freesewing/sites/backend/src/models/user.mjs

import jwt from 'jsonwebtoken'
import { log } from '../utils/log.mjs'
import { hash, hashPassword, randomString, verifyPassword } from '../utils/crypto.mjs'
import { replaceImage, importImage } from '../utils/cloudflare-images.mjs'
import { clean, asJson, i18nUrl } from '../utils/index.mjs'
import { decorateModel } from '../utils/model-decorator.mjs'

/*
 * This model handles all user updates
 */
export function UserModel(tools) {
  return decorateModel(this, tools, {
    name: 'user',
    encryptedFields: ['bio', 'github', 'email', 'initial', 'img', 'mfaSecret'],
    models: ['confirmation', 'set', 'pattern'],
  })
}

/*
 * Loads a user from the database based on the where clause you pass it
 * In addition prepares it for returning the account data
 * This is guarded so it enforces access control and validates input
 *
 * @param {where} object - The where clasuse for the Prisma query
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.guardedRead = async function (where, { user }) {
  /*
   * Enforce RBAC
   */
  if (!this.rbac.readSome(user)) return this.setResponse(403, 'insufficientAccessLevel')

  /*
   * Ensure the account is active
   */
  if (user.iss && user.status < 1) return this.setResponse(403, 'accountStatusLacking')

  /*
   * Read record from database
   */
  await this.read(where)

  return this.setResponse200({
    result: 'success',
    account: this.asAccount(),
  })
}

/*
 * Finds a user based on one of the accepted unique fields which are:
 *   - lusername (lowercase username)
 *   - ehash
 *   - id
 *
 * @param {body} object - The request body
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.find = async function (body) {
  /*
   * Attempt to load record (one) from the database
   */
  try {
    this.record = await this.prisma.user.findFirst({
      where: {
        OR: [
          { lusername: { equals: clean(body.username) } },
          { ehash: { equals: hash(clean(body.username)) } },
          { id: { equals: parseInt(body.username) || -1 } },
        ],
      },
    })
  } catch (err) {
    /*
     * Failed to run database query. Log warning and return 404
     */
    log.warn({ err, body }, `Error while trying to find user: ${body.username}`)
    return this.setResponse(404)
  }

  /*
   * Decrypt data that is encrypted at rest
   */
  await this.reveal()

  return this.recordExists()
}

/*
 * Loads the user that is making the API request
 *
 * @param {user} object - The user as loaded by the authentication middleware
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.loadAuthenticatedUser = async function (user) {
  /*
   * Guard against missing input
   */
  if (!user) return this

  /*
   * Now attempt to load the full user record from the database
   */
  try {
    this.authenticatedUser = await this.prisma.user.findUnique({
      where: { id: user.uid },
      include: {
        apikeys: true,
      },
    })
  } catch (err) {
    /*
     * Failed to run database query. Log warning and return 404
     */
    log.warn({ err, user }, `Error while trying to find user: ${user.uid}`)
    return this.setResponse(404)
  }

  return this
}

/*
 * Loads & reveals the user that is making the API request
 *
 * @param {user} object - The user as loaded by the authentication middleware
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.revealAuthenticatedUser = async function (user) {
  /*
   * Guard against missing input
   */
  if (!user) return this

  /*
   * Now attempt to load the full user record from the database
   */
  try {
    this.record = await this.prisma.user.findUnique({
      where: { id: user.uid },
      include: {
        apikeys: true,
      },
    })
  } catch (err) {
    /*
     * Failed to run database query. Log warning and return 404
     */
    log.warn({ err, user }, `Error while trying to find and reveal user: ${user.uid}`)
    return this.setResponse(404)
  }

  return this.reveal()
}

/*
 * Creates a user+confirmation and sends out signup email - Anonymous route
 *
 * @param {body} object - The request body
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.guardedCreate = async function ({ body }) {
  /*
   * Do we have a POST body?
   */
  if (Object.keys(body).length < 1) return this.setResponse(400, 'postBodyMissing')

  /*
   * Is email set?
   */
  if (!body.email) return this.setResponse(400, 'emailMissing')

  /*
   * Is language set?
   */
  if (!body.language) return this.setResponse(400, 'languageMissing')

  /*
   * Is language a supported language?
   */
  if (!this.config.languages.includes(body.language))
    return this.setResponse(400, 'unsupportedLanguage')

