feat:allow signup without verification (#39)

* fix: add disable basic auth check in resolvers

* feat: allow signup without email verification

Resolves #32

server/resolvers/forgotPassword.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/enum"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -15,6 +16,10 @@ import (
 
 func ForgotPassword(ctx context.Context, params model.ForgotPasswordInput) (*model.Response, error) {
 	var res *model.Response
+	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
+	}
+
 	params.Email = strings.ToLower(params.Email)
 
 	if !utils.IsValidEmail(params.Email) {

server/resolvers/login.go

@@ -6,6 +6,7 @@ import (
 	"log"
 	"strings"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/enum"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -14,13 +15,17 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-func Login(ctx context.Context, params model.LoginInput) (*model.LoginResponse, error) {
+func Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, error) {
 	gc, err := utils.GinContextFromContext(ctx)
-	var res *model.LoginResponse
+	var res *model.AuthResponse
 	if err != nil {
 		return res, err
 	}
 
+	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
+	}
+
 	params.Email = strings.ToLower(params.Email)
 	user, err := db.Mgr.GetUserByEmail(params.Email)
 	if err != nil {
@@ -54,7 +59,7 @@ func Login(ctx context.Context, params model.LoginInput) (*model.LoginResponse,
 
 	session.SetToken(userIdStr, refreshToken)
 
-	res = &model.LoginResponse{
+	res = &model.AuthResponse{
 		Message:              `Logged in successfully`,
 		AccessToken:          &accessToken,
 		AccessTokenExpiresAt: &expiresAt,

server/resolvers/resetPassword.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/utils"
@@ -11,6 +12,9 @@ import (
 
 func ResetPassword(ctx context.Context, params model.ResetPassowrdInput) (*model.Response, error) {
 	var res *model.Response
+	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
+	}
 
 	if params.Password != params.ConfirmPassword {
 		return res, fmt.Errorf(`passwords don't match`)

server/resolvers/signup.go

@@ -7,14 +7,24 @@ import (
 	"strings"
 	"time"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/enum"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/session"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
-func Signup(ctx context.Context, params model.SignUpInput) (*model.Response, error) {
-	var res *model.Response
+func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse, error) {
+	gc, err := utils.GinContextFromContext(ctx)
+	var res *model.AuthResponse
+	if err != nil {
+		return res, err
+	}
+
+	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
+	}
 	if params.ConfirmPassword != params.Password {
 		return res, fmt.Errorf(`passowrd and confirm password does not match`)
 	}
@@ -51,31 +61,70 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.Response, err
 	}
 
 	user.SignupMethod = enum.BasicAuth.String()
+	if constants.DISABLE_EMAIL_VERICATION == "true" {
+		user.EmailVerifiedAt = time.Now().Unix()
+	}
 	_, err = db.Mgr.SaveUser(user)
 	if err != nil {
 		return res, err
 	}
-
-	// insert verification request
-	verificationType := enum.BasicAuthSignup.String()
-	token, err := utils.CreateVerificationToken(params.Email, verificationType)
-	if err != nil {
-		log.Println(`Error generating token`, err)
+	userIdStr := fmt.Sprintf("%d", user.ID)
+	userToReturn := &model.User{
+		ID:              userIdStr,
+		Email:           user.Email,
+		Image:           &user.Image,
+		FirstName:       &user.FirstName,
+		LastName:        &user.LastName,
+		SignupMethod:    user.SignupMethod,
+		EmailVerifiedAt: &user.EmailVerifiedAt,
+		CreatedAt:       &user.CreatedAt,
+		UpdatedAt:       &user.UpdatedAt,
 	}
-	db.Mgr.AddVerification(db.VerificationRequest{
-		Token:      token,
-		Identifier: verificationType,
-		ExpiresAt:  time.Now().Add(time.Minute * 30).Unix(),
-		Email:      params.Email,
-	})
 
-	// exec it as go routin so that we can reduce the api latency
-	go func() {
-		utils.SendVerificationMail(params.Email, token)
-	}()
+	if constants.DISABLE_EMAIL_VERICATION != "true" {
+		// insert verification request
+		verificationType := enum.BasicAuthSignup.String()
+		token, err := utils.CreateVerificationToken(params.Email, verificationType)
+		if err != nil {
+			log.Println(`Error generating token`, err)
+		}
+		db.Mgr.AddVerification(db.VerificationRequest{
+			Token:      token,
+			Identifier: verificationType,
+			ExpiresAt:  time.Now().Add(time.Minute * 30).Unix(),
+			Email:      params.Email,
+		})
 
-	res = &model.Response{
-		Message: `Verification email has been sent. Please check your inbox`,
+		// exec it as go routin so that we can reduce the api latency
+		go func() {
+			utils.SendVerificationMail(params.Email, token)
+		}()
+
+		res = &model.AuthResponse{
+			Message: `Verification email has been sent. Please check your inbox`,
+			User:    userToReturn,
+		}
+	} else {
+
+		refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
+			ID:    userIdStr,
+			Email: user.Email,
+		}, enum.RefreshToken)
+
+		accessToken, expiresAt, _ := utils.CreateAuthToken(utils.UserAuthInfo{
+			ID:    userIdStr,
+			Email: user.Email,
+		}, enum.AccessToken)
+
+		session.SetToken(userIdStr, refreshToken)
+		res = &model.AuthResponse{
+			Message:              `Signed up successfully.`,
+			AccessToken:          &accessToken,
+			AccessTokenExpiresAt: &expiresAt,
+			User:                 userToReturn,
+		}
+
+		utils.SetCookie(gc, accessToken)
 	}
 
 	return res, nil

server/resolvers/token.go

@@ -13,10 +13,10 @@ import (
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
-func Token(ctx context.Context) (*model.LoginResponse, error) {
+func Token(ctx context.Context) (*model.AuthResponse, error) {
 	metaInfo := utils.GetMetaInfo()
 	log.Println("=> meta", metaInfo)
-	var res *model.LoginResponse
+	var res *model.AuthResponse
 
 	gc, err := utils.GinContextFromContext(ctx)
 	if err != nil {
@@ -55,7 +55,7 @@ func Token(ctx context.Context) (*model.LoginResponse, error) {
 		}, enum.AccessToken)
 	}
 	utils.SetCookie(gc, token)
-	res = &model.LoginResponse{
+	res = &model.AuthResponse{
 		Message:              `Token verified`,
 		AccessToken:          &token,
 		AccessTokenExpiresAt: &expiresAt,

server/resolvers/verifyEmail.go

@@ -12,9 +12,9 @@ import (
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
-func VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.LoginResponse, error) {
+func VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.AuthResponse, error) {
 	gc, err := utils.GinContextFromContext(ctx)
-	var res *model.LoginResponse
+	var res *model.AuthResponse
 	if err != nil {
 		return res, err
 	}
@@ -53,7 +53,7 @@ func VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.Log
 
 	session.SetToken(userIdStr, refreshToken)
 
-	res = &model.LoginResponse{
+	res = &model.AuthResponse{
 		Message:              `Email verified successfully.`,
 		AccessToken:          &accessToken,
 		AccessTokenExpiresAt: &expiresAt,