authorizer/server/resolvers/update_user.go

package resolvers

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"strings"
	"time"

	log "github.com/sirupsen/logrus"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/db/models"
	"github.com/authorizerdev/authorizer/server/email"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/parsers"
	"github.com/authorizerdev/authorizer/server/refs"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/authorizerdev/authorizer/server/validators"
)

// UpdateUserResolver is a resolver for update user mutation
// This is admin only mutation
func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*model.User, error) {
	var res *model.User

	gc, err := utils.GinContextFromContext(ctx)
	if err != nil {
		log.Debug("Failed to get GinContext: ", err)
		return res, err
	}

	if !token.IsSuperAdmin(gc) {
		log.Debug("Not logged in as super admin")
		return res, fmt.Errorf("unauthorized")
	}

	if params.ID == "" {
		log.Debug("UserID is empty")
		return res, fmt.Errorf("User ID is required")
	}

	log := log.WithFields(log.Fields{
		"user_id": params.ID,
	})

	if params.GivenName == nil &&
		params.FamilyName == nil &&
		params.Picture == nil &&
		params.MiddleName == nil &&
		params.Nickname == nil &&
		params.Email == nil &&
		params.Birthdate == nil &&
		params.Gender == nil &&
		params.PhoneNumber == nil &&
		params.Roles == nil &&
		params.IsMultiFactorAuthEnabled == nil &&
		params.AppData == nil {
		log.Debug("No params to update")
		return res, fmt.Errorf("please enter atleast one param to update")
	}

	user, err := db.Provider.GetUserByID(ctx, params.ID)
	if err != nil {
		log.Debug("Failed to get user by id: ", err)
		return res, fmt.Errorf(`User not found`)
	}

	if params.GivenName != nil && refs.StringValue(user.GivenName) != refs.StringValue(params.GivenName) {
		user.GivenName = params.GivenName
	}

	if params.FamilyName != nil && refs.StringValue(user.FamilyName) != refs.StringValue(params.FamilyName) {
		user.FamilyName = params.FamilyName
	}

	if params.MiddleName != nil && refs.StringValue(user.MiddleName) != refs.StringValue(params.MiddleName) {
		user.MiddleName = params.MiddleName
	}

	if params.Nickname != nil && refs.StringValue(user.Nickname) != refs.StringValue(params.Nickname) {
		user.Nickname = params.Nickname
	}

	if params.Birthdate != nil && refs.StringValue(user.Birthdate) != refs.StringValue(params.Birthdate) {
		user.Birthdate = params.Birthdate
	}

	if params.Gender != nil && refs.StringValue(user.Gender) != refs.StringValue(params.Gender) {
		user.Gender = params.Gender
	}

	if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {
		// verify if phone number is unique
		if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {
			log.Debug("user with given phone number already exists")
			return nil, errors.New("user with given phone number already exists")
		}
		user.PhoneNumber = params.PhoneNumber
	}

	if params.Picture != nil && refs.StringValue(user.Picture) != refs.StringValue(params.Picture) {
		user.Picture = params.Picture
	}

	if params.AppData != nil {
		appDataString := ""
		appDataBytes, err := json.Marshal(params.AppData)
		if err != nil {
			log.Debug("failed to marshall source app_data: ", err)
			return nil, errors.New("malformed app_data")
		}
		appDataString = string(appDataBytes)
		user.AppData = &appDataString
	}

