@steedos/accounts 2.2.55-beta.7 → 2.3.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/core/index.js +26 -28
- package/lib/core/index.js.map +1 -1
- package/lib/database-mongo/mongo.js +141 -154
- package/lib/database-mongo/mongo.js.map +1 -1
- package/lib/index.js +1 -3
- package/lib/index.js.map +1 -1
- package/lib/mail.js +6 -6
- package/lib/mail.js.map +1 -1
- package/lib/password/accounts-password.js +112 -233
- package/lib/password/accounts-password.js.map +1 -1
- package/lib/password/utils/encryption.js +4 -4
- package/lib/password/utils/encryption.js.map +1 -1
- package/lib/rest-express/endpoints/authorize.js +1 -1
- package/lib/rest-express/endpoints/get-user.js +1 -1
- package/lib/rest-express/endpoints/impersonate.js +4 -4
- package/lib/rest-express/endpoints/impersonate.js.map +1 -1
- package/lib/rest-express/endpoints/initServer.js +4 -4
- package/lib/rest-express/endpoints/initServer.js.map +1 -1
- package/lib/rest-express/endpoints/login.js +5 -5
- package/lib/rest-express/endpoints/login.js.map +1 -1
- package/lib/rest-express/endpoints/logout.js +4 -4
- package/lib/rest-express/endpoints/logout.js.map +1 -1
- package/lib/rest-express/endpoints/oauth/provider-callback.js +4 -4
- package/lib/rest-express/endpoints/oauth/provider-callback.js.map +1 -1
- package/lib/rest-express/endpoints/password/change-password.js +5 -5
- package/lib/rest-express/endpoints/password/change-password.js.map +1 -1
- package/lib/rest-express/endpoints/password/register.js +13 -39
- package/lib/rest-express/endpoints/password/register.js.map +1 -1
- package/lib/rest-express/endpoints/password/reset.js +8 -8
- package/lib/rest-express/endpoints/password/reset.js.map +1 -1
- package/lib/rest-express/endpoints/password/two-factor.js +14 -14
- package/lib/rest-express/endpoints/password/two-factor.js.map +1 -1
- package/lib/rest-express/endpoints/password/verify-email.js +12 -12
- package/lib/rest-express/endpoints/password/verify-email.js.map +1 -1
- package/lib/rest-express/endpoints/password/verify.js +18 -18
- package/lib/rest-express/endpoints/password/verify.js.map +1 -1
- package/lib/rest-express/endpoints/put-user-name.js +5 -5
- package/lib/rest-express/endpoints/put-user-name.js.map +1 -1
- package/lib/rest-express/endpoints/refresh-access-token.js +4 -4
- package/lib/rest-express/endpoints/refresh-access-token.js.map +1 -1
- package/lib/rest-express/endpoints/service-authenticate.js +9 -14
- package/lib/rest-express/endpoints/service-authenticate.js.map +1 -1
- package/lib/rest-express/endpoints/spaces.js +3 -3
- package/lib/rest-express/endpoints/spaces.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/create-tenant.js +9 -9
- package/lib/rest-express/endpoints/steedos/create-tenant.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/get-tenant.js +5 -5
- package/lib/rest-express/endpoints/steedos/get-tenant.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/settings.js +4 -4
- package/lib/rest-express/endpoints/steedos/settings.js.map +1 -1