  /*
   * Create ehash and check
   */
  const ehash = hash(clean(body.email))
  const check = randomString()

  /*
   * Check if we already have a user with this email address
   */
  await this.read({ ehash })

  /*
   * Check for unit tests only once
   */
  const isTest = this.isTest(body)

  if (this.exists) {
    /*
     * User already exists. However, if we return an error, then baddies can
     * spam the signup endpoint to figure out who has a FreeSewing account
     * which would be a privacy leak. So instead, pretend there is no user
     * with that account, and that signup is proceeding as normal.
     * Except that rather than a signup email, we send the user an info email.
     *
     * Note that we have to deal with 3 scenarios here:
     *
     *   - Account exists, and is active (aea)
     *   - Account exists, but is inactive (regular signup)
     *   - Account exists, but is disabled (aed)
     */

    /*
     * Set type of action based on the account status
     */
    let type = 'signup-aed'
    if (this.record.status === 0) type = 'signup'
    else if (this.record.status === 1) type = 'signup-aea'

    /*
     * Create confirmation unless account is disabled
     */
    if (type !== 'signup-aed') {
      this.confirmation = await this.Confirmation.createRecord({
        type,
        data: {
          language: body.language,
          email: this.clear.email,
          id: this.record.id,
          ehash: ehash,
          check,
        },
        userId: this.record.id,
      })
    }

    /*
     *  Set the action url based on the account status
     */
    let actionUrl = false
    if (this.record.status === 0)
      actionUrl = i18nUrl(body.language, `/confirm/${type}/${this.Confirmation.record.id}/${check}`)
    else if (this.record.status === 1)
      actionUrl = i18nUrl(body.language, `/confirm/signin/${this.Confirmation.record.id}/${check}`)

    /*
     * Send email unless it's a test and we don't want to send test emails
     */
    if (!isTest || this.config.tests.sendEmail)
      await this.mailer.send({
        template: type,
        language: body.language,
        to: this.clear.email,
        replacements: {
          actionUrl,
          whyUrl: i18nUrl(body.language, `/docs/faq/email/why-${type}`),
          supportUrl: i18nUrl(body.language, `/patrons/join`),
        },
      })

    /*
     * Now return as if everything is fine
     */
    return this.setResponse201({ email: this.clear.email })
  }

  /*
   * New signup, attempt to create database record
   */
  try {
    this.clear.email = clean(body.email)
    this.clear.initial = this.clear.email
    this.language = body.language
    const email = this.encrypt(this.clear.email)
    /*
     * Create a temporary username because we need one
     */
    const username = clean(randomString())
    const data = {
      ehash,
      /*
       * The ihash (initial email hash) is the hash of the email that was used to
       * create the account. The initial email itself is stored in the intial field.
       * Once an account created, the ihash and initial fields can never be changed
       * by a user.
       * We keep them because in the case somebody claims their account was taken
       * over. We can check the original email address that was used to create it
       * even if the email address on the account was changed.
       */
      ihash: ehash,
      email,
      initial: email,
      username,
      lusername: username,
      language: body.language,
      mfaEnabled: false,
      mfaSecret: '',
      /*
       * The user will change this later. Or not. They can juse get a magic link via email
       */
      password: asJson(hashPassword(randomString())),
      /*
       * These are all placeholders, but fields that get encrypted need _some_ value
       * because encrypting null will cause an error.
       */
      github: this.encrypt(''),
      bio: this.encrypt(''),
      img: this.encrypt(this.config.avatars.user),
    }
    /*
     * During tests, users can set their own permission level so you can test admin stuff
     */
    if (isTest && body.role) data.role = body.role

    /*
     * Now attempt to create the record in the database
     */
    this.record = await this.prisma.user.create({ data })
  } catch (err) {
    /*
     * Could not create record. Log warning and return 500
     */
    log.warn(err, 'Could not create user record')
    return this.setResponse(500, 'createAccountFailed')
  }

  /*
   * Update username now that we have the databse ID
   */
  try {
    await this.update({
      username: `user-${this.record.id}`,
      lusername: `user-${this.record.id}`,
    })
  } catch (err) {
    /*
     * This is very unlikely, but it is possible that the username is taken
     * Which is not really a problem, so we will swallow this error and
     * continue with the random username
     */
    log.info(`Username collision for user-${this.record.id}`)
  }

