Files
authorizer/server/resolvers/invite_members.go

203 lines
6.2 KiB
Go
Raw Normal View History

package resolvers
import (
"context"
"errors"
2022-03-15 09:57:09 +05:30
"fmt"
"strings"
"time"
2022-05-24 12:42:29 +05:30
log "github.com/sirupsen/logrus"
"github.com/authorizerdev/authorizer/server/constants"
"github.com/authorizerdev/authorizer/server/db"
"github.com/authorizerdev/authorizer/server/db/models"
emailservice "github.com/authorizerdev/authorizer/server/email"
"github.com/authorizerdev/authorizer/server/graph/model"
2022-05-30 09:19:55 +05:30
"github.com/authorizerdev/authorizer/server/memorystore"
2022-05-30 11:54:16 +05:30
"github.com/authorizerdev/authorizer/server/parsers"
2022-08-03 23:20:23 +05:30
"github.com/authorizerdev/authorizer/server/refs"
"github.com/authorizerdev/authorizer/server/token"
"github.com/authorizerdev/authorizer/server/utils"
2022-05-30 11:54:16 +05:30
"github.com/authorizerdev/authorizer/server/validators"
)
// InviteMembersResolver resolver to invite members
func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) (*model.InviteMembersResponse, error) {
gc, err := utils.GinContextFromContext(ctx)
if err != nil {
2022-05-25 12:30:22 +05:30
log.Debug("Failed to get GinContext: ", err)
2022-03-15 09:57:09 +05:30
return nil, err
}
if !token.IsSuperAdmin(gc) {
2022-05-24 12:42:29 +05:30
log.Debug("Not logged in as super admin.")
2022-03-15 09:57:09 +05:30
return nil, errors.New("unauthorized")
}
// this feature is only allowed if email server is configured
2022-07-29 19:49:50 +05:30
EnvKeyIsEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
2022-05-30 09:19:55 +05:30
if err != nil {
log.Debug("Error getting email verification disabled: ", err)
2022-07-29 19:49:50 +05:30
EnvKeyIsEmailServiceEnabled = false
2022-05-30 09:19:55 +05:30
}
2022-07-29 19:49:50 +05:30
if !EnvKeyIsEmailServiceEnabled {
2022-05-25 12:30:22 +05:30
log.Debug("Email server is not configured")
2022-03-15 09:57:09 +05:30
return nil, errors.New("email sending is disabled")
}
2022-05-30 09:19:55 +05:30
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
2023-02-26 05:23:02 +05:30
if err != nil {
log.Debug("Failed to get is basic auth disabled")
return nil, err
}
2022-05-30 09:19:55 +05:30
isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
2023-02-26 05:23:02 +05:30
if err != nil {
log.Debug("Failed to get is magic link login disabled")
return nil, err
}
2022-05-30 09:19:55 +05:30
if isBasicAuthDisabled && isMagicLinkLoginDisabled {
2022-05-24 12:42:29 +05:30
log.Debug("Basic authentication and Magic link login is disabled.")
2022-03-15 09:57:09 +05:30
return nil, errors.New("either basic authentication or magic link login is required")
}
// filter valid emails
emails := []string{}
for _, email := range params.Emails {
2022-05-30 11:54:16 +05:30
if validators.IsValidEmail(email) {
emails = append(emails, email)
}
}
if len(emails) == 0 {
2022-05-25 12:30:22 +05:30
log.Debug("No valid email addresses")
2022-03-15 09:57:09 +05:30
return nil, errors.New("no valid emails found")
}
// TODO: optimise to use like query instead of looping through emails and getting user individually
// for each emails check if emails exists in db
newEmails := []string{}
for _, email := range emails {
2022-07-10 21:49:33 +05:30
_, err := db.Provider.GetUserByEmail(ctx, email)
if err != nil {
2022-05-25 12:30:22 +05:30
log.Debugf("User with %s email not found, so inviting user", email)
newEmails = append(newEmails, email)
} else {
2022-05-25 12:30:22 +05:30
log.Debugf("User with %s email already exists, so not inviting user", email)
}
}
if len(newEmails) == 0 {
2022-05-24 12:42:29 +05:30
log.Debug("No new emails found.")