	if params.IsMultiFactorAuthEnabled != nil && refs.BoolValue(user.IsMultiFactorAuthEnabled) != refs.BoolValue(params.IsMultiFactorAuthEnabled) {
		user.IsMultiFactorAuthEnabled = params.IsMultiFactorAuthEnabled
		if refs.BoolValue(params.IsMultiFactorAuthEnabled) {
			// Check if totp, email or sms is enabled
			isMailOTPEnvServiceDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMailOTPLogin)
			if err != nil {
				log.Debug("Error getting mail otp disabled: ", err)
				isMailOTPEnvServiceDisabled = false
			}
			isTOTPEnvServiceDisabled, _ := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableTOTPLogin)
			if err != nil {
				log.Debug("Error getting totp disabled: ", err)
				isTOTPEnvServiceDisabled = false
			}
			isSMSOTPEnvServiceDisabled, _ := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisablePhoneVerification)
			if err != nil {
				log.Debug("Error getting sms otp disabled: ", err)
				isSMSOTPEnvServiceDisabled = false
			}
			// Initialize a flag to check if enabling Mail OTP is required
			if isMailOTPEnvServiceDisabled && isTOTPEnvServiceDisabled && isSMSOTPEnvServiceDisabled {
				log.Debug("Cannot enable mfa service as all mfa services are disabled")
				return nil, errors.New("cannot enable multi factor authentication as all mfa services are disabled")
			}
		}
	}

	if params.EmailVerified != nil {
		if *params.EmailVerified {
			now := time.Now().Unix()
			user.EmailVerifiedAt = &now
		} else {
			user.EmailVerifiedAt = nil
		}
	}
	if params.PhoneNumberVerified != nil {
		if *params.PhoneNumberVerified {
			now := time.Now().Unix()
			user.PhoneNumberVerifiedAt = &now
		} else {
			user.PhoneNumberVerifiedAt = nil
		}

	}

	if params.Email != nil && refs.StringValue(user.Email) != refs.StringValue(params.Email) {
		// check if valid email
		if !validators.IsValidEmail(*params.Email) {
			log.Debug("Invalid email: ", *params.Email)
			return res, fmt.Errorf("invalid email address")
		}
		newEmail := strings.ToLower(*params.Email)
		// check if user with new email exists
		_, err = db.Provider.GetUserByEmail(ctx, newEmail)
		// err = nil means user exists
		if err == nil {
			log.Debug("User with email already exists: ", newEmail)
			return res, fmt.Errorf("user with this email address already exists")
		}

		go memorystore.Provider.DeleteAllUserSessions(user.ID)

		hostname := parsers.GetHost(gc)
		user.Email = &newEmail
		user.EmailVerifiedAt = nil
		// insert verification request
		_, nonceHash, err := utils.GenerateNonce()
		if err != nil {
			log.Debug("Failed to generate nonce: ", err)
			return res, err
		}
		verificationType := constants.VerificationTypeUpdateEmail
		redirectURL := parsers.GetAppURL(gc)
		verificationToken, err := token.CreateVerificationToken(newEmail, verificationType, hostname, nonceHash, redirectURL)
		if err != nil {
			log.Debug("Failed to create verification token: ", err)
		}
		_, err = db.Provider.AddVerificationRequest(ctx, &models.VerificationRequest{
			Token:       verificationToken,
			Identifier:  verificationType,
			ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
			Email:       newEmail,
			Nonce:       nonceHash,
			RedirectURI: redirectURL,
		})
		if err != nil {
			log.Debug("Failed to add verification request: ", err)
			return res, err
		}

		// exec it as go routine so that we can reduce the api latency
		go email.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
			"user":             user.ToMap(),
			"organization":     utils.GetOrganization(),
			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
		})

	}

	if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {
		phone := strings.TrimSpace(refs.StringValue(params.PhoneNumber))
		if len(phone) < 10 || len(phone) > 15 {
			log.Debug("Invalid phone number: ", *params.PhoneNumber)
			return res, fmt.Errorf("invalid phone number")
		}
		// check if user with new phone number exists
		_, err = db.Provider.GetUserByPhoneNumber(ctx, phone)
		// err = nil means user exists
		if err == nil {
			log.Debug("User with phone number already exists: ", phone)
			return res, fmt.Errorf("user with this phone number already exists")
		}
		go memorystore.Provider.DeleteAllUserSessions(user.ID)
		user.PhoneNumber = &phone
		user.PhoneNumberVerifiedAt = nil
	}

	rolesToSave := ""
	if params.Roles != nil && len(params.Roles) > 0 {
		currentRoles := strings.Split(user.Roles, ",")
		inputRoles := []string{}
		for _, item := range params.Roles {
			inputRoles = append(inputRoles, *item)
		}

		rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
		roles := []string{}
		if err != nil {
			log.Debug("Error getting roles: ", err)
			rolesString = ""
		} else {
			roles = strings.Split(rolesString, ",")
		}
		protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
		protectedRoles := []string{}
		if err != nil {
			log.Debug("Error getting protected roles: ", err)
			protectedRolesString = ""
		} else {
			protectedRoles = strings.Split(protectedRolesString, ",")
		}

		if !validators.IsValidRoles(inputRoles, append([]string{}, append(roles, protectedRoles...)...)) {
			log.Debug("Invalid roles: ", params.Roles)
			return res, fmt.Errorf("invalid list of roles")
		}

		if !validators.IsStringArrayEqual(inputRoles, currentRoles) {
			rolesToSave = strings.Join(inputRoles, ",")
		}

		go memorystore.Provider.DeleteAllUserSessions(user.ID)
	}

	if rolesToSave != "" {
		user.Roles = rolesToSave
	}
	user, err = db.Provider.UpdateUser(ctx, user)
	if err != nil {
		log.Debug("Failed to update user: ", err)
		return res, err
	}

	createdAt := user.CreatedAt
	updatedAt := user.UpdatedAt
	res = &model.User{
		ID:         params.ID,
		Email:      user.Email,
		Picture:    user.Picture,
		GivenName:  user.GivenName,
		FamilyName: user.FamilyName,
		Roles:      strings.Split(user.Roles, ","),
		CreatedAt:  &createdAt,
		UpdatedAt:  &updatedAt,
	}
	return res, nil
}
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`package resolvers`

			`import (`
			`"context"`
Add app_data 2023-08-14 06:31:37 +00:00			`"encoding/json"`
feat: add sending otp 2022-07-29 14:19:50 +00:00			`"errors"`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`"fmt"`
			`"strings"`
			`"time"`

feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log "github.com/sirupsen/logrus"`

feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`"github.com/authorizerdev/authorizer/server/db"`
fix: update to use db.Provider 2022-01-21 08:04:04 +00:00			`"github.com/authorizerdev/authorizer/server/db/models"`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`"github.com/authorizerdev/authorizer/server/email"`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`"github.com/authorizerdev/authorizer/server/graph/model"`
fix: move sessionstore -> memstore 2022-05-27 17:50:38 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`"github.com/authorizerdev/authorizer/server/parsers"`
feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`"github.com/authorizerdev/authorizer/server/refs"`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`"github.com/authorizerdev/authorizer/server/token"`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`"github.com/authorizerdev/authorizer/server/utils"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`"github.com/authorizerdev/authorizer/server/validators"`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`)`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// UpdateUserResolver is a resolver for update user mutation`
			`// This is admin only mutation`
			`func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*model.User, error) {`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`var res *model.User`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00
			`gc, err := utils.GinContextFromContext(ctx)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to get GinContext: ", err)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`return res, err`
			`}`

Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`if !token.IsSuperAdmin(gc) {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Not logged in as super admin")`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`return res, fmt.Errorf("unauthorized")`
			`}`

feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`if params.ID == "" {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("UserID is empty")`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`return res, fmt.Errorf("User ID is required")`
			`}`

			`log := log.WithFields(log.Fields{`
			`"user_id": params.ID,`
			`})`

fix: user verification 2024-03-28 08:27:47 +00:00			`if params.GivenName == nil &&`
			`params.FamilyName == nil &&`
			`params.Picture == nil &&`
			`params.MiddleName == nil &&`
			`params.Nickname == nil &&`
			`params.Email == nil &&`
			`params.Birthdate == nil &&`
			`params.Gender == nil &&`
			`params.PhoneNumber == nil &&`
			`params.Roles == nil &&`
			`params.IsMultiFactorAuthEnabled == nil &&`
			`params.AppData == nil {`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log.Debug("No params to update")`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`return res, fmt.Errorf("please enter atleast one param to update")`
			`}`

