fix hosted app, register by email (#196)

* fix hosted app, register by email * update mailgun configuration * update payment method when update card * fix * fix * fix * change free plan settings * fix forgot password * fix forgot password * fix * fix
jambonz · Jul 31, 2023 · 3121c2a · 3121c2a
1 parent b7bdf30
commit 3121c2a
Show file tree

Hide file tree

Showing 8 changed files with 83 additions and 289 deletions.
diff --git a/lib/models/account.js b/lib/models/account.js
@@ -34,7 +34,7 @@ AND effective_end_date IS NULL
 AND pending=0`;
 
 const updatePaymentInfoSql = `UPDATE account_subscriptions 
-SET last4 = ?, exp_month = ?, exp_year = ?, card_type = ? 
+SET last4 = ?, stripe_payment_method_id=?, exp_month = ?, exp_year = ?, card_type = ? 
 WHERE account_sid = ? 
 AND effective_end_date IS NULL`;
 
@@ -206,10 +206,10 @@ class Account extends Model {
   }
 
   static async updatePaymentInfo(logger, account_sid, pm) {
-    const {card} = pm;
+    const {id, card} = pm;
     const last4_encrypted = encrypt(card.last4);
     await promisePool.execute(updatePaymentInfoSql,
-      [last4_encrypted, card.exp_month, card.exp_year, card.brand, account_sid]);
+      [last4_encrypted, id, card.exp_month, card.exp_year, card.brand, account_sid]);
   }
 
   static async provisionPendingSubscription(logger, account_sid, products, payment_method, subscription_id) {

diff --git a/lib/routes/api/forgot-password.js b/lib/routes/api/forgot-password.js
@@ -6,6 +6,7 @@ const {validateEmail, emailSimpleText} = require('../../utils/email-utils');
 const {promisePool} = require('../../db');
 const {cacheClient} = require('../../helpers');
 const sysError = require('../error');
+const { assert } = require('@jambonz/lamejs/src/js/common');
 const sql = `SELECT * from users user 
 LEFT JOIN accounts AS acc 
 ON acc.account_sid = user.account_sid 
@@ -26,7 +27,8 @@ function createOauthEmailText(provider) {
 }
 
 function createResetEmailText(link) {
-  const baseUrl = 'http://localhost:3001';
+  assert(process.env.JAMBONZ_BASE_URL, 'process.env.JAMBONZ_BASE_URL is missing');
+  const baseUrl = process.env.JAMBONZ_BASE_URL;
 
   return `Hi there!
 

diff --git a/lib/routes/api/register.js b/lib/routes/api/register.js
@@ -16,8 +16,9 @@ const insertUserSql = `INSERT into users
 (user_sid, account_sid, name, email, provider, provider_userid, email_validated) 
 values (?, ?, ?, ?, ?, ?, 1)`;
 const insertUserLocalSql = `INSERT into users 
-(user_sid, account_sid, name, email, email_activation_code, email_validated, provider, hashed_password) 
-values (?, ?, ?, ?, ?, 0, 'local', ?)`;
+(user_sid, account_sid, name, email, email_activation_code, email_validated, provider,
+hashed_password, service_provider_sid) 
+values (?, ?, ?, ?, ?, 0, 'local', ?, ?)`;
 const insertAccountSql = `INSERT into accounts 
 (account_sid, service_provider_sid, name, is_active, webhook_secret, trial_end_date) 
 values (?, ?, ?, ?, ?, CURDATE() + INTERVAL 21 DAY)`;
@@ -36,15 +37,16 @@ const insertSignupHistorySql = `INSERT into signup_history
 values (?, ?)`;
 
