From 5b73446eca299a25ec8a3863ee31aa28d2d370b4 Mon Sep 17 00:00:00 2001 From: alex Date: Mon, 1 Apr 2024 15:09:52 +0200 Subject: [PATCH] rm init password --- src/controllers/calendarController.ts | 16 +++++- src/controllers/userController.ts | 6 +++ src/controllers/usersController.ts | 75 +++++++++++++-------------- src/middleware/authMiddleware.ts | 5 ++ src/utils/terminPlaner.ts | 21 +++++--- 5 files changed, 74 insertions(+), 49 deletions(-) diff --git a/src/controllers/calendarController.ts b/src/controllers/calendarController.ts index ce7b17a..3961eaa 100644 --- a/src/controllers/calendarController.ts +++ b/src/controllers/calendarController.ts @@ -25,6 +25,18 @@ export async function GetStoreId(req: Request, res: Response) { // check if user has a store + const user = await User.findOne({ + where: { + user_id: userSession.user_id, + }, + attributes: ["store_id"], + }); + + if (!user) { + return res.status(401).send({ err: "unauthorized" }); + } + + /* const store = await Store.findOne({ where: { owner_user_id: userSession.user_id, @@ -34,9 +46,9 @@ export async function GetStoreId(req: Request, res: Response) { if (!store) { return res.status(401).send({ err: "unauthorized" }); - } + } */ - res.status(200).send({ storeId: store.store_id }); + res.status(200).send({ storeId: user.store_id }); } catch (error) { logger.error("GetStoreId error:", error as string); res.status(500).send({ err: "invalid request" }); diff --git a/src/controllers/userController.ts b/src/controllers/userController.ts index 821ddfb..3d3435a 100644 --- a/src/controllers/userController.ts +++ b/src/controllers/userController.ts @@ -214,12 +214,14 @@ export async function Login(req: Request, res: Response) { // validate request if (!email) { + logger.error("Login err: invalid request"); return res.status(400).send({ err: "invalid request" }); } email = email.toLowerCase(); if (!(await isEmailValid(email, false))) { + logger.error("Login err: invalid email"); return res.status(400).send({ err: "invalid request" }); } @@ -232,6 +234,7 @@ export async function Login(req: Request, res: Response) { }); if (!user) { + logger.error("Login err: user not found"); return res.status(400).send({ err: "invalid request" }); } @@ -282,6 +285,7 @@ export async function Login(req: Request, res: Response) { ); if (!recaptchaValid) { + logger.error("Login err: invalid recaptcha"); return res.status(400).send({ err: "invalid request" }); } @@ -290,6 +294,7 @@ export async function Login(req: Request, res: Response) { const decodedPassword = decodeBase64(password); if (!isPasswordValid(decodedPassword)) { + logger.error("Login err: invalid password"); return res.status(400).send({ err: "invalid request" }); } @@ -308,6 +313,7 @@ export async function Login(req: Request, res: Response) { const match = await matchPassword(decodedPassword, user.password); if (!match) { + logger.error("Login err: password mismatch"); return res.status(400).send({ err: "invalid request" }); } } diff --git a/src/controllers/usersController.ts b/src/controllers/usersController.ts index 23ed9c4..faee361 100644 --- a/src/controllers/usersController.ts +++ b/src/controllers/usersController.ts @@ -38,7 +38,7 @@ export async function AddEmployee(req: Request, res: Response) { calendarMaxFutureBookingDays, calendarMinEarliestBookingTime, language, - passwordSetOnInitLogging, + //passwordSetOnInitLogging, } = req.body; // validate request @@ -46,8 +46,8 @@ export async function AddEmployee(req: Request, res: Response) { if ( !storeId || !username || - passwordSetOnInitLogging === undefined || - (!password && passwordSetOnInitLogging === false) || + // passwordSetOnInitLogging === undefined || + !password /*&& passwordSetOnInitLogging === false*/ || !language || !isLanguageCodeValid(language) ) { @@ -147,44 +147,45 @@ export async function AddEmployee(req: Request, res: Response) { calendar_min_earliest_booking_time: calendarMinEarliestBookingTime, language: language, analytics_enabled: USER_ANALYTICS_ENABLED_DEFAULT, - state: passwordSetOnInitLogging + state: + /*passwordSetOnInitLogging ? ACCOUNT_STATE.INIT_LOGIN - : ACCOUNT_STATE.ACTIVE, + : */ ACCOUNT_STATE.ACTIVE, payment_plan: storeOwner.payment_plan, }; - if (!passwordSetOnInitLogging) { - // decode password + // if (!passwordSetOnInitLogging) { + // decode password - const decodedPassword = decodeBase64(password); + const decodedPassword = decodeBase64(password); - if (!isPasswordValid(decodedPassword)) { - return res.status(400).send({ err: "invalid request" }); - } - - // hash password - - const hashedPassword = await hashPassword(decodedPassword); - - newUser = { - ...newUser, - password: hashedPassword, - } as { - user_id: string; - store_id: any; - role: string; - email: any; - username: any; - calendar_max_future_booking_days: any; - calendar_min_earliest_booking_time: any; - language: any; - analytics_enabled: boolean; - password: string; - state: number; - payment_plan: number; - }; + if (!isPasswordValid(decodedPassword)) { + return res.status(400).send({ err: "invalid request" }); } + // hash password + + const hashedPassword = await hashPassword(decodedPassword); + + newUser = { + ...newUser, + password: hashedPassword, + } as { + user_id: string; + store_id: any; + role: string; + email: any; + username: any; + calendar_max_future_booking_days: any; + calendar_min_earliest_booking_time: any; + language: any; + analytics_enabled: boolean; + password: string; + state: number; + payment_plan: number; + }; + // } + await User.create(newUser); const googleCalendarConnected = await isTerminPlanerGoogleCalendarConnected( @@ -203,9 +204,7 @@ export async function AddEmployee(req: Request, res: Response) { "Added employee with email:", email, "username:", - username, - "passwordSetOnInitLogging:", - passwordSetOnInitLogging + username ); return res.status(200).send({ msg: "success" }); @@ -228,9 +227,7 @@ export async function AddEmployee(req: Request, res: Response) { "Added employee with email:", email, "username:", - username, - "passwordSetOnInitLogging:", - passwordSetOnInitLogging + username ); res.status(200).send({ msg: "success" }); diff --git a/src/middleware/authMiddleware.ts b/src/middleware/authMiddleware.ts index 4b7b535..6c735c9 100644 --- a/src/middleware/authMiddleware.ts +++ b/src/middleware/authMiddleware.ts @@ -14,6 +14,8 @@ export async function sessionProtection(req: Request, res: any, next: any) { // check if session is expired if (session.expires < new Date()) { + userLogger.info(session.user_id, "GetUser logout due to expired session"); + return res.status(401).send({ err: "unauthorized" }); } @@ -26,6 +28,8 @@ export async function sessionProtection(req: Request, res: any, next: any) { }); if (!user) { + userLogger.info(session.user_id, "GetUser logout due to missing user"); + return res.status(401).send({ err: "unauthorized" }); } @@ -35,6 +39,7 @@ export async function sessionProtection(req: Request, res: any, next: any) { "GetUser logout due to account state", user.state.toString() ); + return res.status(401).send({ err: "unauthorized" }); } diff --git a/src/utils/terminPlaner.ts b/src/utils/terminPlaner.ts index 6a159f8..1a1fcc4 100644 --- a/src/utils/terminPlaner.ts +++ b/src/utils/terminPlaner.ts @@ -8,14 +8,19 @@ export async function terminPlanerRequest( method: string, body: any ) { - return await axios({ - url: `${TERMIN_PLANNER_URL}${url}`, - method: method, - data: { - ...body, - pass: process.env.TERMIN_PLANNER_AUTHORIZATION_PASSWORD as string, - }, - }); + try { + return await axios({ + url: `${TERMIN_PLANNER_URL}${url}`, + method: method, + data: { + ...body, + pass: process.env.TERMIN_PLANNER_AUTHORIZATION_PASSWORD as string, + }, + }); + } catch (error) { + logger.error("terminPlanerRequest err:", error as string); + return null; + } } // check if user has connected with google calendar