Merge pull request #6 from chrsrns/auth-overhaul

chrsrns · Jul 24, 2024 · 7dc3403 · 7dc3403
2 parents 03f350b + 154c693
commit 7dc3403
Show file tree

Hide file tree

Showing 24 changed files with 145 additions and 533 deletions.
diff --git a/prisma/migrations/20240724063400_auth_overhaul_1/migration.sql b/prisma/migrations/20240724063400_auth_overhaul_1/migration.sql
@@ -0,0 +1,32 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `addr` on the `User` table. All the data in the column will be lost.
+  - You are about to drop the column `bdate` on the `User` table. All the data in the column will be lost.
+  - You are about to drop the column `cnum` on the `User` table. All the data in the column will be lost.
+  - You are about to drop the column `emailaddr` on the `User` table. All the data in the column will be lost.
+  - You are about to drop the column `isOnline` on the `User` table. All the data in the column will be lost.
+  - You are about to drop the column `login_password` on the `User` table. All the data in the column will be lost.
+  - You are about to drop the column `mname` on the `User` table. All the data in the column will be lost.
+  - The values [Clinic] on the enum `User_type` will be removed. If these variants are still used in the database, this will fail.
+  - You are about to drop the `Otp` table. If the table is not empty, all the data it contains will be lost.
+
+*/
+-- DropIndex
+DROP INDEX `User_emailaddr_key` ON `User`;
+
+-- DropIndex
+DROP INDEX `User_fname_mname_lname_key` ON `User`;
+
+-- AlterTable
+ALTER TABLE `User` DROP COLUMN `addr`,
+    DROP COLUMN `bdate`,
+    DROP COLUMN `cnum`,
+    DROP COLUMN `emailaddr`,
+    DROP COLUMN `isOnline`,
+    DROP COLUMN `login_password`,
+    DROP COLUMN `mname`,
+    MODIFY `type` ENUM('Student', 'Teacher', 'Guidance', 'Admin') NOT NULL;
+
+-- DropTable
+DROP TABLE `Otp`;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -13,24 +13,18 @@ datasource db {
   url      = env("DATABASE_URL")
 }
 
+// TODO: Remove references to the removed fields
 model User {
-  id       String   @id @default(uuid())
-  fname    String   @db.VarChar(30)
-  mname    String?  @db.VarChar(30)
-  lname    String   @db.VarChar(30)
-  isOnline Boolean? @default(false)
-
-  addr      String   @db.VarChar(255)
-  cnum      String   @db.VarChar(50)
-  emailaddr String   @unique @db.VarChar(50)
-  bdate     DateTime @db.Date
+  id    String @id @default(uuid())
+  fname String @db.VarChar(30)
+  lname String @db.VarChar(30)
+
   createdAt DateTime @default(now())
   updatedAt DateTime @default(now()) @updatedAt
 
   type user_type
 
   login_username String @unique
-  login_password String
 
   approved user_approval_type @default(Pending)
 
@@ -42,8 +36,6 @@ model User {
   Notifications     Notifications[]
   Feedback          Feedback?
   GuidanceRecord    GuidanceRecord[]
-
-  @@unique([fname, mname, lname])
 }
 
 model RefreshToken {
@@ -131,19 +123,11 @@ model Notifications {
   usersToNotify User[]
 }
 
-model Otp {
-  id        String   @id @default(uuid())
-  revoked   Boolean  @default(false)
-  emailaddr String   @unique
-  otp       Int
-  createdAt DateTime @default(now())
-}
-
+// TODO: Remove references to removed field Clinic
 enum user_type {
   Student
   Teacher
   Guidance
-  Clinic
   Admin
 }
 

