Feature: E-Mail verify #8
|
@ -10,7 +10,6 @@ import { VerifyModule } from '../verify-module/verify.module';
|
|||
import { AuthController } from './controller/auth.controller';
|
||||
import { UserCredentialsRepository } from './repositories/user-credentials.repository';
|
||||
import { AuthService } from './services/auth.service';
|
||||
import { EncryptionService } from './services/encryption.service';
|
||||
import { TokenManagementService } from './services/token-management.service';
|
||||
import { AccessTokenStrategy, RefreshTokenStrategy } from './strategies';
|
||||
|
||||
|
@ -25,7 +24,6 @@ import { AccessTokenStrategy, RefreshTokenStrategy } from './strategies';
|
|||
providers: [
|
||||
AuthService,
|
||||
TokenManagementService,
|
||||
EncryptionService,
|
||||
UserCredentialsRepository,
|
||||
AccessTokenStrategy,
|
||||
RefreshTokenStrategy,
|
||||
|
|
|
@ -1,3 +1,2 @@
|
|||
export * from './get-user-id.decorator';
|
||||
export * from './get-user.decorator';
|
||||
export * from './public.decorator';
|
||||
|
|
|
@ -7,8 +7,9 @@ import {
|
|||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { ApiCreatedResponse, ApiHeader, ApiTags } from '@nestjs/swagger';
|
||||
import { Public } from 'src/shared/decorator';
|
||||
|
||||
import { GetCurrentUser, GetCurrentUserId, Public } from '../common/decorators';
|
||||
import { GetCurrentUser, GetCurrentUserId } from '../common/decorators';
|
||||
import { RefreshTokenGuard } from '../common/guards';
|
||||
import { TokensDto, UserCredentialsDto } from '../models/dto';
|
||||
import { AuthService } from '../services/auth.service';
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import { ForbiddenException, Injectable } from '@nestjs/common';
|
||||
import { EncryptionService } from 'src/shared';
|
||||
|
||||
import { PasswordConfirmationMailService } from '../../sendgrid-module/services/password-confirmation.mail.service';
|
||||
import { UserDataRepository } from '../../user-module/repositories/user-data.repository';
|
||||
|
@ -6,7 +7,6 @@ import { EmailVerificationService } from '../../verify-module/services/email-ver
|
|||
import { TokensDto, UserCredentialsDto } from '../models/dto';
|
||||
import { UserCredentialsRepository } from '../repositories/user-credentials.repository';
|
||||
|
||||
import { EncryptionService } from './encryption.service';
|
||||
import { TokenManagementService } from './token-management.service';
|
||||
|
||||
@Injectable()
|
||||
|
@ -15,15 +15,15 @@ export class AuthService {
|
|||
private readonly userCredentialsRepository: UserCredentialsRepository,
|
||||
private readonly userDataRepository: UserDataRepository,
|
||||
private readonly tokenManagementService: TokenManagementService,
|
||||
private readonly encryptionService: EncryptionService,
|
||||
private readonly passwordConfirmationMailService: PasswordConfirmationMailService,
|
||||
private readonly emailVerificationService: EmailVerificationService
|
||||
) {}
|
||||
|
||||
public async signup(userCredentials: UserCredentialsDto): Promise<TokensDto> {
|
||||
const passwordHashed = await this.encryptionService.hashData(
|
||||
const passwordHashed = await EncryptionService.hashData(
|
||||
userCredentials.password
|
||||
);
|
||||
|
||||
const user = await this.userCredentialsRepository.createUser(
|
||||
userCredentials.email,
|
||||
passwordHashed
|
||||
|
@ -53,7 +53,7 @@ export class AuthService {
|
|||
throw new ForbiddenException('Access Denied');
|
||||
}
|
||||
|
||||
const passwordMatch = await this.encryptionService.compareHash(
|
||||
const passwordMatch = await EncryptionService.compareHash(
|
||||
userCredentials.password,
|
||||
user.hash
|
||||
);
|
||||
|
@ -75,7 +75,7 @@ export class AuthService {
|
|||
throw new ForbiddenException('Access Denied');
|
||||
}
|
||||
|
||||
const refreshTokenMatch = await this.encryptionService.compareHash(
|
||||
const refreshTokenMatch = await EncryptionService.compareHash(
|
||||
refreshToken,
|
||||
user.hashedRt
|
||||
);
|
||||
|
@ -104,7 +104,7 @@ export class AuthService {
