@spinajs/rbac-http-user 2.0.372 → 2.0.374

package/lib/mjs/controllers/LoginController.js

@@ -22,38 +22,51 @@ let LoginController = class LoginController extends BaseController {
         try {
             const user = await auth(credentials.Email, credentials.Password);
             const session = new UserSession();
+            const coockies = [
+                {
+                    Name: 'ssid',
+                    Value: session.SessionId,
+                    Options: {
+                        signed: true,
+                        httpOnly: true,
+                        // set expiration time in ms
+                        maxAge: this.SessionExpirationTime * 1000,
+                        // any optopnal cookie options
+                        // or override default ones
+                        ...this.SessionCookieConfig
+                    },
+                },
+            ];
             session.Data.set('User', user.Uuid);
-            // TEMP
-            session.Data.set('Authorized', true);
             // set expiration time ( default val in config )
             session.extend();
             await this.SessionProvider.save(session);
-            this._log.trace('User logged in', {
+            if (this.TwoFactorAuthEnabled) {
+                this._log.trace('User logged in, 2fa required', {
+                    Uuid: user.Uuid
+                });
+                session.Data.set('Authorized', false);
+                session.Data.set('TwoFactorAuth', true);
+                return new Ok({
+                    TwoFactorAuthRequired: true,
+                    Authorized: false
+                }, {
+                    Coockies: coockies,
+                });
+            }
+            this._log.trace('User logged in, no 2fa required', {
                 Uuid: user.Uuid
             });
             const grants = this.AC.getGrants();
             const userGrants = user.Role.map(r => _unwindGrants(r, grants));
             const combinedGrants = Object.assign({}, ...userGrants);
             return new Ok({
-                ...user.dehydrate(),
+                ...user.dehydrateWithRelations({
+                    dateTimeFormat: "iso"
+                }),
                 Grants: combinedGrants,
-                Metadata: user.Metadata.map(m => m.dehydrate())
             }, {
-                Coockies: [
-                    {
-                        Name: 'ssid',
-                        Value: session.SessionId,
-                        Options: {
-                            signed: true,
-                            httpOnly: true,
-                            // set expiration time in ms
-                            maxAge: this.SessionExpirationTime * 1000,
-                            // any optopnal cookie options
-                            // or override default ones
-                            ...this.SessionCookieConfig
-                        },
-                    },
-                ],
+                Coockies: coockies
             });
         }
         catch (err) {
@@ -66,94 +79,6 @@ let LoginController = class LoginController extends BaseController {
             });
         }
     }
-    // @Post('new-password')
-    // @Policy(NotLoggedPolicy)
-    // public async setNewPassword(@Query() token: string, @Body() pwd: RestorePasswordDto) {
-    //   const user = await User.query()
-    //     .innerJoin(UserMetadata, function () {
-    //       this.where({
-    //         Key: 'password:reset:token',
-    //         Value: token,
-    //       });
-    //     })
-    //     .populate('Metadata')
-    //     .first();
-    //   if (!user) {
-    //     return new NotFound({
-    //       error: {
-    //         code: 'ERR_USER_NOT_FOUND',
-    //         message: 'No user found for this reset token',
-    //       },
-    //     });
-    //   }
-    //   const val = (await user.Metadata['password:reset:start']) as DateTime;
-    //   const now = DateTime.now().plus({ seconds: -this.PasswordResetTokenTTL });
-    //   if (val < now) {
-    //     return new BadRequest({
-    //       error: {
-    //         code: 'ERR_RESET_TOKEN_EXPIRED',
-    //         message: 'Password reset token expired',
-    //       },
-    //     });
-    //   }
-    //   if (!this.PasswordValidationService.check(pwd.Password)) {
-    //     return new BadRequest({
-    //       error: {
-    //         code: 'ERR_PASSWORD_RULE',
-    //         message: 'Invalid password, does not match password rules',
-    //       },
-    //     });
-    //   }
-    //   if (pwd.Password !== pwd.ConfirmPassword) {
-    //     return new BadRequest({
-    //       error: {
-    //         code: 'ERR_PASSWORD_NOT_MATCH',
-    //         message: 'Password and repeat password does not match',
-    //       },
-    //     });
-    //   }
-    //   const hashedPassword = await this.PasswordProvider.hash(pwd.Password);
-    //   user.Password = hashedPassword;
-    //   await user.update();
-    //   /**
-    //    * Delete all reset related meta for user
-    //    */
-    //   await user.Metadata.delete(/password:reset.*/);
-    //   // add to action list
-    //   await user.Actions.add(
-    //     new UserAction({
-    //       Persistent: true,
-    //       Action: 'password:reset',
-    //     }),
-    //   );
-    //   // inform others
-    //   await this.Queue.emit(new UserPasswordChanged(user.Uuid));
-    // }
-    // @Post('forgot-password')
-    // @Policy(NotLoggedPolicy)
-    // public async forgotPassword(@Body() login: UserLoginDto) {
-    //   const user = await this.AuthProvider.getByEmail(login.Email);
-    //   if (!user.IsActive || user.IsBanned || user.DeletedAt !== null) {
-    //     return new InvalidOperation('User is inactive, banned or deleted. Contact system administrator');
-    //   }
-    //   const token = uuidv4();
-    //   // assign meta to user
-    //   await (user.Metadata['password:reset'] = true);
-    //   await (user.Metadata['password:reset:token'] = token);
-    //   await (user.Metadata['password:reset:start'] = DateTime.now());
-    //   await user.Actions.add(
-    //     new UserAction({
-    //       Action: 'user:password:reset',
-    //       Data: DateTime.now().toISO(),
-    //       Persistent: true,
-    //     }),
-    //   );
-    //   await this.Queue.emit(new UserPasswordRestore(user.Uuid, token));
-    //   return new Ok({
-    //     reset_token: token,
-    //     ttl: this.PasswordResetTokenTTL,
-    //   });
-    // }
     async logout(ssid) {
         if (!ssid) {
             return new Ok();
@@ -199,6 +124,12 @@ __decorate([
     }),
     __metadata("design:type", Number)
 ], LoginController.prototype, "SessionExpirationTime", void 0);
+__decorate([
+    Config('rbac.twoFactorAuth.enabled', {
+        defaultValue: false,
+    }),
+    __metadata("design:type", Boolean)
+], LoginController.prototype, "TwoFactorAuthEnabled", void 0);
 __decorate([
     Config('rbac.session.cookie', {}),
     __metadata("design:type", Object)

