Backend Signup Functionality

graphql/resolvers.ts

@@ -1,4 +1,4 @@
-import { login, logout } from '../helpers/controllers/authController'
+import { login, logout, signup } from '../helpers/controllers/authController'
 import db from '../helpers/dbload'
 
 const { Lesson, User } = db
@@ -23,6 +23,7 @@ export default {
 
   Mutation: {
     login,
-    logout
+    logout,
+    signup
   }
 }

graphql/typeDefs.ts

@@ -8,6 +8,13 @@ export default gql`
   type Mutation {
     login(username: String!, password: String!): AuthResponse
     logout: AuthResponse
+    signup(
+      firstName: String!
+      lastName: String!
+      email: String!
+      username: String!
+      password: String
+    ): AuthResponse
   }
 
   type AuthResponse {

helpers/controllers/authController.test.js

@@ -1,18 +1,28 @@
 jest.mock('bcrypt')
 jest.mock('../dbload')
+jest.mock('../mattermost')
 import bcrypt from 'bcrypt'
 import db from '../dbload'
-import { login, logout } from './authController'
+import { login, logout, signup } from './authController'
+import { chatSignUp } from '../mattermost'
+
+import { ApolloError } from 'apollo-server-micro'
 
 describe('auth controller', () => {
   let userArgs
   beforeEach(() => {
     jest.clearAllMocks()
-    userArgs = { username: 'testuser', password: 'c0d3reallyhard' }
+    userArgs = {
+      username: 'testuser',
+      password: 'c0d3reallyhard',
+      firstName: 'testuser1',
+      lastName: 'testuser1',
+      email: 'testuser@c0d3.com'
+    }
   })
 
   test('Login - should throw error when session is null', async () => {
-    expect(
+    return expect(
       login({}, userArgs, { req: { session: null } })
     ).rejects.toThrowError('')
   })
@@ -81,4 +91,67 @@ describe('auth controller', () => {
       success: true
     })
   })
+
+  test('Signup - should reject if user information is incomplete', async () => {
+    return expect(
+      signup({}, {}, { req: { session: {} } })
+    ).rejects.toThrowError('Register form is not completely filled out')
+  })
+
+  test('Signup - should reject if user already exists', async () => {
+    db.User.findOne = jest.fn().mockReturnValue({ username: 'c0d3user' })
+    return expect(
+      signup({}, userArgs, { req: { session: {} } })
+    ).rejects.toThrowError('User already exists')
+  })
+
+  test('Signup - should reject on second findOne. The first request checks for username, second request checks for email', async () => {
+    db.User.findOne = jest
+      .fn()
+      .mockReturnValueOnce(null)
+      .mockReturnValue({ username: 'c0d3user' }) // Second call for User.findOne checks for email
+    return expect(
+      signup({}, userArgs, { req: { session: {} } })
+    ).rejects.toThrowError('Email already exists')
+  })
+
+  test('Signup - should not create user if chat signup responds with 401 or 403', async () => {
+    db.User.findOne = jest.fn().mockReturnValue(null)
+    db.User.create = jest.fn()
+
+    chatSignUp.mockRejectedValue(
+      'Invalid or missing parameter in mattermost request'
+    )
+
+    await expect(
+      signup({}, userArgs, { req: { session: {} } })
+    ).rejects.toThrowError('Invalid or missing parameter in mattermost request')
+
+    expect(db.User.create).not.toBeCalled()
+  })
+
+  test('Signup - should not create user if chat signup throws an error', async () => {
+    db.User.findOne = jest.fn().mockReturnValue(null)
+    db.User.create = jest.fn()
+
+    chatSignUp.mockRejectedValueOnce('Mattermost Error')
+
+    await expect(
+      signup({}, userArgs, { req: { session: {} } })
+    ).rejects.toThrow('Mattermost Error')
+
+    expect(db.User.create).not.toBeCalled()
+  })
+
+  test('Signup - should resolve with success true if signup successful ', async () => {
+    db.User.findOne = jest.fn().mockReturnValue(null)
+    db.User.create = jest.fn().mockReturnValue({ username: 'user' })
+    chatSignUp.mockResolvedValueOnce({
+      success: true
+    })
+    const result = await signup({}, userArgs, { req: { session: {} } })
+    expect(result).toEqual({
+      username: 'user'
+    })
+  })
 })

helpers/controllers/authController.ts

@@ -1,12 +1,29 @@
 import db from '../dbload'
 import bcrypt from 'bcrypt'
+import { nanoid } from 'nanoid'
 import { Request } from 'express'
+import { UserInputError } from 'apollo-server-micro'
+import { signupValidation } from '../formValidation'
+import { chatSignUp } from '../mattermost'
 
