vue
+        // TODO: Instead of having this.answered here, simply pass profile_id?
+
+        // sends authentication email
+        await this.authenticator.sendAuthEmail(this.answered)
     },
     methods: {
         // TODO: remove test button above and use a watcher instead to emit this

frontend/src/services/auth.service.js

@@ -5,12 +5,12 @@ class Authenticator {
         this.curentUser = null
     }
     async sendAuthEmail(answered) {
-        const emailWasSent = await db.post(`/user/sendemail/`, answered)
-        console.log('emailwasSent :=>', emailWasSent)
+        const emailWasSent = await db.post('/user/sendemail/', answered)
+        return emailWasSent
     }
     // NOTE: these might be better suited as POST requests
-    async verifyAuthEmail(hash) {
-        const isVerified = await db.get(`/user/verify/${hash}`)
+    async verifyAuthEmail(hashedEmail) {
+        const isVerified = await db.get(`/user/verify/${hashedEmail}`)
         return isVerified.hashesMatch
     }
     // TODO: this needs to generate the JWT with the RAW email

frontend/src/services/login.service.js

@@ -51,8 +51,6 @@ class Login {
      */
     get isComplete() {
         // TODO: remove once Vue Router guards allow to redirect via url
-        console.log('this.responses :=>', this.responses)
-        console.log('surveyFactory.questionsFromDb :=>', surveyFactory.questionsFromDb)
         return (
             this.responses.length == surveyFactory.questionsFromDb.length &&
             surveyFactory.questionsFromDb.length > 0

frontend/src/views/OnboardingView.vue

@@ -15,7 +15,6 @@ main.view--onboarding
                 :responses='responses'
                 :survey='survey'
                 :currentStep='currentStep'
-                :jwt='jwt'
                 :surveyStepsCount='survey.steps.length'
                 @handle-submit='onSubmit'
                 @update-answers='updateAnswers'
@@ -60,7 +59,8 @@ export default {
         invalidResponse: false,
         // TODO: CURRENTLY WORKING ON**
         authenticator: {},
-        jwt: '',
+        sessionToken: '',
+        accessToken: '',
     }),
     computed: {
         // NOTE: perhaps start this off as returning nothing
@@ -68,46 +68,67 @@ export default {
         profile: () => currentProfile,
     },
     async created() {
-        // console.log('this.profile.id :=>', this.profile.id)
+        this.survey = await surveyFactory.createSurvey()
+        this.authenticator = new Authenticator()
+
         if (document.cookie.length) {
             // TODO: Remove this this.answered section when:
             // SurveyCompleteView calls all responses from db
+            // BUG: NEEDS BROWSER REFRESH TO BE HIT
             const siimeeAnswers = JSON.parse(
                 this.grabCookie(document.cookie, 'siimee_answered'),
             )
-            this.answered = {
-                name: siimeeAnswers.name,
-                email: siimeeAnswers.email,
-                seeking: siimeeAnswers.seeking,
-            }
-            // TODO: Instead, login using siimee_profile_id from cookie
-            const siimeeToken = this.grabCookie(document.cookie, 'siimee_jwt')
-            this.jwt = siimeeToken ? siimeeToken : ''
-        }
-
-        this.survey = await surveyFactory.createSurvey()
-        this.authenticator = new Authenticator()
-        if (this.jwt.length) {
-            // TODO: remove once currentProfile is established and user is logged in...
-            const jwt = await this.authenticator.validateJwt(this.jwt)
-            if (jwt.isValid) {
-                // grab profileId from jwt payload and login here
-                // use this profile to grab all responses in
-                // SurveyCompleteView.vue
+            this.sessionToken = this.grabCookie(
+                document.cookie,
+                'siimee_session',
+            )
+            const sessionTokenIsValid = await this.authenticator.validateJwt(
+                this.sessionToken,
+            )
+            this.accessToken = this.grabCookie(document.cookie, 'siimee_access')
+            if (sessionTokenIsValid.isValid) {
+                this.answered = {
+                    name: siimeeAnswers.name,
+                    email: siimeeAnswers.email,
+                    seeking: siimeeAnswers.seeking,
+                }
                 this.goToStep(6)
-            } else {
-                this.goToStep(0)
-                this.jwt = ''
-            }
+            } else this.goToStep(0)
         }
     },
     methods: {
         onSubmit() {
             console.log(JSON.stringify(this.answered))
         },
-        goToStep(num) {
+        async goToStep(num) {
+            if (num > 6) {
+                this.validateAccessToken()
+            }
             this.currentStep = num
         },
+        async validateAccessToken() {
+            const validatedAccessToken = await this.authenticator.validateJwt(
+                this.accessToken,
+            )
+            if (!validatedAccessToken.isValid) {
+                const sessionTokenIsValid = await this.validateSessionToken()
+                if (!sessionTokenIsValid) {
+                    this.goToStep(0)
+                }
+            }
+        },
+        async validateSessionToken() {
+            const validatedSessionToken = await this.authenticator.validateJwt(
+                this.sessionToken,
+            )
+            if (validatedSessionToken.isValid) {
+                this.accessToken = await this.authenticator.generateJwt({
+                    ...this.answered,
+                    expiration: 60 * 3,
+                })
+                return true
+            } else return false
+        },
         grabCookie(cookieString, cookieKey) {
             const cookies = cookieString.split('; ').reduce((prev, current) => {
                 const [name, ...value] = current.split('=')

