npm - @stamhoofd/backend - Versions diffs - 2.39.0 → 2.40.0 - Mend

@stamhoofd/backend 2.39.0 → 2.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (198) hide show

package/src/endpoints/auth/CreateTokenEndpoint.ts CHANGED Viewed

@@ -14,11 +14,11 @@ export class CreateTokenEndpoint extends Endpoint<Params, Query, Body, ResponseB
     protected bodyDecoder = CreateTokenStruct;
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "POST") {
+        if (request.method !== 'POST') {
             return [false];
         }
-        const params = Endpoint.parseParameters(request.url, "/oauth/token", {});
+        const params = Endpoint.parseParameters(request.url, '/oauth/token', {});
         if (params) {
             return [true, params as Params];
@@ -34,167 +34,166 @@ export class CreateTokenEndpoint extends Endpoint<Params, Query, Body, ResponseB
         // - check if not multiple attempts for the same username are started in parallel
         // - Limit the amount of failed attemps by IP (will only make it a bit harder)
         // - Detect attacks on random accounts (using email list + most used passwords) and temorary require CAPTCHA on all accounts
-        const organization = await Context.setOptionalOrganizationScope()
-        switch (request.body.grantType) {
-        case "refresh_token": {
-            const oldToken = await Token.getByRefreshToken(request.body.refreshToken)
-            if (!oldToken) {
-                throw new SimpleError({
-                    code: "invalid_refresh_token",
-                    message: "Invalid refresh token",
-                    statusCode: 400
-                });
-            }
+        const organization = await Context.setOptionalOrganizationScope();
-            if (oldToken.user.organizationId !== null && oldToken.user.organizationId !== (organization?.id ?? null)) {
+        switch (request.body.grantType) {
+            case 'refresh_token': {
+                const oldToken = await Token.getByRefreshToken(request.body.refreshToken);
+                if (!oldToken) {
+                    throw new SimpleError({
+                        code: 'invalid_refresh_token',
+                        message: 'Invalid refresh token',
+                        statusCode: 400,
+                    });
+                }
+                if (oldToken.user.organizationId !== null && oldToken.user.organizationId !== (organization?.id ?? null)) {
                 // Invalid scope
-                throw new SimpleError({
-                    code: "invalid_refresh_token",
-                    message: "Invalid refresh token",
-                    statusCode: 400
-                });
+                    throw new SimpleError({
+                        code: 'invalid_refresh_token',
+                        message: 'Invalid refresh token',
+                        statusCode: 400,
+                    });
+                }
+                // Important to create a new token before adjusting the old token
+                const token = await Token.createToken(oldToken.user);
+                // In the rare event our response doesn't reach the client anymore, we don't want the client to sign out...
+                // So we give them a second chance and create a new token BUT we expire our existing token in an hour (forever!)
+                oldToken.refreshTokenValidUntil = new Date(Date.now() + 60 * 60 * 1000);
+                oldToken.accessTokenValidUntil = new Date(Date.now() - 60 * 60 * 1000);
+                // Do not delete the old one, only expire it fast so it will get deleted in the future
+                await oldToken.save();
+                if (!token) {
+                    throw new SimpleError({
+                        code: 'error',
+                        message: 'Could not generate token',
+                        human: 'Er ging iets mis bij het aanmelden',
+                        statusCode: 500,
+                    });
+                }
+                const st = new TokenStruct(token);
+                return new Response(st);
             }
-            // Important to create a new token before adjusting the old token
-            const token = await Token.createToken(oldToken.user);
-            // In the rare event our response doesn't reach the client anymore, we don't want the client to sign out...
-            // So we give them a second chance and create a new token BUT we expire our existing token in an hour (forever!)
-            oldToken.refreshTokenValidUntil = new Date(Date.now() + 60*60*1000)
-            oldToken.accessTokenValidUntil = new Date(Date.now() - 60 * 60 * 1000)
-            // Do not delete the old one, only expire it fast so it will get deleted in the future
-            await oldToken.save();
-            if (!token) {
-                throw new SimpleError({
-                    code: "error",
-                    message: "Could not generate token",
-                    human: "Er ging iets mis bij het aanmelden",
-                    statusCode: 500
-                });
-            }
-            const st = new TokenStruct(token);
-            return new Response(st);
-        }
-        case "password": {
+            case 'password': {
             // Increase timout for legacy
-            request.request.request?.setTimeout(30 * 1000);
-            const user = await User.login(organization?.id ?? null, request.body.username, request.body.password)
+                request.request.request?.setTimeout(30 * 1000);
+                const user = await User.login(organization?.id ?? null, request.body.username, request.body.password);
-            const errBody = {
-                code: "invalid_username_or_password",
-                message: "Invalid username or password",
-                human: "Foutief wachtwoord of onbekend emailadres",
-                statusCode: 400
-            };
+                const errBody = {
+                    code: 'invalid_username_or_password',
+                    message: 'Invalid username or password',
+                    human: 'Foutief wachtwoord of onbekend emailadres',
+                    statusCode: 400,
+                };
-            if (!user) {
+                if (!user) {
                 // TODO: increase counter
-                throw new SimpleError(errBody);
-            }
-            // Yay! Valid password
-            // Now check if e-mail is already validated
-            // if not: throw a validation error (e-mail validation is required)
-            if (!user.verified) {
-                const code = await EmailVerificationCode.createFor(user, user.email)
-                code.send(user, organization, request.i18n)
-                throw new SimpleError({
-                    code: "verify_email",
-                    message: "Your email address needs verification",
-                    human: "Jouw e-mailadres is nog niet geverifieerd. Verifieer jouw e-mailadres via de link in de e-mail.",
-                    meta: SignupResponse.create({
-                        token: code.token
-                    }).encode({ version: request.request.getVersion() }),
-                    statusCode: 403
-                });
-            }
-            const token = await Token.createToken(user);
-            if (!token) {
-                throw new SimpleError({
-                    code: "error",
-                    message: "Could not generate token",
