server/resolvers/signup.go

package resolvers

import (
	"context"
	"fmt"
	"log"
	"strings"
	"time"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/cookie"
	"github.com/authorizerdev/authorizer/server/crypto"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/db/models"
	"github.com/authorizerdev/authorizer/server/email"
	"github.com/authorizerdev/authorizer/server/envstore"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/sessionstore"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
)

// SignupResolver is a resolver for signup mutation
func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthResponse, error) {
	gc, err := utils.GinContextFromContext(ctx)
	var res *model.AuthResponse
	if err != nil {
		return res, err
	}

	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
		return res, fmt.Errorf(`signup is disabled for this instance`)
	}

	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
	}

	if params.ConfirmPassword != params.Password {
		return res, fmt.Errorf(`password and confirm password does not match`)
	}

	if !utils.IsValidPassword(params.Password) {
		return res, fmt.Errorf(`password is not valid. It needs to be at least 6 characters long and contain at least one number, one uppercase letter, one lowercase letter and one special character`)
	}

	params.Email = strings.ToLower(params.Email)

	if !utils.IsValidEmail(params.Email) {
		return res, fmt.Errorf(`invalid email address`)
	}

	// find user with email
	existingUser, err := db.Provider.GetUserByEmail(params.Email)
	if err != nil {
		log.Println("user with email " + params.Email + " not found")
	}

	if existingUser.EmailVerifiedAt != nil {
		// email is verified
		return res, fmt.Errorf(`%s has already signed up`, params.Email)
	} else if existingUser.ID != "" && existingUser.EmailVerifiedAt == nil {
		return res, fmt.Errorf("%s has already signed up. please complete the email verification process or reset the password", params.Email)
	}

	inputRoles := []string{}

	if len(params.Roles) > 0 {
		// check if roles exists
		if !utils.IsValidRoles(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), params.Roles) {
			return res, fmt.Errorf(`invalid roles`)
		} else {
			inputRoles = params.Roles
		}
	} else {
		inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
	}

	user := models.User{
		Email: params.Email,
	}

	user.Roles = strings.Join(inputRoles, ",")

	password, _ := crypto.EncryptPassword(params.Password)
	user.Password = &password

	if params.GivenName != nil {
		user.GivenName = params.GivenName
	}

	if params.FamilyName != nil {
		user.FamilyName = params.FamilyName
	}

	if params.MiddleName != nil {
		user.MiddleName = params.MiddleName
	}

	if params.Nickname != nil {
		user.Nickname = params.Nickname
	}

	if params.Gender != nil {
		user.Gender = params.Gender
	}

	if params.Birthdate != nil {
		user.Birthdate = params.Birthdate
	}

	if params.PhoneNumber != nil {
		user.PhoneNumber = params.PhoneNumber
	}

	if params.Picture != nil {
		user.Picture = params.Picture
	}

	user.SignupMethods = constants.SignupMethodBasicAuth
	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
		now := time.Now().Unix()
		user.EmailVerifiedAt = &now
	}
	user, err = db.Provider.AddUser(user)
	if err != nil {
		return res, err
	}
	roles := strings.Split(user.Roles, ",")
	userToReturn := user.AsAPIUser()

	hostname := utils.GetHost(gc)
	if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
		// insert verification request
		_, nonceHash, err := utils.GenerateNonce()
		if err != nil {
			return res, err
		}
		verificationType := constants.VerificationTypeBasicAuthSignup
		redirectURL := utils.GetAppURL(gc)
		if params.RedirectURI != nil {
			redirectURL = *params.RedirectURI
		}
		verificationToken, err := token.CreateVerificationToken(params.Email, verificationType, hostname, nonceHash, redirectURL)
		if err != nil {
			return res, err
		}
		db.Provider.AddVerificationRequest(models.VerificationRequest{
			Token:       verificationToken,
			Identifier:  verificationType,
			ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
			Email:       params.Email,
			Nonce:       nonceHash,
			RedirectURI: redirectURL,
		})

