@drax/identity-back 0.38.1 → 0.40.0

package/dist/controllers/UserController.js

@@ -1,6 +1,6 @@
 import { AbstractFastifyController } from "@drax/crud-back";
 import RegistrationCompleteHtml from "../html/RegistrationCompleteHtml.js";
-import { CommonConfig, DraxConfig, StoreManager, ValidationError, UnauthorizedError, SecuritySensitiveError, } from "@drax/common-back";
+import { CommonConfig, DraxConfig, StoreManager, ValidationError, UnauthorizedError, SecuritySensitiveError, BadRequestError, } from "@drax/common-back";
 import UserServiceFactory from "../factory/UserServiceFactory.js";
 import RoleServiceFactory from "../factory/RoleServiceFactory.js";
 import UserPermissions from "../permissions/UserPermissions.js";
@@ -17,6 +17,39 @@ class UserController extends AbstractFastifyController {
         super(UserServiceFactory(), UserPermissions);
         this.tenantField = "tenant";
         this.tenantFilter = true;
+        this.entityName = 'User';
+    }
+    async onUserLoggedIn(request, user, session) {
+        const eventData = {
+            action: 'loggedIn',
+            entity: this.entityName,
+            resourceId: user._id.toString(),
+            postItem: null,
+            preItem: null,
+            detail: `User ${user.username} logged in.`,
+            timestamp: new Date(),
+            ip: request.ip,
+            userAgent: request.headers['user-agent'],
+            requestId: request.id,
+            user: {
+                id: user._id.toString(),
+                username: user.username,
+                role: {
+                    id: user?.role?._id.toString(),
+                    name: user?.role?.name,
+                },
+                tenant: {
+                    id: user?.tenant?._id.toString(),
+                    name: user?.tenant?.name,
+                },
+                apiKey: {
+                    id: null,
+                    name: null,
+                },
+                session: session,
+            }
+        };
+        this.eventEmitter.emitCrudEvent(eventData);
     }
     async auth(request, reply) {
         try {
@@ -25,7 +58,9 @@ class UserController extends AbstractFastifyController {
             const userAgent = request.headers['user-agent'];
             const ip = request.ip;
             const userService = UserServiceFactory();
-            return await userService.auth(username, password, { userAgent, ip });
+            const { user, accessToken, session } = await userService.auth(username, password, { userAgent, ip });
+            this.onUserLoggedIn(request, user, session);
+            return { accessToken };
         }
         catch (e) {
             console.error('/api/auth error', e);
@@ -62,13 +97,38 @@ class UserController extends AbstractFastifyController {
             this.handleError(e, reply);
         }
     }
+    async onUserEvent(request, action, resourceId = null, detail = null) {
+        const requestData = this.extractRequestData(request);
+        const eventData = {
+            action: action,
+            entity: this.entityName,
+            resourceId: resourceId.toString(),
+            postItem: null,
+            preItem: null,
+            detail: detail,
+            timestamp: new Date(),
+            ...requestData
+        };
+        this.eventEmitter.emitCrudEvent(eventData);
+    }
     async switchTenant(request, reply) {
         try {
             request.rbac.assertPermission(UserPermissions.SwitchTenant);
             if (request.authUser && request.token) {
                 const tenantId = request.body.tenantId;
+                if (!tenantId) {
+                    throw new BadRequestError('Missing tenantId');
+                }
+                const tenant = await TenantServiceFactory().findById(tenantId);
+                if (!tenant) {
+                    throw new BadRequestError('Invalid tenantId');
+                }
+                const tenantName = tenant?.name;
                 const userService = UserServiceFactory();
-                let { accessToken } = await userService.switchTenant(request.token, tenantId);
+                let { accessToken } = await userService.switchTenant(request.token, tenantId, tenantName);
+                const username = request.rbac.username;
+                const detail = `User ${username} switched to tenant "${tenantName}" (ID: ${tenantId})`;
+                this.onUserEvent(request, 'switchTenant', request.rbac.userId, detail);
                 return { accessToken };
             }
             else {
@@ -141,6 +201,8 @@ class UserController extends AbstractFastifyController {
             const userService = UserServiceFactory();
             let user = await userService.register(payload);
             if (user) {
+                const detail = `User ${user?.username} registered successfully.`;
+                this.onUserEvent(request, 'register', user?._id, detail);
                 //SEND EMAIL FOR EMAIL VERIFICATION
