feat(auth): harden authentication with argon2 passwords and rotating hashed refresh tokens

ts/reception/classes.usermanager.ts

@@ -23,6 +23,9 @@ export class UserManager {
       new plugins.typedrequest.TypedHandler('getRolesAndOrganizationsForUserId', async reqArg => {
         console.log('user manager: getting roles and orgs');
         const user = await this.getUserByJwtValidation(reqArg.jwt);
+        if (!user) {
+          throw new plugins.typedrequest.TypedResponseError('User not found');
+        }
         const organizations = await this.receptionRef.organizationmanager.getAllOrganizationsForUser(
           user
         );
@@ -49,8 +52,7 @@ export class UserManager {
               email: user.data.email,
               mobileNumber: user.data.mobileNumber,
               connectedOrgs: user.data.connectedOrgs,
-              status: null,
-              password: null,
+              status: user.data.status,
               isGlobalAdmin: user.data.isGlobalAdmin,
             } as plugins.idpInterfaces.data.IUser['data']
           }
@@ -64,6 +66,9 @@ export class UserManager {
    */
   public async getUserByJwt(jwtString: string) {
     const jwtInstance = await this.receptionRef.jwtManager.verifyJWTAndGetData(jwtString);
+    if (!jwtInstance) {
+      return null;
+    }
     const user = await this.CUser.getInstance({
       id: jwtInstance.data.userId
     });
@@ -75,7 +80,10 @@ export class UserManager {
    * faster than the "getUserByJwt"
    */
   public async getUserByJwtValidation(jwtStringArg: string) {
-    const jwtDataArg: plugins.idpInterfaces.data.IJwt = await this.receptionRef.jwtManager.smartjwtInstance.verifyJWTAndGetData(jwtStringArg);
+    const jwtDataArg = await this.receptionRef.jwtManager.verifyJWTAndGetData(jwtStringArg);
+    if (!jwtDataArg) {
+      return null;
+    }
     const resultingUser = await this.CUser.getInstance({
       id: jwtDataArg.data.userId
     });