@intuitionrobotics/user-account 0.41.68 → 0.41.71
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/app-backend/api/_user-account.js +1 -1
- package/app-backend/api/_user-account.js.map +1 -1
- package/app-backend/api/v1/account/assert.js +27 -82
- package/app-backend/api/v1/account/assert.js.map +1 -1
- package/app-backend/api/v1/account/create.js +13 -58
- package/app-backend/api/v1/account/create.js.map +1 -1
- package/app-backend/api/v1/account/list.js +12 -61
- package/app-backend/api/v1/account/list.js.map +1 -1
- package/app-backend/api/v1/account/login-saml.js +12 -62
- package/app-backend/api/v1/account/login-saml.js.map +1 -1
- package/app-backend/api/v1/account/login.js +12 -56
- package/app-backend/api/v1/account/login.js.map +1 -1
- package/app-backend/api/v1/account/logout.js +14 -59
- package/app-backend/api/v1/account/logout.js.map +1 -1
- package/app-backend/api/v1/account/upsert.js +15 -60
- package/app-backend/api/v1/account/upsert.js.map +1 -1
- package/app-backend/api/v1/account/validate.js +12 -61
- package/app-backend/api/v1/account/validate.js.map +1 -1
- package/app-backend/apis/add-new-account.js +13 -58
- package/app-backend/apis/add-new-account.js.map +1 -1
- package/app-backend/core/module-pack.js +1 -1
- package/app-backend/core/module-pack.js.map +1 -1
- package/app-backend/modules/AccountModule.js +221 -461
- package/app-backend/modules/AccountModule.js.map +1 -1
- package/app-backend/modules/SamlModule.js +36 -89
- package/app-backend/modules/SamlModule.js.map +1 -1
- package/app-frontend/core/module-pack.js +1 -1
- package/app-frontend/core/module-pack.js.map +1 -1
- package/app-frontend/modules/AccountModule.js +67 -128
- package/app-frontend/modules/AccountModule.js.map +1 -1
- package/app-frontend/ui/Component_Login.js +29 -46
- package/app-frontend/ui/Component_Login.js.map +1 -1
- package/app-frontend/ui/Component_Register.js +29 -46
- package/app-frontend/ui/Component_Register.js.map +1 -1
- package/package.json +4 -4
|
@@ -1,28 +1,4 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __extends = (this && this.__extends) || (function () {
|
|
3
|
-
var extendStatics = function (d, b) {
|
|
4
|
-
extendStatics = Object.setPrototypeOf ||
|
|
5
|
-
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
|
|
6
|
-
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
|
|
7
|
-
return extendStatics(d, b);
|
|
8
|
-
};
|
|
9
|
-
return function (d, b) {
|
|
10
|
-
extendStatics(d, b);
|
|
11
|
-
function __() { this.constructor = d; }
|
|
12
|
-
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
|
|
13
|
-
};
|
|
14
|
-
})();
|
|
15
|
-
var __assign = (this && this.__assign) || function () {
|
|
16
|
-
__assign = Object.assign || function(t) {
|
|
17
|
-
for (var s, i = 1, n = arguments.length; i < n; i++) {
|
|
18
|
-
s = arguments[i];
|
|
19
|
-
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
|
|
20
|
-
t[p] = s[p];
|
|
21
|
-
}
|
|
22
|
-
return t;
|
|
23
|
-
};
|
|
24
|
-
return __assign.apply(this, arguments);
|
|
25
|
-
};
|
|
26
2
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
27
3
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
28
4
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
@@ -32,33 +8,6 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
32
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
33
9
|
});
|
|
34
10
|
};
|
|
35
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
36
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
37
|
-
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
38
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
39
|
-
function step(op) {
|
|
40
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
41
|
-
while (_) try {
|
|
42
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
43
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
44
|
-
switch (op[0]) {
|
|
45
|
-
case 0: case 1: t = op; break;
|
|
46
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
47
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
48
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
49
|
-
default:
|
|
50
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
51
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
52
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
53
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
54
|
-
if (t[2]) _.ops.pop();
|
|
55
|
-
_.trys.pop(); continue;
|
|
56
|
-
}
|
|
57
|
-
op = body.call(thisArg, _);
|
|
58
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
59
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
60
|
-
}
|
|
61
|
-
};
|
|
62
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
63
12
|
exports.AccountModule = exports.AccountsModule_Class = exports.Collection_Accounts = exports.Collection_Sessions = exports.Header_SessionId = void 0;
|
|
64
13
|
/*
|
|
@@ -79,454 +28,265 @@ exports.AccountModule = exports.AccountsModule_Class = exports.Collection_Accoun
|
|
|
79
28
|
* See the License for the specific language governing permissions and
|
|
80
29
|
* limitations under the License.
