From 4fd7cb0977443709da28207658ff38820bae8ede Mon Sep 17 00:00:00 2001 From: hammadj Date: Wed, 11 Jan 2017 18:42:07 -0700 Subject: [PATCH 1/7] Add loginWithToken mutation to server --- meteor-server/src/Mutation/index.js | 2 ++ meteor-server/src/Mutation/loginWithToken.js | 5 +++++ meteor-server/src/Mutations.js | 3 +++ 3 files changed, 10 insertions(+) create mode 100644 meteor-server/src/Mutation/loginWithToken.js diff --git a/meteor-server/src/Mutation/index.js b/meteor-server/src/Mutation/index.js index eb7fde4..10ef82e 100644 --- a/meteor-server/src/Mutation/index.js +++ b/meteor-server/src/Mutation/index.js @@ -1,4 +1,5 @@ import loginWithPassword from './loginWithPassword' +import loginWithToken from './loginWithToken' import logout from './logout' import changePassword from './changePassword' import createUser from './createUser' @@ -18,6 +19,7 @@ const resolvers = { if (hasService('password')) { resolvers.loginWithPassword = loginWithPassword + resolvers.loginWithToken = loginWithToken resolvers.changePassword = changePassword resolvers.createUser = createUser resolvers.forgotPassword = forgotPassword diff --git a/meteor-server/src/Mutation/loginWithToken.js b/meteor-server/src/Mutation/loginWithToken.js new file mode 100644 index 0000000..d9e1858 --- /dev/null +++ b/meteor-server/src/Mutation/loginWithToken.js @@ -0,0 +1,5 @@ +import callMethod from '../callMethod' + +export default async function (root, {token}, context) { + return callMethod(context, 'login', {resume: token}) +} diff --git a/meteor-server/src/Mutations.js b/meteor-server/src/Mutations.js index 1876c9c..f53a076 100644 --- a/meteor-server/src/Mutations.js +++ b/meteor-server/src/Mutations.js @@ -8,6 +8,9 @@ export default function (options) { type Mutation { # Log the user in with a password. loginWithPassword (username: String, email: String, password: HashedPassword, plainPassword: String): LoginMethodResponse + + # Log the user in with a token + loginWithToken (token: String!): LoginMethodResponse # Create a new user. createUser (username: String, email: String, password: HashedPassword, plainPassword: String, profile: CreateUserProfileInput): LoginMethodResponse From 96933cfa04920668bd9fddc1286d8288781f0d4e Mon Sep 17 00:00:00 2001 From: hammadj Date: Mon, 16 Jan 2017 17:53:28 -0700 Subject: [PATCH 2/7] change loginWithToken to checkToken --- meteor-server/src/Mutation/index.js | 2 -- meteor-server/src/Mutation/loginWithToken.js | 5 ----- meteor-server/src/Queries.js | 11 +++++++++++ meteor-server/src/Query/checkToken.js | 12 ++++++++++++ meteor-server/src/Query/index.js | 9 +++++++++ meteor-server/src/index.js | 6 ++++-- 6 files changed, 36 insertions(+), 9 deletions(-) delete mode 100644 meteor-server/src/Mutation/loginWithToken.js create mode 100644 meteor-server/src/Queries.js create mode 100644 meteor-server/src/Query/checkToken.js create mode 100644 meteor-server/src/Query/index.js diff --git a/meteor-server/src/Mutation/index.js b/meteor-server/src/Mutation/index.js index 10ef82e..eb7fde4 100644 --- a/meteor-server/src/Mutation/index.js +++ b/meteor-server/src/Mutation/index.js @@ -1,5 +1,4 @@ import loginWithPassword from './loginWithPassword' -import loginWithToken from './loginWithToken' import logout from './logout' import changePassword from './changePassword' import createUser from './createUser' @@ -19,7 +18,6 @@ const resolvers = { if (hasService('password')) { resolvers.loginWithPassword = loginWithPassword - resolvers.loginWithToken = loginWithToken resolvers.changePassword = changePassword resolvers.createUser = createUser resolvers.forgotPassword = forgotPassword diff --git a/meteor-server/src/Mutation/loginWithToken.js b/meteor-server/src/Mutation/loginWithToken.js deleted file mode 100644 index d9e1858..0000000 --- a/meteor-server/src/Mutation/loginWithToken.js +++ /dev/null @@ -1,5 +0,0 @@ -import callMethod from '../callMethod' - -export default async function (root, {token}, context) { - return callMethod(context, 'login', {resume: token}) -} diff --git a/meteor-server/src/Queries.js b/meteor-server/src/Queries.js new file mode 100644 index 0000000..9d7ccd6 --- /dev/null +++ b/meteor-server/src/Queries.js @@ -0,0 +1,11 @@ +export default function (options) { + const queries = [] + + queries.push(` + type Query { + # Returns true if token is valid + checkToken(token: String!): SuccessResponse + }`) + + return queries +} diff --git a/meteor-server/src/Query/checkToken.js b/meteor-server/src/Query/checkToken.js new file mode 100644 index 0000000..afbdb0a --- /dev/null +++ b/meteor-server/src/Query/checkToken.js @@ -0,0 +1,12 @@ +import {Accounts} from 'meteor/accounts-base' +import {Meteor} from 'meteor/meteor' + +export default async function (root, { token }, {userId}) { + const user = Meteor.users.findOne({ + _id: userId, + 'services.resume.loginTokens.hashedToken' : Accounts._hashLoginToken(token) + }); + return { + success: !!user + } +} diff --git a/meteor-server/src/Query/index.js b/meteor-server/src/Query/index.js new file mode 100644 index 0000000..4a7ee66 --- /dev/null +++ b/meteor-server/src/Query/index.js @@ -0,0 +1,9 @@ +import checkToken from './checkToken' + +const resolvers = { + checkToken +} + +export default function (options) { + return { Query: resolvers } +} diff --git a/meteor-server/src/index.js b/meteor-server/src/index.js index fec435e..31e8160 100644 --- a/meteor-server/src/index.js +++ b/meteor-server/src/index.js @@ -1,7 +1,9 @@ import './checkNpm' import SchemaTypes from './Auth' import SchemaMutations from './Mutations' +import SchemaQueries from './Queries' import Mutation from './Mutation' +import Query from './Query' import LoginMethodResponse from './LoginMethodResponse' import callMethod from './callMethod' import {loadSchema} from 'graphql-loader' @@ -15,8 +17,8 @@ const initAccounts = function (givenOptions) { ...givenOptions } - const typeDefs = [SchemaTypes(options), ...SchemaMutations(options)] - const resolvers = {...Mutation(options), ...LoginMethodResponse(options)} + const typeDefs = [SchemaTypes(options), ...SchemaMutations(options), ...SchemaQueries(options)] + const resolvers = {...Mutation(options), ...LoginMethodResponse(options), ...Query(options)} loadSchema({typeDefs, resolvers}) } From 2d6e947bc52a269749dd4cf67014fe4f4df9544d Mon Sep 17 00:00:00 2001 From: hammadj Date: Mon, 16 Jan 2017 18:16:21 -0700 Subject: [PATCH 3/7] add userId to checkToken response --- meteor-server/src/Auth.js | 7 +++++++ meteor-server/src/Queries.js | 2 +- meteor-server/src/Query/checkToken.js | 5 +++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/meteor-server/src/Auth.js b/meteor-server/src/Auth.js index c3cd5d1..5afbf88 100644 --- a/meteor-server/src/Auth.js +++ b/meteor-server/src/Auth.js @@ -21,6 +21,13 @@ type SuccessResponse { success: Boolean } +type CheckTokenResponse { + # True if token was valid + success: Boolean + # userId of logged in user, null if not logged in + userId: String +} + # A hashsed password input HashedPassword { # The hashed password diff --git a/meteor-server/src/Queries.js b/meteor-server/src/Queries.js index 9d7ccd6..ec1bebe 100644 --- a/meteor-server/src/Queries.js +++ b/meteor-server/src/Queries.js @@ -4,7 +4,7 @@ export default function (options) { queries.push(` type Query { # Returns true if token is valid - checkToken(token: String!): SuccessResponse + checkToken(token: String!): CheckTokenResponse }`) return queries diff --git a/meteor-server/src/Query/checkToken.js b/meteor-server/src/Query/checkToken.js index afbdb0a..c0782a9 100644 --- a/meteor-server/src/Query/checkToken.js +++ b/meteor-server/src/Query/checkToken.js @@ -7,6 +7,7 @@ export default async function (root, { token }, {userId}) { 'services.resume.loginTokens.hashedToken' : Accounts._hashLoginToken(token) }); return { - success: !!user - } + success: !!user, + userId: user._id || null + }; } From 2d1b340f59ad1f4c23cd51be19282b9d3ef25d2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20L=C3=B3pez?