@solidxai/core 0.1.9-beta.6 → 0.1.9-beta.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants/chatter-message.constants.d.ts +6 -0
- package/dist/constants/chatter-message.constants.d.ts.map +1 -1
- package/dist/constants/chatter-message.constants.js +7 -1
- package/dist/constants/chatter-message.constants.js.map +1 -1
- package/dist/controllers/authentication.controller.d.ts +12 -0
- package/dist/controllers/authentication.controller.d.ts.map +1 -1
- package/dist/controllers/authentication.controller.js +13 -0
- package/dist/controllers/authentication.controller.js.map +1 -1
- package/dist/controllers/chatter-message.controller.d.ts +1 -0
- package/dist/controllers/chatter-message.controller.d.ts.map +1 -1
- package/dist/controllers/chatter-message.controller.js +12 -0
- package/dist/controllers/chatter-message.controller.js.map +1 -1
- package/dist/controllers/facebook-authentication.controller.d.ts +27 -0
- package/dist/controllers/facebook-authentication.controller.d.ts.map +1 -0
- package/dist/controllers/facebook-authentication.controller.js +117 -0
- package/dist/controllers/facebook-authentication.controller.js.map +1 -0
- package/dist/controllers/menu-item-metadata.controller.d.ts +1 -0
- package/dist/controllers/menu-item-metadata.controller.d.ts.map +1 -1
- package/dist/controllers/menu-item-metadata.controller.js +15 -0
- package/dist/controllers/menu-item-metadata.controller.js.map +1 -1
- package/dist/controllers/microsoft-authentication.controller.d.ts +27 -0
- package/dist/controllers/microsoft-authentication.controller.d.ts.map +1 -0
- package/dist/controllers/microsoft-authentication.controller.js +118 -0
- package/dist/controllers/microsoft-authentication.controller.js.map +1 -0
- package/dist/controllers/setting.controller.d.ts +2 -2
- package/dist/controllers/setting.controller.js +2 -2
- package/dist/decorators/auth.decorator.d.ts.map +1 -1
- package/dist/decorators/computed-field-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/dashboard-question-data-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/dashboard-selection-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/disallow-in-production.decorator.d.ts.map +1 -1
- package/dist/decorators/error-codes-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/extension-user-creation-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/is-not-in-enum.decorator.d.ts.map +1 -1
- package/dist/decorators/mail-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/roles.decorator.d.ts.map +1 -1
- package/dist/decorators/scheduled-job-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/security-rule-config-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/selection-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/sms-provider.decorator.d.ts.map +1 -1
- package/dist/decorators/solid-database-module.decorator.d.ts.map +1 -1
- package/dist/decorators/whatsapp-provider.decorator.d.ts.map +1 -1
- package/dist/dtos/create-chatter-message.dto.d.ts +1 -0
- package/dist/dtos/create-chatter-message.dto.d.ts.map +1 -1
- package/dist/dtos/create-chatter-message.dto.js +7 -1
- package/dist/dtos/create-chatter-message.dto.js.map +1 -1
- package/dist/dtos/post-chatter-message.dto.d.ts +1 -0
- package/dist/dtos/post-chatter-message.dto.d.ts.map +1 -1
- package/dist/dtos/post-chatter-message.dto.js +6 -1
- package/dist/dtos/post-chatter-message.dto.js.map +1 -1
- package/dist/dtos/update-chatter-message.dto.d.ts +1 -0
- package/dist/dtos/update-chatter-message.dto.d.ts.map +1 -1
- package/dist/dtos/update-chatter-message.dto.js +7 -1
- package/dist/dtos/update-chatter-message.dto.js.map +1 -1
- package/dist/entities/chatter-message.entity.d.ts +1 -0
- package/dist/entities/chatter-message.entity.d.ts.map +1 -1
- package/dist/entities/chatter-message.entity.js +5 -1
- package/dist/entities/chatter-message.entity.js.map +1 -1
- package/dist/entities/user.entity.d.ts +8 -0
- package/dist/entities/user.entity.d.ts.map +1 -1
- package/dist/entities/user.entity.js +33 -1
- package/dist/entities/user.entity.js.map +1 -1
- package/dist/helpers/cors.helper.js +1 -1
- package/dist/helpers/cors.helper.js.map +1 -1
- package/dist/helpers/facebook-oauth.helper.d.ts +8 -0
- package/dist/helpers/facebook-oauth.helper.d.ts.map +1 -0
- package/dist/helpers/facebook-oauth.helper.js +11 -0
- package/dist/helpers/facebook-oauth.helper.js.map +1 -0
- package/dist/helpers/field-crud-managers/ManyToManyRelationFieldCrudManager.js +5 -5
- package/dist/helpers/field-crud-managers/ManyToManyRelationFieldCrudManager.js.map +1 -1
- package/dist/helpers/field-crud-managers/ManyToOneRelationFieldCrudManager.d.ts.map +1 -1
- package/dist/helpers/field-crud-managers/ManyToOneRelationFieldCrudManager.js +2 -2
- package/dist/helpers/field-crud-managers/ManyToOneRelationFieldCrudManager.js.map +1 -1
- package/dist/helpers/field-crud-managers/OneToManyRelationFieldCrudManager.js +5 -5
- package/dist/helpers/field-crud-managers/OneToManyRelationFieldCrudManager.js.map +1 -1
- package/dist/helpers/microsoft-oauth.helper.d.ts +9 -0
- package/dist/helpers/microsoft-oauth.helper.d.ts.map +1 -0
- package/dist/helpers/microsoft-oauth.helper.js +12 -0
- package/dist/helpers/microsoft-oauth.helper.js.map +1 -0
- package/dist/helpers/module-metadata-helper.service.js +3 -3
- package/dist/helpers/module-metadata-helper.service.js.map +1 -1
- package/dist/helpers/security.helper.d.ts.map +1 -1
- package/dist/helpers/string.helper.d.ts +1 -0
- package/dist/helpers/string.helper.d.ts.map +1 -1
- package/dist/helpers/string.helper.js +4 -1
- package/dist/helpers/string.helper.js.map +1 -1
- package/dist/helpers/user-helper.d.ts.map +1 -1
- package/dist/helpers/user-helper.js +4 -0
- package/dist/helpers/user-helper.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/interfaces.d.ts +19 -0
- package/dist/interfaces.d.ts.map +1 -1
- package/dist/interfaces.js.map +1 -1
- package/dist/passport-strategies/facebook-oauth.strategy.d.ts +14 -0
- package/dist/passport-strategies/facebook-oauth.strategy.d.ts.map +1 -0
- package/dist/passport-strategies/facebook-oauth.strategy.js +73 -0
- package/dist/passport-strategies/facebook-oauth.strategy.js.map +1 -0
- package/dist/passport-strategies/microsoft-oauth.strategy.d.ts +14 -0
- package/dist/passport-strategies/microsoft-oauth.strategy.d.ts.map +1 -0
- package/dist/passport-strategies/microsoft-oauth.strategy.js +77 -0
- package/dist/passport-strategies/microsoft-oauth.strategy.js.map +1 -0
- package/dist/repository/chatter-message-details.repository.d.ts.map +1 -1
- package/dist/repository/chatter-message-details.repository.js +7 -6
- package/dist/repository/chatter-message-details.repository.js.map +1 -1
- package/dist/repository/chatter-message.repository.d.ts.map +1 -1
- package/dist/repository/chatter-message.repository.js +4 -4
- package/dist/repository/chatter-message.repository.js.map +1 -1
- package/dist/repository/solid-base.repository.js +2 -2
- package/dist/repository/solid-base.repository.js.map +1 -1
- package/dist/seeders/module-test-data.service.js +4 -4
- package/dist/seeders/module-test-data.service.js.map +1 -1
- package/dist/seeders/seed-data/solid-core-metadata.json +27 -58
- package/dist/services/api-key.service.d.ts +17 -1
- package/dist/services/api-key.service.d.ts.map +1 -1
- package/dist/services/api-key.service.js +38 -2
- package/dist/services/api-key.service.js.map +1 -1
- package/dist/services/authentication.service.d.ts +51 -16
- package/dist/services/authentication.service.d.ts.map +1 -1
- package/dist/services/authentication.service.js +318 -150
- package/dist/services/authentication.service.js.map +1 -1
- package/dist/services/chatter-message.service.d.ts +1 -0
- package/dist/services/chatter-message.service.d.ts.map +1 -1
- package/dist/services/chatter-message.service.js +17 -0
- package/dist/services/chatter-message.service.js.map +1 -1
- package/dist/services/computed-fields/entity/sequence-num-computed-field-provider.d.ts.map +1 -1
- package/dist/services/computed-fields/entity/sequence-num-computed-field-provider.js +2 -2
- package/dist/services/computed-fields/entity/sequence-num-computed-field-provider.js.map +1 -1
- package/dist/services/crud-helper.service.d.ts.map +1 -1
- package/dist/services/crud-helper.service.js +9 -9
- package/dist/services/crud-helper.service.js.map +1 -1
- package/dist/services/export-transaction.service.d.ts.map +1 -1
- package/dist/services/export-transaction.service.js +4 -3
- package/dist/services/export-transaction.service.js.map +1 -1
- package/dist/services/field-metadata.service.d.ts.map +1 -1
- package/dist/services/field-metadata.service.js +7 -7
- package/dist/services/field-metadata.service.js.map +1 -1
- package/dist/services/fixtures.service.js +2 -2
- package/dist/services/fixtures.service.js.map +1 -1
- package/dist/services/genai/mcp-handlers/mcp-handler-factory.service.d.ts.map +1 -1
- package/dist/services/genai/mcp-handlers/mcp-handler-factory.service.js +2 -2
- package/dist/services/genai/mcp-handlers/mcp-handler-factory.service.js.map +1 -1
- package/dist/services/import-transaction.service.d.ts.map +1 -1
- package/dist/services/import-transaction.service.js +2 -2
- package/dist/services/import-transaction.service.js.map +1 -1
- package/dist/services/menu-item-metadata.service.js +2 -2
- package/dist/services/menu-item-metadata.service.js.map +1 -1
- package/dist/services/model-metadata.service.d.ts.map +1 -1
- package/dist/services/model-metadata.service.js +12 -11
- package/dist/services/model-metadata.service.js.map +1 -1
- package/dist/services/module-metadata.service.d.ts.map +1 -1
- package/dist/services/module-metadata.service.js +2 -2
- package/dist/services/module-metadata.service.js.map +1 -1
- package/dist/services/queues/publisher-factory.service.d.ts.map +1 -1
- package/dist/services/queues/publisher-factory.service.js +2 -2
- package/dist/services/queues/publisher-factory.service.js.map +1 -1
- package/dist/services/selection-providers/pseudo-foreign-key-selection-provider.service.js +3 -3
- package/dist/services/selection-providers/pseudo-foreign-key-selection-provider.service.js.map +1 -1
- package/dist/services/setting.service.d.ts +5 -2
- package/dist/services/setting.service.d.ts.map +1 -1
- package/dist/services/setting.service.js +51 -6
- package/dist/services/setting.service.js.map +1 -1
- package/dist/services/settings/default-settings-provider.service.d.ts +830 -0
- package/dist/services/settings/default-settings-provider.service.d.ts.map +1 -1
- package/dist/services/settings/default-settings-provider.service.js +1033 -117
- package/dist/services/settings/default-settings-provider.service.js.map +1 -1
- package/dist/services/solid-introspect.service.js +2 -2
- package/dist/services/solid-introspect.service.js.map +1 -1
- package/dist/services/user.service.d.ts +2 -0
- package/dist/services/user.service.d.ts.map +1 -1
- package/dist/services/user.service.js +72 -0
- package/dist/services/user.service.js.map +1 -1
- package/dist/services/view-metadata.service.d.ts.map +1 -1
- package/dist/services/view-metadata.service.js +2 -2
- package/dist/services/view-metadata.service.js.map +1 -1
- package/dist/solid-core.module.d.ts.map +1 -1
- package/dist/solid-core.module.js +11 -3
- package/dist/solid-core.module.js.map +1 -1
- package/dist/subscribers/computed-entity-field.subscriber.js +6 -6
- package/dist/subscribers/computed-entity-field.subscriber.js.map +1 -1
- package/dist/transformers/array-transformer.d.ts.map +1 -1
- package/dist/transformers/boolean-transformer.d.ts.map +1 -1
- package/dist/transformers/datetime-transformer.d.ts.map +1 -1
- package/dist/transformers/integer-transformer.d.ts.map +1 -1
- package/dist/validators/is-parsable-int.d.ts.map +1 -1
- package/dist-tests/api/authenticate.spec.js +119 -0
- package/dist-tests/api/authenticate.spec.js.map +1 -0
- package/dist-tests/api/crud-service.findOne.cityMaster.spec.js +97 -0
- package/dist-tests/api/crud-service.findOne.cityMaster.spec.js.map +1 -0
- package/dist-tests/api/ping.spec.js +21 -0
- package/dist-tests/api/ping.spec.js.map +1 -0
- package/dist-tests/helpers/auth.js +41 -0
- package/dist-tests/helpers/auth.js.map +1 -0
- package/dist-tests/helpers/env.js +11 -0
- package/dist-tests/helpers/env.js.map +1 -0
- package/docs/java-spring/README.md +3 -0
- package/docs/java-spring/solid-core-module-deep-dive-report.md +1317 -0
- package/nest +0 -0
- package/package.json +7 -2
- package/src/constants/chatter-message.constants.ts +7 -0
- package/src/controllers/authentication.controller.ts +8 -1
- package/src/controllers/chatter-message.controller.ts +6 -0
- package/src/controllers/facebook-authentication.controller.ts +113 -0
- package/src/controllers/menu-item-metadata.controller.ts +21 -15
- package/src/controllers/microsoft-authentication.controller.ts +116 -0
- package/src/dtos/create-chatter-message.dto.ts +11 -0
- package/src/dtos/post-chatter-message.dto.ts +4 -0
- package/src/dtos/update-chatter-message.dto.ts +13 -1
- package/src/entities/chatter-message.entity.ts +4 -1
- package/src/entities/user.entity.ts +32 -0
- package/src/helpers/cors.helper.ts +1 -1
- package/src/helpers/facebook-oauth.helper.ts +17 -0
- package/src/helpers/field-crud-managers/ManyToManyRelationFieldCrudManager.ts +1 -1