|
|
81
30
|
*/
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
31
|
+
const ts_common_1 = require("@intuitionrobotics/ts-common");
|
|
32
|
+
const backend_1 = require("@intuitionrobotics/firebase/backend");
|
|
33
|
+
const _imports_1 = require("./_imports");
|
|
34
|
+
const backend_2 = require("@intuitionrobotics/thunderstorm/backend");
|
|
35
|
+
const backend_3 = require("@intuitionrobotics/db-api-generator/backend");
|
|
87
36
|
exports.Header_SessionId = new backend_2.HeaderKey(_imports_1.HeaderKey_SessionId);
|
|
88
37
|
exports.Collection_Sessions = "user-account--sessions";
|
|
89
38
|
exports.Collection_Accounts = "user-account--accounts";
|
|
90
|
-
|
|
91
|
-
|
|
39
|
+
const dispatch_onUserLogin = new ts_common_1.Dispatcher("__onUserLogin");
|
|
40
|
+
const dispatch_onNewUserRegistered = new ts_common_1.Dispatcher("__onNewUserRegistered");
|
|
92
41
|
function getUIAccount(account) {
|
|
93
|
-
|
|
94
|
-
return { email
|
|
42
|
+
const { email, _id } = account;
|
|
43
|
+
return { email, _id };
|
|
95
44
|
}
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
var sessionTTLms = _this.config.sessionTTLms.web;
|
|
45
|
+
class AccountsModule_Class extends ts_common_1.Module {
|
|
46
|
+
constructor() {
|
|
47
|
+
super();
|
|
48
|
+
this.TTLExpired = (session) => {
|
|
49
|
+
const delta = ts_common_1.currentTimeMillies() - session.timestamp;
|
|
50
|
+
let sessionTTLms = this.config.sessionTTLms.web;
|
|
103
51
|
if (session.frontType === _imports_1.FrontType.App)
|
|
104
|
-
sessionTTLms =
|
|
52
|
+
sessionTTLms = this.config.sessionTTLms.app;
|
|
105
53
|
return delta > sessionTTLms || delta < 0;
|
|
106
54
|
};
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
case 2:
|
|
124
|
-
_a.sent();
|
|
125
|
-
_a.label = 3;
|
|
126
|
-
case 3: return [4 /*yield*/, this.getUserEmailFromSession(session)];
|
|
127
|
-
case 4:
|
|
128
|
-
account = _a.sent();
|
|
129
|
-
return [2 /*return*/, { sessionId: session.sessionId, email: account.email }];
|
|
130
|
-
}
|
|
131
|
-
});
|
|
132
|
-
}); };
|
|
133
|
-
_this.setDefaultConfig({ sessionTTLms: { web: ts_common_1.Day, app: ts_common_1.Day } });
|
|
134
|
-
return _this;
|
|
55
|
+
this.upsertSession = (userId, frontType) => __awaiter(this, void 0, void 0, function* () {
|
|
56
|
+
let session = yield this.sessions.queryUnique({ where: { userId } });
|
|
57
|
+
if (!session || this.TTLExpired(session)) {
|
|
58
|
+
session = {
|
|
59
|
+
sessionId: ts_common_1.generateHex(64),
|
|
60
|
+
timestamp: ts_common_1.currentTimeMillies(),
|
|
61
|
+
userId
|
|
62
|
+
};
|
|
63
|
+
if (frontType)
|
|
64
|
+
session.frontType = frontType;
|
|
65
|
+
yield this.sessions.upsert(session);
|
|
66
|
+
}
|
|
67
|
+
const account = yield this.getUserEmailFromSession(session);
|
|
68
|
+
return { sessionId: session.sessionId, email: account.email };
|
|
69
|
+
});
|
|
70
|
+
this.setDefaultConfig({ sessionTTLms: { web: ts_common_1.Day, app: ts_common_1.Day } });
|
|
135
71
|
}
|
|
136
|
-
|
|
137
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
e_1 = _a.sent();
|
|
149
|
-
return [3 /*break*/, 3];
|
|
150
|
-
case 3: return [2 /*return*/, {
|
|
151
|
-
key: this.getName(),
|
|
152
|
-
data: data
|
|
153
|
-
}];
|
|
154
|
-
}
|
|
155
|
-
});
|
