@steedos/accounts 2.2.52-beta.3 → 2.2.52-beta.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.txt +2 -3
- package/lib/core/index.js +20 -20
- package/lib/core/index.js.map +1 -1
- package/lib/database-mongo/mongo.js +93 -90
- package/lib/database-mongo/mongo.js.map +1 -1
- package/lib/index.js +10 -5
- package/lib/index.js.map +1 -1
- package/lib/mail.js +5 -5
- package/lib/mail.js.map +1 -1
- package/lib/oauth2/stub/oidc-cert.js +1 -1
- package/lib/oauth2/stub/oidc-cert.js.map +1 -1
- package/lib/password/accounts-password.js +54 -41
- package/lib/password/accounts-password.js.map +1 -1
- package/lib/password/index.js +1 -1
- package/lib/password/index.js.map +1 -1
- package/lib/password/utils/encryption.js +3 -3
- package/lib/rest-express/endpoints/authorize.js +2 -2
- package/lib/rest-express/endpoints/get-user.js +2 -2
- package/lib/rest-express/endpoints/impersonate.js +2 -2
- package/lib/rest-express/endpoints/initServer.js +2 -2
- package/lib/rest-express/endpoints/login.js +2 -2
- package/lib/rest-express/endpoints/logout.js +2 -2
- package/lib/rest-express/endpoints/oauth/provider-callback.js +3 -3
- package/lib/rest-express/endpoints/oauth/provider-callback.js.map +1 -1
- package/lib/rest-express/endpoints/password/change-password.js +2 -2
- package/lib/rest-express/endpoints/password/register.js +2 -2
- package/lib/rest-express/endpoints/password/reset.js +4 -4
- package/lib/rest-express/endpoints/password/two-factor.js +6 -6
- package/lib/rest-express/endpoints/password/verify-email.js +6 -6
- package/lib/rest-express/endpoints/password/verify.js +4 -4
- package/lib/rest-express/endpoints/put-user-name.js +2 -2
- package/lib/rest-express/endpoints/refresh-access-token.js +2 -2
- package/lib/rest-express/endpoints/service-authenticate.js +2 -2
- package/lib/rest-express/endpoints/spaces.js +2 -2
- package/lib/rest-express/endpoints/steedos/create-tenant.js +2 -2
- package/lib/rest-express/endpoints/steedos/get-tenant.js +2 -2
- package/lib/rest-express/endpoints/steedos/settings.js +2 -2
- package/lib/rest-express/endpoints/update-session.js +2 -2
- package/lib/rest-express/express-middleware.js +1 -1
- package/lib/rest-express/express-middleware.js.map +1 -1
- package/lib/rest-express/user-loader.js +2 -2
- package/lib/rest-express/utils/steedos-auth.js +2 -2
- package/lib/rest-express/utils/steedos-auth.js.map +1 -1
- package/lib/rest-express/utils/users.js +4 -4
- package/lib/saml-idp/express-middleware.js +10 -10
- package/lib/saml-idp/express-middleware.js.map +1 -1
- package/lib/server/accounts-server.js +56 -30
- package/lib/server/accounts-server.js.map +1 -1
- package/lib/server/utils/email.js +2 -2
- package/lib/types/index.js +14 -14
- package/lib/types/index.js.map +1 -1
- package/package.json +6 -6
- package/src/core/index.ts +2 -2
- package/src/database-mongo/mongo.ts +3 -0
- package/src/index.ts +5 -3
- package/src/mail.ts +3 -3
- package/src/password/accounts-password.ts +17 -5
- package/src/server/accounts-server.ts +26 -3
- package/src/server/types/jwt-data.ts +10 -1
- package/src/types/types/connection-informations.ts +9 -0
|
@@ -593,6 +593,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
593
593
|
let is_phone = connection.is_phone;
|
|
594
594
|
