Merge branch 'main' into fix/role-deletion
This commit is contained in:
lemonScaletech
@@ -21,15 +21,15 @@ func DeactivateAccountResolver(ctx context.Context) (*model.Response, error) {
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||
return res, err
|
||||
}
|
||||
log := log.WithFields(log.Fields{
|
||||
"user_id": userID,
|
||||
"user_id": tokenData.UserID,
|
||||
})
|
||||
user, err := db.Provider.GetUserByID(ctx, userID)
|
||||
user, err := db.Provider.GetUserByID(ctx, tokenData.UserID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by id: ", err)
|
||||
return res, err
|
||||
|
||||
@@ -149,6 +149,12 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
|
||||
if val, ok := store[constants.EnvKeyAppleClientSecret]; ok {
|
||||
res.AppleClientSecret = refs.NewStringRef(val.(string))
|
||||
}
|
||||
if val, ok := store[constants.EnvKeyDiscordClientID]; ok {
|
||||
res.DiscordClientID = refs.NewStringRef(val.(string))
|
||||
}
|
||||
if val, ok := store[constants.EnvKeyDiscordClientSecret]; ok {
|
||||
res.DiscordClientSecret = refs.NewStringRef(val.(string))
|
||||
}
|
||||
if val, ok := store[constants.EnvKeyTwitterClientID]; ok {
|
||||
res.TwitterClientID = refs.NewStringRef(val.(string))
|
||||
}
|
||||
|
||||
@@ -6,29 +6,29 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/email"
|
||||
mailService "github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/parsers"
|
||||
"github.com/authorizerdev/authorizer/server/refs"
|
||||
"github.com/authorizerdev/authorizer/server/smsproviders"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
"github.com/authorizerdev/authorizer/server/validators"
|
||||
)
|
||||
|
||||
// ForgotPasswordResolver is a resolver for forgot password mutation
|
||||
func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInput) (*model.Response, error) {
|
||||
var res *model.Response
|
||||
|
||||
func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInput) (*model.ForgotPasswordResponse, error) {
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
return nil, err
|
||||
}
|
||||
|
||||
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
|
||||
@@ -36,74 +36,134 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
|
||||
log.Debug("Error getting basic auth disabled: ", err)
|
||||
isBasicAuthDisabled = true
|
||||
}
|
||||
if isBasicAuthDisabled {
|
||||
log.Debug("Basic authentication is disabled")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
params.Email = strings.ToLower(params.Email)
|
||||
|
||||
if !validators.IsValidEmail(params.Email) {
|
||||
log.Debug("Invalid email address: ", params.Email)
|
||||
return res, fmt.Errorf("invalid email")
|
||||
}
|
||||
|
||||
log := log.WithFields(log.Fields{
|
||||
"email": params.Email,
|
||||
})
|
||||
user, err := db.Provider.GetUserByEmail(ctx, params.Email)
|
||||
isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
|
||||
if err != nil {
|
||||
log.Debug("User not found: ", err)
|
||||
return res, fmt.Errorf(`user with this email not found`)
|
||||
log.Debug("Error getting email verification disabled: ", err)
|
||||
isEmailVerificationDisabled = true
|
||||
}
|
||||
|
||||
isMobileBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Error getting mobile basic auth disabled: ", err)
|
||||
isMobileBasicAuthDisabled = true
|
||||
}
|
||||
isMobileVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisablePhoneVerification)
|
||||
if err != nil {
|
||||
log.Debug("Error getting mobile verification disabled: ", err)
|
||||
isMobileVerificationDisabled = true
|
||||
}
|
||||
|
||||
email := refs.StringValue(params.Email)
|
||||
phoneNumber := refs.StringValue(params.PhoneNumber)
|
||||
if email == "" && phoneNumber == "" {
|
||||
log.Debug("Email or phone number is required")
|
||||
return nil, fmt.Errorf(`email or phone number is required`)
|
||||
}
|
||||
log := log.WithFields(log.Fields{
|
||||
"email": refs.StringValue(params.Email),
|
||||
"phone_number": refs.StringValue(params.PhoneNumber),
|
||||
})
|
||||
isEmailLogin := email != ""
|
||||
isMobileLogin := phoneNumber != ""
|
||||
if isBasicAuthDisabled && isEmailLogin && !isEmailVerificationDisabled {
|
||||
log.Debug("Basic authentication is disabled.")
