npm - @atlashub/smartstack-cli - Versions diffs - 4.75.0 → 4.76.0 - Mend

@atlashub/smartstack-cli 4.75.0 → 4.76.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/dist/index.js CHANGED Viewed

@@ -128062,7 +128062,6 @@ var import_bcryptjs = __toESM(require_bcryptjs());
 var import_fs4 = require("fs");
 var import_path14 = require("path");
 var import_os6 = require("os");
-var import_crypto8 = require("crypto");
 var import_child_process9 = require("child_process");
 function tryLoadNativeDriver() {
   try {
@@ -128079,25 +128078,11 @@ var DEFAULT_CONFIG = {
 var PASSWORD_CHARS = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789!@#$%&*";
 var PASSWORD_LENGTH = 16;
 function generatePassword() {
-  const bytes = (0, import_crypto8.randomBytes)(PASSWORD_LENGTH);
-  const chars = [];
+  let password = "";
   for (let i = 0; i < PASSWORD_LENGTH; i++) {
-    chars.push(PASSWORD_CHARS.charAt(bytes[i] % PASSWORD_CHARS.length));
-  }
-  let hasLower = false, hasUpper = false, hasDigit = false, hasSpecial = false;
-  for (const c of chars) {
-    if (c >= "a" && c <= "z") hasLower = true;
-    else if (c >= "A" && c <= "Z") hasUpper = true;
-    else if (c >= "0" && c <= "9") hasDigit = true;
-    else hasSpecial = true;
-  }
-  const extra = (0, import_crypto8.randomBytes)(4);
-  let pos = 0;
-  if (!hasLower) chars[pos++] = "abcdefghjkmnpqrstuvwxyz"[extra[0] % 23];
-  if (!hasUpper) chars[pos++] = "ABCDEFGHJKLMNPQRSTUVWXYZ"[extra[1] % 24];
-  if (!hasDigit) chars[pos++] = "23456789"[extra[2] % 8];
-  if (!hasSpecial) chars[pos] = "!@#$%&*"[extra[3] % 7];
-  return chars.join("");
+    password += PASSWORD_CHARS.charAt(Math.floor(Math.random() * PASSWORD_CHARS.length));
+  }
+  return password;
 }
 function findAppSettings(apiFolder) {
   if (!(0, import_fs4.existsSync)(apiFolder)) {
@@ -128275,8 +128260,10 @@ adminCommand.command("reset").description("Reset the localAdmin account password
   const resetViaSqlCmd = async (sqlAuth) => {
     const authLabel = sqlAuth ? "SQL Server Authentication" : "Windows Authentication";
     spinner.text = `Using ${authLabel} (sqlcmd)...`;
-    const checkQuery = `SELECT COUNT(*) FROM [core].[auth_Users] WHERE Email = '${adminEmail}'`;
+    logger.debug(`[admin-reset] Using sqlcmd path (${authLabel})`);
+    const checkQuery = `SET NOCOUNT ON; SELECT COUNT(*) FROM [core].[auth_Users] WHERE Email = '${adminEmail}'`;
     const countResult = executeSqlCmd(connInfo.server, connInfo.database, checkQuery, sqlAuth);
+    logger.debug(`[admin-reset] COUNT result: "${countResult}"`);
     const exists = parseInt(countResult, 10) > 0;
     if (!exists) {
       spinner.fail(`Account ${source_default.yellow(adminEmail)} does not exist.`);
@@ -128287,23 +128274,50 @@ adminCommand.command("reset").description("Reset the localAdmin account password
     spinner.text = "Generating new password...";
     const newPassword = generatePassword();
     const passwordHash = await import_bcryptjs.default.hash(newPassword, 12);
-    spinner.text = "Updating password and unlocking account...";
-    const userId = executeSqlCmd(
-      connInfo.server,
-      connInfo.database,
-      `SELECT CAST(Id AS NVARCHAR(36)) FROM [core].[auth_Users] WHERE Email = '${adminEmail}'`,
-      sqlAuth
-    ).trim();
-    const updateQuery = `UPDATE [core].[auth_Users] SET PasswordHash = '${passwordHash}', MustChangePassword = 0, IsLocked = 0, LockoutEnd = NULL, UpdatedAt = GETUTCDATE() WHERE Email = '${adminEmail}'`;
