Mutations for forgot password (#121)

* add-mutation

* fix-bugs

* mutation-update

* add comments

* bug-fix

* add change and forgot password page

* clean-up

* Update-resetPassword-mutation

* update mutation

* add-redis-service

* redis client

* another-try

* try

* try v2

* Try with localhost?

* error-fix

* commit changes

* fix-test

* jest-test

* fix-yarn-file

* fix-jest-test

* Remove new ts-loader

* Update .github/workflows/ci.yml

Co-authored-by: Tobias Diez <code@tobiasdiez.com>

* change-mutation

* resolve-conflict

* update-nodemailer

* update-mutation

* update-nodemailer

* update-params

* Remove Redis config to fix tests

* try without TLS

* Enable TLS on Azure only

Co-authored-by: Tobias Diez <code@tobiasdiez.com>

Author: mohit038-zz

.github/workflows/ci.yml

@@ -35,6 +35,18 @@ jobs:
         ports:
           - 5432:5432
 
+      redis:
+        image: redis
+        # Set health checks to wait until redis has started
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          # Maps port 6379 on service container to port 6380 on host
+          - 6380:6379
+
     env:
       DATABASE_URL: postgresql://postgres:postgres@localhost:5432/jabref?schema=public
 

api/tsyringe.config.ts

@@ -1,6 +1,6 @@
 import 'reflect-metadata'
 import { PrismaClient } from '@prisma/client'
-import { RedisClient, createClient } from 'redis'
+import { RedisClient, createClient, ClientOpts } from 'redis'
 
 import { container, instanceCachingFactory } from 'tsyringe'
 import { config } from '../config'
@@ -10,10 +10,14 @@ container.register<PrismaClient>(PrismaClient, {
 })
 
 container.register<RedisClient>(RedisClient, {
-  useFactory: instanceCachingFactory<RedisClient>(() =>
-    createClient({
+  useFactory: instanceCachingFactory<RedisClient>(() => {
+    const redisConfig: ClientOpts = {
       ...config.redis,
-      tls: { servername: config.redis.host },
-    })
-  ),
+    }
+    // Azure needs a TLS connection to Redis
+    if (process.env.NODE_ENV === 'production') {
+      redisConfig.tls = { servername: config.redis.host }
+    }
+    return createClient(redisConfig)
+  }),
 })

api/user/auth.service.ts

@@ -1,6 +1,11 @@
+import { promisify } from 'util'
 import { PrismaClient, User } from '@prisma/client'
 import * as bcrypt from 'bcryptjs'
 import { injectable } from 'tsyringe'
+import { v4 as generateToken } from 'uuid'
+import { RedisClient } from 'redis'
+import { sendEmail } from '../utils/sendEmail'
+import { resetPasswordTemplate } from '../utils/resetPasswordTemplate'
 
 export interface AuthenticationMessage {
   message?: string
@@ -13,7 +18,7 @@ export interface AuthenticateReturn {
 
 @injectable()
 export class AuthService {
-  constructor(private prisma: PrismaClient) {}
+  constructor(private prisma: PrismaClient, private redisClient: RedisClient) {}
 
   async validateUser(email: string, password: string): Promise<User | null> {
     const user = await this.prisma.user.findUnique({
@@ -33,6 +38,27 @@ export class AuthService {
     }
   }
 
+  async resetPassword(email: string): Promise<boolean> {
+    const user = await this.getUserByEmail(email)
+    if (!user) {
+      return true
+    }
+    const PREFIX = process.env.PREFIX || 'forgot-password'
+    const key = PREFIX + user.id
+    const token = generateToken()
+    const hashedToken = await this.hashString(token)
+    this.redisClient.set(key, hashedToken, 'ex', 1000 * 60 * 60 * 24) // VALID FOR ONE DAY
+    await sendEmail(email, resetPasswordTemplate(user.id, token))
+    return true
+  }
+
+  async hashString(password: string): Promise<string> {
+    // Hash password before saving in database
+    // We use salted hashing to prevent rainbow table attacks
+    const salt = await bcrypt.genSalt()
+    return await bcrypt.hash(password, salt)
+  }
+
   async getUserById(id: string): Promise<User | null> {
     return await this.prisma.user.findUnique({
       where: {
@@ -59,11 +85,7 @@ export class AuthService {
     if (userWithEmailAlreadyExists) {
       throw new Error(`User with email '${email}' already exists.`)
     }
-
-    // Hash password before saving in database
-    // We use salted hashing to prevent rainbow table attacks
-    const salt = await bcrypt.genSalt()
-    const hashedPassword = await bcrypt.hash(password, salt)
+    const hashedPassword = await this.hashString(password)
 
