Merge pull request #322 from beabee-communityrm/feat/mfa-reset

feat!: Reset MFA via email

.env.example

@@ -23,3 +23,4 @@ BEABEE_CURRENCYCODE=GBP
 BEABEE_CURRENCYSYMBOL=£
 
 TYPEORM_URL=postgres://membership_system:membership_system@db/membership_system
+TYPEORM_SYNCHRONIZE=false

README.md

@@ -101,7 +101,7 @@ docker compose up -d
 Whenever you make changes to an object that is mapped into the database, you have to use `typeORM` and create a new migration file. Make sure the database container is running and then:
 
 ```
-docker compose run app npm run typeorm migration:generate -- -n <MigrationName>
+docker compose run -u root app npm run typeorm migration:generate -- -n <MigrationName>
 npm run build
 docker compose run app npm run typeorm migration:run
 ```

package.json

@@ -144,6 +144,8 @@
     "@apps": "./built/apps",
     "@config": "./built/config/config.js",
     "@locale": "./built/locales/current.js",
-    "@models": "./built/models"
+    "@models": "./built/models",
+    "@type": "./built/type",
+    "@enums": "./built/enums"
   }
 }

src/api/app.ts

@@ -4,16 +4,14 @@ import "reflect-metadata";
 import { RoleType } from "@beabee/beabee-common";
 import cookie from "cookie-parser";
 import cors from "cors";
-import crypto from "crypto";
-import express, { ErrorRequestHandler, Request } from "express";
+import express, { ErrorRequestHandler } from "express";
 import {
   Action,
   HttpError,
   InternalServerError,
   NotFoundError,
   useExpressServer
 } from "routing-controllers";
-import { getRepository } from "typeorm";
 
 import { ApiKeyController } from "./controllers/ApiKeyController";
 import { AuthController } from "./controllers/AuthController";
@@ -29,6 +27,7 @@ import { SegmentController } from "./controllers/SegmentController";
 import { SignupController } from "./controllers/SignupController";
 import { StatsController } from "./controllers/StatsController";
 import { ResetPasswordController } from "./controllers/ResetPasswordController";
+import { ResetDeviceController } from "./controllers/ResetDeviceController";
 import { UploadController } from "./controllers/UploadController";
 
 import * as db from "@core/database";
@@ -86,6 +85,7 @@ db.connect().then(() => {
       SignupController,
       StatsController,
       ResetPasswordController,
+      ResetDeviceController,
       UploadController
     ],
     currentUserChecker,

src/api/controllers/AuthController.ts

@@ -20,17 +20,15 @@ import { UnauthorizedError } from "../errors/UnauthorizedError";
 import passport from "@core/lib/passport";
 
 import ContactsService from "@core/services/ContactsService";
-import ContactMfaService from "@core/services/ContactMfaService";
 
 import Contact from "@models/Contact";
 import ContactRole from "@models/ContactRole";
 
 import { login } from "@api/utils";
 
-import {
-  LOGIN_CODES,
-  PassportLoginInfo
-} from "@api/data/ContactData/interface";
+import { PassportLoginInfo } from "@type/passport-login-info";
+
+import { LOGIN_CODES } from "@enums/login-codes";
 
 import config from "@config";
 

src/api/controllers/ContactController.ts

@@ -48,11 +48,8 @@ import {
   CreateContactData,
   DeleteContactMfaData,
   fetchPaginatedContacts,
-  GetContactData,
   GetContactQuery,
-  GetContactRoleData,
   GetContactsQuery,
-  GetContactWith,
   UpdateContactRoleData,
   UpdateContactData,
   exportContacts,
@@ -61,6 +58,9 @@ import {
   CreateContactMfaData,
   GetContactMfaData
 } from "@api/data/ContactData";
+import { GetContactData } from "@type/get-contact-data";
+import { GetContactRoleData } from "@type/get-contact-role-data";
+import { GetContactWith } from "@enums/get-contact-with";
 import {
   CompleteJoinFlowData,
   StartJoinFlowData
@@ -77,7 +77,6 @@ import {
   GetExportQuery
 } from "@api/data/PaginatedData";
 import { GetPaymentData, GetPaymentsQuery } from "@api/data/PaymentData";
-import { LOGIN_CODES } from "@api/data/ContactData/interface";
 
 import PartialBody from "@api/decorators/PartialBody";
 import CantUpdateContribution from "@api/errors/CantUpdateContribution";

src/api/controllers/ResetDeviceController.ts

@@ -0,0 +1,46 @@
+import { Request } from "express";
+import {
+  Body,
+  JsonController,
+  OnUndefined,
+  Params,
+  Post,
+  Put,
+  Req
+} from "routing-controllers";
+
+import ContactsService from "@core/services/ContactsService";
+
+import { login } from "@api/utils";
+import { UUIDParam } from "@api/data";
+import {
+  CreateResetDeviceData,
+  UpdateResetDeviceData
+} from "@api/data/ResetDeviceData";
+
+@JsonController("/reset-device")
+export class ResetDeviceController {
+  @OnUndefined(204)
+  @Post()
+  async create(@Body() data: CreateResetDeviceData): Promise<void> {
+    await ContactsService.resetDeviceBegin(
+      data.email,
+      data.type,
+      data.resetUrl
+    );
+  }
+
+  @OnUndefined(204)
+  @Put("/:id")
+  async complete(
+    @Req() req: Request,
+    @Params() { id }: UUIDParam,
+    @Body() data: UpdateResetDeviceData
+  ): Promise<void> {
+    const contact = await ContactsService.resetDeviceComplete(
+      id,
+      data.password
+    );
+    await login(req, contact);
+  }
+}

