packages/core/api/user-manager.js

import http from "../utils/http";
import constants from "../utils/constants";
import TokenManager from "./token-manager";
import {
  EV,
  EVENTS,
  setUserPersonalizationBytes,
  USER_PERSONALIZATION_HASH,
} from "../common";

const ENDPOINTS = {
  signup: "/users",
  token: "/connect/token",
  user: "/users",
  deleteUser: "/users/delete",
  patchUser: "/account",
  verifyUser: "/account/verify",
  revoke: "/connect/revocation",
  recoverAccount: "/account/recover",
};

class UserManager {
  /**
   *
   * @param {import("../database/storage").default} storage
   */
  constructor(storage) {
    this._storage = storage;
    this.tokenManager = new TokenManager(storage);
  }

  async init() {
    const user = await this.getUser();
    if (!user) return;
    setUserPersonalizationBytes(user.salt);
  }

  async signup(email, password) {
    const hashedPassword = await this._storage.hash(password, email);
    await http.post(`${constants.API_HOST}${ENDPOINTS.signup}`, {
      email,
      password: hashedPassword,
      client_id: "notesnook",
    });
    EV.publish(EVENTS.userSignedUp);
    return await this.login(email, password, hashedPassword);
  }

  async login(email, password, hashedPassword) {
    if (!hashedPassword) {
      hashedPassword = await this._storage.hash(password, email);
    }

    await this.tokenManager.saveToken(
      await http.post(`${constants.AUTH_HOST}${ENDPOINTS.token}`, {
        username: email,
        password: hashedPassword,
        grant_type: "password",
        scope: "notesnook.sync offline_access openid IdentityServerApi",
        client_id: "notesnook",
      })
    );

    const user = await this.fetchUser();
    setUserPersonalizationBytes(user.salt);
    await this._storage.deriveCryptoKey(`_uk_@${user.email}`, {
      password,
      salt: user.salt,
    });

    EV.publish(EVENTS.userLoggedIn, user);
  }

  async getSessions() {
    const token = await this.tokenManager.getAccessToken();
    if (!token) return;
    await http.get(`${constants.AUTH_HOST}/account/sessions`, token);
  }

  async logout(revoke = true, reason) {
    try {
      if (revoke) await this.tokenManager.revokeToken();
    } catch (e) {
      console.error(e);
    } finally {
      await this._storage.clear();
      EV.publish(EVENTS.userLoggedOut, reason);
      EV.publish(EVENTS.appRefreshRequested);
    }
  }

  setUser(user) {
    if (!user) return;
    return this._storage.write("user", user);
  }

  getUser() {
    return this._storage.read("user");
  }

  async deleteUser(password) {
    let token = await this.tokenManager.getAccessToken();
    if (!token) return;
    const user = await this.getUser();
    await http.post(
      `${constants.API_HOST}${ENDPOINTS.deleteUser}`,
      { password: await this._storage.hash(password, user.email) },
      token
    );
    await this.logout(false, "Account deleted.");
    return true;
  }

  async fetchUser() {
    try {
      let token = await this.tokenManager.getAccessToken();
      if (!token) return;
      const user = await http.get(
        `${constants.API_HOST}${ENDPOINTS.user}`,
        token
      );
      if (user) {
        const oldUser = await this.getUser();
        if (!!oldUser && !oldUser.isEmailConfirmed && user.isEmailConfirmed) {
          // generate new token
          const token = await this.tokenManager.getToken(false);
          await this.tokenManager._refreshToken(token);
        }

        await this.setUser(user);
        EV.publish(EVENTS.userFetched, user);
        return user;
      } else {
        return await this.getUser();
      }
    } catch (e) {
      console.error(e);
      return await this.getUser();
    }
  }

  changePassword(oldPassword, newPassword) {
    return this._updatePassword("change_password", {
      old_password: oldPassword,
      new_password: newPassword,
    });
  }

  resetPassword(newPassword) {
    return this._updatePassword("reset_password", {
      new_password: newPassword,
    });
  }

  async getEncryptionKey() {
    const user = await this.getUser();
    if (!user) return;
    const key = await this._storage.getCryptoKey(`_uk_@${user.email}`);
    return { key, salt: user.salt };
  }

