Ryan/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2025-11-15 13:11:12 +10:00
Code Issues Packages Projects Releases Wiki Activity

fix: refactor forgot password system (#329)

Browse Source 
* refactor forgot password system

* ready
This commit is contained in:
Philip Okugbe
2024-09-19 15:51:51 +01:00
committed by GitHub
parent b152c858b4
commit e56f7933f4
29 changed files with 578 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/server/src/core/auth/auth.constants.ts Normal file
View File

@ -0,0 +1,3 @@
export enum UserTokenType {
FORGOT_PASSWORD = 'forgot-password',
}

42
apps/server/src/core/auth/auth.controller.ts
View File

@ -10,7 +10,6 @@ import {
} from '@nestjs/common';
import { LoginDto } from './dto/login.dto';
import { AuthService } from './services/auth.service';
import { CreateUserDto } from './dto/create-user.dto';
import { SetupGuard } from './guards/setup.guard';
import { EnvironmentService } from '../../integrations/environment/environment.service';
import { CreateAdminUserDto } from './dto/create-admin-user.dto';
@ -20,6 +19,8 @@ import { User, Workspace } from '@docmost/db/types/entity.types';
import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
import { ForgotPasswordDto } from './dto/forgot-password.dto';
import { PasswordResetDto } from './dto/password-reset.dto';
import { VerifyUserTokenDto } from './dto/verify-user-token.dto';
@Controller('auth')
export class AuthController {
@ -34,18 +35,6 @@ export class AuthController {
return this.authService.login(loginInput, req.raw.workspaceId);
}
@HttpCode(HttpStatus.OK)
@Post('forgot-password')
async forgotPassword(
@Req() req,
@Body() forgotPasswordDto: ForgotPasswordDto,
) {
return this.authService.forgotPassword(
forgotPasswordDto,
req.raw.workspaceId,
);
}
/* @HttpCode(HttpStatus.OK)
@Post('register')
async register(@Req() req, @Body() createUserDto: CreateUserDto) {
@ -74,4 +63,31 @@ export class AuthController {
) {
return this.authService.changePassword(dto, user.id, workspace.id);
}
@HttpCode(HttpStatus.OK)
@Post('forgot-password')
async forgotPassword(
@Body() forgotPasswordDto: ForgotPasswordDto,
@AuthWorkspace() workspace: Workspace,
) {
return this.authService.forgotPassword(forgotPasswordDto, workspace.id);
}
@HttpCode(HttpStatus.OK)
@Post('password-reset')
async passwordReset(
@Body() passwordResetDto: PasswordResetDto,
@AuthWorkspace() workspace: Workspace,
) {
return this.authService.passwordReset(passwordResetDto, workspace.id);
}
@HttpCode(HttpStatus.OK)
@Post('verify-token')
async verifyResetToken(
@Body() verifyUserTokenDto: VerifyUserTokenDto,
@AuthWorkspace() workspace: Workspace,
) {
return this.authService.verifyUserToken(verifyUserTokenDto, workspace.id);
}
}

11
apps/server/src/core/auth/dto/forgot-password.dto.ts
View File

@ -1,16 +1,7 @@
import { IsEmail, IsNotEmpty, IsOptional, IsString, MinLength } from 'class-validator';
import { IsEmail, IsNotEmpty } from 'class-validator';
export class ForgotPasswordDto {
@IsNotEmpty()
@IsEmail()
email: string;
@IsOptional()
@IsString()
token: string;
@IsOptional()
@IsString()
@MinLength(8)
newPassword: string;
}

10
apps/server/src/core/auth/dto/password-reset.dto.ts Normal file
View File

@ -0,0 +1,10 @@
import { IsString, MinLength } from 'class-validator';
export class PasswordResetDto {
@IsString()
token: string;
@IsString()
@MinLength(8)
newPassword: string;
}

9
apps/server/src/core/auth/dto/verify-user-token.dto.ts Normal file
View File

@ -0,0 +1,9 @@
import { IsString, MinLength } from 'class-validator';
export class VerifyUserTokenDto {
@IsString()
token: string;
@IsString()
type: string;
}

