tethys.backend/app/Controllers/Http/Auth/AuthController.ts

import type { HttpContext } from '@adonisjs/core/http';
import User from '#models/user';
import BackupCode from '#models/backup_code';
// import Hash from '@ioc:Adonis/Core/Hash';
// import InvalidCredentialException from 'App/Exceptions/InvalidCredentialException';
import { authValidator } from '#validators/auth';
import hash from '@adonisjs/core/services/hash';

import TwoFactorAuthProvider from '#app/services/TwoFactorAuthProvider';
// import { Authenticator } from '@adonisjs/auth';
// import { LoginState } from 'Contracts/enums';
// import { StatusCodes } from 'http-status-codes';

// interface MyHttpsContext extends HttpContext {
//     auth: Authenticator<User>
//   }
export default class AuthController {
    //   login function{ request, auth, response }:HttpContext
    public async login({ request, response, auth, session }: HttpContext) {
        // console.log({
        // 	registerBody: request.body(),
        // });
        // await request.validate(AuthValidator);
        await request.validateUsing(authValidator);

        // const plainPassword = await request.input('password');
        // const email = await request.input('email');
        // grab uid and password values off request body
        const { email, password } = request.only(['email', 'password']);

        try {
            // // attempt to verify credential and login user
            // await auth.use('web').attempt(email, plainPassword);

            // const user = await auth.use('web').verifyCredentials(email, password);
            const user = await User.verifyCredentials(email, password);

            if (user.isTwoFactorEnabled) {
                // session.put("login.id", user.id);
                // return view.render("pages/two-factor-challenge");

                session.flash('user_id', user.id);
                return response.redirect().back();

                // let state = LoginState.STATE_VALIDATED;
                // return response.status(StatusCodes.OK).json({
                //     state: state,
                //     new_user_id: user.id,
                // });
            }

            await auth.use('web').login(user);
        } catch (error) {
            // if login fails, return vague form message and redirect back
            session.flash('message', 'Your username, email, or password is incorrect');
            return response.redirect().back();
        }

        // otherwise, redirect todashboard
        response.redirect('/apps/dashboard');
    }

    public async twoFactorChallenge({ request, session, auth, response }: HttpContext) {
        const { code, backup_code, login_id } = request.only(['code', 'backup_code', 'login_id']);      
        const user = await User.query().where('id', login_id).firstOrFail();

        if (code) {
            const isValid = await TwoFactorAuthProvider.validate(user, code);
            if (isValid) {
                // login user and redirect to dashboard
                await auth.use('web').login(user);
                response.redirect('/apps/dashboard');
            } else {
                session.flash('message', 'Your two-factor code is incorrect');
            return response.redirect().back();
            }
        } else if (backup_code) {
            const codes: BackupCode[] = await user.getBackupCodes();
          
            // const verifiedBackupCodes = await Promise.all(
            //     codes.map(async (backupCode) => {
            //         let isVerified = await hash.verify(backupCode.code, backup_code);
            //         if (isVerified) {
            //             return backupCode;
            //         }
            //     }),
            // );
            // const backupCodeToDelete = verifiedBackupCodes.find(Boolean);

            let backupCodeToDelete = null;
            for (const backupCode of codes) {
                const isVerified = await hash.verify(backupCode.code, backup_code);
                if (isVerified) {
                    backupCodeToDelete = backupCode;
                    break;
                }
            }

            if (backupCodeToDelete) {   
                    if (backupCodeToDelete.used === false) {
                        backupCodeToDelete.used = true;
                        await backupCodeToDelete.save();
                        console.log(`BackupCode with id ${backupCodeToDelete.id} has been marked as used.`);
                        await auth.use('web').login(user);
                        response.redirect('/apps/dashboard');
                    } else {
                        session.flash('message', 'BackupCode already used');
                        return response.redirect().back();
                    }                              
            } else {
                session.flash('message', 'BackupCode not found');
                return response.redirect().back();
            }           
        }
    }

    //   logout function
    public async logout({ auth, response }: HttpContext) {
        // await auth.logout();
        await auth.use('web').logout();
        return response.redirect('/app/login');
        // return response.status(200);
    }
}
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`import type { HttpContext } from '@adonisjs/core/http';`
- npm updates - renamed 'models' and 'validators' folders - removed unneccessary files in contracts folder 2024-04-30 09:50:50 +00:00			`import User from '#models/user';`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00			`import BackupCode from '#models/backup_code';`
initial commit 2023-03-03 15:54:28 +00:00			`// import Hash from '@ioc:Adonis/Core/Hash';`
			`// import InvalidCredentialException from 'App/Exceptions/InvalidCredentialException';`
- replaced validation library @adonisjs/validator with @vinejs/vine (performance) - npm updates 2024-05-16 11:47:06 +00:00			`import { authValidator } from '#validators/auth';`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00			`import hash from '@adonisjs/core/services/hash';`
initial commit 2023-03-03 15:54:28 +00:00
- added own provider for drive methods - renamed middleware Role and Can to role_middleware and can_middleware - added some typing for inertia vue3 components - npm updates 2024-04-23 17:36:45 +00:00			`import TwoFactorAuthProvider from '#app/services/TwoFactorAuthProvider';`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`// import { Authenticator } from '@adonisjs/auth';`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`// import { LoginState } from 'Contracts/enums';`
			`// import { StatusCodes } from 'http-status-codes';`

- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`// interface MyHttpsContext extends HttpContext {`
			`// auth: Authenticator<User>`
			`// }`
initial commit 2023-03-03 15:54:28 +00:00			`export default class AuthController {`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`// login function{ request, auth, response }:HttpContext`
			`public async login({ request, response, auth, session }: HttpContext) {`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`// console.log({`
			`// registerBody: request.body(),`
			`// });`
- replaced validation library @adonisjs/validator with @vinejs/vine (performance) - npm updates 2024-05-16 11:47:06 +00:00			`// await request.validate(AuthValidator);`
			`await request.validateUsing(authValidator);`
initial commit 2023-03-03 15:54:28 +00:00
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`// const plainPassword = await request.input('password');`
			`// const email = await request.input('email');`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`// grab uid and password values off request body`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`const { email, password } = request.only(['email', 'password']);`
initial commit 2023-03-03 15:54:28 +00:00
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`try {`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`// // attempt to verify credential and login user`
			`// await auth.use('web').attempt(email, plainPassword);`

- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`// const user = await auth.use('web').verifyCredentials(email, password);`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00			`const user = await User.verifyCredentials(email, password);`

- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`if (user.isTwoFactorEnabled) {`
			`// session.put("login.id", user.id);`
			`// return view.render("pages/two-factor-challenge");`

			`session.flash('user_id', user.id);`
			`return response.redirect().back();`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`// let state = LoginState.STATE_VALIDATED;`
			`// return response.status(StatusCodes.OK).json({`
			`// state: state,`
			`// new_user_id: user.id,`
			`// });`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00			`}`

- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`await auth.use('web').login(user);`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`} catch (error) {`
			`// if login fails, return vague form message and redirect back`
			`session.flash('message', 'Your username, email, or password is incorrect');`
			`return response.redirect().back();`
			`}`
initial commit 2023-03-03 15:54:28 +00:00
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`// otherwise, redirect todashboard`
- now authenticated user can change password with check of old password and password confirmination - cchanged route app.dashboard to apps.dashboard - add editor and reviewer relation to Dataset.ts - added personal menu in asideMenu - added Approve.vue for editor - show warning in Index.vue (editor), if no dataset is loaded - user Receive.vue without inertia helper form - npm updates - added routes in routes.ts 2023-12-12 14:22:25 +00:00			`response.redirect('/apps/dashboard');`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`}`

- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`public async twoFactorChallenge({ request, session, auth, response }: HttpContext) {`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00			`const { code, backup_code, login_id } = request.only(['code', 'backup_code', 'login_id']);`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`const user = await User.query().where('id', login_id).firstOrFail();`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`if (code) {`
			`const isValid = await TwoFactorAuthProvider.validate(user, code);`
			`if (isValid) {`
			`// login user and redirect to dashboard`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`await auth.use('web').login(user);`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`response.redirect('/apps/dashboard');`
			`} else {`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00			`session.flash('message', 'Your two-factor code is incorrect');`
			`return response.redirect().back();`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`}`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00			`} else if (backup_code) {`
			`const codes: BackupCode[] = await user.getBackupCodes();`

			`// const verifiedBackupCodes = await Promise.all(`
			`// codes.map(async (backupCode) => {`
			`// let isVerified = await hash.verify(backupCode.code, backup_code);`
			`// if (isVerified) {`
			`// return backupCode;`
			`// }`
			`// }),`
			`// );`
			`// const backupCodeToDelete = verifiedBackupCodes.find(Boolean);`

			`let backupCodeToDelete = null;`
			`for (const backupCode of codes) {`
			`const isVerified = await hash.verify(backupCode.code, backup_code);`
			`if (isVerified) {`
			`backupCodeToDelete = backupCode;`
			`break;`
			`}`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`}`
- added backup codes for 2 factor authentication - npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts 2024-07-08 11:52:20 +00:00
			`if (backupCodeToDelete) {`
			`if (backupCodeToDelete.used === false) {`
			`backupCodeToDelete.used = true;`
			`await backupCodeToDelete.save();`
			console.log(`BackupCode with id ${backupCodeToDelete.id} has been marked as used.`);
			`await auth.use('web').login(user);`
			`response.redirect('/apps/dashboard');`
			`} else {`
			`session.flash('message', 'BackupCode already used');`
			`return response.redirect().back();`
			`}`
			`} else {`
			`session.flash('message', 'BackupCode not found');`
			`return response.redirect().back();`
			`}`
- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue - added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code 2024-02-16 14:32:47 +00:00			`}`
			`}`

- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`// logout function`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`public async logout({ auth, response }: HttpContext) {`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`// await auth.logout();`
			`await auth.use('web').logout();`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`return response.redirect('/app/login');`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`// return response.status(200);`
			`}`
initial commit 2023-03-03 15:54:28 +00:00			`}`