|
72
|
+
__queryRequestInfo(request) {
|
|
73
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
74
|
+
let data;
|
|
75
|
+
try {
|
|
76
|
+
data = yield this.validateSession(request);
|
|
77
|
+
}
|
|
78
|
+
catch (e) {
|
|
79
|
+
}
|
|
80
|
+
return {
|
|
81
|
+
key: this.getName(),
|
|
82
|
+
data: data
|
|
83
|
+
};
|
|
156
84
|
});
|
|
157
|
-
}
|
|
158
|
-
|
|
159
|
-
|
|
85
|
+
}
|
|
86
|
+
init() {
|
|
87
|
+
const firestore = backend_1.FirebaseModule.createAdminSession(this.config.projectId).getFirestore();
|
|
160
88
|
this.sessions = firestore.getCollection(exports.Collection_Sessions, ["userId"]);
|
|
161
89
|
this.accounts = firestore.getCollection(exports.Collection_Accounts, ["email"]);
|
|
162
|
-
}
|
|
163
|
-
|
|
164
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
165
|
-
|
|
166
|
-
return
|
|
167
|
-
email = _email.toLowerCase();
|
|
168
|
-
return [2 /*return*/, this.accounts.queryUnique({ where: { email: email }, select: ["email", "_id"] })];
|
|
169
|
-
});
|
|
90
|
+
}
|
|
91
|
+
getUser(_email) {
|
|
92
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
93
|
+
const email = _email.toLowerCase();
|
|
94
|
+
return this.accounts.queryUnique({ where: { email }, select: ["email", "_id"] });
|
|
170
95
|
});
|
|
171
|
-
}
|
|
172
|
-
|
|
173
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
174
|
-
return
|
|
175
|
-
return [2 /*return*/, this.accounts.getAll(["_id", "email"])];
|
|
176
|
-
});
|
|
96
|
+
}
|
|
97
|
+
listUsers() {
|
|
98
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
99
|
+
return this.accounts.getAll(["_id", "email"]);
|
|
177
100
|
});
|
|
178
|
-
}
|
|
179
|
-
|
|
180
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
181
|
-
return
|
|
182
|
-
return [2 /*return*/, this.sessions.getAll(["userId", "timestamp"])];
|
|
183
|
-
});
|
|
101
|
+
}
|
|
102
|
+
listSessions() {
|
|
103
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
104
|
+
return this.sessions.getAll(["userId", "timestamp"]);
|
|
184
105
|
});
|
|
185
|
-
}
|
|
186
|
-
|
|
187
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
188
|
-
|
|
189
|
-
return
|
|
190
|
-
email = _email.toLowerCase();
|
|
191
|
-
return [2 /*return*/, this.accounts.queryUnique({ where: { email: email } })];
|
|
192
|
-
});
|
|
106
|
+
}
|
|
107
|
+
getSession(_email) {
|
|
108
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
109
|
+
const email = _email.toLowerCase();
|
|
110
|
+
return this.accounts.queryUnique({ where: { email } });
|
|
193
111
|
});
|
|
194
|
-
}
|
|
195
|
-
|
|
196
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
account = _a.sent();
|
|
204
|
-
if (!account)
|
|
205
|
-
return [2 /*return*/];
|
|
206
|
-
return [4 /*yield*/, this.sessions.query({ select: ["userId", "timestamp", "frontType"], where: { userId: account._id } })];
|
|
207
|
-
case 2:
|
|
208
|
-
sessions = _a.sent();
|
|
209
|
-
return [2 /*return*/, sessions.map(function (session) {
|
|
210
|
-
return __assign(__assign({}, session), { isExpired: _this.TTLExpired(session) });
|
|
211
|
-
})];
|
|
212
|
-
}
|
|
112
|
+
}
|
|
113
|
+
querySessions(_email) {
|
|
114
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
115
|
+
const account = yield this.getSession(_email);
|
|
116
|
+
if (!account)