  /*
   * Now create the confirmation
   */
  this.confirmation = await this.Confirmation.createRecord({
    type: 'signup',
    data: {
      language: this.language,
      email: this.clear.email,
      id: this.record.id,
      ehash: ehash,
      check,
    },
    userId: this.record.id,
  })

  /*
   * And send out the signup email
   */
  if (!this.isTest(body) || this.config.tests.sendEmail)
    await this.mailer.send({
      template: 'signup',
      language: this.language,
      to: this.clear.email,
      replacements: {
        actionUrl: i18nUrl(
          this.language,
          `/confirm/signup/${this.Confirmation.record.id}/${check}`
        ),
        whyUrl: i18nUrl(this.language, `/docs/faq/email/why-signup`),
        supportUrl: i18nUrl(this.language, `/patrons/join`),
      },
    })

  /*
   * For unit tests, we return the confirmation code so no email is needed
   * Obviously, that would defeat the point for production use.
   */
  return this.isTest(body)
    ? this.setResponse201({
        email: this.clear.email,
        confirmation: this.confirmation.record.id,
      })
    : this.setResponse201({ email: this.clear.email })
}

/*
 * Sign in based on username + password
 *
 * @param {req} object - The request object.
 * We use the entire request object here because we log the IP of failed log attempts
 * so we can detect if people are attempting to brute-force logins and block those IPs.
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.passwordSignIn = async function (req) {
  /*
   * Do we have a POST body?
   */
  if (Object.keys(req.body).length < 1) return this.setResponse(400, 'postBodyMissing')

  /*
   * Is the username set?
   */
  if (!req.body.username) return this.setResponse(400, 'usernameMissing')

  /*
   * Is the password set?
   */
  if (!req.body.password) return this.setResponse(400, 'passwordMissing')

  /*
   * Attempt to find the user
   */
  await this.find(req.body)

  /*
   * If it does not exist, don't say so but just pretend the login failed.
   * This stops people from figuring out whether someone has a FreeSewing
   * account, which would be a privacy leak if we said 'not found' here'
   */
  if (!this.exists) {
    log.warn(`Sign-in attempt for non-existing user: ${req.body.username} from ${req.ip}`)
    return this.setResponse(401, 'signInFailed')
  }

  /*
   * Account found, check the password
   */
  const [valid, updatedPasswordField] = verifyPassword(req.body.password, this.record.password)

  /*
   * If the password is incorrect, log a warning with IP and return 401
   */
  if (!valid) {
    log.warn(`Wrong password for existing user: ${req.body.username} from ${req.ip}`)
    return this.setResponse(401, 'signInFailed')
  }

  /*
   * Check if the user has MFA enabled and if so handle the second factor
   */
  if (this.record.mfaEnabled) {
    /*
     * If there is no token, return 403 so the front-end can present the token
     */
    if (!req.body.token) return this.setResponse(403, 'mfaTokenRequired')
    /*
     * If there is a token, verify it and if it is not correct, return 401
     */ else if (!this.mfa.verify(req.body.token, this.clear.mfaSecret)) {
      return this.setResponse(401, 'signInFailed')
    }
  }

  /*
   * At this point sign in is a success. We will update the lastLogin value
   *
   * However, the way passwords are handled in v2 and v3 is slightly different.
   * So v2 users who have been migrated have a v2 hash. So now that we
   * have their password and we know it's good, let's rehash it the v3 way
   * if this happens to be a v2 user.
   */
  if (updatedPasswordField) await this.update({ password: updatedPasswordField })

  /*
   * Final check for account status and other things before returning
   */
  return this.isOk() ? this.signInOk() : this.setResponse(401, 'signInFailed')
}

/*
 * Sign in based on a sign-in link
 *
 * @param {req} object - The request object.
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.linkSignIn = async function (req) {
  /*
   * Is the id set?
   */
  if (!req.params.id) return this.setResponse(400, 'signInIdMissing')

  /*
   * Is the check set?
   */
  if (!req.params.check) return this.setResponse(400, 'signInCheckMissing')

  /*
   * Attempt to retrieve confirmation record
   */
  await this.Confirmation.read({ id: req.params.id })

  /*
   * If the confirmation does not exist, return 404
   */
  if (!this.Confirmation.exists) return this.setResponse(404)

