authorizer/server/resolvers/invite_members.go

package resolvers

import (
	"context"
	"errors"
	"fmt"
	"strings"
	"time"

	log "github.com/sirupsen/logrus"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/db/models"
	emailservice "github.com/authorizerdev/authorizer/server/email"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/parsers"
	"github.com/authorizerdev/authorizer/server/refs"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/authorizerdev/authorizer/server/validators"
)

// InviteMembersResolver resolver to invite members
func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) (*model.InviteMembersResponse, error) {
	gc, err := utils.GinContextFromContext(ctx)
	if err != nil {
		log.Debug("Failed to get GinContext: ", err)
		return nil, err
	}

	if !token.IsSuperAdmin(gc) {
		log.Debug("Not logged in as super admin.")
		return nil, errors.New("unauthorized")
	}

	// this feature is only allowed if email server is configured
	EnvKeyIsEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
	if err != nil {
		log.Debug("Error getting email verification disabled: ", err)
		EnvKeyIsEmailServiceEnabled = false
	}

	if !EnvKeyIsEmailServiceEnabled {
		log.Debug("Email server is not configured")
		return nil, errors.New("email sending is disabled")
	}

	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
	if err != nil {
		log.Debug("Failed to get is basic auth disabled")
		return nil, err
	}
	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
	if err != nil {
		log.Debug("Failed to get is magic link login disabled")
		return nil, err
	}
	if isBasicAuthDisabled && isMagicLinkLoginDisabled {
		log.Debug("Basic authentication and Magic link login is disabled.")
		return nil, errors.New("either basic authentication or magic link login is required")
	}

	// filter valid emails
	emails := []string{}
	for _, email := range params.Emails {
		if validators.IsValidEmail(email) {
			emails = append(emails, email)
		}
	}

	if len(emails) == 0 {
		log.Debug("No valid email addresses")
		return nil, errors.New("no valid emails found")
	}

	// TODO: optimise to use like query instead of looping through emails and getting user individually
	// for each emails check if emails exists in db
	newEmails := []string{}
	for _, email := range emails {
		_, err := db.Provider.GetUserByEmail(ctx, email)
		if err != nil {
			log.Debugf("User with %s email not found, so inviting user", email)
			newEmails = append(newEmails, email)
		} else {
			log.Debugf("User with %s email already exists, so not inviting user", email)
		}
	}

	if len(newEmails) == 0 {
		log.Debug("No new emails found.")
		return nil, errors.New("all emails already exist")
	}

	// invite new emails
	for _, email := range newEmails {

		defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
		defaultRoles := []string{}
		if err != nil {
			log.Debug("Error getting default roles: ", err)
			defaultRolesString = ""
		} else {
			defaultRoles = strings.Split(defaultRolesString, ",")
		}

		user := &models.User{
			Email: refs.NewStringRef(email),
			Roles: strings.Join(defaultRoles, ","),
		}
		hostname := parsers.GetHost(gc)
		verifyEmailURL := hostname + "/verify_email"
		appURL := parsers.GetAppURL(gc)

		redirectURL := appURL
		if params.RedirectURI != nil {
			redirectURL = *params.RedirectURI
		}

		_, nonceHash, err := utils.GenerateNonce()
		if err != nil {
			return nil, err
		}

		verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeInviteMember, hostname, nonceHash, redirectURL)
		if err != nil {
			log.Debug("Failed to create verification token: ", err)
		}

		verificationRequest := &models.VerificationRequest{
			Token:       verificationToken,
			ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
			Email:       email,
			Nonce:       nonceHash,
			RedirectURI: redirectURL,
		}

		// use magic link login if that option is on
		if !isMagicLinkLoginDisabled {
			user.SignupMethods = constants.AuthRecipeMethodMagicLinkLogin
			verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin
		} else {
			// use basic authentication if that option is on
			user.SignupMethods = constants.AuthRecipeMethodBasicAuth
			verificationRequest.Identifier = constants.VerificationTypeInviteMember

			isMFAEnforced, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyEnforceMultiFactorAuthentication)
			if err != nil {
				log.Debug("MFA service not enabled: ", err)
				isMFAEnforced = false
			}

			if isMFAEnforced {
				user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
			}
			verifyEmailURL = appURL + "/setup-password"

		}

		user, err = db.Provider.AddUser(ctx, user)
		if err != nil {
			log.Debugf("Error adding user: %s, err: %v", email, err)
			return nil, err
		}