|
||||
return nil, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
if isMobileBasicAuthDisabled && isMobileLogin && !isMobileVerificationDisabled {
|
||||
log.Debug("Mobile basic authentication is disabled.")
|
||||
return nil, fmt.Errorf(`mobile basic authentication is disabled for this instance`)
|
||||
}
|
||||
var user *models.User
|
||||
if isEmailLogin {
|
||||
user, err = db.Provider.GetUserByEmail(ctx, email)
|
||||
} else {
|
||||
user, err = db.Provider.GetUserByPhoneNumber(ctx, phoneNumber)
|
||||
}
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user: ", err)
|
||||
return nil, fmt.Errorf(`bad user credentials`)
|
||||
}
|
||||
hostname := parsers.GetHost(gc)
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate nonce: ", err)
|
||||
return res, err
|
||||
return nil, err
|
||||
}
|
||||
|
||||
redirectURI := ""
|
||||
// give higher preference to params redirect uri
|
||||
if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
|
||||
redirectURI = refs.StringValue(params.RedirectURI)
|
||||
} else {
|
||||
redirectURI, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
|
||||
if err != nil {
|
||||
log.Debug("ResetPasswordURL not found using default app url: ", err)
|
||||
redirectURI = hostname + "/app/reset-password"
|
||||
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, redirectURI)
|
||||
if user.RevokedTimestamp != nil {
|
||||
log.Debug("User access is revoked")
|
||||
return nil, fmt.Errorf(`user access has been revoked`)
|
||||
}
|
||||
if isEmailLogin {
|
||||
redirectURI := ""
|
||||
// give higher preference to params redirect uri
|
||||
if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
|
||||
redirectURI = refs.StringValue(params.RedirectURI)
|
||||
} else {
|
||||
redirectURI, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
|
||||
if err != nil {
|
||||
log.Debug("ResetPasswordURL not found using default app url: ", err)
|
||||
redirectURI = hostname + "/app/reset-password"
|
||||
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, redirectURI)
|
||||
}
|
||||
}
|
||||
verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURI)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token", err)
|
||||
return nil, err
|
||||
}
|
||||
_, err = db.Provider.AddVerificationRequest(ctx, &models.VerificationRequest{
|
||||
Token: verificationToken,
|
||||
Identifier: constants.VerificationTypeForgotPassword,
|
||||
ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
|
||||
Email: email,
|
||||
Nonce: nonceHash,
|
||||
RedirectURI: redirectURI,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add verification request", err)
|
||||
return nil, err
|
||||
}
|
||||
// execute it as go routine so that we can reduce the api latency
|
||||
go mailService.SendEmail([]string{email}, constants.VerificationTypeForgotPassword, map[string]interface{}{
|
||||
"user": user.ToMap(),
|
||||
"organization": utils.GetOrganization(),
|
||||
"verification_url": utils.GetForgotPasswordURL(verificationToken, redirectURI),
|
||||
})
|
||||
return &model.ForgotPasswordResponse{
|
||||
Message: `Please check your inbox! We have sent a password reset link.`,
|
||||
}, nil
|
||||
}
|
||||
|
||||
verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURI)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token", err)
|
||||
return res, err
|
||||
if isMobileLogin {
|
||||
expiresAt := time.Now().Add(1 * time.Minute).Unix()
|
||||
otp := utils.GenerateOTP()
|
||||
otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
|
||||
Email: refs.StringValue(user.Email),
|
||||
PhoneNumber: refs.StringValue(user.PhoneNumber),
|
||||
Otp: otp,
|
||||
ExpiresAt: expiresAt,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add otp: ", err)
|
||||
return nil, err
|
||||
}
|
||||
mfaSession := uuid.NewString()
|
||||
err = memorystore.Provider.SetMfaSession(user.ID, mfaSession, expiresAt)
|
||||
if err != nil {
|
||||
log.Debug("Failed to add mfasession: ", err)
|
||||
return nil, err
|
||||
}
|
||||
cookie.SetMfaSession(gc, mfaSession)
|
||||
smsBody := strings.Builder{}
|
||||
smsBody.WriteString("Your verification code is: ")
|
||||
smsBody.WriteString(otpData.Otp)
|
||||
if err := smsproviders.SendSMS(phoneNumber, smsBody.String()); err != nil {
|
||||
log.Debug("Failed to send sms: ", err)
|
||||
// continue