-                    human: "Er ging iets mis bij het aanmelden",
-                    statusCode: 500
-                });
-            }
-            const st = new TokenStruct(token);
-            return new Response(st);
-        }
-        case "password_token": {
-            const passwordToken = await PasswordToken.getToken(request.body.token)
-            if (!passwordToken) {
-                throw new SimpleError({
-                    code: "invalid_token",
-                    message: "Invalid token",
-                    human: "Deze link is ongeldig of is al vervallen. Je zal nogmaals een e-mail moeten versturen om je wachtwoord te herstellen.",
-                    statusCode: 400
-                });
+                    throw new SimpleError(errBody);
+                }
+                // Yay! Valid password
+                // Now check if e-mail is already validated
+                // if not: throw a validation error (e-mail validation is required)
+                if (!user.verified) {
+                    const code = await EmailVerificationCode.createFor(user, user.email);
+                    code.send(user, organization, request.i18n).catch(console.error);
+                    throw new SimpleError({
+                        code: 'verify_email',
+                        message: 'Your email address needs verification',
+                        human: 'Jouw e-mailadres is nog niet geverifieerd. Verifieer jouw e-mailadres via de link in de e-mail.',
+                        meta: SignupResponse.create({
+                            token: code.token,
+                        }).encode({ version: request.request.getVersion() }),
+                        statusCode: 403,
+                    });
+                }
+                const token = await Token.createToken(user);
+                if (!token) {
+                    throw new SimpleError({
+                        code: 'error',
+                        message: 'Could not generate token',
+                        human: 'Er ging iets mis bij het aanmelden',
+                        statusCode: 500,
+                    });
+                }
+                const st = new TokenStruct(token);
+                return new Response(st);
             }
-            // Check scope
-            if (organization && passwordToken.user.organizationId && passwordToken.user.organizationId != organization.id) {
+            case 'password_token': {
+                const passwordToken = await PasswordToken.getToken(request.body.token);
+                if (!passwordToken) {
+                    throw new SimpleError({
+                        code: 'invalid_token',
+                        message: 'Invalid token',
+                        human: 'Deze link is ongeldig of is al vervallen. Je zal nogmaals een e-mail moeten versturen om je wachtwoord te herstellen.',
+                        statusCode: 400,
+                    });
+                }
+                // Check scope
+                if (organization && passwordToken.user.organizationId && passwordToken.user.organizationId !== organization.id) {
                 // user of a different organization
-                throw new SimpleError({
-                    code: "invalid_token",
-                    message: "Invalid token",
-                    human: "Deze link is ongeldig of is al vervallen. Je zal nogmaals een e-mail moeten versturen om je wachtwoord te herstellen.",
-                    statusCode: 400
-                });
-            }
-            if (!organization && passwordToken.user.organizationId) {
+                    throw new SimpleError({
+                        code: 'invalid_token',
+                        message: 'Invalid token',
+                        human: 'Deze link is ongeldig of is al vervallen. Je zal nogmaals een e-mail moeten versturen om je wachtwoord te herstellen.',
+                        statusCode: 400,
+                    });
+                }
+                if (!organization && passwordToken.user.organizationId) {
                 // User is scoped to a single organization, while the request is not
-                throw new SimpleError({
-                    code: "invalid_token",
-                    message: "Invalid token",
-                    human: "Deze link is ongeldig of is al vervallen. Je zal nogmaals een e-mail moeten versturen om je wachtwoord te herstellen.",
-                    statusCode: 400
-                });
+                    throw new SimpleError({
+                        code: 'invalid_token',
+                        message: 'Invalid token',
+                        human: 'Deze link is ongeldig of is al vervallen. Je zal nogmaals een e-mail moeten versturen om je wachtwoord te herstellen.',
+                        statusCode: 400,
+                    });
+                }
+                // Important to create a new token before adjusting the old token
+                const token = await Token.createToken(passwordToken.user);
+                // TODO: make token short lived until renewal
+                if (!token) {
+                    throw new SimpleError({
+                        code: 'error',
+                        message: 'Could not generate token',
+                        human: 'Er ging iets mis bij het inloggen',
+                        statusCode: 500,
+                    });
+                }
+                // For now we keep the password token because the user might want to reload the page or load it on a different device/browser
+                // await passwordToken.delete();
+                // Verify this email address, since the user can't change its email address without being verified
+                if (!token.user.verified) {
+                    token.user.verified = true;
+                    await token.user.save();
+                }
+                const st = new TokenStruct(token);
+                return new Response(st);
             }
-            // Important to create a new token before adjusting the old token
-            const token = await Token.createToken(passwordToken.user);
-            // TODO: make token short lived until renewal
-            if (!token) {
-                throw new SimpleError({
-                    code: "error",
-                    message: "Could not generate token",
-                    human: "Er ging iets mis bij het inloggen",
-                    statusCode: 500
-                });
-            }
-            // For now we keep the password token because the user might want to reload the page or load it on a different device/browser
-            //await passwordToken.delete();
-            // Verify this email address, since the user can't change its email address without being verified
-            if (!token.user.verified) {
-                token.user.verified = true
-                await token.user.save()
-            }
-            const st = new TokenStruct(token);
-            return new Response(st);
-        }
-        default: {
+            default: {
             // t should always be 'never' so we get no compiler error when this compiles
             // if you get a compiler error here, you missed a possible value for grantType
-            throw new Error("Grant type " + request.body.grantType + " not supported");
-        }
+                throw new Error('Grant type ' + request.body.grantType + ' not supported');
+            }
         }
     }
 }

