From c5f7673cf291a45e7bff7504b74ba69356c396a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Hu=C3=9F?= Date: Tue, 14 Jun 2022 10:35:34 +0200 Subject: [PATCH] Change following the review suggestions of Alex and Moriz --- backend/.env.dist | 1 - backend/.env.template | 1 - backend/src/config/index.ts | 1 - .../src/graphql/resolver/UserResolver.test.ts | 2 +- backend/src/graphql/resolver/UserResolver.ts | 28 +++++++++++-------- .../sendAccountMultiRegistrationEmail.test.ts | 3 +- .../sendAccountMultiRegistrationEmail.ts | 1 - .../mailer/text/accountMultiRegistration.ts | 5 ++-- deployment/bare_metal/.env.dist | 1 - 9 files changed, 22 insertions(+), 21 deletions(-) diff --git a/backend/.env.dist b/backend/.env.dist index 2bbc5c9d1..62b786456 100644 --- a/backend/.env.dist +++ b/backend/.env.dist @@ -45,7 +45,6 @@ EMAIL_LINK_VERIFICATION=http://localhost/checkEmail/{optin}{code} EMAIL_LINK_SETPASSWORD=http://localhost/reset-password/{optin} EMAIL_LINK_FORGOTPASSWORD=http://localhost/forgot-password EMAIL_LINK_OVERVIEW=http://localhost/overview -EMAIL_LINK_SUPPORT=https://gradido.net/de/contact/ EMAIL_CODE_VALID_TIME=1440 EMAIL_CODE_REQUEST_TIME=10 diff --git a/backend/.env.template b/backend/.env.template index 07dd0edc2..60e2676f8 100644 --- a/backend/.env.template +++ b/backend/.env.template @@ -44,7 +44,6 @@ EMAIL_LINK_VERIFICATION=$EMAIL_LINK_VERIFICATION EMAIL_LINK_SETPASSWORD=$EMAIL_LINK_SETPASSWORD EMAIL_LINK_FORGOTPASSWORD=$EMAIL_LINK_FORGOTPASSWORD EMAIL_LINK_OVERVIEW=$EMAIL_LINK_OVERVIEW -EMAIL_LINK_SUPPORT=$EMAIL_LINK_SUPPORT EMAIL_CODE_VALID_TIME=$EMAIL_CODE_VALID_TIME EMAIL_CODE_REQUEST_TIME=$EMAIL_CODE_REQUEST_TIME diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts index 100206b48..5736e6d8a 100644 --- a/backend/src/config/index.ts +++ b/backend/src/config/index.ts @@ -77,7 +77,6 @@ const email = { EMAIL_LINK_FORGOTPASSWORD: process.env.EMAIL_LINK_FORGOTPASSWORD || 'http://localhost/forgot-password', EMAIL_LINK_OVERVIEW: process.env.EMAIL_LINK_OVERVIEW || 'http://localhost/overview', - EMAIL_LINK_SUPPORT: process.env.EMAIL_LINK_SUPPORT || 'https://gradido.net/de/contact/', // time in minutes a optin code is valid EMAIL_CODE_VALID_TIME: process.env.EMAIL_CODE_VALID_TIME ? parseInt(process.env.EMAIL_CODE_VALID_TIME) || 1440 diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts index a880cf3f9..970011857 100644 --- a/backend/src/graphql/resolver/UserResolver.test.ts +++ b/backend/src/graphql/resolver/UserResolver.test.ts @@ -159,7 +159,7 @@ describe('UserResolver', () => { }) describe('email already exists', () => { - let mutation: any + let mutation: User beforeAll(async () => { mutation = await mutate({ mutation: createUser, variables }) }) diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts index df610384d..a5962526c 100644 --- a/backend/src/graphql/resolver/UserResolver.ts +++ b/backend/src/graphql/resolver/UserResolver.ts @@ -7,6 +7,7 @@ import { getConnection } from '@dbTools/typeorm' import CONFIG from '@/config' import { User } from '@model/User' import { User as DbUser } from '@entity/User' +import { communityDbUser } from '@/util/communityUser' import { TransactionLink as dbTransactionLink } from '@entity/TransactionLink' import { encode } from '@/auth/JWT' import CreateUserArgs from '@arg/CreateUserArgs' @@ -330,19 +331,20 @@ export class UserResolver { // TODO we cannot use repository.count(), since it does not allow to specify if you want to include the soft deletes const userFound = await DbUser.findOne({ email }, { withDeleted: true }) logger.info(`DbUser.findOne(email=${email}) = ${userFound}`) - const dbUser = new DbUser() + if (userFound) { logger.info('User already exists with this email=' + email) // TODO: this is unsecure, but the current implementation of the login server. This way it can be queried if the user with given EMail is existent. - dbUser.id = sodium.randombytes_random() % (2048 * 16) - dbUser.email = email - dbUser.firstName = firstName - dbUser.lastName = lastName - dbUser.emailHash = emailHash - dbUser.language = language - dbUser.publisherId = publisherId - dbUser.passphrase = passphrase.join(' ') - logger.debug('partly faked dbUser=' + dbUser) + + const user = new User(communityDbUser) + user.id = sodium.randombytes_random() % (2048 * 16) + user.email = email + user.emailChecked = true + user.firstName = firstName + user.lastName = lastName + user.language = language + user.publisherId = publisherId + logger.debug('partly faked user=' + user) // eslint-disable-next-line @typescript-eslint/no-unused-vars const emailSent = await sendAccountMultiRegistrationEmail({ @@ -357,11 +359,14 @@ export class UserResolver { logger.debug(`Email not send!