devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

forgot password - with phone

Browse Source
This commit is contained in:
Mussie Teshome 2023-06-26 14:25:13 +03:00
parent 3b7c47bfb3
commit ea2a7db8e0
1 changed files with 105 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
server/resolvers/forgot_password.go
View File

@ -19,6 +19,7 @@ import (
"github.com/authorizerdev/authorizer/server/token" "github.com/authorizerdev/authorizer/server/token"
"github.com/authorizerdev/authorizer/server/utils" "github.com/authorizerdev/authorizer/server/utils"
"github.com/authorizerdev/authorizer/server/validators" "github.com/authorizerdev/authorizer/server/validators"
"github.com/authorizerdev/authorizer/server/smsproviders"
) )
// ForgotPasswordResolver is a resolver for forgot password mutation // ForgotPasswordResolver is a resolver for forgot password mutation
@ -31,79 +32,130 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
return res, err return res, err
} }
disablePhoneVerification, _ := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisablePhoneVerification)
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
if err != nil { if err != nil {
log.Debug("Error getting basic auth disabled: ", err) log.Debug("Error getting basic auth disabled: ", err)
isBasicAuthDisabled = true isBasicAuthDisabled = true
} }
if isBasicAuthDisabled { if isBasicAuthDisabled {
log.Debug("Basic authentication is disabled") log.Debug("Basic authentication is disabled")
return res, fmt.Errorf(`basic authentication is disabled for this instance`) return res, fmt.Errorf(`basic authentication is disabled for this instance`)
} }
params.Email = strings.ToLower(params.Email)
if !validators.IsValidEmail(params.Email) { mobile := strings.TrimSpace(params.EmailOrPhone)
log.Debug("Invalid email address: ", params.Email)
return res, fmt.Errorf("invalid email") if !validators.IsValidEmail(params.EmailOrPhone) && len(mobile) < 10 {
log.Debug("Invalid email or phone: ", params.EmailOrPhone)
return res, fmt.Errorf("invalid email or phone")
} }
log := log.WithFields(log.Fields{ if validators.IsValidEmail(params.EmailOrPhone) {
"email": params.Email,
}) params.EmailOrPhone = strings.ToLower(params.EmailOrPhone)
user, err := db.Provider.GetUserByEmail(ctx, params.Email)
if err != nil {
log.Debug("User not found: ", err)
return res, fmt.Errorf(`user with this email not found`)
}
hostname := parsers.GetHost(gc) log := log.WithFields(log.Fields{
_, nonceHash, err := utils.GenerateNonce() "email": params.EmailOrPhone,
if err != nil { })
log.Debug("Failed to generate nonce: ", err) user, err := db.Provider.GetUserByEmail(ctx, params.EmailOrPhone)
return res, err
}
redirectURI := ""
// give higher preference to params redirect uri
if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
redirectURI = refs.StringValue(params.RedirectURI)
} else {
redirectURI, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
if err != nil { if err != nil {
log.Debug("ResetPasswordURL not found using default app url: ", err) log.Debug("User not found: ", err)
redirectURI = hostname + "/app/reset-password" return res, fmt.Errorf(`user with this email not found`)
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, redirectURI)
} }
hostname := parsers.GetHost(gc)
_, nonceHash, err := utils.GenerateNonce()
if err != nil {
log.Debug("Failed to generate nonce: ", err)
return res, err
}
redirectURI := ""
// give higher preference to params redirect uri
if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
redirectURI = refs.StringValue(params.RedirectURI)
} else {
redirectURI, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
if err != nil {
log.Debug("ResetPasswordURL not found using default app url: ", err)
redirectURI = hostname + "/app/reset-password"
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, redirectURI)
}
}
verificationToken, err := token.CreateVerificationToken(params.EmailOrPhone, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURI)
if err != nil {
log.Debug("Failed to create verification token", err)
return res, err
}
_, err = db.Provider.AddVerificationRequest(ctx, models.VerificationRequest{
Token: verificationToken,
Identifier: constants.VerificationTypeForgotPassword,
ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
Email: params.EmailOrPhone,
Nonce: nonceHash,
RedirectURI: redirectURI,
})
if err != nil {
log.Debug("Failed to add verification request", err)
return res, err
}
// execute it as go routine so that we can reduce the api latency
go email.SendEmail([]string{params.EmailOrPhone}, constants.VerificationTypeForgotPassword, map[string]interface{}{
"user": user.ToMap(),
"organization": utils.GetOrganization(),
"verification_url": utils.GetForgotPasswordURL(verificationToken, redirectURI),
})
res = &model.Response{
Message: `Please check your inbox! We have sent a password reset link.`,
}
return res, nil
} }
verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURI) if !disablePhoneVerification && len(mobile) > 9 {
if err != nil {
log.Debug("Failed to create verification token", err) if _, err := db.Provider.GetUserByPhoneNumber(ctx, refs.StringValue(&params.EmailOrPhone)); err != nil {
return res, err return res, fmt.Errorf("user with given phone number does not exist")
} }
_, err = db.Provider.AddVerificationRequest(ctx, models.VerificationRequest{
Token: verificationToken, duration, _ := time.ParseDuration("10m")
Identifier: constants.VerificationTypeForgotPassword, smsCode := utils.GenerateOTP()
ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
Email: params.Email, smsBody := strings.Builder{}
Nonce: nonceHash, smsBody.WriteString("Your verification code is: ")
RedirectURI: redirectURI, smsBody.WriteString(smsCode)
})
if err != nil {
log.Debug("Failed to add verification request", err)
return res, err
}
// execute it as go routine so that we can reduce the api latency go func() {
go email.SendEmail([]string{params.Email}, constants.VerificationTypeForgotPassword, map[string]interface{}{ _, err = db.Provider.UpsertSMSRequest(ctx, &models.SMSVerificationRequest{
"user": user.ToMap(), PhoneNumber: params.EmailOrPhone,
"organization": utils.GetOrganization(), Code: smsCode,
"verification_url": utils.GetForgotPasswordURL(verificationToken, redirectURI), CodeExpiresAt: time.Now().Add(duration).Unix(),
}) })
res = &model.Response{ if err != nil {
Message: `Please check your inbox! We have sent a password reset link.`, log.Debug("Failed to upsert sms otp: ", err)
return
}
err = smsproviders.SendSMS(params.EmailOrPhone, smsBody.String())
if err != nil {
log.Debug("Failed to send sms: ", err)
return
}
}()
res = &model.Response{
Message: `verification code has been sent to your phone`,
}
return res, nil
} }
return res, nil return res, nil
} }