feat: add email to users (#64)

* feat: add email to users

* fix tests due to merge

Author: EnzoDOROSARIO

migrations/001.do.users.sql

@@ -1,5 +1,6 @@
 CREATE TABLE users (
   id INT AUTO_INCREMENT PRIMARY KEY,
+  email VARCHAR(255) UNIQUE NOT NULL,
   username VARCHAR(255) NOT NULL,
   password VARCHAR(255) NOT NULL,
   created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,

scripts/seed-database.ts

@@ -47,25 +47,29 @@ async function truncateTables (connection: Connection) {
 }
 
 async function seedUsers (connection: Connection) {
-  const usernames = ['basic', 'moderator', 'admin']
+  const users = [
+    { username: 'basic', email: '[email protected]' },
+    { username: 'moderator', email: '[email protected]' },
+    { username: 'admin', email: '[email protected]' }
+  ]
   const hash = await scryptHash('Password123$')
 
   // The goal here is to create a role hierarchy
   // E.g. an admin should have all the roles
   const rolesAccumulator: number[] = []
 
-  for (const username of usernames) {
+  for (const user of users) {
     const [userResult] = await connection.execute(`
-      INSERT INTO users (username, password)
-      VALUES (?, ?)
-    `, [username, hash])
+      INSERT INTO users (username, email, password)
+      VALUES (?, ?, ?)
+    `, [user.username, user.email, hash])
 
     const userId = (userResult as { insertId: number }).insertId
 
     const [roleResult] = await connection.execute(`
       INSERT INTO roles (name)
       VALUES (?)
-    `, [username])
+    `, [user.username])
 
     const newRoleId = (roleResult as { insertId: number }).insertId
 

src/routes/api/auth/index.ts

@@ -23,12 +23,12 @@ const plugin: FastifyPluginAsyncTypebox = async (fastify) => {
       }
     },
     async function (request, reply) {
-      const { username, password } = request.body
+      const { email, password } = request.body
 
       return fastify.knex.transaction(async (trx) => {
         const user = await trx<Auth>('users')
-          .select('id', 'username', 'password')
-          .where({ username })
+          .select('id', 'username', 'email', 'password')
+          .where({ email })
           .first()
 
         if (user) {
@@ -41,11 +41,12 @@ const plugin: FastifyPluginAsyncTypebox = async (fastify) => {
               .select('roles.name')
               .join('user_roles', 'roles.id', '=', 'user_roles.role_id')
               .join('users', 'user_roles.user_id', '=', 'users.id')
-              .where('users.username', username)
+              .where('users.email', user.email)
 
             request.session.user = {
               id: user.id,
-              username,
+              email: user.email,
+              username: user.username,
               roles: roles.map((role) => role.name)
             }
 
@@ -57,7 +58,7 @@ const plugin: FastifyPluginAsyncTypebox = async (fastify) => {
 
         reply.status(401)
 
-        return { message: 'Invalid username or password.' }
+        return { message: 'Invalid email or password.' }
       }).catch(() => {
         reply.internalServerError('Transaction failed.')
       })

src/schemas/auth.ts

@@ -1,14 +1,16 @@
 import { Static, Type } from '@sinclair/typebox'
-import { StringSchema } from './common.js'
+import { EmailSchema, StringSchema } from './common.js'
 
 export const CredentialsSchema = Type.Object({
-  username: StringSchema,
+  email: EmailSchema,
   password: StringSchema
 })
 
 export interface Credentials extends Static<typeof CredentialsSchema> {}
 
-export interface Auth extends Omit<Credentials, 'password'> {
+export interface Auth {
   id: number;
+  username: string;
+  email: string,
   roles: string[]
 }

src/schemas/common.ts

@@ -5,6 +5,12 @@ export const StringSchema = Type.String({
   maxLength: 255
 })
 
+export const EmailSchema = Type.String({
+  format: 'email',
+  minLength: 1,
+  maxLength: 255
+})
+
 export const DateTimeSchema = Type.String({ format: 'date-time' })
 
 export const IdSchema = Type.Integer({ minimum: 1 })

src/schemas/users.ts

@@ -5,7 +5,6 @@ const passwordPattern = '^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]
 const PasswordSchema = Type.String({
   pattern: passwordPattern,
   minLength: 8
-
 })
 
 export const UpdateCredentialsSchema = Type.Object({

test/helper.ts

@@ -28,12 +28,12 @@ export function expectValidationError (res: LightMyRequestResponse, expectedMess
   assert.strictEqual(message, expectedMessage)
 }
 
-async function login (this: FastifyInstance, username: string) {
+async function login (this: FastifyInstance, email: string) {
   const res = await this.inject({
     method: 'POST',
     url: '/api/auth/login',
     payload: {
-      username,
+      email,
       password: 'Password123$'
     }
   })
@@ -51,10 +51,10 @@ async function login (this: FastifyInstance, username: string) {
 
 async function injectWithLogin (
   this: FastifyInstance,
-  username: string,
+  email: string,
   opts: InjectOptions
 ) {
-  const cookieValue = await this.login(username)
+  const cookieValue = await this.login(email)
 
   opts.cookies = {
     ...opts.cookies,

test/routes/api/api.test.ts

@@ -17,7 +17,7 @@ test('GET /api with no login', async (t) => {
 test('GET /api with cookie', async (t) => {
   const app = await build(t)
 
-  const res = await app.injectWithLogin('basic', {
+  const res = await app.injectWithLogin('basic@example.com', {
     url: '/api'
   })
 

test/routes/api/auth/auth.test.ts

@@ -18,7 +18,7 @@ describe('Auth api', () => {
         method: 'POST',
         url: '/api/auth/login',
         payload: {
-          username: 'basic',
+          email: 'basic@example.com',
           password: 'Password123$'
         }
       })
@@ -37,19 +37,19 @@ describe('Auth api', () => {
       const app = await build(t)
 
       const invalidPayload = {
-        username: '',
+        email: '',
         password: 'Password123$'
       }
 
-      const res = await app.injectWithLogin('basic', {
+      const res = await app.injectWithLogin('basic@example.com', {
         method: 'POST',
         url: '/api/auth/login',
         payload: invalidPayload
       })
 
       expectValidationError(
         res,
-        'body/username must NOT have fewer than 1 characters'
+        'body/email must NOT have fewer than 1 characters'
       )
     })
 
@@ -60,7 +60,7 @@ describe('Auth api', () => {
         method: 'POST',
         url: '/api/auth/login',
         payload: {
-          username: 'basic',
+          email: 'basic@example.com',
           password: 'Password123$'
         }
       })
@@ -76,17 +76,17 @@ describe('Auth api', () => {
 
       const testCases = [
         {
-          username: 'invalid_user',
+          email: '[email protected]',
           password: 'password',
-          description: 'invalid username'
+          description: 'invalid email'
         },
         {
-          username: 'basic',
+          email: 'basic@example.com',
           password: 'wrong_password',
           description: 'invalid password'
         },
         {
-          username: 'invalid_user',
+          email: '[email protected]',
           password: 'wrong_password',
           description: 'both invalid'
         }
@@ -97,7 +97,7 @@ describe('Auth api', () => {
           method: 'POST',
           url: '/api/auth/login',
           payload: {
-            username: testCase.username,
+            email: testCase.email,
             password: testCase.password
           }
         })
@@ -109,7 +109,7 @@ describe('Auth api', () => {
         )
 
         assert.deepStrictEqual(JSON.parse(res.payload), {
-          message: 'Invalid username or password.'
+          message: 'Invalid email or password.'
         })
       }
     })