From 47874e1e728c4abc594ebd53f0bb3b96610d38a6 Mon Sep 17 00:00:00 2001 From: paco Date: Sun, 13 Feb 2022 14:48:58 +0100 Subject: [PATCH] secret auth --- .env.defaults | 2 ++ .env.example | 1 + api/src/functions/auth.ts | 10 +++++++--- .../ForgotPasswordPage/ForgotPasswordPage.tsx | 4 +++- web/src/pages/SignupPage/SignupPage.tsx | 20 +++++++++++++++++++ 5 files changed, 33 insertions(+), 4 deletions(-) diff --git a/.env.defaults b/.env.defaults index 5f8ce51..6b00b01 100644 --- a/.env.defaults +++ b/.env.defaults @@ -31,6 +31,8 @@ SESSION_SECRET=MEunmKDPUzsMLf4r9tEXGg52ifgP68NboQMGdY8Ku6hRDMonE6YvZsG99yEnvY9r ####### +SIGNUP_SECRET=secret + FILESYSTEM_FOLDER=./fs PHOTOS_URL=/s3/photos MINIATURES_URL=/s3/miniatures diff --git a/.env.example b/.env.example index e9b6b44..5c01c1d 100644 --- a/.env.example +++ b/.env.example @@ -3,3 +3,4 @@ # DATABASE_URL="postgresql://postgres:postgres@localhost:5432/redwood_dev?connection_limit=1" # GMAPS_API_KEY= # SESSION_SECRET= +# SIGNUP_SECRET= diff --git a/api/src/functions/auth.ts b/api/src/functions/auth.ts index 63d0b1c..ce057d1 100644 --- a/api/src/functions/auth.ts +++ b/api/src/functions/auth.ts @@ -16,7 +16,9 @@ export const handler = async (event, context) => { // address in a toast message so the user will know it worked and where // to look for the email. handler: (user) => { - return user.email + return { + username: user.username, + } }, // How long the resetToken is valid for, in seconds (default is 24 hours) @@ -67,7 +69,7 @@ export const handler = async (event, context) => { // in. Return `false` otherwise, and in the Reset Password page redirect the // user to the login page. handler: (user) => { - return user.email + return user.username }, // If `false` then the new password MUST be different than the current one @@ -102,12 +104,14 @@ export const handler = async (event, context) => { // If this returns anything else, it will be returned by the // `signUp()` function in the form of: `{ message: 'String here' }`. handler: ({ username, hashedPassword, salt, userAttributes }) => { + if (userAttributes.secret !== process.env['SIGNUP_SECRET']) + throw new Error('Invalid secret') + return db.user.create({ data: { username: username, hashedPassword: hashedPassword, salt: salt, - // name: userAttributes.name }, }) }, diff --git a/web/src/pages/ForgotPasswordPage/ForgotPasswordPage.tsx b/web/src/pages/ForgotPasswordPage/ForgotPasswordPage.tsx index 2c3a1de..77608f7 100644 --- a/web/src/pages/ForgotPasswordPage/ForgotPasswordPage.tsx +++ b/web/src/pages/ForgotPasswordPage/ForgotPasswordPage.tsx @@ -28,7 +28,9 @@ const ForgotPasswordPage = () => { // The function `forgotPassword.handler` in api/src/functions/auth.js has // been invoked, let the user know how to get the link to reset their // password (sent in email, perhaps?) - toast.success('A link to reset your password was sent to ' + response.email) + toast.success( + 'A link to reset your password was sent to ' + response.username + ) navigate(routes.login()) } } diff --git a/web/src/pages/SignupPage/SignupPage.tsx b/web/src/pages/SignupPage/SignupPage.tsx index bbb2972..41d9bea 100644 --- a/web/src/pages/SignupPage/SignupPage.tsx +++ b/web/src/pages/SignupPage/SignupPage.tsx @@ -98,6 +98,26 @@ const SignupPage = () => { /> + + + +
Sign Up