@steedos/accounts 2.2.52-beta.5 → 2.2.52-beta.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.txt +2 -5
- package/lib/core/index.js +22 -22
- package/lib/core/index.js.map +1 -1
- package/lib/database-mongo/mongo.js +105 -102
- package/lib/database-mongo/mongo.js.map +1 -1
- package/lib/index.js +10 -20
- package/lib/index.js.map +1 -1
- package/lib/mail.js +5 -5
- package/lib/mail.js.map +1 -1
- package/lib/password/accounts-password.js +54 -41
- package/lib/password/accounts-password.js.map +1 -1
- package/lib/password/index.js +1 -1
- package/lib/password/index.js.map +1 -1
- package/lib/password/utils/encryption.js +3 -3
- package/lib/rest-express/endpoints/authorize.js +2 -2
- package/lib/rest-express/endpoints/get-user.js +2 -2
- package/lib/rest-express/endpoints/impersonate.js +2 -2
- package/lib/rest-express/endpoints/initServer.js +2 -2
- package/lib/rest-express/endpoints/login.js +2 -2
- package/lib/rest-express/endpoints/logout.js +2 -2
- package/lib/rest-express/endpoints/oauth/provider-callback.js +3 -3
- package/lib/rest-express/endpoints/oauth/provider-callback.js.map +1 -1
- package/lib/rest-express/endpoints/password/change-password.js +2 -2
- package/lib/rest-express/endpoints/password/register.js +2 -2
- package/lib/rest-express/endpoints/password/reset.js +4 -4
- package/lib/rest-express/endpoints/password/two-factor.js +6 -6
- package/lib/rest-express/endpoints/password/verify-email.js +6 -6
- package/lib/rest-express/endpoints/password/verify.js +4 -4
- package/lib/rest-express/endpoints/put-user-name.js +2 -2
- package/lib/rest-express/endpoints/refresh-access-token.js +2 -2
- package/lib/rest-express/endpoints/service-authenticate.js +2 -2
- package/lib/rest-express/endpoints/spaces.js +2 -2
- package/lib/rest-express/endpoints/steedos/create-tenant.js +2 -2
- package/lib/rest-express/endpoints/steedos/get-tenant.js +2 -2
- package/lib/rest-express/endpoints/steedos/settings.js +2 -2
- package/lib/rest-express/endpoints/update-session.js +2 -2
- package/lib/rest-express/express-middleware.js +1 -1
- package/lib/rest-express/express-middleware.js.map +1 -1
- package/lib/rest-express/user-loader.js +2 -2
- package/lib/rest-express/utils/steedos-auth.js +2 -2
- package/lib/rest-express/utils/steedos-auth.js.map +1 -1
- package/lib/rest-express/utils/users.js +4 -4
- package/lib/server/accounts-server.js +56 -30
- package/lib/server/accounts-server.js.map +1 -1
- package/lib/server/utils/email.js +2 -2
- package/lib/types/index.js +14 -14
- package/lib/types/index.js.map +1 -1
- package/package.json +14 -20
- package/src/core/index.ts +4 -4
- package/src/database-mongo/mongo.ts +29 -26
- package/src/index.ts +6 -16
- package/src/mail.ts +3 -3
- package/src/password/accounts-password.ts +17 -5
- package/src/server/accounts-server.ts +26 -3
- package/src/server/types/jwt-data.ts +10 -1
- package/src/types/types/connection-informations.ts +9 -0
- package/lib/oauth2/client.js +0 -1
- package/lib/oauth2/client.js.map +0 -1
- package/lib/oauth2/config.js +0 -14
- package/lib/oauth2/config.js.map +0 -1
- package/lib/oauth2/consent.js +0 -192
- package/lib/oauth2/consent.js.map +0 -1
- package/lib/oauth2/login.js +0 -166
