@nocobase/plugin-auth 0.10.0-alpha.2

package/lib/server/basic-auth.js

@@ -0,0 +1,183 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.BasicAuth = void 0;
+function _auth() {
+  const data = require("@nocobase/auth");
+  _auth = function _auth() {
+    return data;
+  };
+  return data;
+}
+var _preset = require("../preset");
+function _crypto() {
+  const data = _interopRequireDefault(require("crypto"));
+  _crypto = function _crypto() {
+    return data;
+  };
+  return data;
+}
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
+function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
+function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
+function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { _defineProperty(target, key, source[key]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } return target; }
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); }
+class BasicAuth extends _auth().BaseAuth {
+  constructor(config) {
+    const userCollection = config.ctx.db.getCollection('users');
+    super(_objectSpread(_objectSpread({}, config), {}, {
+      userCollection
+    }));
+  }
+  validate() {
+    var _this = this;
+    return _asyncToGenerator(function* () {
+      const ctx = _this.ctx;
+      const _ctx$action$params = ctx.action.params,
+        _ctx$action$params$un = _ctx$action$params.uniqueField,
+        uniqueField = _ctx$action$params$un === void 0 ? 'email' : _ctx$action$params$un,
+        values = _ctx$action$params.values;
+      if (!values[uniqueField]) {
+        ctx.throw(400, ctx.t('Please fill in your email address', {
+          ns: _preset.namespace
+        }));
+      }
+      const user = yield _this.userCollection.repository.findOne({
+        where: {
+          [uniqueField]: values[uniqueField]
+        }
+      });
+      if (!user) {
+        ctx.throw(401, ctx.t('The email is incorrect, please re-enter', {
+          ns: _preset.namespace
+        }));
+      }
+      const field = _this.userCollection.getField('password');
+      const valid = yield field.verify(values.password, user.password);
+      if (!valid) {
+        ctx.throw(401, ctx.t('The password is incorrect, please re-enter', {
+          ns: _preset.namespace
+        }));
+      }
+      return user;
+    })();
+  }
+  signUp() {
+    var _this2 = this;
+    return _asyncToGenerator(function* () {
+      var _this2$authenticator$;
+      const ctx = _this2.ctx;
+      const options = ((_this2$authenticator$ = _this2.authenticator.options) === null || _this2$authenticator$ === void 0 ? void 0 : _this2$authenticator$.public) || {};
+      if (!options.allowSignUp) {
+        ctx.throw(403, ctx.t('Not allowed to sign up', {
+          ns: _preset.namespace
+        }));
+      }
+      const User = ctx.db.getRepository('users');
+      const values = ctx.action.params.values;
+      const user = yield User.create({
+        values
+      });
+      return user;
+    })();
+  }
+  lostPassword() {
+    var _this3 = this;
+    return _asyncToGenerator(function* () {
+      const ctx = _this3.ctx;
+      const email = ctx.action.params.values.email;
+      if (!email) {
+        ctx.throw(400, ctx.t('Please fill in your email address', {
+          ns: _preset.namespace
+        }));
+      }
+      const user = yield _this3.userCollection.repository.findOne({
+        where: {
+          email
+        }
+      });
+      if (!user) {
+        ctx.throw(401, ctx.t('The email is incorrect, please re-enter', {
+          ns: _preset.namespace
+        }));
+      }
+      user.resetToken = _crypto().default.randomBytes(20).toString('hex');
+      yield user.save();
+      return user;
+    })();
+  }
+  resetPassword() {
+    var _this4 = this;
+    return _asyncToGenerator(function* () {
+      const ctx = _this4.ctx;
+      const _ctx$action$params$va = ctx.action.params.values,
+        email = _ctx$action$params$va.email,
+        password = _ctx$action$params$va.password,
+        resetToken = _ctx$action$params$va.resetToken;
+      const user = yield _this4.userCollection.repository.findOne({
+        where: {
+          email,
+          resetToken
+        }
+      });
+      if (!user) {
+        ctx.throw(404);
+      }
+      user.token = null;
+      user.resetToken = null;
+      user.password = password;
+      yield user.save();
+      return user;
+    })();
+  }
+  getUserByResetToken() {
+    var _this5 = this;
+    return _asyncToGenerator(function* () {
+      const ctx = _this5.ctx;
+      const token = ctx.action.params.token;
+      const user = yield _this5.userCollection.repository.findOne({
+        where: {
+          resetToken: token
+        }
+      });
+      if (!user) {
+        ctx.throw(401);
+      }
+      return user;
+    })();
+  }
+  changePassword() {
+    var _this6 = this;
+    return _asyncToGenerator(function* () {
+      const ctx = _this6.ctx;
+      const _ctx$action$params$va2 = ctx.action.params.values,
+        oldPassword = _ctx$action$params$va2.oldPassword,
+        newPassword = _ctx$action$params$va2.newPassword;
+      const currentUser = ctx.auth.user;
+      if (!currentUser) {
+        ctx.throw(401);
+      }
+      const user = yield _this6.userCollection.repository.findOne({
+        where: {
+          email: currentUser.email
+        }
+      });
+      const pwd = _this6.userCollection.getField('password');
+      const isValid = yield pwd.verify(oldPassword, user.password);
+      if (!isValid) {
+        ctx.throw(401, ctx.t('The password is incorrect, please re-enter', {
+          ns: _preset.namespace
+        }));
+      }
+      user.password = newPassword;
+      yield user.save();
+      return currentUser;
+    })();
+  }
+}
+exports.BasicAuth = BasicAuth;

