wabe 0.6.9 → 0.6.10

package/src/schema/defaultResolvers.ts

@@ -0,0 +1,94 @@
+import type { MutationResolver, QueryResolver } from './Schema'
+import { meResolver } from './resolvers/meResolver'
+import { sendEmailResolver } from './resolvers/sendEmail'
+import { resetPasswordResolver } from './resolvers/resetPassword'
+import { sendOtpCodeResolver } from './resolvers/sendOtpCode'
+
+export const defaultQueries: {
+	[key: string]: QueryResolver<any>
+} = {
+	me: {
+		type: 'Object',
+		outputObject: {
+			name: 'MeOutput',
+			fields: {
+				user: {
+					type: 'Pointer',
+					class: 'User',
+				},
+			},
+		},
+		resolve: meResolver,
+	},
+}
+
+export const defaultMutations: {
+	[key: string]: MutationResolver<any>
+} = {
+	resetPassword: {
+		type: 'Boolean',
+		description: 'Mutation to reset the password of the user',
+		args: {
+			input: {
+				password: {
+					type: 'String',
+					required: true,
+				},
+				email: {
+					type: 'Email',
+				},
+				phone: {
+					type: 'String',
+				},
+				otp: {
+					type: 'String',
+					required: true,
+				},
+			},
+		},
+		resolve: resetPasswordResolver,
+	},
+	sendOtpCode: {
+		type: 'Boolean',
+		description: 'Send an OTP code by email to the user',
+		args: {
+			input: {
+				email: {
+					type: 'Email',
+					required: true,
+				},
+			},
+		},
+		resolve: sendOtpCodeResolver,
+	},
+	sendEmail: {
+		type: 'String',
+		description:
+			'Send basic email with text and html, returns the id of the email',
+		args: {
+			input: {
+				from: {
+					type: 'String',
+					required: true,
+				},
+				to: {
+					type: 'Array',
+					typeValue: 'String',
+					required: true,
+					requiredValue: true,
+				},
+				subject: {
+					type: 'String',
+					required: true,
+				},
+				text: {
+					type: 'String',
+				},
+				html: {
+					type: 'String',
+				},
+			},
+		},
+		resolve: sendEmailResolver,
+	},
+}

package/src/schema/index.ts

@@ -0,0 +1 @@
+export * from './Schema'

package/src/schema/resolvers/meResolver.test.ts

@@ -0,0 +1,62 @@
+import { describe, beforeAll, afterAll, it, expect } from 'bun:test'
+import type { Wabe } from '../../server'
+import { getAdminUserClient, type DevWabeTypes } from '../../utils/helper'
+import { setupTests, closeTests } from '../../utils/testHelper'
+import { gql } from 'graphql-request'
+
+describe('me', () => {
+	let wabe: Wabe<DevWabeTypes>
+
+	beforeAll(async () => {
+		const setup = await setupTests()
+		wabe = setup.wabe
+	})
+
+	afterAll(async () => {
+		await closeTests(wabe)
+	})
+
+	it('should return information about current user', async () => {
+		const adminClient = await getAdminUserClient(wabe.config.port, wabe, {
+			email: 'admin@wabe.dev',
+			password: 'admin',
+		})
+
+		const {
+			me: { user },
+		} = await adminClient.request<any>(graphql.me)
+
+		expect(user.role.name).toBe('Admin')
+
+		expect(user.authentication.emailPassword.email).toBe('admin@wabe.dev')
+	})
+})
+
+const graphql = {
+	signUpWith: gql`
+		 mutation signUpWith($input: SignUpWithInput!) {
+  		signUpWith(input:	$input){
+  			id
+  			accessToken
+  			refreshToken
+  		}
+  	}
+	 `,
+	me: gql`
+    query me {
+      me {
+       user{
+           id
+           authentication{
+               emailPassword{
+                   email
+               }
+           }
+           role {
+               name
+           }
+       }
+      }
+    }
+  `,
+}

package/src/schema/resolvers/meResolver.ts

@@ -0,0 +1,14 @@
+import type { WabeContext } from '../../server/interface'
+import type { DevWabeTypes } from '../../utils/helper'
+
+export const meResolver = (
+	_: any,
+	__: any,
+	context: WabeContext<DevWabeTypes>,
+) => {
+	if (!context.user?.id) return { user: undefined }
+
+	return {
+		user: context.user,
+	}
+}

