outline/server/models/User.js

// @flow
import crypto from 'crypto';
import uuid from 'uuid';
import JWT from 'jsonwebtoken';
import subMinutes from 'date-fns/sub_minutes';
import { DataTypes, sequelize, encryptedFields } from '../sequelize';
import { publicS3Endpoint, uploadToS3FromUrl } from '../utils/s3';
import { sendEmail } from '../mailer';
import { Star, Team, Collection, NotificationSetting, ApiKey } from '.';

const User = sequelize.define(
  'user',
  {
    id: {
      type: DataTypes.UUID,
      defaultValue: DataTypes.UUIDV4,
      primaryKey: true,
    },
    email: { type: DataTypes.STRING },
    username: { type: DataTypes.STRING },
    name: DataTypes.STRING,
    avatarUrl: { type: DataTypes.STRING, allowNull: true },
    isAdmin: DataTypes.BOOLEAN,
    service: { type: DataTypes.STRING, allowNull: true },
    serviceId: { type: DataTypes.STRING, allowNull: true, unique: true },
    slackData: DataTypes.JSONB,
    jwtSecret: encryptedFields.vault('jwtSecret'),
    lastActiveAt: DataTypes.DATE,
    lastActiveIp: { type: DataTypes.STRING, allowNull: true },
    lastSignedInAt: DataTypes.DATE,
    lastSignedInIp: { type: DataTypes.STRING, allowNull: true },
    suspendedAt: DataTypes.DATE,
    suspendedById: DataTypes.UUID,
  },
  {
    paranoid: true,
    getterMethods: {
      isSuspended() {
        return !!this.suspendedAt;
      },
    },
  }
);

// Class methods
User.associate = models => {
  User.hasMany(models.ApiKey, { as: 'apiKeys', onDelete: 'cascade' });
  User.hasMany(models.NotificationSetting, {
    as: 'notificationSettings',
    onDelete: 'cascade',
  });
  User.hasMany(models.Document, { as: 'documents' });
  User.hasMany(models.View, { as: 'views' });
};

// Instance methods
User.prototype.collectionIds = async function() {
  let models = await Collection.findAll({
    attributes: ['id', 'private'],
    where: { teamId: this.teamId },
    include: [
      {
        model: User,
        through: 'collection_users',
        as: 'users',
        where: { id: this.id },
        required: false,
      },
    ],
  });

  // Filter collections that are private and don't have an association
  return models.filter(c => !c.private || c.users.length).map(c => c.id);
};

User.prototype.updateActiveAt = function(ip) {
  const fiveMinutesAgo = subMinutes(new Date(), 5);

  // ensure this is updated only every few minutes otherwise
  // we'll be constantly writing to the DB as API requests happen
  if (this.lastActiveAt < fiveMinutesAgo) {
    this.lastActiveAt = new Date();
    this.lastActiveIp = ip;
    return this.save({ hooks: false });
  }
};

User.prototype.updateSignedIn = function(ip) {
  this.lastSignedInAt = new Date();
  this.lastSignedInIp = ip;
  return this.save({ hooks: false });
};

User.prototype.getJwtToken = function() {
  return JWT.sign({ id: this.id }, this.jwtSecret);
};

const uploadAvatar = async model => {
  const endpoint = publicS3Endpoint();

  if (model.avatarUrl && !model.avatarUrl.startsWith(endpoint)) {
    const newUrl = await uploadToS3FromUrl(
      model.avatarUrl,
      `avatars/${model.id}/${uuid.v4()}`
    );
    if (newUrl) model.avatarUrl = newUrl;
  }
};

const setRandomJwtSecret = model => {
  model.jwtSecret = crypto.randomBytes(64).toString('hex');
};

const removeIdentifyingInfo = async (model, options) => {
  await NotificationSetting.destroy({
    where: { userId: model.id },
    transaction: options.transaction,
  });
  await ApiKey.destroy({
    where: { userId: model.id },
    transaction: options.transaction,
  });
  await Star.destroy({
    where: { userId: model.id },
    transaction: options.transaction,
  });

  model.email = '';
  model.name = 'Unknown';
  model.avatarUrl = '';
  model.serviceId = null;
  model.username = null;
  model.slackData = null;
  model.lastActiveIp = null;
  model.lastSignedInIp = null;

