diff --git a/db/auth.go b/db/auth.go index f2f1f4d..0a73aa2 100644 --- a/db/auth.go +++ b/db/auth.go @@ -1,6 +1,7 @@ package db import ( + "log/slog" "me-fit/types" "me-fit/utils" @@ -63,6 +64,11 @@ type Token struct { ExpiresAt time.Time } +var ( + TokenTypeEmailVerify = "email_verify" + TokenTypePasswordReset = "password_reset" +) + func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.Time, expiresAt time.Time) *Token { return &Token{ UserId: userId, @@ -76,18 +82,15 @@ func NewToken(userId uuid.UUID, token string, tokenType string, createdAt time.T type AuthDb interface { InsertUser(user *User) error UpdateUser(user *User) error - GetUser(email string) (*User, error) - GetUserById(userId uuid.UUID) (*User, error) + GetUserByEmail(email string) (*User, error) + GetUser(userId uuid.UUID) (*User, error) DeleteUser(userId uuid.UUID) error - InsertEmailVerificationToken(userId uuid.UUID, token string) error - InsertForgotPasswordToken(email string, token string) error - GetEmailVerificationToken(userId uuid.UUID) (string, error) + InsertToken(token *Token) error GetToken(token string) (*Token, error) + GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error) DeleteToken(token string) error - VerifyEmail(token string) error - InsertSession(session *Session) error GetSession(sessionId string) (*Session, error) DeleteSession(sessionId string) error @@ -135,7 +138,7 @@ func (db AuthDbSqlite) UpdateUser(user *User) error { return nil } -func (db AuthDbSqlite) GetUser(email string) (*User, error) { +func (db AuthDbSqlite) GetUserByEmail(email string) (*User, error) { var ( userId uuid.UUID emailVerified bool @@ -162,7 +165,7 @@ func (db AuthDbSqlite) GetUser(email string) (*User, error) { return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil } -func (db AuthDbSqlite) GetUserById(userId uuid.UUID) (*User, error) { +func (db AuthDbSqlite) GetUser(userId uuid.UUID) (*User, error) { var ( email string emailVerified bool @@ -234,10 +237,10 @@ func (db AuthDbSqlite) DeleteUser(userId uuid.UUID) error { return nil } -func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error { +func (db AuthDbSqlite) InsertToken(token *Token) error { _, err := db.db.Exec(` - INSERT INTO user_token (user_uuid, type, token, created_at) - VALUES (?, 'email_verify', ?, datetime())`, userId, token) + INSERT INTO user_token (user_uuid, type, token, created_at, expires_at) + VALUES (?, ?, ?, ?, ?)`, token.UserId, token.Type, token.Token, token.CreatedAt, token.ExpiresAt) if err != nil { utils.LogError("Could not insert token", err) @@ -247,23 +250,6 @@ func (db AuthDbSqlite) InsertEmailVerificationToken(userId uuid.UUID, token stri return nil } -func (db AuthDbSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, error) { - var token string - - err := db.db.QueryRow(` - SELECT token - FROM user_token - WHERE user_uuid = ? - AND type = 'email_verify'`, userId).Scan(&token) - - if err != nil && err != sql.ErrNoRows { - utils.LogError("Could not get token", err) - return "", types.ErrInternal - } - - return token, nil -} - func (db AuthDbSqlite) GetToken(token string) (*Token, error) { var ( userId uuid.UUID @@ -280,9 +266,14 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) { WHERE token = ? AND type = 'email_verify'`, token).Scan(&userId, &tokenType, &createdAtStr, &expiresAtStr) - if err != nil && err != sql.ErrNoRows { - utils.LogError("Could not get token", err) - return nil, types.ErrInternal + if err != nil { + if err == sql.ErrNoRows { + slog.Info("Token '" + token + "' not found") + return nil, ErrNotFound + } else { + utils.LogError("Could not get token", err) + return nil, types.ErrInternal + } } createdAt, err = time.Parse(time.RFC3339, createdAtStr) @@ -300,6 +291,54 @@ func (db AuthDbSqlite) GetToken(token string) (*Token, error) { return NewToken(userId, token, tokenType, createdAt, expiresAt), nil } +func (db AuthDbSqlite) GetTokensByUserIdAndType(userId uuid.UUID, tokenType string) ([]*Token, error) { + + query, err := db.db.Query(` + SELECT token, created_at, expires_at + FROM user_token + WHERE user_uuid = ? + AND type = ?