rework login complete

backend/db/migrations/20220901171733_user_authentication.js

         table.string('user_email', 90).primary().unique()
         table.date('created_at').notNullable()
         // table.char('token').notNullable()
-        table.binary('token').notNullable()
+        table.binary('token')
     })
 }
 

backend/lib/models/authentication.js

 const Schwifty = require('@hapipal/schwifty')
 const Joi = require('joi')
+const { userAuth } = require('../schemas/authentication')
 
 module.exports = class Auth extends Schwifty.Model {
     static get tableName() {
         return 'authentication'
     }
     static get joiSchema() {
-        return Joi.object({
-            user_email: Joi.string().required(),
-            created_at: Joi.date().required(),
-            token: Joi.binary()
-        })
+        return userAuth
     }
 }

backend/lib/routes/user/login.js

 const validators = {
     post: {
         payload: Joi.object({
-            user: userSchema.single,
-            error: errorSchema.single,
-        })
-            .append()
-            .label('login_payload'),
+            user_email: Joi.string(),
+            password: Joi.string(),
+        }),
+        
     },
     user: userSchema.single,
+    error: errorSchema.single,
 }
 
 module.exports = {
         auth: false,
         handler: async function (request, h) {
             try {
-                const { userService, displayService } = request.services()
+                const { userService } = request.services()
 
                 const res = request.payload
 
                 const login = async txn => {
                     return await userService.login(
                         {
-                            email: res.user.email,
-                            password: res.user.password,
+                            email: res.user_email,
+                            password: res.password,
                         },
                         txn,
                     )
                 return {
                     ok: true,
                     handler: pluginConfig.handlerType,
-                    data: displayService.user(user, token),
+                    data: { user_email: user.user_email, jwtToken: token },
                 }
             } catch (err) {
                 console.error(err)
         },
         validate: validators.post,
         response: {
-            schema: Joi.object({
-                ok: Joi.bool(),
-                handler: Joi.string(),
-                data: validators.user,
-            }).label('login_res'),
-            failAction: 'log',
+            status: {
+                201: Joi.object({
+                    ok: Joi.bool(),
+                    handler: Joi.string(),
+                    data: Joi.object({
+                        user_email: Joi.string(),
+                        jwtToken: Joi.string(),
+                    }),
+                }).label('login_res'),
+                409: Joi.object({
+                    ok: Joi.bool(),
+                    handler: Joi.string(),
+                    data: validators.error,
+                }).label('login_error'),
+            },
         },
     },
 }

backend/lib/routes/user/signup.js

         is_poster: Joi.number(),
         is_admin: Joi.number(),
         is_verified: Joi.number(),
-        user_pass: Joi.string()
     }).label('created_user'),
     error: errorSchema.single,
 }
                         is_admin: 0,
                         is_verified: 0,
                     },
+                    created_at: Date.now()
                 })
                 return h
                     .response({

backend/lib/schemas/authentication.js

 const userAuth = Joi.object({
     user_email: Joi.string(),
     created_at: Joi.date(),
-    token: Joi.binary()
+    token: Joi.binary().allow(null)
 }).label('user_auth')
 
 module.exports = {

backend/lib/services/user.js

      * @param {*} txn
      * @returns
      */
-    async signup({ password, userInfo }, txn) {
+    async signup({ password, userInfo, created_at }, txn) {
         const { User, Auth } = this.server.models()
         const matchingEmails = await User.query().where(
             'user_email',
         if (matchingEmails.length > 0) {
             throw `User ${userInfo.user_email} already exists: Cannot create a user without a unique email`
         }
-        // const todayTest = new Date.now()
-        console.log("password passed to .signup()", password)
-        console.log("steak", steak)
-        console.log("user_email", userInfo.user_email)
-
-        const { email } = await Auth.query(txn).insert({
-            user_email: userInfo.user_email,
-            created_at: new Date.now(),
-            token: this.changePassword(
-                userInfo.user_email,
-                password,
-                txn,
-            ),
+        // Insert User Info to User table
+        const insertUser = await User.query().insert(userInfo)
+        // insert a row with blank password to be updated by changePassword()
+        await Auth.query().insert({
+            user_email: insertUser.user_email,
+            created_at: created_at,
+            token: null,
         })
-
-        return userInfo.user_email
-        console.log("signup return finished")
-        // Library: Secure-Password
-        // console.log('data type of create_at', )
-        // add pepper to pw and convert to buffer to prep for hash bytes
-        // const steak = Buffer.from(password + pepper, 'utf-8')
-        // console.log("steak", steak)
-        // send peppered pw to (argon algorithm) library for salted hash
-        // hashed is actually for logging in
-        // const hashed = await hasher(this.pwd, steak)
-        // console.log("hashed", hashed)
-        // console.log ("user_email", userInfo.user_email)
-        // const newAuth = await Auth.query(txn).insert({
-        //     user_email: userInfo.user_email,
-        //     created_at: new Date.now(),
-        //     token: steak,
-        // })
-        // console.log("newAuth", newAuth)
-        // return newAuth
-
-        // const user = await User.query(txn).insert(userInfo)
-        // user.user_id = user.id
-        // delete user.id
-        // await this.changePassword(id, password, txn)
-        // return user
+        // update null token with hashed password
+        await this.changePassword(insertUser.user_email, password, txn)
+        return {
+            user_id: insertUser.id,
+            user_name: insertUser.user_name,
+            user_email: insertUser.user_email,
+            is_poster: insertUser.is_poster,
+            is_admin: insertUser.is_admin,
+            is_verified: insertUser.is_verified,
+        }
     }
 
     /**
      * @returns
      */
     async login({ email, password }, txn) {
-        const { User } = this.server.models()
+        const { User, Auth } = this.server.models()
 
-        const user = await User.query(txn)
+        
+        
+        const user = await Auth.query(txn)
             .throwIfNotFound()
             .first()
             .where({ user_email: email })
 
+        const bufferPepper = Buffer.from(process.env.PEPPER + password)
+
         /** Uncomment to run password check using SecurePassword */
-        // const passwordCheck = await this.pwd.verify(Buffer.from(password), user.password)
-        // if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {
-        //     await this.changePassword(user.id, password, txn)
-        // }
-        // else if (passwordCheck !== SecurePassword.VALID) {
-        //     throw User.createNotFoundError()
-        // }
+        const passwordCheck = await this.pwd.verify(bufferPepper, user.token)
+        console.log("passwordCheck", passwordCheck)
+        if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {
+            await this.changePassword(user.user_email, password, txn)
+        }
+        else if (passwordCheck !== SecurePassword.VALID) {
+            throw User.createNotFoundError()
+        }
 
         return user
     }
     async changePassword(email, password, txn) {
         const { User, Auth } = this.server.models()
 
+        console.log('email passed to changePassword', email)
+
+        const hashed = await this.pwd.hash(Buffer.from(process.env.PEPPER + password))
+        console.log('hashed', hashed)
+
         await Auth.query(txn)
             .throwIfNotFound()
-            .where({ email })
+            .where({ user_email: email })
             .patch({
                 // user_email: email,
-                token: await this.pwd.hash(
-                    Buffer.from(process.env.PEPPER + password),
-                ),
+                token: hashed
             })
-        console.log("changed pw return", email)
-        console.log("token created in changePassword", this.pwd.hash(Buffer.from(password)))
+        console.log('changePassword query completed')
         return email
 
         // await User.query(txn)