change email

2024-02-11 23:38:22 +01:00 · 2024-02-11 23:38:22 +01:00 · 351d14c2fc
parent 5bbcab9fb2
commit 351d14c2fc
7 changed files with 243 additions and 34 deletions
--- a/src/controllers/userController.ts
+++ b/src/controllers/userController.ts
@ -40,6 +40,7 @@ import fs from "fs-extra";
 import rabbitmq from "../rabbitmq/rabbitmq";
 import verifyCaptcha from "../utils/recaptcha";
 import EmailVerification from "../models/emailVerification";
 import UserPendingEmailChange from "../models/userPendingEmailChange";
 export async function SignUp(req: Request, res: Response) {
  try {
@ -63,7 +64,7 @@ export async function SignUp(req: Request, res: Response) {
      !language ||
      !isCompanyNameValid(companyName) ||
      !isUsernameValid(username) ||
-      !isEmailValid(email) ||
+      !(await isEmailValid(email)) ||
      !isLanguageCodeValid(language) ||
      rememberMe === undefined ||
      !recaptcha
@ -135,10 +136,7 @@ export async function SignUp(req: Request, res: Response) {
    });
    rabbitmq.sendEmail(email, "dashboardSignUpEmailVerification", language, {
-      emailVerificationUrl: getEmailVerificationUrl(
+      emailVerificationUrl: getEmailVerificationUrl(state, emailVerificationId),
        String(state),
        emailVerificationId
      ),
    });
    // create user
@ -175,7 +173,7 @@ export async function Login(req: Request, res: Response) {
    email = email.toLowerCase();
-    if (!isEmailValid(email)) {
+    if (!(await isEmailValid(email, false))) {
      return res.status(400).send({ err: "invalid request" });
    }
@ -423,7 +421,7 @@ export async function IsEmailAvailable(req: Request, res: Response) {
    email = email.toLowerCase();
-    if (!isEmailValid(email)) {
+    if (!(await isEmailValid(email))) {
      return res.status(400).send({ err: "invalid request" });
    }
@ -470,9 +468,9 @@ export async function GetUserProfileSettings(req: Request, res: Response) {
 export async function UpdateUserProfileSettings(req: Request, res: Response) {
  try {
-    const { language, analyticsEnabled, username, email } = req.body;
+    const { language, analyticsEnabled, username } = req.body;
-    if (!language && analyticsEnabled === undefined && !username && !email) {
+    if (!language && analyticsEnabled === undefined && !username) {
      return res.status(400).send({ err: "invalid request" });
    }
@ -508,14 +506,6 @@ export async function UpdateUserProfileSettings(req: Request, res: Response) {
      user.username = username;
    }
    if (email) {
      if (!isEmailValid(email)) {
        return res.status(400).send({ err: "invalid request" });
      }
      user.email = email;
    }
    await user.save();
    res.status(200).send({ msg: "user profile settings updated" });
@ -740,7 +730,7 @@ export async function ExportUserAccount(req: Request, res: Response) {
    if (
      !email ||
      !password ||
-      !isEmailValid(email) ||
+      !(await isEmailValid(email)) ||
      !isPasswordValid(password)
    ) {
      return res.status(400).send({ err: "invalid request" });
@ -882,6 +872,85 @@ export async function VerifyEmail(req: Request, res: Response) {
      res.status(200).send({ msg: "email verified" });
      return;
    } else if (
      emailVerification.state ===
      EMAIL_VERIFICATION_STATE.PENDING_USER_PROFILE_EMAIL_CHANGE_VERIFICATION
    ) {
      const { password } = req.body;
      if (!password) {
        return res.status(200).send({ status: "actionRequired" });
      }
      const user = await User.findOne({
        where: {
          user_id: emailVerification.user_id,
        },
        attributes: ["password"],
      });
      if (!user) {
        return res.status(401).send({ err: "unauthorized" });
      }
      const decodedPassword = decodeBase64(password);
      const match = await matchPassword(decodedPassword, user.password);
      if (!match) {
        return res.status(400).send({ err: "invalid request" });