- package/src/helpers/field-crud-managers/ManyToOneRelationFieldCrudManager.ts +1 -2
- package/src/helpers/field-crud-managers/OneToManyRelationFieldCrudManager.ts +1 -1
- package/src/helpers/microsoft-oauth.helper.ts +19 -0
- package/src/helpers/module-metadata-helper.service.ts +3 -3
- package/src/helpers/string.helper.ts +3 -0
- package/src/helpers/user-helper.ts +4 -0
- package/src/index.ts +2 -0
- package/src/interfaces.ts +32 -1
- package/src/passport-strategies/facebook-oauth.strategy.ts +64 -0
- package/src/passport-strategies/microsoft-oauth.strategy.ts +70 -0
- package/src/repository/chatter-message-details.repository.ts +4 -3
- package/src/repository/chatter-message.repository.ts +4 -4
- package/src/repository/solid-base.repository.ts +2 -2
- package/src/seeders/module-test-data.service.ts +1 -1
- package/src/seeders/seed-data/solid-core-metadata.json +27 -58
- package/src/services/api-key.service.ts +77 -35
- package/src/services/authentication.service.ts +1717 -1278
- package/src/services/chatter-message.service.ts +22 -4
- package/src/services/computed-fields/entity/sequence-num-computed-field-provider.ts +1 -2
- package/src/services/crud-helper.service.ts +1 -4
- package/src/services/export-transaction.service.ts +3 -4
- package/src/services/field-metadata.service.ts +1 -4
- package/src/services/fixtures.service.ts +1 -1
- package/src/services/genai/mcp-handlers/mcp-handler-factory.service.ts +1 -2
- package/src/services/import-transaction.service.ts +1 -1
- package/src/services/menu-item-metadata.service.ts +2 -2
- package/src/services/model-metadata.service.ts +11 -13
- package/src/services/module-metadata.service.ts +1 -2
- package/src/services/queues/publisher-factory.service.ts +1 -2
- package/src/services/selection-providers/pseudo-foreign-key-selection-provider.service.ts +1 -1
- package/src/services/setting.service.ts +64 -8
- package/src/services/settings/default-settings-provider.service.ts +1104 -155
- package/src/services/solid-introspect.service.ts +1 -1
- package/src/services/user.service.ts +87 -0
- package/src/services/view-metadata.service.ts +1 -5
- package/src/solid-core.module.ts +25 -8
- package/src/subscribers/computed-entity-field.subscriber.ts +6 -6
- package/.claude/settings.local.json +0 -15
- package/src/services/1.js +0 -6
|
@@ -1,42 +1,42 @@
|
|
|
1
|
-
import { HttpService } from
|
|
1
|
+
import { HttpService } from "@nestjs/axios";
|
|
2
2
|
import type { SolidCoreSetting } from "src/services/settings/default-settings-provider.service";
|
|
3
3
|
import {
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
} from
|
|
13
|
-
import { EventEmitter2 } from
|
|
14
|
-
import { JwtService } from
|
|
15
|
-
import { InjectDataSource } from
|
|
16
|
-
import { isEmpty, isNotEmpty } from
|
|
17
|
-
import { randomInt, randomUUID } from
|
|
18
|
-
import { ERROR_MESSAGES } from
|
|
19
|
-
import { SUCCESS_MESSAGES } from
|
|
20
|
-
import { CreateUserDto } from
|
|
21
|
-
import { MailFactory } from
|
|
22
|
-
import { UserRepository } from
|
|
23
|
-
import { DataSource, Repository } from
|
|
24
|
-
import { v4 as uuidv4 } from
|
|
4
|
+
BadRequestException,
|
|
5
|
+
ConflictException,
|
|
6
|
+
ForbiddenException,
|
|
7
|
+
Injectable,
|
|
8
|
+
InternalServerErrorException,
|
|
9
|
+
Logger,
|
|
10
|
+
NotFoundException,
|
|
11
|
+
UnauthorizedException,
|
|
12
|
+
} from "@nestjs/common";
|
|
13
|
+
import { EventEmitter2 } from "@nestjs/event-emitter";
|
|
14
|
+
import { JwtService } from "@nestjs/jwt";
|
|
15
|
+
import { InjectDataSource } from "@nestjs/typeorm";
|
|
16
|
+
import { isEmpty, isNotEmpty } from "class-validator";
|
|
17
|
+
import { randomInt, randomUUID } from "crypto";
|
|
18
|
+
import { ERROR_MESSAGES } from "src/constants/error-messages";
|
|
19
|
+
import { SUCCESS_MESSAGES } from "src/constants/success-messages";
|
|
20
|
+
import { CreateUserDto } from "src/dtos/create-user.dto";
|
|
21
|
+
import { MailFactory } from "src/factories/mail.factory";
|
|
22
|
+
import { UserRepository } from "src/repository/user.repository";
|
|
23
|
+
import { DataSource, DeepPartial, Repository } from "typeorm";
|
|
24
|
+
import { v4 as uuidv4 } from "uuid";
|
|
25
25
|
import {
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
26
|
+
ForgotPasswordSendVerificationTokenOn,
|
|
27
|
+
PasswordlessLoginValidateWhatSources,
|
|
28
|
+
PasswordlessRegistrationValidateWhatSources,
|
|
29
29
|
} from "../constants";
|
|
30
30
|
import { ChangePasswordDto } from "../dtos/change-password.dto";
|
|
31
|
-
import { ConfirmForgotPasswordDto } from
|
|
32
|
-
import { InitiateForgotPasswordDto } from
|
|
33
|
-
import { OTPConfirmOTPDto } from
|
|
34
|
-
import { OTPSignInDto } from
|
|
35
|
-
import { OTPSignUpDto } from
|
|
36
|
-
import { RefreshTokenDto } from
|
|
37
|
-
import { SignInDto } from
|
|
38
|
-
import { SignUpDto } from
|
|
39
|
-
import { User } from
|
|
31
|
+
import { ConfirmForgotPasswordDto } from "../dtos/confirm-forgot-password.dto";
|
|
32
|
+
import { InitiateForgotPasswordDto } from "../dtos/initiate-forgot-password.dto";
|
|
33
|
+
import { OTPConfirmOTPDto } from "../dtos/otp-confirm-otp.dto";
|
|
34
|
+
import { OTPSignInDto } from "../dtos/otp-sign-in.dto";
|
|
35
|
+
import { OTPSignUpDto } from "../dtos/otp-sign-up.dto";
|
|
36
|
+
import { RefreshTokenDto } from "../dtos/refresh-token.dto";
|
|
37
|
+
import { SignInDto } from "../dtos/sign-in.dto";
|
|
38
|
+
import { SignUpDto } from "../dtos/sign-up.dto";
|
|
39
|
+
import { User } from "../entities/user.entity";
|
|
40
40
|
import { EventDetails, EventType } from "../interfaces";
|
|
41
41
|
import { ActiveUserData } from '../interfaces/active-user-data.interface';
|
|
42
42
|
import { HashingService } from './hashing.service';
|
|
@@ -50,14 +50,14 @@ import { SmsFactory } from 'src/factories/sms.factory';
|
|
|
50
50
|
import { SolidRegistry } from 'src/helpers/solid-registry';
|
|
51
51
|
|
|
52
52
|
enum LoginProvider {
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
53
|
+
LOCAL = "local",
|
|
54
|
+
GOOGLE = "google",
|
|
55
|
+
OTP = "otp",
|
|
56
56
|
}
|
|
57
57
|
|
|
58
58
|
interface otp {
|
|
59
|
-
|
|
60
|
-
|
|
59
|
+
token: string;
|
|
60
|
+
expiresAt: Date;
|
|
61
61
|
}
|
|
62
62
|
|
|
63
63
|
@Injectable()
|
|
@@ -89,60 +89,69 @@ export class AuthenticationService {
|
|
|
89
89
|
// this.mailService = this.mailServiceFactory.getMailService();
|
|
90
90
|
}
|
|
91
91
|
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
92
|
+
private async getCompanyLogo(): Promise<string> {
|
|
93
|
+
return this.settingService.getConfigValue<SolidCoreSetting>("companylogo");
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
async resolveUser(username: string, email: string) {
|
|
97
|
+
return await this.userRepository.findOne({
|
|
98
|
+
where: [{ username: username }, { email: email }],
|
|
99
|
+
relations: {
|
|
100
|
+
roles: true,
|
|
101
|
+
},
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
async updatePasswordDetails(user: User, newPassword: string) {
|
|
106
|
+
user.password = await this.hashingService.hash(newPassword);
|
|
107
|
+
user.passwordScheme = this.hashingService.name();
|
|
108
|
+
user.passwordSchemeVersion = this.hashingService.currentVersion();
|
|
109
|
+
user.rehashedAt = new Date();
|
|
110
|
+
await this.userRepository.update(user.id, {
|
|
111
|
+
password: user.password,
|
|
112
|
+
passwordScheme: user.passwordScheme,
|
|
113
|
+
passwordSchemeVersion: user.passwordSchemeVersion,
|
|
114
|
+
rehashedAt: user.rehashedAt,
|
|
115
|
+
});
|
|
116
|
+
return user;
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
async resolveUserByVerificationToken(token: string) {
|
|
120
|
+
return await this.userRepository.findOne({
|
|
121
|
+
where: { verificationTokenOnForgotPassword: token },
|
|
122
|
+
relations: { roles: true },
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
private async validateUserForPasswordLogin(
|
|
127
|
+
user: User,
|
|
128
|
+
password: string,
|
|
129
|
+
): Promise<void> {
|
|
130
|
+
if (!user.active) {
|
|
131
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_ACTIVE);
|
|
132
|
+
}
|
|
133
|
+
this.checkAccountBlocked(user);
|
|
134
|
+
const isEqual = await this.hashingService.compare(
|
|
135
|
+
password,
|
|
136
|
+
user.password,
|
|
137
|
+
user.passwordSchemeVersion,
|
|
138
|
+
);
|
|
139
|
+
if (!isEqual) {
|
|
140
|
+
await this.incrementFailedAttempts(user);
|
|
141
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
private async rehashPasswordIfRequired(
|
|
146
|
+
user: User,
|
|
147
|
+
password: string,
|
|
148
|
+
): Promise<void> {
|
|
149
|
+
if (
|
|
150
|
+
this.hashingService.needsRehash(user.password, user.passwordSchemeVersion)
|
|
151
|
+
) {
|
|
152
|
+
await this.updatePasswordDetails(user, password);
|
|
145
153
|
}
|
|
154
|
+
}
|
|
146
155
|
|
|
147
156
|
private static readonly SIGNUP_DTO_KEYS = new Set(['username', 'email', 'password', 'fullName', 'mobile', 'roles', 'forcePasswordChange']);
|
|
148
157
|
|
|
@@ -197,222 +206,288 @@ export class AuthenticationService {
|
|
|
197
206
|
return this.performSignUp(signUpDto, entity, extensionUserRepo);
|
|
198
207
|
}
|
|
199
208
|
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
209
|
+
private async populateForSignup<T extends User>(
|
|
210
|
+
user: T,
|
|
211
|
+
signUpDto: SignUpDto,
|
|
212
|
+
isUserActive: boolean = true,
|
|
213
|
+
onForcePasswordChange?: boolean,
|
|
214
|
+
) {
|
|
215
|
+
// const user = new User();
|
|
216
|
+
let autoGeneratedPwdPermission =
|
|
217
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
218
|
+
"iamAutoGeneratedPassword",
|
|
219
|
+
);
|
|
220
|
+
if (signUpDto.roles && signUpDto.roles.length > 0) {
|
|
221
|
+
for (let i = 0; i < signUpDto.roles.length; i++) {
|
|
222
|
+
const roleName = signUpDto.roles[i];
|
|
223
|
+
await this.roleMetadataService.findRoleByName(roleName);
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
user.username = signUpDto.username;
|
|
227
|
+
user.email = signUpDto.email;
|
|
228
|
+
user.fullName = signUpDto.fullName;
|
|
229
|
+
user.forcePasswordChange = onForcePasswordChange;
|
|
230
|
+
if (signUpDto.mobile) {
|
|
231
|
+
user.mobile = signUpDto.mobile;
|
|
232
|
+
}
|
|
233
|
+
// this.logger.debug("user", user);
|
|
234
|
+
|
|
235
|
+
// If password has been specified by the user, then we simply create & activate the user based on the configuration parameter "activateUserOnRegistration".
|
|
236
|
+
let pwd = "";
|
|
237
|
+
let autoGeneratedPwd = "";
|
|
238
|
+
|
|
239
|
+
// User has specified password
|
|
240
|
+
if (signUpDto.password) {
|
|
241
|
+
pwd = await this.hashingService.hash(signUpDto.password);
|
|
242
|
+
}
|
|
243
|
+
// User has not specified password
|
|
244
|
+
else {
|
|
245
|
+
// When user does not specify password, and system is configured to auto generate passwords.
|
|
246
|
+
if (autoGeneratedPwdPermission?.toString().toLowerCase() === "true") {
|
|
247
|
+
autoGeneratedPwd = this.generatePassword();
|
|
248
|
+
pwd = await this.hashingService.hash(autoGeneratedPwd);
|
|
249
|
+
user.forcePasswordChange = true;
|
|
250
|
+
}
|
|
251
|
+
// When user does not specify password, and system is not configured to auto generate passwords.
|
|
252
|
+
else {
|
|
253
|
+
// This means that most likely the system is going to be using password-less login.
|
|
254
|
+
// If that is not the case then we can raise a bad request exception...
|
|
255
|
+
if (!(await this.isPasswordlessRegistrationEnabled())) {
|
|
256
|
+
this.logger.error(
|
|
257
|
+
"User being created without password, and password less login is also not enabled in the system. Is this intentional?",
|
|
258
|
+
);
|
|
259
|
+
throw new BadRequestException(
|
|
260
|
+
ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED,
|
|
261
|
+
);
|
|
262
|
+
}
|
|
263
|
+
|
|
264
|
+
// Save the hash of the blank password, anyways since passwordless login is enabled it does not matter.
|
|
265
|
+
pwd = await this.hashingService.hash(pwd);
|
|
266
|
+
}
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
user.password = pwd;
|
|
270
|
+
user.passwordScheme = this.hashingService.name(); // e.g. bcrypt
|
|
271
|
+
user.passwordSchemeVersion = this.hashingService.currentVersion(); // e.g. 1, 2, 3 ...
|
|
272
|
+
user.active = isUserActive;
|
|
273
|
+
return { user, pwd, autoGeneratedPwd };
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
private async handlePostSignup(
|
|
277
|
+
user: User,
|
|
278
|
+
roles: string[] = [],
|
|
279
|
+
pwd: string,
|
|
280
|
+
autoGeneratedPwd: string,
|
|
281
|
+
) {
|
|
282
|
+
await this.userService.initializeRolesForNewUser(roles, user);
|
|
283
|
+
|
|
284
|
+
// if forcePasswordChange is true, then we trigger an email to the user to change the password, this needs to be done using a queue.
|
|
285
|
+
// Create a new method like notifyUserOnForcePasswordChange, create a new email template we can call it on-force-password-change this template to include the random password
|
|
286
|
+
if (user.forcePasswordChange && autoGeneratedPwd) {
|
|
287
|
+
await this.notifyUserOnForcePasswordChange(user, autoGeneratedPwd);
|
|
288
|
+
}
|
|
289
|
+
|
|
290
|
+
// Send welcome notifications (email/SMS) if enabled.