  /*
   * If the confirmation is not of of the right type, return 404
   */
  if (!['signinlink', 'signup-aea'].includes(this.Confirmation.record.type)) {
    return this.setResponse(404)
  }

  /*
   * If the confirmation check is not valid, return 404
   */
  if (this.Confirmation.clear.data.check !== req.params.check) {
    return this.setResponse(404)
  }

  /*
   * Looks like we're good, so attempt to read the user from the database
   */
  await this.read({ id: this.Confirmation.record.userId })

  /*
   * if anything went wrong, this.error will be set
   */
  if (this.error) return this

  /*
   * Check if the user has MFA enabled and if so handle the second factor
   */
  if (this.record.mfaEnabled) {
    /*
     * If there is no token, return 403 so the front-end can present the token
     */
    if (!req.body.token) return this.setResponse(403, 'mfaTokenRequired')
    /*
     * If there is a token, verify it and if it is not correct, return 401
     */ else if (!this.mfa.verify(req.body.token, this.clear.mfaSecret)) {
      return this.setResponse(401, 'signInFailed')
    }
  }

  /*
   * Before we return, remove the confirmation so it works only once
   */
  await this.Confirmation.delete()

  /*
   * Sign in was a success, run a final check before returning
   */
  return this.isOk() ? this.signInOk() : this.setResponse(401, 'signInFailed')
}

/*
 * Send a magic link for user sign in
 *
 * @param {req} object - The request object.
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.sendSigninlink = async function (req) {
  /*
   * Do we have a POST body?
   */
  if (Object.keys(req.body).length < 1) return this.setResponse(400, 'postBodyMissing')

  /*
   * Is username set?
   */
  if (!req.body.username) return this.setResponse(400, 'usernameMissing')

  /*
   * Attempt to find the user
   */
  await this.find(req.body)

  /*
   * If we could not find it, log a warning but send a 401
   * to not reveal such a user does not exist.
   */
  if (!this.exists) {
    log.warn(`Magic link attempt for non-existing user: ${req.body.username} from ${req.ip}`)
    return this.setResponse(401, 'signInFailed')
  }

  /*
   * Account found, generate random check and create the confirmation
   */
  const check = randomString()
  this.confirmation = await this.Confirmation.createRecord({
    type: 'signinlink',
    data: {
      language: this.record.language,
      check,
    },
    userId: this.record.id,
  })

  /*
   * Figure out whether this is part of a unit test
   */
  const isTest = this.isTest(req.body)

  /*
   * Only send out this email if it is not a unit test
   */
  if (!isTest) {
    /*
     * Send sign-in link email
     */
    await this.mailer.send({
      template: 'signinlink',
      language: this.record.language,
      to: this.clear.email,
      replacements: {
        actionUrl: i18nUrl(
          this.record.language,
          `/confirm/signin/${this.Confirmation.record.id}/${check}`
        ),
        whyUrl: i18nUrl(this.record.language, `/docs/faq/email/why-signin-link`),
        supportUrl: i18nUrl(this.record.language, `/patrons/join`),
      },
    })
  }

  return this.setResponse200({ result: 'emailSent' })
}

/*
 * Confirms a user account
 *
 * @param {body} object - The request body
 * @param {params} object - The request (URL) params
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.confirm = async function ({ body, params }) {
  /*
   * Is the id set?
   */
  if (!params.id) return this.setResponse(404)

  /*
   * Do we have a POST body?
   */
  if (Object.keys(body).length < 1) return this.setResponse(400, 'postBodyMissing')

  /*
   * Do we have consent from the user to process their data?
   */
  if (!body.consent || typeof body.consent !== 'number' || body.consent < 1)
    return this.setResponse(400, 'consentRequired')

  /*
   * Attempt to read the confirmation from the database
   */
  await this.Confirmation.read({ id: params.id }, { user: true })

  /*
   * If the confirmation does not exist, log a warning and return 404
   */
  if (!this.Confirmation.exists) {
    log.warn(`Could not find confirmation id ${params.id}`)
    return this.setResponse(404)
  }

  /*
   * If the confirmation is of the wrong type, log a warning and return 404
   */
  if (this.Confirmation.record.type !== 'signup') {
    log.warn(`Confirmation mismatch; ${params.id} is not a signup id`)
    return this.setResponse(404)
  }