let is_tablet = connection.is_tablet;
|
|
595
595
|
let space = connection.space;
|
|
596
|
+
let provider = connection.provider;
|
|
596
597
|
if (userAgent) {
|
|
597
598
|
const foo = userAgent.split(" Space/");
|
|
598
599
|
if (foo.length > 1) {
|
|
@@ -613,6 +614,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
613
614
|
is_phone,
|
|
614
615
|
is_tablet,
|
|
615
616
|
login_expiration_in_days,
|
|
617
|
+
user_provider: provider
|
|
616
618
|
};
|
|
617
619
|
}
|
|
618
620
|
|
|
@@ -622,6 +624,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
622
624
|
is_phone,
|
|
623
625
|
is_tablet,
|
|
624
626
|
login_expiration_in_days,
|
|
627
|
+
user_provider: provider
|
|
625
628
|
};
|
|
626
629
|
}
|
|
627
630
|
|
package/src/index.ts
CHANGED
|
@@ -2,7 +2,7 @@ import * as express from 'express';
|
|
|
2
2
|
import * as path from 'path';
|
|
3
3
|
import * as mongoose from 'mongoose';
|
|
4
4
|
import * as mongodb from 'mongodb';
|
|
5
|
-
import { AccountsServer } from './server';
|
|
5
|
+
import { AccountsServer, generateRandomToken } from './server';
|
|
6
6
|
import { AccountsPassword } from './password';
|
|
7
7
|
import { errors } from './password/errors';
|
|
8
8
|
import accountsExpress from './rest-express';
|
|
@@ -20,15 +20,17 @@ import oauth2Login from './oauth2/login';
|
|
|
20
20
|
import oauth2Logout from './oauth2/logout';
|
|
21
21
|
import initServer from './rest-express/endpoints/initServer';
|
|
22
22
|
export { hydraAdmin } from './oauth2/config';
|
|
23
|
+
export { setAuthCookies, clearAuthCookies } from './rest-express/utils/steedos-auth';
|
|
24
|
+
export { getMergedTenant } from './core';
|
|
23
25
|
|
|
24
26
|
declare var WebApp;
|
|
25
27
|
|
|
26
28
|
const config = getSteedosConfig();
|
|
27
29
|
|
|
28
30
|
function getAccountsServer() {
|
|
29
|
-
let accountsConfig = config.
|
|
31
|
+
let accountsConfig = config.tenant || {};
|
|
30
32
|
let emailConfig = config.email || {};
|
|
31
|
-
let tokenSecret = accountsConfig.tokenSecret ||
|
|
33
|
+
let tokenSecret = accountsConfig.tokenSecret || generateRandomToken();
|
|
32
34
|
let accessTokenExpiresIn = accountsConfig.accessTokenExpiresIn || "90d";
|
|
33
35
|
let refreshTokenExpiresIn = accountsConfig.refreshTokenExpiresIn || "7d";
|
|
34
36
|
let mailSignname = emailConfig.signname || "华炎魔方";
|
package/src/mail.ts
CHANGED
|
@@ -8,15 +8,15 @@ export const sendMail = async ({from, subject, to, text, html}) => {
|
|
|
8
8
|
|
|
9
9
|
const config = getSteedosConfig().email
|
|
10
10
|
if (!config) {
|
|
11
|
-
console.log("Please set email configs in steedos
|
|
11
|
+
console.log("Please set email configs in steedos.config.js")
|
|
12
12
|
return
|
|
13
13
|
}
|
|
14
14
|
if (!config.from) {
|
|
15
|
-
console.log("Please set email configs in steedos
|
|
15
|
+
console.log("Please set email configs in steedos.config.js")
|
|
16
16
|
return
|
|
17
17
|
}
|
|
18
18
|
if (!config.url && (!config.host || !config.port || !config.username || !config.password)) {
|
|
19
|
-
console.log("Please set email configs in steedos
|
|
19
|
+
console.log("Please set email configs in steedos.config.js")
|
|
20
20
|
return
|
|
21
21
|
}
|
|
22
22
|
|
|
@@ -160,7 +160,14 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
160