package/src/schema/resolvers/resetPassword.test.ts

@@ -0,0 +1,345 @@
+import { describe, it, afterAll, beforeAll, expect, beforeEach } from 'bun:test'
+import { gql, type GraphQLClient } from 'graphql-request'
+import {
+	type DevWabeTypes,
+	getAnonymousClient,
+	getGraphqlClient,
+} from '../../utils/helper'
+import { setupTests, closeTests } from '../../utils/testHelper'
+import type { Wabe } from '../../server'
+import { OTP } from 'src'
+
+describe('resetPasswordResolver', () => {
+	let wabe: Wabe<DevWabeTypes>
+	let port: number
+	let client: GraphQLClient
+
+	beforeAll(async () => {
+		const setup = await setupTests()
+		wabe = setup.wabe
+		port = setup.port
+		client = getGraphqlClient(port)
+	})
+
+	afterAll(async () => {
+		await closeTests(wabe)
+	})
+
+	beforeEach(async () => {
+		await wabe.controllers.database.clearDatabase()
+	})
+
+	it('should let an anonymous reset the password of an user', async () => {
+		process.env.NODE_ENV = 'production'
+
+		const anonymousClient = getAnonymousClient(port)
+
+		await anonymousClient.request<any>(graphql.createUser, {
+			input: {
+				fields: {
+					authentication: {
+						emailPassword: {
+							email: 'toto@toto.fr',
+							password: 'totototo',
+						},
+					},
+				},
+			},
+		})
+
+		const {
+			users: { edges },
+		} = await getGraphqlClient(port).request<any>(gql`
+        query users {
+          users (where: {email: {equalTo: "toto@toto.fr"}}) {
+            edges {
+              node {
+                id
+              }
+            }
+          }
+        }
+    `)
+
+		const userId = edges[0].node.id
+
+		const otp = new OTP(wabe.config.rootKey)
+
+		await anonymousClient.request<any>(graphql.resetPassword, {
+			input: {
+				email: 'toto@toto.fr',
+				password: 'tata',
+				otp: otp.generate(userId),
+			},
+		})
+
+		const res = await anonymousClient.request<any>(graphql.signInWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'toto@toto.fr',
+						password: 'tata',
+					},
+				},
+			},
+		})
+
+		expect(res.signInWith.user.id).toEqual(userId)
+
+		process.env.NODE_ENV = 'test'
+	})
+
+	it('should reset password of an user if the OTP code is valid', async () => {
+		process.env.NODE_ENV = 'production'
+
+		const {
+			createUser: { user },
+		} = await client.request<any>(graphql.createUserWithRoot, {
+			input: {
+				fields: {
+					authentication: {
+						emailPassword: {
+							email: 'toto@toto.fr',
+							password: 'totototo',
+						},
+					},
+				},
+			},
+		})
+
+		const userId = user.id
+
+		const otp = new OTP(wabe.config.rootKey)
+
+		await client.request<any>(graphql.resetPassword, {
+			input: {
+				email: 'toto@toto.fr',
+				password: 'tata',
+				otp: otp.generate(userId),
+			},
+		})
+
+		const res = await client.request<any>(graphql.signInWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'toto@toto.fr',
+						password: 'tata',
+					},
+				},
+			},
+		})
+
+		expect(res.signInWith.user.id).toEqual(userId)
+
+		process.env.NODE_ENV = 'test'
+	})
+
+	it('should reset password in dev mode with valid normal code', async () => {
+		process.env.NODE_ENV = 'test'
+
+		const {
+			createUser: { user },
+		} = await client.request<any>(graphql.createUserWithRoot, {
+			input: {
+				fields: {
+					authentication: {
+						emailPassword: {
+							email: 'toto@toto.fr',
+							password: 'totototo',
+						},
+					},
+				},
+			},
+		})
+
+		const userId = user.id
+
+		const otp = new OTP(wabe.config.rootKey)
+
+		await client.request<any>(graphql.resetPassword, {
+			input: {
+				email: 'toto@toto.fr',
+				password: 'tata',
+				otp: otp.generate(userId),
+			},
+		})
+
