From 5e6ee8d9b0c3af61f714fcb636e2f60d503a2986 Mon Sep 17 00:00:00 2001
From: Lakhan Samani <lakhan.m.samani@gmail.com>
Date: Tue, 15 Mar 2022 09:57:09 +0530
Subject: [PATCH] fix: setup-password flow

---
 server/email/invite_email.go       |  2 +-
 server/resolvers/invite_members.go | 41 +++++++++++++++---------------
 server/resolvers/session.go        |  8 ++++--
 server/test/invite_member_test.go  |  1 +
 server/utils/urls.go               |  2 +-
 5 files changed, 30 insertions(+), 24 deletions(-)
 create mode 100644 server/test/invite_member_test.go

diff --git a/server/email/invite_email.go b/server/email/invite_email.go
index 23a5cf3..7db1a0a 100644
--- a/server/email/invite_email.go
+++ b/server/email/invite_email.go
@@ -102,7 +102,7 @@ func InviteEmail(toEmail, token, url string) error {
 	data["org_logo"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
 	data["org_name"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
 	data["verification_url"] = url + "?token=" + token
-	message = addEmailTemplate(message, data, "verify_email.tmpl")
+	message = addEmailTemplate(message, data, "invite_email.tmpl")
 	// bodyMessage := sender.WriteHTMLEmail(Receiver, Subject, message)
 
 	err := SendMail(Receiver, Subject, message)
diff --git a/server/resolvers/invite_members.go b/server/resolvers/invite_members.go
index 649e36a..817cdd1 100644
--- a/server/resolvers/invite_members.go
+++ b/server/resolvers/invite_members.go
@@ -3,6 +3,7 @@ package resolvers
 import (
 	"context"
 	"errors"
+	"fmt"
 	"log"
 	"strings"
 	"time"
@@ -20,22 +21,21 @@ import (
 // InviteMembersResolver resolver to invite members
 func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) (*model.Response, error) {
 	gc, err := utils.GinContextFromContext(ctx)
-	var res *model.Response
 	if err != nil {
-		return res, err
+		return nil, err
 	}
 
 	if !token.IsSuperAdmin(gc) {
-		return res, errors.New("unauthorized")
+		return nil, errors.New("unauthorized")
 	}
 
 	// this feature is only allowed if email server is configured
 	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
-		return res, errors.New("email sending is disabled")
+		return nil, errors.New("email sending is disabled")
 	}
 
 	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) && envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
-		return res, errors.New("either basic authentication or magic link login is required")
+		return nil, errors.New("either basic authentication or magic link login is required")
 	}
 
 	// filter valid emails
@@ -47,8 +47,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	}
 
 	if len(emails) == 0 {
-		res.Message = "No valid emails found"
-		return res, errors.New("no valid emails found")
+		return nil, errors.New("no valid emails found")
 	}
 
 	// TODO: optimise to use like query instead of looping through emails and getting user individually
@@ -65,8 +64,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	}
 
 	if len(newEmails) == 0 {
-		res.Message = "All emails already exist"
-		return res, errors.New("all emails already exist")
+		return nil, errors.New("all emails already exist")
 	}
 
 	// invite new emails
@@ -76,17 +74,21 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 			Email: email,
 			Roles: strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ","),
 		}
-		redirectURL := utils.GetAppURL(gc) + "/verify_email"
+		hostname := utils.GetHost(gc)
+		verifyEmailURL := hostname + "/verify_email"
+		appURL := utils.GetAppURL(gc)
+
+		redirectURL := appURL
 		if params.RedirectURI != nil {
 			redirectURL = *params.RedirectURI
 		}
 
 		_, nonceHash, err := utils.GenerateNonce()
 		if err != nil {
-			return res, err
+			return nil, err
 		}
 
-		verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeForgotPassword, redirectURL, nonceHash, redirectURL)
+		verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)
 		if err != nil {
 			log.Println(`error generating token`, err)
 		}
@@ -108,27 +110,26 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 			user.SignupMethods = constants.SignupMethodBasicAuth
 			verificationRequest.Identifier = constants.VerificationTypeForgotPassword
 
-			redirectURL = utils.GetAppURL(gc) + "/setup-password"
-			if params.RedirectURI != nil {
-				redirectURL = *params.RedirectURI
-			}
+			verifyEmailURL = appURL + "/setup-password"
 
 		}
 
 		user, err = db.Provider.AddUser(user)
 		if err != nil {
 			log.Printf("error inviting user: %s, err: %v", email, err)
-			return res, err
+			return nil, err
 		}
 
 		_, err = db.Provider.AddVerificationRequest(verificationRequest)
 		if err != nil {
 			log.Printf("error inviting user: %s, err: %v", email, err)
-			return res, err
+			return nil, err
 		}
 
-		go emailservice.InviteEmail(email, verificationToken, redirectURL)
+		go emailservice.InviteEmail(email, verificationToken, verifyEmailURL)
 	}
 
-	return res, nil
+	return &model.Response{
+		Message: fmt.Sprintf("%d user(s) invited successfully.", len(newEmails)),
+	}, nil
 }
diff --git a/server/resolvers/session.go b/server/resolvers/session.go
index 151321d..e68fe07 100644
--- a/server/resolvers/session.go
+++ b/server/resolvers/session.go
@@ -2,7 +2,9 @@ package resolvers
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"log"
 
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
@@ -24,13 +26,15 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
 
 	sessionToken, err := cookie.GetSession(gc)
 	if err != nil {
-		return res, err
+		log.Println("error getting session token:", err)
+		return res, errors.New("unauthorized")
 	}
 
 	// get session from cookie
 	claims, err := token.ValidateBrowserSession(gc, sessionToken)
 	if err != nil {
-		return res, err
+		log.Println("session validation failed:", err)
+		return res, errors.New("unauthorized")
 	}
 	userID := claims.Subject
 	user, err := db.Provider.GetUserByID(userID)
diff --git a/server/test/invite_member_test.go b/server/test/invite_member_test.go
new file mode 100644
index 0000000..56e5404
--- /dev/null
+++ b/server/test/invite_member_test.go
@@ -0,0 +1 @@
+package test
diff --git a/server/utils/urls.go b/server/utils/urls.go
index e4e6c06..390cfbd 100644
--- a/server/utils/urls.go
+++ b/server/utils/urls.go
@@ -78,7 +78,7 @@ func GetDomainName(uri string) string {
 func GetAppURL(gc *gin.Context) string {
 	envAppURL := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
 	if envAppURL == "" {
-		envAppURL = GetHost(gc) + "/app/"
+		envAppURL = GetHost(gc) + "/app"
 	}
 	return envAppURL
 }