From 9a5e8d52423ac8b15cea3ec5afe1de4cbfdc1d26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Schj=C3=B8th?= Date: Sun, 20 Mar 2022 23:28:36 +0100 Subject: [PATCH 1/2] feat: provide change password links for Auth0 --- src/__generated__/nexus-typegen.ts | 2 ++ src/__generated__/schema.graphql | 3 +++ src/schema/auth/mutation.ts | 2 +- src/schema/auth/query.ts | 24 ++++++++++++++++++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) diff --git a/src/__generated__/nexus-typegen.ts b/src/__generated__/nexus-typegen.ts index 4f2ea70..5bb49fa 100644 --- a/src/__generated__/nexus-typegen.ts +++ b/src/__generated__/nexus-typegen.ts @@ -392,6 +392,7 @@ export interface NexusGenFieldTypes { participants: Array | null; // [ParticipantOrInvite] result: NexusGenRootTypes['Result'] | null; // Result resultsOfPublishedVotations: Array | null; // [VotationWithWinner] + updateMyPassword: string | null; // String user: NexusGenRootTypes['GetUserResult'] | null; // GetUserResult votationById: NexusGenRootTypes['Votation'] | null; // Votation } @@ -611,6 +612,7 @@ export interface NexusGenFieldTypeNames { participants: 'ParticipantOrInvite' result: 'Result' resultsOfPublishedVotations: 'VotationWithWinner' + updateMyPassword: 'String' user: 'GetUserResult' votationById: 'Votation' } diff --git a/src/__generated__/schema.graphql b/src/__generated__/schema.graphql index eab6cda..c8cefcf 100644 --- a/src/__generated__/schema.graphql +++ b/src/__generated__/schema.graphql @@ -235,6 +235,9 @@ type Query { Return the results of all the votations with votationStatus === "PUBLISHED_RESULT" of that meeting """ resultsOfPublishedVotations(meetingId: String!): [VotationWithWinner] + + """Provides a ticket to change Auth0 password.""" + updateMyPassword: String user: GetUserResult votationById(votationId: String!): Votation } diff --git a/src/schema/auth/mutation.ts b/src/schema/auth/mutation.ts index 4153276..3fe4da4 100644 --- a/src/schema/auth/mutation.ts +++ b/src/schema/auth/mutation.ts @@ -8,7 +8,7 @@ export const DeleteUserMutation = mutationField('deleteMe', { description: 'Delete your own user.', args: {}, resolve: async (_, __, ctx) => { - var auth0 = new ManagementClient({ + const auth0 = new ManagementClient({ domain: process.env.AUTH0_DOMAIN!, clientId: process.env.CLIENT_ID, clientSecret: process.env.CLIENT_SECRET, diff --git a/src/schema/auth/query.ts b/src/schema/auth/query.ts index 015e8dc..d49af6f 100644 --- a/src/schema/auth/query.ts +++ b/src/schema/auth/query.ts @@ -1,3 +1,4 @@ +import { ManagementClient } from 'auth0'; import { queryField } from 'nexus'; import { GetUserResult } from './typedefs/results'; import { EXPOSED_USER_FIELDS } from './utils'; @@ -13,3 +14,26 @@ export const UserQuery = queryField('user', { return { __typename: 'User', ...user }; }, }); + +export const UpdatePasswordLinkQuery = queryField('updateMyPassword', { + type: 'String', + description: 'Provides a ticket to change Auth0 password.', + args: {}, + resolve: async (_, __, ctx) => { + const auth0 = new ManagementClient({ + domain: process.env.AUTH0_DOMAIN!, + clientId: process.env.CLIENT_ID, + clientSecret: process.env.CLIENT_SECRET, + // scope: 'delete:users' + }); + + const res = auth0.createPasswordChangeTicket({ + user_id: `auth0|${ctx.userId}`, + ttl_sec: 1200, + includeEmailInRedirect: false, + result_url: process.env.AUTH0_CALLBACK_URL, + }); + + return (await res).ticket; + }, +}); From 379679b427dfa35b5935d9a4bfe8c2833e44cdb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Schj=C3=B8th?= Date: Thu, 9 Jun 2022 23:42:21 +0200 Subject: [PATCH 2/2] protect endpoint behind authentication --- src/lib/permissions/index.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/permissions/index.ts b/src/lib/permissions/index.ts index 799fea7..ccf1a33 100644 --- a/src/lib/permissions/index.ts +++ b/src/lib/permissions/index.ts @@ -47,6 +47,7 @@ const permissions = shield( and(isParticipantOfVotation, resultIsPublished, votesNotHidden) ), numberOfUpcomingVotations: and(isParticipantOfMeeting), + updateMyPassword: and(isAuthenticated), }, Mutation: { addParticipants: and(isAdminOfMeetingId),