feat: implement resolvers 2022-07-10 16:19:33 +00:00			`user, err := db.Provider.GetUserByID(ctx, params.ID)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to get user by id: ", err)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			return res, fmt.Errorf(`User not found`)
			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.GivenName != nil && refs.StringValue(user.GivenName) != refs.StringValue(params.GivenName) {`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.GivenName = params.GivenName`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.FamilyName != nil && refs.StringValue(user.FamilyName) != refs.StringValue(params.FamilyName) {`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.FamilyName = params.FamilyName`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.MiddleName != nil && refs.StringValue(user.MiddleName) != refs.StringValue(params.MiddleName) {`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.MiddleName = params.MiddleName`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.Nickname != nil && refs.StringValue(user.Nickname) != refs.StringValue(params.Nickname) {`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.Nickname = params.Nickname`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.Birthdate != nil && refs.StringValue(user.Birthdate) != refs.StringValue(params.Birthdate) {`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.Birthdate = params.Birthdate`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.Gender != nil && refs.StringValue(user.Gender) != refs.StringValue(params.Gender) {`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.Gender = params.Gender`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {`
feat: add signup + login using mobile 2022-12-24 21:52:42 +00:00			`// verify if phone number is unique`
			`if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {`
			`log.Debug("user with given phone number already exists")`
			`return nil, errors.New("user with given phone number already exists")`
			`}`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.PhoneNumber = params.PhoneNumber`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.Picture != nil && refs.StringValue(user.Picture) != refs.StringValue(params.Picture) {`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`user.Picture = params.Picture`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`}`

Add app_data 2023-08-14 06:31:37 +00:00			`if params.AppData != nil {`
			`appDataString := ""`
			`appDataBytes, err := json.Marshal(params.AppData)`
			`if err != nil {`
			`log.Debug("failed to marshall source app_data: ", err)`
			`return nil, errors.New("malformed app_data")`
			`}`
			`appDataString = string(appDataBytes)`
			`user.AppData = &appDataString`
			`}`

feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`if params.IsMultiFactorAuthEnabled != nil && refs.BoolValue(user.IsMultiFactorAuthEnabled) != refs.BoolValue(params.IsMultiFactorAuthEnabled) {`
			`user.IsMultiFactorAuthEnabled = params.IsMultiFactorAuthEnabled`
feat: add sending otp 2022-07-29 14:19:50 +00:00			`if refs.BoolValue(params.IsMultiFactorAuthEnabled) {`
feat: add totp login API (#416) * fix: * removed hasReversedValue in playground * feat: * added totp methods in db's providers * adding totp in login method * feat: * added toggle in dashboard * fixing issue with env set * feat: * integrated totp * feat: * encrypted userid * added totp_verified column in user table * started test for totp * feat: * test cases totp * test-cases: * completed test cases * tested for all dbs * fixes: * return variable to snake case * import refactoring * feat: * created seperate folder for authenticator with totp subfolder * refactored code * created new table for authenticators * added recovery code for totp * feat: * adding functions to different db providers * feat: * added authenticators method for all db * feat: * added logic for updating mfa in user_profile update * fix: * merge conflict * fix: * resolved mongodb, dynamodb and arangodb test case bug * added new condition for checking first time totp user or not * feat: * changes in all respective db with authenticator * fix: * PR suggested changes * fix(cassandra): list users * Update verify otp * fix totp login api --------- Co-authored-by: lemonScaletech <anand.panigrahi@scaletech.xyz> 2023-11-16 13:00:54 +00:00			`// Check if totp, email or sms is enabled`
			`isMailOTPEnvServiceDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMailOTPLogin)`
			`if err != nil {`
			`log.Debug("Error getting mail otp disabled: ", err)`
			`isMailOTPEnvServiceDisabled = false`
			`}`
			`isTOTPEnvServiceDisabled, _ := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableTOTPLogin)`
			`if err != nil {`
			`log.Debug("Error getting totp disabled: ", err)`
			`isTOTPEnvServiceDisabled = false`
			`}`
			`isSMSOTPEnvServiceDisabled, _ := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisablePhoneVerification)`
			`if err != nil {`
			`log.Debug("Error getting sms otp disabled: ", err)`
			`isSMSOTPEnvServiceDisabled = false`
			`}`
			`// Initialize a flag to check if enabling Mail OTP is required`
			`if isMailOTPEnvServiceDisabled && isTOTPEnvServiceDisabled && isSMSOTPEnvServiceDisabled {`
			`log.Debug("Cannot enable mfa service as all mfa services are disabled")`
			`return nil, errors.New("cannot enable multi factor authentication as all mfa services are disabled")`
feat: add sending otp 2022-07-29 14:19:50 +00:00			`}`
			`}`
feat: add is_multi_factor_auth_enabled 2022-07-23 09:56:44 +00:00			`}`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`if params.EmailVerified != nil {`
			`if *params.EmailVerified {`
			`now := time.Now().Unix()`
			`user.EmailVerifiedAt = &now`
			`} else {`
			`user.EmailVerifiedAt = nil`
			`}`
			`}`
fix: user verification 2024-03-28 08:27:47 +00:00			`if params.PhoneNumberVerified != nil {`
			`if *params.PhoneNumberVerified {`
			`now := time.Now().Unix()`
			`user.PhoneNumberVerifiedAt = &now`
			`} else {`
			`user.PhoneNumberVerifiedAt = nil`
			`}`

