6d8216c54e
* feat: API endpoints for email signin * fix: After testing * Initial signin flow working * move shared middleware * feat: Add guest signin toggle, obey on endpoints * feat: Basic email signin when enabled * Improve guest signin email Disable double signin with JWT * fix: Simple rate limiting * create placeholder users in db * fix: Give invited users default avatar add invited users to people settings * test * add transaction * tmp: test CI * derp * md5 * urgh * again * test: pass * test * fix: Remove usage of data values * guest signin page * Visually separator 'Invited' from other people tabs * fix: Edge case attempting SSO signin for guest email account * fix: Correctly set email auth method to cookie * Improve rate limit error display * lint: cleanup / comments * Improve invalid token error display * style tweaks * pass guest value to subdomain * Restore copy link option * feat: Allow invite revoke from people management * fix: Incorrect users email schema does not allow for user deletion * lint * fix: avatarUrl for deleted user failure * change default to off for guest invites * fix: Changing security settings wipes subdomain * fix: user delete permissioning * test: Add user.invite specs
60 lines
1.4 KiB
JavaScript
60 lines
1.4 KiB
JavaScript
// @flow
|
|
import JWT from 'jsonwebtoken';
|
|
import subMinutes from 'date-fns/sub_minutes';
|
|
import { AuthenticationError } from '../errors';
|
|
import { User } from '../models';
|
|
|
|
function getJWTPayload(token) {
|
|
let payload;
|
|
try {
|
|
payload = JWT.decode(token);
|
|
} catch (err) {
|
|
throw new AuthenticationError('Unable to decode JWT token');
|
|
}
|
|
|
|
if (!payload) {
|
|
throw new AuthenticationError('Invalid token');
|
|
}
|
|
return payload;
|
|
}
|
|
|
|
export async function getUserForJWT(token: string) {
|
|
const payload = getJWTPayload(token);
|
|
const user = await User.findByPk(payload.id);
|
|
|
|
try {
|
|
JWT.verify(token, user.jwtSecret);
|
|
} catch (err) {
|
|
throw new AuthenticationError('Invalid token');
|
|
}
|
|
|
|
return user;
|
|
}
|
|
|
|
export async function getUserForEmailSigninToken(token: string) {
|
|
const payload = getJWTPayload(token);
|
|
|
|
// check the token is within it's expiration time
|
|
if (payload.createdAt) {
|
|
if (new Date(payload.createdAt) < subMinutes(new Date(), 10)) {
|
|
throw new AuthenticationError('Expired token');
|
|
}
|
|
}
|
|
|
|
const user = await User.findByPk(payload.id);
|
|
|
|
// if user has signed in at all since the token was created then
|
|
// it's no longer valid, they'll need a new one.
|
|
if (user.lastSignedInAt > payload.createdAt) {
|
|
throw new AuthenticationError('Token has already been used');
|
|
}
|
|
|
|
try {
|
|
JWT.verify(token, user.jwtSecret);
|
|
} catch (err) {
|
|
throw new AuthenticationError('Invalid token');
|
|
}
|
|
|
|
return user;
|
|
}
|