frontend/src/views/VerifyView.vue

@@ -10,24 +10,29 @@ export default {
     name: 'VerifyView',
     data: () => ({
         authenticator: {},
+        answers: {},
     }),
     async created() {
         this.authenticator = new Authenticator()
         const hashEmail = this.$route.params.email
+
+        // TODO: generate a token on the backend here and have it sent over in
+        // the headers intead of setting it directly with document.cookie
+
         const hashesMatch = await this.authenticator.verifyAuthEmail(hashEmail)
         const siimeeToken = this.grabToken(document.cookie)
 
-        // TODO: remove once currentProfile is established and user is logged in...
-        // NOTE: another siimee_jwt cookie for onboarding path instead of verify
-        document.cookie = `siimee_jwt=${siimeeToken}; path=/onboarding`
-
+        // TODO: Then send this token and receive a different token
         const jwt = await this.authenticator.validateJwt(siimeeToken)
-
+        this.answers = jwt.payload
+        const accessToken = await this.generateAccessToken()
         if (jwt.isValid && hashesMatch) {
-            // TODO: set jwt.payload.profile_id as siimee_profile_id
-            // remove answers, will query db at SurveyCompleteView.vue
-            const siimeeAnswers = JSON.stringify(jwt.payload)
-            document.cookie = `siimee_answered=${siimeeAnswers} ; path=/onboarding`
+            // TODO: establish session access token cookie here
+            const siimeeAnswers = JSON.stringify(this.answers)
+            document.cookie = `siimee_answered=${siimeeAnswers} ; path=/onboarding; secure`
+            // TODO: for session/access cookies, make sure to set http only flag and expiration
+            document.cookie = `siimee_session=${siimeeToken} ; path=/onboarding; secure`
+            document.cookie = `siimee_access=${accessToken}; path=/onboarding; secure`
             this.$router.push('/onboarding')
         }
         // else {
@@ -42,6 +47,13 @@ export default {
             }, {})
             return 'siimee_jwt' in cookies ? cookies['siimee_jwt'] : undefined
         },
+        async generateAccessToken() {
+            const accessJwt = await this.authenticator.generateJwt({
+                ...this.answers,
+                expiration: 60 * 3, // testing for now... extend to 1 hour?
+            })
+            return accessJwt
+        },
     },
 }
 </script>