                 await UserEmailService.emailVerifyCode(user.emailCode, user.email);
                 return {
@@ -187,6 +249,7 @@ class UserController extends AbstractFastifyController {
             payload.origin ?? (payload.origin = 'Admin');
             const userService = UserServiceFactory();
             let user = await userService.create(payload);
+            this.onCreated(request, user);
             return user;
         }
         catch (e) {
@@ -202,7 +265,9 @@ class UserController extends AbstractFastifyController {
                 payload.tenant = request.rbac.getAuthUser.tenantId;
             }
             const userService = UserServiceFactory();
+            let preUser = await userService.findById(id);
             let user = await userService.update(id, payload);
+            this.onUpdated(request, preUser, user);
             return user;
         }
         catch (e) {
@@ -214,8 +279,10 @@ class UserController extends AbstractFastifyController {
             request.rbac.assertPermission(UserPermissions.Delete);
             const id = request.params.id;
             const userService = UserServiceFactory();
+            let preUser = await userService.findById(id);
             let r = await userService.delete(id);
             if (r) {
+                this.onDeleted(request, preUser);
                 reply.send({
                     id: id,
                     message: 'Item deleted successfully',
@@ -246,11 +313,14 @@ class UserController extends AbstractFastifyController {
                 throw new ValidationError([{ field: 'email', reason: 'validation.email.invalid' }]);
             }
             const userService = UserServiceFactory();
+            const user = await userService.findByEmail(email);
             const code = await userService.recoveryCode(email);
             console.log("CODE", code);
             if (code) {
                 await UserEmailService.recoveryCode(code, email);
             }
+            const detail = `User ${user?.username} request a password recovery .`;
+            this.onUserEvent(request, 'passwordRecoveryRequest', user?._id, detail);
             reply.send({ message });
         }
         catch (e) {
@@ -274,8 +344,10 @@ class UserController extends AbstractFastifyController {
                 throw new ValidationError([{ field: 'newPassword', reason: 'validation.required' }]);
             }
             const userService = UserServiceFactory();
-            const result = await userService.changeUserPasswordByCode(recoveryCode, newPassword);
-            if (result) {
+            const user = await userService.changeUserPasswordByCode(recoveryCode, newPassword);
+            if (user) {
+                const detail = `User ${user?.username} complete a password recovery .`;
+                this.onUserEvent(request, 'passwordRecoveryCompleted', user?._id, detail);
                 reply.send({ message: 'action.success' });
             }
             else {
@@ -296,7 +368,9 @@ class UserController extends AbstractFastifyController {
             const currentPassword = request.body.currentPassword;
             const newPassword = request.body.newPassword;
             const userService = UserServiceFactory();
-            await userService.changeOwnPassword(userId, currentPassword, newPassword);
+            const user = await userService.changeOwnPassword(userId, currentPassword, newPassword);
+            const detail = `User ${user?.username} changed his password.`;
+            this.onUserEvent(request, 'changeMyPassword', user?._id, detail);
             return { message: 'Password updated successfully' };
         }
         catch (e) {
@@ -312,7 +386,9 @@ class UserController extends AbstractFastifyController {
             }
             const newPassword = request.body.newPassword;
             const userService = UserServiceFactory();
-            await userService.changeUserPassword(userId, newPassword);
+            const user = await userService.changeUserPassword(userId, newPassword);
+            const detail = `User ${request.rbac.username} changed password for user ${user.username}.`;
+            this.onUserEvent(request, 'changePassword', user?._id, detail);
             return { message: 'Password updated successfully' };
         }
         catch (e) {
@@ -334,7 +410,9 @@ class UserController extends AbstractFastifyController {
             const urlFile = BASE_URL + '/api/users/avatar/' + storedFile.filename;
             //Save into DB
             const userService = UserServiceFactory();
-            await userService.changeAvatar(userId, urlFile);
+            const user = await userService.changeAvatar(userId, urlFile);
+            const detail = `User ${request.rbac.username} changed avatar.`;
+            this.onUserEvent(request, 'changeAvatar', user?._id, detail);
             return {
                 filename: storedFile.filename,
                 size: storedFile.size,