     return await this.prisma.user.create({
       data: {
@@ -72,4 +94,35 @@ export class AuthService {
       },
     })
   }
+
+  async updatePassword(
+    token: string,
+    id: string,
+    newPassword: string
+  ): Promise<User | null> {
+    if (newPassword.length <= 6) {
+      return null
+    }
+    const PREFIX = process.env.PREFIX || 'forgot-password'
+    const key = PREFIX + id
+    const getAsync = promisify(this.redisClient.get).bind(this.redisClient)
+    const hashedToken = await getAsync(key)
+    if (!hashedToken) {
+      return null
+    }
+    const checkToken = await bcrypt.compare(token, hashedToken)
+    if (checkToken) {
+      this.redisClient.del(key)
+      const hashedPassword = await this.hashString(newPassword)
+      return await this.prisma.user.update({
+        where: {
+          id,
+        },
+        data: {
+          password: hashedPassword,
+        },
+      })
+    }
+    return null
+  }
 }

api/user/passport-initializer.ts

@@ -1,8 +1,8 @@
 import connectRedis from 'connect-redis'
 import { Express } from 'express-serve-static-core'
 import session from 'express-session'
-import { RedisClient } from 'redis'
 import passport from 'passport'
+import { RedisClient } from 'redis'
 import { injectable } from 'tsyringe'
 import { AuthService } from './auth.service'
 import LocalStrategy from './local.strategy'

api/user/resolvers.ts

@@ -59,6 +59,19 @@ export class Resolvers {
     return true
   }
 
+  async forgotPassword(email: string): Promise<boolean> {
+    return await this.authService.resetPassword(email)
+  }
+
+  async changePassword(
+    token: string,
+    id: string,
+    newPassword: string
+  ): Promise<User | null> {
+    const user = await this.authService.updatePassword(token, id, newPassword)
+    return user
+  }
+
   resolvers(): AllResolvers {
     return {
       Query: {
@@ -82,6 +95,12 @@ export class Resolvers {
         signup: (_root, { email, password }, context) => {
           return this.signup(email, password, context)
         },
+        forgotPassword: (_root, { email }, _context) => {
+          return this.forgotPassword(email)
+        },
+        changePassword: (_root, { token, id, newPassword }, _context) => {
+          return this.changePassword(token, id, newPassword)
+        },
       },
 
       User: {

api/user/schema.graphql

@@ -14,6 +14,9 @@ extend type Mutation {
   logout: Boolean
   login(email: String!, password: String!): User
   signup(email: String!, password: String!): User
+  forgotPassword(email: String!): Boolean
+  changePassword(token: String!, id:String!, newPassword: String!): User
+
 }
 
