Merge pull request #50 from Makespace/fix_login_out

Log in / out fixes
Makespace · Jul 16, 2024 · 0659730 · 0659730
2 parents 5a36428 + 3cd2a8e
commit 0659730
Show file tree

Hide file tree

Showing 42 changed files with 214 additions and 184 deletions.
diff --git a/src/authentication/auth-routes.ts b/src/authentication/auth-routes.ts
@@ -1,13 +1,16 @@
+import {Dependencies} from '../dependencies';
 import {Route, get, post} from '../types/route';
 import {auth, callback, invalidLink, logIn, logOut} from './handlers';
 
 export const logInPath = '/log-in';
 const invalidLinkPath = '/auth/invalid-magic-link';
 
-export const authRoutes: ReadonlyArray<Route> = [
-  get(logInPath, logIn),
-  get('/log-out', logOut),
-  post('/auth', auth),
-  get('/auth/callback', callback(invalidLinkPath)),
-  get(invalidLinkPath, invalidLink(logInPath)),
-];
+export const authRoutes = (deps: Dependencies): ReadonlyArray<Route> => {
+  return [
+    get(logInPath, logIn(deps)),
+    get('/log-out', logOut),
+    post('/auth', auth),
+    get('/auth/callback', callback(invalidLinkPath)),
+    get(invalidLinkPath, invalidLink(logInPath)),
+  ];
+};
diff --git a/src/authentication/check-your-mail.ts b/src/authentication/check-your-mail.ts
@@ -1,6 +1,5 @@
-import * as O from 'fp-ts/Option';
-import {pageTemplate} from '../templates';
 import Handlebars from 'handlebars';
+import {isolatedPageTemplate} from '../templates/page-template';
 
 const CHECK_YOUR_MAIL_TEMPLATE = Handlebars.compile(
   `
@@ -14,10 +13,7 @@ const CHECK_YOUR_MAIL_TEMPLATE = Handlebars.compile(
 );
 
 export const checkYourMailPage = (submittedEmailAddress: string) =>
-  pageTemplate(
-    'Check your mail',
-    O.none
-  )(
+  isolatedPageTemplate('Check your mail')(
     new Handlebars.SafeString(
       CHECK_YOUR_MAIL_TEMPLATE({
         submittedEmailAddress,

diff --git a/src/authentication/handlers.ts b/src/authentication/handlers.ts
@@ -3,16 +3,29 @@ import {Request, Response} from 'express';
 import {pipe} from 'fp-ts/lib/function';
 import {parseEmailAddressFromBody} from './parse-email-address-from-body';
 import * as E from 'fp-ts/Either';
+import * as O from 'fp-ts/Option';
 import {publish} from 'pubsub-js';
 import passport from 'passport';
 import {magicLink} from './magic-link';
 import {logInPage} from './log-in-page';
 import {checkYourMailPage} from './check-your-mail';
 import {oopsPage} from '../templates';
 import {StatusCodes} from 'http-status-codes';
+import {SafeString} from 'handlebars';
+import {getUserFromSession} from './get-user-from-session';
+import {Dependencies} from '../dependencies';
 
-export const logIn = (req: Request, res: Response) => {
-  res.status(StatusCodes.OK).send(logInPage);
+export const logIn = (deps: Dependencies) => (req: Request, res: Response) => {
+  pipe(
+    req.session,
+    getUserFromSession(deps),
+    O.match(
+      () => {
+        res.status(StatusCodes.OK).send(logInPage);
+      },
+      _user => res.redirect('/')
+    )
+  );
 };
 
 export const logOut = (req: Request, res: Response) => {
@@ -41,7 +54,9 @@ export const invalidLink =
       .status(StatusCodes.UNAUTHORIZED)
       .send(
         oopsPage(
-          `The link you have used is (no longer) valid. Go back to the <a href=${logInPath}>log in</a>`
+          new SafeString(
+            `The link you have used is (no longer) valid. Go back to the <a href=${logInPath}>log in</a>`
+          )
         )
       );
   };

diff --git a/src/authentication/log-in-page.ts b/src/authentication/log-in-page.ts
@@ -1,6 +1,5 @@
-import * as O from 'fp-ts/Option';
-import {pageTemplate} from '../templates';
 import Handlebars, {SafeString} from 'handlebars';
+import {isolatedPageTemplate} from '../templates/page-template';
 
 const LOGIN_PAGE_TEMPLATE = Handlebars.compile(
   `
@@ -14,7 +13,6 @@ const LOGIN_PAGE_TEMPLATE = Handlebars.compile(
   `
 );
 
