Suppress the email to the user for the final endpoint to allow for AP…

…I only user management

Dockerfile

@@ -1 +1,38 @@
-FROM ghcr.io/dataswift/base:v0.3.5
+FROM adoptopenjdk/openjdk11:jdk-11.0.6_10-alpine
+
+ARG FILE_PATH
+ENV FILE_PATH=$FILE_PATH
+ARG STRING
+ENV STRING=$STRING
+ARG DELIMITER
+ENV DELIMITER=$DELIMITER
+ARG KEYWORD
+ENV KEYWORD=$KEYWORD
+
+ARG SBT_VERSION=1.3.10
+
+RUN set -x \
+  && apk --update add --no-cache --virtual .build-deps curl \
+  && ESUM="3060065764193651aa3fe860a17ff8ea9afc1e90a3f9570f0584f2d516c34380" \
+  && SBT_URL="https://github.com/sbt/sbt/releases/download/v1.3.10/sbt-1.3.10.tgz" \
+  && apk add bash \
+  && curl -Ls ${SBT_URL} > /tmp/sbt-${SBT_VERSION}.tgz \
+  && sha256sum /tmp/sbt-${SBT_VERSION}.tgz \
+  && (echo "${ESUM}  /tmp/sbt-${SBT_VERSION}.tgz" | sha256sum -c -) \
+  && tar -zxf /tmp/sbt-${SBT_VERSION}.tgz -C /opt/ \
+  && sed -i -r 's#run \"\$\@\"#unset JAVA_TOOL_OPTIONS\nrun \"\$\@\"#g' /opt/sbt/bin/sbt \
+  && apk del --purge .build-deps \
+  && rm -rf /tmp/sbt-${SBT_VERSION}.tgz /var/cache/apk/*
+
+
+ENV PATH="/opt/sbt/bin:$PATH" \
+    JAVA_OPTS="-XX:+UseContainerSupport -Dfile.encoding=UTF-8" \
+    SBT_OPTS="-Xmx2048M -Xss2M"
+
+WORKDIR /app
+ADD . /app
+
+RUN ["chmod", "-R", "777", "start.sh"]
+
+CMD ./start.sh
+

hat/app/org/hatdex/hat/api/controllers/Authentication.scala

@@ -308,18 +308,26 @@ class Authentication @Inject() (
     */
 
     // return token and not email, like the other endpoint
-  def handleForgotPassword: Action[ApiPasswordResetRequest] =
+  def handleForgotPassword(
+    sendEmailToUser: Option[Boolean]
+  ): Action[ApiPasswordResetRequest] =
     UserAwareAction.async(parsers.json[ApiPasswordResetRequest]) { implicit request =>
       implicit val language: Lang = Lang.defaultLang
+      implicit val sendEmail: Boolean = sendEmailToUser.getOrElse(true)
+
       logger.debug("Processing forgotten password request")
+
       val email = request.body.email
-      val response = Ok(
+
+      // predefined response
+      var response = Ok(
         Json.toJson(
           SuccessResponse(
-            "If the email you have entered is correct, you will shortly receive an email with password reset instructions"
+            "TEST If the email you have entered is correct, you will shortly receive an email with password reset instructions"
           )
         )
       )
+
       if (email == request.dynamicEnvironment.ownerEmail)
         // Find the specific user who is the owner.
         userService
@@ -330,11 +338,23 @@ class Authentication @Inject() (
               // Create a token for the reset with a 24 hour expiry
               // isSignUp is potentially the issue here.
               val token = MailTokenUser(email, isSignup = false)
+
               // Store that token
-              tokenService.create(token).map { _ =>
-                mailer.passwordReset(email, passwordResetLink(request.host, token.id))
-                response
+              tokenService.create(token).map { _ => {
+                // This sends the user an email to the reset URL
+                // And a generic response
+                if (sendEmail) {
+                  mailer.passwordReset(email, passwordResetLink(request.host, token.id))
+                  response
+                }
+
+                // Do not send an email, but return the token
+                else {
+                  response = Ok(Json.obj("tokenId" -> token.id))
+                  response
+                }
               }
+            }
             // The user was not found, but return the "If we found an email address, we'll send the link."
             case None => Future.successful(response)
           }
@@ -345,9 +365,13 @@ class Authentication @Inject() (
   /**
     * Saves the new password and authenticates the user
     */
-  def handleResetPassword(tokenId: String): Action[ApiPasswordChange] =
+  def handleResetPassword(
+      tokenId: String,
+    sendEmailToUser: Option[Boolean]): Action[ApiPasswordChange] =
     UserAwareAction.async(parsers.json[ApiPasswordChange]) { implicit request =>
       implicit val language: Lang = Lang.defaultLang
+      implicit val sendEmail: Boolean = sendEmailToUser.getOrElse(true)
+
       tokenService.retrieve(tokenId).flatMap {
         // Token was found, is not signup nor expired
         case Some(token) if !token.isSignUp && !token.isExpired =>
@@ -381,7 +405,9 @@ class Authentication @Inject() (
                     // Push a loginEvent on the bus
                     env.eventBus.publish(LoginEvent(user, request))
                     // Mail the user, telling them the password changed
-                    mailer.passwordChanged(token.email)
+                    if (sendEmail) {
+                      mailer.passwordChanged(token.email)
+                    }
                     // ???: return an AuthenticatorResult, why
                     result
                   }
@@ -413,19 +439,12 @@ class Authentication @Inject() (
       val email           = request.dynamicEnvironment.ownerEmail
       val response        = Ok(Json.toJson(SuccessResponse("You will shortly receive an email with claim instructions AAA")))
 
