Merge pull request #14 from SocialGouv/lionelb/feat-account-creation

feat(user): create user account

.env

@@ -12,8 +12,7 @@ JWT_TOKEN_EXPIRES=15
 REFRESH_TOKEN_EXPIRES=43200
 
 # Activation token lifetime (7 days in minutes)
-ACTIVATION_TOKEN_EXPIRES=10080
+NEXT_PUBLIC_ACTIVATION_TOKEN_EXPIRES=10080
 
 # Email
 ACCOUNT_MAIL_SENDER=contact@fabrique.social.gouv.fr
-NEXT_PUBLIC_FRONTEND_URL=http://localhost:3000

.env.development

@@ -3,6 +3,10 @@
 ##
 ACCOUNT_EMAIL_WEBHOOK_URL=http://host.docker.internal:3000/api/webhooks/account
 
+FRONTEND_URL=http://localhost:3000
+PORT=3000
+
+
 ##
 ## frontend secrets
 ##

.gitignore

@@ -1,3 +1,4 @@
 .next
 *.DS_Store
-node_modules
+node_modules
+.env.production

.gitlab-ci.yml

@@ -17,6 +17,14 @@ variables:
   ENABLE_AZURE_POSTGRES: 1
   VALUES_FILE: ./.k8s/app.values.yml
 
+Build:
+  extends: .autodevops_build
+  variables:
+    # these variables are needed at build time because embedded in the front
+    NEXT_PUBLIC_SENTRY_DSN: https://yyy@sentry.fabrique.social.gouv.fr/yyy
+    NEXT_PUBLIC_MATOMO_URL: https://matomo.io
+    NEXT_PUBLIC_MATOMO_SITE_ID: 4242
+
 Create namespace:
   extends:
     - .autodevops_create_namespace
@@ -53,7 +61,7 @@ Deploy app Hasura (dev):
     - .autodevops_deploy_app_dev
     - .deploy_hasura
   variables:
-    PG_HOST: cdtnadmin.postgres.database.azure.com
+    PG_HOST: cdtnadmindevserver.postgres.database.azure.com
     HELM_RENDER_ARGS: >-
       --set deployment.env[7].name=HASURA_GRAPHQL_DATABASE_URL
       --set deployment.env[7].value=postgresql://user_${CI_COMMIT_SHORT_SHA}%40${PG_HOST}:pass_${CI_COMMIT_SHORT_SHA}@${PG_HOST}:5432/db_${CI_COMMIT_SHORT_SHA}?sslmode=require

.k8s/app.values.yml

@@ -31,13 +31,13 @@ deployment:
   env:
     - name: PRODUCTION
       value: "${PRODUCTION}"
-    - name: NEXT_PUBLIC_FRONTEND_URL
+    - name: FRONTEND_URL
       value: https://${HOST}
     - name: GRAPHQL_ENDPOINT
       value: "http://hasura-cdtn-admin/v1/graphql"
     - name: ACCOUNT_MAIL_SENDER
       value: "contact@fabrique.social.gouv.fr"
-    - name: NEXT_PUBLIC_FRONTEND_URL
+    - name: PORT
       value: "${PORT}"
   envFrom:
     - secretRef:

Dockerfile

@@ -7,7 +7,9 @@ COPY package.json yarn.lock ./
 RUN yarn --production --frozen-lockfile
 
 COPY next.config.js  ./
+COPY .env  ./.env
 COPY .next/ ./.next
+COPY public/ ./public
 
 USER node
 

hasura/metadata/tables.yaml

@@ -21,7 +21,18 @@
       columns:
       - id
       - role
-      filter: {}
+      filter:
+        id:
+          _eq: X-Hasura-User-Id
+  update_permissions:
+  - role: user
+    permission:
+      columns:
+      - role
+      filter:
+        id:
+          _eq: X-Hasura-User-Id
+      check: null
 - table:
     schema: auth
     name: users
@@ -44,6 +55,32 @@
         table:
           schema: auth
           name: user_roles
+  select_permissions:
+  - role: user
+    permission:
+      columns:
+      - active
+      - created_at
+      - default_role
+      - email
+      - id
+      - name
+      - secret_token
+      - secret_token_expires_at
+      - updated_at
+      filter:
+        id:
+          _eq: X-Hasura-User-Id
+  update_permissions:
+  - role: user
+    permission:
+      columns:
+      - email
+      - name
+      filter:
+        id:
+          _eq: X-Hasura-User-Id
+      check: null
   event_triggers:
   - name: account_email
     definition:
@@ -85,31 +122,3 @@
       columns:
       - role
       filter: {}
-- table:
-    schema: public
-    name: users
-  array_relationships:
-  - name: roles
-    using:
-      manual_configuration:
-        remote_table:
-          schema: auth
-          name: user_roles
-        column_mapping:
-          id: user_id
-  select_permissions:
-  - role: user
-    permission:
-      columns:
-      - active
-      - created_at
-      - default_role
-      - email
-      - id
-      - name
-      - secret_token
-      - secret_token_expires_at
-      - updated_at
-      filter:
-        id:
-          _eq: X-Hasura-User-Id