package/src/endpoints/auth/DeleteTokenEndpoint.ts CHANGED Viewed

@@ -9,11 +9,11 @@ type ResponseBody = undefined;
 export class DeleteTokenEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "DELETE") {
+        if (request.method !== 'DELETE') {
             return [false];
         }
-        const params = Endpoint.parseParameters(request.url, "/oauth/token", {});
+        const params = Endpoint.parseParameters(request.url, '/oauth/token', {});
         if (params) {
             return [true, params as Params];
@@ -22,10 +22,10 @@ export class DeleteTokenEndpoint extends Endpoint<Params, Query, Body, ResponseB
     }
     async handle(_: DecodedRequest<Params, Query, Body>) {
-        await Context.setOptionalOrganizationScope()
-        const {token} = await Context.authenticate({allowWithoutAccount: true})
-        await token.delete()
-        return new Response(undefined)
+        await Context.setOptionalOrganizationScope();
+        const { token } = await Context.authenticate({ allowWithoutAccount: true });
+        await token.delete();
+        return new Response(undefined);
     }
 }

package/src/endpoints/auth/DeleteUserEndpoint.ts CHANGED Viewed

@@ -11,11 +11,11 @@ type ResponseBody = undefined;
 export class DeleteUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "DELETE") {
+        if (request.method !== 'DELETE') {
             return [false];
         }
-        const params = Endpoint.parseParameters(request.url, "/user", {});
+        const params = Endpoint.parseParameters(request.url, '/user', {});
         if (params) {
             return [true, params as Params];
@@ -24,35 +24,35 @@ export class DeleteUserEndpoint extends Endpoint<Params, Query, Body, ResponseBo
     }
     async handle(_: DecodedRequest<Params, Query, Body>) {
-        const organization = await Context.setOptionalOrganizationScope()
-        const {user, token} = await Context.authenticate({allowWithoutAccount: true})
+        const organization = await Context.setOptionalOrganizationScope();
+        const { user, token } = await Context.authenticate({ allowWithoutAccount: true });
         // Send an e-mail to inform everyone about this action
         // Delete the account
         const bcc = (await getDefaultEmailFrom(null, {
-            template: {}
-        }))
+            template: {},
+        }));
         await sendEmailTemplate(organization, {
             recipients: [
                 Recipient.create({
-                    email: user.email
-                })
+                    email: user.email,
+                }),
             ],
             singleBcc: bcc.replyTo || bcc.from,
             template: {
                 type: EmailTemplateType.DeleteAccountConfirmation,
             },
-            type: 'transactional'
-        })
+            type: 'transactional',
+        });
         // Soft delete until processed manually
         user.verified = false;
         user.password = null;
-        await user.save()
-        await token.delete()
-        return new Response(undefined)
+        await user.save();
+        await token.delete();
+        return new Response(undefined);
     }
 }