  // this shouldn't be needed once this issue is resolved:
  // https://github.com/sequelize/sequelize/issues/9318
  await model.save({ hooks: false, transaction: options.transaction });
};

const checkLastAdmin = async model => {
  const teamId = model.teamId;

  if (model.isAdmin) {
    const userCount = await User.count({ where: { teamId } });
    const adminCount = await User.count({ where: { isAdmin: true, teamId } });

    if (userCount > 1 && adminCount <= 1) {
      throw new Error(
        'Cannot delete account as only admin. Please transfer admin permissions to another user and try again.'
      );
    }
  }
};

User.beforeDestroy(checkLastAdmin);
User.beforeDestroy(removeIdentifyingInfo);
User.beforeSave(uploadAvatar);
User.beforeCreate(setRandomJwtSecret);
User.afterCreate(async user => {
  const team = await Team.findByPk(user.teamId);

  // From Slack support:
  // If you wish to contact users at an email address obtained through Slack,
  // you need them to opt-in through a clear and separate process.
  if (!team.slackId) {
    sendEmail('welcome', user.email, { teamUrl: team.url });
  }
});

// By default when a user signs up we subscribe them to email notifications
// when documents they created are edited by other team members and onboarding
User.afterCreate(async (user, options) => {
  await NotificationSetting.findOrCreate({
    where: {
      userId: user.id,
      teamId: user.teamId,
      event: 'documents.update',
    },
    transaction: options.transaction,
  });
  await NotificationSetting.findOrCreate({
    where: {
      userId: user.id,
      teamId: user.teamId,
      event: 'emails.onboarding',
    },
    transaction: options.transaction,
  });
});

export default User;
Upgrade sequelize and remove unique email constraints 2017-07-12 07:28:18 +00:00			`// @flow`
Refactor 2016-04-29 05:25:37 +00:00			`import crypto from 'crypto';`
review comments 2017-10-20 06:30:31 +00:00			`import uuid from 'uuid';`
Unfurling of Slack links (#487) * First pass: Unfurling of Slack links * Add authentication in db * Call associate on Event correctly * Add SLACK_APP_ID, remove SLACK_REDIRECT_URI, tidy env sample * PR feedback * Comment clarify 2017-12-19 03:59:29 +00:00			`import JWT from 'jsonwebtoken';`
Track recently active and signin times (#663) * Track recently active and signin times * Trust proxy headers in production 2018-06-05 02:07:56 +00:00			`import subMinutes from 'date-fns/sub_minutes';`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`import { DataTypes, sequelize, encryptedFields } from '../sequelize';`
Save avatars to le cloud in beforeSave hooks Added encryption to uploads Updated icon for team settings 2018-06-01 22:00:48 +00:00			`import { publicS3Endpoint, uploadToS3FromUrl } from '../utils/s3';`
Added task queue for emails 2017-12-19 04:47:48 +00:00			`import { sendEmail } from '../mailer';`
Fixes: Welcome email dashboard location (#886) * Fixes: Welcome email dashboard location Updated logo in email * :green_heart: 2019-01-27 12:30:53 +00:00			`import { Star, Team, Collection, NotificationSetting, ApiKey } from '.';`
Refactor 2016-04-29 05:25:37 +00:00
[chore] added prettier 2017-04-27 04:47:03 +00:00			`const User = sequelize.define(`
			`'user',`
			`{`
			`id: {`
			`type: DataTypes.UUID,`
			`defaultValue: DataTypes.UUIDV4,`
			`primaryKey: true,`
Refactor 2016-04-29 05:25:37 +00:00			`},`
Upgrade sequelize and remove unique email constraints 2017-07-12 07:28:18 +00:00			`email: { type: DataTypes.STRING },`
			`username: { type: DataTypes.STRING },`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`name: DataTypes.STRING,`
Upload avatar to s3 on login 2017-10-19 07:49:22 +00:00			`avatarUrl: { type: DataTypes.STRING, allowNull: true },`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`isAdmin: DataTypes.BOOLEAN,`
User model cleanup 2018-06-04 19:08:29 +00:00			`service: { type: DataTypes.STRING, allowNull: true },`
DB migrations Google button 2018-05-29 03:31:53 +00:00			`serviceId: { type: DataTypes.STRING, allowNull: true, unique: true },`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`slackData: DataTypes.JSONB,`
			`jwtSecret: encryptedFields.vault('jwtSecret'),`
Track recently active and signin times (#663) * Track recently active and signin times * Trust proxy headers in production 2018-06-05 02:07:56 +00:00			`lastActiveAt: DataTypes.DATE,`
Wiping more information Ensuring documents and collections created by user still load 2018-07-11 02:47:15 +00:00			`lastActiveIp: { type: DataTypes.STRING, allowNull: true },`
Track recently active and signin times (#663) * Track recently active and signin times * Trust proxy headers in production 2018-06-05 02:07:56 +00:00			`lastSignedInAt: DataTypes.DATE,`
Allow more than one user to be deleted 😂 2018-07-11 03:44:59 +00:00			`lastSignedInIp: { type: DataTypes.STRING, allowNull: true },`
Backend support 2018-03-04 23:38:51 +00:00			`suspendedAt: DataTypes.DATE,`
added suspending admin email to error screen 2018-03-07 07:38:52 +00:00			`suspendedById: DataTypes.UUID,`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`},`
			`{`
Account deletion endpoint 2018-07-07 22:38:22 +00:00			`paranoid: true,`
Backend support 2018-03-04 23:38:51 +00:00			`getterMethods: {`
			`isSuspended() {`
			`return !!this.suspendedAt;`
			`},`
			`},`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`}`
			`);`
Refactor 2016-04-29 05:25:37 +00:00
Upgrade sequelize and remove unique email constraints 2017-07-12 07:28:18 +00:00			`// Class methods`
			`User.associate = models => {`
Cascade notification setting deletion on user account deletion 2018-12-07 03:14:43 +00:00			`User.hasMany(models.ApiKey, { as: 'apiKeys', onDelete: 'cascade' });`
			`User.hasMany(models.NotificationSetting, {`
			`as: 'notificationSettings',`
			`onDelete: 'cascade',`
			`});`
Upgrade sequelize and remove unique email constraints 2017-07-12 07:28:18 +00:00			`User.hasMany(models.Document, { as: 'documents' });`
			`User.hasMany(models.View, { as: 'views' });`
			`};`

