invite user functionality, strip indents from reset emails. closes #85

client/models/user.js

@@ -1,5 +1,6 @@
 const series = require('run-series')
 const http = require('choo/http')
+const shortid = require('shortid')
 
 module.exports = (db, initialState) => ({
   namespace: 'user',
@@ -17,8 +18,8 @@ module.exports = (db, initialState) => ({
   },
   effects: {
     login: (data, state, send, done) => {
-      const { username, password } = data
-      db.login(username, password, (err, body) => {
+      const { email, password } = data
+      db.login(email, password, (err, body) => {
         if (err) return done(new Error('Login error'))
         window.location.href = '/' // force refresh to call subscriptions again
       })
@@ -36,7 +37,7 @@ module.exports = (db, initialState) => ({
     changePassword: (data, state, send, done) => {
       db.changePassword(state.name, data.password, (err, body) => {
         if (err) return done(new Error('Error changing password'))
-        const loginData = { username: state.name, password: data.password }
+        const loginData = { email: state.name, password: data.password }
         send('user:login', loginData, done)
       })
     },
@@ -46,7 +47,7 @@ module.exports = (db, initialState) => ({
         json: data
       }, (err, response, body) => {
         if (err || response.statusCode !== 200) return done(new Error('Error initializing password reset'))
-        send('ui:set', {resetPasswordInitSubmitted: true}, done)
+        send('ui:set', { resetPasswordInitSubmitted: true }, done)
       })
     },
     resetPasswordConfirm: (data, state, send, done) => {
@@ -55,8 +56,28 @@ module.exports = (db, initialState) => ({
         json: data
       }, (err, response, body) => {
         if (err || response.statusCode !== 200) return done(new Error('Error confirming password reset'))
-        send('ui:set', {resetPasswordConfirmSubmitted: true}, done)
+        send('ui:set', { resetPasswordConfirmSubmitted: true }, done)
       })
+    },
+    invite: (data, state, send, done) => {
+      const email = data.email
+      const password = randomPassword()
+      series([
+        (cb) => send('user:register', { email, password }, cb),
+        (cb) => send('user:resetPasswordInit', { email }, cb)
+      ], (err) => {
+        if (err) return done(new Error('Error inviting user'))
+        send('ui:set', { inviteSubmitted: true }, done)
+      })
+    },
+    register: (data, state, send, done) => {
+      const { email, password } = data
+      const userData = { metadata: { roles: ['agent'] } }
+      db.signup(email, password, userData, done)
     }
   }
 })
+
+function randomPassword () {
+  return shortid.generate() + shortid.generate()
+}

client/util.js

@@ -4,6 +4,10 @@ exports.hasAgentAccess = function hasAgentAccess (userCtx) {
   return userCtx.roles.some((role) => VALID_ROLES.indexOf(role) !== -1)
 }
 
+exports.hasAdminAccess = function hasAdminAccess (userCtx) {
+  return userCtx.roles.indexOf('_admin') !== -1
+}
+
 exports.formatPhone = function formatPhone (phone) {
   return `(${phone.substring(2, 5)}) ${phone.substring(5, 8)}-${phone.substring(8)}`
 }

client/views/account.js

@@ -2,6 +2,8 @@ const html = require('choo/html')
 const getFormData = require('get-form-data')
 const css = require('sheetify')
 
+const { hasAdminAccess } = require('../util')
+
 const prefix = css`
   :host {
     height: 100%;
@@ -40,6 +42,26 @@ module.exports = (state, prev, send) => {
 
         <button type="submit" class="pure-button pure-button-primary">Change Password</button>
       </form>
+
+      ${hasAdminAccess(state.user)
+        ? html`
+          <div>
+            <h2>Invite new user</h2>
+            <form class="pure-form pure-form-stacked" onsubmit=${onInvite}>
+              <label>
+                Email
+                <input type="text" name="email">
+              </label>
+
+              <button type="submit" class="pure-button pure-button-primary">Invite</button>
+
+              ${state.ui.inviteSubmitted
+                ? html`<div class="alert">An email has been sent to the address you entered with futher instructions.</div>`
+                : ''}
+            </form>
+          </div>`
+        : ''}
+
     </section>`
 
   function onChangePassword (e) {
@@ -52,6 +74,16 @@ module.exports = (state, prev, send) => {
     e.preventDefault()
   }
 
+  function onInvite (e) {
+    const input = e.target.querySelector('[name=email]')
+    const email = input.value
+    if (email) {
+      send('user:invite', { email })
+      input.value = ''
+    }
+    e.preventDefault()
+  }
+
   function onClickLogout (e) {
     send('user:logout')
     e.preventDefault()

client/views/login.js

@@ -17,7 +17,7 @@ module.exports = (state, prev, send) => {
       <form class="pure-form pure-form-stacked" onsubmit=${onSubmit}>
         <label>
           Email
-          <input type="text" name="username">
+          <input type="text" name="email">
         </label>
 
         <label>

package.json

@@ -26,6 +26,7 @@
     "browserify": "^13.1.0",
     "choo": "^3.2.0",
     "choo-log": "^1.4.0",
+    "common-tags": "^1.3.1",
     "couchdb-bootstrap": "^1.14.0",
     "dotenv": "^2.0.0",
     "envify": "^3.4.1",

server/reset-password.js

@@ -1,6 +1,7 @@
 const uuid = require('node-uuid')
 const extend = require('xtend')
 const path = require('path')
+const { stripIndent } = require('common-tags')
 
 const BASE_URL = process.env.BASE_URL
 const FROM_EMAIL = process.env.FROM_EMAIL
@@ -106,7 +107,7 @@ function isExpired (timestamp) {
 }
 
 function resetEmailTemplate (token) {
-  return `
+  return stripIndent`
     Hello,
 
     Follow this link to reset your enviar password for your enviar account.
@@ -122,7 +123,7 @@ function resetEmailTemplate (token) {
 }
 
 function notFoundTemplate () {
-  return `
+  return stripIndent`
     You (or someone else) entered this email address when trying to change the password of an enviar account.
 
     However, this email address is not in our database of registered users and therefore the attempted password change has failed.