package/src/endpoints/auth/ForgotPasswordEndpoint.ts CHANGED Viewed

@@ -5,7 +5,6 @@ import { EmailTemplateType, ForgotPasswordRequest, Recipient, Replacement } from
 import { Context } from '../../helpers/Context';
-// eslint-disable-next-line @typescript-eslint/ban-types
 type Params = Record<string, never>;
 type Query = undefined;
 type Body = ForgotPasswordRequest;
@@ -15,11 +14,11 @@ export class ForgotPasswordEndpoint extends Endpoint<Params, Query, Body, Respon
     protected bodyDecoder = ForgotPasswordRequest as Decoder<ForgotPasswordRequest>;
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "POST") {
+        if (request.method !== 'POST') {
             return [false];
         }
-        const params = Endpoint.parseParameters(request.url, "/forgot-password", {});
+        const params = Endpoint.parseParameters(request.url, '/forgot-password', {});
         if (params) {
             return [true, params as Params];
@@ -28,27 +27,27 @@ export class ForgotPasswordEndpoint extends Endpoint<Params, Query, Body, Respon
     }
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        const organization = await Context.setOptionalOrganizationScope()
-        const user = await User.getForAuthentication(organization?.id ?? null, request.body.email, {allowWithoutAccount: true});
+        const organization = await Context.setOptionalOrganizationScope();
+        const user = await User.getForAuthentication(organization?.id ?? null, request.body.email, { allowWithoutAccount: true });
         if (!user) {
             // Create e-mail builder
             await sendEmailTemplate(organization, {
                 recipients: [
                     Recipient.create({
-                        email: request.body.email
-                    })
+                        email: request.body.email,
+                    }),
                 ],
                 template: {
                     type: EmailTemplateType.ForgotPasswordButNoAccount,
                 },
-                type: 'transactional'
-            })
+                type: 'transactional',
+            });
-            return new Response(undefined)
+            return new Response(undefined);
         }
-        const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(user, organization, request.i18n)
+        const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(user, organization, request.i18n);
         // Create e-mail builder
         await sendEmailTemplate(organization, {
@@ -60,16 +59,16 @@ export class ForgotPasswordEndpoint extends Endpoint<Params, Query, Body, Respon
                     replacements: [
                         Replacement.create({
                             token: 'resetUrl',
-                            value: recoveryUrl
-                        })
-                    ]
-                })
+                            value: recoveryUrl,
+                        }),
+                    ],
+                }),
             ],
             template: {
                 type: EmailTemplateType.ForgotPassword,
             },
-            type: 'transactional'
-        })
+            type: 'transactional',
+        });
         return new Response(undefined);
     }

package/src/endpoints/auth/GetOtherUserEndpoint.ts CHANGED Viewed

@@ -5,19 +5,18 @@ import { AuthenticatedStructures } from '../../helpers/AuthenticatedStructures';
 import { Context } from '../../helpers/Context';
 import { User } from '@stamhoofd/models';
-type Params = {id: string};
+type Params = { id: string };
 type Query = undefined;
 type Body = undefined;
 type ResponseBody = UserWithMembers;
 export class GetUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
     protected doesMatch(request: Request): [true, Params] | [false] {
-        if (request.method != "GET") {
+        if (request.method !== 'GET') {
             return [false];
         }
-        const params = Endpoint.parseParameters(request.url, "/user/@id", {id: String});
+        const params = Endpoint.parseParameters(request.url, '/user/@id', { id: String });
         if (params) {
             return [true, params as Params];
@@ -26,16 +25,16 @@ export class GetUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
     }
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        await Context.setOptionalOrganizationScope()
-        await Context.authenticate()
+        await Context.setOptionalOrganizationScope();
+        await Context.authenticate();
-        const user = await User.getByID(request.params.id)
-        if (!user || !(await Context.auth.canAccessUser(user)) ){
-            throw Context.auth.error()
+        const user = await User.getByID(request.params.id);
+        if (!user || !(await Context.auth.canAccessUser(user))) {
+            throw Context.auth.error();
         }
         return new Response(
-            await AuthenticatedStructures.userWithMembers(user)
+            await AuthenticatedStructures.userWithMembers(user),
         );
     }
 }