+		const res = await client.request<any>(graphql.signInWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'toto@toto.fr',
+						password: 'tata',
+					},
+				},
+			},
+		})
+
+		expect(res.signInWith.user.id).toEqual(userId)
+	})
+
+	it('should reset password in dev mode with code 000000', async () => {
+		process.env.NODE_ENV = 'test'
+
+		const {
+			createUser: { user },
+		} = await client.request<any>(graphql.createUserWithRoot, {
+			input: {
+				fields: {
+					authentication: {
+						emailPassword: {
+							email: 'toto2@toto.fr',
+							password: 'totototo',
+						},
+					},
+				},
+			},
+		})
+
+		const userId = user.id
+
+		await client.request<any>(graphql.resetPassword, {
+			input: {
+				email: 'toto2@toto.fr',
+				password: 'tata',
+				otp: '000000',
+			},
+		})
+
+		const res = await client.request<any>(graphql.signInWith, {
+			input: {
+				authentication: {
+					emailPassword: {
+						email: 'toto2@toto.fr',
+						password: 'tata',
+					},
+				},
+			},
+		})
+
+		expect(res.signInWith.user.id).toEqual(userId)
+	})
+
+	it("should return true if the user doesn't exist (hide sensitive data)", async () => {
+		process.env.NODE_ENV = 'test'
+
+		const res = await client.request<any>(graphql.resetPassword, {
+			input: {
+				email: 'invalidUser@toto.fr',
+				password: 'tata',
+				otp: '000000',
+			},
+		})
+
+		expect(res.resetPassword).toEqual(true)
+	})
+
+	it('should not reset password of an user if the OTP code is invalid', async () => {
+		process.env.NODE_ENV = 'production'
+
+		await client.request<any>(graphql.createUserWithRoot, {
+			input: {
+				fields: {
+					authentication: {
+						emailPassword: {
+							email: 'toto3@toto.fr',
+							password: 'totototo',
+						},
+					},
+				},
+			},
+		})
+
+		expect(
+			client.request<any>(graphql.resetPassword, {
+				input: {
+					email: 'toto3@toto.fr',
+					password: 'tata',
+					otp: 'invalidOtp',
+				},
+			}),
+		).rejects.toThrow('Invalid OTP code')
+
+		process.env.NODE_ENV = 'test'
+	})
+
+	it('should reset password of another provider than emailPassword', async () => {
+		process.env.NODE_ENV = 'production'
+
+		const {
+			createUser: { user },
+		} = await client.request<any>(graphql.createUserWithRoot, {
+			input: {
+				fields: {
+					authentication: {
+						phonePassword: {
+							phone: '+33600000000',
+							password: 'totototo',
+						},
+					},
+				},
+			},
+		})
+
+		const userId = user.id
+
+		const otp = new OTP(wabe.config.rootKey)
+
+		await client.request<any>(graphql.resetPassword, {
+			input: {
+				phone: '+33600000000',
+				password: 'tata',
+				otp: otp.generate(userId),
+			},
+		})
+
+		const res = await client.request<any>(graphql.signInWith, {
+			input: {
+				authentication: {
+					phonePassword: {
+						phone: '+33600000000',
+						password: 'tata',
+					},
+				},
+			},
+		})
+
+		expect(res.signInWith.user.id).toEqual(userId)
+
+		process.env.NODE_ENV = 'test'
+	})
+})
+
+const graphql = {
+	signInWith: gql`
+      mutation signInWith($input: SignInWithInput!) {
+        signInWith(input: $input){
+          user {
+              id
+          }
+        }
+      }
+    `,
+	createUser: gql`
+      mutation createUser($input: CreateUserInput!) {
+        createUser(input: $input) {
+          ok
+        }
+      }
+    `,
+	createUserWithRoot: gql`
+      mutation createUser($input: CreateUserInput!) {
+        createUser(input: $input) {
+          user {
+            id
+          }
+        }
+      }
+    `,
+	resetPassword: gql`
+      mutation resetPassword($input: ResetPasswordInput!) {
+        resetPassword(input: $input)
+      }
+  `,
+}

