Support for password resets

2026-01-13 03:25:32 +00:00 · 2021-02-19 11:45:33 +00:00
parent eef581b94c
commit e677c40840
39 changed files with 2394 additions and 1097 deletions
--- a/users/handler/handler.go
+++ b/users/handler/handler.go
@@ -1,14 +1,10 @@
 package handler

 import (
-	"context"
 	"regexp"
-	"strings"
 	"time"

-	"github.com/google/uuid"
 	"github.com/micro/micro/v3/service/errors"
-	"github.com/micro/micro/v3/service/logger"
 	pb "github.com/micro/services/users/proto"
 	"golang.org/x/crypto/bcrypt"
 	"gorm.io/gorm"
@@ -21,6 +17,7 @@ var (
 	ErrDuplicateEmail    = errors.BadRequest("DUPLICATE_EMAIL", "A user with this email address already exists")
 	ErrInvalidEmail      = errors.BadRequest("INVALID_EMAIL", "The email provided is invalid")
 	ErrInvalidPassword   = errors.BadRequest("INVALID_PASSWORD", "Password must be at least 8 characters long")
+	ErrMissingEmails     = errors.BadRequest("MISSING_EMAILS", "One or more emails are required")
 	ErrMissingIDs        = errors.BadRequest("MISSING_IDS", "One or more ids are required")
 	ErrMissingID         = errors.BadRequest("MISSING_ID", "Missing ID")
 	ErrMissingToken      = errors.BadRequest("MISSING_TOKEN", "Missing token")
@@ -65,288 +62,6 @@ type Users struct {
 	Time func() time.Time
 }