package/dist/graphql/resolvers/user.resolvers.js

@@ -1,11 +1,12 @@
 import UserServiceFactory from "../../factory/UserServiceFactory.js";
 import { GraphQLError } from "graphql";
-import { ValidationErrorToGraphQLError, ValidationError, StoreManager, DraxConfig, CommonConfig } from "@drax/common-back";
+import { ValidationErrorToGraphQLError, ValidationError, StoreManager, DraxConfig, CommonConfig, BadRequestError } from "@drax/common-back";
 import { UnauthorizedError } from "@drax/common-back";
 import BadCredentialsError from "../../errors/BadCredentialsError.js";
 import { join } from "path";
 import IdentityConfig from "../../config/IdentityConfig.js";
 import UserPermissions from "../../permissions/UserPermissions.js";
+import TenantServiceFactory from "../../factory/TenantServiceFactory.js";
 export default {
     Query: {
         me: async (_, {}, { authUser }) => {
@@ -79,8 +80,13 @@ export default {
                 rbac.assertPermission(UserPermissions.SwitchTenant);
                 if (authUser && token) {
                     const tenantId = input.tenantId;
+                    const tenant = await TenantServiceFactory().findById(tenantId);
+                    if (!tenant) {
+                        throw new BadRequestError('Invalid tenantId');
+                    }
+                    const tenantName = tenant?.name;
                     const userService = UserServiceFactory();
-                    let { accessToken } = await userService.switchTenant(token, tenantId);
+                    let { accessToken } = await userService.switchTenant(token, tenantId, tenantName);
                     return { accessToken };
                 }
                 else {

package/dist/rbac/Rbac.js

@@ -21,31 +21,31 @@ class Rbac {
         };
     }
     get username() {
-        return this.authUser.username;
+        return this?.authUser?.username;
     }
     get userId() {
-        return this.authUser?.id.toString();
+        return this?.authUser?.id.toString();
     }
     get session() {
-        return this.authUser?.session;
+        return this?.authUser?.session;
     }
     get apiKeyId() {
-        return this.authUser?.apiKeyId?.toString();
+        return this?.authUser?.apiKeyId?.toString();
     }
     get apiKeyName() {
-        return this.authUser?.apiKeyName;
+        return this?.authUser?.apiKeyName;
     }
     get roleId() {
-        return this.authUser?.roleId?.toString();
+        return this?.authUser?.roleId?.toString();
     }
     get roleName() {
-        return this.authUser?.roleName;
+        return this?.authUser?.roleName;
     }
     get tenantId() {
-        return this.authUser?.tenantId?.toString();
+        return this?.authUser?.tenantId?.toString();
     }
     get tenantName() {
-        return this.authUser?.tenantName;
+        return this?.authUser?.tenantName ?? undefined;
     }
     assertAuthenticated() {
         if (!this.authUser) {