212
apps/server/src/core/auth/services/auth.service.ts
View File

@ -11,13 +11,25 @@ import { TokensDto } from '../dto/tokens.dto';
import { SignupService } from './signup.service';
import { CreateAdminUserDto } from '../dto/create-admin-user.dto';
import { UserRepo } from '@docmost/db/repos/user/user.repo';
import { comparePasswordHash, hashPassword, nanoIdGen } from '../../../common/helpers';
import {
comparePasswordHash,
hashPassword,
nanoIdGen,
} from '../../../common/helpers';
import { ChangePasswordDto } from '../dto/change-password.dto';
import { MailService } from '../../../integrations/mail/mail.service';
import ChangePasswordEmail from '@docmost/transactional/emails/change-password-email';
import { ForgotPasswordDto } from '../dto/forgot-password.dto';
import ForgotPasswordEmail from '@docmost/transactional/emails/forgot-password-email';
import { UserTokensRepo } from '@docmost/db/repos/user-tokens/user-tokens.repo';
import { UserTokenRepo } from '@docmost/db/repos/user-token/user-token.repo';
import { PasswordResetDto } from '../dto/password-reset.dto';
import { UserToken } from '@docmost/db/types/entity.types';
import { UserTokenType } from '../auth.constants';
import { KyselyDB } from '@docmost/db/types/kysely.types';
import { InjectKysely } from 'nestjs-kysely';
import { executeTx } from '@docmost/db/utils';
import { VerifyUserTokenDto } from '../dto/verify-user-token.dto';
import { EnvironmentService } from 'src/integrations/environment/environment.service';
@Injectable()
export class AuthService {
@ -25,8 +37,10 @@ export class AuthService {
private signupService: SignupService,
private tokenService: TokenService,
private userRepo: UserRepo,
private userTokensRepo: UserTokensRepo,
private userTokenRepo: UserTokenRepo,
private mailService: MailService,
private environmentService: EnvironmentService,
@InjectKysely() private readonly db: KyselyDB,
) {}
async login(loginDto: LoginDto, workspaceId: string) {
@ -50,94 +64,6 @@ export class AuthService {
return { tokens };
}
async forgotPassword(
forgotPasswordDto: ForgotPasswordDto,
workspaceId: string,
) {
const user = await this.userRepo.findByEmail(
forgotPasswordDto.email,
workspaceId,
true,
);
if (!user) {
return;
}
if (
forgotPasswordDto.token == null ||
forgotPasswordDto.newPassword == null
) {
// Generate 5-character user token
const code = nanoIdGen(5).toUpperCase();
const hashedToken = await hashPassword(code);
await this.userTokensRepo.insertUserToken({
token: hashedToken,
user_id: user.id,
workspace_id: user.workspaceId,
expires_at: new Date(new Date().getTime() + 3_600_000), // should expires in 1 hour
type: "forgot-password",
});
const emailTemplate = ForgotPasswordEmail({
username: user.name,
code: code,
});
await this.mailService.sendToQueue({
to: user.email,
subject: 'Reset your password',
template: emailTemplate,
});
return;
}
// Get all user tokens that are not expired
const userTokens = await this.userTokensRepo.findByUserId(
user.id,
user.workspaceId,
"forgot-password"
);
// Limit to the last 3 token, so we have a total time window of 15 minutes
const validUserTokens = userTokens
.filter((token) => token.expires_at > new Date() && token.used_at == null)