package/lib/server/collections/authenticators.d.ts

@@ -0,0 +1,6 @@
+import { CollectionOptions } from '@nocobase/database';
+declare const _default: CollectionOptions;
+/**
+ * Collection for extended authentication methods,
+ */
+export default _default;

package/lib/server/collections/authenticators.js

@@ -0,0 +1,93 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+/**
+ * Collection for extended authentication methods,
+ */
+var _default = {
+  namespace: 'auth.auth',
+  duplicator: 'optional',
+  name: 'authenticators',
+  sortable: true,
+  title: '{{t("Authenticators")}}',
+  model: 'AuthModel',
+  createdBy: true,
+  updatedBy: true,
+  logging: true,
+  fields: [{
+    name: 'id',
+    type: 'bigInt',
+    autoIncrement: true,
+    primaryKey: true,
+    allowNull: false,
+    interface: 'id'
+  }, {
+    interface: 'input',
+    type: 'string',
+    name: 'name',
+    allowNull: false,
+    unique: true,
+    uiSchema: {
+      type: 'string',
+      title: '{{t("Name")}}',
+      'x-component': 'Input',
+      required: true
+    }
+  }, {
+    interface: 'input',
+    type: 'string',
+    name: 'authType',
+    allowNull: false,
+    uiSchema: {
+      type: 'string',
+      title: '{{t("Auth Type")}}',
+      'x-component': 'Input',
+      required: true
+    }
+  }, {
+    interface: 'input',
+    type: 'string',
+    name: 'title',
+    uiSchema: {
+      type: 'string',
+      title: '{{t("Title")}}',
+      'x-component': 'Input'
+    }
+  }, {
+    interface: 'textarea',
+    type: 'string',
+    name: 'description',
+    allowNull: false,
+    defaultValue: '',
+    uiSchema: {
+      type: 'string',
+      title: '{{t("Description")}}',
+      'x-component': 'Input',
+      required: true
+    }
+  }, {
+    type: 'json',
+    name: 'options',
+    allowNull: false,
+    defaultValue: {}
+  }, {
+    type: 'boolean',
+    name: 'enabled',
+    defaultValue: false
+  }, {
+    interface: 'm2m',
+    type: 'belongsToMany',
+    name: 'users',
+    target: 'users',
+    foreignKey: 'authenticator',
+    otherKey: 'userId',
+    onDelete: 'CASCADE',
+    sourceKey: 'name',
+    targetKey: 'id',
+    through: 'usersAuthenticators'
+  }]
+};
+exports.default = _default;

package/lib/server/collections/users-authenticators.d.ts

@@ -0,0 +1,7 @@
+import { CollectionOptions } from '@nocobase/database';
+declare const _default: CollectionOptions;
+/**
+ * Collection for user information of extended authentication methods,
+ * such as saml, oicd, oauth, sms, etc.
+ */
+export default _default;

