feat(users): clean tokens on change password (#166)

* feat(user): add clear user tokens on change password

* feat(users): update permissions

* feat(users): default workflow for clear tokens

* feat(users): update change password tests

* feat(users): update change password tests

* feat(users): update change password clear tokens tests

* feat(users): update tests

* feat(users): update clear user tokens

* feat(users): update deps

* feat(users): update clear user token payload error messages

* feat(users): update jsdocs

* feat(users): update change user password validation for admin (#167)

* feat(users): update jsdocs

* feat(users): update tests

* feat(users): add clear user tokens tests

* feat(users): clean up

* feat(users): update http requests

Author: OlegDO

http-requests/users/requests.http

@@ -21,3 +21,39 @@ Authorization: Bearer admintokenooooooooooooooooooooon
     }
   }
 }
+
+### Change user password as an application admin
+POST http://127.0.0.1:3000
+Accept: application/json
+Content-Type: application/json
+## Admin token
+Authorization: Bearer admintokenooooooooooooooooooooon
+
+{
+  "id": "1",
+  "method": "users.user.change-password",
+  "params": {
+    "userId": "68827b31-33e9-45b5-bf9f-8823b993d0ef",
+    "newPassword": "123456789!A",
+    "allowedByAdmin": true
+  }
+}
+
+### Change user password as an user
+POST http://127.0.0.1:3000
+Accept: application/json
+Content-Type: application/json
+## Admin token
+Authorization: Bearer usertokenooooooooooooooooooooooo
+
+{
+  "id": "1",
+  "method": "users.user.change-password",
+  "params": {
+    "userId": "d7275b35-5f67-4f7c-bb58-731cddbcb93f",
+    "newPassword": "123456789!A",
+    "oldPassword": "Dasha.123",
+    "confirmCode": "405799",
+    "confirmBy": "email"
+  }
+}

microservices/authorization/migrations/permissions/list/models/users.json

@@ -719,6 +719,14 @@
           "admin": "allow"
         }
       },
+      "clearTokensType": {
+        "in": {
+          "admin": "allow"
+        },
+        "out": {
+          "admin": "allow"
+        }
+      },
       "oldPassword": {
         "in": {
           "user": "allow",

microservices/users/__tests__/config/remote.ts

@@ -12,6 +12,7 @@ describe('config/remote', () => {
 
   it('should correctly return cookies config: with remote', async () => {
     expect(await remoteConfig()).to.deep.equal({
+      changePasswordClearTokensType: CONST.MS_USER_CHANGE_PASSWORD_CLEAR_TOKENS_TYPE,
       passwordSaltRounds: CONST.MS_USER_PASSWORD_SALT_ROUNDS,
       removedAccountRestoreTime: CONST.MS_USER_REMOVE_ACCOUNT_RESTORE_TIME,
     });

microservices/users/__tests__/repositories/user-test.ts

@@ -0,0 +1,78 @@
+import { Api } from '@lomray/microservice-helpers';
+import { TypeormMock } from '@lomray/microservice-helpers/mocks';
+import { waitResult } from '@lomray/microservice-helpers/test-helpers';
+import { expect } from 'chai';
+import sinon from 'sinon';
+import UserRepository from '@repositories/user';
+
+describe('repositories/user', () => {
+  const sandbox = sinon.createSandbox();
+  const repository = TypeormMock.entityManager.getCustomRepository(UserRepository);
+  const apiErrorMock = { status: 500, message: 'Mock error.', service: 'authentication', code: 1 };
+
+  beforeEach(() => {
+    TypeormMock.sandbox.reset();
+  });
+
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  describe('clearUserTokens', () => {
+    it('should stop clear all user tokens: tokens not found', async () => {
+      sandbox.stub(Api.get().authentication.token, 'count').resolves({ result: { count: 0 } });
+      const clearTokensStub = sandbox.stub(Api.get().authentication.token, 'remove');
+
+      await repository.clearUserTokens('user-id');
+
+      expect(clearTokensStub).to.not.called;
+    });
+
+    it('should stop clear rest user tokens: tokens not found', async () => {
+      sandbox.stub(Api.get().authentication.token, 'count').resolves({ result: { count: 0 } });
+      const clearTokensStub = sandbox.stub(Api.get().authentication.token, 'remove');
+
+      await repository.clearUserTokens('user-id', 'token-id');
+
+      expect(clearTokensStub).to.not.called;
+    });
+
+    it('should clear all user tokens', async () => {
+      sandbox.stub(Api.get().authentication.token, 'count').resolves({ result: { count: 2 } });
+      const clearTokensStub = sandbox.stub(Api.get().authentication.token, 'remove').resolves({});
+
+      await repository.clearUserTokens('user-id');
+
+      expect(clearTokensStub).to.calledOnce;
+    });
+
+    it('should clear rest user tokens', async () => {
+      sandbox.stub(Api.get().authentication.token, 'count').resolves({ result: { count: 2 } });
+      const clearTokensStub = sandbox.stub(Api.get().authentication.token, 'remove').resolves({});
+
+      await repository.clearUserTokens('user-id', 'token-id');
+
+      expect(clearTokensStub).to.calledOnce;
+    });
+
+    it('should stop clear all user tokens: token count error', async () => {
+      sandbox.stub(Api.get().authentication.token, 'count').resolves({
+        error: apiErrorMock,
+      });
+
+      expect(await waitResult(repository.clearUserTokens('user-id'))).to.throw(
+        'Failed to clear rest user tokens.',
+      );
+    });
+
+    it('should stop clear rest user tokens: token count error', async () => {
+      sandbox.stub(Api.get().authentication.token, 'count').resolves({
+        error: apiErrorMock,
+      });
+
+      expect(await waitResult(repository.clearUserTokens('user-id', 'token-id'))).to.throw(
+        'Failed to clear rest user tokens.',
+      );
+    });
+  });
+});

