@stamhoofd/backend 2.68.0 → 2.70.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/package.json +10 -10
  2. package/src/endpoints/auth/CreateTokenEndpoint.ts +16 -3
  3. package/src/endpoints/auth/PatchUserEndpoint.ts +1 -1
  4. package/src/endpoints/auth/SignupEndpoint.ts +14 -2
  5. package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts +28 -2
  6. package/src/helpers/AdminPermissionChecker.ts +3 -0
  7. package/src/helpers/OpenIDConnectHelper.ts +4 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@stamhoofd/backend",
3
- "version": "2.68.0",
3
+ "version": "2.70.0",
4
4
  "main": "./dist/index.js",
5
5
  "exports": {
6
6
  ".": {
@@ -37,14 +37,14 @@
37
37
  "@simonbackx/simple-encoding": "2.19.0",
38
38
  "@simonbackx/simple-endpoints": "1.15.0",
39
39
  "@simonbackx/simple-logging": "^1.0.1",
40
- "@stamhoofd/backend-i18n": "2.68.0",
41
- "@stamhoofd/backend-middleware": "2.68.0",
42
- "@stamhoofd/email": "2.68.0",
43
- "@stamhoofd/models": "2.68.0",
44
- "@stamhoofd/queues": "2.68.0",
45
- "@stamhoofd/sql": "2.68.0",
46
- "@stamhoofd/structures": "2.68.0",
47
- "@stamhoofd/utility": "2.68.0",
40
+ "@stamhoofd/backend-i18n": "2.70.0",
41
+ "@stamhoofd/backend-middleware": "2.70.0",
42
+ "@stamhoofd/email": "2.70.0",
43
+ "@stamhoofd/models": "2.70.0",
44
+ "@stamhoofd/queues": "2.70.0",
45
+ "@stamhoofd/sql": "2.70.0",
46
+ "@stamhoofd/structures": "2.70.0",
47
+ "@stamhoofd/utility": "2.70.0",
48
48
  "archiver": "^7.0.1",
49
49
  "aws-sdk": "^2.885.0",
50
50
  "axios": "1.6.8",
@@ -64,5 +64,5 @@
64
64
  "publishConfig": {
65
65
  "access": "public"
66
66
  },
67
- "gitHead": "6356e14541b66873ca0d2ccd4b660825ac39a7fd"
67
+ "gitHead": "5c6f4bbab24bf118b45da350bdaf3c62756909ad"
68
68
  }
package/src/endpoints/auth/CreateTokenEndpoint.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
2
2
  import { SimpleError } from '@simonbackx/simple-errors';
3
- import { EmailVerificationCode, PasswordToken, Token, User } from '@stamhoofd/models';
4
- import { ChallengeGrantStruct, CreateTokenStruct, PasswordGrantStruct, PasswordTokenGrantStruct, RefreshTokenGrantStruct, RequestChallengeGrantStruct, SignupResponse, Token as TokenStruct } from '@stamhoofd/structures';
3
+ import { EmailVerificationCode, PasswordToken, Platform, Token, User } from '@stamhoofd/models';
4
+ import { ChallengeGrantStruct, CreateTokenStruct, LoginMethod, PasswordGrantStruct, PasswordTokenGrantStruct, RefreshTokenGrantStruct, RequestChallengeGrantStruct, SignupResponse, Token as TokenStruct } from '@stamhoofd/structures';
5
5
 
6
6
  import { Context } from '../../helpers/Context';
7
7
 
@@ -81,8 +81,21 @@ export class CreateTokenEndpoint extends Endpoint<Params, Query, Body, ResponseB
81
81
  }
82
82
 
83
83
  case 'password': {
84
- // Increase timout for legacy
84
+ // Increase timout for legacy
85
85
  request.request.request?.setTimeout(30 * 1000);
86
+
87
+ if (STAMHOOFD.userMode === 'platform') {
88
+ const platform = await Platform.getShared();
89
+ if (!platform.config.loginMethods.includes(LoginMethod.Password)) {
90
+ throw new SimpleError({
91
+ code: 'not_supported',
92
+ message: 'This platform does not support password login',
93
+ human: 'Dit platform ondersteunt geen wachtwoord login',
94
+ statusCode: 400,
95
+ });
96
+ }
97
+ }
98
+
86
99
  const user = await User.login(organization?.id ?? null, request.body.username, request.body.password);
87
100
 
88
101
  const errBody = {
package/src/endpoints/auth/PatchUserEndpoint.ts CHANGED
@@ -109,7 +109,7 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
109
109
  }
110
110
  }
111
111
 
112
- if (editUser.id == user.id && request.body.password) {
112
+ if (editUser.id === user.id && request.body.password) {
113
113
  // password changes
114
114
  await editUser.changePassword(request.body.password);
115
115
  await PasswordToken.clearFor(editUser.id);
package/src/endpoints/auth/SignupEndpoint.ts CHANGED
@@ -1,8 +1,8 @@
1
1
  import { Decoder } from '@simonbackx/simple-encoding';
2
2
  import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
3
3
  import { SimpleError } from '@simonbackx/simple-errors';
4
- import { EmailVerificationCode, PasswordToken, sendEmailTemplate, User } from '@stamhoofd/models';
5
- import { EmailTemplateType, NewUser, Recipient, Replacement, SignupResponse } from '@stamhoofd/structures';
4
+ import { EmailVerificationCode, PasswordToken, Platform, sendEmailTemplate, User } from '@stamhoofd/models';
5
+ import { EmailTemplateType, LoginMethod, NewUser, Recipient, Replacement, SignupResponse } from '@stamhoofd/structures';
6
6
 
