Merge pull request #3432 from SeedCompany/drop-session

Author: CarsonF

src/components/authentication/authentication.gel.repository.ts

@@ -165,32 +165,26 @@ export class AuthenticationGelRepository
     },
   );
 
-  async getCurrentPasswordHash(session: Session) {
-    return await this.db.run(this.getCurrentPasswordHashQuery, {
-      userId: session.userId,
-    });
+  async getCurrentPasswordHash() {
+    return await this.db.run(this.getCurrentPasswordHashQuery, {});
   }
-  private readonly getCurrentPasswordHashQuery = e.params(
-    { userId: e.uuid },
-    ({ userId }) => {
-      const user = e.cast(e.User, userId);
-      const identity = e.select(e.Auth.Identity, () => ({
-        filter_single: { user },
-      }));
-      return identity.passwordHash;
-    },
-  );
+  private readonly getCurrentPasswordHashQuery = e.params({}, () => {
+    const user = e.global.currentUser;
+    const identity = e.select(e.Auth.Identity, () => ({
+      filter_single: { user },
+    }));
+    return identity.passwordHash;
+  });
 
-  async updatePassword(newPasswordHash: string, session: Session) {
+  async updatePassword(newPasswordHash: string) {
     await this.db.run(this.updatePasswordQuery, {
-      userId: session.userId,
       passwordHash: newPasswordHash,
     });
   }
   private readonly updatePasswordQuery = e.params(
-    { userId: e.uuid, passwordHash: e.str },
-    ({ userId, passwordHash }) => {
-      const user = e.cast(e.User, userId);
+    { passwordHash: e.str },
+    ({ passwordHash }) => {
+      const user = e.global.currentUser;
       const identity = e.assert_exists(
         e.select(e.Auth.Identity, () => ({
           filter_single: { user },

src/components/authentication/authentication.repository.ts

@@ -222,7 +222,7 @@ export class AuthenticationRepository {
     return result?.roles ?? [];
   }
 
-  async getCurrentPasswordHash(session: Session) {
+  async getCurrentPasswordHash() {
     const result = await this.db
       .query()
       .match([
@@ -236,10 +236,7 @@ export class AuthenticationRepository {
     return result?.passwordHash ?? null;
   }
 
-  async updatePassword(
-    newPasswordHash: string,
-    session: Session,
-  ): Promise<void> {
+  async updatePassword(newPasswordHash: string): Promise<void> {
     await this.db
       .query()
       .match([

src/components/authentication/authentication.service.ts

@@ -69,7 +69,7 @@ export class AuthenticationService {
       const users = this.moduleRef.get(userMod.UserService, { strict: false });
       userId = await this.gel.usingOptions(
         disableAccessPolicies,
-        async () => await users.create(input, session),
+        async () => await users.create(input),
       );
     } catch (e) {
       // remap field prop as `email` field is at a different location in register() than createPerson()
@@ -85,14 +85,17 @@ export class AuthenticationService {
     return userId;
   }
 
-  async login(input: LoginInput, session: Session): Promise<ID> {
+  async login(input: LoginInput): Promise<ID> {
     const hash = await this.repo.getPasswordHash(input);
 
     if (!(await this.crypto.verify(hash, input.password))) {
       throw new UnauthenticatedException('Invalid credentials');
     }
 
-    const userId = await this.repo.connectSessionToUser(input, session);
+    const userId = await this.repo.connectSessionToUser(
+      input,
+      this.sessionHost.current,
+    );
 
     if (!userId) {
       throw new ServerException('Login failed');
@@ -256,21 +259,20 @@ export class AuthenticationService {
   async changePassword(
     oldPassword: string,
     newPassword: string,
-    session: Session,
   ): Promise<void> {
     if (!oldPassword)
       throw new InputException('Old Password Required', 'oldPassword');
 
-    const hash = await this.repo.getCurrentPasswordHash(session);
+    const hash = await this.repo.getCurrentPasswordHash();
 
     if (!(await this.crypto.verify(hash, oldPassword))) {
       throw new UnauthenticatedException('Invalid credentials');
     }
 
     const newPasswordHash = await this.crypto.hash(newPassword);
-    await this.repo.updatePassword(newPasswordHash, session);
+    await this.repo.updatePassword(newPasswordHash);
 
-    await this.repo.deactivateAllOtherSessions(session);
+    await this.repo.deactivateAllOtherSessions(this.sessionHost.current);
   }
 
   async forgotPassword(email: string): Promise<void> {
@@ -288,10 +290,7 @@ export class AuthenticationService {
     });
   }
 
-  async resetPassword(
-    { token, password }: ResetPasswordInput,
-    session: Session,
-  ): Promise<void> {
+  async resetPassword({ token, password }: ResetPasswordInput): Promise<void> {
     const emailToken = await this.repo.findEmailToken(token);
     if (!emailToken) {
       throw new InputException('Token is invalid', 'TokenInvalid');
@@ -306,7 +305,7 @@ export class AuthenticationService {
     await this.repo.updatePasswordViaEmailToken(emailToken, pash);
     await this.repo.deactivateAllOtherSessionsByEmail(
       emailToken.email,
-      session,
+      this.sessionHost.current,
     );
     await this.repo.removeAllEmailTokensForEmail(emailToken.email);
   }

src/components/authentication/extra-info.resolver.ts

@@ -17,7 +17,7 @@ function AuthExtraInfoResolver(concreteClass: AbstractClassType<any>) {
 
