@spinajs/rbac-http-user 2.0.187 → 2.0.188

package/lib/cjs/2fa/SpeakEasy2FaToken.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=SpeakEasy2FaToken.d.ts.map

package/lib/cjs/2fa/SpeakEasy2FaToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SpeakEasy2FaToken.d.ts","sourceRoot":"","sources":["../../../src/2fa/SpeakEasy2FaToken.ts"],"names":[],"mappings":""}

package/lib/cjs/2fa/SpeakEasy2FaToken.js

@@ -0,0 +1,48 @@
+// import { Injectable } from '@spinajs/di';
+// import * as speakeasy from 'speakeasy';
+// import { User } from '@spinajs/rbac';
+// import { Config } from '@spinajs/configuration';
+// import { Log, Logger } from '@spinajs/log';
+// @Injectable(TwoFactorAuthProvider)
+// export class SpeakEasy2FaToken extends TwoFactorAuthProvider {
+//   @Config('rbac.speakeasy')
+//   protected Config: any;
+//   @Logger('SPEAKEASY_2FA_TOKEN')
+//   protected Log: Log;
+//   constructor() {
+//     super();
+//   }
+//   public execute(_: User): Promise<void> {
+//     // empty, speakasy works offline eg. google authenticator
+//     // we dont send any email or sms
+//     return Promise.resolve();
+//   }
+//   public async verifyToken(token: string, user: User): Promise<boolean> {
+//     const meta = user.Metadata.find((x) => x.Key === '2fa_speakeasy_token');
+//     if (!meta || meta.Value === '') {
+//       this.Log.trace(`Cannot verify 2fa token, no 2fa token for user ${user.Id}`);
+//       return false;
+//     }
+//     const verified = speakeasy.totp.verify({
+//       secret: meta.Value,
+//       encoding: 'base32',
+//       token,
+//       window: 5,
+//     });
+//     return verified;
+//   }
+//   public async initialize(user: User): Promise<any> {
+//     const secret = speakeasy.generateSecret(this.Config);
+//     await (user.Metadata['2fa_speakeasy_token'] = secret.base32);
+//     return secret.base32;
+//   }
+//   public async isEnabled(user: User): Promise<boolean> {
+//     const val = await user.Metadata['2fa_enabled'];
+//     return val as boolean;
+//   }
+//   public async isInitialized(user: User): Promise<boolean> {
+//     const val = await user.Metadata['2fa_speakeasy_token'];
+//     return val !== '';
+//   }
+// }
+//# sourceMappingURL=SpeakEasy2FaToken.js.map

package/lib/cjs/2fa/SpeakEasy2FaToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SpeakEasy2FaToken.js","sourceRoot":"","sources":["../../../src/2fa/SpeakEasy2FaToken.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,0CAA0C;AAC1C,wCAAwC;AACxC,mDAAmD;AACnD,8CAA8C;AAE9C,qCAAqC;AACrC,iEAAiE;AACjE,8BAA8B;AAC9B,2BAA2B;AAE3B,mCAAmC;AACnC,wBAAwB;AAExB,oBAAoB;AACpB,eAAe;AACf,MAAM;AAEN,6CAA6C;AAC7C,gEAAgE;AAChE,uCAAuC;AACvC,gCAAgC;AAChC,MAAM;AAEN,4EAA4E;AAC5E,+EAA+E;AAE/E,wCAAwC;AACxC,qFAAqF;AAErF,sBAAsB;AACtB,QAAQ;AAER,+CAA+C;AAC/C,4BAA4B;AAC5B,4BAA4B;AAC5B,eAAe;AACf,mBAAmB;AACnB,UAAU;AAEV,uBAAuB;AACvB,MAAM;AAEN,wDAAwD;AACxD,4DAA4D;AAC5D,oEAAoE;AACpE,4BAA4B;AAC5B,MAAM;AAEN,2DAA2D;AAC3D,sDAAsD;AACtD,6BAA6B;AAC7B,MAAM;AAEN,+DAA+D;AAC/D,8DAA8D;AAC9D,yBAAyB;AACzB,MAAM;AACN,IAAI"}

package/lib/cjs/config/rbac-http.d.ts

@@ -0,0 +1,34 @@
+declare const rbacHttp: {
+    system: {
+        dirs: {
+            controllers: string[];
+            locales: string[];
+            views: string[];
+        };
+    };
+    rbac: {
+        twoFactorAuth: {
+            enabled: boolean;
+            service: string;
+        };
+        fingerprint: {
+            enabled: boolean;
+            maxDevices: number;
+            service: string;
+        };
+        password: {
+            tokenTTL: number;
+            /**
+             * Block account after invalid login attempts
+             */
+            blockAfterAttempts: number;
+        };
+        /**
+         * Should federated login be enabled ? eg. facebook
+         */
+        allowFederated: boolean;
+    };
+    http: {};
+};
+export default rbacHttp;
+//# sourceMappingURL=rbac-http.d.ts.map

