Merge pull request #21 from RodolfoSilva/feature/add-option-to-custom…

…ize-password-change Change password with custom logic
RodolfoSilva · Jul 24, 2020 · 02e9493 · 02e9493
2 parents 1f8fd3a + c4463a5
commit 02e9493
Show file tree

Hide file tree

Showing 6 changed files with 558 additions and 875 deletions.
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,12 +1,14 @@
 version: '3.6'
 services:
   postgres:
-    image: postgres:10.5
+    image: postgres:alpine
     restart: always
+    environment: 
+      POSTGRES_PASSWORD: postgres
     volumes:
       - db_data:/var/lib/postgresql/data
   graphql-engine:
-    image: hasura/graphql-engine:v1.0.0-beta.6
+    image: hasura/graphql-engine:v1.3.0
     ports:
       - "8080:8080"
     depends_on:
@@ -18,7 +20,7 @@ services:
       - ./wait-for:/wait-for
     environment:
       # database url to connect
-      HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres
+      HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:postgres@postgres:5432/postgres
       # enable the console served by server
       HASURA_GRAPHQL_ENABLE_CONSOLE: 'true' # set "false" to disable console
       HASURA_GRAPHQL_AUTH_HOOK: http://hasura-auth:4000/hook

diff --git a/src/__tests__/uni/hasura/client.test.ts b/src/__tests__/uni/hasura/client.test.ts
@@ -24,7 +24,7 @@ test('createUser calls fetch with the right args and returns the user id', async
     },
   };
 
-  fetch.mockReturnValue(
+  (fetch as any).mockReturnValue(
     Promise.resolve(new Response(JSON.stringify(serverResponse))),
   );
 

diff --git a/src/auth-tools.ts b/src/auth-tools.ts
@@ -5,7 +5,7 @@ import * as vars from './vars';
 
 export const generateJwtAccessToken = (payload: any) => {
   const jwtOptions: jwt.SignOptions = {
-    algorithm: vars.jwtAlgorithm,
+    algorithm: vars.jwtAlgorithm as jwt.Algorithm,
     expiresIn: vars.jwtTokenExpiresIn,
   };
 
@@ -14,7 +14,7 @@ export const generateJwtAccessToken = (payload: any) => {
 
 export const generateJwtRefreshToken = (payload: any) => {
   const jwtOptions: jwt.SignOptions = {
-    algorithm: vars.jwtAlgorithm,
+    algorithm: vars.jwtAlgorithm as jwt.Algorithm,
     expiresIn: vars.jwtRefreshTokenExpiresIn,
   };
 

diff --git a/src/custom-logic.ts b/src/custom-logic.ts
@@ -0,0 +1,10 @@
+import { User } from './hasura';
+import { Request } from 'express';
+
+export function isUserAllowedToChangePassword(
+  currentUserId: string,
+  user: User,
+  req: Request,
+) {
+  return false;
+}
diff --git a/src/resolvers.ts b/src/resolvers.ts
@@ -15,6 +15,7 @@ import {
   getUserByRefreshToken,
   getUserByCredentials,
 } from './hasura';
+import { isUserAllowedToChangePassword } from './custom-logic';
 
 const getRole = (req: Request) =>
   getIn(req, `headers["${vars.hasuraHeaderPrefix}role"]`, '');
@@ -69,7 +70,7 @@ const checkUserCanDoRegistration = (req: Request): boolean => {
 
 const checkUserIsPartOfStaffOrIsTheCurrentUser = (
   req: Request,
-  userId: string,
+  user: User,
 ): boolean => {
   if (isAdmin(req)) {
     return true;
@@ -79,20 +80,20 @@ const checkUserIsPartOfStaffOrIsTheCurrentUser = (
     .split(',')
     .map((role: string) => role.trim());
 
-  if (getIntersection(roles, ['admin']).length >= 1) {
+  const currentUserId = getCurrentUserId(req);
+
+  if (
+    getIntersection(roles, ['admin']).length >= 1 ||
+    isUserAllowedToChangePassword(currentUserId, user, req)
+  ) {
     return true;
   }
 
   if (!isAuthenticated(req)) {
     return false;
   }
 
-  try {
-    const currentUserId = getCurrentUserId(req);
-    return currentUserId === userId;
-  } catch (e) {
-    return false;
-  }
+  return currentUserId === user.id;
 };
 
 const resolvers = {
@@ -163,16 +164,16 @@ const resolvers = {
       };
     },
     async auth_change_password(_, { user_id, new_password }, ctx) {
-      if (!checkUserIsPartOfStaffOrIsTheCurrentUser(ctx.req, user_id)) {
-        throw new Error('Forbidden');
-      }
-
       const user: User | undefined = await getUserById(user_id);
 
       if (!user) {
         throw new Error('Unable to find user');
       }
 
+      if (!(await checkUserIsPartOfStaffOrIsTheCurrentUser(ctx.req, user))) {
+        throw new Error('Forbidden');
+      }
+
       const result = await changeUserPassword(user, new_password);
 
       return {
-Original file line number
+Diff line change
@@ Expand Up @@
         },
       };
-      fetch.mockReturnValue(
+      (fetch as any).mockReturnValue(
         Promise.resolve(new Response(JSON.stringify(serverResponse))),
       );
@@ Expand Down @@