microservices/users/__tests__/services/change-password-test.ts

@@ -1,12 +1,17 @@
 import { TypeormMock } from '@lomray/microservice-helpers/mocks';
 import { waitResult } from '@lomray/microservice-helpers/test-helpers';
 import { expect } from 'chai';
+import sinon from 'sinon';
+import * as remoteConfig from '@config/remote';
 import User from '@entities/user';
+import TClearUserTokens from '@interfaces/clear-user-tokens';
 import UserRepository from '@repositories/user';
 import ChangePassword from '@services/change-password';
 
 describe('services/change-password', () => {
+  const sandbox = sinon.createSandbox();
   const repository = TypeormMock.entityManager.getCustomRepository(UserRepository);
+  let clearUserTokensStub: sinon.SinonStub;
   const userId = 'user-id';
   const newPassword = 'new-password';
   const oldPassword = 'old-password';
@@ -21,68 +26,177 @@ describe('services/change-password', () => {
   });
 
   beforeEach(() => {
+    clearUserTokensStub = sandbox.stub(repository, 'clearUserTokens');
     TypeormMock.sandbox.reset();
   });
 
-  it('should throw error: user not found', async () => {
-    const service = ChangePassword.init({
-      userId,
-      repository,
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  describe('init', () => {
+    it('should correctly build service', () => {
+      expect(
+        ChangePassword.init({
+          userId,
+          repository,
+        }),
+      ).to.instanceof(ChangePassword);
     });
+  });
 
-    TypeormMock.entityManager.findOne.resolves(undefined);
+  describe('change', () => {
+    it('should throw error: user not found', async () => {
+      const service = ChangePassword.init({
+        userId,
+        repository,
+      });
 
-    expect(await waitResult(service.change(newPassword, oldPassword))).to.throw('User not found');
-  });
+      TypeormMock.entityManager.findOne.resolves(undefined);
 
-  it('should throw error: oldPassword or confirmation not provided', async () => {
-    const service = ChangePassword.init({
-      userId,
-      repository,
+      expect(await waitResult(service.change(newPassword, oldPassword))).to.throw('User not found');
     });
 
-    expect(await waitResult(service.change(newPassword))).to.throw(
-      'Either of confirm methods should be provided',
-    );
-  });
+    it('should throw error: oldPassword or confirmation not provided', async () => {
+      const service = ChangePassword.init({
+        userId,
+        repository,
+      });
 
-  it('should throw error: invalid old password', async () => {
-    const service = ChangePassword.init({
-      userId,
-      repository,
+      expect(await waitResult(service.change(newPassword))).to.throw(
+        'Either of confirm methods should be provided',
+      );
     });
 
-    TypeormMock.entityManager.findOne.resolves(mockUser);
+    it('should throw error: invalid old password', async () => {
+      const service = ChangePassword.init({
+        userId,
+        repository,
+      });
 