- package/lib/rest-express/endpoints/update-session.js +5 -6
- package/lib/rest-express/endpoints/update-session.js.map +1 -1
- package/lib/rest-express/express-middleware.js +0 -4
- package/lib/rest-express/express-middleware.js.map +1 -1
- package/lib/rest-express/user-loader.js +8 -8
- package/lib/rest-express/user-loader.js.map +1 -1
- package/lib/rest-express/utils/get-user-agent.js +0 -1
- package/lib/rest-express/utils/get-user-agent.js.map +1 -1
- package/lib/rest-express/utils/users.js +6 -6
- package/lib/rest-express/utils/users.js.map +1 -1
- package/lib/server/accounts-server.js +76 -159
- package/lib/server/accounts-server.js.map +1 -1
- package/lib/server/utils/email.js +1 -3
- package/lib/server/utils/email.js.map +1 -1
- package/lib/server/utils/get-first-user-email.js +0 -1
- package/lib/server/utils/get-first-user-email.js.map +1 -1
- package/lib/server/utils/tokens.js +0 -11
- package/lib/server/utils/tokens.js.map +1 -1
- package/package.json +6 -6
- package/src/server/accounts-server.ts +1 -0
- package/src/types/types/login-result.ts +1 -0
|
@@ -26,27 +26,18 @@ var defaultOptions = {
|
|
|
26
26
|
sendMail: email_1.sendMail,
|
|
27
27
|
siteUrl: "http://localhost:3000",
|
|
28
28
|
};
|
|
29
|
-
var AccountsServer =
|
|
29
|
+
var AccountsServer = (function () {
|
|
30
30
|
function AccountsServer(options, services) {
|
|
31
31
|
this.options = (0, lodash_1.merge)(tslib_1.__assign({}, defaultOptions), options);
|
|
32
32
|
if (!this.options.db) {
|
|
33
33
|
throw new Error("A database driver is required");
|
|
34
34
|
}
|
|
35
|
-
// if (this.options.tokenSecret === defaultOptions.tokenSecret) {
|
|
36
|
-
// // tslint:disable-next-line no-console
|
|
37
|
-
// console.log(`
|
|
38
|
-
// You are using the default secret "${this.options.tokenSecret}" which is not secure.
|
|
39
|
-
// Please change it with a strong random token.`);
|
|
40
|
-
// }
|
|
41
35
|
this.services = services || {};
|
|
42
36
|
this.db = this.options.db;
|
|
43
|
-
// Set the db to all services
|
|
44
|
-
// tslint:disable-next-line
|
|
45
37
|
for (var service in this.services) {
|
|
46
38
|
this.services[service].setStore(this.db);
|
|
47
39
|
this.services[service].server = this;
|
|
48
40
|
}
|
|
49
|
-
// Initialize hooks
|
|
50
41
|
this.hooks = new Emittery();
|
|
51
42
|
}
|
|
52
43
|
AccountsServer.prototype.getServices = function () {
|
|
@@ -74,8 +65,8 @@ var AccountsServer = /** @class */ (function () {
|
|
|
74
65
|
if (!service) {
|
|
75
66
|
throw new Error("Service ".concat(serviceName, " not found"));
|
|
76
67
|
}
|
|
77
|
-
return [4
|
|
78
|
-
case 1: return [2
|
|
68
|
+
return [4, service.getUserProfile(userId)];
|
|
69
|
+
case 1: return [2, _a.sent()];
|
|
79
70
|
}
|
|
80
71
|
});
|
|
81
72
|
});
|
|
@@ -87,11 +78,8 @@ var AccountsServer = /** @class */ (function () {
|
|
|
87
78
|
switch (_a.label) {
|
|
88
79
|
case 0:
|
|
89
80
|
hooksInfo = {
|
|
90
|
-
// The service name, such as “password” or “twitter”.