|
||||
}
|
||||
return &model.ForgotPasswordResponse{
|
||||
Message: "Please enter the OTP sent to your phone number and change your password.",
|
||||
ShouldShowMobileOtpScreen: refs.NewBoolRef(true),
|
||||
}, nil
|
||||
}
|
||||
_, err = db.Provider.AddVerificationRequest(ctx, &models.VerificationRequest{
|
||||
Token: verificationToken,
|
||||
Identifier: constants.VerificationTypeForgotPassword,
|
||||
ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
|
||||
Email: params.Email,
|
||||
Nonce: nonceHash,
|
||||
RedirectURI: redirectURI,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add verification request", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// execute it as go routine so that we can reduce the api latency
|
||||
go email.SendEmail([]string{params.Email}, constants.VerificationTypeForgotPassword, map[string]interface{}{
|
||||
"user": user.ToMap(),
|
||||
"organization": utils.GetOrganization(),
|
||||
"verification_url": utils.GetForgotPasswordURL(verificationToken, redirectURI),
|
||||
})
|
||||
|
||||
res = &model.Response{
|
||||
Message: `Please check your inbox! We have sent a password reset link.`,
|
||||
}
|
||||
|
||||
return res, nil
|
||||
return nil, fmt.Errorf(`email or phone number verification needs to be enabled`)
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ import (
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
mailService "github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/refs"
|
||||
@@ -23,8 +24,6 @@ import (
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
"github.com/authorizerdev/authorizer/server/validators"
|
||||
|
||||
mailService "github.com/authorizerdev/authorizer/server/email"
|
||||
)
|
||||
|
||||
// LoginResolver is a resolver for login mutation
|
||||
@@ -172,9 +171,10 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
||||
generateOTP := func(expiresAt int64) (*models.OTP, error) {
|
||||
otp := utils.GenerateOTP()
|
||||
otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
|
||||
Email: refs.StringValue(user.Email),
|
||||
Otp: otp,
|
||||
ExpiresAt: expiresAt,
|
||||
Email: refs.StringValue(user.Email),
|
||||
PhoneNumber: refs.StringValue(user.PhoneNumber),
|
||||
Otp: otp,
|
||||
ExpiresAt: expiresAt,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add otp: ", err)
|
||||
|
||||
@@ -2,12 +2,10 @@ package resolvers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
@@ -22,31 +20,18 @@ func LogoutResolver(ctx context.Context) (*model.Response, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// get fingerprint hash
|
||||
fingerprintHash, err := cookie.GetSession(gc)
|
||||
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get fingerprint hash: ", err)
|
||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
decryptedFingerPrint, err := crypto.DecryptAES(fingerprintHash)
|
||||
if err != nil {
|
||||
log.Debug("Failed to decrypt fingerprint hash: ", err)
|
||||
return nil, err
|
||||
sessionKey := tokenData.UserID
|
||||
if tokenData.LoginMethod != "" {
|
||||
sessionKey = tokenData.LoginMethod + ":" + tokenData.UserID
|
||||
}
|
||||
|
||||
var sessionData token.SessionData
|
||||
err = json.Unmarshal([]byte(decryptedFingerPrint), &sessionData)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
sessionKey := sessionData.Subject
|
||||
if sessionData.LoginMethod != "" {
|
||||
sessionKey = sessionData.LoginMethod + ":" + sessionData.Subject
|
||||
}
|
||||
|
||||
memorystore.Provider.DeleteUserSession(sessionKey, sessionData.Nonce)
|
||||
memorystore.Provider.DeleteUserSession(sessionKey, tokenData.Nonce)
|
||||
cookie.DeleteSession(gc)
|
||||
|
||||
res := &model.Response{
|
||||
|
||||
@@ -20,15 +20,15 @@ func ProfileResolver(ctx context.Context) (*model.User, error) {
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||
return res, err
|
||||
}
|
||||
log := log.WithFields(log.Fields{
|
||||
"user_id": userID,
|
||||
"user_id": tokenData.UserID,
|
||||
})
|
||||
user, err := db.Provider.GetUserByID(ctx, userID)
|
||||
user, err := db.Provider.GetUserByID(ctx, tokenData.UserID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user: ", err)
|
||||
return res, err
|
||||
|
||||
@@ -9,8 +9,10 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/parsers"
|
||||
@@ -29,97 +31,155 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