|
|||
userId,
|
||||
email
|
||||
);
|
||||
const hashedRefreshToken = await this.encryptionService.hashData(
|
||||
const hashedRefreshToken = await EncryptionService.hashData(
|
||||
tokens.refresh_token
|
||||
);
|
||||
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
import { Inject, Injectable } from '@nestjs/common';
|
||||
import { ConfigService } from '@nestjs/config';
|
||||
import * as SendGridMailApi from '@sendgrid/mail';
|
||||
import { UriEncoderService } from 'src/shared';
|
||||
|
||||
import { BaseMailService } from './base.mail.service';
|
||||
import { TemplateConfigService } from './template-config.service';
|
||||
|
@ -11,20 +13,21 @@ export class PasswordConfirmationMailService extends BaseMailService {
|
|||
|
||||
public constructor(
|
||||
@Inject('SEND_GRID_API_KEY') protected readonly sendGridApiKey: string,
|
||||
private readonly templateConfigService: TemplateConfigService
|
||||
private readonly templateConfigService: TemplateConfigService,
|
||||
private readonly configService: ConfigService
|
||||
) {
|
||||
super(sendGridApiKey);
|
||||
}
|
||||
|
||||
public async sendPasswordConfirmationMail(
|
||||
to: string,
|
||||
token: string
|
||||
verificationToken: string
|
||||
): Promise<void> {
|
||||
const templateId: string = this.templateConfigService.getTemplateId(
|
||||
this.PASSWORD_CONFIRMATION_EMAIL
|
||||
);
|
||||
|
||||
const encodedToken = encodeURIComponent(token);
|
||||
const token = `${verificationToken}|${UriEncoderService.encodeBase64(to)}`;
|
||||
|
||||
const mailoptions: SendGridMailApi.MailDataRequired = {
|
||||
to,
|
||||
|
@ -32,7 +35,7 @@ export class PasswordConfirmationMailService extends BaseMailService {
|
|||
templateId: templateId,
|
||||
dynamicTemplateData: {
|
||||
name: 'Mara',
|
||||
buttonUrl: `http://localhost:4200/?token=${encodedToken}`,
|
||||
buttonUrl: `${this.configService.get<string>('APP_URL')}/verify/?token=${token}`,
|
||||
},
|
||||
};
|
||||
|
||||
|
|
|
@ -20,4 +20,11 @@ export class UserDataRepository {
|
|||
|
||||
return this.repository.save(userData);
|
||||
}
|
||||
|
||||
public async updateEmailVerificationStatus(userId: string): Promise<void> {
|
||||
await this.repository.update(
|
||||
{ user: { id: userId } },
|
||||
{ isEmailConfirmed: true }
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
import { Controller, Get, HttpCode, HttpStatus, Query } from '@nestjs/common';
|
||||
import { ApiCreatedResponse, ApiTags } from '@nestjs/swagger';
|
||||
import { Public } from 'src/shared/decorator';
|
||||
|
||||
import { EmailVerificationService } from '../services/email-verification.service';
|
||||
|
||||
@ApiTags('Verify')
|
||||
@Controller('verify')
|
||||
export class VerifyController {
|
||||
public constructor(
|
||||
private readonly emailVerificationService: EmailVerificationService
|
||||
) {}
|
||||
|
||||
@ApiCreatedResponse({
|
||||
description: 'Email verified successfully',
|
||||
type: Boolean,
|
||||
})
|
||||
@Public()
|
||||
@Get()
|
||||
@HttpCode(HttpStatus.OK)
|
||||
public async verifyEmail(
|
||||
@Query('token') tokenToVerify: string
|
||||
): Promise<boolean> {
|
||||
return this.emailVerificationService.verifyEmail(tokenToVerify);
|
||||
}
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
import { Injectable } from '@nestjs/common';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { EmailVerification } from 'src/entities';
|
||||
import { Repository } from 'typeorm';
|
||||
import { MoreThan, Repository } from 'typeorm';
|
||||
|
||||
@Injectable()
|
||||
export class EmailVerifyRepository {
|
||||
|
@ -21,4 +21,28 @@ export class EmailVerifyRepository {
|
|||
user: { id: userId },
|
||||
});
|
||||
}
|
||||
|
||||
public async findEmailVerificationByToken(token: string): Promise<boolean> {
|
||||
const result = await this.repository.findOne({
|
||||
where: { token, expiresAt: MoreThan(new Date()) },
|
||||
});
|
||||
|
||||
return result !== null;
|
||||
}
|
||||
|
||||
public async deleteEmailVerificationByToken(
|
||||
tokenToDelete: string
|
||||