160
|
}
|
|
161
161
|
|
|
162
162
|
public async authenticate(params: any): Promise<User> {
|
|
163
|
-
|
|
163
|
+
let { user, password, token, locale } = params;
|
|
164
|
+
|
|
165
|
+
const passwordUnencrypted = params['password-unencrypted'];
|
|
166
|
+
let isHashPassword = true;
|
|
167
|
+
if(passwordUnencrypted && !password ){
|
|
168
|
+
password = passwordUnencrypted;
|
|
169
|
+
isHashPassword = false;
|
|
170
|
+
}
|
|
164
171
|
|
|
165
172
|
if(user && token){
|
|
166
173
|
return await this.codeAuthenticator(user, token, locale);
|
|
@@ -174,7 +181,7 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
174
181
|
throw new Error(this.options.errors.matchFailed);
|
|
175
182
|
}
|
|
176
183
|
|
|
177
|
-
const foundUser = await this.passwordAuthenticator(user, password);
|
|
184
|
+
const foundUser = await this.passwordAuthenticator(user, password, isHashPassword);
|
|
178
185
|
|
|
179
186
|
// // If user activated two factor authentication try with the code
|
|
180
187
|
// if (getUserTwoFactorService(foundUser)) {
|
|
@@ -686,7 +693,8 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
686
693
|
|
|
687
694
|
public async passwordAuthenticator(
|
|
688
695
|
user: string | LoginUserIdentity,
|
|
689
|
-
password: PasswordType
|
|
696
|
+
password: PasswordType,
|
|
697
|
+
isHashPassword = true
|
|
690
698
|
): Promise<User> {
|
|
691
699
|
const { username, email, id, mobile } = isString(user)
|
|
692
700
|
? this.toMobileAndEmail({ user })
|
|
@@ -735,8 +743,12 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
735
743
|
}
|
|
736
744
|
}
|
|
737
745
|
const hashAlgorithm = this.options.passwordHashAlgorithm;
|
|
738
|
-
|
|
739
|
-
|
|
746
|
+
let pass = null;
|
|
747
|
+
if(isHashPassword){
|
|
748
|
+
pass = password;
|
|
749
|
+
}else{
|
|
750
|
+
pass = hashAlgorithm ? hashPassword(password, hashAlgorithm) : password;
|
|
751
|
+
}
|
|
740
752
|
const isPasswordValid = await verifyPassword(pass, hash);
|
|
741
753
|
|
|
742
754
|
if (!isPasswordValid) {
|
|
@@ -28,7 +28,7 @@ import isMobile from "ismobilejs";
|
|
|
28
28
|
|
|
29
29
|
const defaultOptions = {
|
|
30
30
|
ambiguousErrorMessages: true,
|
|
31
|
-
tokenSecret:
|
|
31
|
+
tokenSecret: generateRandomToken(),
|
|
32
32
|
tokenConfigs: {
|
|
33
33
|
accessToken: {
|
|
34
34
|
expiresIn: "90m",
|
|
@@ -96,6 +96,14 @@ export class AccountsServer {
|
|
|
96
96
|
return () => this.hooks.off(eventName, callback);
|
|
97
97
|
}
|
|
98
98
|
|
|
99
|
+
public async getUserProfile(userId, serviceName = 'password'){
|
|
100
|
+
const service = this.services[serviceName];
|
|
101
|
+
if(!service){
|
|
102
|
+
throw new Error(`Service ${serviceName} not found`);
|
|
103
|
+
}
|
|
104
|
+
return await service.getUserProfile(userId);
|
|
105
|
+
}
|
|
106
|
+
|
|
99
107
|
public async loginWithService(
|
|
100
108
|
serviceName: string,
|
|
101
109
|
params: any,
|
|
@@ -203,6 +211,8 @@ export class AccountsServer {
|
|
|
203
211
|
phone_logout_other_clients,
|
|
204
212
|
phone_login_expiration_in_days,
|
|
205
213
|
space,
|
|
214
|
+
provider,
|
|
215
|
+
jwtToken,
|
|
206
216
|
} = infos;
|
|
207
217
|
|
|
208
218
|
let is_phone = false;
|
|
@@ -243,7 +253,7 @@ export class AccountsServer {
|
|
|
243
253
|
//3 清理用户所有session 缓存
