feat(login): add local users functionality (#591)

overseerr-api.yml

@@ -20,6 +20,9 @@ components:
         plexToken:
           type: string
           readOnly: true
+        userType:
+          type: integer
+          example: 1
         permissions:
           type: number
           example: 0
@@ -44,6 +47,7 @@ components:
             $ref: '#/components/schemas/MediaRequest'
       required:
         - id
+        - userType
         - email
         - permissions
         - createdAt
@@ -1969,6 +1973,34 @@ paths:
                   type: string
               required:
                 - authToken
+  /auth/local:
+    post:
+      summary: Login using a local account
+      description: Takes an `email` and a `password` to log the user in. Generates a session cookie for use in further requests.
+      security: []
+      tags:
+        - auth
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                email:
+                  type: string
+                password:
+                  type: string
+              required:
+                - email
+                - password
   /auth/logout:
     get:
       summary: Logout and clear session cookie

package.json

@@ -20,6 +20,7 @@
     "@svgr/webpack": "^5.5.0",
     "ace-builds": "^1.4.12",
     "axios": "^0.21.1",
+    "bcrypt": "^5.0.0",
     "body-parser": "^1.19.0",
     "bowser": "^2.11.0",
     "connect-typeorm": "^1.1.4",
@@ -29,6 +30,7 @@
     "express-openapi-validator": "^4.10.2",
     "express-session": "^1.17.1",
     "formik": "^2.2.6",
+    "gravatar-url": "^3.1.0",
     "intl": "^1.2.5",
     "lodash": "^4.17.20",
     "next": "10.0.3",
@@ -49,6 +51,7 @@
     "react-truncate-markup": "^5.0.1",
     "react-use-clipboard": "1.0.7",
     "reflect-metadata": "^0.1.13",
+    "secure-random-password": "^0.2.2",
     "sqlite3": "^5.0.0",
     "swagger-ui-express": "^4.1.6",
     "swr": "^0.3.11",
@@ -71,6 +74,7 @@
     "@tailwindcss/aspect-ratio": "^0.2.0",
     "@tailwindcss/forms": "^0.2.1",
     "@tailwindcss/typography": "^0.3.1",
+    "@types/bcrypt": "^3.0.0",
     "@types/body-parser": "^1.19.0",
     "@types/cookie-parser": "^1.4.2",
     "@types/email-templates": "^8.0.0",
@@ -84,6 +88,7 @@
     "@types/react-dom": "^17.0.0",
     "@types/react-toast-notifications": "^2.4.0",
     "@types/react-transition-group": "^4.4.0",
+    "@types/secure-random-password": "^0.2.0",
     "@types/swagger-ui-express": "^4.1.2",
     "@types/uuid": "^8.3.0",
     "@types/xml2js": "^0.4.7",

server/entity/User.ts

@@ -9,14 +9,20 @@ import {
 } from 'typeorm';
 import { Permission, hasPermission } from '../lib/permissions';
 import { MediaRequest } from './MediaRequest';
+import bcrypt from 'bcrypt';
+import path from 'path';
+import PreparedEmail from '../lib/email';
+import logger from '../logger';
+import { getSettings } from '../lib/settings';
+import { default as generatePassword } from 'secure-random-password';
 
 @Entity()
 export class User {
   public static filterMany(users: User[]): Partial<User>[] {
     return users.map((u) => u.filter());
   }
 
-  static readonly filteredFields: string[] = ['plexToken'];
+  static readonly filteredFields: string[] = ['plexToken', 'password'];
 
   @PrimaryGeneratedColumn()
   public id: number;
@@ -27,8 +33,14 @@ export class User {
   @Column()
   public username: string;
 
-  @Column({ select: false })
-  public plexId: number;
+  @Column({ nullable: true, select: false })
+  public password?: string;
+
+  @Column({ type: 'integer', default: 1 })
+  public userType = 1;
+
+  @Column({ nullable: true, select: false })
+  public plexId?: number;
 