  async getAttachmentsKey() {
    let user = await this.getUser();
    if (!user) return;

    let token = await this.tokenManager.getAccessToken();
    if (!token) return;

    if (!user.attachmentsKey) {
      user = await http.get(`${constants.API_HOST}${ENDPOINTS.user}`, token);
    }

    const userEncryptionKey = await this.getEncryptionKey();
    if (!userEncryptionKey) return;

    if (!user.attachmentsKey) {
      const key = await this._storage.generateRandomKey();
      const encryptedKey = await this._storage.encrypt(
        userEncryptionKey,
        JSON.stringify(key)
      );

      user.attachmentsKey = encryptedKey;
      await http.patch.json(
        `${constants.API_HOST}${ENDPOINTS.user}`,
        user,
        token
      );

      await this.setUser(user);
      return key;
    }

    const plainData = await this._storage.decrypt(
      userEncryptionKey,
      user.attachmentsKey
    );
    return JSON.parse(plainData);
  }

  async sendVerificationEmail() {
    let token = await this.tokenManager.getAccessToken();
    if (!token) return;
    await http.post(
      `${constants.AUTH_HOST}${ENDPOINTS.verifyUser}`,
      null,
      token
    );
  }

  recoverAccount(email) {
    return http.post(`${constants.AUTH_HOST}${ENDPOINTS.recoverAccount}`, {
      email,
      client_id: "notesnook",
    });
  }

  async verifyPassword(password) {
    try {
      const user = await this.getUser();
      if (!user) return false;
      const key = await this.getEncryptionKey();
      const cipher = await this._storage.encrypt(key, "notesnook");
      const plainText = await this._storage.decrypt({ password }, cipher);
      return plainText === "notesnook";
    } catch (e) {
      return false;
    }
  }

  async _updatePassword(type, data) {
    let token = await this.tokenManager.getAccessToken();
    if (!token) return;

    // we hash the passwords beforehand
    const { email, salt } = await this.getUser();
    var hashedData = {};
    if (data.old_password)
      hashedData.old_password = await this._storage.hash(
        data.old_password,
        email
      );
    if (data.new_password)
      hashedData.new_password = await this._storage.hash(
        data.new_password,
        email
      );

    await http.patch(
      `${constants.AUTH_HOST}${ENDPOINTS.patchUser}`,
      {
        type,
        ...hashedData,
      },
      token
    );
    // TODO
    // await this._db.outbox.add(
    //   type,
    //   { newPassword: data.new_password },
    //   async () => {
    //     await this._db.sync(true);

    //     await this._storage.deriveCryptoKey(`_uk_@${email}`, {
    //       password: data.new_password,
    //       salt,
    //     });

    //     await this._db.sync(false, true);
    //   }
    // );
    return true;
  }
}

export default UserManager;
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`import http from "../utils/http";`
			`import constants from "../utils/constants";`
			`import TokenManager from "./token-manager";`
feat: use blake2s for random id generation 2021-06-04 09:32:13 +05:00			`import {`
			`EV,`
			`EVENTS,`
			`setUserPersonalizationBytes,`
			`USER_PERSONALIZATION_HASH,`
			`} from "../common";`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00
			`const ENDPOINTS = {`
			`signup: "/users",`
			`token: "/connect/token",`
			`user: "/users",`
			`deleteUser: "/users/delete",`
			`patchUser: "/account",`
feat: impl sendVerificationEmail in usermanager 2020-12-16 14:56:09 +05:00			`verifyUser: "/account/verify",`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`revoke: "/connect/revocation",`
feat: impl recoverAccount endpoint 2020-12-22 09:36:35 +05:00			`recoverAccount: "/account/recover",`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`};`

