forked from canada-ca/tracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsign-up.js
More file actions
288 lines (258 loc) · 8.23 KB
/
Copy pathsign-up.js
File metadata and controls
288 lines (258 loc) · 8.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
import { GraphQLBoolean, GraphQLNonNull, GraphQLString } from 'graphql'
import { mutationWithClientMutationId } from 'graphql-relay'
import { t } from '@lingui/macro'
import { GraphQLEmailAddress } from 'graphql-scalars'
import { LanguageEnums } from '../../enums'
import { signUpUnion } from '../unions'
const { REFRESH_TOKEN_EXPIRY, REFRESH_KEY } = process.env
export const signUp = new mutationWithClientMutationId({
name: 'SignUp',
description:
'This mutation allows for new users to sign up for our sites services.',
inputFields: () => ({
displayName: {
type: GraphQLNonNull(GraphQLString),
description: 'The name that will be displayed to other users.',
},
userName: {
type: GraphQLNonNull(GraphQLEmailAddress),
description: 'Email address that the user will use to authenticate with.',
},
password: {
type: GraphQLNonNull(GraphQLString),
description: 'The password the user will authenticate with.',
},
confirmPassword: {
type: GraphQLNonNull(GraphQLString),
description:
'A secondary password field used to confirm the user entered the correct password.',
},
preferredLang: {
type: GraphQLNonNull(LanguageEnums),
description: 'The users preferred language.',
},
signUpToken: {
type: GraphQLString,
description:
'A token sent by email, that will assign a user to an organization with a pre-determined role.',
},
rememberMe: {
type: GraphQLBoolean,
defaultValue: false,
description:
'Whether or not the user wants to stay signed in after leaving the site.',
},
}),
outputFields: () => ({
result: {
type: signUpUnion,
description:
'`SignUpUnion` returning either a `AuthResult`, or `SignUpError` object.',
resolve: (payload) => payload,
},
}),
mutateAndGetPayload: async (
args,
{
i18n,
collections,
query,
transaction,
request,
response,
uuidv4,
auth: { bcrypt, tokenize, verifyToken },
loaders: { loadOrgByKey, loadUserByUserName, loadUserByKey },
notify: { sendVerificationEmail },
validators: { cleanseInput },
},
) => {
// Cleanse Inputs
const displayName = cleanseInput(args.displayName)
const userName = cleanseInput(args.userName).toLowerCase()
const password = cleanseInput(args.password)
const confirmPassword = cleanseInput(args.confirmPassword)
const preferredLang = cleanseInput(args.preferredLang)
const signUpToken = cleanseInput(args.signUpToken)
const rememberMe = args.rememberMe
// Check to make sure password meets length requirement
if (password.length < 12) {
console.warn(
`User: ${userName} tried to sign up but did not meet requirements.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Password does not meet requirements.`),
}
}
// Check that password and password confirmation match
if (password !== confirmPassword) {
console.warn(
`User: ${userName} tried to sign up but passwords do not match.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Passwords do not match.`),
}
}
// Check to see if user already exists
const checkUser = await loadUserByUserName.load(userName)
if (typeof checkUser !== 'undefined') {
console.warn(
`User: ${userName} tried to sign up, however there is already an account in use with that email.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Email already in use.`),
}
}
// Hash Users Password
const hashedPassword = bcrypt.hashSync(password, 10)
const refreshId = uuidv4()
// Create User Structure for insert
const user = {
displayName: displayName,
userName: userName,
password: hashedPassword,
preferredLang: preferredLang,
phoneValidated: false,
emailValidated: false,
failedLoginAttempts: 0,
tfaSendMethod: 'none',
refreshInfo: {
refreshId,
rememberMe,
expiresAt: new Date(
new Date().getTime() + REFRESH_TOKEN_EXPIRY * 60 * 24 * 60 * 1000,
),
},
}
// Generate list of collections names
const collectionStrings = []
for (const property in collections) {
collectionStrings.push(property.toString())
}
// Setup Transaction
const trx = await transaction(collectionStrings)
let insertedUserCursor
try {
insertedUserCursor = await trx.step(
() => query`
WITH users
INSERT ${user} INTO users
RETURN MERGE(
{
id: NEW._key,
_type: "user"
},
NEW
)
`,
)
} catch (err) {
console.error(
`Transaction step error occurred while user: ${userName} attempted to sign up, creating user: ${err}`,
)
throw new Error(i18n._(t`Unable to sign up. Please try again.`))
}
const insertedUser = await insertedUserCursor.next()
// Assign user to org
if (signUpToken !== '') {
// Gather token parameters
const tokenParameters = verifyToken({
token: signUpToken,
})
const tokenUserName = cleanseInput(tokenParameters.userName)
const tokenOrgKey = cleanseInput(tokenParameters.orgKey)
const tokenRequestedRole = cleanseInput(tokenParameters.requestedRole)
if (userName !== tokenUserName) {
console.warn(
`User: ${userName} attempted to sign up with an invite token, however emails do not match.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(
t`Unable to sign up, please contact org admin for a new invite.`,
),
}
}
const checkOrg = await loadOrgByKey.load(tokenOrgKey)
if (typeof checkOrg === 'undefined') {
console.warn(
`User: ${userName} attempted to sign up with an invite token, however the org could not be found.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(
t`Unable to sign up, please contact org admin for a new invite.`,
),
}
}
try {
await trx.step(
() =>
query`
WITH affiliations, organizations, users
INSERT {
_from: ${checkOrg._id},
_to: ${insertedUser._id},
permission: ${tokenRequestedRole},
owner: false
} INTO affiliations
`,
)
} catch (err) {
console.error(
`Transaction step error occurred while user: ${userName} attempted to sign up, assigning affiliation: ${err}`,
)
throw new Error(i18n._(t`Unable to sign up. Please try again.`))
}
}
try {
await trx.commit()
} catch (err) {
console.error(
`Transaction commit error occurred while user: ${userName} attempted to sign up: ${err}`,
)
throw new Error(i18n._(t`Unable to sign up. Please try again.`))
}
const returnUser = await loadUserByKey.load(insertedUser._key)
// Generate JWTs
const token = tokenize({ parameters: { userKey: insertedUser._key } })
const verifyUrl = `https://${request.get('host')}/validate/${token}`
await sendVerificationEmail({ user: returnUser, verifyUrl })
const refreshToken = tokenize({
parameters: { userKey: user._key, uuid: refreshId },
expPeriod: 168,
secret: String(REFRESH_KEY),
})
// if the user does not want to stay logged in, create http session cookie
let cookieData = {
httpOnly: true,
secure: false,
sameSite: true,
expires: 0,
}
// if user wants to stay logged in create normal http cookie
if (rememberMe) {
cookieData = {
maxAge: REFRESH_TOKEN_EXPIRY * 60 * 24 * 60 * 1000,
httpOnly: true,
secure: false,
sameSite: true,
}
}
response.cookie('refresh_token', refreshToken, cookieData)
console.info(`User: ${userName} successfully created a new account.`)
return {
_type: 'authResult',
token,
user: returnUser,
}
},
})