		// exec it as go routin so that we can reduce the api latency
		go email.SendVerificationMail(params.Email, verificationToken, hostname)

		res = &model.AuthResponse{
			Message: `Verification email has been sent. Please check your inbox`,
			User:    userToReturn,
		}
	} else {
		scope := []string{"openid", "email", "profile"}
		if params.Scope != nil && len(scope) > 0 {
			scope = params.Scope
		}

		authToken, err := token.CreateAuthToken(gc, user, roles, scope)
		if err != nil {
			return res, err
		}

		sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
		cookie.SetSession(gc, authToken.FingerPrintHash)
		go db.Provider.AddSession(models.Session{
			UserID:    user.ID,
			UserAgent: utils.GetUserAgent(gc.Request),
			IP:        utils.GetIP(gc.Request),
		})

		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
		if expiresIn <= 0 {
			expiresIn = 1
		}

		res = &model.AuthResponse{
			Message:     `Signed up successfully.`,
			AccessToken: &authToken.AccessToken.Token,
			ExpiresIn:   &expiresIn,
			User:        userToReturn,
		}
	}

	return res, nil
}
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`package resolvers`

			`import (`
			`"context"`
Add resolver to update profile Resolves #12 #11 2021-07-18 09:25:20 +05:30			`"fmt"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`"log"`
			`"strings"`
			`"time"`

feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`"github.com/authorizerdev/authorizer/server/constants"`
Implement refresh token logic with fingerprint + rotation 2022-01-23 01:24:41 +05:30			`"github.com/authorizerdev/authorizer/server/cookie"`
feat: add session token 2022-02-28 21:26:49 +05:30			`"github.com/authorizerdev/authorizer/server/crypto"`
chore: rename project 2021-07-23 21:57:44 +05:30			`"github.com/authorizerdev/authorizer/server/db"`
fix: update to use db.Provider 2022-01-21 13:34:04 +05:30			`"github.com/authorizerdev/authorizer/server/db/models"`
Feat/dashboard (#105) 2022-01-17 11:32:13 +05:30			`"github.com/authorizerdev/authorizer/server/email"`
			`"github.com/authorizerdev/authorizer/server/envstore"`
chore: rename project 2021-07-23 21:57:44 +05:30			`"github.com/authorizerdev/authorizer/server/graph/model"`
Implement refresh token logic with fingerprint + rotation 2022-01-23 01:24:41 +05:30			`"github.com/authorizerdev/authorizer/server/sessionstore"`
			`"github.com/authorizerdev/authorizer/server/token"`
chore: rename project 2021-07-23 21:57:44 +05:30			`"github.com/authorizerdev/authorizer/server/utils"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`)`

Feat/dashboard (#105) 2022-01-17 11:32:13 +05:30			`// SignupResolver is a resolver for signup mutation`
			`func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthResponse, error) {`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`gc, err := utils.GinContextFromContext(ctx)`
			`var res *model.AuthResponse`
			`if err != nil {`
			`return res, err`
			`}`

feat: disable user signup 2022-03-16 22:49:18 +05:30			`if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {`
			return res, fmt.Errorf(`signup is disabled for this instance`)
			`}`

fix: tests 2022-02-28 07:55:01 +05:30			`if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			return res, fmt.Errorf(`basic authentication is disabled for this instance`)
			`}`
feat: disable user signup 2022-03-16 22:49:18 +05:30
Implement verify email using server url - fix confirm password typo 2021-07-21 03:34:03 +05:30			`if params.ConfirmPassword != params.Password {`
feat: add mongodb support (#82) * feat: add mongodb enum * fix: isMongodb var condition * feat: add init mongodb connection * feat: add mongodb operations for various db methods * fix: error message 2021-12-20 23:21:27 +05:30			return res, fmt.Errorf(`password and confirm password does not match`)
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`

feat: add validation for strong password 2022-03-17 15:35:07 +05:30			`if !utils.IsValidPassword(params.Password) {`
			return res, fmt.Errorf(`password is not valid. It needs to be at least 6 characters long and contain at least one number, one uppercase letter, one lowercase letter and one special character`)
			`}`

add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`params.Email = strings.ToLower(params.Email)`