   @Column({ nullable: true, select: false })
   public plexToken?: string;
@@ -69,4 +81,47 @@ export class User {
   public hasPermission(permissions: Permission | Permission[]): boolean {
     return !!hasPermission(permissions, this.permissions);
   }
+
+  public passwordMatch(password: string): Promise<boolean> {
+    return new Promise((resolve, reject) => {
+      if (this.password) {
+        resolve(bcrypt.compare(password, this.password));
+      } else {
+        return reject(false);
+      }
+    });
+  }
+
+  public async setPassword(password: string): Promise<void> {
+    const hashedPassword = await bcrypt.hash(password, 12);
+    this.password = hashedPassword;
+  }
+
+  public async resetPassword(): Promise<void> {
+    const password = generatePassword.randomPassword({ length: 16 });
+    this.setPassword(password);
+
+    const applicationUrl = getSettings().main.applicationUrl;
+    try {
+      logger.info(`Sending password email for ${this.email}`, {
+        label: 'User creation',
+      });
+      const email = new PreparedEmail();
+      await email.send({
+        template: path.join(__dirname, '../templates/email/password'),
+        message: {
+          to: this.email,
+        },
+        locals: {
+          password: password,
+          applicationUrl,
+        },
+      });
+    } catch (e) {
+      logger.error('Failed to send out password email', {
+        label: 'User creation',
+        message: e.message,
+      });
+    }
+  }
 }

server/lib/email/index.ts

@@ -0,0 +1,38 @@
+import nodemailer from 'nodemailer';
+import Email from 'email-templates';
+import { getSettings } from '../settings';
+class PreparedEmail extends Email {
+  public constructor() {
+    const settings = getSettings().notifications.agents.email;
+
+    const transport = nodemailer.createTransport({
+      host: settings.options.smtpHost,
+      port: settings.options.smtpPort,
+      secure: settings.options.secure,
+      tls: settings.options.allowSelfSigned
+        ? {
+            rejectUnauthorized: false,
+          }
+        : undefined,
+      auth:
+        settings.options.authUser && settings.options.authPass
+          ? {
+              user: settings.options.authUser,
+              pass: settings.options.authPass,
+            }
+          : undefined,
+    });
+    super({
+      message: {
+        from: {
+          name: settings.options.senderName,
+          address: settings.options.emailFrom,
+        },
+      },
+      send: true,
+      transport: transport,
+    });
+  }
+}
+
+export default PreparedEmail;

server/lib/notifications/agents/email.ts

@@ -2,12 +2,11 @@ import { BaseAgent, NotificationAgent, NotificationPayload } from './agent';
 import { hasNotificationType, Notification } from '..';
 import path from 'path';
 import { getSettings, NotificationAgentEmail } from '../../settings';
-import nodemailer from 'nodemailer';
-import Email from 'email-templates';
 import logger from '../../../logger';
 import { getRepository } from 'typeorm';
 import { User } from '../../../entity/User';
 import { Permission } from '../../permissions';
+import PreparedEmail from '../../email';
 
 class EmailAgent
   extends BaseAgent<NotificationAgentEmail>
@@ -35,42 +34,6 @@ class EmailAgent
     return false;
   }
 
-  private getSmtpTransport() {
-    const emailSettings = this.getSettings().options;
-
-    return nodemailer.createTransport({
-      host: emailSettings.smtpHost,
-      port: emailSettings.smtpPort,
-      secure: emailSettings.secure,
-      tls: emailSettings.allowSelfSigned
-        ? {
-            rejectUnauthorized: false,
-          }
-        : undefined,
-      auth:
-        emailSettings.authUser && emailSettings.authPass
-          ? {
-              user: emailSettings.authUser,
-              pass: emailSettings.authPass,
-            }
-          : undefined,
-    });
-  }
-
-  private getNewEmail() {
-    const settings = this.getSettings();
-    return new Email({
-      message: {
-        from: {
-          name: settings.options.senderName,
-          address: settings.options.emailFrom,
-        },
-      },
-      send: true,
-      transport: this.getSmtpTransport(),
-    });
-  }
-
   private async sendMediaRequestEmail(payload: NotificationPayload) {
     // This is getting main settings for the whole app
     const applicationUrl = getSettings().main.applicationUrl;
@@ -82,7 +45,7 @@ class EmailAgent
       users
         .filter((user) => user.hasPermission(Permission.MANAGE_REQUESTS))
         .forEach((user) => {
-          const email = this.getNewEmail();
+          const email = new PreparedEmail();
 
           email.send({
             template: path.join(
@@ -127,7 +90,7 @@ class EmailAgent
       users
         .filter((user) => user.hasPermission(Permission.MANAGE_REQUESTS))
         .forEach((user) => {
-          const email = this.getNewEmail();
+          const email = new PreparedEmail();
 
           email.send({
             template: path.join(
@@ -166,7 +129,7 @@ class EmailAgent
     // This is getting main settings for the whole app
     const applicationUrl = getSettings().main.applicationUrl;
     try {
-      const email = this.getNewEmail();
+      const email = new PreparedEmail();
 