- package/lib/oauth2/login.js.map +0 -1
- package/lib/oauth2/logout.js +0 -60
- package/lib/oauth2/logout.js.map +0 -1
- package/lib/oauth2/stub/oidc-cert.js +0 -67
- package/lib/oauth2/stub/oidc-cert.js.map +0 -1
- package/lib/saml-idp/config.js +0 -82
- package/lib/saml-idp/config.js.map +0 -1
- package/lib/saml-idp/connectedApps.js +0 -20
- package/lib/saml-idp/connectedApps.js.map +0 -1
- package/lib/saml-idp/express-middleware.js +0 -684
- package/lib/saml-idp/express-middleware.js.map +0 -1
- package/lib/saml-idp/index.js +0 -13
- package/lib/saml-idp/index.js.map +0 -1
- package/lib/saml-idp/simpleProfileMapper.js +0 -75
- package/lib/saml-idp/simpleProfileMapper.js.map +0 -1
- package/src/oauth2/client.ts +0 -0
- package/src/oauth2/config.ts +0 -15
- package/src/oauth2/consent.ts +0 -208
- package/src/oauth2/login.ts +0 -179
- package/src/oauth2/logout.ts +0 -66
- package/src/oauth2/stub/oidc-cert.ts +0 -86
- package/src/saml-idp/config.js +0 -85
- package/src/saml-idp/connectedApps.ts +0 -16
- package/src/saml-idp/express-middleware.js +0 -811
- package/src/saml-idp/index.ts +0 -14
- package/src/saml-idp/simpleProfileMapper.js +0 -82
- package/src/saml-idp/views/error.hbs +0 -11
- package/src/saml-idp/views/layout.hbs +0 -72
- package/src/saml-idp/views/samlresponse.hbs +0 -20
- package/src/saml-idp/views/settings.hbs +0 -175
- package/src/saml-idp/views/user.hbs +0 -261
- package/views/oauth2/consent.pug +0 -141
|
@@ -7,7 +7,7 @@ import {
|
|
|
7
7
|
User,
|
|
8
8
|
} from '../types';
|
|
9
9
|
import { get, merge, trim, map } from 'lodash';
|
|
10
|
-
import { Collection, Db,
|
|
10
|
+
import { Collection, Db, ObjectId } from 'mongodb';
|
|
11
11
|
|
|
12
12
|
import { AccountsMongoOptions, MongoUser } from './types';
|
|
13
13
|
import { getSessionByUserId, hashStampedToken } from '@steedos/auth';
|
|
@@ -17,9 +17,9 @@ import { getDataSource } from '@steedos/objectql';
|
|
|
17
17
|
|
|
18
18
|
const moment = require("moment");
|
|
19
19
|
|
|
20
|
-
const toMongoID = (objectId: string |
|
|
20
|
+
const toMongoID = (objectId: string | ObjectId) => {
|
|
21
21
|
if (typeof objectId === "string") {
|
|
22
|
-
return new
|
|
22
|
+
return new ObjectId(objectId);
|
|
23
23
|
}
|
|
24
24
|
return objectId;
|
|
25
25
|
};
|
|
@@ -164,15 +164,15 @@ export class Mongo implements DatabaseInterface {
|
|
|
164
164
|
}
|
|
165
165
|
|
|
166
166
|
user.steedos_id = user._id;
|
|
167
|
-
const ret = await this.collection.insertOne(user);
|
|
168
|
-
return
|
|
167
|
+
const ret = await this.collection.insertOne(user as any);
|
|
168
|
+
return user._id as string;
|
|
169
169
|
}
|
|
170
170
|
|
|
171
171
|
public async findUserById(userId: string): Promise<User | null> {
|
|
172
172
|
const id = this.options.convertUserIdToMongoObjectId
|
|
173
173
|
? toMongoID(userId)
|
|
174
174
|
: userId;
|
|
175
|
-
const user = await this.collection.findOne({ _id: id });
|
|
175
|
+
const user:any = await this.collection.findOne({ _id: id });
|
|
176
176
|
if (user) {
|
|
177
177
|
user.id = user._id.toString();
|
|
178
178
|
}
|
|
@@ -180,7 +180,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
180
180
|
}
|
|
181
181
|
|
|
182
182
|
public async findUserByEmail(email: string): Promise<User | null> {