-export const logInPage = pageTemplate(
-  'MakeSpace Members App',
-  O.none
-)(new SafeString(LOGIN_PAGE_TEMPLATE({})));
+export const logInPage = isolatedPageTemplate('MakeSpace Members App')(
+  new SafeString(LOGIN_PAGE_TEMPLATE({}))
+);
diff --git a/src/authentication/magic-link.ts b/src/authentication/magic-link.ts
@@ -7,6 +7,8 @@ import jwt from 'jsonwebtoken';
 import {Config} from '../configuration';
 import {Dependencies} from '../dependencies';
 import {User} from '../types/user';
+import {logPassThru} from '../util';
+import {Logger} from 'pino';
 
 const createMagicLink = (conf: Config) => (user: User) =>
   pipe(
@@ -24,19 +26,21 @@ const verifyToken = (token: string, secret: Config['TOKEN_SECRET']) =>
     failure('Could not verify token')
   );
 
-const decodeMagicLinkFromQuery = (conf: Config) => (input: unknown) =>
-  pipe(
-    input,
-    MagicLinkQuery.decode,
-    E.chainW(({token}) => verifyToken(token, conf.TOKEN_SECRET)),
-    E.chainW(User.decode)
-  );
+const decodeMagicLinkFromQuery =
+  (logger: Logger, conf: Config) => (input: unknown) =>
+    pipe(
+      input,
+      logPassThru(logger, 'Attempting to decode magic link from query'), // Logging is required as a basic form of auth enumeration detection.
+      MagicLinkQuery.decode,
+      E.chainW(({token}) => verifyToken(token, conf.TOKEN_SECRET)),
+      E.chainW(User.decode)
+    );
 
 const strategy = (deps: Dependencies, conf: Config) => {
   return new CustomStrategy((req, done) => {
     pipe(
       req.query,
-      decodeMagicLinkFromQuery(conf),
+      decodeMagicLinkFromQuery(deps.logger, conf),
       E.match(
         error => {
           deps.logger.info(

diff --git a/src/commands/area/add-owner-form.ts b/src/commands/area/add-owner-form.ts
@@ -32,7 +32,9 @@ Handlebars.registerPartial(
 );
 
 Handlebars.registerHelper('member_name_or_contact', (member: MemberDetails) =>
-  O.isSome(member.name) ? member.name : `${member.number} ${member.email}`
+  O.isSome(member.name)
+    ? member.name
+    : `${member.memberNumber} ${member.emailAddress}`
 );
 
 Handlebars.registerPartial(
@@ -101,7 +103,7 @@ const ADD_OWNER_FORM_TEMPLATE = Handlebars.compile(
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Add Owner',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(ADD_OWNER_FORM_TEMPLATE(viewModel)));
 
 const paramsCodec = t.strict({

diff --git a/src/commands/area/create-form.ts b/src/commands/area/create-form.ts
@@ -1,6 +1,5 @@
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
 import {User} from '../../types';
 import {v4} from 'uuid';
 import {Form} from '../../types/form';
@@ -25,7 +24,7 @@ const CREATE_FORM_TEMPLATE = Handlebars.compile(
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Create Area',
-    O.some(viewModel.user)
+    viewModel.user
   )(
     new SafeString(
       CREATE_FORM_TEMPLATE({

diff --git a/src/commands/equipment/add-form.ts b/src/commands/equipment/add-form.ts
@@ -2,7 +2,6 @@ import {pipe} from 'fp-ts/lib/function';
 import * as t from 'io-ts';
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
 import {DomainEvent, User} from '../../types';
 import {v4} from 'uuid';
 import {Form} from '../../types/form';
@@ -33,7 +32,7 @@ const RENDER_ADD_EQUIPMENT_FORM_TEMPLATE = Handlebars.compile(`
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Create Equipment',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_ADD_EQUIPMENT_FORM_TEMPLATE(viewModel)));
 