package/dist/services/UserService.js

@@ -28,7 +28,8 @@ class UserService extends AbstractService {
                 session: sessionUUID
             };
             const accessToken = AuthUtils.generateToken(tokenPayload);
-            return { accessToken: accessToken };
+            delete user.password;
+            return { accessToken: accessToken, user: user, session: sessionUUID };
         }
         else {
             const userLoginFailService = UserLoginFailServiceFactory();
@@ -51,8 +52,8 @@ class UserService extends AbstractService {
         });
         return sessionUUID;
     }
-    async switchTenant(accessToken, tenantId) {
-        const newAccessToken = AuthUtils.switchTenant(accessToken, tenantId);
+    async switchTenant(accessToken, tenantId, tenantName) {
+        const newAccessToken = AuthUtils.switchTenant(accessToken, tenantId, tenantName);
         return { accessToken: newAccessToken };
     }
     async authByEmail(email, createIfNotFound = false, userData, { userAgent, ip }) {
@@ -87,7 +88,8 @@ class UserService extends AbstractService {
         if (user) {
             newPassword = AuthUtils.hashPassword(newPassword);
             await this._repository.changePassword(userId, newPassword);
-            return true;
+            delete user.password;
+            return user;
         }
         else {
             throw new ValidationError([{ field: 'userId', reason: 'validation.notFound' }]);
@@ -102,7 +104,8 @@ class UserService extends AbstractService {
             if (AuthUtils.checkPassword(currentPassword, user.password)) {
                 newPassword = AuthUtils.hashPassword(newPassword);
                 await this._repository.changePassword(userId, newPassword);
-                return true;
+                delete user.password;
+                return user;
             }
             else {
                 throw new ValidationError([{ field: 'currentPassword', reason: 'validation.notMatch' }]);
@@ -116,7 +119,7 @@ class UserService extends AbstractService {
         const user = await this.findById(userId);
         if (user && user.active) {
             await this._repository.changeAvatar(userId, avatar);
-            return true;
+            return user;
         }
         else {
             throw new BadCredentialsError();
@@ -141,14 +144,12 @@ class UserService extends AbstractService {
     }
     async changeUserPasswordByCode(recoveryCode, newPassword) {
         try {
-            console.log("changeUserPasswordByCode recoveryCode", recoveryCode);
             const user = await this._repository.findByRecoveryCode(recoveryCode);
-            console.log("changeUserPasswordByCode user", user);
             if (user && user.active) {
                 newPassword = AuthUtils.hashPassword(newPassword);
                 await this._repository.changePassword(user._id, newPassword);
                 await this._repository.updatePartial(user._id, { recoveryCode: null });
-                return true;
+                return user;
             }
             else {
                 throw new ValidationError([{ field: 'recoveryCode', reason: 'validation.notFound' }]);

package/dist/utils/AuthUtils.js

@@ -54,23 +54,20 @@ class AuthUtils {
         // Generar el hash en formato hexadecimal
         return hmac.digest('hex');
     }
-    static switchTenant(accessToken, newTenantId) {
+    static switchTenant(accessToken, newTenantId, tenantName) {
         // Verificar que el token actual sea válido
         const tokenPayload = AuthUtils.verifyToken(accessToken);
         if (!tokenPayload) {
             throw new Error("Invalid access token");
         }
         tokenPayload.tenantId = newTenantId;
+        tokenPayload.tenantName = tenantName;
         const JWT_SECRET = DraxConfig.getOrLoad(IdentityConfig.JwtSecret);
         if (!JWT_SECRET) {
             throw new Error("JWT_SECRET ENV must be provided");
         }
-        const JWT_ISSUER = DraxConfig.getOrLoad(IdentityConfig.JwtIssuer) || 'DRAX';
         const options = {
-            jwtid: tokenPayload.id,
-            algorithm: 'HS256',
-            audience: tokenPayload.username,
-            issuer: JWT_ISSUER
+            algorithm: 'HS256'
         };
         return jsonwebtoken.sign(tokenPayload, JWT_SECRET, options);
     }

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.38.1",
+  "version": "0.40.0",
   "description": "Identity module for user management, authentication and authorization.",
   "main": "dist/index.js",
   "types": "types/index.d.ts",
@@ -28,11 +28,11 @@
   "author": "Cristian Incarnato & Drax Team",
   "license": "ISC",
   "dependencies": {
-    "@drax/common-back": "^0.38.0",
-    "@drax/crud-back": "^0.38.1",
-    "@drax/crud-share": "^0.38.0",
-    "@drax/email-back": "^0.38.0",
-    "@drax/identity-share": "^0.38.0",
+    "@drax/common-back": "^0.40.0",
+    "@drax/crud-back": "^0.40.0",
+    "@drax/crud-share": "^0.40.0",
+    "@drax/email-back": "^0.40.0",
+    "@drax/identity-share": "^0.40.0",
     "bcryptjs": "^2.4.3",
     "graphql": "^16.8.2",
     "jsonwebtoken": "^9.0.2"
@@ -63,5 +63,5 @@
       "debug": "0"
     }
   },
-  "gitHead": "33404c9f1b3df6a3f86624389916d1cae0c56904"
+  "gitHead": "269ec7921d83364dfba091cd74bd3f45a8135c26"
 }