-    executeSqlCmd(connInfo.server, connInfo.database, updateQuery, sqlAuth);
-    const deleteSessionsQuery = `DELETE FROM [core].[auth_Sessions] WHERE UserId = '${userId}' AND IsSuccessful = 0`;
+    logger.debug(`[admin-reset] Password length: ${newPassword.length}, Hash prefix: ${passwordHash.substring(0, 7)}`);
+    spinner.text = "Updating password...";
+    const updateQuery = `SET NOCOUNT ON; UPDATE [core].[auth_Users] SET PasswordHash = '${passwordHash}', MustChangePassword = 0, UpdatedAt = GETUTCDATE() WHERE Email = '${adminEmail}'`;
+    const updateResult = executeSqlCmd(connInfo.server, connInfo.database, updateQuery, sqlAuth);
+    logger.debug(`[admin-reset] UPDATE result: "${updateResult}"`);
     try {
-      executeSqlCmd(connInfo.server, connInfo.database, deleteSessionsQuery, sqlAuth);
-    } catch {
+      executeSqlCmd(
+        connInfo.server,
+        connInfo.database,
+        `SET NOCOUNT ON; UPDATE [core].[auth_Users] SET IsLocked = 0, LockoutEnd = NULL WHERE Email = '${adminEmail}'`,
+        sqlAuth
+      );
+      logger.debug("[admin-reset] Account unlocked (IsLocked = 0)");
+    } catch (unlockErr) {
+      logger.debug(`[admin-reset] Unlock skipped (columns may not exist): ${unlockErr instanceof Error ? unlockErr.message : unlockErr}`);
     }
-    spinner.succeed("Password reset and account unlocked!");
+    try {
+      executeSqlCmd(
+        connInfo.server,
+        connInfo.database,
+        `SET NOCOUNT ON; DELETE FROM [core].[auth_Sessions] WHERE UserId = (SELECT Id FROM [core].[auth_Users] WHERE Email = '${adminEmail}') AND IsSuccessful = 0`,
+        sqlAuth
+      );
+      logger.debug("[admin-reset] Failed login sessions cleared");
+    } catch (sessionErr) {
+      logger.debug(`[admin-reset] Session cleanup skipped: ${sessionErr instanceof Error ? sessionErr.message : sessionErr}`);
+    }
+    const verifyQuery = `SET NOCOUNT ON; SELECT PasswordHash FROM [core].[auth_Users] WHERE Email = '${adminEmail}'`;
+    const storedHash = executeSqlCmd(connInfo.server, connInfo.database, verifyQuery, sqlAuth).trim();
+    if (!storedHash) {
+      spinner.fail("Password update failed: no hash found in database after UPDATE");
+      process.exit(1);
+    }
+    const hashMatch = await import_bcryptjs.default.compare(newPassword, storedHash);
+    if (!hashMatch) {
+      spinner.fail("Password update failed: stored hash does not match generated password");
+      logger.error(`Expected hash prefix: ${passwordHash.substring(0, 10)}`);
+      logger.error(`Stored hash prefix:   ${storedHash.substring(0, 10)}`);
+      logger.error(`Hash lengths: expected=${passwordHash.length}, stored=${storedHash.length}`);
+      process.exit(1);
+    }
+    logger.debug(`[admin-reset] Verification OK \u2014 hash matches password`);
+    spinner.succeed("Password reset successfully!");
     displayPasswordResult(adminEmail, newPassword);
-    spinner.stop();
   };
   const displayPasswordResult = (email, password) => {
     if (options.json) {
@@ -128330,6 +128344,7 @@ adminCommand.command("reset").description("Reset the localAdmin account password
     console.log();
   };
   const resetViaMssql = async (sqlModule) => {
+    logger.debug(`[admin-reset] Using mssql (node driver) path`);
     spinner.text = "Connected. Checking account...";
     const checkResult = await sqlModule.query`
         SELECT COUNT(*) as count
@@ -128347,28 +128362,57 @@ adminCommand.command("reset").description("Reset the localAdmin account password