package/lib/cjs/config/rbac-http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-http.d.ts","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;YAsBR;;eAEG;;;QAGL;;WAEG;;;;CAQN,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/lib/cjs/config/rbac-http.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = require("path");
+function dir(path) {
+    const inCommonJs = typeof module !== 'undefined';
+    return (0, path_1.resolve)((0, path_1.normalize)((0, path_1.join)(process.cwd(), 'node_modules', '@spinajs', 'metrics', 'lib', inCommonJs ? 'cjs' : 'mjs', path)));
+}
+const rbacHttp = {
+    system: {
+        dirs: {
+            controllers: [dir('controllers')],
+            locales: [dir('locales')],
+            views: [dir('views')],
+        },
+    },
+    rbac: {
+        twoFactorAuth: {
+            enabled: true,
+            service: 'SpeakEasy2FaToken',
+        },
+        fingerprint: {
+            enabled: false,
+            maxDevices: 3,
+            service: 'FingerprintJs',
+        },
+        password: {
+            // password reset token ttl in minutes
+            tokenTTL: 60,
+            /**
+             * Block account after invalid login attempts
+             */
+            blockAfterAttempts: 3,
+        },
+        /**
+         * Should federated login be enabled ? eg. facebook
+         */
+        allowFederated: false,
+    },
+    http: {
+    // middlewares: [
+    //   // add global user from session middleware
+    // ],
+    },
+};
+exports.default = rbacHttp;
+//# sourceMappingURL=rbac-http.js.map

package/lib/cjs/config/rbac-http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-http.js","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACjI,CAAC;AAGD,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,WAAW,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACjC,OAAO,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACzB,KAAK,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;SACtB;KACF;IACD,IAAI,EAAE;QACJ,aAAa,EAAE;YACb,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,mBAAmB;SAC7B;QACD,WAAW,EAAE;YACX,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,eAAe;SACzB;QACD,QAAQ,EAAE;YACR,sCAAsC;YACtC,QAAQ,EAAE,EAAE;YAEZ;;eAEG;YACH,kBAAkB,EAAE,CAAC;SACtB;QACD;;WAEG;QACH,cAAc,EAAE,KAAK;KACtB;IACD,IAAI,EAAE;IACJ,iBAAiB;IACjB,+CAA+C;IAC/C,KAAK;KACN;CACF,CAAC;AAEF,kBAAe,QAAQ,CAAC"}

package/lib/cjs/controllers/AuthController.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=AuthController.d.ts.map

package/lib/cjs/controllers/AuthController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/AuthController.ts"],"names":[],"mappings":""}