7
7
  import { Context } from '../../helpers/Context';
8
8
 
@@ -30,6 +30,18 @@ export class SignupEndpoint extends Endpoint<Params, Query, Body, ResponseBody>
30
30
  async handle(request: DecodedRequest<Params, Query, Body>) {
31
31
  const organization = await Context.setUserOrganizationScope();
32
32
 
33
+ if (STAMHOOFD.userMode === 'platform') {
34
+ const platform = await Platform.getShared();
35
+ if (!platform.config.loginMethods.includes(LoginMethod.Password)) {
36
+ throw new SimpleError({
37
+ code: 'not_supported',
38
+ message: 'This platform does not support password login',
39
+ human: 'Dit platform ondersteunt geen wachtwoord login',
40
+ statusCode: 400,
41
+ });
42
+ }
43
+ }
44
+
33
45
  const u = await User.getForRegister(organization?.id ?? null, request.body.email);
34
46
 
35
47
  // Don't optimize. Always run two queries atm.
package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts CHANGED
@@ -13,9 +13,9 @@ import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructure
13
13
  import { Context } from '../../../helpers/Context';
14
14
  import { MembershipCharger } from '../../../helpers/MembershipCharger';
15
15
  import { MemberUserSyncer } from '../../../helpers/MemberUserSyncer';
16
+ import { SetupStepUpdater } from '../../../helpers/SetupStepUpdater';
16
17
  import { PlatformMembershipService } from '../../../services/PlatformMembershipService';
17
18
  import { RegistrationService } from '../../../services/RegistrationService';
18
- import { SetupStepUpdater } from '../../../helpers/SetupStepUpdater';
19
19
 
20
20
  type Params = Record<string, never>;
21
21
  type Query = undefined;
@@ -446,7 +446,11 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
446
446
  throw Context.auth.error('Je hebt niet voldoende rechten om deze aansluiting toe te voegen');
447
447
  }
448
448
 
449
- if (!platform.config.membershipTypes.find(t => t.id === put.membershipTypeId)) {
449
+ const putForOrganization = await Context.auth.getOrganization(put.organizationId);
450
+
451
+ const membershipType = platform.config.membershipTypes.find(t => t.id === put.membershipTypeId);
452
+
453
+ if (!membershipType) {
450
454
  throw new SimpleError({
451
455
  code: 'invalid_field',
452
456
  field: 'membershipTypeId',
@@ -455,6 +459,28 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
455
459
  });
456
460
  }
457
461
 
462
+ const organizationTags = putForOrganization.meta.tags ?? [];
463
+ const memberDefaultAgeGroupIds: string[] = [];
464
+
465
+ for (const r of member.registrations) {
466
+ if (r.periodId !== put.periodId || r.deactivatedAt !== null || r.registeredAt === null || r.group.defaultAgeGroupId === null) {
467
+ continue;
468
+ }
469
+
470
+ memberDefaultAgeGroupIds.push(r.group.defaultAgeGroupId);
471
+ }
472
+
473
+ const isEnabled = membershipType.isEnabled(organizationTags, memberDefaultAgeGroupIds);
474
+
475
+ if (!isEnabled) {
476
+ throw new SimpleError({
477
+ code: 'invalid_field',
478
+ field: 'membershipTypeId',
479
+ message: 'Invalid membership type',
480
+ human: 'Dit aansluitingstype is niet toegestaan voor dit lid',
481
+ });
482
+ }
483
+
458
484
  // Check duplicate memberships
459
485
  const existing = await MemberPlatformMembership.select()
460
486
  .where('memberId', member.id)
package/src/helpers/AdminPermissionChecker.ts CHANGED
@@ -556,6 +556,9 @@ export class AdminPermissionChecker {
556
556
  }
557
557
 
558
558
  async canEditUserEmail(user: User) {
559
+ if (user.meta?.loginProviderIds?.size) {
560
+ return false;
561
+ }
559
562
  return this.canEditUserName(user);
560
563
  }
561
564
 
package/src/helpers/OpenIDConnectHelper.ts CHANGED
@@ -41,6 +41,9 @@ export class OpenIDConnectHelper {
41
41
  }
42
42
 
43
43
  get redirectUri() {
44
+ if (this.configuration.redirectUri) {
45
+ return this.configuration.redirectUri;
46
+ }
44
47
  // todo: we might need a special url for the app here
45
48
 
46
49
  if (!this.organization) {
@@ -78,7 +81,7 @@ export class OpenIDConnectHelper {
78
81
  // Store
79
82
  CookieHelper.setCookie(response, 'oid_session_id', sessionId, {
80
83
  httpOnly: true,
81
- secure: true,
84
+ secure: STAMHOOFD.environment !== 'development',
82
85
  expires: data.expires,
83
86
  });
84
87
  }