|
|
183
|
-
const user = await this.collection.findOne({
|
|
183
|
+
const user:any = await this.collection.findOne({
|
|
184
184
|
email: email.toLowerCase(),
|
|
185
185
|
});
|
|
186
186
|
if (user) {
|
|
@@ -197,7 +197,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
197
197
|
if (encryptedMobile) {
|
|
198
198
|
selector.mobile = encryptedMobile;
|
|
199
199
|
}
|
|
200
|
-
const user = await this.collection.findOne(selector);
|
|
200
|
+
const user:any = await this.collection.findOne(selector);
|
|
201
201
|
if (user) {
|
|
202
202
|
user.id = user._id.toString();
|
|
203
203
|
}
|
|
@@ -210,7 +210,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
210
210
|
: {
|
|
211
211
|
$where: `obj.username && (obj.username.toLowerCase() === "${username.toLowerCase()}")`,
|
|
212
212
|
};
|
|
213
|
-
const user = await this.collection.findOne(filter);
|
|
213
|
+
const user:any = await this.collection.findOne(filter);
|
|
214
214
|
if (user) {
|
|
215
215
|
user.id = user._id.toString();
|
|
216
216
|
}
|
|
@@ -228,7 +228,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
228
228
|
public async findUserByEmailVerificationToken(
|
|
229
229
|
token: string
|
|
230
230
|
): Promise<User | null> {
|
|
231
|
-
const user = await this.collection.findOne({
|
|
231
|
+
const user:any = await this.collection.findOne({
|
|
232
232
|
"services.email.verificationTokens.token": token,
|
|
233
233
|
});
|
|
234
234
|
if (user) {
|
|
@@ -240,7 +240,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
240
240
|
public async findUserByResetPasswordToken(
|
|
241
241
|
token: string
|
|
242
242
|
): Promise<User | null> {
|
|
243
|
-
const user = await this.collection.findOne({
|
|
243
|
+
const user:any = await this.collection.findOne({
|
|
244
244
|
"services.password.reset.token": token,
|
|
245
245
|
});
|
|
246
246
|
if (user) {
|
|
@@ -253,7 +253,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
253
253
|
serviceName: string,
|
|
254
254
|
serviceId: string
|
|
255
255
|
): Promise<User | null> {
|
|
256
|
-
const user = await this.collection.findOne({
|
|
256
|
+
const user:any = await this.collection.findOne({
|
|
257
257
|
[`services.${serviceName}.id`]: serviceId,
|
|
258
258
|
});
|
|
259
259
|
if (user) {
|
|
@@ -299,7 +299,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
299
299
|
},
|
|
300
300
|
}
|
|
301
301
|
);
|
|
302
|
-
if (ret.
|
|
302
|
+
if (ret.matchedCount === 0) {
|
|
303
303
|
throw new Error("User not found");
|
|
304
304
|
}
|
|
305
305
|
}
|
|
@@ -317,7 +317,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
317
317
|
},
|
|
318
318
|
}
|
|
319
319
|
);
|
|
320
|
-
if (ret.
|
|
320
|
+
if (ret.matchedCount === 0) {
|
|
321
321
|
throw new Error("User not found");
|
|
322
322
|
}
|
|
323
323
|
}
|
|
@@ -348,7 +348,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
348
348
|
},
|
|
349
349
|
}
|
|
350
350
|
);
|
|
351
|
-
if (ret.
|
|
351
|
+
if (ret.matchedCount === 0) {
|
|
352
352
|
throw new Error("User not found");
|
|
353
353
|
}
|
|
354
354
|
}
|
|
@@ -393,7 +393,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
393
393
|
},
|
|
394
394
|
}
|
|
395
395
|
);
|
|
396
|
-
if (ret.