package/lib/cjs/controllers/AuthController.js

@@ -0,0 +1,211 @@
+// import { InvalidOperation } from '@spinajs/exceptions';
+// import { UserLoginDto } from '../dto/userLogin-dto.js';
+// import { BaseController, BasePath, Post, Body, Ok, Get, Cookie, CookieResponse, Unauthorized, Policy, Query, BadRequest, NotFound } from '@spinajs/http';
+// import { AuthProvider, FederatedAuthProvider, PasswordProvider, PasswordValidationProvider, Session, SessionProvider, User, User as UserModel, UserMetadata, UserPasswordChanged } from '@spinajs/rbac';
+// import { Autoinject } from '@spinajs/di';
+// import { AutoinjectService, Config, Configuration } from '@spinajs/configuration';
+// import _ from 'lodash';
+// import { FingerprintProvider, TwoFactorAuthProvider } from '../interfaces.js';
+// import { QueueService } from '@spinajs/queue';
+// import { NotLoggedPolicy } from '../policies/NotLoggedPolicy.js';
+// import { UserPasswordRestore } from '../events/UserPassordRestore.js';
+// import { RestorePasswordDto } from '../dto/restore-password-dto.js';
+// import { v4 as uuidv4 } from 'uuid';
+// import { DateTime } from 'luxon';
+// import { UserAction } from '@spinajs/rbac';
+// import { UserLoginSuccess } from '../events/UserLoginSuccess.js';
+// @BasePath('auth')
+// @Policy(NotLoggedPolicy)
+// export class LoginController extends BaseController {
+//   @Autoinject()
+//   protected Configuration: Configuration;
+//   @AutoinjectService('rbac.auth')
+//   protected AuthProvider: AuthProvider;
+//   @AutoinjectService('rbac.session')
+//   protected SessionProvider: SessionProvider;
+//   @Config('rbac.session.expiration', {
+//     defaultValue: 120,
+//   })
+//   protected SessionExpirationTime: number;
+//   @Config('rbac.password_reset.ttl')
+//   protected PasswordResetTokenTTL: number;
+//   @AutoinjectService('rbac.twoFactorAuth')
+//   protected TwoFactorAuthProvider: TwoFactorAuthProvider;
+//   @AutoinjectService('rbac.fingerprint')
+//   protected FingerprintProvider: FingerprintProvider;
+//   @AutoinjectService('rbac.password.validation')
+//   protected PasswordValidationService: PasswordValidationProvider;
+//   @Autoinject(FederatedAuthProvider)
+//   protected FederatedLoginStrategies: FederatedAuthProvider<any>[];
+//   @Autoinject()
+//   protected PasswordProvider: PasswordProvider;
+//   @Autoinject(QueueService)
+//   protected Queue: QueueService;
+//   @Post()
+//   public async login(@Body() credentials: UserLoginDto) {
+//     const result = await this.AuthProvider.authenticate(credentials.Email, credentials.Password);
+//     if (!result.Error) {
+//       // proceed with standard authentication
+//       return await this.authenticate(result.User);
+//     }
+//     return new Unauthorized(result.Error);
+//   }
+//   @Post('new-password')
+//   public async setNewPassword(@Query() token: string, @Body() pwd: RestorePasswordDto) {
+//     const user = await User.query()
+//       .innerJoin(UserMetadata, function () {
+//         this.where({
+//           Key: 'password:reset:token',
+//           Value: token,
+//         });
+//       })
+//       .populate('Metadata')
+//       .first();
+//     if (!user) {
+//       return new NotFound({
+//         error: {
+//           code: 'ERR_USER_NOT_FOUND',
+//           message: 'No user found for this reset token',
+//         },
+//       });
+//     }
+//     const val = (await user.Metadata['password:reset:start']) as DateTime;
+//     const now = DateTime.now().plus({ seconds: -this.PasswordResetTokenTTL });
+//     if (val < now) {
+//       return new BadRequest({
+//         error: {
+//           code: 'ERR_RESET_TOKEN_EXPIRED',
+//           message: 'Password reset token expired',
+//         },
+//       });
+//     }
+//     if (!this.PasswordValidationService.check(pwd.Password)) {
+//       return new BadRequest({
+//         error: {
+//           code: 'ERR_PASSWORD_RULE',
+//           message: 'Invalid password, does not match password rules',
+//         },
+//       });
+//     }
+//     if (pwd.Password !== pwd.ConfirmPassword) {
+//       return new BadRequest({
+//         error: {
+//           code: 'ERR_PASSWORD_NOT_MATCH',
+//           message: 'Password and repeat password does not match',
+//         },
+//       });
+//     }
+//     const hashedPassword = await this.PasswordProvider.hash(pwd.Password);
+//     user.Password = hashedPassword;
+//     await user.update();
+//     /**
+//      * Delete all reset related meta for user
+//      */
+//     await user.Metadata.delete(/password:reset.*/);
+//     // add to action list
+//     await user.Actions.add(
+//       new UserAction({
+//         Persistent: true,
+//         Action: 'password:reset',
+//       }),
+//     );
+//     // inform others
+//     await this.Queue.emit(new UserPasswordChanged(user.Uuid));
+//   }
+//   @Post('forgot-password')
+//   public async forgotPassword(@Body() login: UserLoginDto) {
+//     const user = await this.AuthProvider.getByEmail(login.Email);
+//     if (!user.IsActive || user.IsBanned || user.DeletedAt !== null) {
+//       return new InvalidOperation('User is inactive, banned or deleted. Contact system administrator');
+//     }
+//     const token = uuidv4();
+//     // assign meta to user
+//     await (user.Metadata['password:reset'] = true);
+//     await (user.Metadata['password:reset:token'] = token);
+//     await (user.Metadata['password:reset:start'] = DateTime.now());
+//     await user.Actions.add(
+//       new UserAction({
+//         Action: 'user:password:reset',
+//         Data: DateTime.now().toISO(),
+//         Persistent: true,
+//       }),
+//     );
+//     await this.Queue.emit(new UserPasswordRestore(user.Uuid, token));
+//     return new Ok({
+//       reset_token: token,
+//       ttl: this.PasswordResetTokenTTL,
+//     });
+//   }
+//   protected async authenticate(user: UserModel, federated?: boolean) {
+//     if (!user) {
+//       return new Unauthorized({
+//         error: {
+//           message: 'login or password incorrect',
+//         },
+//       });
+//     }
+//     await user.Metadata.populate();
+//     const session = new Session();
+//     const dUser = user.dehydrate();
+//     session.Data.set('User', dUser);
+//     // we found user but we still dont know if is authorized
+//     // eg. 2fa auth is not performed
+//     // create session, but user is not yet authorized
+//     session.Data.set('Authorized', false);
+//     // if its federated login, skip 2fa - assume
+//     // external login service provided it
+//     if (this.TwoFactorConfig.enabled || !federated) {
+//       await this.SessionProvider.save(session);
+//       const enabledForUser = await this.TwoFactorAuthProvider.isEnabled(user);
+//       /**
+//        * if 2fa is enabled for user, proceed
+//        */
+//       if (enabledForUser) {
+//         /**
+//          * check if 2fa system is initialized for user eg. private key is generated.
+//          */
+//         const isInitialized = await this.TwoFactorAuthProvider.isInitialized(user);
+//         if (!isInitialized) {
+//           const twoFaResult = await this.TwoFactorAuthProvider.initialize(user);
+//           return new CookieResponse(
+//             'ssid',
+//             session.SessionId,
+//             this.SessionExpirationTime,
+//             true,
+//             {
+//               toFactorAuth: true,
+//               twoFactorAuthFirstTime: true,
+//               method: this.TwoFactorConfig.service,
+//               data: twoFaResult,
+//             },
+//             { httpOnly: true },
+//           );
+//         }
+//         // give chance to execute 2fa eg. send sms or email
+//         await this.TwoFactorAuthProvider.execute(user);
+//         // return session to identify user
+//         // and only info that twoFactor auth is requested
+//         return new CookieResponse(
+//           'ssid',
+//           session.SessionId,
+//           this.SessionExpirationTime,
+//           true,
+//           {
+//             toFactorAuth: true,
+//           },
+//           { httpOnly: true },
+//         );
+//       }
+//     }
+//     // 2fa is not enabled, so we found user, it means it is logged
+//     session.Data.set('Authorized', true);
+//     await this.SessionProvider.save(session);
+//     await this.Queue.emit(new UserLoginSuccess(user.Uuid));
+//     user.LastLoginAt = DateTime.now();
+//     await user.update();
+//     // BEWARE: httpOnly coockie, only accesible via http method in browser
+//     // return coockie session id with additional user data
+//     return new CookieResponse('ssid', session.SessionId, this.SessionExpirationTime, true, dUser, { httpOnly: true });
+//   }
+// }
+//# sourceMappingURL=AuthController.js.map