package/src/endpoints/auth/GetUserEndpoint.test.ts CHANGED Viewed

@@ -1,64 +1,61 @@
-import { Request } from "@simonbackx/simple-endpoints";
+import { Request } from '@simonbackx/simple-endpoints';
 import { OrganizationFactory, Token, UserFactory } from '@stamhoofd/models';
 import { NewUser } from '@stamhoofd/structures';
-import { testServer } from "../../../tests/helpers/TestServer";
+import { testServer } from '../../../tests/helpers/TestServer';
 import { GetUserEndpoint } from './GetUserEndpoint';
-describe("Endpoint.GetUser", () => {
+describe('Endpoint.GetUser', () => {
     // Test endpoint
     const endpoint = new GetUserEndpoint();
-    test("Request user details when signed in", async () => {
-        const organization = await new OrganizationFactory({}).create()
-        const user = await new UserFactory({ organization }).create()
-        const token = await Token.createToken(user)
+    test('Request user details when signed in', async () => {
+        const organization = await new OrganizationFactory({}).create();
+        const user = await new UserFactory({ organization }).create();
+        const token = await Token.createToken(user);
-        const r = Request.buildJson("GET", "/v1/user", organization.getApiHost());
-        r.headers.authorization = "Bearer "+token.accessToken
+        const r = Request.buildJson('GET', '/v1/user', organization.getApiHost());
+        r.headers.authorization = 'Bearer ' + token.accessToken;
         const response = await testServer.test(endpoint, r);
         expect(response.body).toBeDefined();
         if (!(response.body instanceof NewUser)) {
-            throw new Error("Expected NewUser")
-        }
+            throw new Error('Expected NewUser');
+        }
-        expect(response.body.id).toEqual(user.id)
+        expect(response.body.id).toEqual(user.id);
     });
-    test("Request user details when not signed in is not working", async () => {
-        const organization = await new OrganizationFactory({}).create()
-        const user = await new UserFactory({ organization }).create()
-        const token = await Token.createToken(user)
+    test('Request user details when not signed in is not working', async () => {
+        const organization = await new OrganizationFactory({}).create();
+        const user = await new UserFactory({ organization }).create();
+        const token = await Token.createToken(user);
-        const r = Request.buildJson("GET", "/v1/user", organization.getApiHost());
+        const r = Request.buildJson('GET', '/v1/user', organization.getApiHost());
-        await expect(testServer.test(endpoint, r)).rejects.toThrow(/missing/i)
+        await expect(testServer.test(endpoint, r)).rejects.toThrow(/missing/i);
     });
-    test("Request user details with invalid token is not working", async () => {
-        const organization = await new OrganizationFactory({}).create()
-        const user = await new UserFactory({ organization }).create()
-        const token = await Token.createToken(user)
+    test('Request user details with invalid token is not working', async () => {
+        const organization = await new OrganizationFactory({}).create();
+        const user = await new UserFactory({ organization }).create();
+        const token = await Token.createToken(user);
-        const r = Request.buildJson("GET", "/v1/user", organization.getApiHost());
-        r.headers.authorization = "Bearer " + token.accessToken+"d"
+        const r = Request.buildJson('GET', '/v1/user', organization.getApiHost());
+        r.headers.authorization = 'Bearer ' + token.accessToken + 'd';
-        await expect(testServer.test(endpoint, r)).rejects.toThrow(/invalid/i)
+        await expect(testServer.test(endpoint, r)).rejects.toThrow(/invalid/i);
     });
-    test("Request user details with expired token is not working", async () => {
-        const organization = await new OrganizationFactory({}).create()
-        const user = await new UserFactory({ organization }).create()
-        const token = await Token.createExpiredToken(user)
+    test('Request user details with expired token is not working', async () => {
+        const organization = await new OrganizationFactory({}).create();
+        const user = await new UserFactory({ organization }).create();
+        const token = await Token.createExpiredToken(user);
-        const r = Request.buildJson("GET", "/v1/user", organization.getApiHost());
-        r.headers.authorization = "Bearer " + token.accessToken
+        const r = Request.buildJson('GET', '/v1/user', organization.getApiHost());
+        r.headers.authorization = 'Bearer ' + token.accessToken;
-        await expect(testServer.test(endpoint, r)).rejects.toThrow(/expired/i)
+        await expect(testServer.test(endpoint, r)).rejects.toThrow(/expired/i);
     });
 });