 const getAreaId = (input: unknown) =>

diff --git a/src/commands/equipment/register-training-sheet-form.ts b/src/commands/equipment/register-training-sheet-form.ts
@@ -1,5 +1,4 @@
 import {pipe} from 'fp-ts/lib/function';
-import * as O from 'fp-ts/Option';
 import * as E from 'fp-ts/Either';
 import {User} from '../../types';
 import {Form} from '../../types/form';
@@ -33,7 +32,7 @@ const RENDER_REGISTER_TRAINING_SHEET_TEMPLATE = Handlebars.compile(
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Register training sheet',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_REGISTER_TRAINING_SHEET_TEMPLATE(viewModel)));
 
 const constructForm: Form<ViewModel>['constructForm'] =

diff --git a/src/commands/member-numbers/link-number-to-email-form.ts b/src/commands/member-numbers/link-number-to-email-form.ts
@@ -1,6 +1,5 @@
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
 import {User} from '../../types';
 import {Form} from '../../types/form';
 import Handlebars, {SafeString} from 'handlebars';
@@ -26,7 +25,7 @@ const RENDER_LINK_NUMBER_TO_EMAIL_TEMPLATE = Handlebars.compile(`
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Link a member number to an e-mail address',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_LINK_NUMBER_TO_EMAIL_TEMPLATE(viewModel)));
 
 const constructForm: Form<ViewModel>['constructForm'] =

diff --git a/src/commands/members/edit-name-form.ts b/src/commands/members/edit-name-form.ts
@@ -1,7 +1,6 @@
 import {flow, pipe} from 'fp-ts/lib/function';
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
 import {User} from '../../types';
 import {Form} from '../../types/form';
 import * as t from 'io-ts';
@@ -33,7 +32,7 @@ const RENDER_EDIT_NAME_FORM_TEMPLATE = Handlebars.compile(`
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Edit name',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_EDIT_NAME_FORM_TEMPLATE(viewModel)));
 
 const paramsCodec = t.strict({

diff --git a/src/commands/members/edit-pronouns-form.ts b/src/commands/members/edit-pronouns-form.ts
@@ -1,7 +1,6 @@
 import {flow, pipe} from 'fp-ts/lib/function';
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
 import {User} from '../../types';
 import {Form} from '../../types/form';
 import * as t from 'io-ts';
@@ -33,7 +32,7 @@ const RENDER_EDIT_PRONOUNS_TEMPLATE = Handlebars.compile(`
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Edit pronouns',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_EDIT_PRONOUNS_TEMPLATE(viewModel)));
 
 const paramsCodec = t.strict({

diff --git a/src/commands/members/sign-owner-agreement-form.ts b/src/commands/members/sign-owner-agreement-form.ts
@@ -1,6 +1,5 @@
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
 import {Form} from '../../types/form';
 import {User} from '../../types';
 import Handlebars, {SafeString} from 'handlebars';
@@ -31,7 +30,7 @@ const SIGN_OWNER_AGREEMENT_FORM_TEMPLATE = Handlebars.compile(`
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Sign Owner Agreement',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(SIGN_OWNER_AGREEMENT_FORM_TEMPLATE(viewModel)));
 
 const constructForm: Form<ViewModel>['constructForm'] =

diff --git a/src/commands/owner-agreement-invite/index.ts b/src/commands/owner-agreement-invite/index.ts
@@ -33,7 +33,7 @@ const constructEmail: SendEmail<OwnerAgreementInvite>['constructEmail'] = (
     ),
     E.map(
       (member): Email => ({
-        recipient: member.email as EmailAddress,
+        recipient: member.emailAddress as EmailAddress,
         text: textEmailTemplate(conf.PUBLIC_URL),
         subject: 'Sign the MS Owner Agreement',
         html: htmlEmailTemplate(conf.PUBLIC_URL),