-    expect(await waitResult(service.change(newPassword, 'invalid-password'))).to.throw(
-      'Invalid old password',
-    );
-  });
+      TypeormMock.entityManager.findOne.resolves(mockUser);
+
+      expect(await waitResult(service.change(newPassword, 'invalid-password'))).to.throw(
+        'Invalid old password',
+      );
+    });
+
+    it('should throw error: invalid confirmation', async () => {
+      const service = ChangePassword.init({
+        userId,
+        repository,
+        isConfirmed: () => false,
+      });
 
-  it('should throw error: invalid confirmation', async () => {
-    const service = ChangePassword.init({
-      userId,
-      repository,
-      isConfirmed: () => false,
+      TypeormMock.entityManager.findOne.resolves(mockUser);
+
+      expect(await waitResult(service.change(newPassword))).to.throw('Invalid confirmation code');
     });
 
-    TypeormMock.entityManager.findOne.resolves(mockUser);
+    it('should successful change password', async () => {
+      const service = ChangePassword.init({
+        userId,
+        repository,
+      });
+
+      // Private method
+      // @ts-ignore
+      const handleClearUserTokensStub = sandbox.stub(service, 'handleClearUserTokens');
+
+      TypeormMock.entityManager.findOne.resolves(mockUser);
+
+      await service.change(newPassword, oldPassword);
+
+      const [, user] = TypeormMock.entityManager.save.firstCall.args;
+      const [argUserId] = handleClearUserTokensStub.firstCall.args;
 
-    expect(await waitResult(service.change(newPassword))).to.throw('Invalid confirmation code');
+      expect(repository.isValidPassword(user as User, newPassword)).to.true;
+      expect(handleClearUserTokensStub).to.calledOnce;
+      expect(argUserId).to.equal(userId);
+    });
   });
 
-  it('should successful change password', async () => {
-    const service = ChangePassword.init({
-      userId,
-      repository,
+  describe('handleClearUserTokens', () => {
+    it('should stop validation: type is undefined or none', async () => {
+      for (const type of [undefined, 'none']) {
+        const service = ChangePassword.init({
+          userId,
+          repository,
+          clearTokensType: type as TClearUserTokens,
+        });
+
+        await service['handleClearUserTokens'](userId);
+
+        expect(clearUserTokensStub).to.not.called;
+      }
     });
 
-    TypeormMock.entityManager.findOne.resolves(mockUser);
+    it('should stop validation: type is undefined or none', async () => {
+      for (const type of [undefined, 'none']) {
+        const service = ChangePassword.init({
+          userId,
+          repository,
+        });
+
+        const remoteConfigStub = sinon.stub().resolves({
+          changePasswordClearTokensType: type,
+        });
 
-    await service.change(newPassword, oldPassword);
+        // @ts-ignore
+        sinon.replace(remoteConfig, 'default', remoteConfigStub);
 
-    const [, user] = TypeormMock.entityManager.save.firstCall.args;
+        await service['handleClearUserTokens'](userId);
 
-    expect(repository.isValidPassword(user as User, newPassword)).to.true;
+        expect(clearUserTokensStub).to.not.called;
+
+        sinon.restore();
+      }
+    });
+
+    it('should call clear all user tokens: with user id', async () => {
+      const service = ChangePassword.init({
+        userId,
+        repository,
+        clearTokensType: 'all',
+      });
+
+      await service['handleClearUserTokens'](userId);
+
+      const [argUserId] = clearUserTokensStub.firstCall.args;
+
+      expect(clearUserTokensStub).to.calledOnce;
+      expect(argUserId).to.equal(userId);
+    });
+
+    it('should call clear rest user tokens: with user id', async () => {
+      const token = 'token-id';
+
+      const service = ChangePassword.init({
+        userId,
+        repository,
+        clearTokensType: 'rest',
+        currentToken: token,
+      });
+
+      await service['handleClearUserTokens'](userId);
+
+      const [argUserId, argToken] = clearUserTokensStub.firstCall.args;
+
+      expect(clearUserTokensStub).to.calledOnce;
+      expect(argUserId).to.equal(userId);
+      expect(argToken).to.equal(token);
+    });
+
+    it('should skip rest tokens clean up: current token not passed', async () => {
+      const service = ChangePassword.init({
+        userId,
+        repository,
+        clearTokensType: 'rest',
+      });
+
+      await service['handleClearUserTokens'](userId);
+
+      expect(clearUserTokensStub).to.not.called;
+    });
   });
 });