|
|
396
|
+
if (ret.matchedCount === 0) {
|
|
397
397
|
throw new Error("User not found");
|
|
398
398
|
}
|
|
399
399
|
}
|
|
@@ -409,9 +409,9 @@ export class Mongo implements DatabaseInterface {
|
|
|
409
409
|
if (existed > 0) {
|
|
410
410
|
throw new Error("该手机号已被其他用户注册");
|
|
411
411
|
}
|
|
412
|
-
let user = await this.collection.findOne(
|
|
412
|
+
let user:any = await this.collection.findOne(
|
|
413
413
|
{ _id: id },
|
|
414
|
-
{
|
|
414
|
+
{ projection: { mobile: 1 } }
|
|
415
415
|
);
|
|
416
416
|
if (user && user.mobile != newMobile) {
|
|
417
417
|
const ret = await this.collection.updateOne(
|
|
@@ -454,7 +454,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
454
454
|
}
|
|
455
455
|
let user = await this.collection.findOne(
|
|
456
456
|
{ _id: id },
|
|
457
|
-
{
|
|
457
|
+
{ projection: { email: 1 } }
|
|
458
458
|
);
|
|
459
459
|
if (user && user.email != newEmail) {
|
|
460
460
|
const ret = await this.collection.updateOne(
|
|
@@ -498,7 +498,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
498
498
|
},
|
|
499
499
|
}
|
|
500
500
|
);
|
|
501
|
-
if (ret.
|
|
501
|
+
if (ret.matchedCount === 0) {
|
|
502
502
|
throw new Error("User not found");
|
|
503
503
|
}
|
|
504
504
|
}
|
|
@@ -522,7 +522,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
522
522
|
},
|
|
523
523
|
}
|
|
524
524
|
);
|
|
525
|
-
if (ret.
|
|
525
|
+
if (ret.matchedCount === 0) {
|
|
526
526
|
throw new Error("User not found");
|
|
527
527
|
}
|
|
528
528
|
}
|
|
@@ -593,6 +593,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
593
593
|
let is_phone = connection.is_phone;
|
|
594
594
|
let is_tablet = connection.is_tablet;
|
|
595
595
|
let space = connection.space;
|
|
596
|
+
let provider = connection.provider;
|
|
596
597
|
if (userAgent) {
|
|
597
598
|
const foo = userAgent.split(" Space/");
|
|
598
599
|
if (foo.length > 1) {
|
|
@@ -613,6 +614,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
613
614
|
is_phone,
|
|
614
615
|
is_tablet,
|
|
615
616
|
login_expiration_in_days,
|
|
617
|
+
user_provider: provider
|
|
616
618
|
};
|
|
617
619
|
}
|
|
618
620
|
|
|
@@ -622,6 +624,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
622
624
|
is_phone,
|
|
623
625
|
is_tablet,
|
|
624
626
|
login_expiration_in_days,
|
|
627
|
+
user_provider: provider
|
|
625
628
|
};
|
|
626
629
|
}
|
|
627
630
|
|
|
@@ -648,7 +651,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
648
651
|
|
|
649
652
|
const ret = await this.sessionCollection.insertOne(session);
|
|
650
653
|
await this.updateMeteorSession(userId, token, infos);
|
|
651
|
-
return ret.