     spinner.text = "Generating new password...";
     const newPassword = generatePassword();
     const passwordHash = await import_bcryptjs.default.hash(newPassword, 12);
-    spinner.text = "Updating password and unlocking account...";
-    await sqlModule.query`
+    logger.debug(`[admin-reset] Password length: ${newPassword.length}, Hash prefix: ${passwordHash.substring(0, 7)}`);
+    spinner.text = "Updating password...";
+    const updateResult = await sqlModule.query`
         UPDATE [core].[auth_Users]
         SET PasswordHash = ${passwordHash},
             MustChangePassword = ${false},
-            IsLocked = ${false},
-            LockoutEnd = ${null},
             UpdatedAt = ${/* @__PURE__ */ new Date()}
         WHERE Email = ${adminEmail}
       `;
+    logger.debug(`[admin-reset] UPDATE rowsAffected: ${JSON.stringify(updateResult.rowsAffected)}`);
+    if (!updateResult.rowsAffected || updateResult.rowsAffected[0] === 0) {
+      await sqlModule.close();
+      spinner.fail("Password update failed: UPDATE affected 0 rows");
+      process.exit(1);
+    }
+    try {
+      await sqlModule.query`
+          UPDATE [core].[auth_Users]
+          SET IsLocked = ${false}, LockoutEnd = ${null}
+          WHERE Email = ${adminEmail}
+        `;
+      logger.debug("[admin-reset] Account unlocked (IsLocked = 0)");
+    } catch (unlockErr) {
+      logger.debug(`[admin-reset] Unlock skipped (columns may not exist): ${unlockErr instanceof Error ? unlockErr.message : unlockErr}`);
+    }
     try {
       await sqlModule.query`
           DELETE FROM [core].[auth_Sessions]
           WHERE UserId = (SELECT Id FROM [core].[auth_Users] WHERE Email = ${adminEmail})
             AND IsSuccessful = ${false}
         `;
-    } catch {
+      logger.debug("[admin-reset] Failed login sessions cleared");
+    } catch (sessionErr) {
+      logger.debug(`[admin-reset] Session cleanup skipped: ${sessionErr instanceof Error ? sessionErr.message : sessionErr}`);
+    }
+    const verifyResult = await sqlModule.query`
+        SELECT PasswordHash FROM [core].[auth_Users] WHERE Email = ${adminEmail}
+      `;
+    const storedHash = verifyResult.recordset[0]?.PasswordHash;
+    const hashMatch = storedHash ? await import_bcryptjs.default.compare(newPassword, storedHash) : false;
+    if (!hashMatch) {
+      await sqlModule.close();
+      spinner.fail("Password update failed: stored hash does not match generated password");
+      logger.error(`Expected hash prefix: ${passwordHash.substring(0, 10)}`);
+      logger.error(`Stored hash prefix:   ${(storedHash || "(null)").substring(0, 10)}`);
+      process.exit(1);
     }
+    logger.debug(`[admin-reset] Verification OK \u2014 hash matches password`);
     await sqlModule.close();
-    spinner.succeed("Password reset and account unlocked!");
+    spinner.succeed("Password reset successfully!");
     displayPasswordResult(adminEmail, newPassword);
-    spinner.stop();
   };
   const tryWithSqlCmd = async () => {
     try {
@@ -128389,8 +128433,10 @@ adminCommand.command("reset").description("Reset the localAdmin account password
     }
   };
   try {
+    logger.debug(`[admin-reset] Windows Auth: ${connInfo.useWindowsAuth}, Server: ${connInfo.server}, Database: ${connInfo.database}`);
     if (connInfo.useWindowsAuth) {
       const nativeDriver = tryLoadNativeDriver();
+      logger.debug(`[admin-reset] msnodesqlv8 available: ${!!nativeDriver}`);
       let nativeConnected = false;
       if (nativeDriver) {
         try {