): Promise<EmailVerification | null> {
|
||||
const emailVerification = await this.repository.findOne({
|
||||
where: { token: tokenToDelete },
|
||||
relations: ['user'],
|
||||
});
|
||||
|
||||
if (emailVerification) {
|
||||
await this.repository.delete({ token: tokenToDelete });
|
||||
return emailVerification;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,27 +1,69 @@
|
|||
import { randomBytes } from 'crypto';
|
||||
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { ConfigService } from '@nestjs/config';
|
||||
import { EmailVerification } from 'src/entities';
|
||||
import { UriEncoderService } from 'src/shared';
|
||||
|
||||
import { UserDataRepository } from '../../user-module/repositories/user-data.repository';
|
||||
import { EmailVerifyRepository } from '../repositories';
|
||||
|
||||
@Injectable()
|
||||
export class EmailVerificationService {
|
||||
public constructor(
|
||||
private readonly emailVerifyRepository: EmailVerifyRepository
|
||||
private readonly emailVerifyRepository: EmailVerifyRepository,
|
||||
private readonly userDataRepository: UserDataRepository,
|
||||
private readonly configService: ConfigService
|
||||
) {}
|
||||
|
||||
public async generateEmailVerificationToken(userId: string): Promise<string> {
|
||||
const token = randomBytes(32).toString('hex');
|
||||
const verificationToken = await this.createVerificationToken();
|
||||
|
||||
// TODO Check users local time zone and set expiration time accordingly
|
||||
const expiration = new Date(Date.now() + 24 * 60 * 60 * 1000);
|
||||
|
||||
this.emailVerifyRepository.createEmailVerification(
|
||||
token,
|
||||
verificationToken,
|
||||
expiration,
|
||||
userId
|
||||
);
|
||||
|
||||
return token;
|
||||
return verificationToken;
|
||||
}
|
||||
|
||||
public async verifyEmail(tokenToVerify: string): Promise<boolean> {
|
||||
const isTokenVerified =
|
||||
await this.emailVerifyRepository.findEmailVerificationByToken(
|
||||
tokenToVerify
|
||||
);
|
||||
|
||||
if (isTokenVerified) {
|
||||
const emailVerification =
|
||||
await this.deleteEmailVerificationToken(tokenToVerify);
|
||||
|
||||
if (emailVerification && emailVerification.user) {
|
||||
await this.userDataRepository.updateEmailVerificationStatus(
|
||||
emailVerification.user.id
|
||||
);
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private async createVerificationToken(): Promise<string> {
|
||||
const verifyToken = randomBytes(32).toString('hex');
|
||||
|
||||
return UriEncoderService.encodeUri(verifyToken);
|
||||
}
|
||||
|
||||
private async deleteEmailVerificationToken(
|
||||
tokenToDelete: string
|
||||
): Promise<EmailVerification | null> {
|
||||
return await this.emailVerifyRepository.deleteEmailVerificationByToken(
|
||||
tokenToDelete
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,13 +3,20 @@ import { ConfigModule } from '@nestjs/config';
|
|||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
import { EmailVerification } from 'src/entities';
|
||||
|
||||
import { UserModule } from '../user-module/user.module';
|
||||
|
||||
import { VerifyController } from './controller/verify.controller';
|
||||
import { EmailVerifyRepository } from './repositories';
|
||||
import { EmailVerificationService } from './services/email-verification.service';
|
||||
|
||||
@Module({
|
||||
imports: [ConfigModule, TypeOrmModule.forFeature([EmailVerification])],
|
||||
imports: [
|
||||
ConfigModule,
|
||||
UserModule,
|
||||
TypeOrmModule.forFeature([EmailVerification]),
|
||||
],
|
||||
providers: [EmailVerifyRepository, EmailVerificationService],
|
||||
controllers: [],
|
||||
controllers: [VerifyController],
|
||||
exports: [EmailVerificationService],
|
||||
})
|
||||
export class VerifyModule {}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
export * from './public.decorator';
|
|
@ -0,0 +1,2 @@
|
|||
export * from './utils/index';
|
||||
export * from './decorator/index';
|
|
@ -1,21 +1,22 @@
|
|||
import { Injectable } from '@nestjs/common';
|
||||
import * as argon2 from 'argon2';
|
||||