package/src/schema/resolvers/resetPassword.ts

@@ -0,0 +1,64 @@
+import type { MutationResetPasswordArgs } from '../../../generated/wabe'
+import { OTP } from '../../authentication/OTP'
+import type { WabeContext } from '../../server/interface'
+import { contextWithRoot } from '../../utils/export'
+import type { DevWabeTypes } from '../../utils/helper'
+
+const DUMMY_USER_ID = '00000000-0000-0000-0000-000000000000'
+
+export const resetPasswordResolver = async (
+	_: any,
+	{ input: { email, phone, password, otp } }: MutationResetPasswordArgs,
+	context: WabeContext<DevWabeTypes>,
+) => {
+	if (!email && !phone) throw new Error('Email or phone is required')
+
+	const users = await context.wabe.controllers.database.getObjects({
+		className: 'User',
+		where: {
+			...(email && { email: { equalTo: email } }),
+			...(phone && {
+				authentication: { phonePassword: { phone: { equalTo: phone } } },
+			}),
+		},
+		select: { id: true, authentication: true },
+		first: 1,
+		context: contextWithRoot(context),
+	})
+
+	const realUser = users.length > 0 ? users[0] : null
+	const userId = realUser?.id ?? DUMMY_USER_ID
+
+	const otpClass = new OTP(context.wabe.config.rootKey)
+	const isOtpValid = otpClass.verify(otp, userId)
+
+	if (realUser) {
+		const inProd = process.env.NODE_ENV === 'production'
+		const devBypass = !inProd && otp === '000000'
+
+		if (!isOtpValid && !(devBypass && !inProd))
+			throw new Error('Invalid OTP code')
+
+		const providerKey = phone ? 'phonePassword' : 'emailPassword'
+
+		await context.wabe.controllers.database.updateObject({
+			className: 'User',
+			id: realUser.id,
+			data: {
+				authentication: {
+					[providerKey]: {
+						...(phone && {
+							phone: realUser.authentication?.phonePassword?.phone,
+						}),
+						...(email && { email }),
+						password,
+					},
+				},
+			},
+			select: {},
+			context: contextWithRoot(context),
+		})
+	}
+
+	return true
+}

package/src/schema/resolvers/sendEmail.test.ts

@@ -0,0 +1,118 @@
+import { describe, expect, it, mock } from 'bun:test'
+import { sendEmailResolver } from './sendEmail'
+import type { WabeContext } from '../../server/interface'
+
+describe('SendEmail', () => {
+	it('should throw an error if email adapter is not defined', () => {
+		expect(() =>
+			sendEmailResolver(
+				undefined,
+				{
+					input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
+				},
+				{
+					isRoot: false,
+					user: {
+						id: 'id',
+					},
+					wabe: {
+						controllers: {
+							email: undefined,
+						} as any,
+					},
+				} as WabeContext<any>,
+			),
+		).toThrow('Email adapter not defined')
+	})
+
+	it('should send email when user is connected', async () => {
+		const mockSend = mock(() => {}).mockResolvedValueOnce(true as never)
+
+		const res = await sendEmailResolver(
+			undefined,
+			{
+				input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
+			},
+			{
+				isRoot: false,
+				user: {
+					id: 'id',
+				},
+				wabe: {
+					controllers: {
+						email: {
+							send: mockSend,
+						},
+					} as any,
+				},
+			} as WabeContext<any>,
+		)
+
+		expect(res).toBeTrue()
+
+		expect(mockSend).toHaveBeenCalledTimes(1)
+		expect(mockSend).toHaveBeenCalledWith({
+			from: 'from',
+			to: ['to'],
+			subject: 'subject',
+			text: 'text',
+		})
+	})
+
+	it('should send email when user is root', async () => {
+		const mockSend = mock(() => {}).mockResolvedValueOnce(true as never)
+
+		const res = await sendEmailResolver(
+			undefined,
+			{
+				input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
+			},
+			{
+				isRoot: true,
+				wabe: {
+					controllers: {
+						email: {
+							send: mockSend,
+						},
+					} as any,
+				},
+			} as WabeContext<any>,
+		)
+
+		expect(res).toBeTrue()
+
+		expect(mockSend).toHaveBeenCalledTimes(1)
+		expect(mockSend).toHaveBeenCalledWith({
+			from: 'from',
+			to: ['to'],
+			subject: 'subject',
+			text: 'text',
+		})
+	})
+
+	it('should not send email when user is not connected and is not root', () => {
+		const mockSend = mock(() => {}).mockResolvedValueOnce(true as never)
+
+		expect(() =>
+			sendEmailResolver(
+				undefined,
+				{
+					input: { from: 'from', to: ['to'], subject: 'subject', text: 'text' },
+				},
+				{
+					isRoot: false,
+					user: undefined,
+					wabe: {
+						controllers: {
+							email: {
+								send: mockSend,
+							},
+						} as any,
+					},
+				} as WabeContext<any>,
+			),
+		).toThrow('Permission denied')
+
+		expect(mockSend).toHaveBeenCalledTimes(0)
+	})
+})