  /*
   * If an error occured, it will be in this.error and we can return here
   */
  if (this.error) return this

  /*
   * Get the unencrypted data from the confirmation
   */
  const data = this.Confirmation.clear.data

  /*
   * If the ehash does not match, return 404
   */
  if (data.ehash !== this.Confirmation.record.user.ehash) return this.setResponse(404)

  /*
   * If the id does not match, return 404
   */
  if (data.id !== this.Confirmation.record.userId) return this.setResponse(404)

  /*
   * Attempt to load the user from the database
   */
  await this.read({ id: this.Confirmation.record.useId })

  /*
   * If an error occured, it will be in this.error and we can return here
   */
  if (this.error) return this

  /*
   * Update user status, consent, and last sign in
   */
  await this.update({
    status: 1,
    consent: body.consent,
  })

  /*
   * If an error occured, it will be in this.error and we can return here
   */
  if (this.error) return this

  /*
   * Before we return, remove the confirmation so it works only once
   */
  await this.Confirmation.delete()

  /*
   * Account is now active, return a passwordless sign in
   */
  return this.signInOk()
}

/*
 * Updates the user data - Used when we pass through user-provided data
 * so we can't be certain it's safe
 *
 * @param {body} object - The request body
 * @param {user} object - The user as loaded by auth middleware
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.guardedUpdate = async function ({ body, user }) {
  /*
   * Enforce RBAC
   */
  if (!this.rbac.writeSome(user)) return this.setResponse(403, 'insufficientAccessLevel')

  /*
   * Make sure the account is in a state where it's allowed to do this
   */
  if (user.iss && user.status < 1) return this.setResponse(403, 'accountStatusLacking')

  /*
   * Create data to update the record
   */
  const data = {}

  /*
   * String fields
   */
  for (const field of ['bio', 'github']) {
    if (typeof body[field] === 'string') data[field] = body[field]
  }

  /*
   * Enum fields
   */
  for (const [field, values] of Object.entries(this.config.enums.user)) {
    if (values.includes(body[field])) data[field] = body[field]
  }

  /*
   * Password
   */
  if (typeof body.password === 'string') data.password = body.password

  /*
   * Username
   */
  if (typeof body.username === 'string') {
    const available = await this.isLusernameAvailable(body.username)
    if (available) {
      data.username = body.username.trim()
      data.lusername = clean(body.username)
    } else {
      log.info(`Rejected user name change from ${data.username} to ${body.username.trim()}`)
    }
  }

  /*
   * Image (img)
   */
  if (typeof body.img === 'string')
    data.img = await replaceImage({
      id: `user-${this.record.ihash}`,
      metadata: {
        user: user.uid,
        ihash: this.record.ihash,
      },
      b64: body.img,
    })

  /*
   * Now update the database record
   */
  await this.update(data)

  /*
   * Figure out whether this is a unit test
   */
  const isTest = this.isTest(body)

  /*
   * If there's an email change, we need to trigger confirmation
   */
  if (typeof body.email === 'string' && this.clear.email !== clean(body.email)) {
    /*
     * Generate the check
     */
    const check = randomString()

    /*
     * Generate the confirmation record
     */
    this.confirmation = await this.Confirmation.createRecord({
      type: 'emailchange',
      data: {
        language: this.record.language,
        check,
        email: {
          current: this.clear.email,
          new: body.email,
        },
      },
      userId: this.record.id,
    })

    /*
     * Send out confirmation email (unless it's a test)
     */
    if (!isTest || this.config.tests.sendEmail) {
      await this.mailer.send({
        template: 'emailchange',
        language: this.record.language,
        to: body.email,
        /*
         * CC the old address to guard against account take-over
         */
        cc: this.clear.email,
        replacements: {
          actionUrl: i18nUrl(
            this.record.language,
            `/confirm/emailchange/${this.Confirmation.record.id}/${check}`
          ),
          whyUrl: i18nUrl(this.record.language, `/docs/faq/email/why-emailchange`),
          supportUrl: i18nUrl(this.record.language, `/patrons/join`),
        },
      })
    }
  } else if (
    /*
     * Could be an email change confirmation
     */
    typeof body.confirmation === 'string' &&
    body.confirm === 'emailchange' &&
    typeof body.check === 'string'
  ) {
    /*
     * Attemt to read the confirmation record from the database
     */
    await this.Confirmation.read({ id: body.confirmation })