|
|
291
|
+
await this.notifyUserOnSignup(user);
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
generatePassword(length: number = 8): string {
|
|
295
|
+
const upperCase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
|
296
|
+
const lowerCase = "abcdefghijklmnopqrstuvwxyz";
|
|
297
|
+
const numbers = "0123456789";
|
|
298
|
+
const specialChars = "@$#";
|
|
299
|
+
const allChars = upperCase + lowerCase + numbers + specialChars;
|
|
300
|
+
|
|
301
|
+
let password = "";
|
|
302
|
+
|
|
303
|
+
for (let i = 0; i < length; i++) {
|
|
304
|
+
const randomIndex = Math.floor(Math.random() * allChars.length);
|
|
305
|
+
password += allChars[randomIndex];
|
|
306
|
+
}
|
|
307
|
+
|
|
308
|
+
return password;
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
private async notifyUserOnForcePasswordChange(
|
|
312
|
+
user: User,
|
|
313
|
+
autoGeneratedPwd: string,
|
|
314
|
+
) {
|
|
315
|
+
const companyLogo = await this.getCompanyLogo();
|
|
316
|
+
const mailService = this.mailServiceFactory.getMailService();
|
|
317
|
+
mailService.sendEmailUsingTemplate(
|
|
318
|
+
user.email,
|
|
319
|
+
"on-force-password-change",
|
|
320
|
+
{
|
|
321
|
+
solidAppName:
|
|
322
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
323
|
+
solidAppWebsiteUrl:
|
|
324
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
325
|
+
"solidAppWebsiteUrl",
|
|
326
|
+
),
|
|
327
|
+
frontendLoginPageUrl:
|
|
328
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
329
|
+
"frontendLoginPageUrl",
|
|
330
|
+
),
|
|
331
|
+
email: user.email,
|
|
332
|
+
fullName: user.fullName,
|
|
333
|
+
userName: user.username,
|
|
334
|
+
password: autoGeneratedPwd,
|
|
335
|
+
companyLogoUrl: companyLogo,
|
|
336
|
+
},
|
|
337
|
+
this.settingService.getConfigValue<SolidCoreSetting>("shouldQueueEmails"),
|
|
338
|
+
null,
|
|
339
|
+
null,
|
|
340
|
+
"user",
|
|
341
|
+
user.id,
|
|
342
|
+
);
|
|
343
|
+
}
|
|
344
|
+
|
|
345
|
+
private async isWelcomeEmailEnabled(): Promise<boolean> {
|
|
346
|
+
const sendWelcomeEmailOnSignup =
|
|
347
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
348
|
+
"sendWelcomeEmailOnSignup",
|
|
349
|
+
);
|
|
350
|
+
return sendWelcomeEmailOnSignup;
|
|
351
|
+
}
|
|
352
|
+
|
|
353
|
+
private async isWelcomeSmsEnabled(): Promise<boolean> {
|
|
354
|
+
const sendWelcomeSmsOnSignup =
|
|
355
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
356
|
+
"sendWelcomeSmsOnSignup",
|
|
357
|
+
);
|
|
358
|
+
return sendWelcomeSmsOnSignup;
|
|
359
|
+
}
|
|
360
|
+
|
|
361
|
+
private async notifyUserOnSignup(user: User) {
|
|
362
|
+
const companyLogo = await this.getCompanyLogo();
|
|
363
|
+
// Email welcome
|
|
364
|
+
if (await this.isWelcomeEmailEnabled()) {
|
|
365
|
+
const mailService = this.mailServiceFactory.getMailService();
|
|
366
|
+
mailService.sendEmailUsingTemplate(
|
|
367
|
+
user.email,
|
|
368
|
+
"email-on-signup",
|
|
369
|
+
{
|
|
370
|
+
solidAppName:
|
|
371
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
372
|
+
solidAppWebsiteUrl:
|
|
373
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
374
|
+
"solidAppWebsiteUrl",
|
|
375
|
+
),
|
|
376
|
+
frontendLoginPageUrl:
|
|
377
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
378
|
+
"frontendLoginPageUrl",
|
|
379
|
+
),
|
|
380
|
+
email: user.email,
|
|
381
|
+
fullName: user.fullName,
|
|
382
|
+
userName: user.username,
|
|
383
|
+
companyLogoUrl: companyLogo,
|
|
384
|
+
},
|
|
385
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
386
|
+
"shouldQueueEmails",
|
|
387
|
+
),
|
|
388
|
+
null,
|
|
389
|
+
null,
|
|
390
|
+
"user",
|
|
391
|
+
user.id,
|
|
392
|
+
);
|
|
393
|
+
}
|
|
394
|
+
|
|
395
|
+
// SMS welcome
|
|
396
|
+
const isWelcomeSmsEnabled = await this.isWelcomeSmsEnabled();
|
|
397
|
+
if (isWelcomeSmsEnabled && user.mobile) {
|
|
398
|
+
const smsService = this.smsFactory.getSmsService();
|
|
399
|
+
smsService.sendSMSUsingTemplate(
|
|
400
|
+
user.mobile,
|
|
401
|
+
"text-on-signup",
|
|
402
|
+
{
|
|
403
|
+
solidAppName:
|
|
404
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
405
|
+
frontendLoginPageUrl:
|
|
406
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
407
|
+
"frontendLoginPageUrl",
|
|
408
|
+
),
|
|
409
|
+
firstName: user.username,
|
|
410
|
+
fullName: user.fullName ? user.fullName : user.username,
|
|
411
|
+
},
|
|
412
|
+
this.settingService.getConfigValue<SolidCoreSetting>("shouldQueueSms"),
|
|
413
|
+
);
|
|
414
|
+
}
|
|
415
|
+
}
|
|
416
|
+
|
|
417
|
+
async otpInitiateRegistration(signUpDto: OTPSignUpDto) {
|
|
418
|
+
const isPasswordlessRegistrationEnabled =
|
|
419
|
+
await this.isPasswordlessRegistrationEnabled();
|
|
420
|
+
if (!isPasswordlessRegistrationEnabled) {
|
|
421
|
+
throw new BadRequestException(
|
|
422
|
+
ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED,
|
|
423
|
+
);
|
|
424
|
+
}
|
|
425
|
+
|
|
426
|
+
const validationSource = this.resolvePasswordlessValidationSource();
|
|
427
|
+
this.validateOtpRegistrationInput(signUpDto, validationSource);
|
|
428
|
+
|
|
429
|
+
const existingUser = await this.findExistingRegistrationUser(signUpDto);
|
|
430
|
+
if (isNotEmpty(existingUser) && existingUser.active) {
|
|
431
|
+
throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);
|
|
432
|
+
}
|
|
433
|
+
|
|
434
|
+
try {
|
|
435
|
+
const user = await this.upsertUserWithRegistrationVerificationTokens(
|
|
436
|
+
existingUser,
|
|
437
|
+
signUpDto,
|
|
438
|
+
validationSource,
|
|
439
|
+
);
|
|
440
|
+
await this.notifyUserOnOtpInitiateRegistration(user, validationSource);
|
|
441
|
+
} catch (err) {
|
|
442
|
+
if (err.code === "23505") {
|
|
443
|
+
throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);
|
|
444
|
+
}
|
|
445
|
+
throw err;
|
|
446
|
+
}
|
|
447
|
+
|
|
448
|
+
return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_REGISTRATION };
|
|
449
|
+
}
|
|
450
|
+
|
|
451
|
+
private validateOtpRegistrationInput(
|
|
452
|
+
signUpDto: OTPSignUpDto,
|
|
453
|
+
validationSource: string,
|
|
454
|
+
): void {
|
|
455
|
+
if (
|
|
456
|
+
validationSource === PasswordlessRegistrationValidateWhatSources.EMAIL &&
|
|
457
|
+
isEmpty(signUpDto.email)
|
|
458
|
+
) {
|
|
459
|
+
throw new BadRequestException(
|
|
460
|
+
ERROR_MESSAGES.EMAIL_REQUIRED_FOR_VALIDATION,
|
|
461
|
+
);
|
|
415
462
|
}
|
|
463
|
+
if (
|
|
464
|
+
validationSource === PasswordlessRegistrationValidateWhatSources.MOBILE &&
|
|
465
|
+
isEmpty(signUpDto.mobile)
|
|
466
|
+
) {
|
|
467
|
+
throw new BadRequestException(
|
|
468
|
+
ERROR_MESSAGES.MOBILE_REQUIRED_FOR_VALIDATION,
|
|
469
|
+
);
|
|
470
|
+
}
|
|
471
|
+
}
|
|
472
|
+
|
|
473
|
+
private async findExistingRegistrationUser(
|
|
474
|
+
signUpDto: OTPSignUpDto,
|
|
475
|
+
): Promise<User> {
|
|
476
|
+
return this.userRepository.findOne({
|
|
477
|
+
//TODO Perhaps we should use the user service instead of the repository directly.
|
|
478
|
+
where: [
|
|
479
|
+
{ email: signUpDto.email },
|
|
480
|
+
{ mobile: signUpDto.mobile },
|
|
481
|
+
{ username: signUpDto.username },
|
|
482
|
+
],
|
|
483
|
+
});
|
|
484
|
+
}
|
|
485
|
+
|
|
486
|
+
private resolvePasswordlessValidationSource(): string {
|
|
487
|
+
return this.settingService.getConfigValue<SolidCoreSetting>(
|
|
488
|
+
"passwordlessRegistrationValidateWhat",
|
|
489
|
+
);
|
|
490
|
+
}
|
|
416
491
|
|
|
417
492
|
private async upsertUserWithRegistrationVerificationTokens(existingUser: User, signUpDto: OTPSignUpDto, validationSource: string): Promise<User> {
|
|
418
493
|
let user = existingUser;
|
|
@@ -429,459 +504,569 @@ export class AuthenticationService {
|
|
|
429
504
|
return user;
|
|
430
505
|
}
|
|
431
506
|
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
|
|
510
|
-
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
}
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
const tokens = await this.generateTokens(user);
|
|
646
|
-
|
|
647
|
-
await this.userActivityHistoryService.logEvent('login', user);
|
|
648
|
-
|
|
649
|
-
return {
|
|
650
|
-
user: {
|
|
651
|
-
email: user.email,
|
|
652
|
-
mobile: user.mobile,
|
|
653
|
-
username: user.username,
|
|
654
|
-
forcePasswordChange: user.forcePasswordChange,
|
|
655
|
-
id: user.id,
|
|
656
|
-
roles: user.roles.map((role) => role.name)
|
|
657
|
-
},
|
|
658
|
-
...tokens
|
|
659
|
-
}
|
|
660
|
-
}
|
|
661
|
-
|
|
662
|
-
private maskEmail(email: string): string {
|
|
663
|
-
if (!email) return null;
|
|
664
|
-
|
|
665
|
-
const [localPart, domain] = email.split('@');
|
|
666
|
-
if (localPart.length <= 2) {
|
|
667
|
-
return `${localPart[0]}***@${domain}`;
|
|
668
|
-
}
|
|
669
|
-
|
|
670
|
-
const visibleStart = localPart.slice(0, 2);
|
|
671
|
-
const visibleEnd = localPart.slice(-1);
|
|
672
|
-
return `${visibleStart}***${visibleEnd}@${domain}`;
|
|
673
|
-
}
|
|
674
|
-
|
|
675
|
-
private maskMobile(mobile: string): string {
|
|
676
|
-
if (!mobile) return null;
|
|
677
|
-
|
|
678
|
-
if (mobile.length <= 4) {
|
|
679
|
-
return mobile;
|
|
680
|
-
}
|
|
681
|
-
|
|
682
|
-
const visibleEnd = mobile.slice(-4);
|
|
683
|
-
return `***${visibleEnd}`;
|
|
684
|
-
}
|
|
685
|
-
|
|
686
|
-
async otpInitiateLogin(signInDto: OTPSignInDto) {
|
|
687
|
-
const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();
|
|
688
|
-
if (!isPasswordlessRegistrationEnabled) {
|
|
689
|
-
throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
|
|
690
|
-
}
|
|
691
|
-
|
|
692
|
-
const type = this.resolveLoginType(signInDto);
|
|
693
|
-
const user = await this.findUserForLogin(type, signInDto.identifier);
|
|
694
|
-
const dummyOtp = this.getDummyOtpForUser(user);
|
|
695
|
-
if (!dummyOtp) {
|
|
696
|
-
await this.assignLoginOtp(user, type);
|
|
697
|
-
this.notifyUserOnOtpInititateLogin(user, type);
|
|
698
|
-
}
|
|
699
|
-
return this.buildLoginOtpResponse(user, type);
|
|
507
|
+
// Create a new user entity.
|
|
508
|
+
private createUser(signUpDto: OTPSignUpDto) {
|
|
509
|
+
const user = new User();
|
|
510
|
+
user.username = signUpDto.username;
|
|
511
|
+
user.email = signUpDto.email;
|
|
512
|
+
user.mobile = signUpDto.mobile;
|
|
513
|
+
user.customPayload = signUpDto.customPayload;
|
|
514
|
+
user.lastLoginProvider = LoginProvider.OTP;
|
|
515
|
+
return user;
|
|
516
|
+
}
|
|
517
|
+
|
|
518
|
+
// Generate the validation tokens for the user i.e (system configured + user provided)
|
|
519
|
+
private async assignRegistrationOtp(
|
|
520
|
+
passwordlessRegistrationValidateWhat: string,
|
|
521
|
+
user: User,
|
|
522
|
+
) {
|
|
523
|
+
if (!passwordlessRegistrationValidateWhat) {
|
|
524
|
+
throw new BadRequestException(ERROR_MESSAGES.VALIDATION_SOURCE_REQUIRED);
|
|
525
|
+
}
|
|
526
|
+
const autoLoginUserOnRegistration =
|
|
527
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
528
|
+
"autoLoginUserOnRegistration",
|
|
529
|
+
);
|
|
530
|
+
if (
|
|
531
|
+
passwordlessRegistrationValidateWhat ===
|
|
532
|
+
PasswordlessRegistrationValidateWhatSources.EMAIL
|
|
533
|
+
) {
|
|
534
|
+
const { token, expiresAt } = await this.otp();
|
|
535
|
+
user.emailVerificationTokenOnRegistration = token;
|
|
536
|
+
user.emailVerificationTokenOnRegistrationExpiresAt = expiresAt;
|
|
537
|
+
if (autoLoginUserOnRegistration) {
|
|
538
|
+
user.emailVerificationTokenOnLogin = token;
|
|
539
|
+
user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
540
|
+
}
|
|
541
|
+
}
|
|
542
|
+
if (
|
|
543
|
+
passwordlessRegistrationValidateWhat ===
|
|
544
|
+
PasswordlessRegistrationValidateWhatSources.MOBILE
|
|
545
|
+
) {
|
|
546
|
+
const { token, expiresAt } = await this.otp();
|
|
547
|
+
user.mobileVerificationTokenOnRegistration = token;
|
|
548
|
+
user.mobileVerificationTokenOnRegistrationExpiresAt = expiresAt;
|
|
549
|
+
if (autoLoginUserOnRegistration) {
|
|
550
|
+
user.mobileVerificationTokenOnLogin = token;
|
|
551
|
+
user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
552
|
+
}
|
|
553
|
+
}
|
|
554
|
+
}
|
|
555
|
+
|
|
556
|
+
private async notifyUserOnOtpInitiateRegistration(
|
|
557
|
+
user: User,
|
|
558
|
+
registrationValidationSource: string,
|
|
559
|
+
) {
|
|
560
|
+
const companyLogo = await this.getCompanyLogo();
|
|
561
|
+
if (
|
|
562
|
+
registrationValidationSource ===
|
|
563
|
+
PasswordlessLoginValidateWhatSources.EMAIL
|
|
564
|
+
) {
|
|
565
|
+
const mailService = this.mailServiceFactory.getMailService();
|
|
566
|
+
mailService.sendEmailUsingTemplate(
|
|
567
|
+
user.email,
|
|
568
|
+
"otp-on-register",
|
|
569
|
+
{
|
|
570
|
+
solidAppName:
|
|
571
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
572
|
+
solidAppWebsiteUrl:
|
|
573
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
574
|
+
"solidAppWebsiteUrl",
|
|
575
|
+
),
|
|
576
|
+
firstName: user.username,
|
|
577
|
+
fullName: user.fullName ? user.fullName : user.username,
|
|
578
|
+
emailVerificationTokenOnRegistration:
|
|
579
|
+
user.emailVerificationTokenOnRegistration,
|
|
580
|
+
companyLogoUrl: companyLogo,
|
|
581
|
+
},
|
|
582
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
583
|
+
"shouldQueueEmails",
|
|
584
|
+
),
|
|
585
|
+
null,
|
|
586
|
+
null,
|
|
587
|
+
"user",
|
|
588
|
+
user.id,
|
|
589
|
+
);
|
|
590
|
+
}
|
|
591
|
+
if (
|
|
592
|
+
registrationValidationSource ===
|
|
593
|
+
PasswordlessLoginValidateWhatSources.MOBILE
|
|
594
|
+
) {
|
|
595
|
+
const smsService = this.smsFactory.getSmsService();
|
|
596
|
+
smsService.sendSMSUsingTemplate(
|
|
597
|
+
user.mobile,
|
|
598
|
+
"otp-on-register",
|
|
599
|
+
{
|
|
600
|
+
solidAppName:
|
|
601
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
602
|
+
otp: user.mobileVerificationTokenOnRegistration,
|
|
603
|
+
mobileVerificationTokenOnRegistration:
|
|
604
|
+
user.mobileVerificationTokenOnRegistration,
|
|
605
|
+
firstName: user.username,
|
|
606
|
+
fullName: user.fullName ? user.fullName : user.username,
|
|
607
|
+
companyLogoUrl: companyLogo,
|
|
608
|
+
},
|
|
609
|
+
this.settingService.getConfigValue<SolidCoreSetting>("shouldQueueSms"),
|
|
610
|
+
);
|
|
611
|
+
}
|
|
612
|
+
}
|
|
613
|
+
|
|
614
|
+
async otpConfirmRegistration(confirmSignUpDto: OTPConfirmOTPDto) {
|
|
615
|
+
const isPasswordlessRegistrationEnabled =
|
|
616
|
+
await this.isPasswordlessRegistrationEnabled();
|
|
617
|
+
if (!isPasswordlessRegistrationEnabled) {
|
|
618
|
+
throw new BadRequestException(
|
|
619
|
+
ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED,
|
|
620
|
+
);
|
|
621
|
+
}
|
|
622
|
+
|
|
623
|
+
const { type, identifier, otp } = confirmSignUpDto;
|
|
624
|
+
if (
|
|
625
|
+
type !== PasswordlessRegistrationValidateWhatSources.EMAIL &&
|
|
626
|
+
type !== PasswordlessRegistrationValidateWhatSources.MOBILE
|
|
627
|
+
) {
|
|
628
|
+
throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
|
|
629
|
+
}
|
|
630
|
+
|
|
631
|
+
const user = await this.findUserByRegistrationIdentifier(type, identifier);
|
|
632
|
+
this.validateRegistrationOtp(user, otp, type);
|
|
633
|
+
this.clearRegistrationOtp(user, type);
|
|
634
|
+
user.active =
|
|
635
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
636
|
+
"activateUserOnRegistration",
|
|
637
|
+
) &&
|
|
638
|
+
(await this.areAllPasswordlessRegistrationValidationSourcesVerified(
|
|
639
|
+
user,
|
|
640
|
+
));
|
|
641
|
+
|
|
642
|
+
const savedUser: User = await this.userRepository.save(user);
|
|
643
|
+
this.triggerRegistrationEvent(savedUser);
|
|
644
|
+
return {
|
|
645
|
+
active: savedUser.active,
|
|
646
|
+
message: `User registration verified for ${type}`,
|
|
647
|
+
};
|
|
648
|
+
}
|
|
649
|
+
|
|
650
|
+
private async findUserByRegistrationIdentifier(
|
|
651
|
+
type: PasswordlessRegistrationValidateWhatSources,
|
|
652
|
+
identifier: string,
|
|
653
|
+
): Promise<User> {
|
|
654
|
+
const where =
|
|
655
|
+
type === PasswordlessRegistrationValidateWhatSources.EMAIL
|
|
656
|
+
? { email: identifier }
|
|
657
|
+
: { mobile: identifier };
|
|
658
|
+
const user = await this.userRepository.findOne({ where });
|
|
659
|
+
if (!user) {
|
|
660
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
661
|
+
}
|
|
662
|
+
return user;
|
|
663
|
+
}
|
|
664
|
+
|
|
665
|
+
private validateRegistrationOtp(
|
|
666
|
+
user: User,
|
|
667
|
+
otp: string,
|
|
668
|
+
type: PasswordlessRegistrationValidateWhatSources,
|
|
669
|
+
): void {
|
|
670
|
+
const isEmail = type === PasswordlessRegistrationValidateWhatSources.EMAIL;
|
|
671
|
+
const token = isEmail
|
|
672
|
+
? user.emailVerificationTokenOnRegistration
|
|
673
|
+
: user.mobileVerificationTokenOnRegistration;
|
|
674
|
+
const expiresAt = isEmail
|
|
675
|
+
? user.emailVerificationTokenOnRegistrationExpiresAt
|
|
676
|
+
: user.mobileVerificationTokenOnRegistrationExpiresAt;
|
|
677
|
+
|
|
678
|
+
if (token !== otp) {
|
|
679
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
|
|
680
|
+
}
|
|
681
|
+
if (expiresAt < new Date()) {
|
|
682
|
+
throw new UnauthorizedException(ERROR_MESSAGES.OTP_EXPIRED);
|
|
683
|
+
}
|
|
684
|
+
}
|
|
685
|
+
|
|
686
|
+
private clearRegistrationOtp(
|
|
687
|
+
user: User,
|
|
688
|
+
type: PasswordlessRegistrationValidateWhatSources,
|
|
689
|
+
): void {
|
|
690
|
+
if (type === PasswordlessRegistrationValidateWhatSources.EMAIL) {
|
|
691
|
+
user.emailVerifiedOnRegistrationAt = new Date();
|
|
692
|
+
user.emailVerificationTokenOnRegistration = null;
|
|
693
|
+
user.emailVerificationTokenOnRegistrationExpiresAt = null;
|
|
694
|
+
} else {
|
|
695
|
+
user.mobileVerifiedOnRegistrationAt = new Date();
|
|
696
|
+
user.mobileVerificationTokenOnRegistration = null;
|
|
697
|
+
user.mobileVerificationTokenOnRegistrationExpiresAt = null;
|
|
698
|
+
}
|
|
699
|
+
}
|
|
700
|
+
|
|
701
|
+
private triggerRegistrationEvent(savedUser: User) {
|
|
702
|
+
// Trigger events for user registration.