`, userId, tokenType) + + if err != nil { + utils.LogError("Could not get token", err) + return nil, types.ErrInternal + } + + var tokens []*Token + + for query.Next() { + var ( + token string + createdAtStr string + expiresAtStr string + createdAt time.Time + expiresAt time.Time + ) + + err := query.Scan(&token, &createdAtStr, &expiresAtStr) + if err != nil { + utils.LogError("Could not scan token", err) + return nil, types.ErrInternal + } + + createdAt, err = time.Parse(time.RFC3339, createdAtStr) + if err != nil { + utils.LogError("Could not parse token.created_at", err) + return nil, types.ErrInternal + } + + expiresAt, err = time.Parse(time.RFC3339, expiresAtStr) + if err != nil { + utils.LogError("Could not parse token.expires_at", err) + return nil, types.ErrInternal + } + + tokens = append(tokens, NewToken(userId, token, tokenType, createdAt, expiresAt)) + } + + return tokens, nil +} + func (db AuthDbSqlite) DeleteToken(token string) error { _, err := db.db.Exec("DELETE FROM user_token WHERE token = ?", token) if err != nil { @@ -365,61 +404,3 @@ func (db AuthDbSqlite) DeleteSession(sessionId string) error { return nil } - -func (db AuthDbSqlite) VerifyEmail(token string) error { - - result, err := db.db.Exec(` - UPDATE user - SET email_verified = true, email_verified_at = datetime() - WHERE user_uuid = ( - SELECT user_uuid - FROM user_token - WHERE type = "email_verify" - AND token = ? - ); - `, token) - - if err != nil { - utils.LogError("Could not update user on verify response", err) - return types.ErrInternal - } - - i, err := result.RowsAffected() - if err != nil { - utils.LogError("Could not get rows affected on verify response", err) - return types.ErrInternal - } - - if i == 0 { - return types.ErrInternal - } - - return nil -} - -func (db AuthDbSqlite) InsertForgotPasswordToken(email string, token string) error { - - res, err := db.db.Exec(` - INSERT INTO user_token (user_uuid, type, token, created_at, expires_at) - SELECT user_uuid, 'password_reset', ?, datetime(), datetime('now', '+15 minute') - FROM user - WHERE email = ? - `, token, email) - - if err != nil { - utils.LogError("Could not insert token", err) - return types.ErrInternal - } - - i, err := res.RowsAffected() - if err != nil { - utils.LogError("Could not get rows affected", err) - return types.ErrInternal - } - - if i == 0 { - return ErrNotFound - } - - return nil -} diff --git a/db/auth_test.go b/db/auth_test.go index 4eefb1b..3f26e7c 100644 --- a/db/auth_test.go +++ b/db/auth_test.go @@ -37,7 +37,7 @@ func TestUser(t *testing.T) { underTest := AuthDbSqlite{db: db} - _, err := underTest.GetUser("someNonExistentEmail") + _, err := underTest.GetUserByEmail("someNonExistentEmail") assert.Equal(t, ErrNotFound, err) }) @@ -54,7 +54,7 @@ func TestUser(t *testing.T) { err := underTest.InsertUser(expected) assert.Nil(t, err) - actual, err := underTest.GetUser(expected.Email) + actual, err := underTest.GetUserByEmail(expected.Email) assert.Nil(t, err) assert.Equal(t, expected, actual) @@ -81,32 +81,35 @@ func TestUser(t *testing.T) { func TestEmailVerification(t *testing.T) { t.Parallel() - t.Run("should return empty string if no token is safed", func(t *testing.T) { + t.Run("should return NotFound", func(t *testing.T) { t.Parallel() db := setupDb(t) underTest := AuthDbSqlite{db: db} - token, err := underTest.GetEmailVerificationToken(uuid.New()) + token, err := underTest.GetToken("someNonExistentToken") - assert.Nil(t, err) - assert.Equal(t, "", token) + assert.Equal(t, ErrNotFound, err) + assert.Nil(t, token) }) t.Run("should insert and return token", func(t *testing.T) { t.Parallel() db := setupDb(t) underTest := AuthDbSqlite{db: db} + tokenStr := "some secure token" + createdAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC) - userId := uuid.New() - expectedToken := "someToken" + expectedToken := NewToken(uuid.New(), tokenStr, TokenTypeEmailVerify, createdAt, createdAt.Add(24*time.Hour)) - err := underTest.InsertEmailVerificationToken(userId, expectedToken) + err := underTest.InsertToken(expectedToken) assert.Nil(t, err) - actualToken, err := underTest.GetEmailVerificationToken(userId) + actualToken, err := underTest.GetToken(tokenStr) assert.Nil(t, err) + t.Logf("expectedToken: %v", expectedToken) + t.Logf("actualToken: %v", actualToken) assert.Equal(t, expectedToken, actualToken) }) } diff --git a/service/auth.go b/service/auth.go index f1d9ba6..a67c60b 100644 --- a/service/auth.go +++ b/service/auth.go @@ -88,7 +88,7 @@ func NewAuthServiceImpl(dbAuth db.AuthDb, randomGenerator RandomService, clock C } func (service AuthServiceImpl) SignIn(email string, password string) (*Session, error) { - user, err := service.dbAuth.GetUser(email) + user, err := service.dbAuth.GetUserByEmail(email) if err != nil { if errors.Is(err, db.ErrNotFound) { return nil, ErrInvaidCredentials @@ -170,27 +170,34 @@ func (service AuthServiceImpl) SignUp(email string, password string) (*User, err } func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email string) { - var token string - token, err := service.dbAuth.GetEmailVerificationToken(userId) + tokens, err := service.dbAuth.GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify) if err != nil { return } - if token == "" { - token, err := service.randomGenerator.String(32) + var token *db.Token + + if len(tokens) > 0 { + token = tokens[0] + } + + if token == nil { + newTokenStr, err := service.randomGenerator.String(32) if err != nil { return } - err = service.dbAuth.InsertEmailVerificationToken(userId, token) + token = db.NewToken(userId, newTokenStr, db.TokenTypeEmailVerify, service.clock.Now(), service.clock.Now().Add(24*time.Hour)) + + err = service.dbAuth.InsertToken(token) if err != nil { return } } var w strings.Builder - err = mailTemplate.Register(service.serverSettings.BaseUrl, token).Render(context.Background(), &w) + err = mailTemplate.Register(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &w) if err != nil { utils.LogError("Could not render welcome email", err) return @@ -199,13 +206,42 @@ func (service AuthServiceImpl) SendVerificationMail(userId uuid.UUID, email stri service.mailService.SendMail(email, "Welcome to ME-FIT", w.String()) } -func (service AuthServiceImpl) VerifyUserEmail(token string) error { +func (service AuthServiceImpl) VerifyUserEmail(tokenStr string) error { - if token == "" { + if tokenStr == "" { return types.ErrInternal } - return service.dbAuth.VerifyEmail(token) + token, err := service.dbAuth.GetToken(tokenStr) + if err != nil { + return types.ErrInternal + } + + user, err := service.dbAuth.GetUser(token.UserId) + if err != nil { + return types.ErrInternal + } + + if token.Type != db.TokenTypeEmailVerify { + return types.ErrInternal + } + + now := service.clock.Now() + + if token.ExpiresAt.Before(now) { + return types.ErrInternal + } + + user.EmailVerified = true + user.EmailVerifiedAt = &now + + err = service.dbAuth.UpdateUser(user) + if err != nil { + return types.ErrInternal + } + + _ = service.dbAuth.DeleteToken(token.Token) + return nil } func (service AuthServiceImpl) SignOut(sessionId string) error { @@ -223,7 +259,7 @@ func (service AuthServiceImpl) GetUserFromSessionId(sessionId string) (*User, er return nil, types.ErrInternal } - user, err := service.dbAuth.GetUserById(session.UserId) + user, err := service.dbAuth.GetUser(session.UserId) if err != nil { return nil, types.ErrInternal } @@ -273,7 +309,7 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri return err } - userDb, err := service.dbAuth.GetUserById(user.Id) + userDb, err := service.dbAuth.GetUser(user.Id) if err != nil { return err } @@ -292,23 +328,35 @@ func (service AuthServiceImpl) ChangePassword(user *User, currPass, newPass stri func (service AuthServiceImpl) ForgotPassword(email string) error { - token, err := service.randomGenerator.String(32) + tokenStr, err := service.randomGenerator.String(32) if err != nil { return err } - err = service.dbAuth.InsertForgotPasswordToken(email, token) - - if err != db.ErrNotFound { - var mail strings.Builder - err = mailTemplate.ResetPassword(service.serverSettings.BaseUrl, token).Render(context.Background(), &mail) - if err != nil { - utils.LogError("Could not render reset password email", err) + user, err := service.dbAuth.GetUserByEmail(email) + if err != nil { + if err == db.ErrNotFound { + return nil + } else { return types.ErrInternal } - go service.mailService.SendMail(email, "Reset Password", mail.String()) } + token := db.NewToken(user.Id, tokenStr, db.TokenTypePasswordReset, service.clock.Now(), service.clock.Now().Add(15*time.Minute)) + + err = service.dbAuth.InsertToken(token) + if err != nil { + return types.ErrInternal + } + + var mail strings.Builder + err = mailTemplate.ResetPassword(service.serverSettings.BaseUrl, token.Token).Render(context.Background(), &mail) + if err != nil { + utils.LogError("Could not render reset password email", err) + return types.ErrInternal + } + go service.mailService.SendMail(email, "Reset Password", mail.String()) + return nil } @@ -328,7 +376,7 @@ func (service AuthServiceImpl) ForgotPasswordResponse(tokenStr string, newPass s return err } - user, err := service.dbAuth.GetUserById(token.UserId) + user, err := service.dbAuth.GetUser(token.UserId) if err != nil { utils.LogError("Could not get user from token", err) return types.ErrInternal diff --git a/service/auth_test.go b/service/auth_test.go index c6f4d33..2ac2378 100644 --- a/service/auth_test.go +++ b/service/auth_test.go @@ -36,7 +36,7 @@ func TestSignIn(t *testing.T) { dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)) mockAuthDb := mocks.NewMockAuthDb(t) - mockAuthDb.EXPECT().GetUser("test@test.de").Return(user, nil) + mockAuthDb.EXPECT().GetUserByEmail("test@test.de").Return(user, nil) mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil) mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil) mockRandom := mocks.NewMockRandomService(t) @@ -71,7 +71,7 @@ func TestSignIn(t *testing.T) { ) mockAuthDb := mocks.NewMockAuthDb(t) - mockAuthDb.EXPECT().GetUser(user.Email).Return(user, nil) + mockAuthDb.EXPECT().GetUserByEmail(user.Email).Return(user, nil) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) @@ -86,7 +86,7 @@ func TestSignIn(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) - mockAuthDb.EXPECT().GetUser("test").Return(nil, db.ErrNotFound) + mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, db.ErrNotFound) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) @@ -100,7 +100,7 @@ func TestSignIn(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) - mockAuthDb.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error")) + mockAuthDb.EXPECT().GetUserByEmail("test").Return(nil, errors.New("Some undefined error")) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) @@ -227,7 +227,9 @@ func TestSendVerificationMail(t *testing.T) { t.Run("should use stored token and send mail", func(t *testing.T) { t.Parallel() - token := "someRandomTokenToUse" + token := db.NewToken(uuid.New(), "someRandomTokenToUse", db.TokenTypeEmailVerify, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC)) + tokens := []*db.Token{token} + email := "some@email.de" userId := uuid.New() @@ -236,9 +238,11 @@ func TestSendVerificationMail(t *testing.T) { mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) - mockAuthDb.EXPECT().GetEmailVerificationToken(userId).Return(token, nil) + mockAuthDb.EXPECT().GetTokensByUserIdAndType(userId, db.TokenTypeEmailVerify).Return(tokens, nil) - mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { return strings.Contains(message, token) })).Return() + mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { + return strings.Contains(message, token.Token) + })).Return() underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{})