			`if !utils.IsValidEmail(params.Email) {`
Add resolver to update profile Resolves #12 #11 2021-07-18 09:25:20 +05:30			return res, fmt.Errorf(`invalid email address`)
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`

			`// find user with email`
fix: update to use db.Provider 2022-01-21 13:34:04 +05:30			`existingUser, err := db.Provider.GetUserByEmail(params.Email)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`if err != nil {`
feat/add arangodb support (#80) feat: add arangodb init fix: dao for sql + arangodb * fix: update error logs * fix: use db name dynamically 2021-12-17 21:25:07 +05:30			`log.Println("user with email " + params.Email + " not found")`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`

fix: make email verification col nullable 2021-12-22 15:38:51 +05:30			`if existingUser.EmailVerifiedAt != nil {`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`// email is verified`
feat: add mongodb support (#82) * feat: add mongodb enum * fix: isMongodb var condition * feat: add init mongodb connection * feat: add mongodb operations for various db methods * fix: error message 2021-12-20 23:21:27 +05:30			return res, fmt.Errorf(`%s has already signed up`, params.Email)
fix: make email verification col nullable 2021-12-22 15:38:51 +05:30			`} else if existingUser.ID != "" && existingUser.EmailVerifiedAt == nil {`
feat: add mongodb support (#82) * feat: add mongodb enum * fix: isMongodb var condition * feat: add init mongodb connection * feat: add mongodb operations for various db methods * fix: error message 2021-12-20 23:21:27 +05:30			`return res, fmt.Errorf("%s has already signed up. please complete the email verification process or reset the password", params.Email)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`
feat: add mongodb support (#82) * feat: add mongodb enum * fix: isMongodb var condition * feat: add init mongodb connection * feat: add mongodb operations for various db methods * fix: error message 2021-12-20 23:21:27 +05:30
fix: default role values 2021-12-24 18:42:32 +05:30			`inputRoles := []string{}`

			`if len(params.Roles) > 0 {`
			`// check if roles exists`
fix: tests 2022-02-28 07:55:01 +05:30			`if !utils.IsValidRoles(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), params.Roles) {`
fix: default role values 2021-12-24 18:42:32 +05:30			return res, fmt.Errorf(`invalid roles`)
			`} else {`
			`inputRoles = params.Roles`
			`}`
			`} else {`
fix: tests 2022-02-28 07:55:01 +05:30			`inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)`
fix: default role values 2021-12-24 18:42:32 +05:30			`}`

fix: update to use db.Provider 2022-01-21 13:34:04 +05:30			`user := models.User{`
Resolves #22 2021-07-17 22:39:50 +05:30			`Email: params.Email,`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`

feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 10:36:26 +05:30			`user.Roles = strings.Join(inputRoles, ",")`

feat: add session token 2022-02-28 21:26:49 +05:30			`password, _ := crypto.EncryptPassword(params.Password)`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.Password = &password`
Resolves #22 2021-07-17 22:39:50 +05:30
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`if params.GivenName != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.GivenName = params.GivenName`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`

fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`if params.FamilyName != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.FamilyName = params.FamilyName`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`

fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`if params.MiddleName != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.MiddleName = params.MiddleName`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`}`

			`if params.Nickname != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.Nickname = params.Nickname`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`}`

			`if params.Gender != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.Gender = params.Gender`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`}`

			`if params.Birthdate != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.Birthdate = params.Birthdate`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`}`

			`if params.PhoneNumber != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.PhoneNumber = params.PhoneNumber`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`}`

			`if params.Picture != nil {`
fix: unique constraint data 2021-12-22 15:31:45 +05:30			`user.Picture = params.Picture`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`}`