2022-03-15 09:57:09 +05:30
return nil, errors.New("all emails already exist")
}
// invite new emails
for _, email := range newEmails {
2022-05-31 08:14:03 +05:30
defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
defaultRoles := []string{}
2022-05-30 09:19:55 +05:30
if err != nil {
log.Debug("Error getting default roles: ", err)
2022-05-31 08:14:03 +05:30
defaultRolesString = ""
} else {
defaultRoles = strings.Split(defaultRolesString, ",")
2022-05-30 09:19:55 +05:30
}
2022-05-31 08:14:03 +05:30
user := &models.User{
2023-10-26 00:55:10 +05:30
Email: refs.NewStringRef(email),
2022-05-30 09:19:55 +05:30
Roles: strings.Join(defaultRoles, ","),
}
2022-05-30 11:54:16 +05:30
hostname := parsers.GetHost(gc)
2022-03-15 09:57:09 +05:30
verifyEmailURL := hostname + "/verify_email"
2022-05-30 11:54:16 +05:30
appURL := parsers.GetAppURL(gc)
2022-03-15 09:57:09 +05:30
redirectURL := appURL
if params.RedirectURI != nil {
redirectURL = *params.RedirectURI
}
_, nonceHash, err := utils.GenerateNonce()
if err != nil {
2022-03-15 09:57:09 +05:30
return nil, err
}
2022-08-09 01:43:37 +05:30
verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeInviteMember, hostname, nonceHash, redirectURL)
if err != nil {
2022-05-25 12:30:22 +05:30
log.Debug("Failed to create verification token: ", err)
}
verificationRequest := &models.VerificationRequest{
Token: verificationToken,
ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
Email: email,
Nonce: nonceHash,
RedirectURI: redirectURL,
}
// use magic link login if that option is on
2022-05-30 09:19:55 +05:30
if !isMagicLinkLoginDisabled {
user.SignupMethods = constants.AuthRecipeMethodMagicLinkLogin
verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin
} else {
// use basic authentication if that option is on
user.SignupMethods = constants.AuthRecipeMethodBasicAuth
2022-08-09 01:43:37 +05:30
verificationRequest.Identifier = constants.VerificationTypeInviteMember
2022-08-03 23:20:23 +05:30
isMFAEnforced, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyEnforceMultiFactorAuthentication)
if err != nil {
log.Debug("MFA service not enabled: ", err)
isMFAEnforced = false
}
if isMFAEnforced {
user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
}
2022-03-15 09:57:09 +05:30
verifyEmailURL = appURL + "/setup-password"
}
2022-07-10 21:49:33 +05:30
user, err = db.Provider.AddUser(ctx, user)
if err != nil {
2022-05-25 12:30:22 +05:30
log.Debugf("Error adding user: %s, err: %v", email, err)
2022-03-15 09:57:09 +05:30
return nil, err
}
2022-07-10 21:49:33 +05:30
_, err = db.Provider.AddVerificationRequest(ctx, verificationRequest)
if err != nil {
2022-05-25 12:30:22 +05:30
log.Debugf("Error adding verification request: %s, err: %v", email, err)
2022-03-15 09:57:09 +05:30
return nil, err
}
2022-08-09 01:43:37 +05:30
// exec it as go routine so that we can reduce the api latency
2023-10-26 00:55:10 +05:30
go emailservice.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeInviteMember, map[string]interface{}{
2022-08-09 01:43:37 +05:30
"user": user.ToMap(),
"organization": utils.GetOrganization(),
2022-08-09 09:07:47 +05:30
"verification_url": utils.GetInviteVerificationURL(verifyEmailURL, verificationToken, redirectURL),
2022-08-09 01:43:37 +05:30
})
}
InvitedUsers := []*model.User{}
2023-04-19 15:38:30 +03:00
for _, email := range newEmails {
user, err := db.Provider.GetUserByEmail(ctx, email)
if err != nil {
log.Debugf("err: %s", err.Error())
2023-04-19 15:31:57 +03:00
return nil, err
}
InvitedUsers = append(InvitedUsers, &model.User{
Email: user.Email,
ID: user.ID,
})
}
return &model.InviteMembersResponse{
2022-03-15 09:57:09 +05:30
Message: fmt.Sprintf("%d user(s) invited successfully.", len(newEmails)),
Users: InvitedUsers,
2022-03-15 09:57:09 +05:30
}, nil
}