wikijs/server/models/users.mjs

/* global WIKI */

import { difference, find, first, flatten, flattenDeep, get, has, isArray, isEmpty, isNil, isString, last, set, toString, truncate, uniq } from 'lodash-es'
import tfa from 'node-2fa'
import jwt from 'jsonwebtoken'
import { Model } from 'objection'
import validate from 'validate.js'
import qr from 'qr-image'
import bcrypt from 'bcryptjs'

import { Group } from './groups.mjs'

/**
 * Users model
 */
export class User extends Model {
  static get tableName() { return 'users' }

  static get jsonSchema () {
    return {
      type: 'object',
      required: ['email'],

      properties: {
        id: {type: 'string'},
        email: {type: 'string'},
        name: {type: 'string', minLength: 1, maxLength: 255},
        pictureUrl: {type: 'string'},
        isSystem: {type: 'boolean'},
        isActive: {type: 'boolean'},
        isVerified: {type: 'boolean'},
        createdAt: {type: 'string'},
        updatedAt: {type: 'string'}
      }
    }
  }

  static get jsonAttributes() {
    return ['auth', 'meta', 'prefs']
  }

  static get relationMappings() {
    return {
      groups: {
        relation: Model.ManyToManyRelation,
        modelClass: Group,
        join: {
          from: 'users.id',
          through: {
            from: 'userGroups.userId',
            to: 'userGroups.groupId'
          },
          to: 'groups.id'
        }
      }
    }
  }

  async $beforeUpdate(opt, context) {
    await super.$beforeUpdate(opt, context)

    this.updatedAt = new Date().toISOString()
  }
  async $beforeInsert(context) {
    await super.$beforeInsert(context)

    this.createdAt = new Date().toISOString()
    this.updatedAt = new Date().toISOString()
  }

  // ------------------------------------------------
  // Instance Methods
  // ------------------------------------------------

  async generateTFA(strategyId, siteId) {
    WIKI.logger.debug(`Generating new TFA secret for user ${this.id}...`)
    const site = WIKI.sites[siteId] ?? WIKI.sites[0] ?? { config: { title: 'Wiki' } }
    const tfaInfo = tfa.generateSecret({
      name: site.config.title,
      account: this.email
    })
    this.auth[strategyId].tfaSecret = tfaInfo.secret
    this.auth[strategyId].tfaIsActive = false
    await this.$query().patch({
      auth: this.auth
    })
    const safeTitle = site.config.title.replace(/[\s-.,=!@#$%?&*()+[\]{}/\\;<>]/g, '')
    return qr.imageSync(`otpauth://totp/${safeTitle}:${this.email}?secret=${tfaInfo.secret}`, { type: 'svg' })
  }

  async enableTFA(strategyId) {
    this.auth[strategyId].tfaIsActive = true
    return this.$query().patch({
      auth: this.auth
    })
  }

  async disableTFA(strategyId) {
    this.auth[strategyId].tfaIsActive = false
    return this.$query().patch({
      tfaIsActive: false,
      tfaSecret: ''
    })
  }

  verifyTFA(strategyId, code) {
    return tfa.verifyToken(this.auth[strategyId].tfaSecret, code)?.delta === 0
  }

  getPermissions () {
    return uniq(flatten(this.groups.map(g => g.permissions)))
  }

  getGroups() {
    return uniq(this.groups.map(g => g.id))
  }

  // ------------------------------------------------
  // Model Methods
  // ------------------------------------------------

  static async getById(id) {
    return WIKI.db.users.query().findById(id).withGraphFetched('groups').modifyGraph('groups', builder => {
      builder.select('groups.id', 'permissions')
    })
  }

  static async processProfile({ profile, providerKey }) {
    const provider = get(WIKI.auth.strategies, providerKey, {})
    provider.info = find(WIKI.data.authentication, ['key', provider.stategyKey])

    // Find existing user
    let user = await WIKI.db.users.query().findOne({
      providerId: toString(profile.id),
      providerKey
    })