package/lib/mjs/controllers/LoginController.js.map

@@ -1 +1 @@
-{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC/G,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAElF,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACzF,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE9B,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,cAAc;IAuBpC,AAAN,KAAK,CAAC,KAAK,CAAS,WAAyB;QAClD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACpC,OAAO;YACP,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YAErC,gDAAgD;YAChD,OAAO,CAAC,MAAM,EAAE,CAAC;YAEjB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE;gBAChC,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;YAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;YAExD,OAAO,IAAI,EAAE,CAAC;gBACZ,GAAG,IAAI,CAAC,SAAS,EAAE;gBACnB,MAAM,EAAE,cAAc;gBACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;aAChD,EAAE;gBACD,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAM;wBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;wBACxB,OAAO,EAAE;4BACP,MAAM,EAAE,IAAI;4BACZ,QAAQ,EAAE,IAAI;4BAEd,4BAA4B;4BAC5B,MAAM,EAAE,IAAI,CAAC,qBAAqB,GAAG,IAAI;4BAEzC,8BAA8B;4BAC9B,2BAA2B;4BAC3B,GAAG,IAAI,CAAC,mBAAmB;yBAC5B;qBACF;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,YAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,2BAA2B;IAC3B,yFAAyF;IACzF,oCAAoC;IACpC,6CAA6C;IAC7C,qBAAqB;IACrB,uCAAuC;IACvC,wBAAwB;IACxB,YAAY;IACZ,SAAS;IACT,4BAA4B;IAC5B,gBAAgB;IAEhB,iBAAiB;IACjB,4BAA4B;IAC5B,iBAAiB;IACjB,sCAAsC;IACtC,yDAAyD;IACzD,WAAW;IACX,UAAU;IACV,MAAM;IAEN,2EAA2E;IAC3E,+EAA+E;IAE/E,qBAAqB;IACrB,8BAA8B;IAC9B,iBAAiB;IACjB,2CAA2C;IAC3C,mDAAmD;IACnD,WAAW;IACX,UAAU;IACV,MAAM;IAEN,+DAA+D;IAC/D,8BAA8B;IAC9B,iBAAiB;IACjB,qCAAqC;IACrC,sEAAsE;IACtE,WAAW;IACX,UAAU;IACV,MAAM;IAEN,gDAAgD;IAChD,8BAA8B;IAC9B,iBAAiB;IACjB,0CAA0C;IAC1C,kEAAkE;IAClE,WAAW;IACX,UAAU;IACV,MAAM;IAEN,2EAA2E;IAC3E,oCAAoC;IAEpC,yBAAyB;IAEzB,QAAQ;IACR,8CAA8C;IAC9C,QAAQ;IACR,oDAAoD;IAEpD,0BAA0B;IAC1B,4BAA4B;IAC5B,uBAAuB;IACvB,0BAA0B;IAC1B,kCAAkC;IAClC,UAAU;IACV,OAAO;IAEP,qBAAqB;IACrB,+DAA+D;IAC/D,IAAI;IAEJ,2BAA2B;IAC3B,2BAA2B;IAC3B,6DAA6D;IAC7D,kEAAkE;IAElE,sEAAsE;IACtE,wGAAwG;IACxG,MAAM;IAEN,4BAA4B;IAE5B,2BAA2B;IAC3B,oDAAoD;IACpD,2DAA2D;IAC3D,oEAAoE;IAEpE,4BAA4B;IAC5B,uBAAuB;IACvB,uCAAuC;IACvC,sCAAsC;IACtC,0BAA0B;IAC1B,UAAU;IACV,OAAO;IAEP,sEAAsE;IAEtE,oBAAoB;IACpB,0BAA0B;IAC1B,uCAAuC;IACvC,QAAQ;IACR,IAAI;IAIS,AAAN,KAAK,CAAC,MAAM,CAAW,IAAY;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,EAAE,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,EAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBAET,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAiB,IAAU;QAE5C,kCAAkC;QAClC,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;CAsFF,CAAA;AA/SW;IADT,UAAU,EAAE;8BACY,aAAa;sDAAC;AAG7B;IADT,iBAAiB,CAAC,WAAW,CAAC;8BACP,YAAY;qDAAC;AAG3B;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACP,eAAe;wDAAC;AAKjC;IAHT,MAAM,CAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAG9B;IADT,MAAM,CAAC,qBAAqB,EAAE,EAAE,CAAC;;4DACC;AAGzB;IADT,UAAU,CAAC,aAAa,CAAC;8BACZ,aAAa;2CAAC;AAIf;IAFZ,IAAI,EAAE;IACN,MAAM,CAAC,eAAe,CAAC;IACJ,WAAA,IAAI,EAAE,CAAA;;qCAAc,YAAY;;4CAsDnD;AA8GY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,MAAM,EAAE,CAAA;;;;6CAwB5B;AAIY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,YAAY,EAAE,CAAA;;qCAAO,IAAI;;6CAI7C;AA3NU,eAAe;IAD3B,QAAQ,CAAC,MAAM,CAAC;GACJ,eAAe,CAiT3B"}
+{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC/G,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAElF,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACzF,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE9B,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,cAAc;IA8BpC,AAAN,KAAK,CAAC,KAAK,CAAS,WAAyB;QAClD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG;gBACf;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;oBACxB,OAAO,EAAE;wBACP,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE,IAAI;wBAEd,4BAA4B;wBAC5B,MAAM,EAAE,IAAI,CAAC,qBAAqB,GAAG,IAAI;wBAEzC,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACpC,gDAAgD;YAChD,OAAO,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAE9B,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,OAAO,IAAI,EAAE,CAAC;oBACZ,qBAAqB,EAAE,IAAI;oBAC3B,UAAU,EAAE,KAAK;iBAClB,EAAE;oBACD,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,iCAAiC,EAAE;gBACjD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;YAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;YAExD,OAAO,IAAI,EAAE,CAAC;gBACZ,GAAG,IAAI,CAAC,sBAAsB,CAAC;oBAC7B,cAAc,EAAE,KAAK;iBACtB,CAAC;gBACF,MAAM,EAAE,cAAc;aACvB,EAAE;gBACD,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,YAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAW,IAAY;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,EAAE,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,EAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBAET,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAiB,IAAU;QAE5C,kCAAkC;QAClC,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;CAsFF,CAAA;AA5NW;IADT,UAAU,EAAE;8BACY,aAAa;sDAAC;AAG7B;IADT,iBAAiB,CAAC,WAAW,CAAC;8BACP,YAAY;qDAAC;AAG3B;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACP,eAAe;wDAAC;AAKjC;IAHT,MAAM,CAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAK9B;IAHT,MAAM,CAAC,4BAA4B,EAAE;QACpC,YAAY,EAAE,KAAK;KACpB,CAAC;;6DACsC;AAK9B;IADT,MAAM,CAAC,qBAAqB,EAAE,EAAE,CAAC;;4DACC;AAGzB;IADT,UAAU,CAAC,aAAa,CAAC;8BACZ,aAAa;2CAAC;AAIf;IAFZ,IAAI,EAAE;IACN,MAAM,CAAC,eAAe,CAAC;IACJ,WAAA,IAAI,EAAE,CAAA;;qCAAc,YAAY;;4CAsEnD;AAIY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,MAAM,EAAE,CAAA;;;;6CAwB5B;AAIY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,YAAY,EAAE,CAAA;;qCAAO,IAAI;;6CAI7C;AAxIU,eAAe;IAD3B,QAAQ,CAAC,MAAM,CAAC;GACJ,eAAe,CA8N3B"}