|
|
703
|
+
const event = new EventDetails<User>(EventType.USER_REGISTERED, savedUser);
|
|
704
|
+
this.eventEmitter.emit(EventType.USER_REGISTERED, event);
|
|
705
|
+
}
|
|
706
|
+
|
|
707
|
+
private async areAllPasswordlessRegistrationValidationSourcesVerified(
|
|
708
|
+
user: User,
|
|
709
|
+
): Promise<boolean> {
|
|
710
|
+
const registrationValidationSource =
|
|
711
|
+
this.resolvePasswordlessValidationSource();
|
|
712
|
+
if (
|
|
713
|
+
registrationValidationSource ===
|
|
714
|
+
PasswordlessLoginValidateWhatSources.EMAIL
|
|
715
|
+
) {
|
|
716
|
+
if (!user.emailVerifiedOnRegistrationAt) {
|
|
717
|
+
return false;
|
|
718
|
+
}
|
|
700
719
|
}
|
|
701
|
-
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
720
|
+
if (
|
|
721
|
+
registrationValidationSource ===
|
|
722
|
+
PasswordlessLoginValidateWhatSources.MOBILE
|
|
723
|
+
) {
|
|
724
|
+
if (!user.mobileVerifiedOnRegistrationAt) {
|
|
725
|
+
return false;
|
|
726
|
+
}
|
|
727
|
+
}
|
|
728
|
+
return true;
|
|
729
|
+
}
|
|
730
|
+
|
|
731
|
+
private async otp(): Promise<otp> {
|
|
732
|
+
const now = new Date();
|
|
733
|
+
const otpExpiry =
|
|
734
|
+
this.settingService.getConfigValue<SolidCoreSetting>("otpExpiry");
|
|
735
|
+
now.setMinutes(now.getMinutes() + otpExpiry);
|
|
736
|
+
return {
|
|
737
|
+
token: randomInt(100000, 999999).toString(),
|
|
738
|
+
expiresAt: now,
|
|
739
|
+
};
|
|
740
|
+
}
|
|
741
|
+
|
|
742
|
+
private getDummyOtpForUser(user?: User): string | undefined {
|
|
743
|
+
const dummyOtp =
|
|
744
|
+
this.settingService.getConfigValue<SolidCoreSetting>("dummyOtp");
|
|
745
|
+
if (!dummyOtp || !user?.username) {
|
|
746
|
+
return undefined;
|
|
747
|
+
}
|
|
748
|
+
const allowedUsers = this.getDummyOtpUsers();
|
|
749
|
+
if (!allowedUsers.size) {
|
|
750
|
+
return undefined;
|
|
751
|
+
}
|
|
752
|
+
const username = user.username.trim().toLowerCase();
|
|
753
|
+
if (!username) {
|
|
754
|
+
return undefined;
|
|
755
|
+
}
|
|
756
|
+
return allowedUsers.has(username) ? dummyOtp : undefined;
|
|
757
|
+
}
|
|
758
|
+
|
|
759
|
+
private getDummyOtpUsers(): Set<string> {
|
|
760
|
+
const rawUsers =
|
|
761
|
+
this.settingService.getConfigValue<SolidCoreSetting>("dummyOtpUsers");
|
|
762
|
+
if (!rawUsers || typeof rawUsers !== "string") {
|
|
763
|
+
return new Set();
|
|
764
|
+
}
|
|
765
|
+
return new Set(
|
|
766
|
+
rawUsers
|
|
767
|
+
.split(",")
|
|
768
|
+
.map((value) => value.trim().toLowerCase())
|
|
769
|
+
.filter(Boolean),
|
|
770
|
+
);
|
|
771
|
+
}
|
|
772
|
+
|
|
773
|
+
async signIn(signInDto: SignInDto) {
|
|
774
|
+
const user = await this.resolveUser(signInDto.username, signInDto.email);
|
|
775
|
+
if (!user) {
|
|
776
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
777
|
+
}
|
|
778
|
+
await this.validateUserForPasswordLogin(user, signInDto.password);
|
|
779
|
+
await this.rehashPasswordIfRequired(user, signInDto.password);
|
|
780
|
+
await this.resetFailedAttempts(user);
|
|
781
|
+
|
|
782
|
+
const tokens = await this.generateTokens(user);
|
|
783
|
+
|
|
784
|
+
await this.userActivityHistoryService.logEvent("login", user);
|
|
785
|
+
|
|
786
|
+
return {
|
|
787
|
+
user: {
|
|
788
|
+
email: user.email,
|
|
789
|
+
mobile: user.mobile,
|
|
790
|
+
username: user.username,
|
|
791
|
+
forcePasswordChange: user.forcePasswordChange,
|
|
792
|
+
id: user.id,
|
|
793
|
+
roles: user.roles.map((role) => role.name),
|
|
794
|
+
},
|
|
795
|
+
...tokens,
|
|
796
|
+
};
|
|
797
|
+
}
|
|
798
|
+
|
|
799
|
+
private maskEmail(email: string): string {
|
|
800
|
+
if (!email) return null;
|
|
801
|
+
|
|
802
|
+
const [localPart, domain] = email.split("@");
|
|
803
|
+
if (localPart.length <= 2) {
|
|
804
|
+
return `${localPart[0]}***@${domain}`;
|
|
805
|
+
}
|
|
806
|
+
|
|
807
|
+
const visibleStart = localPart.slice(0, 2);
|
|
808
|
+
const visibleEnd = localPart.slice(-1);
|
|
809
|
+
return `${visibleStart}***${visibleEnd}@${domain}`;
|
|
810
|
+
}
|
|
811
|
+
|
|
812
|
+
private maskMobile(mobile: string): string {
|
|
813
|
+
if (!mobile) return null;
|
|
814
|
+
|
|
815
|
+
if (mobile.length <= 4) {
|
|
816
|
+
return mobile;
|
|
817
|
+
}
|
|
818
|
+
|
|
819
|
+
const visibleEnd = mobile.slice(-4);
|
|
820
|
+
return `***${visibleEnd}`;
|
|
821
|
+
}
|
|
822
|
+
|
|
823
|
+
async otpInitiateLogin(signInDto: OTPSignInDto) {
|
|
824
|
+
const isPasswordlessRegistrationEnabled =
|
|
825
|
+
await this.isPasswordlessRegistrationEnabled();
|
|
826
|
+
if (!isPasswordlessRegistrationEnabled) {
|
|
827
|
+
throw new BadRequestException(
|
|
828
|
+
ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED,
|
|
829
|
+
);
|
|
830
|
+
}
|
|
831
|
+
|
|
832
|
+
const type = this.resolveLoginType(signInDto);
|
|
833
|
+
const user = await this.findUserForLogin(type, signInDto.identifier);
|
|
834
|
+
const dummyOtp = this.getDummyOtpForUser(user);
|
|
835
|
+
if (!dummyOtp) {
|
|
836
|
+
await this.assignLoginOtp(user, type);
|
|
837
|
+
this.notifyUserOnOtpInititateLogin(user, type);
|
|
838
|
+
}
|
|
839
|
+
return this.buildLoginOtpResponse(user, type);
|
|
840
|
+
}
|
|
841
|
+
|
|
842
|
+
private resolveLoginType(
|
|
843
|
+
signInDto: OTPSignInDto,
|
|
844
|
+
): PasswordlessLoginValidateWhatSources {
|
|
845
|
+
const setting = this.settingService.getConfigValue<SolidCoreSetting>(
|
|
846
|
+
"passwordlessLoginValidateWhat",
|
|
847
|
+
) as PasswordlessLoginValidateWhatSources;
|
|
848
|
+
|
|
849
|
+
if (setting === PasswordlessLoginValidateWhatSources.SELECTABLE) {
|
|
850
|
+
if (
|
|
851
|
+
signInDto.type !== PasswordlessLoginValidateWhatSources.EMAIL &&
|
|
852
|
+
signInDto.type !== PasswordlessLoginValidateWhatSources.MOBILE
|
|
853
|
+
) {
|
|
718
854
|
throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
|
|
855
|
+
}
|
|
856
|
+
return signInDto.type as PasswordlessLoginValidateWhatSources;
|
|
719
857
|
}
|
|
720
858
|
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
|
|
727
|
-
|
|
728
|
-
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
}
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
-
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
796
|
-
|
|
797
|
-
|
|
798
|
-
|
|
799
|
-
|
|
800
|
-
|
|
801
|
-
|
|
802
|
-
|
|
803
|
-
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
820
|
-
|
|
821
|
-
|
|
822
|
-
|
|
823
|
-
|
|
824
|
-
|
|
825
|
-
|
|
826
|
-
|
|
827
|
-
|
|
828
|
-
|
|
829
|
-
|
|
830
|
-
|
|
831
|
-
|
|
832
|
-
|
|
833
|
-
|
|
834
|
-
|
|
835
|
-
|
|
836
|
-
|
|
837
|
-
|
|
838
|
-
|
|
839
|
-
|
|
840
|
-
|
|
841
|
-
|
|
842
|
-
|
|
843
|
-
|
|
844
|
-
|
|
845
|
-
|
|
846
|
-
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
|
|
850
|
-
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
|
|
854
|
-
|
|
855
|
-
|
|
856
|
-
|
|
857
|
-
|
|
858
|
-
|
|
859
|
-
|
|
860
|
-
|
|
861
|
-
|
|
862
|
-
|
|
863
|
-
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
867
|
-
|
|
868
|
-
|
|
869
|
-
|
|
870
|
-
|
|
871
|
-
|
|
872
|
-
|
|
873
|
-
|
|
874
|
-
|
|
875
|
-
|
|
876
|
-
|
|
877
|
-
|
|
878
|
-
|
|
879
|
-
|
|
880
|
-
|
|
881
|
-
|
|
882
|
-
|
|
883
|
-
|
|
884
|
-
|
|
859
|
+
if (
|
|
860
|
+
setting === PasswordlessLoginValidateWhatSources.EMAIL ||
|
|
861
|
+
setting === PasswordlessLoginValidateWhatSources.MOBILE
|
|
862
|
+
) {
|
|
863
|
+
return setting;
|
|
864
|
+
}
|
|
865
|
+
|
|
866
|
+
throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
|
|
867
|
+
}
|
|
868
|
+
|
|
869
|
+
private async findUserForLogin(
|
|
870
|
+
type: PasswordlessLoginValidateWhatSources,
|
|
871
|
+
identifier: string,
|
|
872
|
+
options: { withRoles?: boolean } = {},
|
|
873
|
+
): Promise<User> {
|
|
874
|
+
const typeWhere =
|
|
875
|
+
type === PasswordlessLoginValidateWhatSources.EMAIL
|
|
876
|
+
? { email: identifier }
|
|
877
|
+
: { mobile: identifier };
|
|
878
|
+
const user = await this.userRepository.findOne({
|
|
879
|
+
where: [{ username: identifier }, typeWhere],
|
|
880
|
+
...(options.withRoles ? { relations: { roles: true } } : {}),
|
|
881
|
+
});
|
|
882
|
+
if (!user) {
|
|
883
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
884
|
+
}
|
|
885
|
+
if (!user.active) {
|
|
886
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
|
|
887
|
+
}
|
|
888
|
+
return user;
|
|
889
|
+
}
|
|
890
|
+
|
|
891
|
+
private async assignLoginOtp(
|
|
892
|
+
user: User,
|
|
893
|
+
type: PasswordlessLoginValidateWhatSources,
|
|
894
|
+
): Promise<void> {
|
|
895
|
+
const { token, expiresAt } = await this.otp();
|
|
896
|
+
if (type === PasswordlessLoginValidateWhatSources.EMAIL) {
|
|
897
|
+
user.emailVerificationTokenOnLogin = token;
|
|
898
|
+
user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
899
|
+
await this.userRepository.update(user.id, {
|
|
900
|
+
emailVerificationTokenOnLogin: token,
|
|
901
|
+
emailVerificationTokenOnLoginExpiresAt: expiresAt,
|
|
902
|
+
});
|
|
903
|
+
} else {
|
|
904
|
+
user.mobileVerificationTokenOnLogin = token;
|
|
905
|
+
user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
906
|
+
await this.userRepository.update(user.id, {
|
|
907
|
+
mobileVerificationTokenOnLogin: token,
|
|
908
|
+
mobileVerificationTokenOnLoginExpiresAt: expiresAt,
|
|
909
|
+
});
|
|
910
|
+
}
|
|
911
|
+
}
|
|
912
|
+
|
|
913
|
+
private buildLoginOtpResponse(
|
|
914
|
+
user: User,
|
|
915
|
+
type: PasswordlessLoginValidateWhatSources,
|
|
916
|
+
) {
|
|
917
|
+
const maskedIdentifier =
|
|
918
|
+
type === PasswordlessLoginValidateWhatSources.EMAIL
|
|
919
|
+
? { email: this.maskEmail(user.email) }
|
|
920
|
+
: { mobile: this.maskMobile(user.mobile) };
|
|
921
|
+
return {
|
|
922
|
+
message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN,
|
|
923
|
+
user: maskedIdentifier,
|
|
924
|
+
};
|
|
925
|
+
}
|
|
926
|
+
|
|
927
|
+
private async notifyUserOnOtpInititateLogin(
|
|
928
|
+
user: User,
|
|
929
|
+
loginType: PasswordlessLoginValidateWhatSources,
|
|
930
|
+
) {
|
|
931
|
+
const companyLogo = await this.getCompanyLogo();
|
|
932
|
+
const dummyOtp = this.getDummyOtpForUser(user);
|
|
933
|
+
|
|
934
|
+
if (dummyOtp) return; // Do nothing if dummy otp is configured.