|
|
654
|
+
return ret.insertedId.toString();
|
|
652
655
|
}
|
|
653
656
|
|
|
654
657
|
public async updateSession(
|
|
@@ -708,7 +711,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
708
711
|
}
|
|
709
712
|
|
|
710
713
|
public async findSessionByToken(token: string): Promise<Session | null> {
|
|
711
|
-
const session = await this.sessionCollection.findOne({ token });
|
|
714
|
+
const session:any = await this.sessionCollection.findOne({ token });
|
|
712
715
|
if (session) {
|
|
713
716
|
session.id = session._id.toString();
|
|
714
717
|
}
|
|
@@ -719,7 +722,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
719
722
|
const _id = this.options.convertSessionIdToMongoObjectId
|
|
720
723
|
? toMongoID(sessionId)
|
|
721
724
|
: sessionId;
|
|
722
|
-
const session = await this.sessionCollection.findOne({ _id });
|
|
725
|
+
const session:any = await this.sessionCollection.findOne({ _id });
|
|
723
726
|
if (session) {
|
|
724
727
|
session.id = session._id.toString();
|
|
725
728
|
}
|
|
@@ -796,7 +799,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
796
799
|
if (owner) {
|
|
797
800
|
query.owner = owner;
|
|
798
801
|
}
|
|
799
|
-
let record = await this.codeCollection.findOne(query);
|
|
802
|
+
let record:any = await this.codeCollection.findOne(query);
|
|
800
803
|
if (record) {
|
|
801
804
|
// if(record.failureCount >= MAX_FAILURE_COUNT){
|
|
802
805
|
// throw new Error('accounts.tooManyFailures');
|
|
@@ -815,7 +818,7 @@ export class Mongo implements DatabaseInterface {
|
|
|
815
818
|
}
|
|
816
819
|
|
|
817
820
|
let result = await this.codeCollection.insertOne(doc);
|
|
818
|
-
record = result
|
|
821
|
+
record = result;
|
|
819
822
|
}
|
|
820
823
|
return record;
|
|
821
824
|
}
|
package/src/index.ts
CHANGED
|
@@ -2,7 +2,7 @@ import * as express from 'express';
|
|
|
2
2
|
import * as path from 'path';
|
|
3
3
|
import * as mongoose from 'mongoose';
|
|
4
4
|
import * as mongodb from 'mongodb';
|
|
5
|
-
import { AccountsServer } from './server';
|
|
5
|
+
import { AccountsServer, generateRandomToken } from './server';
|
|
6
6
|
import { AccountsPassword } from './password';
|
|
7
7
|
import { errors } from './password/errors';
|
|
8
8
|
import accountsExpress from './rest-express';
|
|
@@ -15,20 +15,18 @@ import { URL } from 'url';
|
|
|
15
15
|
import * as bodyParser from 'body-parser';
|
|
16
16
|
import { sendMail, sendSMS } from './core';
|
|
17
17
|
|
|
18
|
-
import oauth2Consent from './oauth2/consent';
|
|
19
|
-
import oauth2Login from './oauth2/login';
|
|
20
|
-
import oauth2Logout from './oauth2/logout';
|
|
21
18
|
import initServer from './rest-express/endpoints/initServer';
|
|
22
|
-
export {
|
|
19
|
+
export { setAuthCookies, clearAuthCookies } from './rest-express/utils/steedos-auth';
|
|
20
|
+
export { getMergedTenant } from './core';
|
|
23
21
|
|
|
24
22
|
declare var WebApp;
|
|
25
23
|
|
|
26
24
|
const config = getSteedosConfig();
|
|
27
25
|
|
|
28
26
|
function getAccountsServer() {
|
|
29
|
-
let accountsConfig = config.
|
|
27
|
+
let accountsConfig = config.tenant || {};
|
|
30
28
|
let emailConfig = config.email || {};
|
|
31
|
-
let tokenSecret = accountsConfig.tokenSecret ||
|
|
29
|
+
let tokenSecret = accountsConfig.tokenSecret || generateRandomToken();
|
|
32
30
|