package/lib/mjs/controllers/TwoFactorAuthController.d.ts

@@ -1,2 +1,10 @@
-export {};
+import { TokenDto } from './../dto/token-dto.js';
+import { BaseController, Ok, Unauthorized } from '@spinajs/http';
+import { ISession, SessionProvider, User as UserModel } from '@spinajs/rbac';
+import { QueueService } from '@spinajs/queue';
+export declare class TwoFactorAuthController extends BaseController {
+    protected Queue: QueueService;
+    protected SessionProvider: SessionProvider;
+    verifyToken(logged: UserModel, token: TokenDto, session: ISession): Promise<Ok | Unauthorized>;
+}
 //# sourceMappingURL=TwoFactorAuthController.d.ts.map

package/lib/mjs/controllers/TwoFactorAuthController.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":""}
+{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAY,EAAE,EAAQ,YAAY,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,IAAI,SAAS,EAAyC,MAAM,eAAe,CAAC;AAOpH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAK9C,qBAEa,uBAAwB,SAAQ,cAAc;IAEvD,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC;IAG9B,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAG9B,WAAW,CAAS,MAAM,EAAE,SAAS,EAAU,KAAK,EAAE,QAAQ,EAAa,OAAO,EAAE,QAAQ;CAuC5G"}

package/lib/mjs/controllers/TwoFactorAuthController.js

@@ -1,58 +1,79 @@
-// import { TokenDto } from './../dto/token-dto.js';
-// import { BaseController, BasePath, Cookie, Ok, Post, Unauthorized } from '@spinajs/http';
-// import { ISession, SessionProvider, User as UserModel, _user_ev, _user_update} from '@spinajs/rbac';
-// import { Session } from "@spinajs/rbac-http";
-// import { Body, Policy } from '@spinajs/http';
-// import _ from 'lodash';
-// import { User } from '../decorators.js';
-// import { TwoFacRouteEnabled } from '../policies/2FaPolicy.js';
-// import { AutoinjectService, _service } from '@spinajs/configuration';
-// import { TwoFactorAuthProvider } from '../interfaces.js';
-// import { DateTime } from 'luxon';
-// import { UserLoginSuccess } from '../events/UserLoginSuccess.js';
-// import { Autoinject } from '@spinajs/di';
-// import { QueueService } from '@spinajs/queue';
-// import { _chain, _check_arg, _non_empty, _non_null, _tap, _trim, _use } from '@spinajs/util';
-// import { User2FaPassed } from '../events/User2FaPassed.js';
-export {};
-// export async function auth2Fa(user: User, token: string) {
-//   user = _check_arg(_non_null())(user, 'user');
-//   token = _check_arg(_trim(), _non_empty)(token, 'token');
-//   return _chain(
-//     _use(_service<TwoFactorAuthProvider>('rbac.twoFactorAuth'), 'twoFa'),
-//     _tap(async ({ twoFa }: { twoFa: TwoFactorAuthProvider }) => {
-//       await twoFa.verifyToken(token, user);
-//     }),
-//     _user_update({
-//       LastLoginAt: DateTime.now()
-//     }),
-//     _user_ev(User2FaPassed)
-//   );
-// }
-// @BasePath('user/auth')
-// @Policy(TwoFacRouteEnabled)
-// export class TwoFactorAuthController extends BaseController {
-//   @Autoinject(QueueService)
-//   protected Queue: QueueService;
-//   @AutoinjectService('rbac.session')
-//   protected SessionProvider: SessionProvider;
-//   @AutoinjectService('rbac.twoFactorAuth')
-//   protected TwoFactorAuthProvider: TwoFactorAuthProvider;
-//   @Post('2fa/verify')
-//   public async verifyToken(@User() logged: UserModel, @Body() token: TokenDto, @Session() session : ISession) {