-      println(claimHatRequest.email == email)
-      println(email)
-      println(claimHatRequest)
-
       if (claimHatRequest.email == email)
         userService
           .listUsers()
           .map(_.find(u => (u.roles.contains(Owner()) && !(u.roles.contains(Verified("email"))))))
           .flatMap {
-            case Some(user) => {
-
-              println(s"found user ${user.email}")
-
+            case Some(user) => {              
               val eventualClaimContext = for {
                 maybeApplication <- applicationsService
                                       .applicationStatus()(request.dynamicEnvironment, user, request)
@@ -481,7 +500,6 @@ class Authentication @Inject() (
                 }
               }
             case None => {
-              println(s"found user ${response}")
               Future.successful(response)
             }
           }

hat/conf/routes

@@ -21,8 +21,8 @@ GET         /healthz                                             org.hatdex.hat.
 # AUTHENTICATION routes
 GET         /control/v2/auth/hatlogin                            org.hatdex.hat.api.controllers.Authentication.hatLogin(name: String, redirect: String)
 POST        /control/v2/auth/password                            org.hatdex.hat.api.controllers.Authentication.passwordChangeProcess
-POST        /control/v2/auth/passwordReset                       org.hatdex.hat.api.controllers.Authentication.handleForgotPassword
-POST        /control/v2/auth/passwordreset/confirm/:token        org.hatdex.hat.api.controllers.Authentication.handleResetPassword(token: String)
+POST        /control/v2/auth/passwordReset                       org.hatdex.hat.api.controllers.Authentication.handleForgotPassword(sendEmailToUser: Option[Boolean])
+POST        /control/v2/auth/passwordreset/confirm/:token        org.hatdex.hat.api.controllers.Authentication.handleResetPassword(token: String, sendEmailToUser: Option[Boolean])
 POST        /control/v2/auth/claim                               org.hatdex.hat.api.controllers.Authentication.handleVerificationRequest(lang: Option[String], sendEmailToUser: Option[Boolean])
 POST        /control/v2/auth/request-verification                org.hatdex.hat.api.controllers.Authentication.handleVerificationRequest(lang: Option[String], sendEmailToUser: Option[Boolean])
 POST        /control/v2/auth/claim/complete/:verificationToken   org.hatdex.hat.api.controllers.Authentication.handleVerification(verificationToken: String)