forked from canada-ca/tracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate-user-profile.js
More file actions
192 lines (174 loc) · 6.37 KB
/
Copy pathupdate-user-profile.js
File metadata and controls
192 lines (174 loc) · 6.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
import { GraphQLString, GraphQLBoolean } from 'graphql'
import { mutationWithClientMutationId } from 'graphql-relay'
import { GraphQLEmailAddress } from 'graphql-scalars'
import { t } from '@lingui/macro'
import { TfaSendMethodEnum } from '../../enums'
import { updateUserProfileUnion } from '../unions'
import { emailUpdatesInput } from '../inputs/email-update-options'
const { AUTHENTICATED_KEY, AUTH_TOKEN_EXPIRY } = process.env
export const updateUserProfile = new mutationWithClientMutationId({
name: 'UpdateUserProfile',
description:
'This mutation allows the user to update their user profile to change various details of their current profile.',
inputFields: () => ({
displayName: {
type: GraphQLString,
description: 'The updated display name the user wishes to change to.',
},
userName: {
type: GraphQLEmailAddress,
description: 'The updated user name the user wishes to change to.',
},
tfaSendMethod: {
type: TfaSendMethodEnum,
description: 'The method in which the user wishes to have their TFA code sent via.',
},
insideUser: {
type: GraphQLBoolean,
description: 'The updated boolean which represents if the user wants to see features in progress.',
},
emailUpdateOptions: {
type: emailUpdatesInput,
description:
'A number of different emails the user can optionally receive periodically that provide updates about their organization.',
},
}),
outputFields: () => ({
result: {
type: updateUserProfileUnion,
description:
'`UpdateUserProfileUnion` returning either a `UpdateUserProfileResult`, or `UpdateUserProfileError` object.',
resolve: (payload) => payload,
},
}),
mutateAndGetPayload: async (
args,
{
i18n,
query,
collections,
transaction,
userKey,
request,
auth: { tokenize, userRequired },
loaders: { loadUserByKey, loadUserByUserName },
notify: { sendVerificationEmail },
validators: { cleanseInput },
},
) => {
// Cleanse Input
const displayName = cleanseInput(args.displayName)
const userName = cleanseInput(args.userName).toLowerCase()
const subTfaSendMethod = cleanseInput(args.tfaSendMethod)
const insideUserBool = args.insideUser
const emailUpdateOptions = args.emailUpdateOptions
// Get user info from DB
const user = await userRequired()
// Check to see if username is already in use
if (userName !== '') {
const checkUser = await loadUserByUserName.load(userName)
if (typeof checkUser !== 'undefined') {
console.warn(`User: ${userKey} attempted to update their username, but the username is already in use.`)
return {
_type: 'error',
code: 400,
description: i18n._(t`Username not available, please try another.`),
}
}
}
// Check to see if admin user is disabling TFA
if (subTfaSendMethod === 'none') {
// check to see if user is an admin or higher for at least one org
let userAdmin
try {
userAdmin = await query`
WITH users, affiliations
FOR v, e IN 1..1 INBOUND ${user._id} affiliations
FILTER e.permission IN ["admin", "owner", "super_admin"]
LIMIT 1
RETURN e.permission
`
} catch (err) {
console.error(`Database error occurred when user: ${userKey} was seeing if they were an admin, err: ${err}`)
throw new Error(i18n._(t`Unable to verify if user is an admin, please try again.`))
}
if (userAdmin.count > 0) {
console.error(
`User: ${userKey} attempted to remove MFA, however they are an admin of at least one organization.`,
)
return {
_type: 'error',
code: 403,
description: i18n._(t`Permission Denied: Multi-factor authentication is required for admin accounts`),
}
}
}
let tfaSendMethod
if (subTfaSendMethod === 'phone' && user.phoneValidated) {
tfaSendMethod = 'phone'
} else if (subTfaSendMethod === 'email' && user.emailValidated) {
tfaSendMethod = 'email'
} else if (subTfaSendMethod === 'none' || typeof user.tfaSendMethod === 'undefined') {
tfaSendMethod = 'none'
} else {
tfaSendMethod = user.tfaSendMethod
}
let changedUserName = false
if (userName !== user.userName && userName !== '') {
changedUserName = true
}
// Create object containing updated data expect username. Username is handled separately for verification.
const updatedUser = {
displayName: displayName || user.displayName,
tfaSendMethod: tfaSendMethod,
insideUser: typeof insideUserBool !== 'undefined' ? insideUserBool : user?.insideUser,
emailUpdateOptions: typeof emailUpdateOptions !== 'undefined' ? emailUpdateOptions : user?.emailUpdateOptions,
}
// Setup Transaction
const trx = await transaction(collections)
try {
await trx.step(
() => query`
WITH users
UPSERT { _key: ${user._key} }
INSERT ${updatedUser}
UPDATE ${updatedUser}
IN users
`,
)
} catch (err) {
console.error(`Trx step error occurred when user: ${userKey} attempted to update their profile: ${err}`)
await trx.abort()
throw new Error(i18n._(t`Unable to update profile. Please try again.`))
}
try {
await trx.commit()
} catch (err) {
console.error(`Trx commit error occurred when user: ${userKey} attempted to update their profile: ${err}`)
await trx.abort()
throw new Error(i18n._(t`Unable to update profile. Please try again.`))
}
await loadUserByKey.clear(user._key)
const returnUser = await loadUserByKey.load(userKey)
if (changedUserName) {
const token = tokenize({
expiresIn: AUTH_TOKEN_EXPIRY,
parameters: { userKey: returnUser._key, userName: userName },
secret: String(AUTHENTICATED_KEY),
})
const verifyUrl = `https://${request.get('host')}/validate/${token}`
await sendVerificationEmail({
userName: userName,
displayName: returnUser.displayName,
verifyUrl: verifyUrl,
userKey: returnUser._key,
})
}
console.info(`User: ${userKey} successfully updated their profile.`)
return {
_type: 'success',
status: i18n._(t`Profile successfully updated.`),
user: returnUser,
}
},
})