 type User {

api/utils/resetPasswordTemplate.ts

@@ -0,0 +1,67 @@
+export function resetPasswordTemplate(id: string, token: string): string {
+  return `
+  <!doctype html>
+  <html lang="en-US">
+
+  <head>
+      <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
+      <title>Reset Password Email</title>
+      <meta name="description" content="Reset Password Email Template.">
+      <style type="text/css">
+          a:hover {text-decoration: underline !important;}
+      </style>
+  </head>
+
+  <body marginheight="0" topmargin="0" marginwidth="0" style="margin: 0px; background-color: #f2f3f8;" leftmargin="0">
+      <table cellspacing="0" border="0" cellpadding="0" width="100%" bgcolor="#f2f3f8" font-family: 'Open Sans', sans-serif;">
+          <tr>
+              <td>
+                  <table style="background-color: #f2f3f8; max-width:670px;  margin:0 auto;" width="100%" border="0"
+                      align="center" cellpadding="0" cellspacing="0">
+                      <tr>
+                          <td style="height:80px;">&nbsp;</td>
+                      </tr>
+                      <tr>
+                          <td style="height:20px;">&nbsp;</td>
+                      </tr>
+                      <tr>
+                          <td>
+                              <table width="95%" border="0" align="center" cellpadding="0" cellspacing="0"
+                                  style="max-width:670px;background:#fff; border-radius:3px; text-align:center;-webkit-box-shadow:0 6px 18px 0 rgba(0,0,0,.06);-moz-box-shadow:0 6px 18px 0 rgba(0,0,0,.06);box-shadow:0 6px 18px 0 rgba(0,0,0,.06);">
+                                  <tr>
+                                      <td style="height:40px;">&nbsp;</td>
+                                  </tr>
+                                  <tr>
+                                      <td style="padding:0 35px;">
+                                          <h1 style="color:#1e1e2d; font-weight:500; margin:0;font-size:32px;font-family:'Rubik',sans-serif;">We received a request to reset your password</h1>
+                                          <span
+                                              style="display:inline-block; vertical-align:middle; margin:29px 0 26px; border-bottom:1px solid #cecece; width:100px;"></span>
+                                          <p style="color:#455056; font-size:15px;line-height:24px; margin:0;">
+                                              A unique link to reset your
+                                              password has been generated for you. To reset your password, click the
+                                              following link and follow the instructions.
+                                          </p>
+                                          <a href="http://localhost:3000/change-password?id=${id}&token=${token}"
+                                              style="background:black;text-decoration:none !important; font-weight:500; margin-top:35px; color:#fff;text-transform:uppercase; font-size:14px;padding:10px 24px;display:inline-block;">Reset
+                                              Password</a>
+                                      </td>
+                                  </tr>
+                                  <tr>
+                                      <td style="height:40px;">&nbsp;</td>
+                                  </tr>
+                              </table>
+                          </td>
+                      <tr>
+                          <td style="height:20px;">&nbsp;</td>
+                      </tr>
+                      <tr>
+                          <td style="height:80px;">&nbsp;</td>
+                      </tr>
+                  </table>
+              </td>
+          </tr>
+      </table>
+  </body>
+
+  </html>`
+}

api/utils/sendEmail.ts

@@ -0,0 +1,20 @@
+import nodemailer from 'nodemailer'
+
+export async function sendEmail(to: string, html: string): Promise<void> {
+  const testAccount = await nodemailer.createTestAccount()
+  const transporter = nodemailer.createTransport({
+    host: 'smtp.ethereal.email',
+    port: 587,
+    secure: false, // true for 465, false for other ports
+    auth: {
+      user: testAccount.user, // generated ethereal user
+      pass: testAccount.pass, // generated ethereal password
+    },
+  })
+  await transporter.sendMail({
+    from: '"Jabref" <Jabref@example.com>', // sender address
+    to, // list of receivers
+    subject: 'Reset your password', // Subject line
+    html, // plain text body
+  })
+}

dump.rdb

@@ -65,6 +65,7 @@
     "graphql-passport": "^0.6.3",
     "graphql-type-datetime": "^0.2.4",
     "lodash": "^4.17.21",
+    "nodemailer": "^6.6.0",
     "nuxt": "^2.15.6",
     "passport": "^0.4.1",
     "pinia": "^0.5.2",
@@ -101,8 +102,10 @@
     "@types/express": "^4.17.12",
     "@types/express-session": "^1.17.3",
     "@types/jest": "^26.0.23",
-    "@types/lodash": "^4.14.170",
+    "@types/lodash": "^4.14.169",
+    "@types/nodemailer": "^6.4.1",
     "@types/passport": "^1.0.6",
+    "@types/uuid": "^8.3.0",
     "@vue/compiler-sfc": "^3.1.1",
     "@vue/test-utils": "^1.2.0",
     "babel-jest": "^26.6.3",