src/api/controllers/ResetPasswordController.ts

@@ -2,21 +2,14 @@ import { Request } from "express";
 import {
   Body,
   JsonController,
-  NotFoundError,
   OnUndefined,
   Params,
   Post,
   Put,
   Req
 } from "routing-controllers";
-import { getRepository } from "typeorm";
-
-import { generatePassword } from "@core/utils/auth";
 
 import ContactsService from "@core/services/ContactsService";
-import EmailService from "@core/services/EmailService";
-
-import ResetPasswordFlow from "@models/ResetPasswordFlow";
 
 import { login } from "@api/utils";
 import { UUIDParam } from "@api/data";
@@ -30,13 +23,7 @@ export class ResetPasswordController {
   @OnUndefined(204)
   @Post()
   async create(@Body() data: CreateResetPasswordData): Promise<void> {
-    const contact = await ContactsService.findOne({ email: data.email });
-    if (contact) {
-      const rpFlow = await getRepository(ResetPasswordFlow).save({ contact });
-      await EmailService.sendTemplateToContact("reset-password", contact, {
-        rpLink: data.resetUrl + "/" + rpFlow.id
-      });
-    }
+    await ContactsService.resetPasswordBegin(data.email, data.resetUrl);
   }
 
   @OnUndefined(204)
@@ -46,19 +33,7 @@ export class ResetPasswordController {
     @Params() { id }: UUIDParam,
     @Body() data: UpdateResetPasswordData
   ): Promise<void> {
-    const rpFlow = await getRepository(ResetPasswordFlow).findOne({
-      where: { id },
-      relations: ["contact"]
-    });
-    if (rpFlow) {
-      await ContactsService.updateContact(rpFlow.contact, {
-        password: await generatePassword(data.password)
-      });
-      await getRepository(ResetPasswordFlow).delete(id);
-
-      await login(req, rpFlow.contact);
-    } else {
-      throw new NotFoundError();
-    }
+    const contact = await ContactsService.resetPasswordComplete(id, data);
+    await login(req, contact);
   }
 }

src/api/controllers/SegmentController.ts

@@ -15,7 +15,6 @@ import { getRepository } from "typeorm";
 
 import { UUIDParam } from "@api/data";
 import {
-  GetContactData,
   GetContactsQuery,
   fetchPaginatedContacts
 } from "@api/data/ContactData";
@@ -34,6 +33,8 @@ import Segment from "@models/Segment";
 import SegmentContact from "@models/SegmentContact";
 import SegmentOngoingEmail from "@models/SegmentOngoingEmail";
 
+import type { GetContactData } from "@type/get-contact-data";
+
 @JsonController("/segments")
 @Authorized("admin")
 export class SegmentController {

src/api/data/ApiKeyData/interface.ts

@@ -1,5 +1,5 @@
 import { IsDate, IsIn, IsOptional, IsString } from "class-validator";
-import { GetContactData } from "../ContactData";
+import { GetContactData } from "@type/get-contact-data";
 import { GetPaginatedQuery } from "../PaginatedData";
 import { Type } from "class-transformer";
 

src/api/data/CalloutResponseCommentData/interface.ts

@@ -1,6 +1,6 @@
 import Contact from "@models/Contact";
 import { IsIn, IsObject, IsString } from "class-validator";
-import { GetContactData } from "../ContactData";
+import { GetContactData } from "@type/get-contact-data";
 import { GetPaginatedQuery } from "../PaginatedData";
 
 export interface UpdateCalloutResponseComment {

src/api/data/CalloutResponseData/interface.ts

@@ -19,7 +19,7 @@ import { UUIDParam } from "..";
 import { GetCalloutData } from "../CalloutData";
 import { GetCalloutResponseCommentData } from "../CalloutResponseCommentData/interface";
 import { GetCalloutTagData } from "../CalloutTagData";
-import { GetContactData } from "../ContactData";
+import { GetContactData } from "@type/get-contact-data";
 import { GetPaginatedQuery, GetPaginatedRuleGroup } from "../PaginatedData";
 
 export enum GetCalloutResponseWith {

src/api/data/ContactData/index.ts

@@ -17,12 +17,11 @@ import {
   GetPaginatedRuleGroup
 } from "@api/data/PaginatedData";
 
-import {
-  GetContactData,
-  GetContactRoleData,
-  GetContactsQuery,
-  GetContactWith
-} from "./interface";
+import { GetContactWith } from "@enums/get-contact-with";
+
+import type { GetContactData } from "@type/get-contact-data";
+import type { GetContactRoleData } from "@type/get-contact-role-data";
+import type { GetContactsQuery } from "@api/data/ContactData";
 
 interface ConvertOpts {
   with: GetContactWith[] | undefined;