package/lib/cjs/controllers/AuthController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthController.js","sourceRoot":"","sources":["../../../src/controllers/AuthController.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,0DAA0D;AAC1D,4JAA4J;AAC5J,2MAA2M;AAC3M,4CAA4C;AAC5C,qFAAqF;AACrF,0BAA0B;AAC1B,iFAAiF;AACjF,iDAAiD;AAEjD,oEAAoE;AACpE,yEAAyE;AACzE,uEAAuE;AAEvE,uCAAuC;AACvC,oCAAoC;AACpC,8CAA8C;AAC9C,oEAAoE;AAEpE,oBAAoB;AACpB,2BAA2B;AAC3B,wDAAwD;AACxD,kBAAkB;AAClB,4CAA4C;AAE5C,oCAAoC;AACpC,0CAA0C;AAE1C,uCAAuC;AACvC,gDAAgD;AAEhD,yCAAyC;AACzC,yBAAyB;AACzB,OAAO;AACP,6CAA6C;AAE7C,uCAAuC;AACvC,6CAA6C;AAE7C,6CAA6C;AAC7C,4DAA4D;AAE5D,2CAA2C;AAC3C,wDAAwD;AAExD,mDAAmD;AACnD,qEAAqE;AAErE,uCAAuC;AACvC,sEAAsE;AAEtE,kBAAkB;AAClB,kDAAkD;AAElD,8BAA8B;AAC9B,mCAAmC;AAEnC,YAAY;AACZ,4DAA4D;AAC5D,oGAAoG;AAEpG,2BAA2B;AAC3B,gDAAgD;AAChD,qDAAqD;AACrD,QAAQ;AAER,6CAA6C;AAC7C,MAAM;AAEN,0BAA0B;AAC1B,2FAA2F;AAC3F,sCAAsC;AACtC,+CAA+C;AAC/C,uBAAuB;AACvB,yCAAyC;AACzC,0BAA0B;AAC1B,cAAc;AACd,WAAW;AACX,8BAA8B;AAC9B,kBAAkB;AAElB,mBAAmB;AACnB,8BAA8B;AAC9B,mBAAmB;AACnB,wCAAwC;AACxC,2DAA2D;AAC3D,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,6EAA6E;AAC7E,iFAAiF;AAEjF,uBAAuB;AACvB,gCAAgC;AAChC,mBAAmB;AACnB,6CAA6C;AAC7C,qDAAqD;AACrD,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,iEAAiE;AACjE,gCAAgC;AAChC,mBAAmB;AACnB,uCAAuC;AACvC,wEAAwE;AACxE,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,kDAAkD;AAClD,gCAAgC;AAChC,mBAAmB;AACnB,4CAA4C;AAC5C,oEAAoE;AACpE,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,6EAA6E;AAC7E,sCAAsC;AAEtC,2BAA2B;AAE3B,UAAU;AACV,gDAAgD;AAChD,UAAU;AACV,sDAAsD;AAEtD,4BAA4B;AAC5B,8BAA8B;AAC9B,yBAAyB;AACzB,4BAA4B;AAC5B,oCAAoC;AACpC,YAAY;AACZ,SAAS;AAET,uBAAuB;AACvB,iEAAiE;AACjE,MAAM;AAEN,6BAA6B;AAC7B,+DAA+D;AAC/D,oEAAoE;AAEpE,wEAAwE;AACxE,0GAA0G;AAC1G,QAAQ;AAER,8BAA8B;AAE9B,6BAA6B;AAC7B,sDAAsD;AACtD,6DAA6D;AAC7D,sEAAsE;AAEtE,8BAA8B;AAC9B,yBAAyB;AACzB,yCAAyC;AACzC,wCAAwC;AACxC,4BAA4B;AAC5B,YAAY;AACZ,SAAS;AAET,wEAAwE;AAExE,sBAAsB;AACtB,4BAA4B;AAC5B,yCAAyC;AACzC,UAAU;AACV,MAAM;AAIN,yEAAyE;AACzE,mBAAmB;AACnB,kCAAkC;AAClC,mBAAmB;AACnB,oDAAoD;AACpD,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,sCAAsC;AAEtC,qCAAqC;AACrC,sCAAsC;AACtC,uCAAuC;AAEvC,+DAA+D;AAC/D,uCAAuC;AACvC,wDAAwD;AACxD,6CAA6C;AAE7C,mDAAmD;AACnD,4CAA4C;AAC5C,wDAAwD;AACxD,kDAAkD;AAElD,iFAAiF;AAEjF,YAAY;AACZ,+CAA+C;AAC/C,YAAY;AACZ,8BAA8B;AAC9B,cAAc;AACd,uFAAuF;AACvF,cAAc;AACd,sFAAsF;AACtF,gCAAgC;AAChC,mFAAmF;AAEnF,uCAAuC;AACvC,sBAAsB;AACtB,iCAAiC;AACjC,0CAA0C;AAC1C,oBAAoB;AACpB,gBAAgB;AAChB,oCAAoC;AACpC,8CAA8C;AAC9C,sDAAsD;AACtD,mCAAmC;AACnC,iBAAiB;AACjB,kCAAkC;AAClC,eAAe;AACf,YAAY;AAEZ,8DAA8D;AAC9D,0DAA0D;AAE1D,6CAA6C;AAC7C,4DAA4D;AAC5D,qCAAqC;AACrC,oBAAoB;AACpB,+BAA+B;AAC/B,wCAAwC;AACxC,kBAAkB;AAClB,cAAc;AACd,kCAAkC;AAClC,eAAe;AACf,gCAAgC;AAChC,aAAa;AACb,UAAU;AACV,QAAQ;AAER,qEAAqE;AACrE,4CAA4C;AAC5C,gDAAgD;AAEhD,8DAA8D;AAE9D,yCAAyC;AACzC,2BAA2B;AAE3B,6EAA6E;AAC7E,6DAA6D;AAC7D,yHAAyH;AACzH,MAAM;AACN,IAAI"}