let accessTokenExpiresIn = accountsConfig.accessTokenExpiresIn || "90d";
|
|
33
31
|
let refreshTokenExpiresIn = accountsConfig.refreshTokenExpiresIn || "7d";
|
|
34
32
|
let mailSignname = emailConfig.signname || "华炎魔方";
|
|
@@ -45,7 +43,7 @@ function getAccountsServer() {
|
|
|
45
43
|
kmsProviders: kmsProvider,
|
|
46
44
|
bypassAutoEncryption: true,
|
|
47
45
|
}
|
|
48
|
-
});
|
|
46
|
+
} as any);
|
|
49
47
|
} else {
|
|
50
48
|
mongoose.connect(mongoUrl, { useNewUrlParser: true, useUnifiedTopology: true });
|
|
51
49
|
}
|
|
@@ -176,13 +174,5 @@ export function init(context) {
|
|
|
176
174
|
|
|
177
175
|
context.app.use("/initServer", initServer);
|
|
178
176
|
|
|
179
|
-
context.app.use("/oauth2/consent", userLoader(accountsServer), oauth2Consent);
|
|
180
|
-
context.app.use("/oauth2/login", userLoader(accountsServer), oauth2Login);
|
|
181
|
-
context.app.use("/oauth2/logout", oauth2Logout);
|
|
182
|
-
// if (typeof WebApp !== 'undefined'){
|
|
183
|
-
// const app = express();
|
|
184
|
-
// app.use("/accounts", bodyParser.urlencoded({ extended: false }), bodyParser.json(), accountsRouter)
|
|
185
|
-
// WebApp.rawConnectHandlers.use(app)
|
|
186
|
-
// }
|
|
187
177
|
})
|
|
188
178
|
}
|
package/src/mail.ts
CHANGED
|
@@ -8,15 +8,15 @@ export const sendMail = async ({from, subject, to, text, html}) => {
|
|
|
8
8
|
|
|
9
9
|
const config = getSteedosConfig().email
|
|
10
10
|
if (!config) {
|
|
11
|
-
console.log("Please set email configs in steedos
|
|
11
|
+
console.log("Please set email configs in steedos.config.js")
|
|
12
12
|
return
|
|
13
13
|
}
|
|
14
14
|
if (!config.from) {
|
|
15
|
-
console.log("Please set email configs in steedos
|
|
15
|
+
console.log("Please set email configs in steedos.config.js")
|
|
16
16
|
return
|
|
17
17
|
}
|
|
18
18
|
if (!config.url && (!config.host || !config.port || !config.username || !config.password)) {
|
|
19
|
-
console.log("Please set email configs in steedos
|
|
19
|
+
console.log("Please set email configs in steedos.config.js")
|
|
20
20
|
return
|
|
21
21
|
}
|
|
22
22
|
|
|
@@ -160,7 +160,14 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
160
160
|
}
|
|
161
161
|
|
|
162
162
|
public async authenticate(params: any): Promise<User> {
|
|
163
|
-
|
|
163
|
+
let { user, password, token, locale } = params;
|
|
164
|
+
|
|
165
|
+
const passwordUnencrypted = params['password-unencrypted'];
|
|
166
|
+
let isHashPassword = true;
|
|
167
|
+
if(passwordUnencrypted && !password ){
|
|
168
|
+
password = passwordUnencrypted;
|
|
169
|
+
isHashPassword = false;
|
|
170
|
+
}
|
|
164
171
|
|
|
165
172
|
if(user && token){
|
|
166
173
|
return await this.codeAuthenticator(user, token, locale);
|
|
@@ -174,7 +181,7 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
174
181
|
throw new Error(this.options.errors.matchFailed);
|
|
175
182
|
}
|
|
176
183
|
|
|
177
|
-
const foundUser = await this.passwordAuthenticator(user, password);
|
|
184
|
+
const foundUser = await this.passwordAuthenticator(user, password, isHashPassword);
|
|
178
185
|
|
|
179
186
|
// // If user activated two factor authentication try with the code
|
|
180
187
|
// if (getUserTwoFactorService(foundUser)) {
|
|
@@ -686,7 +693,8 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
686
693
|
|
|
687
694
|
public async passwordAuthenticator(
|
|
688
695
|