    // Parse email
    let primaryEmail = ''
    if (isArray(profile.emails)) {
      const e = find(profile.emails, ['primary', true])
      primaryEmail = (e) ? e.value : first(profile.emails).value
    } else if (isArray(profile.email)) {
      primaryEmail = first(flattenDeep([profile.email]))
    } else if (isString(profile.email) && profile.email.length > 5) {
      primaryEmail = profile.email
    } else if (isString(profile.mail) && profile.mail.length > 5) {
      primaryEmail = profile.mail
    } else if (profile.user && profile.user.email && profile.user.email.length > 5) {
      primaryEmail = profile.user.email
    } else {
      throw new Error('Missing or invalid email address from profile.')
    }
    primaryEmail = primaryEmail.toLowerCase()

    // Find pending social user
    if (!user) {
      user = await WIKI.db.users.query().findOne({
        email: primaryEmail,
        providerId: null,
        providerKey
      })
      if (user) {
        user = await user.$query().patchAndFetch({
          providerId: toString(profile.id)
        })
      }
    }

    // Parse display name
    let displayName = ''
    if (isString(profile.displayName) && profile.displayName.length > 0) {
      displayName = profile.displayName
    } else if (isString(profile.name) && profile.name.length > 0) {
      displayName = profile.name
    } else {
      displayName = primaryEmail.split('@')[0]
    }

    // Parse picture URL / Data
    let pictureUrl = ''
    if (profile.picture && Buffer.isBuffer(profile.picture)) {
      pictureUrl = 'internal'
    } else {
      pictureUrl = truncate(get(profile, 'picture', get(user, 'pictureUrl', null)), {
        length: 255,
        omission: ''
      })
    }

    // Update existing user
    if (user) {
      if (!user.isActive) {
        throw new WIKI.Error.AuthAccountBanned()
      }
      if (user.isSystem) {
        throw new Error('This is a system reserved account and cannot be used.')
      }

      user = await user.$query().patchAndFetch({
        email: primaryEmail,
        name: displayName,
        pictureUrl: pictureUrl
      })

      if (pictureUrl === 'internal') {
        await WIKI.db.users.updateUserAvatarData(user.id, profile.picture)
      }

      return user
    }

    // Self-registration
    if (provider.selfRegistration) {
      // Check if email domain is whitelisted
      if (get(provider, 'domainWhitelist', []).length > 0) {
        const emailDomain = last(primaryEmail.split('@'))
        if (!provider.domainWhitelist.includes(emailDomain)) {
          throw new WIKI.Error.AuthRegistrationDomainUnauthorized()
        }
      }

      // Create account
      user = await WIKI.db.users.query().insertAndFetch({
        providerKey: providerKey,
        providerId: toString(profile.id),
        email: primaryEmail,
        name: displayName,
        pictureUrl: pictureUrl,
        locale: WIKI.config.lang.code,
        defaultEditor: 'markdown',
        tfaIsActive: false,
        isSystem: false,
        isActive: true,
        isVerified: true
      })

      // Assign to group(s)
      if (provider.autoEnrollGroups.length > 0) {
        await user.$relatedQuery('groups').relate(provider.autoEnrollGroups)
      }

      if (pictureUrl === 'internal') {
        await WIKI.db.users.updateUserAvatarData(user.id, profile.picture)
      }

      return user
    }

    throw new Error('You are not authorized to login.')
  }

  /**
   * Login a user
   */
  static async login ({ strategyId, siteId, username, password }, context) {
    if (has(WIKI.auth.strategies, strategyId)) {
      const selStrategy = WIKI.auth.strategies[strategyId]
      if (!selStrategy.isEnabled) {
        throw new WIKI.Error.AuthProviderInvalid()
      }

      const strInfo = find(WIKI.data.authentication, ['key', selStrategy.module])

      // Inject form user/pass
      if (strInfo.useForm) {
        set(context.req, 'body.email', username)
        set(context.req, 'body.password', password)
        set(context.req.params, 'strategy', strategyId)
      }