|
|
117
|
+
return;
|
|
118
|
+
const sessions = yield this.sessions.query({ select: ["userId", "timestamp", "frontType"], where: { userId: account._id } });
|
|
119
|
+
return sessions.map((session) => {
|
|
120
|
+
return Object.assign(Object.assign({}, session), { isExpired: this.TTLExpired(session) });
|
|
213
121
|
});
|
|
214
122
|
});
|
|
215
|
-
}
|
|
216
|
-
|
|
217
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
case 1:
|
|
223
|
-
account = _a.sent();
|
|
224
|
-
return [4 /*yield*/, this.login(request)];
|
|
225
|
-
case 2:
|
|
226
|
-
session = _a.sent();
|
|
227
|
-
return [4 /*yield*/, dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(account)])];
|
|
228
|
-
case 3:
|
|
229
|
-
_a.sent();
|
|
230
|
-
return [2 /*return*/, session];
|
|
231
|
-
}
|
|
232
|
-
});
|
|
123
|
+
}
|
|
124
|
+
create(request) {
|
|
125
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
126
|
+
const account = yield this.createAccount(request);
|
|
127
|
+
const session = yield this.login(request);
|
|
128
|
+
yield dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(account)]);
|
|
129
|
+
return session;
|
|
233
130
|
});
|
|
234
|
-
}
|
|
235
|
-
|
|
236
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
case 0: return [4 /*yield*/, transaction.queryUnique(this.accounts, { where: { email: request.email } })];
|
|
249
|
-
case 1:
|
|
250
|
-
existAccount = _a.sent();
|
|
251
|
-
if (existAccount)
|
|
252
|
-
return [2 /*return*/, this.changePassword(request.email, request.password, transaction)];
|
|
253
|
-
callback = function () { return __awaiter(_this, void 0, void 0, function () { return __generator(this, function (_a) {
|
|
254
|
-
return [2 /*return*/, dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(account)])];
|
|
255
|
-
}); }); };
|
|
256
|
-
return [2 /*return*/, this.createImpl(request, transaction)];
|
|
257
|
-
}
|
|
258
|
-
});
|
|
259
|
-
}); })];
|
|
260
|
-
case 1:
|
|
261
|
-
account = _a.sent();
|
|
262
|
-
return [4 /*yield*/, this.loginValidate(request, false)];
|
|
263
|
-
case 2:
|
|
264
|
-
_a.sent();
|
|
265
|
-
return [4 /*yield*/, callback()];
|
|
266
|
-
case 3:
|
|
267
|
-
_a.sent();
|
|
268
|
-
return [2 /*return*/, getUIAccount(account)];
|
|
269
|
-
}
|
|
270
|
-
});
|
|
131
|
+
}
|
|
132
|
+
upsert(request) {
|
|
133
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
134
|
+
let callback = () => Promise.resolve([]);
|
|
135
|
+
const account = yield this.accounts.runInTransaction((transaction) => __awaiter(this, void 0, void 0, function* () {
|
|
136
|
+
const existAccount = yield transaction.queryUnique(this.accounts, { where: { email: request.email } });
|
|
137
|
+
if (existAccount)
|
|
138
|
+
return this.changePassword(request.email, request.password, transaction);
|
|
139
|
+
callback = () => __awaiter(this, void 0, void 0, function* () { return dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(account)]); });
|
|
140
|
+
return this.createImpl(request, transaction);
|
|
141
|
+
}));
|
|
142
|
+
yield this.loginValidate(request, false);
|
|
143
|
+
yield callback();
|
|
144
|
+
return getUIAccount(account);
|
|
271
145
|
});
|
|
272
|
-
}
|
|
273
|
-
|
|
274
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