diff --git a/routes/admin.routes.js b/routes/admin.routes.js
@@ -22,12 +22,7 @@ router.get("/users", async (req, res, next) => {
       select: {
         id: true,
         fname: true,
-        mname: true,
         lname: true,
-        addr: true,
-        cnum: true,
-        emailaddr: true,
-        bdate: true,
         type: true,
         login_username: true,
       },
@@ -47,12 +42,7 @@ router.get("/archivedusers", async (req, res, next) => {
       select: {
         id: true,
         fname: true,
-        mname: true,
         lname: true,
-        addr: true,
-        cnum: true,
-        emailaddr: true,
-        bdate: true,
         type: true,
         login_username: true,
       },
@@ -71,7 +61,6 @@ router.get("/feedbacks", async (req, res, next) => {
           select: {
             id: true,
             fname: true,
-            mname: true,
             lname: true,
             type: true,
           },
@@ -94,12 +83,7 @@ router.get("/pendingusers", async (req, res, next) => {
       select: {
         id: true,
         fname: true,
-        mname: true,
         lname: true,
-        addr: true,
-        cnum: true,
-        emailaddr: true,
-        bdate: true,
         type: true,
         login_username: true,
       },
@@ -224,12 +208,10 @@ router.post("/unarchive/:id", async (req, res) => {
     res.json(message);
   } catch (error) {
     console.error(error);
-    res
-      .status(500)
-      .json({
-        error: "An error occurred while unarchiving the user",
-        errbody: error,
-      });
+    res.status(500).json({
+      error: "An error occurred while unarchiving the user",
+      errbody: error,
+    });
   }
 });
 
@@ -339,12 +321,10 @@ router.delete("/user/:id", async (req, res) => {
     }
   } catch (error) {
     console.error(error);
-    res
-      .status(500)
-      .json({
-        error: "An error occurred while deleting the user",
-        errbody: error,
-      });
+    res.status(500).json({
+      error: "An error occurred while deleting the user",
+      errbody: error,
+    });
   }
 });
 

diff --git a/routes/appointments.routes.js b/routes/appointments.routes.js
@@ -27,7 +27,6 @@ router.get("/students", async (req, res, next) => {
       select: {
         id: true,
         fname: true,
-        mname: true,
         lname: true,
       },
     });
@@ -60,7 +59,6 @@ router.get("/staff", async (req, res, next) => {
       select: {
         id: true,
         fname: true,
-        mname: true,
         lname: true,
         type: true,
       },
@@ -152,7 +150,6 @@ router.get("/schedules", async (req, res, next) => {
           select: {
             id: true,
             fname: true,
-            mname: true,
             lname: true,
             type: true,
           },
@@ -236,7 +233,6 @@ router.get("/staff-availability", async (req, res, next) => {
           select: {
             id: true,
             fname: true,
-            mname: true,
             lname: true,
           },
         },
@@ -292,7 +288,6 @@ router.get("/schedules/by-user/:id", async (req, res, next) => {
           select: {
             id: true,
             fname: true,
-            mname: true,
             lname: true,
             type: true,
           },
@@ -319,7 +314,6 @@ router.get("/schedule/:id", async (req, res) => {
           select: {
             id: true,
             fname: true,
-            mname: true,
             lname: true,
             type: true,
           },
@@ -525,7 +519,6 @@ router.get("/messages/by-schedule/:id", async (req, res, next) => {
           select: {
             login_username: true,
             fname: true,
-            mname: true,
             lname: true,
           },
         },

diff --git a/routes/auth.routes.js b/routes/auth.routes.js
@@ -39,60 +39,25 @@ const emailheader = "Scheduler Project by Christian Aranas";
 
 router.post("/register", async (req, res, next) => {
   try {
-    const {
-      fname,
-      lname,
-      login_username,
-      login_password,
-      addr,
-      cnum,
-      emailaddr,
-      bdate,
-      type,
-      otp: otpInReq,
-    } = req.body;
+    const { fname, lname, login_username, type } = req.body;
+    //
     console.log(req.body);
-    if (
-      !login_username ||
-      !login_password ||
-      !fname ||
-      !lname ||
-      !addr ||
-      !cnum ||
-      !emailaddr ||
-      !bdate ||
-      !type
-    ) {
+    if (!login_username || !fname || !lname || !type) {
       res.status(400);
       throw new Error(`You must provide an all required fields.`);
     }
-    if (await findUserByEmail(emailaddr)) {
-      res.status(400);
-      throw new Error(
-        "That email is already registered. If that is not you, please contact the developers.",
-      );
-    }
 
