cal.pub0.org/packages/lib/auth.ts

import { IdentityProvider } from "@prisma/client";
import { compare, hash } from "bcryptjs";
import type { NextApiRequest } from "next";
import type { Session } from "next-auth";
import { getSession as getSessionInner, GetSessionParams } from "next-auth/react";

import { HttpError } from "@calcom/lib/http-error";

export async function hashPassword(password: string) {
  const hashedPassword = await hash(password, 12);
  return hashedPassword;
}

export async function verifyPassword(password: string, hashedPassword: string) {
  const isValid = await compare(password, hashedPassword);
  return isValid;
}

export function validPassword(password: string) {
  if (password.length < 7) return false;

  if (!/[A-Z]/.test(password) || !/[a-z]/.test(password)) return false;

  if (!/\d+/.test(password)) return false;

  return true;
}

export async function getSession(options: GetSessionParams): Promise<Session | null> {
  const session = await getSessionInner(options);

  // that these are equal are ensured in `[...nextauth]`'s callback
  return session as Session | null;
}

export function isPasswordValid(password: string): boolean;
export function isPasswordValid(
  password: string,
  breakdown: boolean
): { caplow: boolean; num: boolean; min: boolean };
export function isPasswordValid(password: string, breakdown?: boolean) {
  let cap = false, // Has uppercase characters
    low = false, // Has lowercase characters
    num = false, // At least one number
    min = false; // Seven characters
  if (password.length > 6) min = true;
  for (let i = 0; i < password.length; i++) {
    if (!isNaN(parseInt(password[i]))) num = true;
    else {
      if (password[i] === password[i].toUpperCase()) cap = true;
      if (password[i] === password[i].toLowerCase()) low = true;
    }
  }
  return !!breakdown ? { caplow: cap && low, num, min } : cap && low && num && min;
}

type CtxOrReq = { req: NextApiRequest; ctx?: never } | { ctx: { req: NextApiRequest }; req?: never };

export const ensureSession = async (ctxOrReq: CtxOrReq) => {
  const session = await getSession(ctxOrReq);
  if (!session?.user.id) throw new HttpError({ statusCode: 401, message: "Unauthorized" });
  return session;
};

export enum ErrorCode {
  UserNotFound = "user-not-found",
  IncorrectPassword = "incorrect-password",
  UserMissingPassword = "missing-password",
  TwoFactorDisabled = "two-factor-disabled",
  TwoFactorAlreadyEnabled = "two-factor-already-enabled",
  TwoFactorSetupRequired = "two-factor-setup-required",
  SecondFactorRequired = "second-factor-required",
  IncorrectTwoFactorCode = "incorrect-two-factor-code",
  InternalServerError = "internal-server-error",
  NewPasswordMatchesOld = "new-password-matches-old",
  ThirdPartyIdentityProviderEnabled = "third-party-identity-provider-enabled",
  RateLimitExceeded = "rate-limit-exceeded",
}