user: string | LoginUserIdentity,
|
|
689
|
-
password: PasswordType
|
|
696
|
+
password: PasswordType,
|
|
697
|
+
isHashPassword = true
|
|
690
698
|
): Promise<User> {
|
|
691
699
|
const { username, email, id, mobile } = isString(user)
|
|
692
700
|
? this.toMobileAndEmail({ user })
|
|
@@ -735,8 +743,12 @@ export default class AccountsPassword implements AuthenticationService {
|
|
|
735
743
|
}
|
|
736
744
|
}
|
|
737
745
|
const hashAlgorithm = this.options.passwordHashAlgorithm;
|
|
738
|
-
|
|
739
|
-
|
|
746
|
+
let pass = null;
|
|
747
|
+
if(isHashPassword){
|
|
748
|
+
pass = password;
|
|
749
|
+
}else{
|
|
750
|
+
pass = hashAlgorithm ? hashPassword(password, hashAlgorithm) : password;
|
|
751
|
+
}
|
|
740
752
|
const isPasswordValid = await verifyPassword(pass, hash);
|
|
741
753
|
|
|
742
754
|
if (!isPasswordValid) {
|
|
@@ -28,7 +28,7 @@ import isMobile from "ismobilejs";
|
|
|
28
28
|
|
|
29
29
|
const defaultOptions = {
|
|
30
30
|
ambiguousErrorMessages: true,
|
|
31
|
-
tokenSecret:
|
|
31
|
+
tokenSecret: generateRandomToken(),
|
|
32
32
|
tokenConfigs: {
|
|
33
33
|
accessToken: {
|
|
34
34
|
expiresIn: "90m",
|
|
@@ -96,6 +96,14 @@ export class AccountsServer {
|
|
|
96
96
|
return () => this.hooks.off(eventName, callback);
|
|
97
97
|
}
|
|
98
98
|
|
|
99
|
+
public async getUserProfile(userId, serviceName = 'password'){
|
|
100
|
+
const service = this.services[serviceName];
|
|
101
|
+
if(!service){
|
|
102
|
+
throw new Error(`Service ${serviceName} not found`);
|
|
103
|
+
}
|
|
104
|
+
return await service.getUserProfile(userId);
|
|
105
|
+
}
|
|
106
|
+
|
|
99
107
|
public async loginWithService(
|
|
100
108
|
serviceName: string,
|
|
101
109
|
params: any,
|
|
@@ -203,6 +211,8 @@ export class AccountsServer {
|
|
|
203
211
|
phone_logout_other_clients,
|
|
204
212
|
phone_login_expiration_in_days,
|
|
205
213
|
space,
|
|
214
|
+
provider,
|
|
215
|
+
jwtToken,
|
|
206
216
|
} = infos;
|
|
207
217
|
|
|
208
218
|
let is_phone = false;
|
|
@@ -243,7 +253,7 @@ export class AccountsServer {
|
|
|
243
253
|
//3 清理用户所有session 缓存
|
|
244
254
|
removeUserSessionsCacheByUserId(user.id, is_phone);
|
|
245
255
|
}
|
|
246
|
-
const token = generateRandomToken();
|
|
256
|
+
const token = jwtToken || generateRandomToken();
|
|
247
257
|
const sessionId = await this.db.createSession(user.id, token, {
|
|
248
258
|
ip,
|
|
249
259
|
userAgent,
|
|
@@ -252,11 +262,14 @@ export class AccountsServer {
|
|
|
252
262
|
is_phone,
|
|
253
263
|
is_tablet,
|
|
254
264
|
space,
|
|
265
|
+
provider
|
|
255
266
|
});
|
|
256
267
|
|
|
257
268
|
const { accessToken, refreshToken } = this.createTokens({
|
|
258
269
|
token,
|
|
259
270
|
userId: user.id,
|
|
271
|
+
name: user.name,
|
|
272
|
+
email: user.email
|
|
260
273
|
});
|
|
261
274
|
|
|
262
275
|
return {
|
|
@@ -357,6 +370,8 @@ export class AccountsServer {
|
|
|
357
370
|
token: newSessionId,
|
|
358
371
|
isImpersonated: true,
|
|
359
372
|
userId: user.id,
|
|
373
|
+
name: user.name,
|
|
374
|
+
email: user.email,
|
|
360
375
|
});
|
|
361
376
|
const impersonationResult = {
|
|
362
377
|
authorized: true,
|
|
@@ -426,6 +441,8 @@ export class AccountsServer {
|
|
|
426
441
|
const tokens = this.createTokens({
|
|
427
442
|
token: sessionToken,
|
|
428
443
|
userId: user.id,
|
|
444
|
+
name: user.name,