    /*
     * If it does not exist, log a warning and return 404
     */
    if (!this.Confirmation.exists) {
      log.warn(`Could not find confirmation id ${body.confirmation}`)
      return this.setResponse(404)
    }

    /*
     * If it is the wrong confirmation type, log a warning and return 404
     */
    if (this.Confirmation.record.type !== 'emailchange') {
      log.warn(`Confirmation mismatch; ${body.confirmation} is not an emailchange id`)
      return this.setResponse(404)
    }

    /*
     * Load unencrypted data
     */
    const data = this.Confirmation.clear.data

    /*
     * Verify confirmation ID and check. Update email if it checks out.
     */
    if (
      data.check === body.check &&
      data.email.current === this.clear.email &&
      typeof data.email.new === 'string'
    ) {
      /*
       * Update the email address and ehash
       */
      await this.update({
        email: this.encrypt(data.email.new),
        ehash: hash(clean(data.email.new)),
      })
    }
  }

  /*
   * Construct data to return
   */
  const returnData = {
    result: 'success',
    account: this.asAccount(),
  }

  /*
   * If it is a unit test, include the confirmation id
   */
  if (isTest && this.Confirmation.record?.id) returnData.confirmation = this.Confirmation.record.id

  /*
   * Return data
   */
  return this.setResponse200(returnData)
}

/*
 * Enables/Disables MFA on the account - Used when we pass through
 * user-provided data so we can't be certain it's safe
 *
 * @param {body} object - The request body
 * @param {user} object - The user as loaded by auth middleware
 * @param {ip} object - The user as loaded by auth middleware
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.guardedMfaUpdate = async function ({ body, user, ip }) {
  /*
   * Enforce RBAC
   */
  if (!this.rbac.user(user)) return this.setResponse(403, 'insufficientAccessLevel')

  /*
   * Ensure account is in the proper state to do this
   */
  if (user.iss && user.status < 1) return this.setResponse(403, 'accountStatusLacking')

  /*
   * If MFA is active and it is an attempt to active it, return 400
   */
  if (body.mfa === true && this.record.mfaEnabled === true)
    return this.setResponse(400, 'mfaActive')

  /*
   * Option 1/3: Is this an attempt to disable MFA?
   */
  if (body.mfa === false) {
    /*
     * Is token set in the POST body?
     */
    if (!body.token) return this.setResponse(400, 'mfaTokenMissing')

    /*
     * Is password set in the POST body?
     */
    if (!body.password) return this.setResponse(400, 'passwordMissing')

    /*
     * Verify the password
     */
    const [valid] = verifyPassword(body.password, this.record.password)

    /*
     * If the password is not correct, log a warning including the IP and reutrn 401
     */
    if (!valid) {
      log.warn(`Wrong password for existing user while disabling MFA: ${user.uid} from ${ip}`)
      return this.setResponse(401, 'authenticationFailed')
    }

    /*
     * Verify the MFA token
     */
    if (this.mfa.verify(body.token, this.clear.mfaSecret)) {
      /*
       * Token is valid. Update user record to disable MFA
       */
      try {
        await this.update({ mfaEnabled: false })
      } catch (err) {
        /*
         * Problem occured while updating the record. Log warning and reurn 500
         */
        log.warn(err, 'Could not disable MFA after token check')
        return this.setResponse(500, 'mfaDeactivationFailed')
      }

      /*
       * All done here. Return account data
       */
      return this.setResponse200({
        result: 'success',
        account: this.asAccount(),
      })
    } else {
      /*
       * MFA token not valid. Return 401
       */
      return this.setResponse(401, 'authenticationFailed')
    }
  } else if (body.mfa === true && body.token && body.secret) {
    /*
     * Option 2/3: Is this is a confirmation after enabling MFA?
     */
    /*
     * Verify secret and token
     */
    if (body.secret === this.clear.mfaSecret && this.mfa.verify(body.token, this.clear.mfaSecret)) {
      /*
       * Looks good. Update the user record to enable MFA
       */
      try {
        await this.update({ mfaEnabled: true })
      } catch (err) {
        /*
         * Problem occured while updating the record. Log warning and reurn 500
         */
        log.warn(err, 'Could not enable MFA after token check')
        return this.setResponse(500, 'mfaActivationFailed')
      }