			`// Instance methods`
Collection Permissions (#829) see https://github.com/outline/outline/issues/668 2019-01-05 21:37:33 +00:00			`User.prototype.collectionIds = async function() {`
			`let models = await Collection.findAll({`
			`attributes: ['id', 'private'],`
			`where: { teamId: this.teamId },`
			`include: [`
			`{`
			`model: User,`
			`through: 'collection_users',`
			`as: 'users',`
			`where: { id: this.id },`
			`required: false,`
			`},`
			`],`
			`});`

			`// Filter collections that are private and don't have an association`
			`return models.filter(c => !c.private \|\| c.users.length).map(c => c.id);`
			`};`

Track recently active and signin times (#663) * Track recently active and signin times * Trust proxy headers in production 2018-06-05 02:07:56 +00:00			`User.prototype.updateActiveAt = function(ip) {`
			`const fiveMinutesAgo = subMinutes(new Date(), 5);`

			`// ensure this is updated only every few minutes otherwise`
			`// we'll be constantly writing to the DB as API requests happen`
			`if (this.lastActiveAt < fiveMinutesAgo) {`
			`this.lastActiveAt = new Date();`
			`this.lastActiveIp = ip;`
			`return this.save({ hooks: false });`
			`}`
			`};`

			`User.prototype.updateSignedIn = function(ip) {`
			`this.lastSignedInAt = new Date();`
			`this.lastSignedInIp = ip;`
			`return this.save({ hooks: false });`
			`};`

Upgrade sequelize and remove unique email constraints 2017-07-12 07:28:18 +00:00			`User.prototype.getJwtToken = function() {`
			`return JWT.sign({ id: this.id }, this.jwtSecret);`
			`};`
Save avatars to le cloud in beforeSave hooks Added encryption to uploads Updated icon for team settings 2018-06-01 22:00:48 +00:00
			`const uploadAvatar = async model => {`
			`const endpoint = publicS3Endpoint();`