|
|
91
81
|
service: serviceName,
|
|
92
|
-
// The connection informations <ConnectionInformations>
|
|
93
82
|
connection: infos,
|
|
94
|
-
// Params received
|
|
95
83
|
params: params,
|
|
96
84
|
};
|
|
97
85
|
_a.label = 1;
|
|
@@ -100,7 +88,7 @@ var AccountsServer = /** @class */ (function () {
|
|
|
100
88
|
if (!this.services[serviceName]) {
|
|
101
89
|
throw new Error("No service with the name ".concat(serviceName, " was registered."));
|
|
102
90
|
}
|
|
103
|
-
return [4
|
|
91
|
+
return [4, this.services[serviceName].authenticate(params)];
|
|
104
92
|
case 2:
|
|
105
93
|
user = _a.sent();
|
|
106
94
|
hooksInfo.user = user;
|
|
@@ -110,10 +98,8 @@ var AccountsServer = /** @class */ (function () {
|
|
|
110
98
|
if (user.deactivated) {
|
|
111
99
|
throw new Error("Your account has been deactivated");
|
|
112
100
|
}
|
|
113
|
-
|
|
114
|
-
return [4 /*yield*/, this.hooks.emitSerial(server_hooks_1.ServerHooks.ValidateLogin, hooksInfo)];
|
|
101
|
+
return [4, this.hooks.emitSerial(server_hooks_1.ServerHooks.ValidateLogin, hooksInfo)];
|
|
115
102
|
case 3:
|
|
116
|
-
// Let the user validate the login attempt
|
|
117
103
|
_a.sent();
|
|
118
104
|
enable_MFA = false;
|
|
119
105
|
logout_other_clients = false;
|
|
@@ -121,7 +107,7 @@ var AccountsServer = /** @class */ (function () {
|
|
|
121
107
|
phone_logout_other_clients = false;
|
|
122
108
|
phone_login_expiration_in_days = null;
|
|
123
109
|
space = null;
|
|
124
|
-
return [4
|
|
110
|
+
return [4, this.services[serviceName].getUserProfile(user.id)];
|
|
125
111
|
case 4:
|
|
126
112
|
userProfile = _a.sent();
|
|
127
113
|
if (userProfile) {
|
|
@@ -134,18 +120,13 @@ var AccountsServer = /** @class */ (function () {
|
|
|
134
120
|
userProfile.phone_login_expiration_in_days;
|
|
135
121
|
space = userProfile.space;
|
|
136
122
|
}
|
|
137
|
-
//启用了多重验证
|
|
138
123
|
if (enable_MFA) {
|
|
139
|
-
//不是验证码登录
|
|
140
124
|
if (!(params.user && params.token)) {
|
|
141
125
|
_next = "TO_MOBILE_CODE_LOGIN";
|
|
142
|
-
|
|
143
|
-
// _next = 'TO_VERIFY_MOBILE';
|
|
144
|
-
// }
|
|
145
|
-
return [2 /*return*/, { _next: _next, mobile: user.mobile, mobile_verified: user.mobile_verified }];
|
|
126
|
+
return [2, { _next: _next, mobile: user.mobile, mobile_verified: user.mobile_verified }];
|
|
146
127
|
}
|
|
147
128
|
}
|
|
148
|
-
return [4
|
|
129
|
+
return [4, this.loginWithUser(user, Object.assign({}, infos, {
|
|
149
130
|
logout_other_clients: logout_other_clients,
|
|
150
131
|
login_expiration_in_days: login_expiration_in_days,
|
|
151
132
|
phone_logout_other_clients: phone_logout_other_clients,
|
|
@@ -155,25 +136,16 @@ var AccountsServer = /** @class */ (function () {
|
|
|
155
136
|
case 5:
|
|
156
137
|
loginResult = _a.sent();
|
|
157
138
|
this.hooks.emit(server_hooks_1.ServerHooks.LoginSuccess, hooksInfo);
|
|
158
|
-
return [2
|
|
139
|
+
return [2, loginResult];
|
|
159
140
|
case 6:
|
|
160
141
|
err_1 = _a.sent();
|
|
161
142
|
this.hooks.emit(server_hooks_1.ServerHooks.LoginError, tslib_1.__assign(tslib_1.__assign({}, hooksInfo), { error: err_1 }));
|
|
162
143
|
throw err_1;
|
|
163
|
-
case 7: return [2
|
|
144
|
+
case 7: return [2];
|
|
164
145
|
}
|
|
165
146
|
});
|
|
166
147
|
});
|
|
167
148
|
};
|
|
168
|
-
/**
|
|
169
|
-
* @description Server use only.
|
|
170
|
-
* This method creates a session without authenticating any user identity.
|
|
171
|
-
* Any authentication should happen before calling this function.
|
|
172
|
-
* @param {User} userId - The user object.
|
|
173
|
-
* @param {string} ip - User's ip.
|
|
174
|
-
* @param {string} userAgent - User's client agent.
|
|
175
|
-
* @returns {Promise<LoginResult>} - Session tokens and user object.