package.json

@@ -0,0 +1,73 @@
+<template>
+  <div>
+    <Portal to="header">
+      <Logo class="mx-auto h-20 w-auto" />
+      <h2 class="mt-8 text-center text-5xl font-extrabold text-gray-900">
+        Change Password
+      </h2>
+    </Portal>
+    <form @submit.prevent="changePassword">
+      <div class="space-y-5">
+        <t-input-group label="New Password" variant="important">
+          <PasswordInput v-model="password" />
+        </t-input-group>
+        <t-input-group label="Confirm Password" variant="important">
+          <PasswordInput v-model="repeatPassword" />
+        </t-input-group>
+      </div>
+      <div class="py-2">
+        <t-button class="w-full" type="submit">Change Password</t-button>
+      </div>
+    </form>
+  </div>
+</template>
+
+<script>
+import {
+  defineComponent,
+  useRouter,
+  useRoute,
+  computed,
+} from '@nuxtjs/composition-api'
+import { ref } from '@vue/composition-api'
+import { gql } from 'graphql-tag'
+import { useChangePasswordMutation } from '../../apollo/graphql'
+export default defineComponent({
+  name: 'ChangePassword',
+  layout: 'bare',
+  setup() {
+    const password = ref('')
+    const repeatPassword = ref('')
+    gql`
+      mutation ChangePassword(
+        $token: String!
+        $id: String!
+        $newPassword: String!
+      ) {
+        changePassword(token: $token, id: $id, newPassword: $newPassword) {
+          id
+        }
+      }
+    `
+    const route = useRoute()
+    const token = computed(() => route.value.query.token)
+    const id = computed(() => route.value.query.id)
+    const {
+      mutate: changePassword,
+      onDone,
+      error,
+    } = useChangePasswordMutation(() => ({
+      variables: {
+        token: token.value,
+        id: id.value,
+        newPassword: password.value,
+      },
+    }))
+    const router = useRouter()
+    onDone(() => {
+      router.push('../user/login')
+    })
+    return { password, error, changePassword, repeatPassword }
+  },
+})
+</script>

pages/change-password/_token.vue

@@ -0,0 +1,56 @@
+<template>
+  <div>
+    <Portal to="header">
+      <Logo class="mx-auto h-20 w-auto" />
+      <h2 class="mt-8 text-center text-5xl font-extrabold text-gray-900">
+        Reset Password
+      </h2>
+    </Portal>
+    <div v-if="called">
+      <h2>Email Sent</h2>
+      <p>
+        An email with instructions on how to reset your password has been sent
+        to {{ email }}.
+      </p>
+    </div>
+    <form v-else @submit.prevent="forgotPassword">
+      <div class="space-y-5">
+        <t-input-group label="Email address" variant="important">
+          <t-input v-model="email" v-focus />
+        </t-input-group>
+        <div class="py-2">
+          <t-button class="w-full" type="submit">Submit</t-button>
+        </div>
+      </div>
+    </form>
+  </div>
+</template>
+<script lang="ts">
+import { defineComponent } from '@nuxtjs/composition-api'
+import { ref } from '@vue/composition-api'
+import { gql } from 'graphql-tag'
+import { useForgotPasswordMutation } from '../../apollo/graphql'
+
+export default defineComponent({
+  name: 'ForgotPassword',
+  layout: 'bare',
+  setup() {
+    const email = ref('')
+    gql`
+      mutation ForgotPassword($email: String!) {
+        forgotPassword(email: $email)
+      }
+    `
+    const {
+      mutate: forgotPassword,
+      called,
+      error,
+    } = useForgotPasswordMutation(() => ({
+      variables: {
+        email: email.value,
+      },
+    }))
+    return { email, error, called, forgotPassword }
+  },
+})
+</script>

pages/user/forgot-password.vue

@@ -36,12 +36,9 @@
           </div>
 
           <div class="text-sm">
-            <a
-              href="#"
-              class="font-medium text-indigo-600 hover:text-indigo-500"
+            <t-nuxtlink to="./forgot-password"
+              >Forgot your password?</t-nuxtlink
             >
-              Forgot your password?
-            </a>
           </div>
         </div>
 

pages/user/login.vue

@@ -1,6 +1,8 @@
 import 'reflect-metadata'
 import '~/api/tsyringe.config'
 import { GraphQLResponse } from 'apollo-server-types'
+import { container } from 'tsyringe'
+import { RedisClient } from 'redis'
 