-//     const result = await this.TwoFactorAuthProvider.verifyToken(token.Token, logged);
-//     if (result) {
-//       return new Unauthorized(`invalid token`);
-//     }
-//     logged.LastLoginAt = DateTime.now();
-//     await logged.update();
-//     await this.Queue.emit(new UserLoginSuccess(logged.Uuid));
-//     await this.SessionProvider.save(ssid, {
-//       Authorized: true,
-//       TwoFactorAuth_check: true,
-//     });
-//     // return user data
-//     return new Ok(logged.dehydrate());
-//   }
-// }
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { TokenDto } from './../dto/token-dto.js';
+import { BaseController, BasePath, Ok, Post, Unauthorized } from '@spinajs/http';
+import { SessionProvider, User as UserModel, _unwindGrants } from '@spinajs/rbac';
+import { Session } from "@spinajs/rbac-http";
+import { Body, Policy } from '@spinajs/http';
+import { TwoFacRouteEnabled } from '../policies/2FaPolicy.js';
+import { AutoinjectService } from '@spinajs/configuration';
+import { Autoinject } from '@spinajs/di';
+import { QueueService } from '@spinajs/queue';
+import { User } from "@spinajs/rbac-http";
+import { auth2Fa } from "./../actions/2fa.js";
+let TwoFactorAuthController = class TwoFactorAuthController extends BaseController {
+    async verifyToken(logged, token, session) {
+        try {
+            await auth2Fa(logged, token.Token);
+            // 2fa complete, mark as authorized
+            // fron now on user is considered authorized
+            session.Data.set('Authorized', true);
+            session.Data.delete('TwoFactorAuth');
+            await this.SessionProvider.save(session);
+            this._log.trace('User logged in, 2fa authorized', {
+                Uuid: logged.Uuid
+            });
+            const grants = this.AC.getGrants();
+            const userGrants = logged.Role.map(r => _unwindGrants(r, grants));
+            const combinedGrants = Object.assign({}, ...userGrants);
+            return new Ok({
+                ...logged.dehydrateWithRelations({
+                    dateTimeFormat: "iso"
+                }),
+                Grants: combinedGrants,
+            });
+        }
+        catch (err) {
+            this._log.error(err);
+            return new Unauthorized({
+                error: {
+                    code: 'E_2FA_FAILED',
+                    message: '2fa check failed',
+                },
+            });
+        }
+    }
+};
+__decorate([
+    Autoinject(QueueService),
+    __metadata("design:type", QueueService)
+], TwoFactorAuthController.prototype, "Queue", void 0);
+__decorate([
+    AutoinjectService('rbac.session'),
+    __metadata("design:type", SessionProvider)
+], TwoFactorAuthController.prototype, "SessionProvider", void 0);
+__decorate([
+    Post('2fa/verify'),
+    __param(0, User()),
+    __param(1, Body()),
+    __param(2, Session()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [UserModel, TokenDto, Object]),
+    __metadata("design:returntype", Promise)
+], TwoFactorAuthController.prototype, "verifyToken", null);
+TwoFactorAuthController = __decorate([
+    BasePath('user/auth'),
+    Policy(TwoFacRouteEnabled)
+], TwoFactorAuthController);
+export { TwoFactorAuthController };
 //# sourceMappingURL=TwoFactorAuthController.js.map