return [4 /*yield*/, dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(account)])];
|
|
284
|
-
case 2:
|
|
285
|
-
_a.sent();
|
|
286
|
-
return [3 /*break*/, 5];
|
|
287
|
-
case 3: return [4 /*yield*/, this.createSAML(email)];
|
|
288
|
-
case 4:
|
|
289
|
-
account = _a.sent();
|
|
290
|
-
_a.label = 5;
|
|
291
|
-
case 5: return [2 /*return*/, getUIAccount(account)];
|
|
292
|
-
}
|
|
293
|
-
});
|
|
146
|
+
}
|
|
147
|
+
addNewAccount(email, password, password_check) {
|
|
148
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
149
|
+
let account;
|
|
150
|
+
if (password && password_check) {
|
|
151
|
+
account = yield this.createAccount({ password, password_check, email });
|
|
152
|
+
yield dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(account)]);
|
|
153
|
+
}
|
|
154
|
+
else
|
|
155
|
+
account = yield this.createSAML(email);
|
|
156
|
+
return getUIAccount(account);
|
|
294
157
|
});
|
|
295
|
-
}
|
|
296
|
-
|
|
297
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
account = _a.sent();
|
|
309
|
-
if (!account)
|
|
310
|
-
throw new backend_2.ApiException(422, "User with email does not exist");
|
|
311
|
-
if (!account.saltedPassword || !account.salt)
|
|
312
|
-
throw new backend_2.ApiException(401, "Account login using SAML");
|
|
313
|
-
account.saltedPassword = ts_common_1.hashPasswordWithSalt(account.salt, newPassword);
|
|
314
|
-
account._audit = ts_common_1.auditBy(email, 'Changed password');
|
|
315
|
-
return [2 /*return*/, transaction.upsert(this.accounts, account)];
|
|
316
|
-
}
|
|
317
|
-
});
|
|
318
|
-
}); };
|
|
319
|
-
if (_transaction)
|
|
320
|
-
return [2 /*return*/, processor(_transaction)];
|
|
321
|
-
return [2 /*return*/, this.accounts.runInTransaction(processor)];
|
|
158
|
+
}
|
|
159
|
+
changePassword(userEmail, newPassword, _transaction) {
|
|
160
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
161
|
+
const email = userEmail.toLowerCase();
|
|
162
|
+
const processor = (transaction) => __awaiter(this, void 0, void 0, function* () {
|
|
163
|
+
const account = yield transaction.queryUnique(this.accounts, { where: { email } });
|
|
164
|
+
if (!account)
|
|
165
|
+
throw new backend_2.ApiException(422, "User with email does not exist");
|
|
166
|
+
if (!account.saltedPassword || !account.salt)
|
|
167
|
+
throw new backend_2.ApiException(401, "Account login using SAML");
|
|
168
|
+
account.saltedPassword = ts_common_1.hashPasswordWithSalt(account.salt, newPassword);
|
|
169
|
+
account._audit = ts_common_1.auditBy(email, 'Changed password');
|
|
170
|
+
return transaction.upsert(this.accounts, account);
|
|
322
171
|
});
|
|
172
|
+
if (_transaction)
|
|
173
|
+
return processor(_transaction);
|
|
174
|
+
return this.accounts.runInTransaction(processor);
|
|
323
175
|
});
|
|
324
|
-
}
|
|
325
|
-
|
|
326
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
case 0: return [4 /*yield*/, transaction.queryUnique(this.accounts, { where: { email: request.email } })];
|
|
336
|
-
case 1:
|
|
337
|
-
account = _a.sent();
|
|
338
|
-
if (account)
|
|
339
|
-
throw new backend_2.ApiException(422, "User with email already exists");
|
|
340
|
-
return [2 /*return*/, this.createImpl(request, transaction)];
|
|
341
|
-
}
|
|
342
|
-
});
|
|
343
|
-
}); })];
|