import { Options } from 'argon2';
|
||||
|
||||
@Injectable()
|
||||
export class EncryptionService {
|
||||
private hashOptions: Options = {
|
||||
private static hashOptions: Options = {
|
||||
type: argon2.argon2id,
|
||||
memoryCost: 2 ** 16,
|
||||
timeCost: 3,
|
||||
parallelism: 1,
|
||||
};
|
||||
|
||||
public async hashData(data: string): Promise<string> {
|
||||
public static async hashData(data: string): Promise<string> {
|
||||
return await argon2.hash(data, this.hashOptions);
|
||||
}
|
||||
|
||||
public async compareHash(data: string, encrypted: string): Promise<boolean> {
|
||||
public static async compareHash(
|
||||
data: string,
|
||||
encrypted: string
|
||||
): Promise<boolean> {
|
||||
return await argon2.verify(encrypted, data);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
export * from './uri-encoder.service';
|
||||
export * from './encryption.service';
|
|
@ -0,0 +1,13 @@
|
|||
export class UriEncoderService {
|
||||
public static encodeUri(uri: string): string {
|
||||
return encodeURIComponent(uri);
|
||||
}
|
||||
|
||||
public static decodeUri(uri: string): string {
|
||||
return decodeURIComponent(uri);
|
||||
}
|
||||
|
||||
public static encodeBase64(uri: string): string {
|
||||
return btoa(UriEncoderService.encodeUri(uri));
|
||||
}
|
||||
}
|
|
@ -9,4 +9,11 @@ export const routes: Routes = [
|
|||
(m) => m.RegisterRootComponent
|
||||
),
|
||||
},
|
||||
{
|
||||
path: 'verify',
|
||||
loadComponent: () =>
|
||||
import('./pages/email-verify-root/email-verify-root.component').then(
|
||||
(m) => m.EmailVerifyRootComponent
|
||||
),
|
||||
},
|
||||
];
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
<div id="background">
|
||||
<div class="wrapper">
|
||||
<div class="content">
|
||||
@if (showRedirectMessage()) {
|
||||
<h1>Es geht gleich los!</h1>
|
||||
<h2>
|
||||
Danke für das bestätigen der E-Mail - Wir leiten dich zum Login
|
||||
weiter!
|
||||
</h2>
|
||||
} @else {
|
||||
<h1>Oops, da ist etwas schief gelaufen!</h1>
|
||||
<h2>Der Link ist nicht mehr gültig</h2>
|
||||
}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
|
@ -0,0 +1,28 @@
|
|||
#background {
|
||||
display: flex;
|
||||
height: 100%;
|
||||
}
|
||||
|
||||
.wrapper {
|
||||
flex: 1;
|
||||
background-color: lightsalmon;
|
||||
display: flex;
|
||||
|
||||
.content{
|
||||
flex-direction: column;
|
||||
display: flex;
|
||||
align-items: flex-start;
|
||||
justify-content: center;
|
||||
h1 {
|
||||
font-size: 4rem;
|
||||
margin-left: 3rem;
|
||||
line-height: 1rem;
|
||||
}
|
||||
h2 {
|
||||
margin-left: 3rem;
|
||||
}
|
||||
p {
|
||||
margin-left: 3rem;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
import {
|
||||
ChangeDetectionStrategy,
|
||||
Component,
|
||||
InputSignal,
|
||||
OnInit,
|
||||
WritableSignal,
|
||||
input,
|
||||
signal,
|
||||
} from '@angular/core';
|
||||
import { Router } from '@angular/router';
|
||||
|
||||
import { delay, filter, tap } from 'rxjs';
|
||||
|
||||
import { VerifyApiService } from '../../api';
|
||||
|
||||
@Component({
|
||||
selector: 'app-email-verify-root',
|
||||
standalone: true,
|
||||
imports: [],
|
||||
providers: [],
|
||||
templateUrl: './email-verify-root.component.html',
|
||||
styleUrl: './email-verify-root.component.scss',
|
||||
changeDetection: ChangeDetectionStrategy.OnPush,
|
||||
})
|
||||
export class EmailVerifyRootComponent implements OnInit {
|
||||
public token: InputSignal<string> = input<string>('');
|
||||
public verifyStatus: WritableSignal<boolean> = signal<boolean>(false);
|
||||
public showRedirectMessage: WritableSignal<boolean> = signal<boolean>(false);
|
||||
|
||||
public constructor(
|
||||
private readonly api: VerifyApiService,
|
||||
private readonly router: Router
|
||||
) {}
|
||||
|
||||
public ngOnInit(): void {
|
||||
this.verifyEmail();
|
||||
}
|
||||
|
||||
private verifyEmail(): void {
|
||||
const [verifyToken, email]: string[] = this.token().split('|');
|
||||
|
||||
this.api
|
||||
.verifyControllerVerifyEmail(verifyToken)
|
||||
.pipe(
|
||||
tap((isVerified: boolean) => {
