rm init password

2024-04-01 15:09:52 +02:00 · 2024-04-01 15:09:52 +02:00 · 5b73446eca
parent 4924438698
commit 5b73446eca
5 changed files with 74 additions and 49 deletions
--- a/src/controllers/calendarController.ts
+++ b/src/controllers/calendarController.ts
@ -25,6 +25,18 @@ export async function GetStoreId(req: Request, res: Response) {

    // check if user has a store

+    const user = await User.findOne({
+      where: {
+        user_id: userSession.user_id,
+      },
+      attributes: ["store_id"],
+    });
+
+    if (!user) {
+      return res.status(401).send({ err: "unauthorized" });
+    }
+
+    /*
    const store = await Store.findOne({
      where: {
        owner_user_id: userSession.user_id,
@ -34,9 +46,9 @@ export async function GetStoreId(req: Request, res: Response) {

    if (!store) {
      return res.status(401).send({ err: "unauthorized" });
-    }
+    } */

-    res.status(200).send({ storeId: store.store_id });
+    res.status(200).send({ storeId: user.store_id });
  } catch (error) {
    logger.error("GetStoreId error:", error as string);
    res.status(500).send({ err: "invalid request" });
--- a/src/controllers/userController.ts
+++ b/src/controllers/userController.ts
@ -214,12 +214,14 @@ export async function Login(req: Request, res: Response) {
    // validate request

    if (!email) {
+      logger.error("Login err: invalid request");
      return res.status(400).send({ err: "invalid request" });
    }

    email = email.toLowerCase();

    if (!(await isEmailValid(email, false))) {
+      logger.error("Login err: invalid email");
      return res.status(400).send({ err: "invalid request" });
    }

@ -232,6 +234,7 @@ export async function Login(req: Request, res: Response) {
    });

    if (!user) {
+      logger.error("Login err: user not found");
      return res.status(400).send({ err: "invalid request" });
    }

@ -282,6 +285,7 @@ export async function Login(req: Request, res: Response) {
    );

    if (!recaptchaValid) {
+      logger.error("Login err: invalid recaptcha");
      return res.status(400).send({ err: "invalid request" });
    }

@ -290,6 +294,7 @@ export async function Login(req: Request, res: Response) {
    const decodedPassword = decodeBase64(password);

    if (!isPasswordValid(decodedPassword)) {
+      logger.error("Login err: invalid password");
      return res.status(400).send({ err: "invalid request" });
    }

@ -308,6 +313,7 @@ export async function Login(req: Request, res: Response) {
      const match = await matchPassword(decodedPassword, user.password);

      if (!match) {
+        logger.error("Login err: password mismatch");
        return res.status(400).send({ err: "invalid request" });
      }
    }
--- a/src/controllers/usersController.ts
+++ b/src/controllers/usersController.ts
@ -38,7 +38,7 @@ export async function AddEmployee(req: Request, res: Response) {
      calendarMaxFutureBookingDays,
      calendarMinEarliestBookingTime,
      language,
-      passwordSetOnInitLogging,
+      //passwordSetOnInitLogging,
    } = req.body;

    // validate request
@ -46,8 +46,8 @@ export async function AddEmployee(req: Request, res: Response) {
    if (
      !storeId ||
      !username ||
-      passwordSetOnInitLogging === undefined ||
-      (!password && passwordSetOnInitLogging === false) ||
+      // passwordSetOnInitLogging === undefined ||
+      !password /*&& passwordSetOnInitLogging === false*/ ||
      !language ||
      !isLanguageCodeValid(language)
    ) {
@ -147,44 +147,45 @@ export async function AddEmployee(req: Request, res: Response) {
      calendar_min_earliest_booking_time: calendarMinEarliestBookingTime,
      language: language,
      analytics_enabled: USER_ANALYTICS_ENABLED_DEFAULT,
-      state: passwordSetOnInitLogging
+      state:
+        /*passwordSetOnInitLogging
        ? ACCOUNT_STATE.INIT_LOGIN
-        : ACCOUNT_STATE.ACTIVE,
+        : */ ACCOUNT_STATE.ACTIVE,
      payment_plan: storeOwner.payment_plan,
    };