package/lib/server/collections/users-authenticators.js

@@ -0,0 +1,75 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+/**
+ * Collection for user information of extended authentication methods,
+ * such as saml, oicd, oauth, sms, etc.
+ */
+var _default = {
+  namespace: 'auth.auth',
+  duplicator: {
+    dumpable: 'optional',
+    /**
+     * When dump this collection, the users collection is required to be dumped.
+     */
+    with: 'users'
+  },
+  name: 'usersAuthenticators',
+  title: '{{t("Users Authenticators")}}',
+  model: 'UserAuthModel',
+  createdBy: true,
+  updatedBy: true,
+  logging: true,
+  fields: [
+  /**
+   * uuid:
+   * Unique user id of the authentication method, such as wechat openid, phone number, etc.
+   */
+  {
+    name: 'uuid',
+    interface: 'input',
+    type: 'string',
+    allowNull: false,
+    uiSchema: {
+      type: 'string',
+      title: '{{t("UUID")}}',
+      'x-component': 'Input',
+      required: true
+    }
+  }, {
+    interface: 'input',
+    type: 'string',
+    name: 'nickname',
+    allowNull: false,
+    defaultValue: '',
+    uiSchema: {
+      type: 'string',
+      title: '{{t("Nickname")}}',
+      'x-component': 'Input'
+    }
+  }, {
+    interface: 'attachment',
+    type: 'string',
+    name: 'avatar',
+    allowNull: false,
+    defaultValue: '',
+    uiSchema: {
+      type: 'string',
+      title: '{{t("Avatar")}}',
+      'x-component': 'Upload'
+    }
+  },
+  /**
+   * meta:
+   * Metadata, some other information of the authentication method.
+   */
+  {
+    type: 'json',
+    name: 'meta',
+    defaultValue: {}
+  }]
+};
+exports.default = _default;

package/lib/server/index.d.ts

@@ -0,0 +1,2 @@
+export { default } from './plugin';
+export { AuthModel } from './model/authenticator';

package/lib/server/index.js

@@ -0,0 +1,20 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "AuthModel", {
+  enumerable: true,
+  get: function get() {
+    return _authenticator.AuthModel;
+  }
+});
+Object.defineProperty(exports, "default", {
+  enumerable: true,
+  get: function get() {
+    return _plugin.default;
+  }
+});
+var _plugin = _interopRequireDefault(require("./plugin"));
+var _authenticator = require("./model/authenticator");
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

package/lib/server/locale/en-US.d.ts

@@ -0,0 +1,9 @@
+declare const _default: {
+    'The email is incorrect, please re-enter': string;
+    'Please fill in your email address': string;
+    'The password is incorrect, please re-enter': string;
+    'Not a valid cellphone number, please re-enter': string;
+    'The phone number has been registered, please login directly': string;
+    'The phone number is not registered, please register first': string;
+};
+export default _default;

package/lib/server/locale/en-US.js

@@ -0,0 +1,15 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _default = {
+  'The email is incorrect, please re-enter': 'The email is incorrect, please re-enter',
+  'Please fill in your email address': 'Please fill in your email address',
+  'The password is incorrect, please re-enter': 'The password is incorrect, please re-enter',
+  'Not a valid cellphone number, please re-enter': 'Not a valid cellphone number, please re-enter',
+  'The phone number has been registered, please login directly': 'The phone number has been registered, please login directly',
+  'The phone number is not registered, please register first': 'The phone number is not registered, please register first'
+};
+exports.default = _default;

package/lib/server/locale/index.d.ts

@@ -0,0 +1,3 @@
+export { default as enUS } from './en-US';
+export { default as zhCN } from './zh-CN';
+export { default as ptBR } from './pt-BR';

package/lib/server/locale/index.js

@@ -0,0 +1,27 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "enUS", {
+  enumerable: true,
+  get: function get() {
+    return _enUS.default;
+  }
+});
+Object.defineProperty(exports, "ptBR", {
+  enumerable: true,
+  get: function get() {
+    return _ptBR.default;
+  }
+});
+Object.defineProperty(exports, "zhCN", {
+  enumerable: true,
+  get: function get() {
+    return _zhCN.default;
+  }
+});
+var _enUS = _interopRequireDefault(require("./en-US"));
+var _zhCN = _interopRequireDefault(require("./zh-CN"));
+var _ptBR = _interopRequireDefault(require("./pt-BR"));
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

package/lib/server/locale/ja-JP.d.ts

@@ -0,0 +1,5 @@
+declare const _default: {
+    'Please fill in your email address': string;
+    'The password is incorrect, please re-enter': string;
+};
+export default _default;

package/lib/server/locale/ja-JP.js

@@ -0,0 +1,11 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _default = {
+  'Please fill in your email address': 'メールアドレスを入力してください',
+  'The password is incorrect, please re-enter': 'パスワードが正しくありません。再度入力してください。'
+};
+exports.default = _default;

package/lib/server/locale/pt-BR.d.ts

@@ -0,0 +1,9 @@
+declare const _default: {
+    'The email is incorrect, please re-enter': string;
+    'Please fill in your email address': string;
+    'The password is incorrect, please re-enter': string;
+    'Not a valid cellphone number, please re-enter': string;
+    'The phone number has been registered, please login directly': string;
+    'The phone number is not registered, please register first': string;
+};
+export default _default;

