packages/core/api/user-manager.js

import http from "../utils/http";
import constants from "../utils/constants";
import TokenManager from "./token-manager";
import { EV, NOTESNOOK_CORE_VERSION } from "../common";

const ENDPOINTS = {
  signup: "/users",
  token: "/connect/token",
  user: "/users",
  deleteUser: "/users/delete",
  patchUser: "/account",
  verifyUser: "/account/verify",
  revoke: "/connect/revocation",
  recoverAccount: "/account/recover",
  migrateStatus: "/migrate/status",
  hcliMigrate: "/migrate/hcli",
};

class UserManager {
  /**
   *
   * @param {import("./index").default} db
   */
  constructor(db) {
    this._db = db;
    this.tokenManager = new TokenManager(db);
  }

  async init() {
    const user = await this.getUser();
    if (!user) return;
    if (!user.remember) await this.logout(true, "Session expired.");
  }

  async signup(email, password) {
    const hashedPassword = await this._db.context.hash(password, email);
    await http.post(`${constants.API_HOST}${ENDPOINTS.signup}`, {
      email,
      password: hashedPassword,
      client_id: "notesnook",
    });
    return await this.login(email, password, true, hashedPassword);
  }

  async _getUserStatus(email) {
    return await http.post(`${constants.AUTH_HOST}${ENDPOINTS.migrateStatus}`, {
      email,
    });
  }

  async _hcliMigrate(email, plaintextPassword, hashedPassword) {
    return await http.post(`${constants.AUTH_HOST}${ENDPOINTS.hcliMigrate}`, {
      username: email,
      plaintext_password: plaintextPassword,
      hashed_password: hashedPassword,
    });
  }

  async _migrateUser(email, plaintextPassword) {
    const status = await this._getUserStatus(email);
    var hashedPassword = await this._db.context.hash(plaintextPassword, email);
    if (!status.hcli) {
      await this._hcliMigrate(email, plaintextPassword, hashedPassword);
    }
    return hashedPassword;
  }

  async login(email, password, remember, hashedPassword) {
    if (!hashedPassword) {
      hashedPassword = await this._migrateUser(email, password);
    }

    await this.tokenManager.saveToken(
      await http.post(`${constants.AUTH_HOST}${ENDPOINTS.token}`, {
        username: email,
        password: hashedPassword,
        grant_type: "password",
        scope: "notesnook.sync offline_access openid IdentityServerApi",
        client_id: "notesnook",
      })
    );

    const user = await this.fetchUser(remember);
    await this._db.context.deriveCryptoKey(`_uk_@${user.email}`, {
      password,
      salt: user.salt,
    });

    EV.publish("user:loggedIn", user);
  }

  async getSessions() {
    const token = await this.tokenManager.getAccessToken();
    if (!token) return;
    await http.get(`${constants.AUTH_HOST}/account/sessions`, token);
  }

  async logout(revoke = true, reason) {
    try {
      if (revoke) await this.tokenManager.revokeToken();
    } catch (e) {
      console.error(e);
    } finally {
      await this._db.context.clear();
      EV.publish("user:loggedOut", reason);
    }
  }

  setUser(user) {
    if (!user) return;
    return this._db.context.write("user", user);
  }

  getUser() {
    return this._db.context.read("user");
  }

  async deleteUser(password) {
    let token = await this.tokenManager.getAccessToken();
    if (!token) return;
    const user = await this.getUser();
    await http.post(
      `${constants.API_HOST}${ENDPOINTS.deleteUser}`,
      { password: await this._db.context.hash(password, user.email) },
      token
    );
    await this.logout(false, "Account deleted.");
    return true;
  }

  async fetchUser(remember = false) {
    try {
      let token = await this.tokenManager.getAccessToken();
      if (!token) return;
      const user = await http.get(
        `${constants.API_HOST}${ENDPOINTS.user}`,
        token
      );
      if (user) {
        const oldUser = await this.getUser();
        if (!!oldUser && !oldUser.isEmailConfirmed && user.isEmailConfirmed) {
          // generate new token
          const token = await this.tokenManager.getToken(false);
          await this.tokenManager._refreshToken(token);
        }

        await this.setUser({ ...user, remember });
        EV.publish("user:fetched", user);
        return user;
      }
    } catch (e) {
      if (e.message === "invalid_grant") {
        await this.logout(
          false,
          "You were logged out. Either your session expired or your account was deleted. Please try logging in again."
        );
      } else {
        return await this.getUser();
      }
    }
  }

  changePassword(oldPassword, newPassword) {
    return this._updatePassword("change_password", {
      old_password: oldPassword,
      new_password: newPassword,
    });
  }

  resetPassword(newPassword) {
    return this._updatePassword("reset_password", {
      new_password: newPassword,
    });
  }

  async getEncryptionKey() {
    const user = await this.getUser();
    if (!user) return;
    const key = await this._db.context.getCryptoKey(`_uk_@${user.email}`);
    return { key, salt: user.salt };
  }

  async sendVerificationEmail() {
    let token = await this.tokenManager.getAccessToken();
    if (!token) return;
    await http.post(
      `${constants.AUTH_HOST}${ENDPOINTS.verifyUser}`,
      null,
      token
    );
  }

  recoverAccount(email) {
    return http.post(`${constants.AUTH_HOST}${ENDPOINTS.recoverAccount}`, {
      email,
      client_id: "notesnook",
    });
  }

  async _updatePassword(type, data) {
    let token = await this.tokenManager.getAccessToken();
    if (!token) return;