-    if (!passwordSetOnInitLogging) {
-      // decode password
+    // if (!passwordSetOnInitLogging) {
+    // decode password

-      const decodedPassword = decodeBase64(password);
+    const decodedPassword = decodeBase64(password);

-      if (!isPasswordValid(decodedPassword)) {
-        return res.status(400).send({ err: "invalid request" });
-      }
-
-      // hash password
-
-      const hashedPassword = await hashPassword(decodedPassword);
-
-      newUser = {
-        ...newUser,
-        password: hashedPassword,
-      } as {
-        user_id: string;
-        store_id: any;
-        role: string;
-        email: any;
-        username: any;
-        calendar_max_future_booking_days: any;
-        calendar_min_earliest_booking_time: any;
-        language: any;
-        analytics_enabled: boolean;
-        password: string;
-        state: number;
-        payment_plan: number;
-      };
+    if (!isPasswordValid(decodedPassword)) {
+      return res.status(400).send({ err: "invalid request" });
    }

+    // hash password
+
+    const hashedPassword = await hashPassword(decodedPassword);
+
+    newUser = {
+      ...newUser,
+      password: hashedPassword,
+    } as {
+      user_id: string;
+      store_id: any;
+      role: string;
+      email: any;
+      username: any;
+      calendar_max_future_booking_days: any;
+      calendar_min_earliest_booking_time: any;
+      language: any;
+      analytics_enabled: boolean;
+      password: string;
+      state: number;
+      payment_plan: number;
+    };
+    // }
+
    await User.create(newUser);

    const googleCalendarConnected = await isTerminPlanerGoogleCalendarConnected(
@ -203,9 +204,7 @@ export async function AddEmployee(req: Request, res: Response) {
          "Added employee with email:",
          email,
          "username:",
-          username,
-          "passwordSetOnInitLogging:",
-          passwordSetOnInitLogging
+          username
        );

        return res.status(200).send({ msg: "success" });
@ -228,9 +227,7 @@ export async function AddEmployee(req: Request, res: Response) {
      "Added employee with email:",
      email,
      "username:",
-      username,
-      "passwordSetOnInitLogging:",
-      passwordSetOnInitLogging
+      username
    );

    res.status(200).send({ msg: "success" });
--- a/src/middleware/authMiddleware.ts
+++ b/src/middleware/authMiddleware.ts
@ -14,6 +14,8 @@ export async function sessionProtection(req: Request, res: any, next: any) {
  // check if session is expired

  if (session.expires < new Date()) {
+    userLogger.info(session.user_id, "GetUser logout due to expired session");
+
    return res.status(401).send({ err: "unauthorized" });
  }

@ -26,6 +28,8 @@ export async function sessionProtection(req: Request, res: any, next: any) {
  });

  if (!user) {
+    userLogger.info(session.user_id, "GetUser logout due to missing user");
+
    return res.status(401).send({ err: "unauthorized" });
  }

@ -35,6 +39,7 @@ export async function sessionProtection(req: Request, res: any, next: any) {
      "GetUser logout due to account state",
      user.state.toString()
    );
+
    return res.status(401).send({ err: "unauthorized" });
  }

--- a/src/utils/terminPlaner.ts
+++ b/src/utils/terminPlaner.ts
@ -8,14 +8,19 @@ export async function terminPlanerRequest(
  method: string,
  body: any
 ) {
-  return await axios({
-    url: `${TERMIN_PLANNER_URL}${url}`,
-    method: method,
-    data: {
-      ...body,
-      pass: process.env.TERMIN_PLANNER_AUTHORIZATION_PASSWORD as string,
-    },
-  });
+  try {
+    return await axios({
+      url: `${TERMIN_PLANNER_URL}${url}`,
+      method: method,
+      data: {
+        ...body,
+        pass: process.env.TERMIN_PLANNER_AUTHORIZATION_PASSWORD as string,
+      },
+    });
+  } catch (error) {
+    logger.error("terminPlanerRequest err:", error as string);
+    return null;
+  }
 }

 // check if user has connected with google calendar