.slice(0, 3);
for (const token of validUserTokens) {
const validated = await comparePasswordHash(
forgotPasswordDto.token,
token.token,
);
if (validated) {
await Promise.all([
this.userTokensRepo.deleteUserToken(user.id, user.workspaceId, "forgot-password"),
this.userTokensRepo.deleteExpiredUserTokens(),
]);
const newPasswordHash = await hashPassword(
forgotPasswordDto.newPassword,
);
await this.userRepo.updateUser(
{
password: newPasswordHash,
},
user.id,
workspaceId,
);
const emailTemplate = ChangePasswordEmail({ username: user.name });
await this.mailService.sendToQueue({
to: user.email,
subject: 'Your password has been changed',
template: emailTemplate,
});
return;
}
}
throw new BadRequestException('Incorrect code');
}
async register(createUserDto: CreateUserDto, workspaceId: string) {
const user = await this.signupService.signup(createUserDto, workspaceId);
@ -192,4 +118,108 @@ export class AuthService {
template: emailTemplate,
});
}
async forgotPassword(
forgotPasswordDto: ForgotPasswordDto,
workspaceId: string,
): Promise<void> {
const user = await this.userRepo.findByEmail(
forgotPasswordDto.email,
workspaceId,
);
if (!user) {
return;
}
const token = nanoIdGen(16);
const resetLink = `${this.environmentService.getAppUrl()}/password-reset?token=${token}`;
await this.userTokenRepo.insertUserToken({
token: token,
userId: user.id,
workspaceId: user.workspaceId,
expiresAt: new Date(new Date().getTime() + 60 * 60 * 1000), // 1 hour
type: UserTokenType.FORGOT_PASSWORD,
});
const emailTemplate = ForgotPasswordEmail({
username: user.name,
resetLink: resetLink,
});
await this.mailService.sendToQueue({
to: user.email,
subject: 'Reset your password',
template: emailTemplate,
});
}
async passwordReset(passwordResetDto: PasswordResetDto, workspaceId: string) {
const userToken = await this.userTokenRepo.findById(
passwordResetDto.token,
workspaceId,
);
if (
!userToken ||
userToken.type !== UserTokenType.FORGOT_PASSWORD ||
userToken.expiresAt < new Date()
) {
throw new BadRequestException('Invalid or expired token');
}
const user = await this.userRepo.findById(userToken.userId, workspaceId);
if (!user) {
throw new NotFoundException('User not found');
}
const newPasswordHash = await hashPassword(passwordResetDto.newPassword);
await executeTx(this.db, async (trx) => {
await this.userRepo.updateUser(
{
password: newPasswordHash,
},
user.id,
workspaceId,
trx,
);
trx
.deleteFrom('userTokens')
.where('userId', '=', user.id)
.where('type', '=', UserTokenType.FORGOT_PASSWORD)
.execute();
});
const emailTemplate = ChangePasswordEmail({ username: user.name });
await this.mailService.sendToQueue({
to: user.email,
subject: 'Your password has been changed',
template: emailTemplate,
});
const tokens: TokensDto = await this.tokenService.generateTokens(user);
return { tokens };
}
async verifyUserToken(
userTokenDto: VerifyUserTokenDto,
workspaceId: string,
): Promise<void> {
const userToken = await this.userTokenRepo.findById(
userTokenDto.token,
workspaceId,
);
if (
!userToken ||
userToken.type !== userTokenDto.type ||
userToken.expiresAt < new Date()
) {
throw new BadRequestException('Invalid or expired token');
}
}
}

6
apps/server/src/database/database.module.ts
View File

@ -22,7 +22,7 @@ import { AttachmentRepo } from './repos/attachment/attachment.repo';
import { KyselyDB } from '@docmost/db/types/kysely.types';
import * as process from 'node:process';
import { MigrationService } from '@docmost/db/services/migration.service';
import { UserTokensRepo } from './repos/user-tokens/user-tokens.repo';
import { UserTokenRepo } from './repos/user-token/user-token.repo';
// https://github.com/brianc/node-postgres/issues/811
types.setTypeParser(types.builtins.INT8, (val) => Number(val));
@ -67,7 +67,7 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
PageHistoryRepo,
CommentRepo,
AttachmentRepo,
UserTokensRepo,
UserTokenRepo,
],
exports: [
WorkspaceRepo,
@ -80,7 +80,7 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
PageHistoryRepo,
CommentRepo,
AttachmentRepo,
UserTokensRepo,
UserTokenRepo,
],
})
export class DatabaseModule implements OnModuleDestroy, OnApplicationBootstrap {

2
apps/server/src/database/migrations/20240903T124647-user-tokens.ts
View File

@ -7,13 +7,13 @@ export async function up(db: Kysely<any>): Promise<void> {
col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
)
.addColumn('token', 'varchar', (col) => col.notNull())
.addColumn('type', 'varchar', (col) => col.notNull())
.addColumn('user_id', 'uuid', (col) =>
col.notNull().references('users.id').onDelete('cascade'),
)
.addColumn('workspace_id', 'uuid', (col) =>
col.references('workspaces.id').onDelete('cascade'),
)
.addColumn('type', 'varchar', (col) => col.notNull())
.addColumn('expires_at', 'timestamptz')
.addColumn('used_at', 'timestamptz', (col) => col)
.addColumn('created_at', 'timestamptz', (col) =>

71
apps/server/src/database/repos/user-tokens/user-tokens.repo.ts → apps/server/src/database/repos/user-token/user-token.repo.ts
View File

@ -1,6 +1,7 @@
import {
InsertableUserToken,
UpdatableUserToken,
UserToken,
} from '@docmost/db/types/entity.types';
import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
import { dbOrTx } from '@docmost/db/utils';
@ -8,9 +9,33 @@ import { Injectable } from '@nestjs/common';
import { InjectKysely } from 'nestjs-kysely';
@Injectable()
export class UserTokensRepo {
export class UserTokenRepo {
constructor(@InjectKysely() private readonly db: KyselyDB) {}
async findById(
token: string,
workspaceId: string,
trx?: KyselyTransaction,
): Promise<UserToken> {
const db = dbOrTx(this.db, trx);
return db
.selectFrom('userTokens')
.select([
'id',
'token',
'userId',
'workspaceId',
'type',
'expiresAt',
'usedAt',
'createdAt',
])
.where('token', '=', token)
.where('workspaceId', '=', workspaceId)
.executeTakeFirst();
}
async insertUserToken(
insertableUserToken: InsertableUserToken,
trx?: KyselyTransaction,
@ -28,24 +53,24 @@ export class UserTokensRepo {
workspaceId: string,
tokenType: string,
trx?: KyselyTransaction,
) {
): Promise<UserToken[]> {
const db = dbOrTx(this.db, trx);
return db
.selectFrom('userTokens')
.select([
'id',
'token',
'user_id',
'workspace_id',
'userId',
'workspaceId',
'type',
'expires_at',
'used_at',
'created_at',
'expiresAt',
'usedAt',
'createdAt',
])
.where('user_id', '=', userId)
.where('workspace_id', '=', workspaceId)
.where('userId', '=', userId)
.where('workspaceId', '=', workspaceId)
.where('type', '=', tokenType)
.orderBy('expires_at desc')
.orderBy('expiresAt desc')
.execute();
}
@ -57,33 +82,21 @@ export class UserTokensRepo {
const db = dbOrTx(this.db, trx);
return db
.updateTable('userTokens')
.set({ ...updatableUserToken })
.set(updatableUserToken)
.where('id', '=', userTokenId)
.execute();
}
async deleteUserToken(
userId: string,
workspaceId: string,
tokenType: string,
trx?: KyselyTransaction,
) {
async deleteToken(token: string, trx?: KyselyTransaction): Promise<void> {
const db = dbOrTx(this.db, trx);
return db
.deleteFrom('userTokens')
.where('user_id', '=', userId)
.where('workspace_id', '=', workspaceId)
.where('type', '=', tokenType)
.execute();
await db.deleteFrom('userTokens').where('token', '=', token).execute();
}
async deleteExpiredUserTokens(
trx?: KyselyTransaction,
) {
async deleteExpiredUserTokens(trx?: KyselyTransaction): Promise<void> {
const db = dbOrTx(this.db, trx);
return db
await db
.deleteFrom('userTokens')
.where('expires_at', '<', new Date())
.execute();
.where('expiresAt', '<', new Date())
.execute();
}
}