-// Create a user
-func (u *Users) Create(ctx context.Context, req *pb.CreateRequest, rsp *pb.CreateResponse) error {
-	// validate the request
-	if len(req.FirstName) == 0 {
-		return ErrMissingFirstName
-	}
-	if len(req.LastName) == 0 {
-		return ErrMissingLastName
-	}
-	if len(req.Email) == 0 {
-		return ErrMissingEmail
-	}
-	if !isEmailValid(req.Email) {
-		return ErrInvalidEmail
-	}
-	if len(req.Password) < 8 {
-		return ErrInvalidPassword
-	}
-
-	// hash and salt the password using bcrypt
-	phash, err := hashAndSalt(req.Password)
-	if err != nil {
-		logger.Errorf("Error hasing and salting password: %v", err)
-		return errors.InternalServerError("HASHING_ERROR", "Error hashing password")
-	}
-
-	return u.DB.Transaction(func(tx *gorm.DB) error {
-		// write the user to the database
-		user := &User{
-			ID:        uuid.New().String(),
-			FirstName: req.FirstName,
-			LastName:  req.LastName,
-			Email:     strings.ToLower(req.Email),
-			Password:  phash,
-		}
-		err = u.DB.Create(user).Error
-		if err != nil && strings.Contains(err.Error(), "idx_users_email") {
-			return ErrDuplicateEmail
-		} else if err != nil {
-			logger.Errorf("Error writing to the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// generate a token for the user
-		token := Token{
-			UserID:    user.ID,
-			Key:       uuid.New().String(),
-			ExpiresAt: u.Time().Add(time.Hour * 24 * 7),
-		}
-		if err := tx.Create(&token).Error; err != nil {
-			logger.Errorf("Error writing to the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// serialize the response
-		rsp.User = user.Serialize()
-		rsp.Token = token.Key
-		return nil
-	})
-}
-
-// Read users using ID
-func (u *Users) Read(ctx context.Context, req *pb.ReadRequest, rsp *pb.ReadResponse) error {
-	// validate the request
-	if len(req.Ids) == 0 {
-		return ErrMissingIDs
-	}
-
-	// query the database
-	var users []User
-	if err := u.DB.Model(&User{}).Where("id IN (?)", req.Ids).Find(&users).Error; err != nil {
-		logger.Errorf("Error reading from the database: %v", err)
-		return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-	}
-
-	// serialize the response
-	rsp.Users = make(map[string]*pb.User, len(users))
-	for _, u := range users {
-		rsp.Users[u.ID] = u.Serialize()
-	}
-	return nil
-}
-
-// Update a user
-func (u *Users) Update(ctx context.Context, req *pb.UpdateRequest, rsp *pb.UpdateResponse) error {
-	// validate the request
-	if len(req.Id) == 0 {
-		return ErrMissingID
-	}
-	if req.FirstName != nil && len(req.FirstName.Value) == 0 {
-		return ErrMissingFirstName
-	}
-	if req.LastName != nil && len(req.LastName.Value) == 0 {
-		return ErrMissingLastName
-	}
-	if req.Email != nil && len(req.Email.Value) == 0 {
-		return ErrMissingEmail
-	}
-	if req.Email != nil && !isEmailValid(req.Email.Value) {
-		return ErrInvalidEmail
-	}
-
-	// lookup the user
-	var user User
-	if err := u.DB.Where(&User{ID: req.Id}).First(&user).Error; err == gorm.ErrRecordNotFound {
-		return ErrNotFound
-	} else if err != nil {
-		logger.Errorf("Error reading from the database: %v", err)
-		return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-	}
-
-	// assign the updated values
-	if req.FirstName != nil {
-		user.FirstName = req.FirstName.Value
-	}
-	if req.LastName != nil {
-		user.LastName = req.LastName.Value
-	}
-	if req.Email != nil {
-		user.Email = strings.ToLower(req.Email.Value)
-	}
-
-	// write the user to the database
-	err := u.DB.Save(user).Error
-	if err != nil && strings.Contains(err.Error(), "idx_users_email") {
-		return ErrDuplicateEmail
-	} else if err != nil {
-		logger.Errorf("Error writing to the database: %v", err)
-		return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-	}
-
-	// serialize the user
-	rsp.User = user.Serialize()
-	return nil
-}
-
-// Delete a user
-func (u *Users) Delete(ctx context.Context, req *pb.DeleteRequest, rsp *pb.DeleteResponse) error {
-	// validate the request
-	if len(req.Id) == 0 {
-		return ErrMissingID
-	}
-
-	// delete the users tokens
-	return u.DB.Transaction(func(tx *gorm.DB) error {
-		if err := tx.Delete(&Token{}, &Token{UserID: req.Id}).Error; err != nil {
-			logger.Errorf("Error writing to the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// delete from the database
-		if err := tx.Delete(&User{}, &User{ID: req.Id}).Error; err != nil {
-			logger.Errorf("Error writing to the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		return nil
-	})
-}
-
-// List all users
-func (u *Users) List(ctx context.Context, req *pb.ListRequest, rsp *pb.ListResponse) error {
-	// query the database
-	var users []User
-	if err := u.DB.Model(&User{}).Find(&users).Error; err != nil {
-		logger.Errorf("Error reading from the database: %v", err)
-		return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-	}
-
-	// serialize the response
-	rsp.Users = make([]*pb.User, len(users))
-	for i, u := range users {
-		rsp.Users[i] = u.Serialize()
-	}
-	return nil
-}
-
-// Login using email and password returns the users profile and a token
-func (u *Users) Login(ctx context.Context, req *pb.LoginRequest, rsp *pb.LoginResponse) error {
-	// validate the request
-	if len(req.Email) == 0 {
-		return ErrMissingEmail
-	}
-	if len(req.Password) == 0 {
-		return ErrInvalidPassword
-	}
-
-	return u.DB.Transaction(func(tx *gorm.DB) error {
-		// lookup the user
-		var user User
-		if err := tx.Where(&User{Email: req.Email}).First(&user).Error; err == gorm.ErrRecordNotFound {
-			return ErrNotFound
-		} else if err != nil {
-			logger.Errorf("Error reading from the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// compare the passwords
-		if !passwordsMatch(user.Password, req.Password) {
-			return ErrIncorrectPassword
-		}
-
-		// generate a token for the user
-		token := Token{
-			UserID:    user.ID,
-			Key:       uuid.New().String(),
-			ExpiresAt: u.Time().Add(tokenTTL),
-		}
-		if err := tx.Create(&token).Error; err != nil {
-			logger.Errorf("Error writing to the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// serialize the response
-		rsp.Token = token.Key
-		rsp.User = user.Serialize()
-		return nil
-	})
-}
-
-// Logout expires all tokens for the user
-func (u *Users) Logout(ctx context.Context, req *pb.LogoutRequest, rsp *pb.LogoutResponse) error {
-	// validate the request
-	if len(req.Id) == 0 {
-		return ErrMissingID
-	}
-
-	return u.DB.Transaction(func(tx *gorm.DB) error {
-		// lookup the user
-		var user User
-		if err := tx.Where(&User{ID: req.Id}).Preload("Tokens").First(&user).Error; err == gorm.ErrRecordNotFound {
-			return ErrNotFound
-		} else if err != nil {
-			logger.Errorf("Error reading from the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// delete the tokens
-		if err := tx.Delete(user.Tokens).Error; err != nil {
-			logger.Errorf("Error deleting from the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		return nil
-	})
-}
-
-// Validate a token, each time a token is validated it extends its lifetime for another week
-func (u *Users) Validate(ctx context.Context, req *pb.ValidateRequest, rsp *pb.ValidateResponse) error {
-	// validate the request
-	if len(req.Token) == 0 {
-		return ErrMissingToken
-	}
-
-	return u.DB.Transaction(func(tx *gorm.DB) error {
-		// lookup the token
-		var token Token
-		if err := tx.Where(&Token{Key: req.Token}).Preload("User").First(&token).Error; err == gorm.ErrRecordNotFound {
-			return ErrInvalidToken
-		} else if err != nil {
-			logger.Errorf("Error reading from the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// ensure the token is valid
-		if u.Time().After(token.ExpiresAt) {
-			return ErrTokenExpired
-		}
-
-		// extend the token for another lifetime
-		token.ExpiresAt = u.Time().Add(tokenTTL)
-		if err := tx.Save(&token).Error; err != nil {
-			logger.Errorf("Error writing to the database: %v", err)
-			return errors.InternalServerError("DATABASE_ERROR", "Error connecting to the database")
-		}
-
-		// serialize the response
-		rsp.User = token.User.Serialize()
-		return nil
-	})
-}
-
 // isEmailValid checks if the email provided passes the required structure and length.
 func isEmailValid(e string) bool {
 	if len(e) < 3 && len(e) > 254 {