      }
      // update user email
      const userPendingEmailChange = await UserPendingEmailChange.findOne({
        where: {
          email_verification_id: emailVerificationId,
        },
        attributes: ["new_email"],
      });
      if (!userPendingEmailChange) {
        return res.status(400).send({ err: "invalid request" });
      }
      // update user email
      await User.update(
        {
          email: userPendingEmailChange.new_email,
        },
        {
          where: {
            user_id: emailVerification.user_id,
          },
        }
      );
      // delete email verification and user pending email change
      await EmailVerification.destroy({
        where: {
          email_verification_id: emailVerificationId,
        },
      });
      await UserPendingEmailChange.destroy({
        where: {
          email_verification_id: emailVerificationId,
        },
      });
      // delete all sessions of this user by deleting all sessions with this user_id
      await Session.destroy({
        where: {
          user_id: emailVerification.user_id,
        },
      });
      res.status(200).send({ msg: "email changed" });
      return;
    }
    res.status(400).send({ err: "invalid request" });
@ -890,3 +959,65 @@ export async function VerifyEmail(req: Request, res: Response) {
    res.status(500).send({ err: "invalid request" });
  }
 }
 export async function UpdateUserProfileEmail(req: Request, res: Response) {
  try {
    let { email } = req.body;
    if (!email || !(await isEmailValid(email))) {
      return res.status(400).send({ err: "invalid request" });
    }
    email = email.toLowerCase();
    const session = await getUserSession(req);
    if (!session) {
      return res.status(401).send({ err: "unauthorized" });
    }
    const user = await User.findOne({
      where: {
        user_id: session.user_id,
      },
      attributes: ["language"],
    });
    if (!user) {
      return res.status(401).send({ err: "unauthorized" });
    }
    const emailVerificationId = newEmailVerificationId();
    const state =
      EMAIL_VERIFICATION_STATE.PENDING_USER_PROFILE_EMAIL_CHANGE_VERIFICATION;
    await EmailVerification.create({
      email_verification_id: emailVerificationId,
      user_id: session.user_id,
      state: state,
    });
    await UserPendingEmailChange.create({
      email_verification_id: emailVerificationId,
      user_id: session.user_id,
      new_email: email,
    });
    rabbitmq.sendEmail(
      email,
      "dashboardUserProfileChangeToNewEmailVerification",
      user.language,
      {
        emailVerificationUrl: getEmailVerificationUrl(
          state,
          emailVerificationId
        ),
      }
    );
    res.status(200).send({ msg: "user email updated" });
  } catch (error) {
    logger.error(error);
    res.status(500).send({ err: "invalid request" });
  }
 }
--- a/src/models/index.ts
+++ b/src/models/index.ts
@ -6,6 +6,7 @@ import StoreService from "./storeService";
 import StoreServiceActivity from "./storeServiceActivity";
 import StoreServiceActivityUsers from "./storeServiceActivityUsers";
 import User from "./user";
 import UserPendingEmailChange from "./userPendingEmailChange";
 function syncModels() {
  EmailVerification.sync();
@ -16,6 +17,7 @@ function syncModels() {
  StoreServiceActivity.sync();
  StoreServiceActivityUsers.sync();
  Feedback.sync();
  UserPendingEmailChange.sync();
  // UserGoogleTokens.sync(); not needed as it is created by the calendar backend
 }
--- a/src/models/userPendingEmailChange.ts
+++ b/src/models/userPendingEmailChange.ts
@ -0,0 +1,44 @@
 import { DataTypes, Model } from "sequelize";
 import sequelize from "../database/database";
 interface UserPendingEmailChangeAttributes {
  email_verification_id: string; // code that is sent to the user's email
  user_id: string;
  new_email: string;
 }
 class UserPendingEmailChange