      // Authenticate
      return new Promise((resolve, reject) => {
        WIKI.auth.passport.authenticate(selStrategy.id, {
          session: !strInfo.useForm,
          scope: strInfo.scopes ? strInfo.scopes : null
        }, async (err, user, info) => {
          if (err) { return reject(err) }
          if (!user) { return reject(new WIKI.Error.AuthLoginFailed()) }

          try {
            const resp = await WIKI.db.users.afterLoginChecks(user, selStrategy.id, context, {
              siteId,
              skipTFA: !strInfo.useForm,
              skipChangePwd: !strInfo.useForm
            })
            resolve(resp)
          } catch (err) {
            reject(err)
          }
        })(context.req, context.res, () => {})
      })
    } else {
      throw new WIKI.Error.AuthProviderInvalid()
    }
  }

  /**
   * Perform post-login checks
   */
  static async afterLoginChecks (user, strategyId, context, { siteId, skipTFA, skipChangePwd } = { skipTFA: false, skipChangePwd: false, siteId: null }) {
    const str = WIKI.auth.strategies[strategyId]
    if (!str) {
      throw new Error('ERR_INVALID_STRATEGY')
    }

    // Get redirect target
    user.groups = await user.$relatedQuery('groups').select('groups.id', 'permissions', 'redirectOnLogin')
    let redirect = '/'
    if (user.groups && user.groups.length > 0) {
      for (const grp of user.groups) {
        if (!isEmpty(grp.redirectOnLogin) && grp.redirectOnLogin !== '/') {
          redirect = grp.redirectOnLogin
          break
        }
      }
    }

    // Get auth strategy flags
    const authStr = user.auth[strategyId] || {}

    // Is 2FA required?
    if (!skipTFA) {
      if (authStr.tfaIsActive && authStr.tfaSecret) {
        try {
          const tfaToken = await WIKI.db.userKeys.generateToken({
            kind: 'tfa',
            userId: user.id,
            meta: {
              strategyId
            }
          })
          return {
            nextAction: 'provideTfa',
            continuationToken: tfaToken,
            redirect
          }
        } catch (errc) {
          WIKI.logger.warn(errc)
          throw new WIKI.Error.AuthGenericError()
        }
      } else if (str.config?.enforceTfa || authStr.tfaRequired) {
        try {
          const tfaQRImage = await user.generateTFA(strategyId, siteId)
          const tfaToken = await WIKI.db.userKeys.generateToken({
            kind: 'tfaSetup',
            userId: user.id,
            meta: {
              strategyId
            }
          })
          return {
            nextAction: 'setupTfa',
            continuationToken: tfaToken,
            tfaQRImage,
            redirect
          }
        } catch (errc) {
          WIKI.logger.warn(errc)
          throw new WIKI.Error.AuthGenericError()
        }
      }
    }

    // Must Change Password?
    if (!skipChangePwd && authStr.mustChangePwd) {
      try {
        const pwdChangeToken = await WIKI.db.userKeys.generateToken({
          kind: 'changePwd',
          userId: user.id,
          meta: {
            strategyId
          }
        })

        return {
          nextAction: 'changePassword',
          continuationToken: pwdChangeToken,
          redirect
        }
      } catch (errc) {
        WIKI.logger.warn(errc)
        throw new WIKI.Error.AuthGenericError()
      }
    }

    return new Promise((resolve, reject) => {
      context.req.login(user, { session: false }, async errc => {
        if (errc) { return reject(errc) }
        const jwtToken = await WIKI.db.users.refreshToken(user, strategyId)
        resolve({
          nextAction: 'redirect',
          jwt: jwtToken.token,
          redirect
        })
      })
    })
  }