		_, err = db.Provider.AddVerificationRequest(ctx, verificationRequest)
		if err != nil {
			log.Debugf("Error adding verification request: %s, err: %v", email, err)
			return nil, err
		}

		// exec it as go routine so that we can reduce the api latency
		go emailservice.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeInviteMember, map[string]interface{}{
			"user":             user.ToMap(),
			"organization":     utils.GetOrganization(),
			"verification_url": utils.GetInviteVerificationURL(verifyEmailURL, verificationToken, redirectURL),
		})
	}

	InvitedUsers := []*model.User{}

	for _, email := range newEmails {
		user, err := db.Provider.GetUserByEmail(ctx, email)

		if err != nil {
			log.Debugf("err: %s", err.Error())
			return nil, err
		}

		InvitedUsers = append(InvitedUsers, &model.User{
			Email: user.Email,
			ID:    user.ID,
		})

	}

	return &model.InviteMembersResponse{
		Message: fmt.Sprintf("%d user(s) invited successfully.", len(newEmails)),
		Users:   InvitedUsers,
	}, nil
}
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`package resolvers`

			`import (`
			`"context"`
			`"errors"`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`"fmt"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`"strings"`
			`"time"`

feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log "github.com/sirupsen/logrus"`

feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/db"`
			`"github.com/authorizerdev/authorizer/server/db/models"`
			`emailservice "github.com/authorizerdev/authorizer/server/email"`
			`"github.com/authorizerdev/authorizer/server/graph/model"`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`"github.com/authorizerdev/authorizer/server/parsers"`
feat: add managing mfa 2022-08-03 17:50:23 +00:00			`"github.com/authorizerdev/authorizer/server/refs"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`"github.com/authorizerdev/authorizer/server/token"`
			`"github.com/authorizerdev/authorizer/server/utils"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`"github.com/authorizerdev/authorizer/server/validators"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`)`

			`// InviteMembersResolver resolver to invite members`
Invite members resolver updated to return user info 2023-04-19 11:46:27 +00:00			`func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) (*model.InviteMembersResponse, error) {`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`gc, err := utils.GinContextFromContext(ctx)`
			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to get GinContext: ", err)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`if !token.IsSuperAdmin(gc) {`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log.Debug("Not logged in as super admin.")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("unauthorized")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// this feature is only allowed if email server is configured`
feat: add sending otp 2022-07-29 14:19:50 +00:00			`EnvKeyIsEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if err != nil {`
			`log.Debug("Error getting email verification disabled: ", err)`
feat: add sending otp 2022-07-29 14:19:50 +00:00			`EnvKeyIsEmailServiceEnabled = false`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`}`

feat: add sending otp 2022-07-29 14:19:50 +00:00			`if !EnvKeyIsEmailServiceEnabled {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Email server is not configured")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("email sending is disabled")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)`
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`if err != nil {`
			`log.Debug("Failed to get is basic auth disabled")`
			`return nil, err`
			`}`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)`
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`if err != nil {`
			`log.Debug("Failed to get is magic link login disabled")`
			`return nil, err`
			`}`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if isBasicAuthDisabled && isMagicLinkLoginDisabled {`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log.Debug("Basic authentication and Magic link login is disabled.")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("either basic authentication or magic link login is required")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// filter valid emails`
			`emails := []string{}`
			`for _, email := range params.Emails {`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`if validators.IsValidEmail(email) {`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`emails = append(emails, email)`
			`}`
			`}`

			`if len(emails) == 0 {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("No valid email addresses")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("no valid emails found")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// TODO: optimise to use like query instead of looping through emails and getting user individually`
			`// for each emails check if emails exists in db`
			`newEmails := []string{}`
			`for _, email := range emails {`
feat: implement resolvers 2022-07-10 16:19:33 +00:00			`_, err := db.Provider.GetUserByEmail(ctx, email)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("User with %s email not found, so inviting user", email)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`newEmails = append(newEmails, email)`
			`} else {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("User with %s email already exists, so not inviting user", email)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`
			`}`

			`if len(newEmails) == 0 {`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00			`log.Debug("No new emails found.")`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, errors.New("all emails already exist")`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