			`class UserManager {`
			`/**`
			`*`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`* @param {import("../database/storage").default} storage`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`*/`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`constructor(storage) {`
			`this._storage = storage;`
			`this.tokenManager = new TokenManager(storage);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`async init() {`
			`const user = await this.getUser();`
			`if (!user) return;`
feat: use blake2s for random id generation 2021-06-04 09:32:13 +05:00			`setUserPersonalizationBytes(user.salt);`
fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`}`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`async signup(email, password) {`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`const hashedPassword = await this._storage.hash(password, email);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			await http.post(`${constants.API_HOST}${ENDPOINTS.signup}`, {
			`email,`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`password: hashedPassword,`
fix: send client_id with signup request 2020-12-22 09:55:31 +05:00			`client_id: "notesnook",`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`});`
fix: multiple settings objects created for 1 user due to these multiple objects reset password wasn't working because only the latest one would be encrypted with the new password but all previous objects would require decryption which resulted in a block while syncing 2021-02-26 17:33:46 +05:00			`EV.publish(EVENTS.userSignedUp);`
fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`return await this.login(email, password, hashedPassword);`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`}`

fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`async login(email, password, hashedPassword) {`
fix: hash password before login 2021-04-09 12:55:32 +05:00			`if (!hashedPassword) {`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`hashedPassword = await this._storage.hash(password, email);`
fix: hash password before login 2021-04-09 12:55:32 +05:00			`}`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`await this.tokenManager.saveToken(`
			await http.post(`${constants.AUTH_HOST}${ENDPOINTS.token}`, {
			`username: email,`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`password: hashedPassword,`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`grant_type: "password",`
fix: remove notesnook.monograph scope 2021-06-15 10:17:42 +05:00			`scope: "notesnook.sync offline_access openid IdentityServerApi",`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`client_id: "notesnook",`
			`})`
			`);`

fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`const user = await this.fetchUser();`
feat: use blake2s for random id generation 2021-06-04 09:32:13 +05:00			`setUserPersonalizationBytes(user.salt);`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			await this._storage.deriveCryptoKey(`_uk_@${user.email}`, {
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`password,`
			`salt: user.salt,`
			`});`

refactor: change all event strings to constants 2021-01-23 10:48:21 +05:00			`EV.publish(EVENTS.userLoggedIn, user);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

			`async getSessions() {`
			`const token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
			await http.get(`${constants.AUTH_HOST}/account/sessions`, token);
			`}`

			`async logout(revoke = true, reason) {`
fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`try {`
			`if (revoke) await this.tokenManager.revokeToken();`
			`} catch (e) {`
			`console.error(e);`
			`} finally {`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`await this._storage.clear();`
refactor: change all event strings to constants 2021-01-23 10:48:21 +05:00			`EV.publish(EVENTS.userLoggedOut, reason);`
fix: refresh app after logout 2021-07-03 23:07:54 +05:00			`EV.publish(EVENTS.appRefreshRequested);`
fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`}`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

			`setUser(user) {`
			`if (!user) return;`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`return this._storage.write("user", user);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

			`getUser() {`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`return this._storage.read("user");`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

			`async deleteUser(password) {`
			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`const user = await this.getUser();`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`await http.post(`
			`${constants.API_HOST}${ENDPOINTS.deleteUser}`,
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`{ password: await this._storage.hash(password, user.email) },`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`token`
			`);`
			`await this.logout(false, "Account deleted.");`
			`return true;`
			`}`

fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`async fetchUser() {`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`try {`
			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
			`const user = await http.get(`
			`${constants.API_HOST}${ENDPOINTS.user}`,
			`token`
			`);`
			`if (user) {`
fix: await getUser call and use correct if condition 2021-01-08 01:56:41 +05:00			`const oldUser = await this.getUser();`
			`if (!!oldUser && !oldUser.isEmailConfirmed && user.isEmailConfirmed) {`
fix: refresh token if email got confirmed 2021-01-05 13:07:37 +05:00			`// generate new token`
			`const token = await this.tokenManager.getToken(false);`
			`await this.tokenManager._refreshToken(token);`
			`}`

fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`await this.setUser(user);`
refactor: change all event strings to constants 2021-01-23 10:48:21 +05:00			`EV.publish(EVENTS.userFetched, user);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`return user;`
			`} else {`
feat: return local user if fetchUser request fails 2020-12-16 14:41:28 +05:00			`return await this.getUser();`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`
test: fix all ci tests 2021-01-22 22:08:56 +05:00			`} catch (e) {`
			`console.error(e);`
			`return await this.getUser();`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`
			`}`

feat: add resetPassword 2020-12-22 13:13:18 +05:00			`changePassword(oldPassword, newPassword) {`
			`return this._updatePassword("change_password", {`
			`old_password: oldPassword,`
			`new_password: newPassword,`
			`});`
			`}`