package/lib/cjs/controllers/FederatedLoginController.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=FederatedLoginController.d.ts.map

package/lib/cjs/controllers/FederatedLoginController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"FederatedLoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/FederatedLoginController.ts"],"names":[],"mappings":""}

package/lib/cjs/controllers/FederatedLoginController.js

@@ -0,0 +1,38 @@
+// import { InvalidOperation } from '@spinajs/exceptions';
+// import { BaseController, BasePath, Post, Body, Ok, Get, Unauthorized, Header, Policy } from '@spinajs/http';
+// import { FederatedAuthProvider } from '@spinajs/rbac';
+// import { Autoinject } from '@spinajs/di';
+// import _ from 'lodash';
+// import { AllowFederatedLoginPolicy } from '../policies/AllowFederatedLoginPolicy.js';
+// @BasePath('user/auth')
+// export class LoginController extends BaseController {
+//   @Autoinject(FederatedAuthProvider)
+//   protected FederatedLoginStrategies: FederatedAuthProvider<any>[];
+//   @Post('federated-login')
+//   @Policy(AllowFederatedLoginPolicy)
+//   public async loginFederated(@Body() credentials: unknown, @Header('Host') caller: string) {
+//     const strategy = this.FederatedLoginStrategies.find((x) => x.callerCheck(caller));
+//     if (!strategy) {
+//       throw new InvalidOperation(`No auth stragegy registered for caller ${caller}`);
+//     }
+//     const result = await strategy.authenticate(credentials);
+//     if (!result.Error) {
+//       // proceed with standard authentication
+//       return await this.authenticate(result.User);
+//     }
+//     return new Unauthorized(result.Error);
+//   }
+//   /**
+//    *
+//    * Api call for listing avaible federated login strategies
+//    *
+//    * @returns response with avaible login strategies
+//    */
+//   @Get()
+//   @Policy(NotLoggedPolicy)
+//   @Policy(AllowFederatedLoginPolicy)
+//   public async federatedLoginList() {
+//     return new Ok(this.FederatedLoginStrategies.map((x) => x.Name));
+//   }
+// }
+//# sourceMappingURL=FederatedLoginController.js.map