			`}`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00
Allow empty email 2023-10-25 19:25:10 +00:00			`if params.Email != nil && refs.StringValue(user.Email) != refs.StringValue(params.Email) {`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`// check if valid email`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`if !validators.IsValidEmail(*params.Email) {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Invalid email: ", *params.Email)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`return res, fmt.Errorf("invalid email address")`
			`}`
			`newEmail := strings.ToLower(*params.Email)`
			`// check if user with new email exists`
feat: implement resolvers 2022-07-10 16:19:33 +00:00			`_, err = db.Provider.GetUserByEmail(ctx, newEmail)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`// err = nil means user exists`
			`if err == nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("User with email already exists: ", newEmail)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`return res, fmt.Errorf("user with this email address already exists")`
			`}`

fix: session invalidation 2022-06-11 13:40:39 +00:00			`go memorystore.Provider.DeleteAllUserSessions(user.ID)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`hostname := parsers.GetHost(gc)`
Allow empty email 2023-10-25 19:25:10 +00:00			`user.Email = &newEmail`
fix: make email verification col nullable 2021-12-22 10:08:51 +00:00			`user.EmailVerifiedAt = nil`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`// insert verification request`
fix: add token information in redirect url 2022-03-08 07:06:26 +00:00			`_, nonceHash, err := utils.GenerateNonce()`
fix: auth flow 2022-03-02 12:12:31 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to generate nonce: ", err)`
fix: auth flow 2022-03-02 12:12:31 +00:00			`return res, err`
			`}`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`verificationType := constants.VerificationTypeUpdateEmail`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`redirectURL := parsers.GetAppURL(gc)`
fix: add token information in redirect url 2022-03-08 07:06:26 +00:00			`verificationToken, err := token.CreateVerificationToken(newEmail, verificationType, hostname, nonceHash, redirectURL)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to create verification token: ", err)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`}`
fix: refs for db provider and few utils 2023-07-31 11:12:11 +00:00			`_, err = db.Provider.AddVerificationRequest(ctx, &models.VerificationRequest{`
fix: add token information in redirect url 2022-03-08 07:06:26 +00:00			`Token: verificationToken,`
			`Identifier: verificationType,`
			`ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),`
			`Email: newEmail,`
			`Nonce: nonceHash,`
			`RedirectURI: redirectURL,`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`})`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to add verification request: ", err)`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`return res, err`
			`}`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00
feat: send email based on template 2022-08-08 20:13:37 +00:00			`// exec it as go routine so that we can reduce the api latency`
Allow empty email 2023-10-25 19:25:10 +00:00			`go email.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{`
feat: send email based on template 2022-08-08 20:13:37 +00:00			`"user": user.ToMap(),`
			`"organization": utils.GetOrganization(),`
[server]fix: error redirection for email verification 2023-05-02 13:09:10 +00:00			`"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),`
feat: send email based on template 2022-08-08 20:13:37 +00:00			`})`
fix: auth flow 2022-03-02 12:12:31 +00:00
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`}`

