package resolvers import ( "context" "errors" "fmt" "strings" "time" log "github.com/sirupsen/logrus" "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/db/models" "github.com/authorizerdev/authorizer/server/email" "github.com/authorizerdev/authorizer/server/graph/model" "github.com/authorizerdev/authorizer/server/parsers" "github.com/authorizerdev/authorizer/server/refs" "github.com/authorizerdev/authorizer/server/token" "github.com/authorizerdev/authorizer/server/utils" "github.com/authorizerdev/authorizer/server/validators" ) // CreateUserResolver is a resolver for create user mutation // This is admin only mutation func CreateUserResolver(ctx context.Context, params model.CreateUserInput) (*model.User, error) { var res *model.User gc, err := utils.GinContextFromContext(ctx) if err != nil { log.Debug("Failed to get GinContext: ", err) return res, err } if !token.IsSuperAdmin(gc) { log.Debug("Not logged in as super admin") return res, fmt.Errorf("unauthorized") } log := log.New() if params.PhoneNumber != nil { // verify if phone number is unique if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil { log.Debug("user with given phone number already exists") return nil, errors.New("user with given phone number already exists") } } if params.EmailVerified != nil { if *params.EmailVerified { now := time.Now().Unix() params.EmailVerifiedAt = &now } else { params.EmailVerifiedAt = nil } } if params.Email != nil { // check if valid email if !validators.IsValidEmail(*params.Email) { log.Debug("Invalid email: ", *params.Email) return res, fmt.Errorf("invalid email address") } newEmail := strings.ToLower(*params.Email) // check if user with new email exists _, err = db.Provider.GetUserByEmail(ctx, newEmail) // err = nil means user exists if err == nil { log.Debug("User with email already exists: ", newEmail) return res, fmt.Errorf("user with this email address already exists") } hostname := parsers.GetHost(gc) params.Email = &newEmail params.EmailVerifiedAt = nil // insert verification request _, nonceHash, err := utils.GenerateNonce() if err != nil { log.Debug("Failed to generate nonce: ", err) return res, err } verificationType := constants.VerificationTypeUpdateEmail redirectURL := parsers.GetAppURL(gc) verificationToken, err := token.CreateVerificationToken(newEmail, verificationType, hostname, nonceHash, redirectURL) if err != nil { log.Debug("Failed to create verification token: ", err) } _, err = db.Provider.AddVerificationRequest(ctx, &models.VerificationRequest{ Token: verificationToken, Identifier: verificationType, ExpiresAt: time.Now().Add(time.Minute * 30).Unix(), Email: newEmail, Nonce: nonceHash, RedirectURI: redirectURL, }) if err != nil { log.Debug("Failed to add verification request: ", err) return res, err } // exec it as go routine so that we can reduce the api latency go email.SendEmail([]string{*params.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{ "user": params, "organization": utils.GetOrganization(), "verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL), }) } // json-typed model to store in database userdata := models.User{ Email: *params.Email, EmailVerifiedAt: params.EmailVerifiedAt, CreatedAt: *params.CreatedAt, UpdatedAt: *params.UpdatedAt, Password: params.Password, GivenName: params.GivenName, FamilyName: params.FamilyName, MiddleName: params.MiddleName, Nickname: params.Nickname, // slug PhoneNumber: params.PhoneNumber, Picture: params.Picture, } var user *models.User user, err = db.Provider.AddUser(ctx, &userdata) if err != nil { log.Debug("Failed to update user: ", err) return res, err } createdAt := user.CreatedAt updatedAt := user.UpdatedAt res = &model.User{ ID: user.ID, Email: user.Email, Picture: user.Picture, GivenName: user.GivenName, FamilyName: user.FamilyName, Roles: strings.Split(user.Roles, ","), CreatedAt: &createdAt, UpdatedAt: &updatedAt, } return res, nil }