			`resetPassword(newPassword) {`
			`return this._updatePassword("reset_password", {`
			`new_password: newPassword,`
			`});`
			`}`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`async getEncryptionKey() {`
			`const user = await this.getUser();`
			`if (!user) return;`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			const key = await this._storage.getCryptoKey(`_uk_@${user.email}`);
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`return { key, salt: user.salt };`
			`}`

feat: add 3-layer-encryption for attachments 2021-10-25 11:35:00 +05:00			`async getAttachmentsKey() {`
			`let user = await this.getUser();`
			`if (!user) return;`

			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`

			`if (!user.attachmentsKey) {`
			user = await http.get(`${constants.API_HOST}${ENDPOINTS.user}`, token);
			`}`

			`const userEncryptionKey = await this.getEncryptionKey();`
			`if (!userEncryptionKey) return;`

			`if (!user.attachmentsKey) {`
			`const key = await this._storage.generateRandomKey();`
			`const encryptedKey = await this._storage.encrypt(`
			`userEncryptionKey,`
			`JSON.stringify(key)`
			`);`

			`user.attachmentsKey = encryptedKey;`
			`await http.patch.json(`
			`${constants.API_HOST}${ENDPOINTS.user}`,
			`user,`
			`token`
			`);`

			`await this.setUser(user);`
			`return key;`
			`}`

			`const plainData = await this._storage.decrypt(`
			`userEncryptionKey,`
			`user.attachmentsKey`
			`);`
			`return JSON.parse(plainData);`
			`}`

feat: add resetPassword 2020-12-22 13:13:18 +05:00			`async sendVerificationEmail() {`
			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
			`await http.post(`
			`${constants.AUTH_HOST}${ENDPOINTS.verifyUser}`,
			`null,`
			`token`
			`);`
			`}`

			`recoverAccount(email) {`
			return http.post(`${constants.AUTH_HOST}${ENDPOINTS.recoverAccount}`, {
			`email,`
			`client_id: "notesnook",`
			`});`
			`}`

feat: add verify password for verifying user password 2021-06-01 09:46:50 +05:00			`async verifyPassword(password) {`
			`try {`
			`const user = await this.getUser();`
			`if (!user) return false;`
			`const key = await this.getEncryptionKey();`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`const cipher = await this._storage.encrypt(key, "notesnook");`
			`const plainText = await this._storage.decrypt({ password }, cipher);`
feat: add verify password for verifying user password 2021-06-01 09:46:50 +05:00			`return plainText === "notesnook";`
			`} catch (e) {`
			`return false;`
			`}`
			`}`

feat: add resetPassword 2020-12-22 13:13:18 +05:00			`async _updatePassword(type, data) {`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00
			`// we hash the passwords beforehand`
fix: multiple settings objects created for 1 user due to these multiple objects reset password wasn't working because only the latest one would be encrypted with the new password but all previous objects would require decryption which resulted in a block while syncing 2021-02-26 17:33:46 +05:00			`const { email, salt } = await this.getUser();`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`var hashedData = {};`
			`if (data.old_password)`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`hashedData.old_password = await this._storage.hash(`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`data.old_password,`
			`email`
			`);`
			`if (data.new_password)`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`hashedData.new_password = await this._storage.hash(`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`data.new_password,`
			`email`
			`);`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`await http.patch(`
fix: crashes in _updatePassword 2020-12-22 14:18:53 +05:00			`${constants.AUTH_HOST}${ENDPOINTS.patchUser}`,
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`{`
feat: add resetPassword 2020-12-22 13:13:18 +05:00			`type,`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`...hashedData,`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`},`
			`token`
			`);`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`// TODO`
			`// await this._db.outbox.add(`
			`// type,`
			`// { newPassword: data.new_password },`
			`// async () => {`
			`// await this._db.sync(true);`

			// await this._storage.deriveCryptoKey(`_uk_@${email}`, {
			`// password: data.new_password,`
			`// salt,`
			`// });`

			`// await this._db.sync(false, true);`
			`// }`
			`// );`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`return true;`
			`}`
			`}`

			`export default UserManager;`