 const { User } = db
 
+type Login = {
+  username: string
+  password: string
+}
+
+type SignUp = {
+  firstName: string
+  lastName: string
+  username: string
+  password: string
+  email: string
+}
+
 export const login = async (
   _parent: void,
-  arg: { username: string; password: string },
+  arg: Login,
   ctx: { req: Request }
 ) => {
   const {
@@ -68,3 +85,63 @@ export const logout = async (_parent: void, _: void, ctx: { req: Request }) => {
     })
   })
 }
+
+export const signup = async (_parent: void, arg: SignUp) => {
+  try {
+    const { firstName, lastName, username, password, email } = arg
+
+    const validEntry = await signupValidation.isValid({
+      firstName,
+      lastName,
+      username,
+      password,
+      email
+    })
+
+    if (!validEntry) {
+      throw new UserInputError('Register form is not completely filled out')
+    }
+
+    // Check for existing user or email
+    const existingUser = await User.findOne({
+      where: {
+        username
+      }
+    })
+
+    if (existingUser) {
+      throw new UserInputError('User already exists')
+    }
+
+    const existingEmail = await User.findOne({
+      where: {
+        email
+      }
+    })
+
+    if (existingEmail) {
+      throw new UserInputError('Email already exists')
+    }
+
+    const randomToken = nanoid()
+    const name = `${firstName} ${lastName}`
+    const hash = await bcrypt.hash(password, 10)
+
+    // Chat Signup
+    await chatSignUp(username, password, email)
+
+    const userRecord = User.create({
+      name,
+      username,
+      password: hash,
+      email,
+      emailVerificationToken: randomToken
+    })
+
+    return {
+      username: userRecord.username
+    }
+  } catch (err) {
+    throw new Error(err)
+  }
+}

helpers/mattermost.test.js

@@ -0,0 +1,51 @@
+jest.mock('node-fetch')
+import fetch from 'node-fetch'
+import { chatSignUp } from './mattermost'
+
+describe('Chat Signup', () => {
+  let userArgs
+
+  beforeEach(() => {
+    jest.clearAllMocks()
+    userArgs = {
+      username: 'testuser',
+      password: 'c0d3reallyhard',
+      email: 'testuser@c0d3.com'
+    }
+  })
+
+  test('ChatSignUp - should resolve if response is 201', async () => {
+    fetch.mockResolvedValue({ status: 201 })
+    return expect(
+      chatSignUp(userArgs.username, userArgs.password, userArgs.email)
+    ).resolves.toEqual({ success: true })
+  })
+
+  test('ChatSignUp - should reject with invalid parameter if response is 401', async () => {
+    fetch.mockResolvedValue({ status: 401 })
+    return expect(
+      chatSignUp(userArgs.username, userArgs.password, userArgs.email)
+    ).rejects.toThrowError('Invalid or missing parameter in mattermost request')
+  })
+
+  test('ChatSignUp - should reject with invalid permission if response is 403', async () => {
+    fetch.mockResolvedValue({ status: 403 })
+    return expect(
+      chatSignUp(userArgs.username, userArgs.password, userArgs.email)
+    ).rejects.toThrowError('Invalid permission')
+  })
+
+  test('ChatSignUp - should reject if response status is invalid', async () => {
+    fetch.mockResolvedValue({ status: 418 }) // MatterMost only returns 201, 401 and 403 LOL teapot
+    return expect(
+      chatSignUp(userArgs.username, userArgs.password, userArgs.email)
+    ).rejects.toThrowError('Unexpected Response')
+  })
+
+  test('ChatSignUp - should reject if internal server error', async () => {
+    fetch.mockRejectedValue('')
+    return expect(
+      chatSignUp(userArgs.username, userArgs.password, userArgs.email)
+    ).rejects.toThrowError('Internal Server Error')
+  })
+})

helpers/mattermost.ts

@@ -0,0 +1,39 @@
+import fetch from 'node-fetch'
+const accessToken = process.env.MATTERMOST_ACCESS_TOKEN
+const chatServiceUrl = process.env.CHAT_URL
+
+const headers = {
+  Authorization: `Bearer ${accessToken}`
+}
+
+export const chatSignUp = async (
+  username: string,
+  password: string,
+  email: string
+) => {
+  try {
+    const response = await fetch(`${chatServiceUrl}/users`, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify({
+        username,
+        email,
+        password
+      })
+    })
+
+    if (response.status === 201) {
+      return { success: true }
+    }
+    if (response.status === 401) {
+      throw new Error('Invalid or missing parameter in mattermost request')
+    }
+    if (response.status === 403) {
+      throw new Error('Invalid permission')
+    }
+
+    throw new Error('Unexpected Response') // Mattermost will only respond with 201, 401 and 403
+  } catch (err) {
+    throw new Error(err || 'Internal Server Error')
+  }
+}

next.config.js

@@ -1,10 +1,13 @@
 const withSass = require('@zeit/next-sass')
 module.exports = withSass({
   env: {
+    CHAT_URL: process.env.CHAT_URL || 'https://mattermost.devwong.com/api/v4',
     DB_NAME: process.env.DB_NAME || 'c0d3dev',
     DB_USER: process.env.DB_USER || 'herman',
     DB_PW: process.env.DB_PW || 'letmein2',
     DB_HOST: process.env.DB_HOST || 'devwong.com',
+    MATTERMOST_ACCESS_TOKEN:
+      process.env.MATTERMOST_ACCESS_TOKEN || 'c1eh9rc1cinpbf9mk1wucjyqzw',
     SESSION_SECRET: process.env.SESSION_SECRET || 'c0d3hard3r',
     SERVER_URL: process.env.SERVER_URL || 'https://backend.c0d3.com'
   }

package.json

@@ -30,6 +30,7 @@
     "isomorphic-unfetch": "3.0.0",
     "lodash": "^4.17.15",
     "markdown-to-jsx": "^6.11.1",
+    "nanoid": "^3.1.3",
     "next": "^9.3.2",
     "next-connect": "^0.6.3",
     "next-with-apollo": "^5.0.0",
@@ -100,4 +101,4 @@
       "pre-push": "npm run lint && npm run test && npm run type-check"
     }
   }
-}
+}