  /**
   * Generate a new token for a user
   */
  static async refreshToken (user) {
    if (isString(user)) {
      user = await WIKI.db.users.query().findById(user).withGraphFetched('groups').modifyGraph('groups', builder => {
        builder.select('groups.id', 'permissions')
      })
      if (!user) {
        WIKI.logger.warn(`Failed to refresh token for user ${user}: Not found.`)
        throw new WIKI.Error.AuthGenericError()
      }
      if (!user.isActive) {
        WIKI.logger.warn(`Failed to refresh token for user ${user}: Inactive.`)
        throw new WIKI.Error.AuthAccountBanned()
      }
    } else if (isNil(user.groups)) {
      user.groups = await user.$relatedQuery('groups').select('groups.id', 'permissions')
    }

    // Update Last Login Date
    // -> Bypass Objection.js to avoid updating the updatedAt field
    await WIKI.db.knex('users').where('id', user.id).update({ lastLoginAt: new Date().toISOString() })

    return {
      token: jwt.sign({
        id: user.id,
        email: user.email,
        groups: user.getGroups()
      }, {
        key: WIKI.config.auth.certs.private,
        passphrase: WIKI.config.auth.secret
      }, {
        algorithm: 'RS256',
        expiresIn: WIKI.config.auth.tokenExpiration,
        audience: WIKI.config.auth.audience,
        issuer: 'urn:wiki.js'
      }),
      user
    }
  }

  /**
   * Verify a TFA login
   */
  static async loginTFA ({ strategyId, siteId, securityCode, continuationToken, setup }, context) {
    if (securityCode.length === 6 && continuationToken.length > 1) {
      const { user, strategyId: expectedStrategyId } = await WIKI.db.userKeys.validateToken({
        kind: setup ? 'tfaSetup' : 'tfa',
        token: continuationToken,
        skipDelete: setup
      })

      if (strategyId !== expectedStrategyId) {
        throw new Error('ERR_INVALID_STRATEGY')
      }

      if (user) {
        if (user.verifyTFA(strategyId, securityCode)) {
          if (setup) {
            await user.enableTFA(strategyId)
          }
          return WIKI.db.users.afterLoginChecks(user, strategyId, context, { siteId, skipTFA: true })
        } else {
          throw new Error('ERR_TFA_INCORRECT_TOKEN')
        }
      }
    }
    throw new Error('ERR_TFA_INVALID_REQUEST')
  }

  /**
   * Change Password from a Mandatory Password Change after Login
   */
  static async loginChangePassword ({ strategyId, siteId, continuationToken, newPassword }, context) {
    if (!newPassword || newPassword.length < 8) {
      throw new Error('ERR_PASSWORD_TOO_SHORT')
    }
    const { user, strategyId: expectedStrategyId } = await WIKI.db.userKeys.validateToken({
      kind: 'changePwd',
      token: continuationToken
    })

    if (strategyId !== expectedStrategyId) {
      throw new Error('ERR_INVALID_STRATEGY')
    }

    if (user) {
      user.auth[strategyId].password = await bcrypt.hash(newPassword, 12)
      user.auth[strategyId].mustChangePwd = false
      await user.$query().patch({
        auth: user.auth
      })

      return WIKI.db.users.afterLoginChecks(user, strategyId, context, { siteId, skipChangePwd: true, skipTFA: true })
    } else {
      throw new Error('ERR_INVALID_USER')
    }
  }

  /**
   * Change Password from Profile
   */
  static async changePassword ({ strategyId, siteId, currentPassword, newPassword }, context) {
    const userId = context.req.user?.id
    if (!userId) {
      throw new Error('ERR_NOT_AUTHENTICATED')
    }

    const user = await WIKI.db.users.query().findById(userId)
    if (!user) {
      throw new Error('ERR_INVALID_USER')
    }

    if (!newPassword || newPassword.length < 8) {
      throw new Error('ERR_PASSWORD_TOO_SHORT')
    }

    if (!user.auth[strategyId]?.password) {
      throw new Error('ERR_INVALID_STRATEGY')
    }