    // we hash the passwords beforehand
    const { email } = await this.getUser();
    var hashedData = {};
    if (data.old_password)
      hashedData.old_password = await this._db.context.hash(
        data.old_password,
        email
      );
    if (data.new_password)
      hashedData.new_password = await this._db.context.hash(
        data.new_password,
        email
      );

    await http.patch(
      `${constants.AUTH_HOST}${ENDPOINTS.patchUser}`,
      {
        type,
        ...hashedData,
      },
      token
    );
    await this._db.outbox.add(
      type,
      { newPassword: data.new_password },
      async () => {
        const key = await this.getEncryptionKey();
        const { email } = await this.getUser();
        await this._db.context.deriveCryptoKey(`_uk_@${email}`, {
          password: data.new_password,
          salt: key.salt,
        });
        await this._db.sync(true, true);
      }
    );
    return true;
  }
}

export default UserManager;
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`import http from "../utils/http";`
			`import constants from "../utils/constants";`
			`import TokenManager from "./token-manager";`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`import { EV, NOTESNOOK_CORE_VERSION } from "../common";`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00
			`const ENDPOINTS = {`
			`signup: "/users",`
			`token: "/connect/token",`
			`user: "/users",`
			`deleteUser: "/users/delete",`
			`patchUser: "/account",`
feat: impl sendVerificationEmail in usermanager 2020-12-16 14:56:09 +05:00			`verifyUser: "/account/verify",`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`revoke: "/connect/revocation",`
feat: impl recoverAccount endpoint 2020-12-22 09:36:35 +05:00			`recoverAccount: "/account/recover",`
refactor: change user status endpoint 2021-01-19 22:27:13 +05:00			`migrateStatus: "/migrate/status",`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`hcliMigrate: "/migrate/hcli",`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`};`

			`class UserManager {`
			`/**`
			`*`
			`* @param {import("./index").default} db`
			`*/`
			`constructor(db) {`
			`this._db = db;`
			`this.tokenManager = new TokenManager(db);`
			`}`

fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`async init() {`
			`const user = await this.getUser();`
			`if (!user) return;`
			`if (!user.remember) await this.logout(true, "Session expired.");`
			`}`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`async signup(email, password) {`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`const hashedPassword = await this._db.context.hash(password, email);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			await http.post(`${constants.API_HOST}${ENDPOINTS.signup}`, {
			`email,`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`password: hashedPassword,`
fix: send client_id with signup request 2020-12-22 09:55:31 +05:00			`client_id: "notesnook",`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`});`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`return await this.login(email, password, true, hashedPassword);`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`}`

			`async _getUserStatus(email) {`
refactor: change user status endpoint 2021-01-19 22:27:13 +05:00			return await http.post(`${constants.AUTH_HOST}${ENDPOINTS.migrateStatus}`, {
fix: get user status as POST request instead of GET 2021-01-18 23:40:32 +05:00			`email,`
			`});`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`}`

			`async _hcliMigrate(email, plaintextPassword, hashedPassword) {`
			return await http.post(`${constants.AUTH_HOST}${ENDPOINTS.hcliMigrate}`, {
			`username: email,`
			`plaintext_password: plaintextPassword,`
			`hashed_password: hashedPassword,`
			`});`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

feat: add hcli migration 2021-01-18 23:29:49 +05:00			`async _migrateUser(email, plaintextPassword) {`
			`const status = await this._getUserStatus(email);`
			`var hashedPassword = await this._db.context.hash(plaintextPassword, email);`
			`if (!status.hcli) {`
			`await this._hcliMigrate(email, plaintextPassword, hashedPassword);`
			`}`
			`return hashedPassword;`
			`}`

feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`async login(email, password, remember, hashedPassword) {`
			`if (!hashedPassword) {`
			`hashedPassword = await this._migrateUser(email, password);`
feat: add hcli migration 2021-01-18 23:29:49 +05:00			`}`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`await this.tokenManager.saveToken(`
			await http.post(`${constants.AUTH_HOST}${ENDPOINTS.token}`, {
			`username: email,`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`password: hashedPassword,`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`grant_type: "password",`
			`scope: "notesnook.sync offline_access openid IdentityServerApi",`
			`client_id: "notesnook",`
			`})`
			`);`

			`const user = await this.fetchUser(remember);`
			await this._db.context.deriveCryptoKey(`_uk_@${user.email}`, {
			`password,`
			`salt: user.salt,`
			`});`

			`EV.publish("user:loggedIn", user);`
			`}`

			`async getSessions() {`
			`const token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
			await http.get(`${constants.AUTH_HOST}/account/sessions`, token);
			`}`

