Changed tokenService to allow for domains of tokens

And added some tests

Author: megoth

lib/models/account-manager.js

@@ -418,7 +418,40 @@ class AccountManager {
    * @return {string} Generated token
    */
   generateResetToken (userAccount) {
-    return this.tokenService.generate({ webId: userAccount.webId })
+    return this.tokenService.generate('reset-password', { webId: userAccount.webId })
+  }
+
+  /**
+   * Generates an expiring one-time-use token for password reset purposes
+   * (the user's Web ID is saved in the token service).
+   *
+   * @param userAccount {UserAccount}
+   *
+   * @return {string} Generated token
+   */
+  generateDeleteToken (userAccount) {
+    return this.tokenService.generate('delete-account', { webId: userAccount.webId })
+  }
+
+  /**
+   * Validates that a token exists and is not expired, and returns the saved
+   * token contents, or throws an error if invalid.
+   * Does not consume / clear the token.
+   *
+   * @param token {string}
+   *
+   * @throws {Error} If missing or invalid token
+   *
+   * @return {Object|false} Saved token data object if verified, false otherwise
+   */
+  validateDeleteToken (token) {
+    let tokenValue = this.tokenService.verify('delete-account', token)
+
+    if (!tokenValue) {
+      throw new Error('Invalid or expired delete account token')
+    }
+
+    return tokenValue
   }
 
   /**
@@ -433,7 +466,7 @@ class AccountManager {
    * @return {Object|false} Saved token data object if verified, false otherwise
    */
   validateResetToken (token) {
-    let tokenValue = this.tokenService.verify(token)
+    let tokenValue = this.tokenService.verify('reset-password', token)
 
     if (!tokenValue) {
       throw new Error('Invalid or expired reset token')
@@ -515,7 +548,7 @@ class AccountManager {
   sendDeleteAccountEmail (userAccount) {
     return Promise.resolve()
       .then(() => this.verifyEmailDependencies(userAccount))
-      .then(() => this.generateResetToken(userAccount))
+      .then(() => this.generateDeleteToken(userAccount))
       .then(resetToken => {
         const deleteUrl = this.getAccountDeleteUrl(resetToken)
 

lib/models/token-service.js

@@ -7,22 +7,26 @@ class TokenService {
     this.tokens = {}
   }
 
-  generate (data = {}) {
+  generate (domain, data = {}) {
     const token = ulid()
+    this.tokens[domain] = this.tokens[domain] || {}
 
     const value = {
       exp: new Date(Date.now() + 20 * 60 * 1000)
     }
-
-    this.tokens[token] = Object.assign({}, value, data)
+    this.tokens[domain][token] = Object.assign({}, value, data)
 
     return token
   }
 
-  verify (token) {
+  verify (domain, token) {
     const now = new Date()
 
-    let tokenValue = this.tokens[token]
+    if (!this.tokens[domain]) {
+      throw new Error(`Invalid domain for tokens: ${domain}`)
+    }
+
+    let tokenValue = this.tokens[domain][token]
 
     if (tokenValue && now < tokenValue.exp) {
       return tokenValue
@@ -31,8 +35,12 @@ class TokenService {
     }
   }
 
-  remove (token) {
-    delete this.tokens[token]
+  remove (domain, token) {
+    if (!this.tokens[domain]) {
+      throw new Error(`Invalid domain for tokens: ${domain}`)
+    }
+
+    delete this.tokens[domain][token]
   }
 }
 

test/unit/account-manager-test.js

@@ -390,6 +390,27 @@ describe('AccountManager', () => {
     })
   })
 
+  describe('generateDeleteToken()', () => {
+    it('should generate and store an expiring delete token', () => {
+      let tokenService = new TokenService()
+      let options = { host, tokenService }
+
+      let accountManager = AccountManager.from(options)
+
+      let aliceWebId = 'https://alice.example.com/#me'
+      let userAccount = {
+        webId: aliceWebId
+      }
+
+      let token = accountManager.generateDeleteToken(userAccount)
+
+      let tokenValue = accountManager.tokenService.verify('delete-account', token)
+
+      expect(tokenValue.webId).to.equal(aliceWebId)
+      expect(tokenValue).to.have.property('exp')
+    })
+  })
+
   describe('generateResetToken()', () => {
     it('should generate and store an expiring reset token', () => {
       let tokenService = new TokenService()
@@ -404,7 +425,7 @@ describe('AccountManager', () => {
 
       let token = accountManager.generateResetToken(userAccount)
 