			`if (model.avatarUrl && !model.avatarUrl.startsWith(endpoint)) {`
			`const newUrl = await uploadToS3FromUrl(`
			`model.avatarUrl,`
			`avatars/${model.id}/${uuid.v4()}`
			`);`
			`if (newUrl) model.avatarUrl = newUrl;`
			`}`
Upload avatar to s3 on login 2017-10-19 07:49:22 +00:00			`};`
Upgrade sequelize and remove unique email constraints 2017-07-12 07:28:18 +00:00
[chore] added prettier 2017-04-27 04:47:03 +00:00			`const setRandomJwtSecret = model => {`
Refactor 2016-04-29 05:25:37 +00:00			`model.jwtSecret = crypto.randomBytes(64).toString('hex');`
			`};`
User model cleanup 2018-06-04 19:08:29 +00:00
Cascade notification setting deletion on user account deletion 2018-12-07 03:14:43 +00:00			`const removeIdentifyingInfo = async (model, options) => {`
			`await NotificationSetting.destroy({`
			`where: { userId: model.id },`
			`transaction: options.transaction,`
			`});`
			`await ApiKey.destroy({`
			`where: { userId: model.id },`
			`transaction: options.transaction,`
			`});`
			`await Star.destroy({`
			`where: { userId: model.id },`
			`transaction: options.transaction,`
			`});`
Allow more than one user to be deleted 😂 2018-07-11 03:44:59 +00:00
Account deletion endpoint 2018-07-07 22:38:22 +00:00			`model.email = '';`
Wiping more information Ensuring documents and collections created by user still load 2018-07-11 02:47:15 +00:00			`model.name = 'Unknown';`
			`model.avatarUrl = '';`
Allow more than one user to be deleted 😂 2018-07-11 03:44:59 +00:00			`model.serviceId = null;`
Wiping more information Ensuring documents and collections created by user still load 2018-07-11 02:47:15 +00:00			`model.username = null;`
Account deletion endpoint 2018-07-07 22:38:22 +00:00			`model.slackData = null;`
Wiping more information Ensuring documents and collections created by user still load 2018-07-11 02:47:15 +00:00			`model.lastActiveIp = null;`
Allow more than one user to be deleted 😂 2018-07-11 03:44:59 +00:00			`model.lastSignedInIp = null;`
Wiping more information Ensuring documents and collections created by user still load 2018-07-11 02:47:15 +00:00
			`// this shouldn't be needed once this issue is resolved:`
			`// https://github.com/sequelize/sequelize/issues/9318`
Cascade notification setting deletion on user account deletion 2018-12-07 03:14:43 +00:00			`await model.save({ hooks: false, transaction: options.transaction });`
Account deletion endpoint 2018-07-07 22:38:22 +00:00			`};`

			`const checkLastAdmin = async model => {`
			`const teamId = model.teamId;`

			`if (model.isAdmin) {`
			`const userCount = await User.count({ where: { teamId } });`
			`const adminCount = await User.count({ where: { isAdmin: true, teamId } });`

			`if (userCount > 1 && adminCount <= 1) {`
			`throw new Error(`
			`'Cannot delete account as only admin. Please transfer admin permissions to another user and try again.'`
			`);`
			`}`
			`}`
			`};`