= Date: Mon, 16 Jan 2017 22:17:41 -0300 Subject: [PATCH 4/7] Update index.js --- meteor-server/src/Query/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meteor-server/src/Query/index.js b/meteor-server/src/Query/index.js index 4a7ee66..e068b80 100644 --- a/meteor-server/src/Query/index.js +++ b/meteor-server/src/Query/index.js @@ -1,9 +1,9 @@ import checkToken from './checkToken' -const resolvers = { +const Query = { checkToken } export default function (options) { - return { Query: resolvers } + return { Query } } From 1db4d5316bcc46091ea8c6e3dde5d66130127919 Mon Sep 17 00:00:00 2001 From: hammadj Date: Mon, 16 Jan 2017 18:44:54 -0700 Subject: [PATCH 5/7] remove loginWithToken mutation --- meteor-server/src/Mutations.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/meteor-server/src/Mutations.js b/meteor-server/src/Mutations.js index f53a076..7de19da 100644 --- a/meteor-server/src/Mutations.js +++ b/meteor-server/src/Mutations.js @@ -9,9 +9,6 @@ export default function (options) { # Log the user in with a password. loginWithPassword (username: String, email: String, password: HashedPassword, plainPassword: String): LoginMethodResponse - # Log the user in with a token - loginWithToken (token: String!): LoginMethodResponse - # Create a new user. createUser (username: String, email: String, password: HashedPassword, plainPassword: String, profile: CreateUserProfileInput): LoginMethodResponse From 926184b6bee0abe026d3a27aaa2af0f011f1d18e Mon Sep 17 00:00:00 2001 From: hammadj Date: Mon, 16 Jan 2017 19:15:08 -0700 Subject: [PATCH 6/7] add date check to checkToken --- meteor-server/src/Query/checkToken.js | 29 +++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/meteor-server/src/Query/checkToken.js b/meteor-server/src/Query/checkToken.js index c0782a9..3975cea 100644 --- a/meteor-server/src/Query/checkToken.js +++ b/meteor-server/src/Query/checkToken.js @@ -1,13 +1,30 @@ import {Accounts} from 'meteor/accounts-base' import {Meteor} from 'meteor/meteor' -export default async function (root, { token }, {userId}) { - const user = Meteor.users.findOne({ - _id: userId, - 'services.resume.loginTokens.hashedToken' : Accounts._hashLoginToken(token) +export default async function (root, { token }, context) { + let userId = null; + + const user = await Meteor.users.findOne({ + _id: context.userId, + 'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken(token), + }, { + fields: { + _id: 1, + 'services.resume.loginTokens.$': 1, + }, }); + + if (user) { + const loginToken = user.services.resume.loginTokens[0]; + const expiresAt = Accounts._tokenExpiration(loginToken.when); + const isExpired = expiresAt < new Date(); + + if (!isExpired) { + userId = user._id; + } + } return { - success: !!user, - userId: user._id || null + success: !!userId, + userId }; } From 6f78e4f14bbc4c9e399bf094ee2336d08518ada3 Mon Sep 17 00:00:00 2001 From: hammadj Date: Tue, 17 Jan 2017 12:45:00 -0700 Subject: [PATCH 7/7] simplify check token query --- meteor-server/src/Queries.js | 4 ++-- meteor-server/src/Query/checkToken.js | 26 +------------------------- 2 files changed, 3 insertions(+), 27 deletions(-) diff --git a/meteor-server/src/Queries.js b/meteor-server/src/Queries.js index ec1bebe..aa01066 100644 --- a/meteor-server/src/Queries.js +++ b/meteor-server/src/Queries.js @@ -3,8 +3,8 @@ export default function (options) { queries.push(` type Query { - # Returns true if token is valid - checkToken(token: String!): CheckTokenResponse + # Returns success: true and userId if auth token is valid + checkToken: CheckTokenResponse }`) return queries diff --git a/meteor-server/src/Query/checkToken.js b/meteor-server/src/Query/checkToken.js index 3975cea..100ead8 100644 --- a/meteor-server/src/Query/checkToken.js +++ b/meteor-server/src/Query/checkToken.js @@ -1,28 +1,4 @@ -import {Accounts} from 'meteor/accounts-base' -import {Meteor} from 'meteor/meteor' - -export default async function (root, { token }, context) { - let userId = null; - - const user = await Meteor.users.findOne({ - _id: context.userId, - 'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken(token), - }, { - fields: { - _id: 1, - 'services.resume.loginTokens.$': 1, - }, - }); - - if (user) { - const loginToken = user.services.resume.loginTokens[0]; - const expiresAt = Accounts._tokenExpiration(loginToken.when); - const isExpired = expiresAt < new Date(); - - if (!isExpired) { - userId = user._id; - } - } +export default async function (root, variables, { userId }) { return { success: !!userId, userId