 // Minimize snapshot of GraphQL responses (no extensions and http field)
 expect.addSnapshotSerializer({
@@ -20,3 +22,5 @@ expect.addSnapshotSerializer({
     })
   },
 })
+
+afterAll(() => container.resolve(RedisClient).quit())

test/jest.setup.ts

@@ -2975,7 +2975,7 @@
   resolved "https://registry.yarnpkg.com/@types/less/-/less-3.0.2.tgz#2761d477678c8374cb9897666871662eb1d1115e"
   integrity sha512-62vfe65cMSzYaWmpmhqCMMNl0khen89w57mByPi1OseGfcV/LV03fO8YVrNj7rFQsRWNJo650WWyh6m7p8vZmA==
 
-"@types/lodash@^4.14.170":
+"@types/lodash@^4.14.169":
   version "4.14.170"
   resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.170.tgz#0d67711d4bf7f4ca5147e9091b847479b87925d6"
   integrity sha512-bpcvu/MKHHeYX+qeEN8GE7DIravODWdACVA1ctevD8CN24RhPZIKMn9ntfAsrvLfSX3cR5RrBKAbYm9bGs0A+Q==
@@ -3020,6 +3020,13 @@
   resolved "https://registry.yarnpkg.com/@types/node/-/node-10.17.56.tgz#010c9e047c3ff09ddcd11cbb6cf5912725cdc2b3"
   integrity sha512-LuAa6t1t0Bfw4CuSR0UITsm1hP17YL+u82kfHGrHUWdhlBtH7sa7jGY5z7glGaIj/WDYDkRtgGd+KCjCzxBW1w==
 
+"@types/nodemailer@^6.4.1":
+  version "6.4.1"
+  resolved "https://registry.yarnpkg.com/@types/nodemailer/-/nodemailer-6.4.1.tgz#31f96f4410632f781d3613bd1f4293649e423f75"
+  integrity sha512-8081UY/0XTTDpuGqCnDc8IY+Q3DSg604wB3dBH0CaZlj4nZWHWuxtZ3NRZ9c9WUrz1Vfm6wioAUnqL3bsh49uQ==
+  dependencies:
+    "@types/node" "*"
+
 "@types/normalize-package-data@^2.4.0":
   version "2.4.0"
   resolved "https://registry.yarnpkg.com/@types/normalize-package-data/-/normalize-package-data-2.4.0.tgz#e486d0d97396d79beedd0a6e33f4534ff6b4973e"
@@ -3148,6 +3155,11 @@
   resolved "https://registry.yarnpkg.com/@types/ungap__global-this/-/ungap__global-this-0.3.1.tgz#18ce9f657da556037a29d50604335614ce703f4c"
   integrity sha512-+/DsiV4CxXl6ZWefwHZDXSe1Slitz21tom38qPCaG0DYCS1NnDPIQDTKcmQ/tvK/edJUKkmuIDBJbmKDiB0r/g==
 
+"@types/uuid@^8.3.0":
+  version "8.3.0"
+  resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-8.3.0.tgz#215c231dff736d5ba92410e6d602050cce7e273f"
+  integrity sha512-eQ9qFW/fhfGJF8WKHGEHZEyVWfZxrT+6CLIJGBcZPfxUh/+BnEj+UCGYMlr9qZuX/2AltsvwrGqp0LhEW8D0zQ==
+
 "@types/webpack-bundle-analyzer@3.9.3":
   version "3.9.3"
   resolved "https://registry.yarnpkg.com/@types/webpack-bundle-analyzer/-/webpack-bundle-analyzer-3.9.3.tgz#3a12025eb5d86069c30b47a157e62c0aca6e39a1"
@@ -11067,6 +11079,11 @@ node-res@^5.0.1:
     on-finished "^2.3.0"
     vary "^1.1.2"
 
+nodemailer@^6.6.0:
+  version "6.6.0"
+  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.6.0.tgz#ed47bb572b48d9d0dca3913fdc156203f438f427"
+  integrity sha512-ikSMDU1nZqpo2WUPE0wTTw/NGGImTkwpJKDIFPZT+YvvR9Sj+ze5wzu95JHkBMglQLoG2ITxU21WukCC/XsFkg==
+
 nopt@^5.0.0:
   version "5.0.0"
   resolved "https://registry.yarnpkg.com/nopt/-/nopt-5.0.0.tgz#530942bb58a512fccafe53fe210f13a25355dc88"