authorizer/server/resolvers/invite_members.go

package resolvers

import (
	"context"
	"errors"
	"fmt"
	"strings"
	"time"

	log "github.com/sirupsen/logrus"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/db/models"
	emailservice "github.com/authorizerdev/authorizer/server/email"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/parsers"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/authorizerdev/authorizer/server/validators"
)

// InviteMembersResolver resolver to invite members
func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) (*model.Response, error) {
	gc, err := utils.GinContextFromContext(ctx)
	if err != nil {
		log.Debug("Failed to get GinContext: ", err)
		return nil, err
	}

	if !token.IsSuperAdmin(gc) {
		log.Debug("Not logged in as super admin.")
		return nil, errors.New("unauthorized")
	}

	// this feature is only allowed if email server is configured
	EnvKeyIsEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
	if err != nil {
		log.Debug("Error getting email verification disabled: ", err)
		EnvKeyIsEmailServiceEnabled = false
	}

	if !EnvKeyIsEmailServiceEnabled {
		log.Debug("Email server is not configured")
		return nil, errors.New("email sending is disabled")
	}

	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
	if isBasicAuthDisabled && isMagicLinkLoginDisabled {
		log.Debug("Basic authentication and Magic link login is disabled.")
		return nil, errors.New("either basic authentication or magic link login is required")
	}

	// filter valid emails
	emails := []string{}
	for _, email := range params.Emails {
		if validators.IsValidEmail(email) {
			emails = append(emails, email)
		}
	}

	if len(emails) == 0 {
		log.Debug("No valid email addresses")
		return nil, errors.New("no valid emails found")
	}

	// TODO: optimise to use like query instead of looping through emails and getting user individually
	// for each emails check if emails exists in db
	newEmails := []string{}
	for _, email := range emails {
		_, err := db.Provider.GetUserByEmail(ctx, email)
		if err != nil {
			log.Debugf("User with %s email not found, so inviting user", email)
			newEmails = append(newEmails, email)
		} else {
			log.Debugf("User with %s email already exists, so not inviting user", email)
		}
	}

	if len(newEmails) == 0 {
		log.Debug("No new emails found.")
		return nil, errors.New("all emails already exist")
	}

	// invite new emails
	for _, email := range newEmails {

		defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
		defaultRoles := []string{}
		if err != nil {
			log.Debug("Error getting default roles: ", err)
			defaultRolesString = ""
		} else {
			defaultRoles = strings.Split(defaultRolesString, ",")
		}

		user := models.User{
			Email: email,
			Roles: strings.Join(defaultRoles, ","),
		}
		hostname := parsers.GetHost(gc)
		verifyEmailURL := hostname + "/verify_email"
		appURL := parsers.GetAppURL(gc)

		redirectURL := appURL
		if params.RedirectURI != nil {
			redirectURL = *params.RedirectURI
		}

		_, nonceHash, err := utils.GenerateNonce()
		if err != nil {
			return nil, err
		}

		verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)
		if err != nil {
			log.Debug("Failed to create verification token: ", err)
		}

		verificationRequest := models.VerificationRequest{
			Token:       verificationToken,
			ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
			Email:       email,
			Nonce:       nonceHash,
			RedirectURI: redirectURL,
		}

		// use magic link login if that option is on
		if !isMagicLinkLoginDisabled {
			user.SignupMethods = constants.AuthRecipeMethodMagicLinkLogin
			verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin
		} else {
			// use basic authentication if that option is on
			user.SignupMethods = constants.AuthRecipeMethodBasicAuth
			verificationRequest.Identifier = constants.VerificationTypeForgotPassword

			verifyEmailURL = appURL + "/setup-password"

		}

		user, err = db.Provider.AddUser(ctx, user)
		if err != nil {
			log.Debugf("Error adding user: %s, err: %v", email, err)
			return nil, err
		}

		_, err = db.Provider.AddVerificationRequest(ctx, verificationRequest)
		if err != nil {
			log.Debugf("Error adding verification request: %s, err: %v", email, err)
			return nil, err
		}

		go emailservice.InviteEmail(email, verificationToken, verifyEmailURL, redirectURL)
	}

	return &model.Response{
		Message: fmt.Sprintf("%d user(s) invited successfully.", len(newEmails)),
	}, nil
}
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`package resolvers`

			`import (`
			`"context"`
			`"errors"`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`"fmt"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`"strings"`
			`"time"`

feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log "github.com/sirupsen/logrus"`

feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/db"`
			`"github.com/authorizerdev/authorizer/server/db/models"`
			`emailservice "github.com/authorizerdev/authorizer/server/email"`
			`"github.com/authorizerdev/authorizer/server/graph/model"`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`"github.com/authorizerdev/authorizer/server/parsers"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`"github.com/authorizerdev/authorizer/server/token"`
			`"github.com/authorizerdev/authorizer/server/utils"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`"github.com/authorizerdev/authorizer/server/validators"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`)`