46
apps/server/src/database/types/db.d.ts vendored
View File

@ -1,22 +1,22 @@
import type { ColumnType } from 'kysely';
/**
* This file was generated by kysely-codegen.
* Please do not edit it manually.
*/
export type Generated<T> =
T extends ColumnType<infer S, infer I, infer U>
? ColumnType<S, I | undefined, U>
: ColumnType<T, T | undefined, T>;
import type { ColumnType } from "kysely";
export type Int8 = ColumnType<
string,
bigint | number | string,
bigint | number | string
>;
export type Generated<T> = T extends ColumnType<infer S, infer I, infer U>
? ColumnType<S, I | undefined, U>
: ColumnType<T, T | undefined, T>;
export type Int8 = ColumnType<string, bigint | number | string, bigint | number | string>;
export type Json = JsonValue;
export type JsonArray = JsonValue[];
export type JsonObject = {
[K in string]?: JsonValue;
[x: string]: JsonValue | undefined;
};
export type JsonPrimitive = boolean | number | string | null;
@ -162,6 +162,17 @@ export interface Users {
workspaceId: string | null;
}
export interface UserTokens {
createdAt: Generated<Timestamp>;
expiresAt: Timestamp | null;
id: Generated<string>;
token: string;
type: string;
usedAt: Timestamp | null;
userId: string;
workspaceId: string | null;
}
export interface WorkspaceInvitations {
createdAt: Generated<Timestamp>;
email: string | null;
@ -190,17 +201,6 @@ export interface Workspaces {
updatedAt: Generated<Timestamp>;
}
export interface UserTokens {
id: Generated<string>;
token: string;
user_id: string;
workspace_id: string;
type: string;
expires_at: Timestamp | null;
used_at: Timestamp | null;
created_at: Generated<Timestamp>;
}
export interface DB {
attachments: Attachments;
comments: Comments;
@ -211,7 +211,7 @@ export interface DB {
spaceMembers: SpaceMembers;
spaces: Spaces;
users: Users;
userTokens: UserTokens;
workspaceInvitations: WorkspaceInvitations;
workspaces: Workspaces;
userTokens: UserTokens;
}

2
apps/server/src/database/types/entity.types.ts
View File

@ -73,7 +73,7 @@ export type Attachment = Selectable<Attachments>;
export type InsertableAttachment = Insertable<Attachments>;
export type UpdatableAttachment = Updateable<Omit<Attachments, 'id'>>;
// User Tokens
// User Token
export type UserToken = Selectable<UserTokens>;
export type InsertableUserToken = Insertable<UserTokens>;
export type UpdatableUserToken = Updateable<Omit<UserTokens, 'id'>>;

41
apps/server/src/integrations/transactional/emails/forgot-password-email.tsx
View File

@ -1,27 +1,28 @@
import { Section, Text } from '@react-email/components';
import { Button, Link, Section, Text } from '@react-email/components';
import * as React from 'react';
import { content, paragraph } from '../css/styles';
import { button, content, paragraph } from '../css/styles';
import { MailBody } from '../partials/partials';
interface Props {
username: string;
code: string;
username: string;
resetLink: string;
}
export const ForgotPasswordEmail = ({ username, code }: Props) => {
return (
<MailBody>
<Section style={content}>
<Text style={paragraph}>Hi {username},</Text>
<Text style={paragraph}>
The code for resetting your password is: <strong>{code}</strong>.
</Text>
<Text style={paragraph}>
If you did not request a password reset, please ignore this email.
</Text>
</Section>
</MailBody>
);
}
export const ForgotPasswordEmail = ({ username, resetLink }: Props) => {
return (
<MailBody>
<Section style={content}>
<Text style={paragraph}>Hi {username},</Text>
<Text style={paragraph}>
We received a request from you to reset your password.
</Text>
<Link href={resetLink}> Click here to set a new password</Link>
<Text style={paragraph}>
If you did not request a password reset, please ignore this email.
</Text>
</Section>
</MailBody>
);
};
export default ForgotPasswordEmail;
export default ForgotPasswordEmail;