|
344
|
-
});
|
|
176
|
+
}
|
|
177
|
+
createAccount(request) {
|
|
178
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
179
|
+
request.email = request.email.toLowerCase();
|
|
180
|
+
ts_common_1.validate(request.email, backend_3.validateEmail);
|
|
181
|
+
return this.accounts.runInTransaction((transaction) => __awaiter(this, void 0, void 0, function* () {
|
|
182
|
+
const account = yield transaction.queryUnique(this.accounts, { where: { email: request.email } });
|
|
183
|
+
if (account)
|
|
184
|
+
throw new backend_2.ApiException(422, "User with email already exists");
|
|
185
|
+
return this.createImpl(request, transaction);
|
|
186
|
+
}));
|
|
345
187
|
});
|
|
346
|
-
}
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
188
|
+
}
|
|
189
|
+
createImpl(request, transaction) {
|
|
190
|
+
const salt = ts_common_1.generateHex(32);
|
|
191
|
+
const account = {
|
|
350
192
|
_id: ts_common_1.generateHex(32),
|
|
351
193
|
_audit: ts_common_1.auditBy(request.email),
|
|
352
194
|
email: request.email,
|
|
353
|
-
salt
|
|
195
|
+
salt,
|
|
354
196
|
saltedPassword: ts_common_1.hashPasswordWithSalt(salt, request.password)
|
|
355
197
|
};
|
|
356
198
|
return transaction.insert(this.accounts, account);
|
|
357
|
-
}
|
|
358
|
-
|
|
359
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
switch (_a.label) {
|
|
363
|
-
case 0:
|
|
364
|
-
query = { where: { sessionId: sessionId } };
|
|
365
|
-
return [4 /*yield*/, this.sessions.deleteUnique(query)];
|
|
366
|
-
case 1:
|
|
367
|
-
_a.sent();
|
|
368
|
-
return [2 /*return*/];
|
|
369
|
-
}
|
|
370
|
-
});
|
|
199
|
+
}
|
|
200
|
+
logout(sessionId) {
|
|
201
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
202
|
+
const query = { where: { sessionId } };
|
|
203
|
+
yield this.sessions.deleteUnique(query);
|
|
371
204
|
});
|
|
372
|
-
}
|
|
373
|
-
|
|
374
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
375
|
-
return
|
|
376
|
-
switch (_a.label) {
|
|
377
|
-
case 0: return [4 /*yield*/, this.loginValidate(request)];
|
|
378
|
-
case 1: return [2 /*return*/, _a.sent()];
|
|
379
|
-
}
|
|
380
|
-
});
|
|
205
|
+
}
|
|
206
|
+
login(request) {
|
|
207
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
208
|
+
return yield this.loginValidate(request);
|
|
381
209
|
});
|
|
382
|
-
}
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
return [4 /*yield*/, this.accounts.upsert(account)];
|
|
404
|
-
case 2:
|
|
405
|
-
_a.sent();
|
|
406
|
-
_a.label = 3;
|
|
407
|
-
case 3:
|
|
408
|
-
if (!doCreateSession) return [3 /*break*/, 5];
|
|
409
|
-
return [4 /*yield*/, this.upsertSession(account._id, request.frontType)];
|
|
410
|
-
case 4:
|
|
411
|
-
session = _a.sent();
|
|
412
|
-
_a.label = 5;
|
|
413
|
-
case 5: return [4 /*yield*/, dispatch_onUserLogin.dispatchModuleAsync([getUIAccount(account)])];
|
|
414
|
-
case 6:
|
|
415
|
-
_a.sent();
|
|
416
|
-
return [2 /*return*/, session];
|
|
417
|
-
}
|
|
418
|
-
});
|
|
210
|
+
}
|
|
211
|
+
loginValidate(request, doCreateSession = true) {
|
|
212
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
213
|
+
request.email = request.email.toLowerCase();
|
|
214
|
+
const query = { where: { email: request.email } };
|
|
215
|
+
const account = yield this.accounts.queryUnique(query);