package/lib/cjs/controllers/FederatedLoginController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"FederatedLoginController.js","sourceRoot":"","sources":["../../../src/controllers/FederatedLoginController.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,+GAA+G;AAC/G,yDAAyD;AACzD,4CAA4C;AAC5C,0BAA0B;AAC1B,wFAAwF;AAExF,yBAAyB;AACzB,wDAAwD;AACxD,uCAAuC;AACvC,sEAAsE;AAEtE,6BAA6B;AAC7B,uCAAuC;AACvC,gGAAgG;AAChG,yFAAyF;AACzF,uBAAuB;AACvB,wFAAwF;AACxF,QAAQ;AAER,+DAA+D;AAC/D,2BAA2B;AAC3B,gDAAgD;AAChD,qDAAqD;AACrD,QAAQ;AAER,6CAA6C;AAC7C,MAAM;AAEN,QAAQ;AACR,OAAO;AACP,+DAA+D;AAC/D,OAAO;AACP,uDAAuD;AACvD,QAAQ;AACR,WAAW;AACX,6BAA6B;AAC7B,uCAAuC;AACvC,wCAAwC;AACxC,uEAAuE;AACvE,MAAM;AACN,IAAI"}

package/lib/cjs/controllers/LoginController.d.ts

@@ -0,0 +1,13 @@
+import { UserLoginDto } from '../dto/userLogin-dto.js';
+import { BaseController, Ok, Unauthorized } from '@spinajs/http';
+import { AuthProvider, SessionProvider } from '@spinajs/rbac';
+import { Configuration } from '@spinajs/configuration';
+export declare class LoginController extends BaseController {
+    protected Configuration: Configuration;
+    protected AuthProvider: AuthProvider;
+    protected SessionProvider: SessionProvider;
+    protected SessionExpirationTime: number;
+    login(credentials: UserLoginDto): Promise<Ok | Unauthorized>;
+    logout(ssid: string): Promise<Ok>;
+}
+//# sourceMappingURL=LoginController.d.ts.map

package/lib/cjs/controllers/LoginController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAqB,MAAM,eAAe,CAAC;AAEjF,OAAO,EAA6B,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAIlF,qBACa,eAAgB,SAAQ,cAAc;IAEjD,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC;IAGvC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC;IAGrC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAK3C,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IAI3B,KAAK,CAAS,WAAW,EAAE,YAAY;IAkJvC,MAAM,CAAW,IAAI,EAAE,MAAM;CA0G3C"}