fix: user verification 2024-03-28 08:27:47 +00:00			`if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {`
			`phone := strings.TrimSpace(refs.StringValue(params.PhoneNumber))`
			`if len(phone) < 10 \|\| len(phone) > 15 {`
			`log.Debug("Invalid phone number: ", *params.PhoneNumber)`
			`return res, fmt.Errorf("invalid phone number")`
			`}`
			`// check if user with new phone number exists`
			`_, err = db.Provider.GetUserByPhoneNumber(ctx, phone)`
			`// err = nil means user exists`
			`if err == nil {`
			`log.Debug("User with phone number already exists: ", phone)`
			`return res, fmt.Errorf("user with this phone number already exists")`
			`}`
			`go memorystore.Provider.DeleteAllUserSessions(user.ID)`
			`user.PhoneNumber = &phone`
			`user.PhoneNumberVerifiedAt = nil`
			`}`

feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`rolesToSave := ""`
			`if params.Roles != nil && len(params.Roles) > 0 {`
			`currentRoles := strings.Split(user.Roles, ",")`
			`inputRoles := []string{}`
			`for _, item := range params.Roles {`
			`inputRoles = append(inputRoles, *item)`
			`}`

fix: slice envs 2022-05-31 02:44:03 +00:00			`rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)`
			`roles := []string{}`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if err != nil {`
			`log.Debug("Error getting roles: ", err)`
fix: slice envs 2022-05-31 02:44:03 +00:00			`rolesString = ""`
			`} else {`
			`roles = strings.Split(rolesString, ",")`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`}`
fix: slice envs 2022-05-31 02:44:03 +00:00			`protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)`
			`protectedRoles := []string{}`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if err != nil {`
			`log.Debug("Error getting protected roles: ", err)`
fix: slice envs 2022-05-31 02:44:03 +00:00			`protectedRolesString = ""`
			`} else {`
			`protectedRoles = strings.Split(protectedRolesString, ",")`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`}`

fix: import cycle issues 2022-05-30 06:24:16 +00:00			`if !validators.IsValidRoles(inputRoles, append([]string{}, append(roles, protectedRoles...)...)) {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Invalid roles: ", params.Roles)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`return res, fmt.Errorf("invalid list of roles")`
			`}`

fix: import cycle issues 2022-05-30 06:24:16 +00:00			`if !validators.IsStringArrayEqual(inputRoles, currentRoles) {`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`rolesToSave = strings.Join(inputRoles, ",")`
			`}`

fix: session invalidation 2022-06-11 13:40:39 +00:00			`go memorystore.Provider.DeleteAllUserSessions(user.ID)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`}`

			`if rolesToSave != "" {`
			`user.Roles = rolesToSave`
			`}`
feat: implement resolvers 2022-07-10 16:19:33 +00:00			`user, err = db.Provider.UpdateUser(ctx, user)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to update user: ", err)`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`return res, err`
			`}`

fix: token + redirect 2022-03-16 16:14:57 +00:00			`createdAt := user.CreatedAt`
			`updatedAt := user.UpdatedAt`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`res = &model.User{`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`ID: params.ID,`
			`Email: user.Email,`
fix: unique constraint data 2021-12-22 10:01:45 +00:00			`Picture: user.Picture,`
			`GivenName: user.GivenName,`
			`FamilyName: user.FamilyName,`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`Roles: strings.Split(user.Roles, ","),`
fix: token + redirect 2022-03-16 16:14:57 +00:00			`CreatedAt: &createdAt,`
			`UpdatedAt: &updatedAt,`
feat: allow admin to user profile (#51) Resolves #49 2021-09-21 02:53:40 +00:00			`}`
			`return res, nil`
			`}`