|
|
244
254
|
removeUserSessionsCacheByUserId(user.id, is_phone);
|
|
245
255
|
}
|
|
246
|
-
const token = generateRandomToken();
|
|
256
|
+
const token = jwtToken || generateRandomToken();
|
|
247
257
|
const sessionId = await this.db.createSession(user.id, token, {
|
|
248
258
|
ip,
|
|
249
259
|
userAgent,
|
|
@@ -252,11 +262,14 @@ export class AccountsServer {
|
|
|
252
262
|
is_phone,
|
|
253
263
|
is_tablet,
|
|
254
264
|
space,
|
|
265
|
+
provider
|
|
255
266
|
});
|
|
256
267
|
|
|
257
268
|
const { accessToken, refreshToken } = this.createTokens({
|
|
258
269
|
token,
|
|
259
270
|
userId: user.id,
|
|
271
|
+
name: user.name,
|
|
272
|
+
email: user.email
|
|
260
273
|
});
|
|
261
274
|
|
|
262
275
|
return {
|
|
@@ -357,6 +370,8 @@ export class AccountsServer {
|
|
|
357
370
|
token: newSessionId,
|
|
358
371
|
isImpersonated: true,
|
|
359
372
|
userId: user.id,
|
|
373
|
+
name: user.name,
|
|
374
|
+
email: user.email,
|
|
360
375
|
});
|
|
361
376
|
const impersonationResult = {
|
|
362
377
|
authorized: true,
|
|
@@ -426,6 +441,8 @@ export class AccountsServer {
|
|
|
426
441
|
const tokens = this.createTokens({
|
|
427
442
|
token: sessionToken,
|
|
428
443
|
userId: user.id,
|
|
444
|
+
name: user.name,
|
|
445
|
+
email: user.email
|
|
429
446
|
});
|
|
430
447
|
await this.db.updateSession(session.id, { ip, userAgent });
|
|
431
448
|
|
|
@@ -459,16 +476,22 @@ export class AccountsServer {
|
|
|
459
476
|
token,
|
|
460
477
|
isImpersonated = false,
|
|
461
478
|
userId,
|
|
479
|
+
name,
|
|
480
|
+
email
|
|
462
481
|
}: {
|
|
463
482
|
token: string;
|
|
464
483
|
isImpersonated?: boolean;
|
|
465
484
|
userId: string;
|
|
485
|
+
name: string,
|
|
486
|
+
email: string
|
|
466
487
|
}): Tokens {
|
|
467
488
|
const { tokenSecret, tokenConfigs } = this.options;
|
|
468
489
|
const jwtData: JwtData = {
|
|
469
|
-
token,
|
|
490
|
+
// token,
|
|
470
491
|
isImpersonated,
|
|
471
492
|
userId,
|
|
493
|
+
name,
|
|
494
|
+
email
|
|
472
495
|
};
|
|
473
496
|
const accessToken = generateAccessToken({
|
|
474
497
|
data: jwtData,
|
|
@@ -1,5 +1,14 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* @Author: baozhoutao@steedos.com
|
|
3
|
+
* @Date: 2022-03-28 09:35:34
|
|
4
|
+
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
+
* @LastEditTime: 2022-07-01 15:01:17
|
|
6
|
+
* @Description:
|
|
7
|
+
*/
|
|
1
8
|
export interface JwtData {
|
|
2
|
-
token
|
|
9
|
+
token?: string;
|
|
3
10
|
isImpersonated: boolean;
|
|
4
11
|
userId: string;
|
|
12
|
+
name: string,
|
|
13
|
+
email: string,
|
|
5
14
|
}
|
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* @Author: baozhoutao@steedos.com
|
|
3
|
+
* @Date: 2022-03-28 09:35:34
|
|
4
|
+
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
+
* @LastEditTime: 2022-06-29 16:05:04
|
|
6
|
+
* @Description:
|
|
7
|
+
*/
|
|
1
8
|
export interface ConnectionInformations {
|
|
2
9
|
ip?: string;
|
|
3
10
|
userAgent?: string;
|
|
@@ -8,4 +15,6 @@ export interface ConnectionInformations {
|
|
|
8
15
|
login_expiration_in_days?: number;
|
|
9
16
|
phone_logout_other_clients?: boolean;
|
|
10
17
|
phone_login_expiration_in_days?: number;
|
|
18
|
+
provider?: string;
|
|
19
|
+
jwtToken?: string;
|
|
11
20
|
}
|