export const identityProviderNameMap: { [key in IdentityProvider]: string } = {
  [IdentityProvider.CAL]: "Cal",
  [IdentityProvider.GOOGLE]: "Google",
  [IdentityProvider.SAML]: "SAML",
};
fix: rate limit auth (#3820) * fix: rate limit auth * fix: replace lru-cache w memory-cache * remove comments * fix: yarn.lock * fix: remove changes yarn lock * fix: add missing EOL empty liune * fix: move rate limiter so it kicks the last, limit to 10 tries per minute * fix: move limiter w rest of code * test: trying fix onboardong * fix: undo changes in globalSetup.ts * test: fix disable login for onboarding * fix: use username instead of email for token check * fix: tests * fix: don't run on test * fix: add missing comma * fix: remove uniqueTokenPerInterval * fix: add errorcode to packages lib auth * Update packages/lib/rateLimit.ts fix: improve readability Co-authored-by: Omar López <zomars@me.com> * Update packages/lib/rateLimit.ts fix: no unnecessary any Co-authored-by: Omar López <zomars@me.com> * Update packages/lib/rateLimit.ts fix: improve readability Co-authored-by: Omar López <zomars@me.com> * fix: rename interval -> intervalInMs * fix: check user.email not username which could be empty * fix: rateLimit update all naming Co-authored-by: Agusti Fernandez Pardo <git@agusti.me> Co-authored-by: Omar López <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: Peer Richelsen <peeroke@gmail.com> 2022-08-30 19:58:35 +00:00			`import { IdentityProvider } from "@prisma/client";`
Extract prisma to it's own package (#1823) * Moved prisma to packages * Add missing prisma configs * Extracts common libs and types * Build and pipeline fixes * Adds missing package * Prisma scripts cleanup * Updates lint staged * Type fixes * Sort imports * Updates yarn lock file * Fixes for yarn dx * Revert "Sort imports" This reverts commit 076109decab9b9ba307fc03696c3b0da5c4896f3. * Formatting * Prevent double TS version * Fix conflict * Extracted e2e configs 2022-02-15 20:30:52 +00:00			`import { compare, hash } from "bcryptjs";`
Adds middleware to get V2 early access (#3617) Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> 2022-08-09 09:21:15 +00:00			`import type { NextApiRequest } from "next";`
Fix/api build (#3675) * fix: shared next-auth calendso session type fix * fix: move imports from @lib -> @calcom/lib to fix types * Consolidates next-auth definitions Co-authored-by: Agusti Fernandez Pardo <git@agusti.me> Co-authored-by: zomars <zomars@me.com> 2022-08-03 19:18:26 +00:00			`import type { Session } from "next-auth";`
Migrates all tRPC code to a monorepo package (#3484) * WIP * WIP * Type and migration fixes * Adds missing default import * Fixes import * Fixes tRPC imports in App Store * Migrate stripe helpers * WIP * Type fixes * Type fix? * Test fixes * Adds missing stripe packages * Moved queries to lib instead Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-07-22 17:27:06 +00:00			`import { getSession as getSessionInner, GetSessionParams } from "next-auth/react";`
Extract prisma to it's own package (#1823) * Moved prisma to packages * Add missing prisma configs * Extracts common libs and types * Build and pipeline fixes * Adds missing package * Prisma scripts cleanup * Updates lint staged * Type fixes * Sort imports * Updates yarn lock file * Fixes for yarn dx * Revert "Sort imports" This reverts commit 076109decab9b9ba307fc03696c3b0da5c4896f3. * Formatting * Prevent double TS version * Fix conflict * Extracted e2e configs 2022-02-15 20:30:52 +00:00
Adds middleware to get V2 early access (#3617) Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> 2022-08-09 09:21:15 +00:00			`import { HttpError } from "@calcom/lib/http-error";`

Extract prisma to it's own package (#1823) * Moved prisma to packages * Add missing prisma configs * Extracts common libs and types * Build and pipeline fixes * Adds missing package * Prisma scripts cleanup * Updates lint staged * Type fixes * Sort imports * Updates yarn lock file * Fixes for yarn dx * Revert "Sort imports" This reverts commit 076109decab9b9ba307fc03696c3b0da5c4896f3. * Formatting * Prevent double TS version * Fix conflict * Extracted e2e configs 2022-02-15 20:30:52 +00:00			`export async function hashPassword(password: string) {`
			`const hashedPassword = await hash(password, 12);`
			`return hashedPassword;`
			`}`

			`export async function verifyPassword(password: string, hashedPassword: string) {`
			`const isValid = await compare(password, hashedPassword);`
			`return isValid;`
			`}`
Migrates all tRPC code to a monorepo package (#3484) * WIP * WIP * Type and migration fixes * Adds missing default import * Fixes import * Fixes tRPC imports in App Store * Migrate stripe helpers * WIP * Type fixes * Type fix? * Test fixes * Adds missing stripe packages * Moved queries to lib instead Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-07-22 17:27:06 +00:00
V2 Settings - Security View (#4018) * Create change password screen * Add two factor auth screen * Add two factor auth screen * Remove header file * Updates middleware and rewrites * Adds Meta component to handle layout headings/metadata (#4021) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-08-30 19:46:52 +00:00			`export function validPassword(password: string) {`
			`if (password.length < 7) return false;`

			`if (!/[A-Z]/.test(password) \|\| !/[a-z]/.test(password)) return false;`

			`if (!/\d+/.test(password)) return false;`

			`return true;`
			`}`

Migrates all tRPC code to a monorepo package (#3484) * WIP * WIP * Type and migration fixes * Adds missing default import * Fixes import * Fixes tRPC imports in App Store * Migrate stripe helpers * WIP * Type fixes * Type fix? * Test fixes * Adds missing stripe packages * Moved queries to lib instead Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-07-22 17:27:06 +00:00			`export async function getSession(options: GetSessionParams): Promise<Session \| null> {`
			`const session = await getSessionInner(options);`