|
||||
this.verifyStatus.set(isVerified);
|
||||
}),
|
||||
filter((isVerified) => isVerified),
|
||||
tap(() => {
|
||||
this.showRedirectMessage.set(true);
|
||||
}),
|
||||
delay(10000)
|
||||
)
|
||||
.subscribe(() => {
|
||||
this.router.navigate(['/signup'], {
|
||||
queryParams: { verified: true, email: email },
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
|
@ -7,6 +7,8 @@ import {
|
|||
WritableSignal,
|
||||
signal,
|
||||
effect,
|
||||
InputSignal,
|
||||
input,
|
||||
} from '@angular/core';
|
||||
import {
|
||||
FormBuilder,
|
||||
|
@ -16,6 +18,7 @@ import {
|
|||
ReactiveFormsModule,
|
||||
Validators,
|
||||
} from '@angular/forms';
|
||||
import { Router } from '@angular/router';
|
||||
|
||||
import { ButtonModule } from 'primeng/button';
|
||||
import { CheckboxModule } from 'primeng/checkbox';
|
||||
|
@ -50,6 +53,8 @@ type AuthAction = 'register' | 'signup';
|
|||
changeDetection: ChangeDetectionStrategy.OnPush,
|
||||
})
|
||||
export class RegisterRootComponent implements OnInit {
|
||||
public verified: InputSignal<boolean> = input<boolean>(false);
|
||||
public email: InputSignal<string> = input<string>('');
|
||||
public form: FormGroup | undefined;
|
||||
public isRegisterSignal: WritableSignal<boolean> = signal(false);
|
||||
public isSignupSignal: WritableSignal<boolean> = signal(false);
|
||||
|
@ -57,10 +62,12 @@ export class RegisterRootComponent implements OnInit {
|
|||
public emailInvalid: WritableSignal<string | null> = signal(null);
|
||||
public passwordInvalid: WritableSignal<string | null> = signal(null);
|
||||
public termsInvalid: WritableSignal<string | null> = signal(null);
|
||||
private removeQueryParams: WritableSignal<boolean> = signal(false);
|
||||
|
||||
public constructor(
|
||||
private readonly formBuilder: FormBuilder,
|
||||
private readonly authService: AuthService
|
||||
private readonly authService: AuthService,
|
||||
private readonly router: Router
|
||||
) {
|
||||
effect(() => {
|
||||
if (this.form) {
|
||||
|
@ -73,12 +80,21 @@ export class RegisterRootComponent implements OnInit {
|
|||
this.form.removeControl('terms');
|
||||
}
|
||||
}
|
||||
|
||||
if (this.removeQueryParams()) {
|
||||
this.clearRouteParams();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public ngOnInit(): void {
|
||||
this.initializeForm();
|
||||
this.setupValueChanges();
|
||||
|
||||
if (this.email() || this.verified()) {
|
||||
this.handleRedirect();
|
||||
this.removeQueryParams.set(true);
|
||||
}
|
||||
}
|
||||
|
||||
public toggleAction(action: AuthAction): void {
|
||||
|
@ -133,6 +149,22 @@ export class RegisterRootComponent implements OnInit {
|
|||
});
|
||||
}
|
||||
|
||||
private handleRedirect(): void {
|
||||
console.log('handleRedirect');
|
||||
if (this.verified()) {
|
||||
this.isDisplayButtons.set(false);
|
||||
this.isRegisterSignal.set(false);
|
||||
this.isSignupSignal.set(true);
|
||||
}
|
||||
if (this.email()) {
|
||||
this.form?.get('email')?.setValue(decodeURIComponent(atob(this.email())));
|
||||
}
|
||||
}
|
||||
|
||||
private clearRouteParams(): void {
|
||||
this.router.navigate([], { queryParams: {} });
|
||||
}
|
||||
|
||||
private setupValueChanges(): void {
|
||||
this.setupEmailValueChanges();
|
||||
this.setupPasswordValueChanges();
|
||||
|
|
|
@ -13,7 +13,6 @@ import { SessionStorageService } from './session-storage.service';
|
|||
providedIn: 'root',
|
||||
})
|
||||
export class AuthService {
|
||||
private readonly _path: string = '/api/auth';
|
||||
private _access_token: string | null = null;
|
||||
private _refresh_token: string | null = null;
|
||||
private _isAuthenticated$: BehaviorSubject<boolean> =
|
||||
|
@ -29,7 +28,7 @@ export class AuthService {
|
|||
private readonly sessionStorageService: SessionStorageService,
|
||||
private readonly authenticationApiService: AuthenticationApiService
|
||||
) {
|
||||
this.autoLogin();
|
||||
//this.autoLogin();
|
||||
}
|
||||
|
||||
public signin(credentials: LoginCredentials): void {
|
||||
|
|
Loading…
Reference in New Issue