      /*
       * All done here. Return account data
       */
      return this.setResponse200({
        result: 'success',
        account: this.asAccount(),
      })
    } else return this.setResponse(403, 'mfaTokenInvalid')
    /*
     * Secret and/or token don't match. Return 403
     */
  } else if (body.mfa === true && this.record.mfaEnabled === false) {
    /*
     * Option 3/3: Is this an initial request to enable MFA?
     */
    /*
     * Setup MFA
     */
    let mfa
    try {
      mfa = await this.mfa.enroll(this.record.username)
    } catch (err) {
      /*
       * Problem occured while creating MFA setup. Return 500.
       */
      log.warn(err, 'Failed to setup MFA')
      return this.setResponse(500, 'mfaSetupFailed')
    }

    /*
     * Update record with the MFA secret
     */
    try {
      await this.update({ mfaSecret: mfa.secret })
    } catch (err) {
      /*
       * Problem occured while updating record. Return 500.
       */
      log.warn(err, 'Could not update MFA secret after setup')
      return this.setResponse(500, 'mfaUpdateAfterSetupFailed')
    }

    /*
     * Return the MFA data so the user can add them to their MFA app
     */
    return this.setResponse200({ mfa })
  }

  /*
   * We should not ever arrive here, so return 400 at this point
   */
  return this.setResponse(400, 'invalidMfaSetting')
}

/*
 * Returns the database record as account data for for consumption
 *
 * @return {account} object - The account data as a plain object
 */
UserModel.prototype.asAccount = function () {
  /*
   * Nothing to do here but construct the object to return
   */
  return {
    id: this.record.id,
    bio: this.clear.bio,
    compare: this.record.compare,
    consent: this.record.consent,
    control: this.record.control,
    createdAt: this.record.createdAt,
    email: this.clear.email,
    github: this.clear.github,
    ihash: this.ihash,
    img: this.clear.img,
    imperial: this.record.imperial,
    initial: this.clear.initial,
    jwtCalls: this.record.jwtCalls,
    keyCalls: this.record.keyCalls,
    language: this.record.language,
    lastSeen: this.record.lastSeen,
    mfaEnabled: this.record.mfaEnabled,
    newsletter: this.record.newsletter,
    patron: this.record.patron,
    role: this.record.role,
    status: this.record.status,
    updatedAt: this.record.updatedAt,
    username: this.record.username,
    lusername: this.record.lusername,
    /*
     * Add this so we can give a note to users about migrating their password
     */
    passwordType: JSON.parse(this.record.password).type,
  }
}

/*
 * Creates and returns a JSON Web Token (jwt)
 *
 * @return {jwt} string - The JWT
 */
UserModel.prototype.getToken = function () {
  /*
   * Call the jwt library with the correct config
   */
  return jwt.sign(
    {
      _id: this.record.id,
      username: this.record.username,
      role: this.record.role,
      status: this.record.status,
      aud: this.config.jwt.audience,
      iss: this.config.jwt.issuer,
    },
    this.config.jwt.secretOrKey,
    { expiresIn: this.config.jwt.expiresIn }
  )
}

/*
 * Helper method to check an account is ok
 */
UserModel.prototype.isOk = function () {
  /*
   * These are all the checks we run to see if an account is 'ok'
   */
  if (
    this.exists &&
    this.record &&
    this.record.status > 0 &&
    this.record.consent > 0 &&
    this.record.role &&
    this.record.role !== 'blocked'
  )
    return true

  return false
}

/*
 * Helper method to handle the return after a successful sign in
 *
 * @returns {UserModel} object - The UserModel
 */
UserModel.prototype.signInOk = function () {
  return this.setResponse200({
    result: 'success',
    token: this.getToken(),
    account: this.asAccount(),
  })
}

/*
 * Helper method to see if a (lowercase) username is available
 * as well as making sure username is not something we
 * do not allow
 *
 * @param {lusername} string - The lowercased username
 * @returns {isTest} boolean - True if it's a test. False if not.
 */
UserModel.prototype.isLusernameAvailable = async function (lusername) {
  /*
   * We do not allow usernames shorter than 2 characters
   */
  if (lusername.length < 2) return false