package/lib/mjs/controllers/TwoFactorAuthController.js.map

@@ -1 +1 @@
-{"version":3,"file":"TwoFactorAuthController.js","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,4FAA4F;AAC5F,uGAAuG;AACvG,gDAAgD;AAChD,gDAAgD;AAChD,0BAA0B;AAC1B,2CAA2C;AAC3C,iEAAiE;AACjE,wEAAwE;AACxE,4DAA4D;AAC5D,oCAAoC;AACpC,oEAAoE;AACpE,4CAA4C;AAC5C,iDAAiD;AACjD,gGAAgG;AAChG,8DAA8D;;AAE9D,6DAA6D;AAC7D,kDAAkD;AAClD,6DAA6D;AAE7D,mBAAmB;AACnB,4EAA4E;AAC5E,oEAAoE;AACpE,8CAA8C;AAC9C,UAAU;AACV,qBAAqB;AACrB,oCAAoC;AACpC,UAAU;AACV,8BAA8B;AAC9B,OAAO;AACP,IAAI;AAEJ,yBAAyB;AACzB,8BAA8B;AAC9B,gEAAgE;AAChE,8BAA8B;AAC9B,mCAAmC;AAEnC,uCAAuC;AACvC,gDAAgD;AAEhD,6CAA6C;AAC7C,4DAA4D;AAE5D,wBAAwB;AACxB,kHAAkH;AAClH,wFAAwF;AAExF,oBAAoB;AACpB,kDAAkD;AAClD,QAAQ;AAER,2CAA2C;AAC3C,6BAA6B;AAE7B,gEAAgE;AAEhE,8CAA8C;AAC9C,0BAA0B;AAC1B,mCAAmC;AACnC,UAAU;AAEV,0BAA0B;AAC1B,yCAAyC;AACzC,MAAM;AACN,IAAI"}
+{"version":3,"file":"TwoFactorAuthController.js","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAY,eAAe,EAAE,IAAI,IAAI,SAAS,EAA0B,aAAa,EAAE,MAAM,eAAe,CAAC;AACpH,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAE7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAY,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAIvC,IAAM,uBAAuB,GAA7B,MAAM,uBAAwB,SAAQ,cAAc;IAQ1C,AAAN,KAAK,CAAC,WAAW,CAAS,MAAiB,EAAU,KAAe,EAAa,OAAiB;QAErG,IAAI,CAAC;YACD,MAAM,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAEnC,mCAAmC;YACnC,4CAA4C;YAC5C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YACrC,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gCAAgC,EAAE;gBAC9C,IAAI,EAAE,MAAM,CAAC,IAAI;aACpB,CAAC,CAAC;YAGH,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;YAClE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;YAGxD,OAAO,IAAI,EAAE,CAAC;gBACV,GAAG,MAAM,CAAC,sBAAsB,CAAC;oBAC7B,cAAc,EAAE,KAAK;iBACxB,CAAC;gBACF,MAAM,EAAE,cAAc;aACzB,CAAC,CAAC;QACP,CAAC;QACD,OAAO,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,YAAY,CAAC;gBACpB,KAAK,EAAE;oBACH,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,kBAAkB;iBAC9B;aACJ,CAAC,CAAC;QACP,CAAC;IACL,CAAC;CACJ,CAAA;AA7Ca;IADT,UAAU,CAAC,YAAY,CAAC;8BACR,YAAY;sDAAC;AAGpB;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACP,eAAe;gEAAC;AAG9B;IADZ,IAAI,CAAC,YAAY,CAAC;IACO,WAAA,IAAI,EAAE,CAAA;IAAqB,WAAA,IAAI,EAAE,CAAA;IAAmB,WAAA,OAAO,EAAE,CAAA;;qCAA9C,SAAS,EAAiB,QAAQ;;0DAsC1E;AA9CQ,uBAAuB;IAFnC,QAAQ,CAAC,WAAW,CAAC;IACrB,MAAM,CAAC,kBAAkB,CAAC;GACd,uBAAuB,CA+CnC"}