Feat/dashboard (#105) 2022-01-17 11:32:13 +05:30			`user.SignupMethods = constants.SignupMethodBasicAuth`
fix: tests 2022-02-28 07:55:01 +05:30			`if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {`
fix: make email verification col nullable 2021-12-22 15:38:51 +05:30			`now := time.Now().Unix()`
			`user.EmailVerifiedAt = &now`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`}`
fix: update to use db.Provider 2022-01-21 13:34:04 +05:30			`user, err = db.Provider.AddUser(user)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`if err != nil {`
			`return res, err`
			`}`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 22:11:41 +05:30			`roles := strings.Split(user.Roles, ",")`
Implement refresh token logic with fingerprint + rotation 2022-01-23 01:24:41 +05:30			`userToReturn := user.AsAPIUser()`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30
fix: bug with authorizer url 2022-01-31 11:35:24 +05:30			`hostname := utils.GetHost(gc)`
fix: tests 2022-02-28 07:55:01 +05:30			`if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`// insert verification request`
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`_, nonceHash, err := utils.GenerateNonce()`
fix: auth flow 2022-03-02 17:42:31 +05:30			`if err != nil {`
			`return res, err`
			`}`
Feat/dashboard (#105) 2022-01-17 11:32:13 +05:30			`verificationType := constants.VerificationTypeBasicAuthSignup`
feat: add resolver for inviting members 2022-03-15 08:53:48 +05:30			`redirectURL := utils.GetAppURL(gc)`
feat: add redirect_uri for signup 2022-03-16 21:52:45 +05:30			`if params.RedirectURI != nil {`
			`redirectURL = *params.RedirectURI`
			`}`
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`verificationToken, err := token.CreateVerificationToken(params.Email, verificationType, hostname, nonceHash, redirectURL)`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`if err != nil {`
fix: auth flow 2022-03-02 17:42:31 +05:30			`return res, err`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`}`
fix: update to use db.Provider 2022-01-21 13:34:04 +05:30			`db.Provider.AddVerificationRequest(models.VerificationRequest{`
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`Token: verificationToken,`
			`Identifier: verificationType,`
			`ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),`
			`Email: params.Email,`
			`Nonce: nonceHash,`
			`RedirectURI: redirectURL,`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`})`

			`// exec it as go routin so that we can reduce the api latency`
fix: auth flow 2022-03-02 17:42:31 +05:30			`go email.SendVerificationMail(params.Email, verificationToken, hostname)`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30
			`res = &model.AuthResponse{`
			Message: `Verification email has been sent. Please check your inbox`,
			`User: userToReturn,`
			`}`
			`} else {`
fix: auth flow 2022-03-02 17:42:31 +05:30			`scope := []string{"openid", "email", "profile"}`
feat: add version info 2022-03-09 11:53:34 +05:30			`if params.Scope != nil && len(scope) > 0 {`
			`scope = params.Scope`
			`}`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30
fix: auth flow 2022-03-02 17:42:31 +05:30			`authToken, err := token.CreateAuthToken(gc, user, roles, scope)`
Implement refresh token logic with fingerprint + rotation 2022-01-23 01:24:41 +05:30			`if err != nil {`
			`return res, err`
			`}`
fix: auth flow 2022-03-02 17:42:31 +05:30
			`sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)`
			`cookie.SetSession(gc, authToken.FingerPrintHash)`
feat: add support for database cert, key, ca-cert 2022-04-23 17:52:02 +05:30			`go db.Provider.AddSession(models.Session{`
			`UserID: user.ID,`
			`UserAgent: utils.GetUserAgent(gc.Request),`
			`IP: utils.GetIP(gc.Request),`
			`})`
fix: auth flow 2022-03-02 17:42:31 +05:30
enhancement: add access_token_expiry_time env variable 2022-03-25 15:21:20 +03:00			`expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()`
			`if expiresIn <= 0 {`
			`expiresIn = 1`
			`}`
Implement refresh token logic with fingerprint + rotation 2022-01-23 01:24:41 +05:30
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`res = &model.AuthResponse{`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			Message: `Signed up successfully.`,
Implement refresh token logic with fingerprint + rotation 2022-01-23 01:24:41 +05:30			`AccessToken: &authToken.AccessToken.Token,`
fix: auth flow 2022-03-02 17:42:31 +05:30			`ExpiresIn: &expiresIn,`
fix: refactor schema for open id claim standards 2021-12-22 10:51:12 +05:30			`User: userToReturn,`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 15:43:08 +05:30			`}`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`

			`return res, nil`
			`}`