diff --git a/src/commands/super-user/declare-form.ts b/src/commands/super-user/declare-form.ts
@@ -1,6 +1,5 @@
 import * as E from 'fp-ts/Either';
 import {pipe} from 'fp-ts/lib/function';
-import * as O from 'fp-ts/Option';
 import {pageTemplate} from '../../templates';
 import {User, MemberDetails} from '../../types';
 import {Form} from '../../types/form';
@@ -28,7 +27,7 @@ const RENDER_DECLARE_SUPER_USER_TEMPLATE = Handlebars.compile(
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Declare super user',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_DECLARE_SUPER_USER_TEMPLATE(viewModel)));
 
 const constructForm: Form<ViewModel>['constructForm'] =

diff --git a/src/commands/super-user/revoke-form.ts b/src/commands/super-user/revoke-form.ts
@@ -3,7 +3,6 @@ import * as tt from 'io-ts-types';
 import * as t from 'io-ts';
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
 import {User} from '../../types';
 import {failureWithStatus} from '../../types/failure-with-status';
 import {StatusCodes} from 'http-status-codes';
@@ -39,7 +38,7 @@ const RENDER_REVOKE_SUPER_USER_TEMPLATE = Handlebars.compile(`
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Revoke super user',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_REVOKE_SUPER_USER_TEMPLATE(viewModel)));
 
 const paramsCodec = t.strict({

diff --git a/src/commands/trainers/add-trainer-form.ts b/src/commands/trainers/add-trainer-form.ts
@@ -2,8 +2,7 @@ import {pipe} from 'fp-ts/lib/function';
 import * as t from 'io-ts';
 import * as E from 'fp-ts/Either';
 import {pageTemplate} from '../../templates';
-import * as O from 'fp-ts/Option';
-import {DomainEvent, User} from '../../types';
+import {DomainEvent, Member, User} from '../../types';
 import {Form} from '../../types/form';
 import {formatValidationErrors} from 'io-ts-reporters';
 import {failureWithStatus} from '../../types/failure-with-status';
@@ -13,10 +12,7 @@ import Handlebars, {SafeString} from 'handlebars';
 
 type ViewModel = {
   user: User;
-  members: ReadonlyArray<{
-    number: number;
-    email: string;
-  }>;
+  members: ReadonlyArray<Member>;
   equipmentId: string;
   equipmentName: string;
 };
@@ -34,11 +30,11 @@ const RENDER_ADD_TRAINER_FORM_TEMPLATE = Handlebars.compile(`
     <tbody>
       {{#each members}}
         <tr>
-          <td>{{this.email}}</td>
-          <td>{{this.number}}</td>
+          <td>{{this.emailAddress}}</td>
+          <td>{{this.memberNumber}}</td>
           <td>
             <form action="#" method="post">
-              <input type="hidden" name="memberNumber" value="{{this.number}}" />
+              <input type="hidden" name="memberNumber" value="{{this.memberNumber}}" />
               <input
                 type="hidden"
                 name="equipmentId"
@@ -56,7 +52,7 @@ const RENDER_ADD_TRAINER_FORM_TEMPLATE = Handlebars.compile(`
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Add Trainer',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_ADD_TRAINER_FORM_TEMPLATE(viewModel)));
 
 const getEquipmentId = (input: unknown) =>

diff --git a/src/commands/trainers/mark-member-trained-form.ts b/src/commands/trainers/mark-member-trained-form.ts
@@ -1,6 +1,5 @@
 import Handlebars, {SafeString} from 'handlebars';
 import {pipe} from 'fp-ts/lib/function';
-import * as O from 'fp-ts/Option';
 import * as E from 'fp-ts/Either';
 import {User, MemberDetails} from '../../types';
 import {Form} from '../../types/form';
@@ -38,7 +37,7 @@ const RENDER_MARK_MEMBER_TRAINED_TEMPLATE = Handlebars.compile(
 const renderForm = (viewModel: ViewModel) =>
   pageTemplate(
     'Member Training Complete',
-    O.some(viewModel.user)
+    viewModel.user
   )(new SafeString(RENDER_MARK_MEMBER_TRAINED_TEMPLATE(viewModel)));
 
 const constructForm: Form<ViewModel>['constructForm'] =