     @ResolveField(() => BetaFeatures)
     betaFeatures(@AnonSession() session: Session): BetaFeatures {
-      const privileges = this.privileges.for(session, BetaFeatures);
+      const privileges = this.privileges.for(BetaFeatures);
       const { props } = EnhancedResource.of(BetaFeatures);
       return mapValues.fromList([...props], (prop) =>
         privileges.can('edit', prop),

src/components/authentication/login.resolver.ts

@@ -30,11 +30,8 @@ export class LoginResolver {
     `,
   })
   @Anonymous()
-  async login(
-    @Args('input') input: LoginInput,
-    @AnonSession() session: Session,
-  ): Promise<LoginOutput> {
-    const user = await this.authentication.login(input, session);
+  async login(@Args('input') input: LoginInput): Promise<LoginOutput> {
+    const user = await this.authentication.login(input);
     await this.authentication.refreshCurrentSession();
     return { user };
   }
@@ -61,7 +58,7 @@ export class LoginResolver {
   }
 
   @ResolveField(() => [Power])
-  async powers(@AnonSession() session: Session): Promise<Power[]> {
-    return [...this.privileges.forUser(session).powers];
+  async powers(): Promise<Power[]> {
+    return [...this.privileges.powers];
   }
 }

src/components/authentication/password.resolver.ts

@@ -1,6 +1,5 @@
 import { Args, Mutation, Resolver } from '@nestjs/graphql';
 import { stripIndent } from 'common-tags';
-import { AnonSession, LoggedInSession, type Session } from '~/common';
 import { Anonymous } from './anonymous.decorator';
 import { AuthenticationService } from './authentication.service';
 import {
@@ -24,9 +23,8 @@ export class PasswordResolver {
   })
   async changePassword(
     @Args() { oldPassword, newPassword }: ChangePasswordArgs,
-    @LoggedInSession() session: Session,
   ): Promise<ChangePasswordOutput> {
-    await this.authentication.changePassword(oldPassword, newPassword, session);
+    await this.authentication.changePassword(oldPassword, newPassword);
     return { success: true };
   }
 
@@ -49,9 +47,8 @@ export class PasswordResolver {
   @Anonymous()
   async resetPassword(
     @Args('input') input: ResetPasswordInput,
-    @AnonSession() session: Session,
   ): Promise<ResetPasswordOutput> {
-    await this.authentication.resetPassword(input, session);
+    await this.authentication.resetPassword(input);
     return { success: true };
   }
 }

src/components/authentication/register.resolver.ts

@@ -6,7 +6,6 @@ import {
   Resolver,
 } from '@nestjs/graphql';
 import { stripIndent } from 'common-tags';
-import { AnonSession, type Session } from '~/common';
 import { Loader, type LoaderOf } from '~/core';
 import { Privileges } from '../authorization';
 import { Power } from '../authorization/dto';
@@ -30,12 +29,9 @@ export class RegisterResolver {
     `,
   })
   @Anonymous()
-  async register(
-    @Args('input') input: RegisterInput,
-    @AnonSession() session: Session,
-  ): Promise<RegisterOutput> {
-    const user = await this.authentication.register(input, session);
-    await this.authentication.login(input, session);
+  async register(@Args('input') input: RegisterInput): Promise<RegisterOutput> {
+    const user = await this.authentication.register(input);
+    await this.authentication.login(input);
     await this.authentication.refreshCurrentSession();
     return { user };
   }
@@ -51,7 +47,7 @@ export class RegisterResolver {
   }
 
   @ResolveField(() => [Power])
-  async powers(@AnonSession() session: Session): Promise<Power[]> {
-    return [...this.privileges.forUser(session).powers];
+  async powers(): Promise<Power[]> {
+    return [...this.privileges.powers];
   }
 }

src/components/authentication/session.resolver.ts

@@ -123,13 +123,13 @@ export class SessionResolver {
     // They should still be able to see their own props from this field.
     // Otherwise, it could be that the impersonatee can't see the impersonator's roles,
     // and now the UI can't stop impersonating because it doesn't know the impersonator's roles.
-    return await this.authentication.asUser(impersonator, (_) =>
-      this.users.readOne(impersonator.userId, _),
+    return await this.authentication.asUser(impersonator, () =>
+      this.users.readOne(impersonator.userId),
     );
   }
 
   @ResolveField(() => [Power], { nullable: true })
-  async powers(@Parent() output: SessionOutput): Promise<Power[]> {
-    return [...this.privileges.forUser(output.session).powers];
+  async powers(): Promise<Power[]> {
+    return [...this.privileges.powers];
   }
 }

src/components/authorization/authorization.resolver.ts

@@ -1,5 +1,4 @@
 import { Query, Resolver } from '@nestjs/graphql';
-import { AnonSession, type Session } from '~/common';
 import { Power } from './dto';
 import { Privileges } from './policy';
 
@@ -8,7 +7,7 @@ export class AuthorizationResolver {
   constructor(private readonly privileges: Privileges) {}
 
   @Query(() => [Power])
-  async powers(@AnonSession() session: Session): Promise<Power[]> {
-    return [...this.privileges.forUser(session).powers];
+  async powers(): Promise<Power[]> {
+    return [...this.privileges.powers];
   }
 }

src/components/authorization/policy/executor/edge-privileges.ts

@@ -30,16 +30,6 @@ export class EdgePrivileges<
     this.resource = EnhancedResource.of(resource);
   }
 
-  /** @deprecated */
-  get session() {
-    return this.policyExecutor.sessionHost.current;
-  }
-
-  /** @deprecated Use {@link forContext} instead */
-  forUser(_session: unknown, object?: ResourceObjectContext<TResourceStatic>) {
-    return object ? this.forContext(object) : this;
-  }
-
   get context() {
     return this.object;
   }