verifyingToken := refs.StringValue(params.Token)
|
||||
otp := refs.StringValue(params.Otp)
|
||||
if verifyingToken == "" && otp == "" {
|
||||
log.Debug("Token or OTP is required")
|
||||
return res, fmt.Errorf(`token or otp is required`)
|
||||
}
|
||||
isTokenVerification := verifyingToken != ""
|
||||
isOtpVerification := otp != ""
|
||||
if isOtpVerification && refs.StringValue(params.PhoneNumber) == "" {
|
||||
log.Debug("Phone number is required")
|
||||
return res, fmt.Errorf(`phone number is required`)
|
||||
}
|
||||
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Error getting basic auth disabled: ", err)
|
||||
isBasicAuthDisabled = true
|
||||
}
|
||||
if isBasicAuthDisabled {
|
||||
isMobileBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Error getting mobile basic auth disabled: ", err)
|
||||
isBasicAuthDisabled = true
|
||||
}
|
||||
if isTokenVerification && isBasicAuthDisabled {
|
||||
log.Debug("Basic authentication is disabled")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
||||
verificationRequest, err := db.Provider.GetVerificationRequestByToken(ctx, params.Token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get verification request: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
if isOtpVerification && isMobileBasicAuthDisabled {
|
||||
log.Debug("Mobile basic authentication is disabled")
|
||||
return res, fmt.Errorf(`mobile basic authentication is disabled for this instance`)
|
||||
}
|
||||
email := ""
|
||||
phoneNumber := refs.StringValue(params.PhoneNumber)
|
||||
var user *models.User
|
||||
var verificationRequest *models.VerificationRequest
|
||||
var otpRequest *models.OTP
|
||||
if isTokenVerification {
|
||||
verificationRequest, err = db.Provider.GetVerificationRequestByToken(ctx, verifyingToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get verification request: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
}
|
||||
// verify if token exists in db
|
||||
hostname := parsers.GetHost(gc)
|
||||
claim, err := token.ParseJWTToken(verifyingToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse token: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
}
|
||||
|
||||
if ok, err := token.ValidateJWTClaims(claim, hostname, verificationRequest.Nonce, verificationRequest.Email); !ok || err != nil {
|
||||
log.Debug("Failed to validate jwt claims: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
}
|
||||
email = claim["sub"].(string)
|
||||
user, err = db.Provider.GetUserByEmail(ctx, email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user: ", err)
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
if isOtpVerification {
|
||||
mfaSession, err := cookie.GetMfaSession(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get otp request by email: ", err)
|
||||
return res, fmt.Errorf(`invalid session: %s`, err.Error())
|
||||
}
|
||||
// Get user by phone number
|
||||
user, err = db.Provider.GetUserByPhoneNumber(ctx, phoneNumber)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by phone number: ", err)
|
||||
return res, fmt.Errorf(`user not found`)
|
||||
}
|
||||
if _, err := memorystore.Provider.GetMfaSession(user.ID, mfaSession); err != nil {
|
||||
log.Debug("Failed to get mfa session: ", err)
|
||||
return res, fmt.Errorf(`invalid session: %s`, err.Error())
|
||||
}
|
||||
otpRequest, err = db.Provider.GetOTPByPhoneNumber(ctx, phoneNumber)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get otp request by phone number: ", err)
|
||||
return res, fmt.Errorf(`invalid otp`)
|
||||
}
|
||||
if otpRequest.Otp != otp {
|
||||
log.Debug("Failed to verify otp request: Incorrect value")
|
||||
return res, fmt.Errorf(`invalid otp`)
|
||||
}
|
||||
}
|
||||
if params.Password != params.ConfirmPassword {
|
||||
log.Debug("Passwords do not match")
|
||||
return res, fmt.Errorf(`passwords don't match`)
|
||||
}
|
||||
|
||||
if err := validators.IsValidPassword(params.Password); err != nil {
|
||||
log.Debug("Invalid password")
|
||||
return res, err
|
||||
}
|
||||
|
||||
// verify if token exists in db
|
||||
hostname := parsers.GetHost(gc)
|
||||
claim, err := token.ParseJWTToken(params.Token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse token: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
}
|
||||
|