package/lib/server/locale/pt-BR.js

@@ -0,0 +1,15 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _default = {
+  'The email is incorrect, please re-enter': 'O e-mail está incorreto, por favor, digite novamente',
+  'Please fill in your email address': 'Por favor, preencha o seu endereço de e-mail',
+  'The password is incorrect, please re-enter': 'A senha está incorreta, por favor, digite novamente',
+  'Not a valid cellphone number, please re-enter': 'Número de celular inválido, por favor, digite novamente',
+  'The phone number has been registered, please login directly': 'O número de celular já está registrado, por favor, faça login diretamente',
+  'The phone number is not registered, please register first': 'O número de celular não está registrado, por favor, registre-se primeiro'
+};
+exports.default = _default;

package/lib/server/locale/zh-CN.d.ts

@@ -0,0 +1,10 @@
+declare const _default: {
+    'The email is incorrect, please re-enter': string;
+    'Please fill in your email address': string;
+    'The password is incorrect, please re-enter': string;
+    'Not a valid cellphone number, please re-enter': string;
+    'The phone number has been registered, please login directly': string;
+    'The phone number is not registered, please register first': string;
+    'Please keep and enable at least one authenticator': string;
+};
+export default _default;

package/lib/server/locale/zh-CN.js

@@ -0,0 +1,16 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _default = {
+  'The email is incorrect, please re-enter': '邮箱有误，请重新输入',
+  'Please fill in your email address': '请填写邮箱',
+  'The password is incorrect, please re-enter': '密码有误，请重新输入',
+  'Not a valid cellphone number, please re-enter': '不是有效的手机号，请重新输入',
+  'The phone number has been registered, please login directly': '手机号已注册，请直接登录',
+  'The phone number is not registered, please register first': '手机号未注册，请先注册',
+  'Please keep and enable at least one authenticator': '请至少保留并启用一个认证器'
+};
+exports.default = _default;

package/lib/server/migrations/20230506152253-basic-authenticator.d.ts

@@ -0,0 +1,5 @@
+import { Migration } from '@nocobase/server';
+export default class AddBasicAuthMigration extends Migration {
+    up(): Promise<void>;
+    down(): Promise<void>;
+}

package/lib/server/migrations/20230506152253-basic-authenticator.js

@@ -0,0 +1,40 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+function _server() {
+  const data = require("@nocobase/server");
+  _server = function _server() {
+    return data;
+  };
+  return data;
+}
+var _preset = require("../../preset");
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
+function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
+class AddBasicAuthMigration extends _server().Migration {
+  up() {
+    var _this = this;
+    return _asyncToGenerator(function* () {
+      const repo = _this.context.db.getRepository('authenticators');
+      const existed = yield repo.count();
+      if (existed) {
+        return;
+      }
+      yield repo.create({
+        values: {
+          name: _preset.presetAuthenticator,
+          authType: _preset.presetAuthType,
+          description: 'Sign in with email and password.',
+          enabled: true
+        }
+      });
+    })();
+  }
+  down() {
+    return _asyncToGenerator(function* () {})();
+  }
+}
+exports.default = AddBasicAuthMigration;

package/lib/server/migrations/20230607174500-update-basic.d.ts

@@ -0,0 +1,5 @@
+import { Migration } from '@nocobase/server';
+export default class UpdateBasicAuthMigration extends Migration {
+    up(): Promise<void>;
+    down(): Promise<void>;
+}

package/lib/server/migrations/20230607174500-update-basic.js

@@ -0,0 +1,43 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+function _server() {
+  const data = require("@nocobase/server");
+  _server = function _server() {
+    return data;
+  };
+  return data;
+}
+var _preset = require("../../preset");
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
+function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
+class UpdateBasicAuthMigration extends _server().Migration {
+  up() {
+    var _this = this;
+    return _asyncToGenerator(function* () {
+      const SystemSetting = _this.context.db.getRepository('systemSettings');
+      const setting = yield SystemSetting.findOne();
+      const allowSignUp = setting.get('allowSignUp') ? true : false;
+      const repo = _this.context.db.getRepository('authenticators');
+      yield repo.update({
+        values: {
+          options: {
+            public: {
+              allowSignUp
+            }
+          }
+        },
+        filter: {
+          name: _preset.presetAuthenticator
+        }
+      });
+    })();
+  }
+  down() {
+    return _asyncToGenerator(function* () {})();
+  }
+}
+exports.default = UpdateBasicAuthMigration;

package/lib/server/model/authenticator.d.ts

@@ -0,0 +1,6 @@
+import { Model } from '@nocobase/database';
+export declare class AuthModel extends Model {
+    findUser(uuid: string): Promise<Model<any, any>>;
+    newUser(uuid: string, values?: any): Promise<Model<any, any>>;
+    findOrCreateUser(uuid: string, userValues?: any): Promise<Model<any, any>>;
+}