    if (await bcrypt.compare(currentPassword, user.auth[strategyId].password) !== true) {
      throw new Error('ERR_INCORRECT_CURRENT_PASSWORD')
    }

    user.auth[strategyId].password = await bcrypt.hash(newPassword, 12)
    user.auth[strategyId].mustChangePwd = false

    await user.$query().patch({
      auth: user.auth
    })

    return true
  }

  /**
   * Send a password reset request
   */
  static async loginForgotPassword ({ email }, context) {
    const usr = await WIKI.db.users.query().where({
      email,
      providerKey: 'local'
    }).first()
    if (!usr) {
      WIKI.logger.debug(`Password reset attempt on nonexistant local account ${email}: [DISCARDED]`)
      return
    }
    const resetToken = await WIKI.db.userKeys.generateToken({
      userId: usr.id,
      kind: 'resetPwd'
    })

    await WIKI.mail.send({
      template: 'accountResetPwd',
      to: email,
      subject: `Password Reset Request`,
      data: {
        preheadertext: `A password reset was requested for ${WIKI.config.title}`,
        title: `A password reset was requested for ${WIKI.config.title}`,
        content: `Click the button below to reset your password. If you didn't request this password reset, simply discard this email.`,
        buttonLink: `${WIKI.config.host}/login-reset/${resetToken}`,
        buttonText: 'Reset Password'
      },
      text: `A password reset was requested for wiki ${WIKI.config.title}. Open the following link to proceed: ${WIKI.config.host}/login-reset/${resetToken}`
    })
  }

  /**
   * Create a new user
   *
   * @param {Object} param0 User Fields
   */
  static async createNewUser ({ email, password, name, groups, userInitiated = false, mustChangePassword = false, sendWelcomeEmail = false }) {
    const localAuth = await WIKI.db.authentication.getStrategy('local')

    // Check if self-registration is enabled
    if (userInitiated && !localAuth.registration) {
      throw new Error('ERR_REGISTRATION_DISABLED')
    }

    // Input sanitization
    email = email.toLowerCase().trim()

    // Input validation
    const validation = validate({
      email,
      password,
      name
    }, {
      email: {
        email: true,
        length: {
          maximum: 255
        }
      },
      password: {
        presence: {
          allowEmpty: false
        },
        length: {
          minimum: 6
        }
      },
      name: {
        presence: {
          allowEmpty: false
        },
        length: {
          minimum: 2,
          maximum: 255
        }
      }
    }, { format: 'flat' })

    if (validation && validation.length > 0) {
      throw new Error(`ERR_INVALID_INPUT: ${validation[0]}`)
    }

    // Check if email address is allowed
    if (userInitiated && localAuth.allowedEmailRegex) {
      const emailCheckRgx = new RegExp(localAuth.allowedEmailRegex, 'i')
      if (!emailCheckRgx.test(email)) {
        throw new Error('ERR_EMAIL_ADDRESS_NOT_ALLOWED')
      }
    }

    // Check if email already exists
    const usr = await WIKI.db.users.query().findOne({ email })
    if (usr) {
      throw new Error('ERR_DUPLICATE_ACCOUNT_EMAIL')
    }

    WIKI.logger.debug(`Creating new user account for ${email}...`)

    // Create the account
    const newUsr = await WIKI.db.users.query().insert({
      email,
      name,
      auth: {
        [localAuth.id]: {
          password: await bcrypt.hash(password, 12),
          mustChangePwd: mustChangePassword,
          restrictLogin: false,
          tfaRequired: false,
          tfaSecret: ''
        }
      },
      hasAvatar: false,
      isSystem: false,
      isActive: true,
      isVerified: true,
      meta: {
        jobTitle: '',
        location: '',
        pronouns: ''
      },
      prefs: {
        cvd: 'none',
        timezone: WIKI.config.userDefaults.timezone || 'America/New_York',
        appearance: 'site',
        dateFormat: WIKI.config.userDefaults.dateFormat || 'YYYY-MM-DD',
        timeFormat: WIKI.config.userDefaults.timeFormat || '12h'
      }
    }).returning('*')