hasura/migrations/1588758007277_init/up.sql

@@ -44,7 +44,7 @@ create schema auth;
 create table auth.users(
   id uuid DEFAULT gen_random_uuid() NOT NULL PRIMARY KEY,
   email email UNIQUE NOT NULL,
-  password text NOT NULL CONSTRAINT password_min_length CHECK ( char_length(password) >= 8 ),
+  password text DEFAULT 'mot de passe'::text NOT NULL CONSTRAINT password_min_length CHECK ( char_length(password) >= 8 ),
   name text NOT NULL,
   active boolean DEFAULT false NOT NULL,
   default_role text DEFAULT 'user'::text NOT NULL REFERENCES public.roles (role) on update cascade on delete restrict,
@@ -80,7 +80,7 @@ COMMENT ON TABLE auth.user_roles
   IS 'User_role table allow many-to-many relationship between users and roles';
 
 WITH admin_row AS (
-  INSERT INTO auth.users(email, password, name, default_role, active) VALUES ('sre@fabrique.social.gouv.fr', '$argon2i$v=19$m=4096,t=3,p=1$n9eoWSv+5sCgc7SjB5hLig$iBQ7NzrHHLkJSku/dCetNs+n/JI1CMdkWaoZsUekLU8', 'big boss', 'admin', true)
+  INSERT INTO auth.users(email, password, name, default_role, active) VALUES ('codedutravailnumerique@travail.gouv.fr', '$argon2i$v=19$m=4096,t=3,p=1$n9eoWSv+5sCgc7SjB5hLig$iBQ7NzrHHLkJSku/dCetNs+n/JI1CMdkWaoZsUekLU8', 'big boss', 'admin', true)
   RETURNING id, default_role
 )
 INSERT INTO auth.user_roles(role, user_id) SELECT default_role, id FROM admin_row;
@@ -110,9 +110,3 @@ CREATE TRIGGER "set_auth_refresh_tokens_updated_at"
 
 COMMENT ON TRIGGER "set_auth_refresh_tokens_updated_at" ON auth.refresh_tokens
   IS 'trigger to set value of column "updated_at" to current timestamp on row update';
-
-
---
--- Public user view
---
-CREATE VIEW users AS SELECT id, name, email, active, default_role, secret_token, secret_token_expires_at, created_at, updated_at from auth.users;

package.json

@@ -6,7 +6,9 @@
   "dependencies": {
     "@hapi/boom": "^9.1.0",
     "@hapi/joi": "^17.1.1",
-    "@reach/menu-button": "^0.10.2",
+    "@reach/dialog": "^0.10.3",
+    "@reach/menu-button": "^0.10.3",
+    "@reach/visually-hidden": "^0.10.2",
     "@sentry/browser": "^5.15.5",
     "@sentry/integrations": "^5.15.5",
     "@sentry/node": "^5.15.5",
@@ -20,11 +22,12 @@
     "http-proxy-middleware": "^1.0.3",
     "jsonwebtoken": "^8.5.1",
     "next": "^9.4.0",
-    "next-urql": "^0.3.7",
+    "next-urql": "^0.3.8",
     "nodemailer": "^6.4.6",
     "polished": "^3.6.3",
     "react": "^16.13.1",
     "react-dom": "^16.13.1",
+    "react-hook-form": "^5.7.2",
     "react-icons": "^3.10.0",
     "react-is": "^16.13.1",
     "sentry-testkit": "^3.2.1",
@@ -45,9 +48,9 @@
     ]
   },
   "scripts": {
-    "dev": "next dev -p ${NEXT_PUBLIC_FRONTEND_PORT:=3000}",
+    "dev": "next dev",
     "build": "next build",
-    "start": "next start -p ${NEXT_PUBLIC_FRONTEND_PORT:=3000}",
+    "start": "next start",
     "lint": "eslint src/*",
     "test": "jest"
   },
@@ -56,6 +59,7 @@
     "@commitlint/config-conventional": "^8.3.4",
     "@socialgouv/eslint-config-react": "^0.21.0",
     "@socialgouv/eslint-config-recommended": "^0.21.0",
+    "@urql/devtools": "^2.0.2",
     "eslint": "^7.0.0",
     "eslint-plugin-import": "^2.20.2",
     "husky": "^4.2.5",

src/components/Roles.js

@@ -2,15 +2,16 @@ import React from "react";
 import { useQuery } from "urql";
 import { Alert, Badge } from "theme-ui";
 
-const query = `
+export const getRoleQuery = `
 query getRoles{
   roles {
     role
   }
 }
 `;
+
 export function Roles() {
-  const [results] = useQuery({ query });
+  const [results] = useQuery({ getRoleQuery });
   const { data, error, fetching } = results;
 
   if (fetching) return <p>loading</p>;