|
|
216
|
+
if (!account)
|
|
217
|
+
throw new backend_2.ApiException(401, "account does not exists");
|
|
218
|
+
if (!account.saltedPassword || !account.salt)
|
|
219
|
+
throw new backend_2.ApiException(401, "Account login using SAML");
|
|
220
|
+
if (account.saltedPassword !== ts_common_1.hashPasswordWithSalt(account.salt, request.password))
|
|
221
|
+
throw new backend_2.ApiException(401, "wrong username or password");
|
|
222
|
+
if (!account._id) {
|
|
223
|
+
account._id = ts_common_1.generateHex(32);
|
|
224
|
+
yield this.accounts.upsert(account);
|
|
225
|
+
}
|
|
226
|
+
let session;
|
|
227
|
+
if (doCreateSession)
|
|
228
|
+
session = yield this.upsertSession(account._id, request.frontType);
|
|
229
|
+
yield dispatch_onUserLogin.dispatchModuleAsync([getUIAccount(account)]);
|
|
230
|
+
return session;
|
|
419
231
|
});
|
|
420
|
-
}
|
|
421
|
-
|
|
422
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
return [4 /*yield*/, this.createSAML(_email)];
|
|
429
|
-
case 1:
|
|
430
|
-
account = _a.sent();
|
|
431
|
-
return [4 /*yield*/, this.upsertSession(account._id)];
|
|
432
|
-
case 2:
|
|
433
|
-
session = _a.sent();
|
|
434
|
-
return [4 /*yield*/, dispatch_onUserLogin.dispatchModuleAsync([getUIAccount(account)])];
|
|
435
|
-
case 3:
|
|
436
|
-
_a.sent();
|
|
437
|
-
return [2 /*return*/, session];
|
|
438
|
-
}
|
|
439
|
-
});
|
|
232
|
+
}
|
|
233
|
+
loginSAML(__email) {
|
|
234
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
235
|
+
const _email = __email.toLowerCase();
|
|
236
|
+
const account = yield this.createSAML(_email);
|
|
237
|
+
const session = yield this.upsertSession(account._id);
|
|
238
|
+
yield dispatch_onUserLogin.dispatchModuleAsync([getUIAccount(account)]);
|
|
239
|
+
return session;
|
|
440
240
|
});
|
|
441
|
-
}
|
|
442
|
-
|
|
443
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
account = _a.sent();
|
|
459
|
-
if (account === null || account === void 0 ? void 0 : account._id)
|
|
460
|
-
return [2 /*return*/, account];
|
|
461
|
-
_account = __assign({ _id: ts_common_1.generateHex(32), _audit: ts_common_1.auditBy(_email), email: _email }, account);
|
|
462
|
-
dispatchEvent = true;
|
|
463
|
-
return [2 /*return*/, transaction.upsert(this.accounts, _account)];
|
|
464
|
-
}
|
|
465
|
-
});
|
|
466
|
-
}); })];
|
|
467
|
-
case 1:
|
|
468
|
-
toRet = _a.sent();
|
|
469
|
-
if (!dispatchEvent) return [3 /*break*/, 3];
|
|
470
|
-
return [4 /*yield*/, dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(toRet)])];
|
|
471
|
-
case 2:
|
|
472
|
-
_a.sent();
|
|
473
|
-
_a.label = 3;
|
|
474
|
-
case 3: return [2 /*return*/, toRet];
|
|
475
|
-
}
|
|
476
|
-
});
|
|
241
|
+
}
|
|
242
|
+
createSAML(__email) {
|
|
243
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
244
|
+
const _email = __email.toLowerCase();
|
|
245
|
+
const query = { where: { email: _email } };
|
|
246
|
+
let dispatchEvent = false;
|
|
247
|
+
const toRet = yield this.accounts.runInTransaction((transaction) => __awaiter(this, void 0, void 0, function* () {
|
|
248
|
+
const account = yield transaction.queryUnique(this.accounts, query);
|
|
249
|
+
if (account === null || account === void 0 ? void 0 : account._id)
|
|
250
|
+
return account;
|
|
251