			`User.beforeDestroy(checkLastAdmin);`
			`User.beforeDestroy(removeIdentifyingInfo);`
Save avatars to le cloud in beforeSave hooks Added encryption to uploads Updated icon for team settings 2018-06-01 22:00:48 +00:00			`User.beforeSave(uploadAvatar);`
Refactor 2016-04-29 05:25:37 +00:00			`User.beforeCreate(setRandomJwtSecret);`
Fixes: Welcome email dashboard location (#886) * Fixes: Welcome email dashboard location Updated logo in email * :green_heart: 2019-01-27 12:30:53 +00:00			`User.afterCreate(async user => {`
chore: upgrade sequelize (#965) * 0.18.0 * chore: Upgrade sequelize 4 -> 5 * fix: migrations v5 support * fix: Majority of test failures * fix: the rest of v5 tests 2019-06-23 22:49:45 +00:00			`const team = await Team.findByPk(user.teamId);`
chore: Remove welcome email for Slack users (against TOS) 2019-06-26 03:28:45 +00:00
			`// From Slack support:`
			`// If you wish to contact users at an email address obtained through Slack,`
			`// you need them to opt-in through a clear and separate process.`
fix: Correctly detect Slack team 2019-06-28 05:35:49 +00:00			`if (!team.slackId) {`
chore: Remove welcome email for Slack users (against TOS) 2019-06-26 03:28:45 +00:00			`sendEmail('welcome', user.email, { teamUrl: team.url });`
			`}`
Fixes: Welcome email dashboard location (#886) * Fixes: Welcome email dashboard location Updated logo in email * :green_heart: 2019-01-27 12:30:53 +00:00			`});`
Refactor 2016-04-29 05:25:37 +00:00
Base model refactor (#810) * Big upgrades * WIP: Stash * Stash, 30 flow errors left * Downgrade mobx * WIP * When I understand the difference between class and instance methods * :green_heart: * Fixes: File import Model saving edge cases pinning and starring docs Collection editing Upgrade mobx devtools * Notification settings saving works * Disabled settings * Document mailer * Working notifications * Colletion created notification Ensure not notified for own actions * Tidy up * Document updated event only for document creation Add indexes Notification setting on user creation * Commentary * Fixed: Notification setting on signup * Fix document move / duplicate stale data Add BaseModel.refresh method * Fixes: Title in sidebar not updated after editing document * :green_heart: * Improve / restore error handling Better handle offline errors * :shirt: 2018-12-05 06:24:30 +00:00			`// By default when a user signs up we subscribe them to email notifications`
Fixes: Collection creation notification email Added: Unsubscribe option to notification email footers Added: Two new notification types (emails not written yet) Fixed: Validation added to notification setting events 2018-12-06 07:44:41 +00:00			`// when documents they created are edited by other team members and onboarding`
			`User.afterCreate(async (user, options) => {`
			`await NotificationSetting.findOrCreate({`
Base model refactor (#810) * Big upgrades * WIP: Stash * Stash, 30 flow errors left * Downgrade mobx * WIP * When I understand the difference between class and instance methods * :green_heart: * Fixes: File import Model saving edge cases pinning and starring docs Collection editing Upgrade mobx devtools * Notification settings saving works * Disabled settings * Document mailer * Working notifications * Colletion created notification Ensure not notified for own actions * Tidy up * Document updated event only for document creation Add indexes Notification setting on user creation * Commentary * Fixed: Notification setting on signup * Fix document move / duplicate stale data Add BaseModel.refresh method * Fixes: Title in sidebar not updated after editing document * :green_heart: * Improve / restore error handling Better handle offline errors * :shirt: 2018-12-05 06:24:30 +00:00			`where: {`
			`userId: user.id,`
			`teamId: user.teamId,`
			`event: 'documents.update',`
			`},`
			`transaction: options.transaction,`
Fixes: Collection creation notification email Added: Unsubscribe option to notification email footers Added: Two new notification types (emails not written yet) Fixed: Validation added to notification setting events 2018-12-06 07:44:41 +00:00			`});`
			`await NotificationSetting.findOrCreate({`
			`where: {`
			`userId: user.id,`
			`teamId: user.teamId,`
			`event: 'emails.onboarding',`
			`},`
			`transaction: options.transaction,`
			`});`
			`});`
Base model refactor (#810) * Big upgrades * WIP: Stash * Stash, 30 flow errors left * Downgrade mobx * WIP * When I understand the difference between class and instance methods * :green_heart: * Fixes: File import Model saving edge cases pinning and starring docs Collection editing Upgrade mobx devtools * Notification settings saving works * Disabled settings * Document mailer * Working notifications * Colletion created notification Ensure not notified for own actions * Tidy up * Document updated event only for document creation Add indexes Notification setting on user creation * Commentary * Fixed: Notification setting on signup * Fix document move / duplicate stale data Add BaseModel.refresh method * Fixes: Title in sidebar not updated after editing document * :green_heart: * Improve / restore error handling Better handle offline errors * :shirt: 2018-12-05 06:24:30 +00:00
Refactor 2016-04-29 05:25:37 +00:00			`export default User;`