			// that these are equal are ensured in `[...nextauth]`'s callback
			`return session as Session \| null;`
			`}`
Feat/onboarding admin (#3486) * WIP * API and step done fallback * Finishing up tweaks * Inline comment * Translations * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Linting fixes * Update apps/web/pages/auth/setup.tsx Co-authored-by: Omar López <zomars@me.com> * Linting fix * Moving to v2 * Translations Co-authored-by: Leo Giovanetti <hello@leog.me> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-07-27 23:28:21 +00:00
Correcting syntax of overloading (#3598) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-08-02 05:52:25 +00:00			`export function isPasswordValid(password: string): boolean;`
			`export function isPasswordValid(`
			`password: string,`
			`breakdown: boolean`
			`): { caplow: boolean; num: boolean; min: boolean };`
			`export function isPasswordValid(password: string, breakdown?: boolean) {`
UI tweaks (#3576) 2022-07-29 13:23:54 +00:00			`let cap = false, // Has uppercase characters`
			`low = false, // Has lowercase characters`
			`num = false, // At least one number`
			`min = false; // Seven characters`
Feat/onboarding admin (#3486) * WIP * API and step done fallback * Finishing up tweaks * Inline comment * Translations * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Update apps/web/pages/api/auth/setup.ts Co-authored-by: Omar López <zomars@me.com> * Linting fixes * Update apps/web/pages/auth/setup.tsx Co-authored-by: Omar López <zomars@me.com> * Linting fix * Moving to v2 * Translations Co-authored-by: Leo Giovanetti <hello@leog.me> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-07-27 23:28:21 +00:00			`if (password.length > 6) min = true;`
			`for (let i = 0; i < password.length; i++) {`
			`if (!isNaN(parseInt(password[i]))) num = true;`
			`else {`
			`if (password[i] === password[i].toUpperCase()) cap = true;`
			`if (password[i] === password[i].toLowerCase()) low = true;`
			`}`
			`}`
UI tweaks (#3576) 2022-07-29 13:23:54 +00:00			`return !!breakdown ? { caplow: cap && low, num, min } : cap && low && num && min;`
Correcting syntax of overloading (#3598) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-08-02 05:52:25 +00:00			`}`
Adds middleware to get V2 early access (#3617) Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> 2022-08-09 09:21:15 +00:00
			`type CtxOrReq = { req: NextApiRequest; ctx?: never } \| { ctx: { req: NextApiRequest }; req?: never };`

			`export const ensureSession = async (ctxOrReq: CtxOrReq) => {`
			`const session = await getSession(ctxOrReq);`
			`if (!session?.user.id) throw new HttpError({ statusCode: 401, message: "Unauthorized" });`
			`return session;`
			`};`
fix: rate limit auth (#3820) * fix: rate limit auth * fix: replace lru-cache w memory-cache * remove comments * fix: yarn.lock * fix: remove changes yarn lock * fix: add missing EOL empty liune * fix: move rate limiter so it kicks the last, limit to 10 tries per minute * fix: move limiter w rest of code * test: trying fix onboardong * fix: undo changes in globalSetup.ts * test: fix disable login for onboarding * fix: use username instead of email for token check * fix: tests * fix: don't run on test * fix: add missing comma * fix: remove uniqueTokenPerInterval * fix: add errorcode to packages lib auth * Update packages/lib/rateLimit.ts fix: improve readability Co-authored-by: Omar López <zomars@me.com> * Update packages/lib/rateLimit.ts fix: no unnecessary any Co-authored-by: Omar López <zomars@me.com> * Update packages/lib/rateLimit.ts fix: improve readability Co-authored-by: Omar López <zomars@me.com> * fix: rename interval -> intervalInMs * fix: check user.email not username which could be empty * fix: rateLimit update all naming Co-authored-by: Agusti Fernandez Pardo <git@agusti.me> Co-authored-by: Omar López <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: Peer Richelsen <peeroke@gmail.com> 2022-08-30 19:58:35 +00:00
			`export enum ErrorCode {`
			`UserNotFound = "user-not-found",`
			`IncorrectPassword = "incorrect-password",`
			`UserMissingPassword = "missing-password",`
			`TwoFactorDisabled = "two-factor-disabled",`
			`TwoFactorAlreadyEnabled = "two-factor-already-enabled",`
			`TwoFactorSetupRequired = "two-factor-setup-required",`
			`SecondFactorRequired = "second-factor-required",`
			`IncorrectTwoFactorCode = "incorrect-two-factor-code",`
			`InternalServerError = "internal-server-error",`
			`NewPasswordMatchesOld = "new-password-matches-old",`
			`ThirdPartyIdentityProviderEnabled = "third-party-identity-provider-enabled",`
			`RateLimitExceeded = "rate-limit-exceeded",`
			`}`

			`export const identityProviderNameMap: { [key in IdentityProvider]: string } = {`
			`[IdentityProvider.CAL]: "Cal",`
			`[IdentityProvider.GOOGLE]: "Google",`
			`[IdentityProvider.SAML]: "SAML",`
			`};`