Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const userExists = await User.getUserByUsername(input.username);
if (userExists && userExists.id !== input.id) {
errors.username = t('user:usernameIsExisted');
}
const emailExists = await User.getUserByEmail(input.email);
if (emailExists && emailExists.id !== input.id) {
errors.email = t('user:emailIsExisted');
}
if (input.password && input.password.length < settings.user.auth.password.minLength) {
errors.password = t('user:passwordLength', { length: settings.user.auth.password.minLength });
}
if (!isEmpty(errors)) throw new UserInputError('Failed to get events due to validation errors', { errors });
const userInfo = !isSelf() && isAdmin() ? input : pick(input, ['id', 'username', 'email', 'password']);
const isProfileExists = await User.isUserProfileExists(input.id);
const passwordHash = await createPasswordHash(input.password);
const trx = await createTransaction();
try {
await User.editUser(userInfo, passwordHash).transacting(trx);
await User.editUserProfile(input, isProfileExists).transacting(trx);
trx.commit();
} catch (e) {
trx.rollback();
}
if (settings.user.auth.certificate.enabled) {
function parseArgs (authArgs: AuthDirectiveArgs): AuthDirectiveArgs {
if (!authArgs.productCode || !authArgs.resourceCode) {
throw new UserInputError('Invalid auth schema directive args. Usage: @auth(productCode: String, resourceCode: String).')
}
return authArgs
}
async login(
obj,
{
input: { usernameOrEmail, password }
},
{ req }
) {
const user = await User.getUserByUsernameOrEmail(usernameOrEmail);
const errors = await validateUserPassword(user, password, req.t);
if (!isEmpty(errors)) throw new UserInputError('Failed valid user password', { errors });
const tokens = await access.grantAccess(user, req, user.passwordHash);
return { user, tokens };
},
async register(obj, { input }, { mailer, User, req }) {
fold(errors => {
throw new UserInputError(failure(errors).join('\n'));
}, identity)
)
User,
mailer
}
) {
const errors = {};
const reset = pick(input, ['password', 'passwordConfirmation', 'token']);
if (reset.password !== reset.passwordConfirmation) {
errors.password = t('user:auth.password.passwordsIsNotMatch');
}
if (reset.password.length < settings.auth.password.minLength) {
errors.password = t('user:auth.password.passwordLength', { length: settings.auth.password.minLength });
}
if (!isEmpty(errors)) throw new UserInputError('Failed reset password', { errors });
const token = Buffer.from(reset.token, 'base64').toString();
const { email, password } = jwt.verify(token, settings.auth.secret);
const user = await User.getUserByEmail(email);
if (user.passwordHash !== password) {
throw new Error(t('user:auth.password.invalidToken'));
}
if (user) {
await User.updatePassword(user.id, reset.password);
const url = `${__WEBSITE_URL__}/profile`;
if (mailer && settings.auth.password.sendPasswordChangesEmail) {
mailer.sendMail({
from: `${settings.app.name} <${process.env.EMAIL_USER}>`,
to: user.email,
subject: 'Your Password Has Been Updated',
async contact(obj: any, { input }: ContactInput, { mailer, req: { t } }: any) {
const errors = validate(input, contactFormSchema);
if (!isEmpty(errors)) {
throw new UserInputError(t('contact:validateError'), { errors });
}
try {
await mailer.sendMail({
from: input.email,
to: process.env.EMAIL_USER,
subject: 'New email through contact us page',
html: `<p>${input.name} is sending the following message.</p><p>${input.content}</p>`
});
} catch (e) {
log.error(e);
throw new Error(t('contact:sendError'));
}
}
}
SavedSourceConfigurationColumnRuntimeType.decode(logColumn).getOrElseL(errors => {
throw new UserInputError(failure(errors).join('\n'));
})
)