package/lib/cjs/controllers/LoginController.js

@@ -0,0 +1,202 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoginController = void 0;
+const userLogin_dto_js_1 = require("../dto/userLogin-dto.js");
+const http_1 = require("@spinajs/http");
+const rbac_1 = require("@spinajs/rbac");
+const di_1 = require("@spinajs/di");
+const configuration_1 = require("@spinajs/configuration");
+const rbac_http_1 = require("@spinajs/rbac-http");
+let LoginController = class LoginController extends http_1.BaseController {
+    async login(credentials) {
+        try {
+            const user = await (0, rbac_1.auth)(credentials.Email, credentials.Password);
+            const session = new rbac_1.UserSession();
+            const dUser = user.dehydrate();
+            session.Data.set('User', dUser);
+            // TEMP
+            session.Data.set('Authorized', true);
+            await this.SessionProvider.save(session);
+            this._log.trace('User logged in', user);
+            return new http_1.Ok(user, {
+                Coockies: [
+                    {
+                        Name: 'ssid',
+                        Value: session.SessionId,
+                        Options: {
+                            httpOnly: true,
+                            maxAge: this.SessionExpirationTime,
+                        },
+                    },
+                ],
+            });
+        }
+        catch (err) {
+            this._log.error(err);
+            return new http_1.Unauthorized({
+                error: {
+                    code: 'E_AUTH_FAILED',
+                    message: 'login or password incorrect',
+                },
+            });
+        }
+    }
+    // @Post('new-password')
+    // @Policy(NotLoggedPolicy)
+    // public async setNewPassword(@Query() token: string, @Body() pwd: RestorePasswordDto) {
+    //   const user = await User.query()
+    //     .innerJoin(UserMetadata, function () {
+    //       this.where({
+    //         Key: 'password:reset:token',
+    //         Value: token,
+    //       });
+    //     })
+    //     .populate('Metadata')
+    //     .first();
+    //   if (!user) {
+    //     return new NotFound({
+    //       error: {
+    //         code: 'ERR_USER_NOT_FOUND',
+    //         message: 'No user found for this reset token',
+    //       },
+    //     });
+    //   }
+    //   const val = (await user.Metadata['password:reset:start']) as DateTime;
+    //   const now = DateTime.now().plus({ seconds: -this.PasswordResetTokenTTL });
+    //   if (val < now) {
+    //     return new BadRequest({
+    //       error: {
+    //         code: 'ERR_RESET_TOKEN_EXPIRED',
+    //         message: 'Password reset token expired',
+    //       },
+    //     });
+    //   }
+    //   if (!this.PasswordValidationService.check(pwd.Password)) {
+    //     return new BadRequest({
+    //       error: {
+    //         code: 'ERR_PASSWORD_RULE',
+    //         message: 'Invalid password, does not match password rules',
+    //       },
+    //     });
+    //   }
+    //   if (pwd.Password !== pwd.ConfirmPassword) {
+    //     return new BadRequest({
+    //       error: {
+    //         code: 'ERR_PASSWORD_NOT_MATCH',
+    //         message: 'Password and repeat password does not match',
+    //       },
+    //     });
+    //   }
+    //   const hashedPassword = await this.PasswordProvider.hash(pwd.Password);
+    //   user.Password = hashedPassword;
+    //   await user.update();
+    //   /**
+    //    * Delete all reset related meta for user
+    //    */
+    //   await user.Metadata.delete(/password:reset.*/);
+    //   // add to action list
+    //   await user.Actions.add(
+    //     new UserAction({
+    //       Persistent: true,
+    //       Action: 'password:reset',
+    //     }),
+    //   );
+    //   // inform others
+    //   await this.Queue.emit(new UserPasswordChanged(user.Uuid));
+    // }
+    // @Post('forgot-password')
+    // @Policy(NotLoggedPolicy)
+    // public async forgotPassword(@Body() login: UserLoginDto) {
+    //   const user = await this.AuthProvider.getByEmail(login.Email);
+    //   if (!user.IsActive || user.IsBanned || user.DeletedAt !== null) {
+    //     return new InvalidOperation('User is inactive, banned or deleted. Contact system administrator');
+    //   }
+    //   const token = uuidv4();
+    //   // assign meta to user
+    //   await (user.Metadata['password:reset'] = true);
+    //   await (user.Metadata['password:reset:token'] = token);
+    //   await (user.Metadata['password:reset:start'] = DateTime.now());
+    //   await user.Actions.add(
+    //     new UserAction({
+    //       Action: 'user:password:reset',
+    //       Data: DateTime.now().toISO(),
+    //       Persistent: true,
+    //     }),
+    //   );
+    //   await this.Queue.emit(new UserPasswordRestore(user.Uuid, token));
+    //   return new Ok({
+    //     reset_token: token,
+    //     ttl: this.PasswordResetTokenTTL,
+    //   });
+    // }
+    async logout(ssid) {
+        if (!ssid) {
+            return new http_1.Ok();
+        }
+        await this.SessionProvider.delete(ssid);
+        // send empty cookie to confirm session deletion
+        return new http_1.Ok(null, {
+            Coockies: [
+                {
+                    Name: 'ssid',
+                    Value: '',
+                    Options: {
+                        httpOnly: true,
+                        maxAge: 0,
+                    },
+                },
+            ],
+        });
+    }
+};
+exports.LoginController = LoginController;
+__decorate([
+    (0, di_1.Autoinject)(),
+    __metadata("design:type", configuration_1.Configuration)
+], LoginController.prototype, "Configuration", void 0);
+__decorate([
+    (0, configuration_1.AutoinjectService)('rbac.auth'),
+    __metadata("design:type", rbac_1.AuthProvider)
+], LoginController.prototype, "AuthProvider", void 0);
+__decorate([
+    (0, configuration_1.AutoinjectService)('rbac.session'),
+    __metadata("design:type", rbac_1.SessionProvider)
+], LoginController.prototype, "SessionProvider", void 0);
+__decorate([
+    (0, configuration_1.Config)('rbac.session.expiration', {
+        defaultValue: 120,
+    }),
+    __metadata("design:type", Number)
+], LoginController.prototype, "SessionExpirationTime", void 0);
+__decorate([
+    (0, http_1.Post)(),
+    (0, http_1.Policy)(rbac_http_1.NotLoggedPolicy),
+    __param(0, (0, http_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [userLogin_dto_js_1.UserLoginDto]),
+    __metadata("design:returntype", Promise)
+], LoginController.prototype, "login", null);
+__decorate([
+    (0, http_1.Get)(),
+    (0, http_1.Policy)(rbac_http_1.LoggedPolicy),
+    __param(0, (0, http_1.Cookie)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], LoginController.prototype, "logout", null);
+exports.LoginController = LoginController = __decorate([
+    (0, http_1.BasePath)('/auth')
+], LoginController);
+//# sourceMappingURL=LoginController.js.map