|
|
935
|
+
if (loginType === PasswordlessLoginValidateWhatSources.EMAIL) {
|
|
936
|
+
const mailService = this.mailServiceFactory.getMailService();
|
|
937
|
+
mailService.sendEmailUsingTemplate(
|
|
938
|
+
user.email,
|
|
939
|
+
"otp-on-login",
|
|
940
|
+
{
|
|
941
|
+
solidAppName:
|
|
942
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
943
|
+
solidAppWebsiteUrl:
|
|
944
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
945
|
+
"solidAppWebsiteUrl",
|
|
946
|
+
),
|
|
947
|
+
firstName: user.username,
|
|
948
|
+
emailVerificationTokenOnLogin: user.emailVerificationTokenOnLogin,
|
|
949
|
+
fullName: user.fullName ? user.fullName : user.username,
|
|
950
|
+
companyLogoUrl: companyLogo,
|
|
951
|
+
},
|
|
952
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
953
|
+
"shouldQueueEmails",
|
|
954
|
+
),
|
|
955
|
+
null,
|
|
956
|
+
null,
|
|
957
|
+
"user",
|
|
958
|
+
user.id,
|
|
959
|
+
);
|
|
960
|
+
}
|
|
961
|
+
if (loginType === PasswordlessLoginValidateWhatSources.MOBILE) {
|
|
962
|
+
const smsService = this.smsFactory.getSmsService();
|
|
963
|
+
smsService.sendSMSUsingTemplate(
|
|
964
|
+
user.mobile,
|
|
965
|
+
"otp-on-login",
|
|
966
|
+
{
|
|
967
|
+
solidAppName:
|
|
968
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
969
|
+
otp: user.mobileVerificationTokenOnLogin,
|
|
970
|
+
mobileVerificationTokenOnLogin: user.mobileVerificationTokenOnLogin,
|
|
971
|
+
firstName: user.username,
|
|
972
|
+
fullName: user.fullName ? user.fullName : user.username,
|
|
973
|
+
companyLogoUrl: companyLogo,
|
|
974
|
+
},
|
|
975
|
+
this.settingService.getConfigValue<SolidCoreSetting>("shouldQueueSms"),
|
|
976
|
+
);
|
|
977
|
+
}
|
|
978
|
+
}
|
|
979
|
+
|
|
980
|
+
async otpConfirmLogin(confirmSignInDto: OTPConfirmOTPDto) {
|
|
981
|
+
const isPasswordlessRegistrationEnabled =
|
|
982
|
+
await this.isPasswordlessRegistrationEnabled();
|
|
983
|
+
if (!isPasswordlessRegistrationEnabled) {
|
|
984
|
+
throw new BadRequestException(
|
|
985
|
+
ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED,
|
|
986
|
+
);
|
|
987
|
+
}
|
|
988
|
+
|
|
989
|
+
const { type, identifier, otp } = confirmSignInDto;
|
|
990
|
+
if (
|
|
991
|
+
type !== PasswordlessLoginValidateWhatSources.EMAIL &&
|
|
992
|
+
type !== PasswordlessLoginValidateWhatSources.MOBILE
|
|
993
|
+
) {
|
|
994
|
+
throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
|
|
995
|
+
}
|
|
996
|
+
|
|
997
|
+
const user = await this.findUserForLogin(type, identifier, {
|
|
998
|
+
withRoles: true,
|
|
999
|
+
});
|
|
1000
|
+
this.checkAccountBlocked(user);
|
|
1001
|
+
const dummyOtp = this.getDummyOtpForUser(user);
|
|
1002
|
+
|
|
1003
|
+
if (dummyOtp) {
|
|
1004
|
+
if (otp !== dummyOtp) {
|
|
1005
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
|
|
1006
|
+
}
|
|
1007
|
+
return this.buildLoginTokenResponse(user);
|
|
1008
|
+
}
|
|
1009
|
+
|
|
1010
|
+
try {
|
|
1011
|
+
this.validateLoginOtp(user, otp, type);
|
|
1012
|
+
} catch (e) {
|
|
1013
|
+
await this.incrementFailedAttempts(user);
|
|
1014
|
+
throw e;
|
|
1015
|
+
}
|
|
1016
|
+
|
|
1017
|
+
await this.clearLoginOtp(user, type);
|
|
1018
|
+
await this.userActivityHistoryService.logEvent("login", user);
|
|
1019
|
+
await this.resetFailedAttempts(user);
|
|
1020
|
+
return this.buildLoginTokenResponse(user);
|
|
1021
|
+
}
|
|
1022
|
+
|
|
1023
|
+
private validateLoginOtp(
|
|
1024
|
+
user: User,
|
|
1025
|
+
otp: string,
|
|
1026
|
+
type: PasswordlessLoginValidateWhatSources,
|
|
1027
|
+
): void {
|
|
1028
|
+
const isEmail = type === PasswordlessLoginValidateWhatSources.EMAIL;
|
|
1029
|
+
const token = isEmail
|
|
1030
|
+
? user.emailVerificationTokenOnLogin
|
|
1031
|
+
: user.mobileVerificationTokenOnLogin;
|
|
1032
|
+
const expiresAt = isEmail
|
|
1033
|
+
? user.emailVerificationTokenOnLoginExpiresAt
|
|
1034
|
+
: user.mobileVerificationTokenOnLoginExpiresAt;
|
|
1035
|
+
|
|
1036
|
+
if (token !== otp) {
|
|
1037
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
|
|
1038
|
+
}
|
|
1039
|
+
if (expiresAt < new Date()) {
|
|
1040
|
+
throw new UnauthorizedException(ERROR_MESSAGES.OTP_EXPIRED);
|
|
1041
|
+
}
|
|
1042
|
+
}
|
|
1043
|
+
|
|
1044
|
+
private async clearLoginOtp(
|
|
1045
|
+
user: User,
|
|
1046
|
+
type: PasswordlessLoginValidateWhatSources,
|
|
1047
|
+
): Promise<void> {
|
|
1048
|
+
if (type === PasswordlessLoginValidateWhatSources.EMAIL) {
|
|
1049
|
+
const verifiedAt = new Date();
|
|
1050
|
+
user.emailVerifiedOnLoginAt = verifiedAt;
|
|
1051
|
+
user.emailVerificationTokenOnLogin = null;
|
|
1052
|
+
user.emailVerificationTokenOnLoginExpiresAt = null;
|
|
1053
|
+
await this.userRepository.update(user.id, {
|
|
1054
|
+
emailVerifiedOnLoginAt: verifiedAt,
|
|
1055
|
+
emailVerificationTokenOnLogin: null,
|
|
1056
|
+
emailVerificationTokenOnLoginExpiresAt: null,
|
|
1057
|
+
});
|
|
1058
|
+
} else {
|
|
1059
|
+
const verifiedAt = new Date();
|
|
1060
|
+
user.mobileVerifiedOnLoginAt = verifiedAt;
|
|
1061
|
+
user.mobileVerificationTokenOnLogin = null;
|
|
1062
|
+
user.mobileVerificationTokenOnLoginExpiresAt = null;
|
|
1063
|
+
await this.userRepository.update(user.id, {
|
|
1064
|
+
mobileVerifiedOnLoginAt: verifiedAt,
|
|
1065
|
+
mobileVerificationTokenOnLogin: null,
|
|
1066
|
+
mobileVerificationTokenOnLoginExpiresAt: null,
|
|
1067
|
+
});
|
|
1068
|
+
}
|
|
1069
|
+
}
|
|
885
1070
|
|
|
886
1071
|
private buildUserPayload(user: User) {
|
|
887
1072
|
const { id, username, email, mobile, lastLoginProvider } = user;
|
|
@@ -894,518 +1079,772 @@ export class AuthenticationService {
|
|
|
894
1079
|
return { accessToken, refreshToken, user: this.buildUserPayload(user) };
|
|
895
1080
|
}
|
|
896
1081
|
|
|
897
|
-
|
|
898
|
-
|
|
899
|
-
|
|
900
|
-
|
|
901
|
-
|
|
902
|
-
|
|
903
|
-
|
|
904
|
-
|
|
905
|
-
|
|
906
|
-
|
|
907
|
-
|
|
908
|
-
|
|
909
|
-
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
|
|
914
|
-
|
|
915
|
-
|
|
916
|
-
|
|
917
|
-
|
|
918
|
-
|
|
919
|
-
|
|
920
|
-
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
|
|
928
|
-
|
|
929
|
-
|
|
930
|
-
|
|
931
|
-
|
|
932
|
-
|
|
933
|
-
|
|
934
|
-
|
|
935
|
-
|
|
936
|
-
|
|
937
|
-
|
|
938
|
-
|
|
939
|
-
|
|
940
|
-
|
|
941
|
-
|
|
942
|
-
|
|
943
|
-
|
|
944
|
-
|
|
945
|
-
|
|
946
|
-
|
|
947
|
-
|
|
948
|
-
|
|
949
|
-
|
|
950
|
-
|
|
951
|
-
|
|
952
|
-
|
|
953
|
-
|
|
954
|
-
|
|
955
|
-
|
|
956
|
-
|
|
957
|
-
|
|
958
|
-
|
|
959
|
-
|
|
960
|
-
|
|
961
|
-
|
|
962
|
-
|
|
963
|
-
|
|
964
|
-
|
|
965
|
-
|
|
966
|
-
|
|
967
|
-
|
|
968
|
-
|
|
969
|
-
|
|
970
|
-
|
|
971
|
-
|
|
972
|
-
|
|
973
|
-
|
|
974
|
-
|
|
975
|
-
|
|
976
|
-
|
|
977
|
-
|
|
978
|
-
|
|
979
|
-
|
|
980
|
-
|
|
981
|
-
|
|
982
|
-
|
|
983
|
-
|
|
984
|
-
|
|
985
|
-
|
|
986
|
-
|
|
987
|
-
|
|
988
|
-
|
|
989
|
-
|
|
990
|
-
|
|
991
|
-
|
|
992
|
-
|
|
993
|
-
|
|
994
|
-
|
|
995
|
-
|
|
996
|
-
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
|
|
1003
|
-
|
|
1004
|
-
|
|
1005
|
-
|
|
1006
|
-
|
|
1007
|
-
|
|
1008
|
-
|
|
1009
|
-
|
|
1010
|
-
|
|
1011
|
-
|
|
1012
|
-
|
|
1013
|
-
|
|
1014
|
-
|
|
1015
|
-
|
|
1016
|
-
|
|
1017
|
-
|
|
1018
|
-
|
|
1019
|
-
|
|
1020
|
-
|
|
1021
|
-
|
|
1022
|
-
|
|
1023
|
-
|
|
1024
|
-
|
|
1025
|
-
|
|
1026
|
-
|
|
1027
|
-
|
|
1028
|
-
|
|
1029
|
-
|
|
1030
|
-
|
|
1031
|
-
|
|
1032
|
-
|
|
1033
|
-
|
|
1034
|
-
|
|
1035
|
-
|
|
1036
|
-
|
|
1037
|
-
|
|
1038
|
-
|
|
1039
|
-
|
|
1040
|
-
|
|
1041
|
-
|
|
1042
|
-
|
|
1043
|
-
|
|
1044
|
-
|
|
1045
|
-
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
|
|
1050
|
-
|
|
1051
|
-
|
|
1052
|
-
|
|
1053
|
-
|
|
1054
|
-
|
|
1055
|
-
|
|
1056
|
-
|
|
1057
|
-
|
|
1058
|
-
|
|
1059
|
-
|
|
1060
|
-
|
|
1061
|
-
|
|
1062
|
-
|
|
1063
|
-
|
|
1064
|
-
|
|
1065
|
-
|
|
1066
|
-
|
|
1067
|
-
|
|
1068
|
-
|
|
1069
|
-
|
|
1070
|
-
|
|
1071
|
-
|
|
1072
|
-
|
|
1073
|
-
|
|
1074
|
-
|
|
1075
|
-
|
|
1076
|
-
|
|
1077
|
-
|
|
1078
|
-
|
|
1079
|
-
|
|
1080
|
-
|
|
1081
|
-
|
|
1082
|
-
|
|
1083
|
-
|
|
1084
|
-
|
|
1085
|
-
|
|
1086
|
-
|
|
1087
|
-
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1092
|
-
|
|
1093
|
-
|
|
1094
|
-
|
|
1095
|
-
|
|
1096
|
-
|
|
1097
|
-
|
|
1098
|
-
|
|
1099
|
-
|
|
1100
|
-
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
|
|
1104
|
-
|
|
1105
|
-
|
|
1106
|
-
|
|
1107
|
-
|
|
1108
|
-
|
|
1109
|
-
|
|
1110
|
-
|
|
1111
|
-
|
|
1112
|
-
|
|
1113
|
-
|
|
1114
|
-
solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
|
|
1115
|
-
solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),
|
|
1116
|
-
email: user.email,
|
|
1117
|
-
firstName: user.username,
|
|
1118
|
-
fullName: user.fullName,
|
|
1119
|
-
// TODO: Need to prefix this with the page url where the forgot password page will open up.
|
|
1120
|
-
passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>('frontendForgotPasswordPageUrl')}?token=${user.verificationTokenOnForgotPassword}`,
|
|
1121
|
-
companyLogoUrl: companyLogo
|
|
1122
|
-
},
|
|
1123
|
-
this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),
|
|
1124
|
-
null,
|
|
1125
|
-
null,
|
|
1126
|
-
'user',
|
|
1127
|
-
user.id
|
|
1128
|
-
);
|
|
1129
|
-
}
|
|
1130
|
-
// Assuming all users do not have mobile as mandatory.
|
|
1131
|
-
if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.MOBILE && user.mobile) {
|
|
1132
|
-
const smsService = this.smsFactory.getSmsService();
|
|
1133
|
-
smsService.sendSMSUsingTemplate(
|
|
1134
|
-
user.mobile,
|
|
1135
|
-
'forgot-password',
|
|
1136
|
-
{
|
|
1137
|
-
solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
|
|
1138
|
-
otp: user.verificationTokenOnForgotPassword,
|
|
1139
|
-
verificationTokenOnForgotPassword: user.verificationTokenOnForgotPassword,
|
|
1140
|
-
firstName: user.username,
|
|
1141
|
-
companyLogoUrl: companyLogo
|
|
1142
|
-
},
|
|
1143
|
-
this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),
|
|
1144
|
-
);
|
|
1145
|
-
}
|
|
1146
|
-
}
|
|
1147
|
-
|
|
1148
|
-
async generateTokens(user: User) {
|
|
1149
|
-
|
|
1150
|
-
const [accessToken, refreshToken] = await Promise.all([
|
|
1151
|
-
await this.generateAccessToken(user),
|
|
1152
|
-
await this.generateRefreshToken(user),
|
|
1153
|
-
]);
|
|
1154
|
-
|
|
1155
|
-
return {
|
|
1156
|
-
accessToken,
|
|
1157
|
-
refreshToken,
|
|
1158
|
-
};
|
|
1159
|
-
}
|
|
1160
|
-
|
|
1161
|
-
async generateAccessToken(user: User) {
|
|
1162
|
-
|
|
1163
|
-
// const userRoleNames = user.roles.map((role) => role.name).join(';')
|
|
1164
|
-
const userRoleNames = user.roles.map((role) => role.name);
|
|
1165
|
-
|
|
1166
|
-
const accessTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>("accessTokenTtl");
|
|
1167
|
-
const accessToken = await this.signToken<Partial<ActiveUserData>>(
|
|
1168
|
-
user.id,
|
|
1169
|
-
accessTokenTtl,
|
|
1170
|
-
{ username: user.username, email: user.email, roles: userRoleNames },
|
|
1171
|
-
);
|
|
1172
|
-
|
|
1173
|
-
return accessToken;
|
|
1174
|
-
}
|
|
1175
|
-
|
|
1176
|
-
async generateRefreshToken(user: User, previousRefreshToken?: string) {
|
|
1177
|
-
const refreshTokenId = randomUUID();
|
|
1178
|
-
const refreshTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>("refreshTokenTtl");
|
|
1179
|
-
const refreshToken = await this.signToken(user.id, refreshTokenTtl, {
|
|
1180
|
-
refreshTokenId,
|
|
1082
|
+
async changePassword(
|
|
1083
|
+
changePasswordDto: ChangePasswordDto,
|
|
1084
|
+
activeUser: ActiveUserData,
|
|
1085
|
+
) {
|
|
1086
|
+
const user = await this.userRepository.findOne({
|
|
1087
|
+
where: { id: changePasswordDto.id },
|
|
1088
|
+
});
|
|
1089
|
+
if (!user) {
|
|
1090
|
+
throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
1091
|
+
}
|
|
1092
|
+
|
|
1093
|
+
if (!user.active) {
|
|
1094
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
|
|
1095
|
+
}
|
|
1096
|
+
|
|
1097
|
+
// 2. Validate if user has used a provider which is "local", only then it makes sense for us to initiate the forgot password routine.