			`// InviteMembersResolver resolver to invite members`
			`func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) (*model.Response, error) {`
			`gc, err := utils.GinContextFromContext(ctx)`
			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to get GinContext: ", err)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`if !token.IsSuperAdmin(gc) {`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log.Debug("Not logged in as super admin.")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("unauthorized")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// this feature is only allowed if email server is configured`
feat: add sending otp 2022-07-29 14:19:50 +00:00			`EnvKeyIsEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if err != nil {`
			`log.Debug("Error getting email verification disabled: ", err)`
feat: add sending otp 2022-07-29 14:19:50 +00:00			`EnvKeyIsEmailServiceEnabled = false`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`}`

feat: add sending otp 2022-07-29 14:19:50 +00:00			`if !EnvKeyIsEmailServiceEnabled {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Email server is not configured")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("email sending is disabled")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)`
			`isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)`
			`if isBasicAuthDisabled && isMagicLinkLoginDisabled {`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log.Debug("Basic authentication and Magic link login is disabled.")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("either basic authentication or magic link login is required")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// filter valid emails`
			`emails := []string{}`
			`for _, email := range params.Emails {`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`if validators.IsValidEmail(email) {`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`emails = append(emails, email)`
			`}`
			`}`

			`if len(emails) == 0 {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("No valid email addresses")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("no valid emails found")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// TODO: optimise to use like query instead of looping through emails and getting user individually`
			`// for each emails check if emails exists in db`
			`newEmails := []string{}`
			`for _, email := range emails {`
feat: implement resolvers 2022-07-10 16:19:33 +00:00			`_, err := db.Provider.GetUserByEmail(ctx, email)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("User with %s email not found, so inviting user", email)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`newEmails = append(newEmails, email)`
			`} else {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("User with %s email already exists, so not inviting user", email)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`
			`}`

			`if len(newEmails) == 0 {`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log.Debug("No new emails found.")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("all emails already exist")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// invite new emails`
			`for _, email := range newEmails {`

fix: slice envs 2022-05-31 02:44:03 +00:00			`defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)`
			`defaultRoles := []string{}`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if err != nil {`
			`log.Debug("Error getting default roles: ", err)`
fix: slice envs 2022-05-31 02:44:03 +00:00			`defaultRolesString = ""`
			`} else {`
			`defaultRoles = strings.Split(defaultRolesString, ",")`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`}`
fix: slice envs 2022-05-31 02:44:03 +00:00
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`user := models.User{`
			`Email: email,`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`Roles: strings.Join(defaultRoles, ","),`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`hostname := parsers.GetHost(gc)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`verifyEmailURL := hostname + "/verify_email"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`appURL := parsers.GetAppURL(gc)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00
			`redirectURL := appURL`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if params.RedirectURI != nil {`
			`redirectURL = *params.RedirectURI`
			`}`

			`_, nonceHash, err := utils.GenerateNonce()`
			`if err != nil {`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

fix: setup-password flow 2022-03-15 04:27:09 +00:00			`verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to create verification token: ", err)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`verificationRequest := models.VerificationRequest{`
			`Token: verificationToken,`
			`ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),`
			`Email: email,`
			`Nonce: nonceHash,`
			`RedirectURI: redirectURL,`
			`}`

			`// use magic link login if that option is on`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if !isMagicLinkLoginDisabled {`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`user.SignupMethods = constants.AuthRecipeMethodMagicLinkLogin`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin`
			`} else {`
			`// use basic authentication if that option is on`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`user.SignupMethods = constants.AuthRecipeMethodBasicAuth`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`verificationRequest.Identifier = constants.VerificationTypeForgotPassword`

fix: setup-password flow 2022-03-15 04:27:09 +00:00			`verifyEmailURL = appURL + "/setup-password"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00
			`}`

feat: implement resolvers 2022-07-10 16:19:33 +00:00			`user, err = db.Provider.AddUser(ctx, user)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("Error adding user: %s, err: %v", email, err)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

feat: implement resolvers 2022-07-10 16:19:33 +00:00			`_, err = db.Provider.AddVerificationRequest(ctx, verificationRequest)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("Error adding verification request: %s, err: %v", email, err)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

fix: set password re-direct uri 2022-03-16 18:34:57 +00:00			`go emailservice.InviteEmail(email, verificationToken, verifyEmailURL, redirectURL)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return &model.Response{`
			`Message: fmt.Sprintf("%d user(s) invited successfully.", len(newEmails)),`
			`}, nil`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`