`) } logger.info('createUser() faked and send multi registration mail...') + + return user } else { // const keyPair = KeyPairEd25519Create(passphrase) // return pub, priv Key // const passwordHash = SecretKeyCryptographyCreateKey(email, password) // return short and long hash // const encryptedPrivkey = SecretKeyCryptographyEncrypt(keyPair[1], passwordHash[1]) + const dbUser = new DbUser() dbUser.email = email dbUser.firstName = firstName dbUser.lastName = lastName @@ -428,8 +433,9 @@ export class UserResolver { await queryRunner.release() } logger.info('createUser() successful...') + + return new User(dbUser) } - return new User(dbUser) } @Authorized([RIGHTS.SEND_RESET_PASSWORD_EMAIL]) diff --git a/backend/src/mailer/sendAccountMultiRegistrationEmail.test.ts b/backend/src/mailer/sendAccountMultiRegistrationEmail.test.ts index ba71b8b37..bb37a196e 100644 --- a/backend/src/mailer/sendAccountMultiRegistrationEmail.test.ts +++ b/backend/src/mailer/sendAccountMultiRegistrationEmail.test.ts @@ -1,3 +1,4 @@ +import CONFIG from '@/config' import { sendAccountMultiRegistrationEmail } from './sendAccountMultiRegistrationEmail' import { sendEMail } from './sendEMail' @@ -23,7 +24,7 @@ describe('sendAccountMultiRegistrationEmail', () => { subject: 'Gradido: Erneuter Registrierungsversuch mit deiner E-Mail', text: expect.stringContaining('Hallo Peter Lustig') && - expect.stringContaining('http://localhost/forgot-password') && + expect.stringContaining(CONFIG.EMAIL_LINK_FORGOTPASSWORD) && expect.stringContaining('https://gradido.net/de/contact/'), }) }) diff --git a/backend/src/mailer/sendAccountMultiRegistrationEmail.ts b/backend/src/mailer/sendAccountMultiRegistrationEmail.ts index 8999e9e2b..18928770b 100644 --- a/backend/src/mailer/sendAccountMultiRegistrationEmail.ts +++ b/backend/src/mailer/sendAccountMultiRegistrationEmail.ts @@ -13,7 +13,6 @@ export const sendAccountMultiRegistrationEmail = (data: { text: accountMultiRegistration.de.text({ ...data, resendLink: CONFIG.EMAIL_LINK_FORGOTPASSWORD, - supportLink: CONFIG.EMAIL_LINK_SUPPORT, }), }) } diff --git a/backend/src/mailer/text/accountMultiRegistration.ts b/backend/src/mailer/text/accountMultiRegistration.ts index 809ae1419..c5b55bac5 100644 --- a/backend/src/mailer/text/accountMultiRegistration.ts +++ b/backend/src/mailer/text/accountMultiRegistration.ts @@ -6,19 +6,18 @@ export const accountMultiRegistration = { lastName: string email: string resendLink: string - supportLink: string }): string => `Hallo ${data.firstName} ${data.lastName}, Deine E-Mail-Adresse wurde soeben erneut benutzt, um bei Gradido ein Konto zu registrieren. Es existiert jedoch zu deiner E-Mail-Adresse schon ein Konto. -Klicke bitte auf den folgenden Link, falls zu dein Passwort vergessen haben solltest: +Klicke bitte auf den folgenden Link, falls du dein Passwort vergessen haben solltest: ${data.resendLink} oder kopiere den obigen Link in dein Browserfenster. Wenn du nicht derjenige bist, der sich versucht hat erneut zu registrieren, wende dich bitte an unseren support: -${data.supportLink} +https://gradido.net/de/contact/ Mit freundlichen Grüßen, dein Gradido-Team`, diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index ac31a8524..a1751a859 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -47,7 +47,6 @@ EMAIL_LINK_VERIFICATION=https://stage1.gradido.net/checkEmail/{optin}{code} EMAIL_LINK_SETPASSWORD=https://stage1.gradido.net/reset-password/{optin} EMAIL_LINK_FORGOTPASSWORD=https://stage1.gradido.net/forgot-password EMAIL_LINK_OVERVIEW=https://stage1.gradido.net/overview -EMAIL_LINK_SUPPORT=https://gradido.net/de/contact/ EMAIL_CODE_VALID_TIME=1440 EMAIL_CODE_REQUEST_TIME=10