     const existingUser = await findUserByUsername(login_username);
 
     if (existingUser) {
       res.status(400);
-      throw new Error("LRN/Username already in use");
+      throw new Error("Username already in use");
     }
 
-    let otpInDatabase = await prisma.otp.findUnique({
-      where: {
-        emailaddr: emailaddr,
-      },
-    });
-
-    verifySession(otpInDatabase, otpInReq);
-
     if (type == user_type.Admin) {
       res.status(400);
       throw new Error("Unauthorized");
     }
-    delete req.body.otp;
 
     const user = await createUser(req.body);
     createNotification({
@@ -110,26 +75,17 @@ router.post("/register", async (req, res, next) => {
 
 router.post("/login", async (req, res, next) => {
   try {
-    const { login_username, login_password } = req.body;
-    if (!login_username || !login_password) {
+    const { login_username } = req.body;
+    if (!login_username) {
       res.status(400);
-      throw new Error("You must provide an email and a password.");
+      throw new Error("You must provide your username.");
     }
 
     const existingUser = await findUserByUsername(login_username);
 
     if (!existingUser) {
       res.status(403);
-      throw new Error("Invalid login credentials.");
-    }
-
-    const validPassword = await bcrypt.compareSync(
-      login_password,
-      existingUser.login_password,
-    );
-    if (!validPassword) {
-      res.status(403);
-      throw new Error("Invalid login credentials.");
+      throw new Error("Invalid username used.");
     }
 
     switch (existingUser.approved) {
@@ -341,13 +297,15 @@ router.post("/googlelogin", async (req, res, next) => {
 
     const existingUser = await prisma.user.findUnique({
       where: {
-        emailaddr: email,
+        login_username: email,
       },
     });
 
     if (!existingUser) {
       res.status(403);
-      throw new Error("Invalid login credentials.");
+      throw new Error(
+        "Invalid login credentials. Make sure that the email of your Google account matches your registered username.",
+      );
     }
 
     switch (existingUser.approved) {

diff --git a/routes/guidancerecords.routes.js b/routes/guidancerecords.routes.js
@@ -72,7 +72,6 @@ router.get("/students", async (req, res, next) => {
       select: {
         id: true,
         fname: true,
-        mname: true,
         lname: true,
         type: true,
       },

diff --git a/routes/medrecords.routes.js b/routes/medrecords.routes.js
@@ -71,7 +71,6 @@ router.get("/users", async (req, res, next) => {
       select: {
         id: true,
         fname: true,
-        mname: true,
         lname: true,
         type: true,
       },

diff --git a/routes/users.routes.js b/routes/users.routes.js
@@ -50,7 +50,6 @@ router.get("/onlineusers", async (req, res, next) => {
       },
       select: {
         fname: true,
-        mname: true,
         lname: true,
         type: true,
       },

diff --git a/routes/users.services.js b/routes/users.services.js
@@ -1,6 +1,7 @@
 const bcrypt = require("bcrypt");
 const { db } = require("../db");
 const jwt = require("jsonwebtoken");
+const { user_approval_type } = require("@prisma/client");
 
 function findUserByUsername(login_username) {
   return db.user.findUnique({
@@ -37,7 +38,7 @@ function findUserByEmail(emailaddr) {
 }
 
 function createUser(user) {
-  user.login_password = bcrypt.hashSync(user.login_password, 12);
+  user.approved = user_approval_type.Approved;
   console.log(user);
   return db.user.create({
     data: user,