feat: Guest email authentication (#1088)

* feat: API endpoints for email signin * fix: After testing * Initial signin flow working * move shared middleware * feat: Add guest signin toggle, obey on endpoints * feat: Basic email signin when enabled * Improve guest signin email Disable double signin with JWT * fix: Simple rate limiting * create placeholder users in db * fix: Give invited users default avatar add invited users to people settings * test * add transaction * tmp: test CI * derp * md5 * urgh * again * test: pass * test * fix: Remove usage of data values * guest signin page * Visually separator 'Invited' from other people tabs * fix: Edge case attempting SSO signin for guest email account * fix: Correctly set email auth method to cookie * Improve rate limit error display * lint: cleanup / comments * Improve invalid token error display * style tweaks * pass guest value to subdomain * Restore copy link option * feat: Allow invite revoke from people management * fix: Incorrect users email schema does not allow for user deletion * lint * fix: avatarUrl for deleted user failure * change default to off for guest invites * fix: Changing security settings wipes subdomain * fix: user delete permissioning * test: Add user.invite specs
2019-12-15 18:46:08 -08:00
parent 5731ff34a4
commit 6d8216c54e
45 changed files with 846 additions and 206 deletions
--- a/server/commands/userInviter.js
+++ b/server/commands/userInviter.js
@ -2,8 +2,9 @@
 import { uniqBy } from 'lodash';
 import { User, Event, Team } from '../models';
 import mailer from '../mailer';
+import { sequelize } from '../sequelize';

-type Invite = { name: string, email: string };
+type Invite = { name: string, email: string, guest: boolean };

 export default async function userInviter({
  user,
@ -16,7 +17,7 @@ export default async function userInviter({
 }): Promise<{ sent: Invite[] }> {
  const team = await Team.findByPk(user.teamId);

-  // filter out empties, duplicates and non-emails
+  // filter out empties, duplicates and obvious non-emails
  const compactedInvites = uniqBy(
    invites.filter(invite => !!invite.email.trim() && invite.email.match('@')),
    'email'
@ -38,24 +39,44 @@ export default async function userInviter({
  // send and record invites
  await Promise.all(
    filteredInvites.map(async invite => {
-      await Event.create({
-        name: 'users.invite',
-        actorId: user.id,
-        teamId: user.teamId,
-        data: {
-          email: invite.email,
+      const transaction = await sequelize.transaction();
+      try {
+        await User.create(
+          {
+            teamId: user.teamId,
+            name: invite.name,
+            email: invite.email,
+            service: null,
+          },
+          { transaction }
+        );
+        await Event.create(
+          {
+            name: 'users.invite',
+            actorId: user.id,
+            teamId: user.teamId,
+            data: {
+              email: invite.email,
+              name: invite.name,
+            },
+            ip,
+          },
+          { transaction }
+        );
+        await mailer.invite({
+          to: invite.email,
          name: invite.name,
-        },
-        ip,
-      });
-      await mailer.invite({
-        to: invite.email,
-        name: invite.name,
-        actorName: user.name,
-        actorEmail: user.email,
-        teamName: team.name,
-        teamUrl: team.url,
-      });
+          guest: invite.guest,
+          actorName: user.name,
+          actorEmail: user.email,
+          teamName: team.name,
+          teamUrl: team.url,
+        });
+        await transaction.commit();
+      } catch (err) {
+        await transaction.rollback();
+        throw err;
+      }
    })
  );