|
|
1098
|
+
if (user.lastLoginProvider !== "local") {
|
|
1099
|
+
throw new BadRequestException(ERROR_MESSAGES.NON_LOCAL_PROVIDER);
|
|
1100
|
+
}
|
|
1101
|
+
|
|
1102
|
+
// Check if ID's match
|
|
1103
|
+
if (!(user.id === activeUser.sub)) {
|
|
1104
|
+
throw new BadRequestException(ERROR_MESSAGES.USER_ID_MISMATCH);
|
|
1105
|
+
}
|
|
1106
|
+
|
|
1107
|
+
// Check if username's match
|
|
1108
|
+
if (!(user.username === activeUser.username)) {
|
|
1109
|
+
throw new BadRequestException(ERROR_MESSAGES.USERNAME_MISMATCH);
|
|
1110
|
+
}
|
|
1111
|
+
|
|
1112
|
+
// Check if old password is matching.
|
|
1113
|
+
const isEqual = await this.hashingService.compare(
|
|
1114
|
+
changePasswordDto.currentPassword,
|
|
1115
|
+
user.password,
|
|
1116
|
+
user.passwordSchemeVersion,
|
|
1117
|
+
);
|
|
1118
|
+
if (!isEqual) {
|
|
1119
|
+
throw new UnauthorizedException(
|
|
1120
|
+
ERROR_MESSAGES.INCORRECT_CURRENT_PASSWORD,
|
|
1121
|
+
);
|
|
1122
|
+
}
|
|
1123
|
+
|
|
1124
|
+
// Update Password
|
|
1125
|
+
const pwdData = await this.userService.hashPassword(
|
|
1126
|
+
changePasswordDto.newPassword,
|
|
1127
|
+
);
|
|
1128
|
+
user.password = changePasswordDto.newPassword;
|
|
1129
|
+
|
|
1130
|
+
user.password = pwdData.password;
|
|
1131
|
+
user.passwordScheme = pwdData.passwordScheme;
|
|
1132
|
+
user.passwordSchemeVersion = pwdData.passwordSchemeVersion;
|
|
1133
|
+
// Everytime the user changes the password we reset the forcePasswordChange flag back to false.
|
|
1134
|
+
user.forcePasswordChange = false;
|
|
1135
|
+
|
|
1136
|
+
await this.userRepository.save(user);
|
|
1137
|
+
|
|
1138
|
+
return true;
|
|
1139
|
+
}
|
|
1140
|
+
|
|
1141
|
+
// generate uuid token for forgot password
|
|
1142
|
+
private async generateForgotPasswordToken(user?: User) {
|
|
1143
|
+
const expiryTime = new Date();
|
|
1144
|
+
const forgotPasswordVerificationTokenExpiry =
|
|
1145
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1146
|
+
"forgotPasswordVerificationTokenExpiry",
|
|
1147
|
+
);
|
|
1148
|
+
const dummyOtp = this.getDummyOtpForUser(user);
|
|
1149
|
+
expiryTime.setMinutes(
|
|
1150
|
+
expiryTime.getMinutes() + forgotPasswordVerificationTokenExpiry,
|
|
1151
|
+
);
|
|
1152
|
+
|
|
1153
|
+
return {
|
|
1154
|
+
token: dummyOtp ? dummyOtp : uuidv4(),
|
|
1155
|
+
expiresAt: expiryTime,
|
|
1156
|
+
};
|
|
1157
|
+
}
|
|
1158
|
+
|
|
1159
|
+
async initiateForgotPassword(
|
|
1160
|
+
initiateForgotPasswordDto: InitiateForgotPasswordDto,
|
|
1161
|
+
) {
|
|
1162
|
+
// Steps / Algorithm:
|
|
1163
|
+
// 1. Identify the user using the specified "username", if not found exit.
|
|
1164
|
+
// const user = await this.userRepository.findOne({
|
|
1165
|
+
// where: { username: initiateForgotPasswordDto.username, }
|
|
1166
|
+
// });
|
|
1167
|
+
const user = await this.resolveUser(
|
|
1168
|
+
initiateForgotPasswordDto.username,
|
|
1169
|
+
initiateForgotPasswordDto.email,
|
|
1170
|
+
);
|
|
1171
|
+
|
|
1172
|
+
let isValidUser = true; // Instead of throwing exceptions we will simply return success message, this is to avoid user enumeration attacks.
|
|
1173
|
+
if (!user) {
|
|
1174
|
+
isValidUser = false;
|
|
1175
|
+
// throw new NotFoundException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
1176
|
+
}
|
|
1177
|
+
if (isValidUser && !user?.active) {
|
|
1178
|
+
isValidUser = false;
|
|
1179
|
+
// throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
1180
|
+
}
|
|
1181
|
+
|
|
1182
|
+
// 2. Validate if user has used a provider which is "local", only then it makes sense for us to initiate the forgot password routine.
|
|
1183
|
+
if (isValidUser && user?.lastLoginProvider !== "local") {
|
|
1184
|
+
isValidUser = false;
|
|
1185
|
+
// throw new BadRequestException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
1186
|
+
}
|
|
1187
|
+
|
|
1188
|
+
// 3. Generate a 6 digit validation token, we send this token to the user over their email & mobile number (controlled using configuration).
|
|
1189
|
+
// 4. Save this validation token in new fields on the user record.
|
|
1190
|
+
if (isValidUser) {
|
|
1191
|
+
const { token, expiresAt } = await this.generateForgotPasswordToken(user);
|
|
1192
|
+
user.verificationTokenOnForgotPassword = token;
|
|
1193
|
+
user.verificationTokenOnForgotPasswordExpiresAt = expiresAt;
|
|
1194
|
+
await this.userRepository.save(user);
|
|
1195
|
+
await this.notifyUserOnForgotPassword(user);
|
|
1196
|
+
}
|
|
1197
|
+
|
|
1198
|
+
// 5. Return.
|
|
1199
|
+
return {
|
|
1200
|
+
status: "success",
|
|
1201
|
+
message: SUCCESS_MESSAGES.FORGOT_PASSWORD_TOKEN_SENT,
|
|
1202
|
+
error: "",
|
|
1203
|
+
errorCode: "",
|
|
1204
|
+
data: {
|
|
1205
|
+
user: {
|
|
1206
|
+
email: user?.email,
|
|
1207
|
+
// mobile: user.mobile,
|
|
1208
|
+
// username: user.username,
|
|
1209
|
+
},
|
|
1210
|
+
},
|
|
1211
|
+
};
|
|
1212
|
+
}
|
|
1213
|
+
|
|
1214
|
+
private async notifyUserOnForgotPassword(user: User) {
|
|
1215
|
+
const companyLogo = await this.getCompanyLogo();
|
|
1216
|
+
|
|
1217
|
+
const forgotPasswordSendVerificationTokenOn =
|
|
1218
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1219
|
+
"forgotPasswordSendVerificationTokenOn",
|
|
1220
|
+
);
|
|
1221
|
+
|
|
1222
|
+
if (
|
|
1223
|
+
forgotPasswordSendVerificationTokenOn ==
|
|
1224
|
+
ForgotPasswordSendVerificationTokenOn.EMAIL
|
|
1225
|
+
) {
|
|
1226
|
+
const mailService = this.mailServiceFactory.getMailService();
|
|
1227
|
+
mailService.sendEmailUsingTemplate(
|
|
1228
|
+
user.email,
|
|
1229
|
+
"forgot-password",
|
|
1230
|
+
{
|
|
1231
|
+
solidAppName:
|
|
1232
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
1233
|
+
solidAppWebsiteUrl:
|
|
1234
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1235
|
+
"solidAppWebsiteUrl",
|
|
1236
|
+
),
|
|
1237
|
+
firstName: user.username,
|
|
1238
|
+
fullName: user.fullName,
|
|
1239
|
+
// TODO: Need to prefix this with the page url where the forgot password page will open up.
|
|
1240
|
+
passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>("frontendForgotPasswordPageUrl")}?token=${user.verificationTokenOnForgotPassword}`,
|
|
1241
|
+
companyLogoUrl: companyLogo,
|
|
1242
|
+
},
|
|
1243
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1244
|
+
"shouldQueueEmails",
|
|
1245
|
+
),
|
|
1246
|
+
null,
|
|
1247
|
+
null,
|
|
1248
|
+
"user",
|
|
1249
|
+
user.id,
|
|
1250
|
+
);
|
|
1251
|
+
}
|
|
1252
|
+
// Assuming all users do not have mobile as mandatory.
|
|
1253
|
+
if (
|
|
1254
|
+
forgotPasswordSendVerificationTokenOn ==
|
|
1255
|
+
ForgotPasswordSendVerificationTokenOn.MOBILE &&
|
|
1256
|
+
user.mobile
|
|
1257
|
+
) {
|
|
1258
|
+
const smsService = this.smsFactory.getSmsService();
|
|
1259
|
+
smsService.sendSMSUsingTemplate(
|
|
1260
|
+
user.mobile,
|
|
1261
|
+
"forgot-password",
|
|
1262
|
+
{
|
|
1263
|
+
solidAppName:
|
|
1264
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
1265
|
+
otp: user.verificationTokenOnForgotPassword,
|
|
1266
|
+
verificationTokenOnForgotPassword:
|
|
1267
|
+
user.verificationTokenOnForgotPassword,
|
|
1268
|
+
firstName: user.username,
|
|
1269
|
+
companyLogoUrl: companyLogo,
|
|
1270
|
+
},
|
|
1271
|
+
this.settingService.getConfigValue<SolidCoreSetting>("shouldQueueSms"),
|
|
1272
|
+
);
|
|
1273
|
+
}
|
|
1274
|
+
}
|
|
1275
|
+
|
|
1276
|
+
async confirmForgotPassword(
|
|
1277
|
+
confirmForgotPasswordDto: ConfirmForgotPasswordDto,
|
|
1278
|
+
) {
|
|
1279
|
+
return this.dataSource.transaction(async (m) => {
|
|
1280
|
+
// Resolve the user id first (by username/email), but DON'T check the token in JS.
|
|
1281
|
+
const user = await this.resolveUserByVerificationToken(
|
|
1282
|
+
confirmForgotPasswordDto.verificationToken,
|
|
1283
|
+
);
|
|
1284
|
+
if (!user)
|
|
1285
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
1286
|
+
if (user.lastLoginProvider !== "local")
|
|
1287
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
1288
|
+
if (!user.active)
|
|
1289
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
1290
|
+
|
|
1291
|
+
// 1) Atomically consume the token (only one request can succeed)
|
|
1292
|
+
const { affected } = await m
|
|
1293
|
+
.createQueryBuilder()
|
|
1294
|
+
.update(User)
|
|
1295
|
+
.set({
|
|
1296
|
+
forgotPasswordConfirmedAt: () => "NOW()",
|
|
1297
|
+
verificationTokenOnForgotPassword: () => "NULL",
|
|
1298
|
+
verificationTokenOnForgotPasswordExpiresAt: () => "NULL",
|
|
1181
1299
|
})
|
|
1182
|
-
|
|
1183
|
-
|
|
1184
|
-
|
|
1185
|
-
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
1189
|
-
|
|
1190
|
-
|
|
1191
|
-
|
|
1192
|
-
|
|
1193
|
-
|
|
1194
|
-
|
|
1195
|
-
|
|
1196
|
-
|
|
1197
|
-
|
|
1198
|
-
|
|
1199
|
-
|
|
1200
|
-
|
|
1201
|
-
|
|
1202
|
-
|
|
1203
|
-
|
|
1204
|
-
|
|
1205
|
-
|
|
1206
|
-
|
|
1207
|
-
|
|
1208
|
-
|
|
1209
|
-
|
|
1210
|
-
|
|
1211
|
-
|
|
1212
|
-
|
|
1213
|
-
|
|
1214
|
-
|
|
1215
|
-
|
|
1216
|
-
|
|
1217
|
-
|
|
1218
|
-
|
|
1219
|
-
|
|
1220
|
-
|
|
1221
|
-
|
|
1222
|
-
|
|
1223
|
-
|
|
1224
|
-
|
|
1225
|
-
|
|
1226
|
-
|
|
1227
|
-
|
|
1228
|
-
|
|
1229
|
-
|
|
1230
|
-
|
|
1231
|
-
|
|
1232
|
-
|
|
1233
|
-
|
|
1234
|
-
|
|
1235
|
-
|
|
1236
|
-
|
|
1237
|
-
|
|
1238
|
-
|
|
1239
|
-
|
|
1240
|
-
|
|
1241
|
-
|
|
1242
|
-
|
|
1243
|
-
|
|
1244
|
-
|
|
1245
|
-
|
|
1246
|
-
|
|
1247
|
-
|
|
1248
|
-
|
|
1249
|
-
|
|
1250
|
-
|
|
1251
|
-
|
|
1252
|
-
|
|
1253
|
-
|
|
1254
|
-
|
|
1255
|
-
|
|
1256
|
-
|
|
1300
|
+
.where("id = :id", { id: user.id })
|
|
1301
|
+
.andWhere("verificationTokenOnForgotPassword = :token", {
|
|
1302
|
+
token: confirmForgotPasswordDto.verificationToken,
|
|
1303
|
+
})
|
|
1304
|
+
.andWhere("verificationTokenOnForgotPasswordExpiresAt > NOW()")
|
|
1305
|
+
.execute();
|
|
1306
|
+
|
|
1307
|
+
if (affected !== 1) {
|
|
1308
|
+
// Token invalid/expired/already used (or a parallel call already consumed it)
|
|
1309
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
|
|
1310
|
+
}
|
|
1311
|
+
|
|
1312
|
+
// 2) Now update the password & history (still inside the same transaction)
|
|
1313
|
+
const pwdHash = await this.hashingService.hash(
|
|
1314
|
+
confirmForgotPasswordDto.password,
|
|
1315
|
+
);
|
|
1316
|
+
const pwdScheme = this.hashingService.name(); // e.g. bcrypt
|
|
1317
|
+
const pwdSchemeVersion = this.hashingService.currentVersion(); // e.g. 1, 2, 3 ...
|
|
1318
|
+
|
|
1319
|
+
// Check reuse with your existing method (ensure it looks at hashes).
|
|
1320
|
+
await m.getRepository(User).update(
|
|
1321
|
+
{ id: user.id },
|
|
1322
|
+
{
|
|
1323
|
+
password: pwdHash,
|
|
1324
|
+
passwordScheme: pwdScheme,
|
|
1325
|
+
passwordSchemeVersion: pwdSchemeVersion,
|
|
1326
|
+
},
|
|
1327
|
+
);
|
|
1328
|
+
await this.notifyUserOnPasswordChanged(user);
|
|
1329
|
+
|
|
1330
|
+
return {
|
|
1331
|
+
status: "success",
|
|
1332
|
+
message: SUCCESS_MESSAGES.FORGOT_PASSWORD_CONFIRMED,
|
|
1333
|
+
error: "",
|
|
1334
|
+
errorCode: "",
|
|
1335
|
+
data: {},
|
|
1336
|
+
};
|
|
1337
|
+
});
|
|
1338
|
+
}
|
|
1339
|
+
|
|
1340
|
+
private async notifyUserOnPasswordChanged(user: User) {
|
|
1341
|
+
const companyLogo = await this.getCompanyLogo();
|
|
1342
|
+
const forgotPasswordSendVerificationTokenOn =
|
|
1343
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1344
|
+
"forgotPasswordSendVerificationTokenOn",
|
|
1345
|
+
);
|
|
1346
|
+
|
|
1347
|
+
if (
|
|
1348
|
+
forgotPasswordSendVerificationTokenOn ==
|
|
1349
|
+
ForgotPasswordSendVerificationTokenOn.EMAIL
|
|
1350
|
+
) {
|
|
1351
|
+
const mailService = this.mailServiceFactory.getMailService();
|
|
1352
|
+
mailService.sendEmailUsingTemplate(
|
|
1353
|
+
user.email,
|
|
1354
|
+
"password-changed",
|
|
1355
|
+
{
|
|
1356
|
+
solidAppName:
|
|
1357
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
1358
|
+
solidAppWebsiteUrl:
|
|
1359
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1360
|
+
"solidAppWebsiteUrl",
|
|
1361
|
+
),
|
|
1362
|
+
email: user.email,
|
|
1363
|
+
firstName: user.username,
|
|
1364
|
+
fullName: user.fullName,
|
|
1365
|
+
// TODO: Need to prefix this with the page url where the forgot password page will open up.
|
|
1366
|
+
passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>("frontendForgotPasswordPageUrl")}?token=${user.verificationTokenOnForgotPassword}`,
|
|
1367
|
+
companyLogoUrl: companyLogo,
|
|
1368
|
+
},
|
|
1369
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1370
|
+
"shouldQueueEmails",
|
|
1371
|
+
),
|
|
1372
|
+
null,
|
|
1373
|
+
null,
|
|
1374
|
+
"user",
|
|
1375
|
+
user.id,
|
|
1376
|
+
);
|
|
1377
|
+
}
|
|
1378
|
+
// Assuming all users do not have mobile as mandatory.