       await email.send({
         template: path.join(
@@ -203,7 +166,7 @@ class EmailAgent
     // This is getting main settings for the whole app
     const applicationUrl = getSettings().main.applicationUrl;
     try {
-      const email = this.getNewEmail();
+      const email = new PreparedEmail();
 
       await email.send({
         template: path.join(
@@ -240,7 +203,7 @@ class EmailAgent
     // This is getting main settings for the whole app
     const applicationUrl = getSettings().main.applicationUrl;
     try {
-      const email = this.getNewEmail();
+      const email = new PreparedEmail();
 
       await email.send({
         template: path.join(__dirname, '../../../templates/email/test-email'),

server/migration/1610070934506-LocalUsers.ts

@@ -0,0 +1,43 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class LocalUsers1610070934506 implements MigrationInterface {
+  name = 'LocalUsers1610070934506';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `CREATE TABLE "temporary_user" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "email" varchar NOT NULL, "username" varchar NOT NULL, "plexId" integer NOT NULL, "plexToken" varchar, "permissions" integer NOT NULL DEFAULT (0), "avatar" varchar NOT NULL, "createdAt" datetime NOT NULL DEFAULT (datetime('now')), "updatedAt" datetime NOT NULL DEFAULT (datetime('now')), "password" varchar, "userType" integer NOT NULL DEFAULT (1), CONSTRAINT "UQ_e12875dfb3b1d92d7d7c5377e22" UNIQUE ("email"))`
+    );
+    await queryRunner.query(
+      `INSERT INTO "temporary_user"("id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt") SELECT "id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt" FROM "user"`
+    );
+    await queryRunner.query(`DROP TABLE "user"`);
+    await queryRunner.query(`ALTER TABLE "temporary_user" RENAME TO "user"`);
+    await queryRunner.query(
+      `CREATE TABLE "temporary_user" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "email" varchar NOT NULL, "username" varchar NOT NULL, "plexId" integer, "plexToken" varchar, "permissions" integer NOT NULL DEFAULT (0), "avatar" varchar NOT NULL, "createdAt" datetime NOT NULL DEFAULT (datetime('now')), "updatedAt" datetime NOT NULL DEFAULT (datetime('now')), "password" varchar, "userType" integer NOT NULL DEFAULT (1), CONSTRAINT "UQ_e12875dfb3b1d92d7d7c5377e22" UNIQUE ("email"))`
+    );
+    await queryRunner.query(
+      `INSERT INTO "temporary_user"("id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt", "password", "userType") SELECT "id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt", "password", "userType" FROM "user"`
+    );
+    await queryRunner.query(`DROP TABLE "user"`);
+    await queryRunner.query(`ALTER TABLE "temporary_user" RENAME TO "user"`);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`ALTER TABLE "user" RENAME TO "temporary_user"`);
+    await queryRunner.query(
+      `CREATE TABLE "user" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "email" varchar NOT NULL, "username" varchar NOT NULL, "plexId" integer NOT NULL, "plexToken" varchar, "permissions" integer NOT NULL DEFAULT (0), "avatar" varchar NOT NULL, "createdAt" datetime NOT NULL DEFAULT (datetime('now')), "updatedAt" datetime NOT NULL DEFAULT (datetime('now')), "password" varchar, "userType" integer NOT NULL DEFAULT (1), CONSTRAINT "UQ_e12875dfb3b1d92d7d7c5377e22" UNIQUE ("email"))`
+    );
+    await queryRunner.query(
+      `INSERT INTO "user"("id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt", "password", "userType") SELECT "id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt", "password", "userType" FROM "temporary_user"`
+    );
+    await queryRunner.query(`DROP TABLE "temporary_user"`);
+    await queryRunner.query(`ALTER TABLE "user" RENAME TO "temporary_user"`);
+    await queryRunner.query(
+      `CREATE TABLE "user" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "email" varchar NOT NULL, "username" varchar NOT NULL, "plexId" integer NOT NULL, "plexToken" varchar, "permissions" integer NOT NULL DEFAULT (0), "avatar" varchar NOT NULL, "createdAt" datetime NOT NULL DEFAULT (datetime('now')), "updatedAt" datetime NOT NULL DEFAULT (datetime('now')), CONSTRAINT "UQ_e12875dfb3b1d92d7d7c5377e22" UNIQUE ("email"))`
+    );
+    await queryRunner.query(
+      `INSERT INTO "user"("id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt") SELECT "id", "email", "username", "plexId", "plexToken", "permissions", "avatar", "createdAt", "updatedAt" FROM "temporary_user"`
+    );
+    await queryRunner.query(`DROP TABLE "temporary_user"`);
+  }
+}