package/lib/mjs/policies/2FaPolicy.d.ts

@@ -1,8 +1,8 @@
-import { BasePolicy } from '@spinajs/http';
+import { BasePolicy, Request as sRequest } from '@spinajs/http';
 import { TwoFactorAuthConfig } from '@spinajs/rbac-http';
 export declare class TwoFacRouteEnabled extends BasePolicy {
     protected TwoFactorConfig: TwoFactorAuthConfig;
     isEnabled(): boolean;
-    execute(): Promise<void>;
+    execute(req: sRequest): Promise<void>;
 }
 //# sourceMappingURL=2FaPolicy.d.ts.map

package/lib/mjs/policies/2FaPolicy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"2FaPolicy.d.ts","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,qBAAa,kBAAmB,SAAQ,UAAU;IAEhD,SAAS,CAAC,eAAe,EAAE,mBAAmB,CAAC;IAExC,SAAS,IAAI,OAAO;IAGpB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAOhC"}
+{"version":3,"file":"2FaPolicy.d.ts","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGzD,qBAAa,kBAAmB,SAAQ,UAAU;IAEhD,SAAS,CAAC,eAAe,EAAE,mBAAmB,CAAC;IAExC,SAAS,IAAI,OAAO;IAGpB,OAAO,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;CAe7C"}

package/lib/mjs/policies/2FaPolicy.js

@@ -10,14 +10,21 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 import { InvalidOperation } from '@spinajs/exceptions';
 import { Config } from '@spinajs/configuration';
 import { BasePolicy } from '@spinajs/http';
+import { AuthenticationFailed } from '@spinajs/exceptions';
 export class TwoFacRouteEnabled extends BasePolicy {
     isEnabled() {
         return true;
     }
-    execute() {
+    execute(req) {
         if (this.TwoFactorConfig.enabled === false) {
             throw new InvalidOperation('2 factor auth is not enabled');
         }
+        /**
+         * Check only if user passed login page and waiting for TwoFactorAuth
+         */
+        if (!req.storage || !req.storage.User || !req.storage.Session?.Data.get('TwoFactorAuth')) {
+            throw new AuthenticationFailed('user not logged');
+        }
         return Promise.resolve();
     }
 }

package/lib/mjs/policies/2FaPolicy.js.map

@@ -1 +1 @@
-{"version":3,"file":"2FaPolicy.js","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAG3C,MAAM,OAAO,kBAAmB,SAAQ,UAAU;IAIzC,SAAS;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACM,OAAO;QACZ,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC3C,MAAM,IAAI,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AAZW;IADT,MAAM,CAAC,oBAAoB,CAAC;;2DACkB"}
+{"version":3,"file":"2FaPolicy.js","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAuB,MAAM,eAAe,CAAC;AAEhE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE3D,MAAM,OAAO,kBAAmB,SAAQ,UAAU;IAIzC,SAAS;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACM,OAAO,CAAC,GAAa;QAC1B,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC3C,MAAM,IAAI,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;QAC7D,CAAC;QAED;;WAEG;QACH,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;YACzF,MAAM,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;QACpD,CAAC;QAGD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AApBW;IADT,MAAM,CAAC,oBAAoB,CAAC;;2DACkB"}