|
|
445
|
+
email: user.email
|
|
429
446
|
});
|
|
430
447
|
await this.db.updateSession(session.id, { ip, userAgent });
|
|
431
448
|
|
|
@@ -459,16 +476,22 @@ export class AccountsServer {
|
|
|
459
476
|
token,
|
|
460
477
|
isImpersonated = false,
|
|
461
478
|
userId,
|
|
479
|
+
name,
|
|
480
|
+
email
|
|
462
481
|
}: {
|
|
463
482
|
token: string;
|
|
464
483
|
isImpersonated?: boolean;
|
|
465
484
|
userId: string;
|
|
485
|
+
name: string,
|
|
486
|
+
email: string
|
|
466
487
|
}): Tokens {
|
|
467
488
|
const { tokenSecret, tokenConfigs } = this.options;
|
|
468
489
|
const jwtData: JwtData = {
|
|
469
|
-
token,
|
|
490
|
+
// token,
|
|
470
491
|
isImpersonated,
|
|
471
492
|
userId,
|
|
493
|
+
name,
|
|
494
|
+
email
|
|
472
495
|
};
|
|
473
496
|
const accessToken = generateAccessToken({
|
|
474
497
|
data: jwtData,
|
|
@@ -1,5 +1,14 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* @Author: baozhoutao@steedos.com
|
|
3
|
+
* @Date: 2022-03-28 09:35:34
|
|
4
|
+
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
+
* @LastEditTime: 2022-07-01 15:01:17
|
|
6
|
+
* @Description:
|
|
7
|
+
*/
|
|
1
8
|
export interface JwtData {
|
|
2
|
-
token
|
|
9
|
+
token?: string;
|
|
3
10
|
isImpersonated: boolean;
|
|
4
11
|
userId: string;
|
|
12
|
+
name: string,
|
|
13
|
+
email: string,
|
|
5
14
|
}
|
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* @Author: baozhoutao@steedos.com
|
|
3
|
+
* @Date: 2022-03-28 09:35:34
|
|
4
|
+
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
+
* @LastEditTime: 2022-06-29 16:05:04
|
|
6
|
+
* @Description:
|
|
7
|
+
*/
|
|
1
8
|
export interface ConnectionInformations {
|
|
2
9
|
ip?: string;
|
|
3
10
|
userAgent?: string;
|
|
@@ -8,4 +15,6 @@ export interface ConnectionInformations {
|
|
|
8
15
|
login_expiration_in_days?: number;
|
|
9
16
|
phone_logout_other_clients?: boolean;
|
|
10
17
|
phone_login_expiration_in_days?: number;
|
|
18
|
+
provider?: string;
|
|
19
|
+
jwtToken?: string;
|
|
11
20
|
}
|
package/lib/oauth2/client.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
//# sourceMappingURL=client.js.map
|
package/lib/oauth2/client.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/oauth2/client.ts"],"names":[],"mappings":""}
|
package/lib/oauth2/config.js
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.hydraAdmin = void 0;
|
|
4
|
-
var hydra_client_1 = require("@oryd/hydra-client");
|
|
5
|
-
var baseOptions = {};
|
|
6
|
-
if (process.env.STEEDOS_MOCK_TLS_TERMINATION) {
|
|
7
|
-
baseOptions.headers = { 'X-Forwarded-Proto': 'https' };
|
|
8
|
-
}
|
|
9
|
-
var hydraAdmin = new hydra_client_1.AdminApi(new hydra_client_1.Configuration({
|
|
10
|
-
basePath: process.env.STEEDOS_HYDRA_ADMIN_URL,
|
|
11
|
-
baseOptions: baseOptions
|
|
12
|
-
}));
|
|
13
|
-
exports.hydraAdmin = hydraAdmin;
|
|
14
|
-
//# sourceMappingURL=config.js.map
|
package/lib/oauth2/config.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/oauth2/config.ts"],"names":[],"mappings":";;;AAAA,mDAA4D;AAC5D,IAAM,WAAW,GAAQ,EAAE,CAAA;AAE3B,IAAI,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE;IAC5C,WAAW,CAAC,OAAO,GAAG,EAAE,mBAAmB,EAAE,OAAO,EAAE,CAAA;CACvD;AAED,IAAM,UAAU,GAAG,IAAI,uBAAQ,CAC7B,IAAI,4BAAa,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB;IAC7C,WAAW,aAAA;CACZ,CAAC,CACH,CAAA;AAEQ,gCAAU"}
|