-      let tokenValue = accountManager.tokenService.verify(token)
+      let tokenValue = accountManager.tokenService.verify('reset-password', token)
 
       expect(tokenValue.webId).to.equal(aliceWebId)
       expect(tokenValue).to.have.property('exp')
@@ -484,4 +505,75 @@ describe('AccountManager', () => {
         })
     })
   })
+
+  describe('sendDeleteAccountEmail()', () => {
+    it('should compose and send a delete account email', () => {
+      let deleteToken = '1234'
+      let tokenService = {
+        generate: sinon.stub().returns(deleteToken)
+      }
+
+      let emailService = {
+        sendWithTemplate: sinon.stub().resolves()
+      }
+
+      let aliceWebId = 'https://alice.example.com/#me'
+      let userAccount = {
+        webId: aliceWebId,
+        email: 'alice@example.com'
+      }
+
+      let options = { host, tokenService, emailService }
+      let accountManager = AccountManager.from(options)
+
+      accountManager.getAccountDeleteUrl = sinon.stub().returns('delete account url')
+
+      let expectedEmailData = {
+        to: 'alice@example.com',
+        webId: aliceWebId,
+        deleteUrl: 'delete account url'
+      }
+
+      return accountManager.sendDeleteAccountEmail(userAccount)
+        .then(() => {
+          expect(accountManager.getAccountDeleteUrl)
+            .to.have.been.calledWith(deleteToken)
+          expect(emailService.sendWithTemplate)
+            .to.have.been.calledWith('delete-account', expectedEmailData)
+        })
+    })
+
+    it('should reject if no email service is set up', done => {
+      let aliceWebId = 'https://alice.example.com/#me'
+      let userAccount = {
+        webId: aliceWebId,
+        email: 'alice@example.com'
+      }
+      let options = { host }
+      let accountManager = AccountManager.from(options)
+
+      accountManager.sendDeleteAccountEmail(userAccount)
+        .catch(error => {
+          expect(error.message).to.equal('Email service is not set up')
+          done()
+        })
+    })
+
+    it('should reject if no user email is provided', done => {
+      let aliceWebId = 'https://alice.example.com/#me'
+      let userAccount = {
+        webId: aliceWebId
+      }
+      let emailService = {}
+      let options = { host, emailService }
+
+      let accountManager = AccountManager.from(options)
+
+      accountManager.sendDeleteAccountEmail(userAccount)
+        .catch(error => {
+          expect(error.message).to.equal('Account recovery email has not been provided')
+          done()
+        })
+    })
+  })
 })

test/unit/token-service-test.js

@@ -21,8 +21,8 @@ describe('TokenService', () => {
     it('should generate a new token and return a token key', () => {
       let service = new TokenService()
 
-      let token = service.generate()
-      let value = service.tokens[token]
+      let token = service.generate('test')
+      let value = service.tokens.test[token]
 
       expect(token).to.exist()
       expect(value).to.have.property('exp')
@@ -33,39 +33,56 @@ describe('TokenService', () => {
     it('should return false for expired tokens', () => {
       let service = new TokenService()
 
-      let token = service.generate()
+      let token = service.generate('foo')
 
-      service.tokens[token].exp = new Date(Date.now() - 1000)
+      service.tokens.foo[token].exp = new Date(Date.now() - 1000)
 
-      expect(service.verify(token)).to.be.false()
+      expect(service.verify('foo', token)).to.be.false()
     })
 
     it('should return false for non-existent tokens', () => {
       let service = new TokenService()
 
+      service.generate('foo') // to have generated the domain
       let token = 'invalid token 123'
 
-      expect(service.verify(token)).to.be.false()
+      expect(service.verify('foo', token)).to.be.false()
     })
 
     it('should return the token value if token not expired', () => {
       let service = new TokenService()
 
-      let token = service.generate()
+      let token = service.generate('foo')
 
-      expect(service.verify(token)).to.be.ok()
+      expect(service.verify('foo', token)).to.be.ok()
+    })
+
+    it('should throw error if invalid domain', () => {
+      let service = new TokenService()
+
+      let token = service.generate('foo')
+
+      expect(() => service.verify('bar', token)).to.throw()
     })
   })
 
   describe('remove()', () => {
     it('should remove a generated token from the service', () => {
       let service = new TokenService()
 
-      let token = service.generate()
+      let token = service.generate('bar')
+
+      service.remove('bar', token)
+
+      expect(service.tokens.bar[token]).to.not.exist()
+    })
+
+    it('should throw an error if invalid domain', () => {
+      let service = new TokenService()
 
-      service.remove(token)
+      let token = service.generate('foo')
 
-      expect(service.tokens[token]).to.not.exist()
+      expect(() => service.remove('bar', token)).to.throw()
     })
   })
 })