||||
if ok, err := token.ValidateJWTClaims(claim, hostname, verificationRequest.Nonce, verificationRequest.Email); !ok || err != nil {
|
||||
log.Debug("Failed to validate jwt claims: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
}
|
||||
|
||||
email := claim["sub"].(string)
|
||||
log := log.WithFields(log.Fields{
|
||||
"email": email,
|
||||
"phone": phoneNumber,
|
||||
})
|
||||
user, err := db.Provider.GetUserByEmail(ctx, email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
password, _ := crypto.EncryptPassword(params.Password)
|
||||
user.Password = &password
|
||||
|
||||
signupMethod := user.SignupMethods
|
||||
if !strings.Contains(signupMethod, constants.AuthRecipeMethodBasicAuth) {
|
||||
if !strings.Contains(signupMethod, constants.AuthRecipeMethodBasicAuth) && isTokenVerification {
|
||||
signupMethod = signupMethod + "," + constants.AuthRecipeMethodBasicAuth
|
||||
|
||||
isMFAEnforced, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyEnforceMultiFactorAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("MFA service not enabled: ", err)
|
||||
isMFAEnforced = false
|
||||
// helpful if user has not signed up with basic auth
|
||||
if user.EmailVerifiedAt == nil {
|
||||
now := time.Now().Unix()
|
||||
user.EmailVerifiedAt = &now
|
||||
}
|
||||
|
||||
if isMFAEnforced {
|
||||
user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
|
||||
}
|
||||
if !strings.Contains(signupMethod, constants.AuthRecipeMethodMobileOTP) && isOtpVerification {
|
||||
signupMethod = signupMethod + "," + constants.AuthRecipeMethodMobileOTP
|
||||
// helpful if user has not signed up with basic auth
|
||||
if user.PhoneNumberVerifiedAt == nil {
|
||||
now := time.Now().Unix()
|
||||
user.PhoneNumberVerifiedAt = &now
|
||||
}
|
||||
}
|
||||
user.SignupMethods = signupMethod
|
||||
|
||||
// helpful if user has not signed up with basic auth
|
||||
if user.EmailVerifiedAt == nil {
|
||||
now := time.Now().Unix()
|
||||
user.EmailVerifiedAt = &now
|
||||
}
|
||||
|
||||
// delete from verification table
|
||||
err = db.Provider.DeleteVerificationRequest(ctx, verificationRequest)
|
||||
isMFAEnforced, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyEnforceMultiFactorAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Failed to delete verification request: ", err)
|
||||
return res, err
|
||||
log.Debug("MFA service not enabled: ", err)
|
||||
isMFAEnforced = false
|
||||
}
|
||||
if isMFAEnforced {
|
||||
user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
|
||||
}
|
||||
|
||||
_, err = db.Provider.UpdateUser(ctx, user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if isTokenVerification {
|
||||
// delete from verification table
|
||||
err = db.Provider.DeleteVerificationRequest(ctx, verificationRequest)
|
||||
if err != nil {
|
||||
log.Debug("Failed to delete verification request: ", err)
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
if isOtpVerification {
|
||||
// delete from otp table
|
||||
err = db.Provider.DeleteOTP(ctx, otpRequest)
|
||||
if err != nil {
|
||||
log.Debug("Failed to delete otp request: ", err)
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
res = &model.Response{
|
||||
Message: `Password updated successfully.`,
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
@@ -38,7 +38,7 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
|
||||
// get session from cookie
|
||||
claims, err := token.ValidateBrowserSession(gc, sessionToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate session token", err)
|
||||
log.Debug("Failed to validate session token: ", err)
|
||||
return res, errors.New("unauthorized")
|
||||
}
|
||||
userID := claims.Subject
|
||||
|
||||
@@ -36,7 +36,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||
return res, err
|
||||
@@ -48,9 +48,9 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||
return res, fmt.Errorf("please enter at least one param to update")
|
||||
}
|
||||
log := log.WithFields(log.Fields{
|
||||
"user_id": userID,
|
||||
"user_id": tokenData.UserID,
|
||||
})
|
||||
user, err := db.Provider.GetUserByID(ctx, userID)
|
||||
user, err := db.Provider.GetUserByID(ctx, tokenData.UserID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by id: ", err)
|
||||
return res, err
|
||||
|
||||
Reference in New Issue
Block a user