|
|
1379
|
+
if (
|
|
1380
|
+
forgotPasswordSendVerificationTokenOn ==
|
|
1381
|
+
ForgotPasswordSendVerificationTokenOn.MOBILE &&
|
|
1382
|
+
user.mobile
|
|
1383
|
+
) {
|
|
1384
|
+
const smsService = this.smsFactory.getSmsService();
|
|
1385
|
+
smsService.sendSMSUsingTemplate(
|
|
1386
|
+
user.mobile,
|
|
1387
|
+
"forgot-password",
|
|
1388
|
+
{
|
|
1389
|
+
solidAppName:
|
|
1390
|
+
this.settingService.getConfigValue<SolidCoreSetting>("appTitle"),
|
|
1391
|
+
otp: user.verificationTokenOnForgotPassword,
|
|
1392
|
+
verificationTokenOnForgotPassword:
|
|
1393
|
+
user.verificationTokenOnForgotPassword,
|
|
1394
|
+
firstName: user.username,
|
|
1395
|
+
companyLogoUrl: companyLogo,
|
|
1396
|
+
},
|
|
1397
|
+
this.settingService.getConfigValue<SolidCoreSetting>("shouldQueueSms"),
|
|
1398
|
+
);
|
|
1399
|
+
}
|
|
1400
|
+
}
|
|
1401
|
+
|
|
1402
|
+
async generateTokens(user: User) {
|
|
1403
|
+
const [accessToken, refreshToken] = await Promise.all([
|
|
1404
|
+
await this.generateAccessToken(user),
|
|
1405
|
+
await this.generateRefreshToken(user),
|
|
1406
|
+
]);
|
|
1407
|
+
|
|
1408
|
+
return {
|
|
1409
|
+
accessToken,
|
|
1410
|
+
refreshToken,
|
|
1411
|
+
};
|
|
1412
|
+
}
|
|
1413
|
+
|
|
1414
|
+
async generateAccessToken(user: User) {
|
|
1415
|
+
// const userRoleNames = user.roles.map((role) => role.name).join(';')
|
|
1416
|
+
const userRoleNames = user.roles.map((role) => role.name);
|
|
1417
|
+
|
|
1418
|
+
const accessTokenTtl =
|
|
1419
|
+
this.settingService.getConfigValue<SolidCoreSetting>("accessTokenTtl");
|
|
1420
|
+
const accessToken = await this.signToken<Partial<ActiveUserData>>(
|
|
1421
|
+
user.id,
|
|
1422
|
+
accessTokenTtl,
|
|
1423
|
+
{ username: user.username, email: user.email, roles: userRoleNames },
|
|
1424
|
+
);
|
|
1425
|
+
|
|
1426
|
+
return accessToken;
|
|
1427
|
+
}
|
|
1428
|
+
|
|
1429
|
+
async generateRefreshToken(user: User, previousRefreshToken?: string) {
|
|
1430
|
+
const refreshTokenId = randomUUID();
|
|
1431
|
+
const refreshTokenTtl =
|
|
1432
|
+
this.settingService.getConfigValue<SolidCoreSetting>("refreshTokenTtl");
|
|
1433
|
+
const refreshToken = await this.signToken(user.id, refreshTokenTtl, {
|
|
1434
|
+
refreshTokenId,
|
|
1435
|
+
});
|
|
1436
|
+
|
|
1437
|
+
// store the refresh token id in the redis storage.
|
|
1438
|
+
await this.refreshTokenIdsStorage.insert(
|
|
1439
|
+
user.id,
|
|
1440
|
+
refreshToken,
|
|
1441
|
+
previousRefreshToken,
|
|
1442
|
+
);
|
|
1443
|
+
|
|
1444
|
+
return refreshToken;
|
|
1445
|
+
}
|
|
1446
|
+
|
|
1447
|
+
async refreshTokens(refreshTokenDto: RefreshTokenDto) {
|
|
1448
|
+
try {
|
|
1449
|
+
const secret =
|
|
1450
|
+
this.settingService.getConfigValue<SolidCoreSetting>("secret");
|
|
1451
|
+
const audience =
|
|
1452
|
+
this.settingService.getConfigValue<SolidCoreSetting>("audience");
|
|
1453
|
+
const issuer =
|
|
1454
|
+
this.settingService.getConfigValue<SolidCoreSetting>("issuer");
|
|
1455
|
+
|
|
1456
|
+
const { sub } = await this.jwtService.verifyAsync<
|
|
1457
|
+
Pick<ActiveUserData, "sub"> & { refreshTokenId: string }
|
|
1458
|
+
>(refreshTokenDto.refreshToken, {
|
|
1459
|
+
secret,
|
|
1460
|
+
audience,
|
|
1461
|
+
issuer,
|
|
1462
|
+
});
|
|
1463
|
+
// const user = await this.userRepository.findOneByOrFail({ id: sub });
|
|
1464
|
+
const user = await this.userRepository.findOne({
|
|
1465
|
+
where: {
|
|
1466
|
+
id: sub,
|
|
1467
|
+
},
|
|
1468
|
+
relations: {
|
|
1469
|
+
roles: true,
|
|
1470
|
+
},
|
|
1471
|
+
});
|
|
1472
|
+
if (!user) {
|
|
1473
|
+
throw new UnauthorizedException(ERROR_MESSAGES.SESSION_INVALID);
|
|
1474
|
+
}
|
|
1475
|
+
|
|
1476
|
+
// TODO: Replace the if else condition below with a call to validateAndRotate - Done
|
|
1477
|
+
// const isValid = await this.refreshTokenIdsStorage.validate(user.id, refreshTokenId);
|
|
1478
|
+
// if (isValid) {
|
|
1479
|
+
// // Refresh token rotation.
|
|
1480
|
+
// await this.refreshTokenIdsStorage.invalidate(user.id);
|
|
1481
|
+
// } else {
|
|
1482
|
+
// throw new Error('Refresh token is invalid');
|
|
1483
|
+
// }
|
|
1484
|
+
|
|
1485
|
+
const currentRefreshToken =
|
|
1486
|
+
await this.refreshTokenIdsStorage.validateAndRotate(
|
|
1487
|
+
user,
|
|
1488
|
+
refreshTokenDto.refreshToken,
|
|
1257
1489
|
);
|
|
1258
|
-
}
|
|
1259
|
-
|
|
1260
|
-
// PROVIDER SPECIFIC CODE
|
|
1261
|
-
async validateUserUsingGoogle(user: User) {
|
|
1262
|
-
try {
|
|
1263
|
-
// Make API call to Google OAuth service to fetch user profile
|
|
1264
|
-
const response = await this.httpService.axiosRef.get(`https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=${user.googleAccessToken}`);
|
|
1265
|
-
const userProfile = response.data;
|
|
1266
|
-
|
|
1267
|
-
// Ensure the fetched profile email & provider Id match the ones we have stored in the database earlier.
|
|
1268
|
-
if (userProfile.email === user.email && userProfile.id === user.googleId) {
|
|
1269
|
-
// TODO: remove the access code both from the database.
|
|
1270
|
-
return userProfile;
|
|
1271
|
-
} else {
|
|
1272
|
-
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_USER_PROFILE);
|
|
1273
|
-
}
|
|
1274
|
-
} catch (error) {
|
|
1275
|
-
throw new UnauthorizedException(ERROR_MESSAGES.GOOGLE_OAUTH_PROFILE_FETCH_FAILED);
|
|
1276
|
-
}
|
|
1277
|
-
}
|
|
1278
|
-
|
|
1279
|
-
async signInUsingGoogle(accessCode: string) {
|
|
1280
|
-
const user = await this.userRepository.findOne({
|
|
1281
|
-
where: {
|
|
1282
|
-
accessCode: accessCode
|
|
1283
|
-
},
|
|
1284
|
-
relations: {
|
|
1285
|
-
roles: true
|
|
1286
|
-
}
|
|
1287
|
-
});
|
|
1288
|
-
|
|
1289
|
-
if (!user) {
|
|
1290
|
-
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
1291
|
-
}
|
|
1292
|
-
this.checkAccountBlocked(user);
|
|
1293
|
-
|
|
1294
|
-
try {
|
|
1295
|
-
await this.validateUserUsingGoogle(user);
|
|
1296
|
-
} catch (e) {
|
|
1297
|
-
await this.incrementFailedAttempts(user);
|
|
1298
|
-
throw e;
|
|
1299
|
-
}
|
|
1300
|
-
|
|
1301
|
-
await this.resetFailedAttempts(user);
|
|
1302
|
-
const tokens = await this.generateTokens(user);
|
|
1303
|
-
return {
|
|
1304
|
-
user: {
|
|
1305
|
-
email: user.email,
|
|
1306
|
-
mobile: user.mobile,
|
|
1307
|
-
username: user.username,
|
|
1308
|
-
// forcePasswordChange: user.forcePasswordChange,
|
|
1309
|
-
id: user.id,
|
|
1310
|
-
roles: user.roles.map((role) => role.name)
|
|
1311
|
-
},
|
|
1312
|
-
...tokens
|
|
1313
|
-
}
|
|
1314
|
-
}
|
|
1315
|
-
|
|
1316
|
-
private async isPasswordlessRegistrationEnabled() {
|
|
1317
|
-
// return this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistration');
|
|
1318
|
-
return this.settingService.getConfigValue<SolidCoreSetting>('passwordLessAuth');
|
|
1319
|
-
}
|
|
1320
|
-
|
|
1321
|
-
private checkAccountBlocked(user: User): void {
|
|
1322
|
-
const maxFailedAttempts = this.settingService.getConfigValue<SolidCoreSetting>('maxFailedLoginAttempts') as number;
|
|
1323
|
-
if (maxFailedAttempts > 0 && user.failedLoginAttempts >= maxFailedAttempts) {
|
|
1324
|
-
throw new ForbiddenException(ERROR_MESSAGES.ACCOUNT_BLOCKED);
|
|
1325
|
-
}
|
|
1326
|
-
}
|
|
1327
|
-
|
|
1328
|
-
private async incrementFailedAttempts(user: User): Promise<void> {
|
|
1329
|
-
const nextFailedAttempts = (user.failedLoginAttempts ?? 0) + 1;
|
|
1330
|
-
user.failedLoginAttempts = nextFailedAttempts;
|
|
1331
|
-
await this.userRepository.update(user.id, { failedLoginAttempts: nextFailedAttempts });
|
|
1332
|
-
}
|
|
1333
|
-
|
|
1334
|
-
private async resetFailedAttempts(user: User): Promise<void> {
|
|
1335
|
-
if (user.failedLoginAttempts === 0) return;
|
|
1336
|
-
user.failedLoginAttempts = 0;
|
|
1337
|
-
await this.userRepository.update(user.id, { failedLoginAttempts: 0 });
|
|
1338
|
-
}
|
|
1339
|
-
|
|
1340
|
-
//FIXME - Pending implementation
|
|
1341
|
-
// async logout() {
|
|
1342
|
-
// // const user = this.request.user; //TODO: // Access the user from the execution context
|
|
1343
|
-
|
|
1344
|
-
// // Invalidate the refresh token
|
|
1345
|
-
// // await this.refreshTokenIdsStorage.invalidate(user.id);
|
|
1346
|
-
// }
|
|
1347
|
-
async logout(refreshToken: string) {
|
|
1348
|
-
try {
|
|
1349
|
-
// const activeUser = this.requestContextService.getActiveUser();
|
|
1350
|
-
// const userId = activeUser?.sub;
|
|
1351
|
-
// const user = await this.userRepository.findOne({
|
|
1352
|
-
// where: {
|
|
1353
|
-
// id: userId,
|
|
1354
|
-
// }
|
|
1355
|
-
// })
|
|
1356
|
-
// // Invalidate refresh token if you store them
|
|
1357
|
-
// await this.refreshTokenIdsStorage.invalidate(userId); // ← Your existing logic
|
|
1358
|
-
// if (!refreshToken) {
|
|
1359
|
-
// throw new UnauthorizedException('Refresh token is required');
|
|
1360
|
-
// }
|
|
1361
|
-
const payload = this.jwtService.decode(refreshToken) as any;
|
|
1362
|
-
|
|
1363
|
-
if (!payload || !payload.sub) {
|
|
1364
|
-
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_REFRESH_TOKEN);
|
|
1365
|
-
}
|
|
1366
|
-
|
|
1367
|
-
const userId = payload.sub;
|
|
1368
|
-
await this.refreshTokenIdsStorage.invalidate(userId);
|
|
1369
|
-
const user = await this.userRepository.findOne({
|
|
1370
|
-
where: {
|
|
1371
|
-
id: userId,
|
|
1372
|
-
}
|
|
1373
|
-
})
|
|
1374
|
-
// Log logout event
|
|
1375
|
-
await this.userActivityHistoryService.logEvent('logout', user);
|
|
1376
|
-
|
|
1377
|
-
return { message: SUCCESS_MESSAGES.LOGOUT_SUCCESS };
|
|
1378
|
-
} catch (err) {
|
|
1379
|
-
throw err instanceof UnauthorizedException || err instanceof InternalServerErrorException
|
|
1380
|
-
? err
|
|
1381
|
-
: new InternalServerErrorException(ERROR_MESSAGES.LOGOUT_FAILED);
|
|
1382
|
-
}
|
|
1383
|
-
}
|
|
1384
1490
|
|
|
1385
|
-
|
|
1386
|
-
|
|
1387
|
-
|
|
1388
|
-
|
|
1389
|
-
|
|
1390
|
-
|
|
1391
|
-
|
|
1392
|
-
|
|
1393
|
-
|
|
1394
|
-
|
|
1395
|
-
|
|
1396
|
-
|
|
1397
|
-
|
|
1398
|
-
|
|
1399
|
-
|
|
1400
|
-
|
|
1401
|
-
|
|
1402
|
-
|
|
1403
|
-
|
|
1404
|
-
|
|
1405
|
-
|
|
1406
|
-
|
|
1407
|
-
|
|
1408
|
-
|
|
1491
|
+
await this.userActivityHistoryService.logEvent("tokenRefreshed", user);
|
|
1492
|
+
|
|
1493
|
+
return {
|
|
1494
|
+
accessToken: await this.generateAccessToken(user),
|
|
1495
|
+
refreshToken: currentRefreshToken,
|
|
1496
|
+
};
|
|
1497
|
+
} catch (err) {
|
|
1498
|
+
if (err instanceof InvalidatedRefreshTokenError) {
|
|
1499
|
+
// Take action: notify user that his refresh token might have been stolen?
|
|
1500
|
+
throw new UnauthorizedException(ERROR_MESSAGES.ACCESS_DENIED);
|
|
1501
|
+
}
|
|
1502
|
+
|
|
1503
|
+
throw new UnauthorizedException(ERROR_MESSAGES.SESSION_EXPIRED);
|
|
1504
|
+
}
|
|
1505
|
+
}
|
|
1506
|
+
|
|
1507
|
+
private async signToken<T>(userId: number, expiresIn: number, payload?: T) {
|
|
1508
|
+
const audience =
|
|
1509
|
+
this.settingService.getConfigValue<SolidCoreSetting>("audience");
|
|
1510
|
+
const issuer =
|
|
1511
|
+
this.settingService.getConfigValue<SolidCoreSetting>("issuer");
|
|
1512
|
+
const secret =
|
|
1513
|
+
this.settingService.getConfigValue<SolidCoreSetting>("secret");
|
|
1514
|
+
|
|
1515
|
+
return await this.jwtService.signAsync(
|
|
1516
|
+
{
|
|
1517
|
+
sub: userId,
|
|
1518
|
+
...payload,
|
|
1519
|
+
},
|
|
1520
|
+
{
|
|
1521
|
+
audience,
|
|
1522
|
+
issuer,
|
|
1523
|
+
secret,
|
|
1524
|
+
expiresIn,
|
|
1525
|
+
},
|
|
1526
|
+
);
|
|
1527
|
+
}
|
|
1528
|
+
|
|
1529
|
+
// PROVIDER SPECIFIC CODE
|
|
1530
|
+
async validateUserUsingGoogle(user: User) {
|
|
1531
|
+
try {
|
|
1532
|
+
// Make API call to Google OAuth service to fetch user profile
|
|
1533
|
+
const response = await this.httpService.axiosRef.get(
|
|
1534
|
+
`https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=${user.googleAccessToken}`,
|
|
1535
|
+
);
|
|
1536
|
+
const userProfile = response.data;
|
|
1537
|
+
|
|
1538
|
+
// Ensure the fetched profile email & provider Id match the ones we have stored in the database earlier.
