Refactor TokenService and account manager, add tests

Author: dmitrizagidulin

default-templates/emails/reset-password.js

@@ -0,0 +1,49 @@
+'use strict'
+
+/**
+ * Returns a partial Email object (minus the `to` and `from` properties),
+ * suitable for sending with Nodemailer.
+ *
+ * Used to send a Reset Password email, upon user request
+ *
+ * @param data {Object}
+ *
+ * @param data.resetUrl {string}
+ * @param data.webId {string}
+ *
+ * @return {Object}
+ */
+function render (data) {
+  return {
+    subject: 'Account password reset',
+
+    /**
+     * Text version
+     */
+    text: `Hi,
+
+We received a request to reset your password for your Solid account, ${data.webId}
+
+To reset your password, click on the following link:
+
+${data.resetUrl}
+
+If you did not mean to reset your password, ignore this email, your password will not change.`,
+
+    /**
+     * HTML version
+     */
+    html: `<p>Hi,</p>
+
+<p>We received a request to reset your password for your Solid account, ${data.webId}</p>
+
+<p>To reset your password, click on the following link:</p>
+
+<p>${data.resetUrl}</p>
+
+<p>If you did not mean to reset your password, ignore this email, your password will not change.</p>
+`
+  }
+}
+
+module.exports.render = render

lib/account-recovery.js

@@ -1,7 +1,7 @@
 module.exports = AccountRecovery
 
 const express = require('express')
-const TokenService = require('./token-service')
+const TokenService = require('./models/token-service')
 const bodyParser = require('body-parser')
 const path = require('path')
 const debug = require('debug')('solid:account-recovery')

lib/create-app.js

@@ -12,6 +12,7 @@ const SolidHost = require('./models/solid-host')
 const AccountManager = require('./models/account-manager')
 const vhost = require('vhost')
 const EmailService = require('./models/email-service')
+const TokenService = require('./models/token-service')
 const AccountRecovery = require('./account-recovery')
 const capabilityDiscovery = require('./capability-discovery')
 const bodyParser = require('body-parser').urlencoded({ extended: false })
@@ -90,6 +91,7 @@ function initAppLocals (app, argv, ldp) {
   app.locals.appUrls = argv.apps  // used for service capability discovery
   app.locals.host = argv.host
   app.locals.authMethod = argv.auth
+  app.locals.tokenService = new TokenService()
 
   if (argv.email && argv.email.host) {
     app.locals.emailService = new EmailService(argv.templates.email, argv.email)
@@ -152,6 +154,7 @@ function initWebId (argv, app, ldp) {
   let accountManager = AccountManager.from({
     authMethod: argv.auth,
     emailService: app.locals.emailService,
+    tokenService: app.locals.tokenService,
     host: argv.host,
     accountTemplatePath: argv.templates.account,
     store: ldp,

lib/models/account-manager.js

@@ -24,6 +24,7 @@ class AccountManager {
    * @param [options={}] {Object}
    * @param [options.authMethod] {string} Primary authentication method (e.g. 'tls')
    * @param [options.emailService] {EmailService}
+   * @param [options.tokenService] {TokenService}
    * @param [options.host] {SolidHost}
    * @param [options.multiUser=false] {boolean} (argv.idp) Is the server running
    *   in multiUser mode (users can sign up for accounts) or single user
@@ -41,6 +42,7 @@ class AccountManager {
     }
     this.host = options.host
     this.emailService = options.emailService
+    this.tokenService = options.tokenService
     this.authMethod = options.authMethod || defaults.auth
     this.multiUser = options.multiUser || false
     this.store = options.store
@@ -200,6 +202,22 @@ class AccountManager {
     return webIdUri.format()
   }
 
+  /**
+   * Returns the root .acl URI for a given user account (the account recovery
+   * email is stored there).
+   *
+   * @param userAccount {UserAccount}
+   *
+   * @throws {Error} via accountUriFor()
+   *
+   * @return {string} Root .acl URI
+   */
+  rootAclFor (userAccount) {
+    let accountUri = this.accountUriFor(userAccount.username)
+
+    return url.resolve(accountUri, this.store.suffixAcl)
+  }
+
   /**
    * Adds a newly generated WebID-TLS certificate to the user's profile graph.
    *
@@ -352,6 +370,91 @@ class AccountManager {
       })
   }
 
+  /**
+   * Generates an expiring one-time-use token for password reset purposes
+   * (the user's Web ID is saved in the token service).
+   *
+   * @param userAccount {UserAccount}
+   *
+   * @return {string} Generated token
+   */
+  generateResetToken (userAccount) {
+    return this.tokenService.generate({ webId: userAccount.webId })
+  }
+
+  /**
+   * Returns a password reset URL (to be emailed to the user upon request)
+   *
+   * @param token {string} One-time-use expiring token, via the TokenService
+   * @param returnToUrl {string}
+   *
+   * @return {string}
+   */
+  passwordResetUrl (token, returnToUrl) {
+    let encodedReturnTo = encodeURIComponent(returnToUrl)
+
+    let resetUrl = url.resolve(this.host.serverUri,
+      `/api/password/validateReset?token=${token}` +
+      `&returnToUrl=${encodedReturnTo}`)
+
+    return resetUrl
+  }
+
+  /**
+   * Parses and returns an account recovery email stored in a user's root .acl
+   *
+   * @param userAccount {UserAccount}
+   *
+   * @return {Promise<string|undefined>}
+   */
+  loadAccountRecoveryEmail (userAccount) {
+    return Promise.resolve()
+      .then(() => {
+        let rootAclUri = this.rootAclFor(userAccount)
+
+        return this.store.getGraph(rootAclUri)
+      })
+      .then(rootAclGraph => {
+        let matches = rootAclGraph.match(null, ns.acl('agent'))
+
+        let recoveryMailto = matches.find(agent => {
+          return agent.object.value.startsWith('mailto:')
+        })
+
+        if (recoveryMailto) {
+          recoveryMailto = recoveryMailto.object.value.replace('mailto:', '')
+        }
+
+        return recoveryMailto
+      })
+  }
+
+  sendPasswordResetEmail (userAccount, returnToUrl) {
+    return Promise.resolve()
+      .then(() => {
+        if (!this.emailService) {
+          throw new Error('Email service is not set up')
+        }
+
+        if (!userAccount.email) {
+          throw new Error('Account recovery email has not been provided')
+        }
+
+        return this.generateResetToken(userAccount)
+      })
+      .then(resetToken => {
+        let resetUrl = this.passwordResetUrl(resetToken, returnToUrl)
+
+        let emailData = {
+          to: userAccount.email,
+          webId: userAccount.webId,
+          resetUrl
+        }
+
+        return this.emailService.sendWithTemplate('reset-password', emailData)
+      })
+  }
+
   /**
    * Sends a Welcome email (on new user signup).
    *

lib/token-service.js lib/models/token-service.jslib/token-service.js renamed to lib/models/token-service.js

@@ -84,7 +84,7 @@
     "node-mocks-http": "^1.5.6",
     "nyc": "^10.1.2",
     "proxyquire": "^1.7.10",
-    "sinon": "^1.17.7",
+    "sinon": "^2.1.0",
     "sinon-chai": "^2.8.0",
     "standard": "^8.6.0",
     "supertest": "^1.2.0"