Merge pull request #308 from Jeddf/profile-hashes

Joseph Wilk · web-flow · commit 9244b8406020 · 2019-12-13T15:51:18.000Z
Profile password hashes
diff --git a/lib/profile-utils.js b/lib/profile-utils.js
@@ -0,0 +1,10 @@
+const bcrypt = require('bcryptjs');
+const saltRounds = process.env.NODE_ENV == 'test' ? 5 : 12;
+
+const encodePassword = async input => {
+  const salt = await bcrypt.genSalt(saltRounds);
+
+  return await bcrypt.hash(input, salt);
+};
+
+module.exports = { encodePassword };
diff --git a/package.json b/package.json
@@ -28,6 +28,7 @@
   },
   "dependencies": {
     "async": "0.9.0",
+    "bcryptjs": "2.4.3",
     "camelcase": "^4.1.0",
     "cp-i18n-lib": "git+https://github.com/CoderDojo/cp-i18n-lib.git",
     "cp-logs-lib": "git://github.com/CoderDojo/cp-logs-lib#1.1.0",
diff --git a/scripts/database/pg/migrations/027.do.add-profile-hash.sql b/scripts/database/pg/migrations/027.do.add-profile-hash.sql
@@ -0,0 +1,9 @@
+DO $$ 
+    BEGIN
+        BEGIN
+            ALTER TABLE sys_user ADD COLUMN profile_password character varying;
+        EXCEPTION
+            WHEN duplicate_column THEN RAISE NOTICE 'column profile_password already exists in sys_user.';
+        END;
+    END;
+$$
diff --git a/users.js b/users.js
@@ -7,6 +7,8 @@ var moment = require('moment');
 var pg = require('pg');
 var crypto = require('crypto');
 
+var profileUtils = require('./lib/profile-utils');
+
 module.exports = function (options) {
   var seneca = this;
   var plugin = 'cd-users';
@@ -30,6 +32,7 @@ module.exports = function (options) {
   seneca.add({role: plugin, cmd: 'load_champions_for_user'}, cmd_load_champions_for_user);
   seneca.add({role: plugin, cmd: 'load_dojo_admins_for_user'}, cmd_load_dojo_admins_for_user);
   seneca.add({role: plugin, cmd: 'record_login'}, cmd_record_login);
+  seneca.add({role: plugin, cmd: 'update_profile_password'}, cmd_update_profile_password);
   seneca.add({role: 'user', cmd: 'login'}, cmd_login);
   seneca.add({role: 'user', cmd: 'cdf_login'}, cmd_cdf_login);
   seneca.add({role: plugin, cmd: 'load_prev_founder'}, cmd_load_prev_founder);
@@ -65,6 +68,13 @@ module.exports = function (options) {
     });
   }
 
+  function cmd_update_profile_password (args, done) {
+    profileUtils.encodePassword(args.password).then((profileHash) => {
+      const updatedUser = Object.assign({}, args.user, {profilePassword: profileHash});
+      seneca.act({role: plugin, cmd: 'update'}, { id: args.user.id, user: updatedUser }, done);
+    });
+  }
+
   function cmd_load (args, done) {
     var seneca = this;
     var id = args.id;
@@ -130,6 +140,13 @@ module.exports = function (options) {
       }
     };
 
+    function addProfilePassword (data, done) {
+      profileUtils.encodePassword(user.password).then((profileHash) => {
+        user.profilePassword = profileHash;
+        done(null, data);
+      });
+    }
+
     function verifyCaptcha (done) {
       request.post(postData, function (err, response, body) {
         if (err) {
@@ -221,6 +238,7 @@ module.exports = function (options) {
     async.waterfall([
       verifyCaptcha,
       checkPermissions,
+      addProfilePassword,
       registerUser,
       sendWelcomeEmail
     ], function (err, results) {
@@ -428,6 +446,8 @@ module.exports = function (options) {
             out.reset = reset;
             if (!out.ok) { return done(null, out); }
 
+            seneca.act({role: plugin, cmd: 'update_profile_password'}, {password: args.password, user: user});
+
             reset.active = false;
             reset.save$(function (err, reset) {
               if (err) { return done(err); }
@@ -503,17 +523,28 @@ module.exports = function (options) {
       if (err) return done(err);
       if (!loginResponse.ok || !loginResponse.user) return done(null, loginResponse);
 
-      async.series([
+      const handlers = [
         verifyPermissions,
         recordLogin
-      ], function (err) {
+      ];
+
+      if (!loginResponse.user.profilePassword) {
+        handlers.push(updateProfilePassword);
+      }
+
+      async.series(handlers, function (err) {
         if (err) {
           return done(err);
         }
 
         return done(null, loginResponse);
       });
 
+      function updateProfilePassword (next) {
+        seneca.act({role: plugin, cmd: 'update_profile_password'}, {password: args.password, user: loginResponse.user});
+        next();
+      }
+
       function verifyPermissions (next) {
         var userRole;
 
diff --git a/yarn.lock b/yarn.lock
@@ -479,6 +479,11 @@ bcrypt-pbkdf@^1.0.0:
   dependencies:
     tweetnacl "^0.14.3"
 
+bcryptjs@2.4.3:
+  version "2.4.3"
+  resolved "https://registry.yarnpkg.com/bcryptjs/-/bcryptjs-2.4.3.tgz#9ab5627b93e60621ff7cdac5da9733027df1d0cb"
+  integrity sha1-mrVie5PmBiH/fNrF2pczAn3x0Ms=
+
 big-number@0.3.1:
   version "0.3.1"
   resolved "https://registry.yarnpkg.com/big-number/-/big-number-0.3.1.tgz#ac73020c0a59bb79eb17c2ce2db77f77d974e013"