|
|
1539
|
+
if (
|
|
1540
|
+
userProfile.email === user.email &&
|
|
1541
|
+
userProfile.id === user.googleId
|
|
1542
|
+
) {
|
|
1543
|
+
// TODO: remove the access code both from the database.
|
|
1544
|
+
return userProfile;
|
|
1545
|
+
} else {
|
|
1546
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_USER_PROFILE);
|
|
1547
|
+
}
|
|
1548
|
+
} catch (error) {
|
|
1549
|
+
throw new UnauthorizedException(
|
|
1550
|
+
ERROR_MESSAGES.GOOGLE_OAUTH_PROFILE_FETCH_FAILED,
|
|
1551
|
+
);
|
|
1552
|
+
}
|
|
1553
|
+
}
|
|
1554
|
+
|
|
1555
|
+
async signInUsingGoogle(accessCode: string) {
|
|
1556
|
+
const user = await this.userRepository.findOne({
|
|
1557
|
+
where: {
|
|
1558
|
+
accessCode: accessCode,
|
|
1559
|
+
},
|
|
1560
|
+
relations: {
|
|
1561
|
+
roles: true,
|
|
1562
|
+
},
|
|
1563
|
+
});
|
|
1564
|
+
|
|
1565
|
+
if (!user) {
|
|
1566
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
1567
|
+
}
|
|
1568
|
+
this.checkAccountBlocked(user);
|
|
1569
|
+
|
|
1570
|
+
try {
|
|
1571
|
+
await this.validateUserUsingGoogle(user);
|
|
1572
|
+
} catch (e) {
|
|
1573
|
+
await this.incrementFailedAttempts(user);
|
|
1574
|
+
throw e;
|
|
1575
|
+
}
|
|
1576
|
+
|
|
1577
|
+
await this.resetFailedAttempts(user);
|
|
1578
|
+
const tokens = await this.generateTokens(user);
|
|
1579
|
+
return {
|
|
1580
|
+
user: {
|
|
1581
|
+
email: user.email,
|
|
1582
|
+
mobile: user.mobile,
|
|
1583
|
+
username: user.username,
|
|
1584
|
+
// forcePasswordChange: user.forcePasswordChange,
|
|
1585
|
+
id: user.id,
|
|
1586
|
+
roles: user.roles.map((role) => role.name),
|
|
1587
|
+
},
|
|
1588
|
+
...tokens,
|
|
1589
|
+
};
|
|
1590
|
+
}
|
|
1591
|
+
|
|
1592
|
+
async validateUserUsingFacebook(user: User) {
|
|
1593
|
+
try {
|
|
1594
|
+
const response = await this.httpService.axiosRef.get(
|
|
1595
|
+
`https://graph.facebook.com/me?fields=id,name,email&access_token=${user.facebookAccessToken}`,
|
|
1596
|
+
);
|
|
1597
|
+
const userProfile = response.data;
|
|
1598
|
+
|
|
1599
|
+
if (
|
|
1600
|
+
userProfile.id === user.facebookId &&
|
|
1601
|
+
(!user.email || !userProfile.email || userProfile.email === user.email)
|
|
1602
|
+
) {
|
|
1603
|
+
return userProfile;
|
|
1604
|
+
} else {
|
|
1605
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_USER_PROFILE);
|
|
1606
|
+
}
|
|
1607
|
+
} catch (error) {
|
|
1608
|
+
throw new UnauthorizedException("Facebook OAuth profile fetch failed");
|
|
1609
|
+
}
|
|
1610
|
+
}
|
|
1611
|
+
|
|
1612
|
+
async signInUsingFacebook(accessCode: string) {
|
|
1613
|
+
const user = await this.userRepository.findOne({
|
|
1614
|
+
where: {
|
|
1615
|
+
accessCode: accessCode,
|
|
1616
|
+
},
|
|
1617
|
+
relations: {
|
|
1618
|
+
roles: true,
|
|
1619
|
+
},
|
|
1620
|
+
});
|
|
1621
|
+
|
|
1622
|
+
if (!user) {
|
|
1623
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
1624
|
+
}
|
|
1625
|
+
this.checkAccountBlocked(user);
|
|
1626
|
+
|
|
1627
|
+
try {
|
|
1628
|
+
await this.validateUserUsingFacebook(user);
|
|
1629
|
+
} catch (e) {
|
|
1630
|
+
await this.incrementFailedAttempts(user);
|
|
1631
|
+
throw e;
|
|
1632
|
+
}
|
|
1633
|
+
|
|
1634
|
+
await this.resetFailedAttempts(user);
|
|
1635
|
+
const tokens = await this.generateTokens(user);
|
|
1636
|
+
return {
|
|
1637
|
+
user: {
|
|
1638
|
+
email: user.email,
|
|
1639
|
+
mobile: user.mobile,
|
|
1640
|
+
username: user.username,
|
|
1641
|
+
id: user.id,
|
|
1642
|
+
roles: user.roles.map((role) => role.name),
|
|
1643
|
+
},
|
|
1644
|
+
...tokens,
|
|
1645
|
+
};
|
|
1646
|
+
}
|
|
1647
|
+
|
|
1648
|
+
async validateUserUsingMicrosoft(user: User) {
|
|
1649
|
+
try {
|
|
1650
|
+
const response = await this.httpService.axiosRef.get(
|
|
1651
|
+
`https://graph.microsoft.com/v1.0/me`,
|
|
1652
|
+
{
|
|
1653
|
+
headers: {
|
|
1654
|
+
Authorization: `Bearer ${user.microsoftAccessToken}`,
|
|
1655
|
+
},
|
|
1656
|
+
},
|
|
1657
|
+
);
|
|
1658
|
+
const userProfile = response.data;
|
|
1659
|
+
const profileEmail = userProfile.mail || userProfile.userPrincipalName;
|
|
1660
|
+
|
|
1661
|
+
if (
|
|
1662
|
+
userProfile.id === user.microsoftId &&
|
|
1663
|
+
(!user.email || profileEmail === user.email)
|
|
1664
|
+
) {
|
|
1665
|
+
return userProfile;
|
|
1666
|
+
} else {
|
|
1667
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_USER_PROFILE);
|
|
1668
|
+
}
|
|
1669
|
+
} catch (error) {
|
|
1670
|
+
throw new UnauthorizedException("Microsoft OAuth profile fetch failed");
|
|
1671
|
+
}
|
|
1672
|
+
}
|
|
1673
|
+
|
|
1674
|
+
async signInUsingMicrosoft(accessCode: string) {
|
|
1675
|
+
const user = await this.userRepository.findOne({
|
|
1676
|
+
where: {
|
|
1677
|
+
accessCode: accessCode,
|
|
1678
|
+
},
|
|
1679
|
+
relations: {
|
|
1680
|
+
roles: true,
|
|
1681
|
+
},
|
|
1682
|
+
});
|
|
1683
|
+
|
|
1684
|
+
if (!user) {
|
|
1685
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
1686
|
+
}
|
|
1687
|
+
this.checkAccountBlocked(user);
|
|
1688
|
+
|
|
1689
|
+
try {
|
|
1690
|
+
await this.validateUserUsingMicrosoft(user);
|
|
1691
|
+
} catch (e) {
|
|
1692
|
+
await this.incrementFailedAttempts(user);
|
|
1693
|
+
throw e;
|
|
1694
|
+
}
|
|
1695
|
+
|
|
1696
|
+
await this.resetFailedAttempts(user);
|
|
1697
|
+
const tokens = await this.generateTokens(user);
|
|
1698
|
+
return {
|
|
1699
|
+
user: {
|
|
1700
|
+
email: user.email,
|
|
1701
|
+
mobile: user.mobile,
|
|
1702
|
+
username: user.username,
|
|
1703
|
+
id: user.id,
|
|
1704
|
+
roles: user.roles.map((role) => role.name),
|
|
1705
|
+
},
|
|
1706
|
+
...tokens,
|
|
1707
|
+
};
|
|
1708
|
+
}
|
|
1709
|
+
|
|
1710
|
+
async signInUsingApple(accessCode: string) {
|
|
1711
|
+
const user = await this.userRepository.findOne({
|
|
1712
|
+
where: {
|
|
1713
|
+
accessCode: accessCode,
|
|
1714
|
+
},
|
|
1715
|
+
relations: {
|
|
1716
|
+
roles: true,
|
|
1717
|
+
},
|
|
1718
|
+
});
|
|
1719
|
+
|
|
1720
|
+
if (!user) {
|
|
1721
|
+
throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
1722
|
+
}
|
|
1723
|
+
this.checkAccountBlocked(user);
|
|
1724
|
+
|
|
1725
|
+
// Apple OAuth token validation is typically handled by the strategy itself
|
|
1726
|
+
// as it involves verifying the JWT idToken.
|
|
1727
|
+
// If we want to re-verify here, we'd need to verify the appleAccessToken or idToken.
|
|
1728
|
+
// For now, we follow the pattern of trust in the accessCode generated after successful strategy validation.
|
|
1729
|
+
|
|
1730
|
+
await this.resetFailedAttempts(user);
|
|
1731
|
+
const tokens = await this.generateTokens(user);
|
|
1732
|
+
return {
|
|
1733
|
+
user: {
|
|
1734
|
+
email: user.email,
|
|
1735
|
+
mobile: user.mobile,
|
|
1736
|
+
username: user.username,
|
|
1737
|
+
id: user.id,
|
|
1738
|
+
roles: user.roles.map((role) => role.name),
|
|
1739
|
+
},
|
|
1740
|
+
...tokens,
|
|
1741
|
+
};
|
|
1742
|
+
}
|
|
1743
|
+
|
|
1744
|
+
private async isPasswordlessRegistrationEnabled() {
|
|
1745
|
+
// return this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistration');
|
|
1746
|
+
return this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1747
|
+
"passwordLessAuth",
|
|
1748
|
+
);
|
|
1749
|
+
}
|
|
1750
|
+
|
|
1751
|
+
private checkAccountBlocked(user: User): void {
|
|
1752
|
+
const maxFailedAttempts =
|
|
1753
|
+
this.settingService.getConfigValue<SolidCoreSetting>(
|
|
1754
|
+
"maxFailedLoginAttempts",
|
|
1755
|
+
) as number;
|
|
1756
|
+
if (
|
|
1757
|
+
maxFailedAttempts > 0 &&
|
|
1758
|
+
user.failedLoginAttempts >= maxFailedAttempts
|
|
1759
|
+
) {
|
|
1760
|
+
throw new ForbiddenException(ERROR_MESSAGES.ACCOUNT_BLOCKED);
|
|
1761
|
+
}
|
|
1762
|
+
}
|
|
1763
|
+
|
|
1764
|
+
private async incrementFailedAttempts(user: User): Promise<void> {
|
|
1765
|
+
const nextFailedAttempts = (user.failedLoginAttempts ?? 0) + 1;
|
|
1766
|
+
user.failedLoginAttempts = nextFailedAttempts;
|
|
1767
|
+
await this.userRepository.update(user.id, {
|
|
1768
|
+
failedLoginAttempts: nextFailedAttempts,
|
|
1769
|
+
});
|
|
1770
|
+
}
|
|
1771
|
+
|
|
1772
|
+
private async resetFailedAttempts(user: User): Promise<void> {
|
|
1773
|
+
if (user.failedLoginAttempts === 0) return;
|
|
1774
|
+
user.failedLoginAttempts = 0;
|
|
1775
|
+
await this.userRepository.update(user.id, { failedLoginAttempts: 0 });
|
|
1776
|
+
}
|
|
1777
|
+
|
|
1778
|
+
//FIXME - Pending implementation
|
|
1779
|
+
// async logout() {
|
|
1780
|
+
// // const user = this.request.user; //TODO: // Access the user from the execution context
|
|
1781
|
+
|
|
1782
|
+
// // Invalidate the refresh token
|
|
1783
|
+
// // await this.refreshTokenIdsStorage.invalidate(user.id);
|
|
1784
|
+
// }
|
|
1785
|
+
async logout(refreshToken: string) {
|
|
1786
|
+
try {
|
|
1787
|
+
// const activeUser = this.requestContextService.getActiveUser();
|
|
1788
|
+
// const userId = activeUser?.sub;
|
|
1789
|
+
// const user = await this.userRepository.findOne({
|
|
1790
|
+
// where: {
|
|
1791
|
+
// id: userId,
|
|
1792
|
+
// }
|
|
1793
|
+
// })
|
|
1794
|
+
// // Invalidate refresh token if you store them
|
|
1795
|
+
// await this.refreshTokenIdsStorage.invalidate(userId); // ← Your existing logic
|
|
1796
|
+
// if (!refreshToken) {
|
|
1797
|
+
// throw new UnauthorizedException('Refresh token is required');
|
|
1798
|
+
// }
|
|
1799
|
+
const payload = this.jwtService.decode(refreshToken) as any;
|
|
1800
|
+
|
|
1801
|
+
if (!payload || !payload.sub) {
|
|
1802
|
+
throw new UnauthorizedException(ERROR_MESSAGES.INVALID_REFRESH_TOKEN);
|
|
1803
|
+
}
|
|
1804
|
+
|
|
1805
|
+
const userId = payload.sub;
|
|
1806
|
+
await this.refreshTokenIdsStorage.invalidate(userId);
|
|
1807
|
+
const user = await this.userRepository.findOne({
|
|
1808
|
+
where: {
|
|
1809
|
+
id: userId,
|
|
1810
|
+
},
|
|
1811
|
+
});
|
|
1812
|
+
// Log logout event
|
|
1813
|
+
await this.userActivityHistoryService.logEvent("logout", user);
|
|
1814
|
+
|
|
1815
|
+
return { message: SUCCESS_MESSAGES.LOGOUT_SUCCESS };
|
|
1816
|
+
} catch (err) {
|
|
1817
|
+
throw err instanceof UnauthorizedException ||
|
|
1818
|
+
err instanceof InternalServerErrorException
|
|
1819
|
+
? err
|
|
1820
|
+
: new InternalServerErrorException(ERROR_MESSAGES.LOGOUT_FAILED);
|
|
1821
|
+
}
|
|
1822
|
+
}
|
|
1823
|
+
|
|
1824
|
+
async activateUser(userId: number) {
|
|
1825
|
+
const user = await this.userService.findOne(userId, {});
|
|
1826
|
+
if (!user) {
|
|
1827
|
+
throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);
|
|
1828
|
+
}
|
|
1829
|
+
user.active = true;
|
|
1830
|
+
await this.userRepository.save(user);
|
|
1831
|
+
}
|
|
1832
|
+
|
|
1833
|
+
async me(activeUser: ActiveUserData) {
|
|
1834
|
+
const user = await this.userRepository.findOne({
|
|
1835
|
+
where: {
|
|
1836
|
+
id: activeUser.sub,
|
|
1837
|
+
},
|
|
1838
|
+
relations: {
|
|
1839
|
+
roles: true,
|
|
1840
|
+
},
|
|
1841
|
+
});
|
|
1842
|
+
|
|
1843
|
+
// const tokens = await this.generateTokens(user);
|
|
1844
|
+
|
|
1845
|
+
// Get the refresh token for a user from refresh token storage.
|
|
1846
|
+
const refreshTokenState =
|
|
1847
|
+
await this.refreshTokenIdsStorage.getCurrentRefreshTokenState(user.id);
|
|
1409
1848
|
|
|
1410
1849
|
const response = {
|
|
1411
1850
|
user: {
|
|
@@ -1447,17 +1886,17 @@ export class AuthenticationService {
|
|
|
1447
1886
|
}
|
|
1448
1887
|
|
|
1449
1888
|
function parseUniqueConstraintError(detail: string): string {
|
|
1450
|
-
|
|
1451
|
-
|
|
1452
|
-
|
|
1453
|
-
|
|
1454
|
-
|
|
1455
|
-
|
|
1456
|
-
|
|
1457
|
-
|
|
1458
|
-
|
|
1459
|
-
|
|
1460
|
-
|
|
1461
|
-
|
|
1462
|
-
|
|
1889
|
+
const match = detail.match(/Key \(([^)]+)\)=\(([^)]+)\) already exists\./);
|
|
1890
|
+
if (match) {
|
|
1891
|
+
const field = match[1];
|
|
1892
|
+
const value = match[2];
|
|
1893
|
+
const fieldMap: Record<string, string> = {
|
|
1894
|
+
username: "username",
|
|
1895
|
+
email: "email address",
|
|
1896
|
+
full_name_user_key: "full name",
|
|
1897
|
+
};
|
|
1898
|
+
const friendlyField = fieldMap[field] || field;
|
|
1899
|
+
return `A user with ${friendlyField} "${value}" already exists.`;
|
|
1900
|
+
}
|
|
1901
|
+
return detail;
|
|
1463
1902
|
}
|