			`async logout(revoke = true, reason) {`
fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`try {`
			`if (revoke) await this.tokenManager.revokeToken();`
			`} catch (e) {`
			`console.error(e);`
			`} finally {`
			`await this._db.context.clear();`
			`EV.publish("user:loggedOut", reason);`
			`}`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

			`setUser(user) {`
			`if (!user) return;`
			`return this._db.context.write("user", user);`
			`}`

			`getUser() {`
			`return this._db.context.read("user");`
			`}`

			`async deleteUser(password) {`
			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`const user = await this.getUser();`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`await http.post(`
			`${constants.API_HOST}${ENDPOINTS.deleteUser}`,
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`{ password: await this._db.context.hash(password, user.email) },`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`token`
			`);`
			`await this.logout(false, "Account deleted.");`
			`return true;`
			`}`

fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`async fetchUser(remember = false) {`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`try {`
			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
			`const user = await http.get(`
			`${constants.API_HOST}${ENDPOINTS.user}`,
			`token`
			`);`
			`if (user) {`
fix: await getUser call and use correct if condition 2021-01-08 01:56:41 +05:00			`const oldUser = await this.getUser();`
			`if (!!oldUser && !oldUser.isEmailConfirmed && user.isEmailConfirmed) {`
fix: refresh token if email got confirmed 2021-01-05 13:07:37 +05:00			`// generate new token`
			`const token = await this.tokenManager.getToken(false);`
			`await this.tokenManager._refreshToken(token);`
			`}`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`await this.setUser({ ...user, remember });`
			`EV.publish("user:fetched", user);`
			`return user;`
			`}`
			`} catch (e) {`
			`if (e.message === "invalid_grant") {`
			`await this.logout(`
			`false,`
			`"You were logged out. Either your session expired or your account was deleted. Please try logging in again."`
			`);`
			`} else {`
feat: return local user if fetchUser request fails 2020-12-16 14:41:28 +05:00			`return await this.getUser();`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`
			`}`
			`}`

feat: add resetPassword 2020-12-22 13:13:18 +05:00			`changePassword(oldPassword, newPassword) {`
			`return this._updatePassword("change_password", {`
			`old_password: oldPassword,`
			`new_password: newPassword,`
			`});`
			`}`

			`resetPassword(newPassword) {`
			`return this._updatePassword("reset_password", {`
			`new_password: newPassword,`
			`});`
			`}`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`async getEncryptionKey() {`
			`const user = await this.getUser();`
			`if (!user) return;`
			const key = await this._db.context.getCryptoKey(`_uk_@${user.email}`);
			`return { key, salt: user.salt };`
			`}`

feat: add resetPassword 2020-12-22 13:13:18 +05:00			`async sendVerificationEmail() {`
			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
			`await http.post(`
			`${constants.AUTH_HOST}${ENDPOINTS.verifyUser}`,
			`null,`
			`token`
			`);`
			`}`

			`recoverAccount(email) {`
			return http.post(`${constants.AUTH_HOST}${ENDPOINTS.recoverAccount}`, {
			`email,`
			`client_id: "notesnook",`
			`});`
			`}`

			`async _updatePassword(type, data) {`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`let token = await this.tokenManager.getAccessToken();`
			`if (!token) return;`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00
			`// we hash the passwords beforehand`
			`const { email } = await this.getUser();`
			`var hashedData = {};`
			`if (data.old_password)`
			`hashedData.old_password = await this._db.context.hash(`
			`data.old_password,`
			`email`
			`);`
			`if (data.new_password)`
			`hashedData.new_password = await this._db.context.hash(`
			`data.new_password,`
			`email`
			`);`

feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`await http.patch(`
fix: crashes in _updatePassword 2020-12-22 14:18:53 +05:00			`${constants.AUTH_HOST}${ENDPOINTS.patchUser}`,
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`{`
feat: add resetPassword 2020-12-22 13:13:18 +05:00			`type,`
feat: hash all passwords before sending them to server 2021-01-19 09:48:42 +05:00			`...hashedData,`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`},`
			`token`
			`);`
fix: crashes in _updatePassword 2020-12-22 14:18:53 +05:00			`await this._db.outbox.add(`
			`type,`
fix: newPassword -> new_password 2020-12-22 14:25:01 +05:00			`{ newPassword: data.new_password },`
fix: crashes in _updatePassword 2020-12-22 14:18:53 +05:00			`async () => {`
			`const key = await this.getEncryptionKey();`
			`const { email } = await this.getUser();`
			await this._db.context.deriveCryptoKey(`_uk_@${email}`, {
fix: newPassword -> new_password 2020-12-22 14:25:01 +05:00			`password: data.new_password,`
fix: crashes in _updatePassword 2020-12-22 14:18:53 +05:00			`salt: key.salt,`
			`});`
fix: make user.remember work again 2020-12-22 16:13:01 +05:00			`await this._db.sync(true, true);`
fix: crashes in _updatePassword 2020-12-22 14:18:53 +05:00			`}`
			`);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`return true;`
			`}`
			`}`

			`export default UserManager;`