    // Assign to group(s)
    const groupsToEnroll = [WIKI.data.systemIds.usersGroupId]
    if (groups?.length > 0) {
      groupsToEnroll.push(...groups)
    }
    if (userInitiated && localAuth.autoEnrollGroups?.length > 0) {
      groupsToEnroll.push(...localAuth.autoEnrollGroups)
    }
    await newUsr.$relatedQuery('groups').relate(uniq(groupsToEnroll))

    // Verification Email
    if (userInitiated && localAuth.config?.emailValidation) {
      // Create verification token
      const verificationToken = await WIKI.db.userKeys.generateToken({
        kind: 'verify',
        userId: newUsr.id
      })

      // Send verification email
      await WIKI.mail.send({
        template: 'accountVerify',
        to: email,
        subject: 'Verify your account',
        data: {
          preheadertext: 'Verify your account in order to gain access to the wiki.',
          title: 'Verify your account',
          content: 'Click the button below in order to verify your account and gain access to the wiki.',
          buttonLink: `${WIKI.config.host}/verify/${verificationToken}`,
          buttonText: 'Verify'
        },
        text: `You must open the following link in your browser to verify your account and gain access to the wiki: ${WIKI.config.host}/verify/${verificationToken}`
      })
    } else if (sendWelcomeEmail) {
      // Send welcome email
      await WIKI.mail.send({
        template: 'accountWelcome',
        to: email,
        subject: `Welcome to the wiki ${WIKI.config.title}`,
        data: {
          preheadertext: `You've been invited to the wiki ${WIKI.config.title}`,
          title: `You've been invited to the wiki ${WIKI.config.title}`,
          content: `Click the button below to access the wiki.`,
          buttonLink: `${WIKI.config.host}/login`,
          buttonText: 'Login'
        },
        text: `You've been invited to the wiki ${WIKI.config.title}: ${WIKI.config.host}/login`
      })
    }

    WIKI.logger.debug(`Created new user account for ${email} successfully.`)

    return newUsr
  }

  /**
   * Update an existing user
   *
   * @param {Object} param0 User ID and fields to update
   */
  static async updateUser (id, { email, name, groups, auth, isVerified, isActive, meta, prefs }) {
    const usr = await WIKI.db.users.query().findById(id)
    if (usr) {
      let usrData = {}
      if (!isEmpty(email) && email !== usr.email) {
        const dupUsr = await WIKI.db.users.query().select('id').where({ email }).first()
        if (dupUsr) {
          throw new Error('ERR_DUPLICATE_ACCOUNT_EMAIL')
        }
        usrData.email = email.toLowerCase()
      }
      if (!isEmpty(name) && name !== usr.name) {
        usrData.name = name.trim()
      }
      if (isArray(groups)) {
        const usrGroupsRaw = await usr.$relatedQuery('groups')
        const usrGroups = usrGroupsRaw.map(g => g.id)
        // Relate added groups
        const addUsrGroups = difference(groups, usrGroups)
        for (const grp of addUsrGroups) {
          await usr.$relatedQuery('groups').relate(grp)
        }
        // Unrelate removed groups
        const remUsrGroups = difference(usrGroups, groups)
        for (const grp of remUsrGroups) {
          await usr.$relatedQuery('groups').unrelate().where('groupId', grp)
        }
      }
      if (!isNil(auth?.tfaRequired)) {
        usr.auth[WIKI.data.systemIds.localAuthId].tfaRequired = auth.tfaRequired
        usrData.auth = usr.auth
      }
      if (!isNil(auth?.mustChangePwd)) {
        usr.auth[WIKI.data.systemIds.localAuthId].mustChangePwd = auth.mustChangePwd
        usrData.auth = usr.auth
      }
      if (!isNil(auth?.restrictLogin)) {
        usr.auth[WIKI.data.systemIds.localAuthId].restrictLogin = auth.restrictLogin
        usrData.auth = usr.auth
      }
      if (!isNil(isVerified)) {
        usrData.isVerified = isVerified
      }
      if (!isNil(isActive)) {
        usrData.isVerified = isActive
      }
      if (!isEmpty(meta)) {
        usrData.meta = meta
      }
      if (!isEmpty(prefs)) {
        usrData.prefs = prefs
      }
      await WIKI.db.users.query().patch(usrData).findById(id)
    } else {
      throw new WIKI.Error.UserNotFound()
    }
  }

