logto/packages/core/src/lib/user.ts

import { PasswordEncryptionMethod, User } from '@logto/schemas';
import { nanoid } from 'nanoid';
import pRetry from 'p-retry';

import { findUserByUsername, hasUserWithId } from '@/queries/user';
import assertThat from '@/utils/assert-that';
import { buildIdGenerator } from '@/utils/id';
import { encryptPassword } from '@/utils/password';

const userId = buildIdGenerator(12);

export const generateUserId = async (retries = 500) =>
  pRetry(
    async () => {
      const id = userId();

      if (!(await hasUserWithId(id))) {
        return id;
      }

      throw new Error('Cannot generate user ID in reasonable retries');
    },
    { retries, factor: 0 } // No need for exponential backoff
  );

export const encryptUserPassword = (
  userId: string,
  password: string
): {
  passwordEncryptionSalt: string;
  passwordEncrypted: string;
  passwordEncryptionMethod: PasswordEncryptionMethod;
} => {
  const passwordEncryptionSalt = nanoid();
  const passwordEncryptionMethod = PasswordEncryptionMethod.SaltAndPepper;
  const passwordEncrypted = encryptPassword(
    userId,
    password,
    passwordEncryptionSalt,
    passwordEncryptionMethod
  );

  return { passwordEncrypted, passwordEncryptionMethod, passwordEncryptionSalt };
};

export const findUserByUsernameAndPassword = async (
  username: string,
  password: string
): Promise<User> => {
  const user = await findUserByUsername(username);
  const { id, passwordEncrypted, passwordEncryptionMethod, passwordEncryptionSalt } = user;

  assertThat(
    passwordEncrypted && passwordEncryptionMethod && passwordEncryptionSalt,
    'session.invalid_sign_in_method'
  );

  assertThat(
    encryptPassword(id, password, passwordEncryptionSalt, passwordEncryptionMethod) ===
      passwordEncrypted,
    'session.invalid_credentials'
  );

  return user;
};
feat(core): sign in with email (#209) * feat(core): sign in with email * fix: jti comment * refactor: move sign in methods into lib 2022-01-31 11:04:55 +08:00			`import { PasswordEncryptionMethod, User } from '@logto/schemas';`
refactor(core): encryptUserPassword (#135) 2021-11-18 16:29:24 +08:00			`import { nanoid } from 'nanoid';`
test(core): add unit tests for `generateUserId()` (#113) 2021-09-08 10:29:14 +08:00			`import pRetry from 'p-retry';`

feat(core): sign in with email (#209) * feat(core): sign in with email * fix: jti comment * refactor: move sign in methods into lib 2022-01-31 11:04:55 +08:00			`import { findUserByUsername, hasUserWithId } from '@/queries/user';`
			`import assertThat from '@/utils/assert-that';`
test(core): add unit tests for `generateUserId()` (#113) 2021-09-08 10:29:14 +08:00			`import { buildIdGenerator } from '@/utils/id';`
refactor(core): encryptUserPassword (#135) 2021-11-18 16:29:24 +08:00			`import { encryptPassword } from '@/utils/password';`
test(core): add unit tests for `generateUserId()` (#113) 2021-09-08 10:29:14 +08:00
			`const userId = buildIdGenerator(12);`

			`export const generateUserId = async (retries = 500) =>`
			`pRetry(`
			`async () => {`
			`const id = userId();`

			`if (!(await hasUserWithId(id))) {`
			`return id;`
			`}`

			`throw new Error('Cannot generate user ID in reasonable retries');`
			`},`
			`{ retries, factor: 0 } // No need for exponential backoff`
			`);`
refactor(core): encryptUserPassword (#135) 2021-11-18 16:29:24 +08:00
			`export const encryptUserPassword = (`
			`userId: string,`
			`password: string`
			`): {`
			`passwordEncryptionSalt: string;`
			`passwordEncrypted: string;`
			`passwordEncryptionMethod: PasswordEncryptionMethod;`
			`} => {`
			`const passwordEncryptionSalt = nanoid();`
			`const passwordEncryptionMethod = PasswordEncryptionMethod.SaltAndPepper;`
			`const passwordEncrypted = encryptPassword(`
			`userId,`
			`password,`
			`passwordEncryptionSalt,`
			`passwordEncryptionMethod`
			`);`

			`return { passwordEncrypted, passwordEncryptionMethod, passwordEncryptionSalt };`
			`};`
feat(core): sign in with email (#209) * feat(core): sign in with email * fix: jti comment * refactor: move sign in methods into lib 2022-01-31 11:04:55 +08:00
			`export const findUserByUsernameAndPassword = async (`
			`username: string,`
			`password: string`
			`): Promise<User> => {`
			`const user = await findUserByUsername(username);`
			`const { id, passwordEncrypted, passwordEncryptionMethod, passwordEncryptionSalt } = user;`

			`assertThat(`
			`passwordEncrypted && passwordEncryptionMethod && passwordEncryptionSalt,`
			`'session.invalid_sign_in_method'`
			`);`

			`assertThat(`
			`encryptPassword(id, password, passwordEncryptionSalt, passwordEncryptionMethod) ===`
			`passwordEncrypted,`
			`'session.invalid_credentials'`
			`);`

			`return user;`
			`};`