			`// invite new emails`
			`for _, email := range newEmails {`

fix: slice envs 2022-05-31 02:44:03 +00:00			`defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)`
			`defaultRoles := []string{}`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if err != nil {`
			`log.Debug("Error getting default roles: ", err)`
fix: slice envs 2022-05-31 02:44:03 +00:00			`defaultRolesString = ""`
			`} else {`
			`defaultRoles = strings.Split(defaultRolesString, ",")`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`}`
fix: slice envs 2022-05-31 02:44:03 +00:00
fix: refs for db provider and few utils 2023-07-31 11:12:11 +00:00			`user := &models.User{`
Allow empty email 2023-10-25 19:25:10 +00:00			`Email: refs.NewStringRef(email),`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`Roles: strings.Join(defaultRoles, ","),`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`hostname := parsers.GetHost(gc)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`verifyEmailURL := hostname + "/verify_email"`
fix: import cycle issues 2022-05-30 06:24:16 +00:00			`appURL := parsers.GetAppURL(gc)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00
			`redirectURL := appURL`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if params.RedirectURI != nil {`
			`redirectURL = *params.RedirectURI`
			`}`

			`_, nonceHash, err := utils.GenerateNonce()`
			`if err != nil {`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

feat: send email based on template 2022-08-08 20:13:37 +00:00			`verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeInviteMember, hostname, nonceHash, redirectURL)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Failed to create verification token: ", err)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

fix: refs for db provider and few utils 2023-07-31 11:12:11 +00:00			`verificationRequest := &models.VerificationRequest{`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`Token: verificationToken,`
			`ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),`
			`Email: email,`
			`Nonce: nonceHash,`
			`RedirectURI: redirectURL,`
			`}`

			`// use magic link login if that option is on`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`if !isMagicLinkLoginDisabled {`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`user.SignupMethods = constants.AuthRecipeMethodMagicLinkLogin`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin`
			`} else {`
			`// use basic authentication if that option is on`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`user.SignupMethods = constants.AuthRecipeMethodBasicAuth`
feat: send email based on template 2022-08-08 20:13:37 +00:00			`verificationRequest.Identifier = constants.VerificationTypeInviteMember`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00
feat: add managing mfa 2022-08-03 17:50:23 +00:00			`isMFAEnforced, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyEnforceMultiFactorAuthentication)`
			`if err != nil {`
			`log.Debug("MFA service not enabled: ", err)`
			`isMFAEnforced = false`
			`}`

			`if isMFAEnforced {`
			`user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)`
			`}`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`verifyEmailURL = appURL + "/setup-password"`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00
			`}`

feat: implement resolvers 2022-07-10 16:19:33 +00:00			`user, err = db.Provider.AddUser(ctx, user)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("Error adding user: %s, err: %v", email, err)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

feat: implement resolvers 2022-07-10 16:19:33 +00:00			`_, err = db.Provider.AddVerificationRequest(ctx, verificationRequest)`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`if err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debugf("Error adding verification request: %s, err: %v", email, err)`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`return nil, err`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

feat: send email based on template 2022-08-08 20:13:37 +00:00			`// exec it as go routine so that we can reduce the api latency`
Allow empty email 2023-10-25 19:25:10 +00:00			`go emailservice.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeInviteMember, map[string]interface{}{`
feat: send email based on template 2022-08-08 20:13:37 +00:00			`"user": user.ToMap(),`
			`"organization": utils.GetOrganization(),`
fix: template respone & ui 2022-08-09 03:37:47 +00:00			`"verification_url": utils.GetInviteVerificationURL(verifyEmailURL, verificationToken, redirectURL),`
feat: send email based on template 2022-08-08 20:13:37 +00:00			`})`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`

Invite members resolver updated to return user info 2023-04-19 11:46:27 +00:00			`InvitedUsers := []*model.User{}`

Return the new emails only 2023-04-19 12:38:30 +00:00			`for _, email := range newEmails {`
Invite members resolver updated to return user info 2023-04-19 11:46:27 +00:00			`user, err := db.Provider.GetUserByEmail(ctx, email)`

			`if err != nil {`
			`log.Debugf("err: %s", err.Error())`
return err on err 2023-04-19 12:31:57 +00:00			`return nil, err`
Invite members resolver updated to return user info 2023-04-19 11:46:27 +00:00			`}`

			`InvitedUsers = append(InvitedUsers, &model.User{`
			`Email: user.Email,`
			`ID: user.ID,`
			`})`

			`}`

			`return &model.InviteMembersResponse{`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`Message: fmt.Sprintf("%d user(s) invited successfully.", len(newEmails)),`
Invite members resolver updated to return user info 2023-04-19 11:46:27 +00:00			`Users: InvitedUsers,`
fix: setup-password flow 2022-03-15 04:27:09 +00:00			`}, nil`
feat: add resolver for inviting members 2022-03-15 03:23:48 +00:00			`}`