 const addLocalUser = async(logger, user_sid, account_sid,
-  name, email, email_activation_code, passwordHash) => {
+  name, email, email_activation_code, passwordHash, service_provider_sid) => {
   const [r] = await promisePool.execute(insertUserLocalSql,
     [
       user_sid,
       account_sid,
       name,
       email,
       email_activation_code,
-      passwordHash
+      passwordHash,
+      service_provider_sid
     ]);
   debug({r}, 'Result from adding user');
 };
@@ -145,7 +147,7 @@ router.post('/', async(req, res) => {
       const user = await doGithubAuth(logger, req.body);
       logger.info({user}, 'retrieved user details from github');
       Object.assign(userProfile, {
-        name: user.name,
+        name: user.email,
         email: user.email,
         email_validated: user.email_validated,
         avatar_url: user.avatar_url,
@@ -157,7 +159,7 @@ router.post('/', async(req, res) => {
       const user = await doGoogleAuth(logger, req.body);
       logger.info({user}, 'retrieved user details from google');
       Object.assign(userProfile, {
-        name: user.name || user.email,
+        name: user.email || user.email,
         email: user.email,
         email_validated: user.verified_email,
         picture: user.picture,
@@ -170,7 +172,7 @@ router.post('/', async(req, res) => {
       logger.info({user}, 'retrieved user details for local provider');
       debug({user}, 'retrieved user details for local provider');
       Object.assign(userProfile, {
-        name: user.name,
+        name: user.email,
         email: user.email,
         provider: 'local',
         email_activation_code: user.email_activation_code
@@ -280,7 +282,8 @@ router.post('/', async(req, res) => {
         const passwordHash = await generateHashedPassword(req.body.password);
         debug(`hashed password: ${passwordHash}`);
         await addLocalUser(logger, userProfile.user_sid, userProfile.account_sid,
-          userProfile.name, userProfile.email, userProfile.email_activation_code, passwordHash);
+          userProfile.name, userProfile.email, userProfile.email_activation_code,
+          passwordHash, req.body.service_provider_sid);
         debug('added local user');
       }
       else {
@@ -327,7 +330,7 @@ router.post('/', async(req, res) => {
 
         await addLocalUser(logger, userProfile.user_sid, userProfile.account_sid,
           userProfile.name, userProfile.email, userProfile.email_activation_code,
-          passwordHash);
+          passwordHash, req.body.service_provider_sid);
 
         /* note: we deactivate the old user once the new email is validated */
       }
@@ -349,6 +352,8 @@ router.post('/', async(req, res) => {
     const token = jwt.sign({
       user_sid: userProfile.user_sid,
       account_sid: userProfile.account_sid,
+      service_provider_sid: req.body.service_provider_sid,
+      scope: 'account',
       email: userProfile.email,
       name: userProfile.name
     }, process.env.JWT_SECRET, { expiresIn });

diff --git a/lib/routes/api/users.js b/lib/routes/api/users.js
@@ -338,8 +338,8 @@ router.put('/:user_sid', async(req, res) => {
   //if (req.user.user_sid && req.user.user_sid !== user_sid) return res.sendStatus(403);
 
   if (!hasAdminAuth &&
-  !(hasAccountAuth && req.user.account_sid === user[0].account_sid) &&
-  !(hasServiceProviderAuth && req.user.service_provider_sid === user[0].service_provider_sid) &&
+  !(hasAccountAuth && user[0] && req.user.account_sid === user[0].account_sid) &&
+  !(hasServiceProviderAuth && user[0] && req.user.service_provider_sid === user[0].service_provider_sid) &&
   (req.user.user_sid && req.user.user_sid !== user_sid)) {
     return res.sendStatus(403);
   }

diff --git a/lib/utils/email-utils.js b/lib/utils/email-utils.js
@@ -47,12 +47,14 @@ const sendEmailByCustomVendor = async(logger, from, to, subject, text) => {
 };
 
 const sendEmailByMailgun = async(logger, from, to, subject, text) => {
+  if (!process.env.MAILGUN_API_KEY) throw new Error('MAILGUN_API_KEY env variable is not defined!');
+  if (!process.env.MAILGUN_DOMAIN) throw new Error('MAILGUN_DOMAIN env variable is not defined!');
+
   const mg = mailgun.client({
     username: 'api',
-    key: process.env.MAILGUN_API_KEY
+    key: process.env.MAILGUN_API_KEY,
+    ...(process.env.MAILGUN_URL && {url: process.env.MAILGUN_URL})
   });
-  if (!process.env.MAILGUN_API_KEY) throw new Error('MAILGUN_API_KEY env variable is not defined!');
-  if (!process.env.MAILGUN_DOMAIN) throw new Error('MAILGUN_DOMAIN env variable is not defined!');
 
   try {
     const res = await mg.messages.create(process.env.MAILGUN_DOMAIN, {

diff --git a/lib/utils/free_plans.json b/lib/utils/free_plans.json
@@ -2,7 +2,7 @@
   "trial": [
     {
       "category": "voice_call_session",
-      "quantity": 20
+      "quantity": 5
     },
     {
       "category": "device",