  /*
   * Attempt to find a user with the provided lusername
   */
  let user
  try {
    user = await this.prisma.user.findUnique({ where: { lusername } })
  } catch (err) {
    /*
     * An error means it's not good. Return false
     */
    log.warn({ err, lusername }, 'Could not search for free username')
    return false
  }
  /*
   * If a user is found, the lusername is not available, so return false
   */
  if (user) return false

  /*
   * If we get here, the lusername is available, so return true
   */
  return true
}

/*
 * Helper method to update the `lastSeen` field of the user
 * This is called from middleware with the user ID passed in.
 *
 * @param {id} string - The user ID
 * @param {type} string - The authentication type (one of 'jwt' or 'key')
 * @returns {success} boolean - True if it worked, false if not
 */
UserModel.prototype.seen = async function (id, type) {
  /*
   * Construct data object for update operation
   */
  const data = { lastSeen: new Date() }
  data[`${type}Calls`] = { increment: 1 }

  /*
   * Now update the dabatase record
   */
  try {
    await this.prisma.user.update({ where: { id }, data })
  } catch (err) {
    /*
     * An error means it's not good. Return false
     */
    log.warn({ id, err }, 'Could not update lastSeen field from middleware')
    return false
  }

  /*
   * If we get here, the lastSeen field was updated and user exists, so return true
   */
  return true
}

/*
 * Everything below this comment is migration code.
 * This can all be removed after v3 is in production and all users have been migrated.
 */
const migrateUser = (v2) => {
  const email = clean(v2.email)
  const initial = clean(v2.initial)
  const data = {
    bio: v2.bio,
    consent: 0,
    createdAt: v2.time?.created ? new Date(v2.time.created) : new Date(),
    email,
    ehash: hash(email),
    github: v2.social?.github,
    ihash: hash(initial),
    img:
      v2.picture.slice(-4).toLowerCase() === '.svg' // Don't bother with default avatars
        ? ''
        : v2.picture,
    initial,
    imperial: v2.units === 'imperial',
    language: v2.settings.language,
    lastSeen: new Date(),
    lusername: v2.username.toLowerCase(),
    mfaEnabled: false,
    newsletter: false,
    password: JSON.stringify({
      type: 'v2',
      data: v2.password,
    }),
    patron: v2.patron,
    role: v2._id === '5d62aa44ce141a3b816a3dd9' ? 'admin' : 'user',
    status: v2.status === 'active' ? 1 : 0,
    username: v2.username,
  }
  if (data.consent.profile) data.consent++
  if (data.consent.measurements) data.consent++
  if (data.consent.openData) data.consent++

  return data
}

/*
 * This is a special route not available for API users
 */
UserModel.prototype.import = async function (user) {
  let created = 0
  const skipped = []
  if (user.status === 'active') {
    const data = migrateUser(user)
    if (user.consent.profile) data.consent++
    if (user.consent.model || user.consent.measurements) {
      data.consent++
      if (user.consent.openData) data.consent++
    }

    await this.read({ ehash: data.ehash })
    if (!this.record) {
      /*
       * Skip images for now
       */
      if (false && data.img) {
        /*
         * Figure out what image to grab from the FreeSewing v2 backend server
         */
        const imgId = `user-${data.ihash}`
        const imgUrl =
          'https://static.freesewing.org/users/' +
          encodeURIComponent(user.handle.slice(0, 1)) +
          '/' +
          encodeURIComponent(user.handle) +
          '/' +
          encodeURIComponent(data.img)
        data.img = await importImage({
          id: imgId,
          metadata: {
            user: `v2-${user.handle}`,
            ihash: data.ihash,
          },
          url: imgUrl,
        })
        data.img = imgId
      } else data.img = 'default-avatar'
      try {
        await this.createRecord(data)
        created++
      } catch (err) {
        if (
          err.toString().indexOf('Unique constraint failed on the fields: (`lusername`)') !== -1
        ) {
          // Just add a '+' to the username
          data.username += '+'
          data.lusername += '+'
          try {
            await this.createRecord(data)
            created++
          } catch (err) {
            log.warn(err, 'Could not create user record')
            console.log(user)
            return this.setResponse(500, 'createUserFailed')
          }
        }
      }
      // That's the user, now load their people as sets
      let lut = false
      if (user.people) lut = await this.Set.import(user, this.record.id)
      if (user.patterns) await this.Pattern.import(user, lut, this.record.id)
    }
  }

  return this.setResponse200()
}