  extends Model<UserPendingEmailChangeAttributes>
  implements UserPendingEmailChangeAttributes
 {
  declare email_verification_id: string;
  declare user_id: string;
  declare new_email: string;
 }
 UserPendingEmailChange.init(
  {
    // Model attributes are defined here
    email_verification_id: {
      primaryKey: true,
      type: DataTypes.STRING,
      allowNull: false,
    },
    user_id: {
      type: DataTypes.STRING,
      allowNull: false,
    },
    new_email: {
      type: DataTypes.STRING,
      allowNull: false,
    },
  },
  {
    tableName: "user_pending_email_change",
    sequelize, // passing the `sequelize` instance is required
    createdAt: "created_at",
    updatedAt: "updated_at",
  }
 );
 export default UserPendingEmailChange;
--- a/src/routes/userRoutes.ts
+++ b/src/routes/userRoutes.ts
@ -24,6 +24,11 @@ router.post(
  sessionProtection,
  userController.UpdateUserProfilePassword
 );
 router.post(
  "/profile/email",
  sessionProtection,
  userController.UpdateUserProfileEmail
 );
 router.get(
  "/profile/sessions",
  sessionProtection,
@ -45,6 +50,6 @@ router.post(
  userController.ExportUserAccount
 );
 router.get("/profile/export/:id", userController.GetExportedUserAccount);
-router.get("/verify/:state/:emailVerificationId", userController.VerifyEmail);
+router.post("/verify/:state/:emailVerificationId", userController.VerifyEmail);
 export default router;
--- a/src/utils/constants.ts
+++ b/src/utils/constants.ts
@ -74,6 +74,7 @@ export const ACCOUNT_DEMO_DAYS = Number(
 export enum EMAIL_VERIFICATION_STATE {
  PENDING_EMAIL_VERIFICATION = 0, // account is created but email is not verified yet
  PENDING_USER_PROFILE_EMAIL_CHANGE_VERIFICATION = 1, // user wants to change email, new email is not verified yet
 }
 export const DASHBOARD_URL = process.env.DASHBOARD_URL as string;
--- a/src/utils/utils.ts
+++ b/src/utils/utils.ts
@ -110,8 +110,8 @@ export async function getUserSession(req: Request) {
 }
 export function getEmailVerificationUrl(
-  state: string,
+  state: number,
  emailVerificationId: string
 ) {
-  return `${DASHBOARD_URL}/verify/${state}/${emailVerificationId}`;
+  return `${DASHBOARD_URL}/verify/${String(state)}/${emailVerificationId}`;
 }
--- a/src/validator/validator.ts
+++ b/src/validator/validator.ts
@ -26,6 +26,7 @@ import {
  CALENDAR_MAX_EARLIEST_BOOKING_TIME,
 } from "../utils/constants";
 import User from "../models/user";
 import UserPendingEmailChange from "../models/userPendingEmailChange";
 // TODO: regex for username
 export function isUsernameValid(username: string) {
@ -35,8 +36,10 @@ export function isUsernameValid(username: string) {
  );
 }
-// TODO: regex for email
+export async function isEmailValid(
-export async function isEmailValid(email: string) {
+  email: string,
  checkDatabase: boolean = true
 ) {
  if (
    email.length < EMAIL_MIN_LENGTH ||
    email.length > EMAIL_MAX_LENGTH ||
@ -45,19 +48,42 @@ export async function isEmailValid(email: string) {
    return false;
  }
-  // check if email is already taken in the database
+  if (!checkDatabase) {
-
+    return true;
  const existingUser = await User.findOne({
    where: {
      email: email,
    },
  });
  if (existingUser) {
    return false;
  }
-  return true;
+  try {
    // check if email is already taken in the database
    const existingUser = await User.findOne({
      where: {
        email: email,
      },
    });
    if (existingUser !== null) {
      console.log("existingUser");
      return false;
    }
    // check if email is already taken in the pending email change table
    const existingPendingEmailChange = await UserPendingEmailChange.findOne({
      where: {
        new_email: email,
      },
    });
    if (existingPendingEmailChange !== null) {
      console.log("existingPendingEmailChange");
      return false;
    }
    return true;
  } catch (err) {
    console.warn(err);
    return false;
  }
 }
 // TODO: regex for password