package/lib/cjs/controllers/LoginController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8DAAuD;AACvD,wCAA4G;AAC5G,wCAAiF;AACjF,oCAAyC;AACzC,0DAAkF;AAElF,kDAAmE;AAG5D,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,qBAAc;IAiBpC,AAAN,KAAK,CAAC,KAAK,CAAS,WAAyB;QAClD,IAAI;YACF,MAAM,IAAI,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,kBAAW,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAEhC,OAAO;YACP,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YAErC,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YAExC,OAAO,IAAI,SAAE,CAAC,IAAI,EAAE;gBAClB,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAM;wBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;wBACxB,OAAO,EAAE;4BACP,QAAQ,EAAE,IAAI;4BACd,MAAM,EAAE,IAAI,CAAC,qBAAqB;yBACnC;qBACF;iBACF;aACF,CAAC,CAAC;SACJ;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,mBAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;SACJ;IACH,CAAC;IAED,wBAAwB;IACxB,2BAA2B;IAC3B,yFAAyF;IACzF,oCAAoC;IACpC,6CAA6C;IAC7C,qBAAqB;IACrB,uCAAuC;IACvC,wBAAwB;IACxB,YAAY;IACZ,SAAS;IACT,4BAA4B;IAC5B,gBAAgB;IAEhB,iBAAiB;IACjB,4BAA4B;IAC5B,iBAAiB;IACjB,sCAAsC;IACtC,yDAAyD;IACzD,WAAW;IACX,UAAU;IACV,MAAM;IAEN,2EAA2E;IAC3E,+EAA+E;IAE/E,qBAAqB;IACrB,8BAA8B;IAC9B,iBAAiB;IACjB,2CAA2C;IAC3C,mDAAmD;IACnD,WAAW;IACX,UAAU;IACV,MAAM;IAEN,+DAA+D;IAC/D,8BAA8B;IAC9B,iBAAiB;IACjB,qCAAqC;IACrC,sEAAsE;IACtE,WAAW;IACX,UAAU;IACV,MAAM;IAEN,gDAAgD;IAChD,8BAA8B;IAC9B,iBAAiB;IACjB,0CAA0C;IAC1C,kEAAkE;IAClE,WAAW;IACX,UAAU;IACV,MAAM;IAEN,2EAA2E;IAC3E,oCAAoC;IAEpC,yBAAyB;IAEzB,QAAQ;IACR,8CAA8C;IAC9C,QAAQ;IACR,oDAAoD;IAEpD,0BAA0B;IAC1B,4BAA4B;IAC5B,uBAAuB;IACvB,0BAA0B;IAC1B,kCAAkC;IAClC,UAAU;IACV,OAAO;IAEP,qBAAqB;IACrB,+DAA+D;IAC/D,IAAI;IAEJ,2BAA2B;IAC3B,2BAA2B;IAC3B,6DAA6D;IAC7D,kEAAkE;IAElE,sEAAsE;IACtE,wGAAwG;IACxG,MAAM;IAEN,4BAA4B;IAE5B,2BAA2B;IAC3B,oDAAoD;IACpD,2DAA2D;IAC3D,oEAAoE;IAEpE,4BAA4B;IAC5B,uBAAuB;IACvB,uCAAuC;IACvC,sCAAsC;IACtC,0BAA0B;IAC1B,UAAU;IACV,OAAO;IAEP,sEAAsE;IAEtE,oBAAoB;IACpB,0BAA0B;IAC1B,uCAAuC;IACvC,QAAQ;IACR,IAAI;IAIS,AAAN,KAAK,CAAC,MAAM,CAAW,IAAY;QACxC,IAAI,CAAC,IAAI,EAAE;YACT,OAAO,IAAI,SAAE,EAAE,CAAC;SACjB;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,SAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;qBACV;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;CAsFF,CAAA;AA7QY,0CAAe;AAEhB;IADT,IAAA,eAAU,GAAE;8BACY,6BAAa;sDAAC;AAG7B;IADT,IAAA,iCAAiB,EAAC,WAAW,CAAC;8BACP,mBAAY;qDAAC;AAG3B;IADT,IAAA,iCAAiB,EAAC,cAAc,CAAC;8BACP,sBAAe;wDAAC;AAKjC;IAHT,IAAA,sBAAM,EAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAI3B;IAFZ,IAAA,WAAI,GAAE;IACN,IAAA,aAAM,EAAC,2BAAe,CAAC;IACJ,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAAc,+BAAY;;4CAoCnD;AA8GY;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,aAAM,EAAC,wBAAY,CAAC;IACA,WAAA,IAAA,aAAM,GAAE,CAAA;;;;6CAoB5B;0BAvLU,eAAe;IAD3B,IAAA,eAAQ,EAAC,OAAO,CAAC;GACL,eAAe,CA6Q3B"}

package/lib/cjs/controllers/TwoFactorAuthController.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=TwoFactorAuthController.d.ts.map