:sparkles: Implemented login

backend/lib/plugins/user.js

@@ -16,6 +16,7 @@ const UserEmailRoute = require('../routes/user/email.js')
 const UserVerifyActiveRoute = require('../routes/user/verifyactivesession.js')
 const UserGetAccessRoute = require('../routes/user/getaccess.js')
 const UserValidateSessionRoute = require('../routes/user/validatesession.js')
+const UserRemoveSessionRoute = require('../routes/user/removesession.js')
 const UserPassword = require('../routes/user/authentication')
 
 const UserService = require('../services/user')
@@ -57,6 +58,7 @@ module.exports = {
         await server.route(UserVerifyActiveRoute)
         await server.route(UserGetAccessRoute)
         await server.route(UserValidateSessionRoute)
+        await server.route(UserRemoveSessionRoute)
         await server.route(UserPassword)
     },
 }

backend/lib/routes/user/login.js

@@ -19,7 +19,6 @@ const validators = {
             user_email: Joi.string(),
             password: Joi.string(),
         }),
-        
     },
     user: userSchema.single,
     error: errorSchema.single,
@@ -34,7 +33,8 @@ module.exports = {
         auth: false,
         handler: async function (request, h) {
             try {
-                const { userService } = request.services()
+                const { userService, profileService } =
+                    request.server.services()
 
                 const res = request.payload
 
@@ -51,12 +51,32 @@ module.exports = {
 
                 // Bound context from your plugin server declaration
                 const user = await h.context.transaction(login)
-                const token = userService.createToken(user)
+                const rawUser = await userService.findByUserEmail(
+                    res.user_email,
+                )
+                // Uses Same Logic Behind Initial Sign Up,
+                // passing expected credentials to be used for logging in
+                const userCredentials = {
+                    email: rawUser.user_email,
+                    name: rawUser.user_name,
+                    seeking: rawUser.is_poster === 1 ? 'poster' : 'seeker',
+                }
+                const token = userService.createToken({
+                    payload: userCredentials,
+                })
 
                 return {
                     ok: true,
                     handler: pluginConfig.handlerType,
-                    data: { user_email: user.user_email, jwtToken: token },
+                    data: {
+                        user_email: user.user_email,
+                        jwt: token,
+                        answered: {
+                            email: userCredentials.email,
+                            name: userCredentials.name,
+                            seeking: userCredentials.seeking,
+                        },
+                    },
                 }
             } catch (err) {
                 console.error(err)
@@ -75,7 +95,12 @@ module.exports = {
                     handler: Joi.string(),
                     data: Joi.object({
                         user_email: Joi.string(),
-                        jwtToken: Joi.string(),
+                        jwt: Joi.string(),
+                        answered: Joi.object({
+                            email: Joi.string(),
+                            name: Joi.string(),
+                            seeking: Joi.string(),
+                        }),
                     }),
                 }).label('login_res'),
                 409: Joi.object({

backend/lib/routes/user/verifyactivesession.js

@@ -45,6 +45,9 @@ module.exports = {
                 if (!hashToMatch) {
                     throw new Error('no record of email in cache')
                 }
+                userService.activeSessions[
+                    hashToMatch
+                ].emailWasRespondedTo = true
                 return {
                     ok: true,
                     handler: pluginConfig.handlerType,

backend/lib/services/user.js

@@ -15,15 +15,6 @@ apiKey.apiKey = process.env.BREVO_KEY
 
 const apiInstance = new SibApiV3Sdk.TransactionalEmailsApi()
 
-const hashToken = async token => {
-    const salt = process.env.APP_SESSION_SALT
-    try {
-        return crypto.createHmac('sha256', salt).update(token).digest('hex')
-    } catch (err) {
-        throw new Error(err.message)
-    }
-}
-
 const hasher = async (pwd, steak) => {
     const hash = await pwd.hash(steak)
     const result = await pwd.verify(steak, hash)
@@ -136,6 +127,15 @@ module.exports = class UserService extends Schmervice.Service {
         return user
     }
 
+    async hashToken(token) {
+        const salt = process.env.APP_SESSION_SALT
+        try {
+            return crypto.createHmac('sha256', salt).update(token).digest('hex')
+        } catch (err) {
+            throw new Error(err.message)
+        }
+    }
+
     /**
      * Signup function
      * @param {*} param0
@@ -208,7 +208,6 @@ module.exports = class UserService extends Schmervice.Service {
             .throwIfNotFound()
             .first()
             .where({ user_email: email })
-
         const bufferPepper = Buffer.from(process.env.PEPPER + password)
 
         /** Uncomment to run password check using SecurePassword */
@@ -260,6 +259,9 @@ module.exports = class UserService extends Schmervice.Service {
                 'hashedSessionToken not in activeSessions registry!',
             )
         }
+        if (!userSession.emailWasRespondedTo) {
+            throw new Error('email was never responded to!')
+        }
         const accessToken = userSession.accessToken
         const accessTokenIsValid = this.validateToken(accessToken)
         return {
@@ -267,6 +269,16 @@ module.exports = class UserService extends Schmervice.Service {
             accessToken: this.activeSessions[hashedAccessToken].accessToken,
         }
     }
+    removeSession(hashedAccessToken) {
+        const userSession = this.activeSessions[hashedAccessToken]
+        if (!userSession) {
+            throw new Error(
+                'hashedSessionToken not in activeSessions registry!',
+            )
+        } else {
+            delete this.activeSessions[hashedAccessToken]
+        }
+    }
     /**
      * Use knex to try to change password entry
      * @param {number} id
@@ -297,7 +309,6 @@ module.exports = class UserService extends Schmervice.Service {
         const passwordRow = await Auth.query(txn)
             .where('user_email', email)
             .first()
-
         return passwordRow ? passwordRow.token : null
     }
 