  /**
   * Delete a User
   *
   * @param {*} id User ID
   */
  static async deleteUser (id, replaceId) {
    const usr = await WIKI.db.users.query().findById(id)
    if (usr) {
      await WIKI.db.assets.query().patch({ authorId: replaceId }).where('authorId', id)
      await WIKI.db.comments.query().patch({ authorId: replaceId }).where('authorId', id)
      await WIKI.db.pageHistory.query().patch({ authorId: replaceId }).where('authorId', id)
      await WIKI.db.pages.query().patch({ authorId: replaceId }).where('authorId', id)
      await WIKI.db.pages.query().patch({ creatorId: replaceId }).where('creatorId', id)

      await WIKI.db.userKeys.query().delete().where('userId', id)
      await WIKI.db.users.query().deleteById(id)
    } else {
      throw new WIKI.Error.UserNotFound()
    }
  }

  /**
   * Logout the current user
   */
  static async logout (context) {
    if (!context.req.user || context.req.user.id === WIKI.config.auth.guestUserId) {
      return '/'
    }
    if (context.req.user.strategyId && has(WIKI.auth.strategies, context.req.user.strategyId)) {
      const selStrategy = WIKI.auth.strategies[context.req.user.strategyId]
      if (!selStrategy.isEnabled) {
        throw new WIKI.Error.AuthProviderInvalid()
      }
      const provider = find(WIKI.data.authentication, ['key', selStrategy.module])
      if (provider.logout) {
        return provider.logout(provider.config)
      }
    }
    return '/'
  }

  static async getGuestUser () {
    const user = await WIKI.db.users.query().findById(WIKI.config.auth.guestUserId).withGraphJoined('groups').modifyGraph('groups', builder => {
      builder.select('groups.id', 'permissions')
    })
    if (!user) {
      WIKI.logger.error('CRITICAL ERROR: Guest user is missing!')
      process.exit(1)
    }
    user.permissions = user.getPermissions()
    return user
  }

  static async getRootUser () {
    let user = await WIKI.db.users.query().findById(WIKI.config.auth.rootAdminUserId)
    if (!user) {
      WIKI.logger.error('CRITICAL ERROR: Root Administrator user is missing!')
      process.exit(1)
    }
    user.permissions = ['manage:system']
    return user
  }

  /**
   * Add / Update User Avatar Data
   */
  static async updateUserAvatarData (userId, data) {
    try {
      WIKI.logger.debug(`Updating user ${userId} avatar data...`)
      if (data.length > 1024 * 1024) {
        throw new Error('Avatar image filesize is too large. 1MB max.')
      }
      const existing = await WIKI.db.knex('userAvatars').select('id').where('id', userId).first()
      if (existing) {
        await WIKI.db.knex('userAvatars').where({
          id: userId
        }).update({
          data
        })
      } else {
        await WIKI.db.knex('userAvatars').insert({
          id: userId,
          data
        })
      }
    } catch (err) {
      WIKI.logger.warn(`Failed to process binary thumbnail data for user ${userId}: ${err.message}`)
    }
  }

  static async getUserAvatarData (userId) {
    try {
      const usrData = await WIKI.db.knex('userAvatars').where('id', userId).first()
      if (usrData) {
        return usrData.data
      } else {
        return null
      }
    } catch (err) {
      WIKI.logger.warn(`Failed to process binary thumbnail data for user ${userId}`)
    }
  }
}