|
+
const _account = Object.assign({ _id: ts_common_1.generateHex(32), _audit: ts_common_1.auditBy(_email), email: _email }, account);
|
|
252
|
+
dispatchEvent = true;
|
|
253
|
+
return transaction.upsert(this.accounts, _account);
|
|
254
|
+
}));
|
|
255
|
+
if (dispatchEvent)
|
|
256
|
+
yield dispatch_onNewUserRegistered.dispatchModuleAsync([getUIAccount(toRet)]);
|
|
257
|
+
return toRet;
|
|
477
258
|
});
|
|
478
|
-
}
|
|
479
|
-
|
|
480
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
throw new backend_2.ApiException(404, 'Missing sessionId');
|
|
486
|
-
return [2 /*return*/, this.validateSessionId(sessionId)];
|
|
487
|
-
});
|
|
259
|
+
}
|
|
260
|
+
validateSession(request) {
|
|
261
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
262
|
+
const sessionId = exports.Header_SessionId.get(request);
|
|
263
|
+
if (!sessionId)
|
|
264
|
+
throw new backend_2.ApiException(404, 'Missing sessionId');
|
|
265
|
+
return this.validateSessionId(sessionId);
|
|
488
266
|
});
|
|
489
|
-
}
|
|
490
|
-
|
|
491
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
session = _a.sent();
|
|
500
|
-
if (!session)
|
|
501
|
-
throw new backend_2.ApiException(401, "Invalid session id: " + sessionId);
|
|
502
|
-
if (this.TTLExpired(session))
|
|
503
|
-
throw new backend_2.ApiException(401, "Session timed out");
|
|
504
|
-
return [4 /*yield*/, this.getUserEmailFromSession(session)];
|
|
505
|
-
case 2: return [2 /*return*/, _a.sent()];
|
|
506
|
-
}
|
|
507
|
-
});
|
|
267
|
+
}
|
|
268
|
+
validateSessionId(sessionId) {
|
|
269
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
270
|
+
const query = { where: { sessionId } };
|
|
271
|
+
const session = yield this.sessions.queryUnique(query);
|
|
272
|
+
if (!session)
|
|
273
|
+
throw new backend_2.ApiException(401, `Invalid session id: ${sessionId}`);
|
|
274
|
+
if (this.TTLExpired(session))
|
|
275
|
+
throw new backend_2.ApiException(401, "Session timed out");
|
|
276
|
+
return yield this.getUserEmailFromSession(session);
|
|
508
277
|
});
|
|
509
|
-
}
|
|
510
|
-
|
|
511
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
if (!!account) return [3 /*break*/, 3];
|
|
519
|
-
return [4 /*yield*/, this.sessions.deleteItem(session)];
|
|
520
|
-
case 2:
|
|
521
|
-
_a.sent();
|
|
522
|
-
throw new backend_2.ApiException(403, "No user found for session: " + ts_common_1.__stringify(session));
|
|
523
|
-
case 3: return [2 /*return*/, getUIAccount(account)];
|
|
524
|
-
}
|
|
525
|
-
});
|
|
278
|
+
}
|
|
279
|
+
getUserEmailFromSession(session) {
|
|
280
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
281
|
+
const account = yield this.accounts.queryUnique({ where: { _id: session.userId } });
|
|
282
|
+
if (!account) {
|
|
283
|
+
yield this.sessions.deleteItem(session);
|
|
284
|
+
throw new backend_2.ApiException(403, `No user found for session: ${ts_common_1.__stringify(session)}`);
|
|
285
|
+
}
|
|
286
|
+
return getUIAccount(account);
|
|
526
287
|
});
|
|
527
|
-
}
|
|
528
|
-
|
|
529
|
-
}(ts_common_1.Module));
|
|
288
|
+
}
|
|
289
|
+
}
|
|
530
290
|
exports.AccountsModule_Class = AccountsModule_Class;
|
|
531
291
|
exports.AccountModule = new AccountsModule_Class();
|
|
532
292
|
//# sourceMappingURL=AccountModule.js.map
|