@@ -306,7 +317,9 @@ module.exports = class UserService extends Schmervice.Service {
      * @ returns {Object}
      */
     async emailSent(userCredentials) {
-        const hashedAccessToken = await hashToken(userCredentials.accessToken)
+        const hashedAccessToken = await this.hashToken(
+            userCredentials.accessToken,
+        )
         if (Object.keys(this.activeSessions).includes(hashedAccessToken)) {
             return new Error('session already in cache!!')
         }
@@ -319,6 +332,7 @@ module.exports = class UserService extends Schmervice.Service {
             seeking: userCredentials.seeking,
             accessToken: userCredentials.accessToken,
             expiration: Date.now() + duration,
+            emailWasRespondedTo: false,
             sessionToken: null,
         }
 

frontend/src/App.vue

@@ -13,7 +13,7 @@ import 'wave-ui/dist/wave-ui.css'
 import SideBar from './components/SideBar.vue'
 import TopNav from './components/TopNav.vue'
 
-import { currentProfile } from './services'
+import { currentProfile, authenticator } from './services'
 import { surveyFactory } from './utils'
 
 const DEV_MODE = import.meta.env.VITE_DEV == 'true'

frontend/src/services/auth.service.js

@@ -16,6 +16,12 @@ class Authenticator {
     async validateSession(hashedAccessToken) {
         return await db.post('/user/validatesession', hashedAccessToken, true)
     }
+    async authenticateLoginCredentials(credentials) {
+        return await db.post('/user/login', credentials)
+    }
+    async removeSession(hashedAccessToken) {
+        return await db.post('/user/removesession', hashedAccessToken, true)
+    }
 }
 const authenticator = new Authenticator()
 

frontend/src/views/HomeView.vue

@@ -22,7 +22,11 @@ import PairingButton from '../components/PairingButton.vue'
 
 import { Card } from '../entities'
 
-import { currentProfile, fetchQueueByProfileId } from '../services'
+import {
+    currentProfile,
+    authenticator,
+    fetchQueueByProfileId,
+} from '../services'
 import { mixins } from '../utils'
 
 const notificationOpts = {
@@ -91,11 +95,29 @@ export default {
             )
             this.fetchedCards.push(...newQueue) // update fetchedCards => recalculate cards
         },
+        grabStoredCookie(cookieKey) {
+            const cookies = document.cookie
+                .split('; ')
+                .reduce((prev, current) => {
+                    const [name, ...value] = current.split('=')
+                    prev[name] = value.join('=')
+                    return prev
+                }, {})
+            const cookieVal =
+                cookieKey in cookies ? cookies[`${cookieKey}`] : undefined
+            return cookieVal
+        },
         async logout() {
             if (currentProfile.isLoggedIn) {
                 currentProfile.logout()
             }
-            document.cookie = `siimee_access=''; max-age=600; path=/; secure`
+            const hashedAccessToken = this.grabStoredCookie('siimee_access')
+            const removedSession = await authenticator.removeSession(
+                hashedAccessToken,
+            )
+            if (removedSession.error)
+                console.error('ERROR :=>', removedSession.error)
+            document.cookie = `siimee_access=''; max-age=0; path=/; secure`
             this.$router.push('/onboarding')
         },
         // this can be placed in utils/notification.js

frontend/src/views/LoginView.vue

@@ -1,21 +1,60 @@
 <template lang="pug">
 main.view--login
-
     article.pa12
-        form
-            w-input.mb4(label="User E-mail" tile outline v-model="form.profileId" inner-icon-left='icon-envelope')
-            w-input(label="Password" type="password" tile outline inner-icon-left='icon-eye')
-
-            //- Emit up an event so we can sync App pid with currentProfile.id
-            w-button.xs12.mt12(@click="$emit('updatePid', form.profileId)" type="submit") submit
+        div(v-if='emailSentSuccessfully === null')
+            form
+                w-input.mb4(label="User E-mail" tile outline v-model="form.email" inner-icon-left='icon-envelope')
+                w-input(label="Password" v-model="form.password" type="password" tile outline inner-icon-left='icon-eye')
+                w-button.xs12.mt12(@click="login") submit
+        div(v-else-if='emailSentSuccessfully === false')
+            p.verify-message Email Was Not Sent Successfully, please contact your Email Service Provider or Systems Administrator.
+        div(v-else)
+            p.verify-message Thanks for logging in!
+            p.verify-message We'll just need you to verify your email address to continue. Please check your email!
 </template>
 
 <script>
+import { authenticator } from '../services'
 export default {
     data: () => ({
         form: {
             profileId: null,
+            email: null,
+            password: null,
         },
+        emailSentSuccessfully: null,
     }),
+    methods: {
+        async login() {
+            const loginCredentials = {
+                user_email: this.form.email,
+                password: this.form.password,
+            }
+            const credentials =
+                await authenticator.authenticateLoginCredentials(
+                    loginCredentials,
+                )
+            // emailSentSuccessfully: emailSent.wasSuccessfull,
+            const sessionInfo = await authenticator.sendAuthEmail({
+                ...credentials.answered,
+                accessToken: credentials.jwt,
+            })
+            if (sessionInfo.emailSentSuccessfully) {
+                this.emailSentSuccessfully = true
+            }
+            document.cookie = `siimee_access=${sessionInfo.hashedAccessToken}; max-age=600; path=/; secure`
+        },
+    },
 }
 </script>
+
+<style>
+.verify-message {
+    display: flex;
+    justify-content: center;
+    text-align: center;
+    margin: 0 auto;
+    font-weight: 700;
+    font-size: 160%;
+}
+</style>