|
|
176
|
-
*/
|
|
177
149
|
AccountsServer.prototype.loginWithUser = function (user, infos) {
|
|
178
150
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
179
151
|
var ip, userAgent, logout_other_clients, login_expiration_in_days, phone_logout_other_clients, phone_login_expiration_in_days, space, provider, jwtToken, is_phone, is_tablet, _a, phone, tablet, query, userSessions, _i, userSessions_1, userSession, token, sessionId, _b, accessToken, refreshToken;
|
|
@@ -193,7 +165,7 @@ var AccountsServer = /** @class */ (function () {
|
|
|
193
165
|
console.log("Exception", Exception);
|
|
194
166
|
}
|
|
195
167
|
}
|
|
196
|
-
if (!(logout_other_clients || phone_logout_other_clients)) return [3
|
|
168
|
+
if (!(logout_other_clients || phone_logout_other_clients)) return [3, 7];
|
|
197
169
|
query = null;
|
|
198
170
|
if (is_phone) {
|
|
199
171
|
query = { is_phone: true };
|
|
@@ -201,38 +173,35 @@ var AccountsServer = /** @class */ (function () {
|
|
|
201
173
|
else {
|
|
202
174
|
query = { is_phone: { $ne: true } };
|
|
203
175
|
}
|
|
204
|
-
|
|
205
|
-
return [4 /*yield*/, this.db.updateUser(user.id, {
|
|
176
|
+
return [4, this.db.updateUser(user.id, {
|
|
206
177
|
$pull: {
|
|
207
178
|
"services.resume.loginTokens": query,
|
|
208
179
|
},
|
|
209
180
|
})];
|
|
210
181
|
case 1:
|
|
211
|
-
//1 将当前user的所有 token 清空
|
|
212
182
|
_c.sent();
|
|
213
|
-
return [4
|
|
183
|
+
return [4, this.db.findValidSessionsByUserId(user.id, is_phone)];
|
|
214
184
|
case 2:
|
|
215
185
|
userSessions = _c.sent();
|
|
216
|
-
if (!userSessions) return [3
|
|
186
|
+
if (!userSessions) return [3, 6];
|
|
217
187
|
_i = 0, userSessions_1 = userSessions;
|
|
218
188
|
_c.label = 3;
|
|
219
189
|
case 3:
|
|
220
|
-
if (!(_i < userSessions_1.length)) return [3
|
|
190
|
+
if (!(_i < userSessions_1.length)) return [3, 6];
|
|
221
191
|
userSession = userSessions_1[_i];
|
|
222
|
-
return [4
|
|
192
|
+
return [4, this.db.invalidateSession(userSession.id)];
|
|
223
193
|
case 4:
|
|
224
194
|
_c.sent();
|
|
225
195
|
_c.label = 5;
|
|
226
196
|
case 5:
|
|
227
197
|
_i++;
|
|
228
|
-
return [3
|
|
198
|
+
return [3, 3];
|
|
229
199
|
case 6:
|
|
230
|
-
//3 清理用户所有session 缓存
|
|
231
200
|
(0, auth_1.removeUserSessionsCacheByUserId)(user.id, is_phone);
|
|
232
201
|
_c.label = 7;
|
|
233
202
|
case 7:
|
|
234
203
|
token = jwtToken || (0, tokens_1.generateRandomToken)();
|
|
235
|
-
return [4
|
|
204
|
+
return [4, this.db.createSession(user.id, token, {
|
|
236
205
|
ip: ip,
|
|
237
206
|
userAgent: userAgent,
|
|
238
207
|
login_expiration_in_days: login_expiration_in_days,
|
|
@@ -250,27 +219,20 @@ var AccountsServer = /** @class */ (function () {
|
|
|
250
219
|
name: user.name,
|
|
251
220
|
email: user.email
|
|
252
221
|
}), accessToken = _b.accessToken, refreshToken = _b.refreshToken;
|
|
253
|
-
return [2
|
|
222
|
+
return [2, {
|
|
254
223
|
sessionId: sessionId,
|
|
255
224
|
token: token,
|
|
256
225
|
tokens: {
|
|
257
226
|
refreshToken: refreshToken,
|
|
258
227
|
accessToken: accessToken,
|
|
259
228
|
},
|
|
229
|
+
space: space,
|
|
260
230
|
user: user,
|
|
261
231
|
}];
|
|
262
232
|
}
|
|
263
233
|
});
|
|
264
234
|
});
|
|
265
235
|
};
|
|
266
|
-
/**
|
|
267
|
-
* @description Impersonate to another user.
|
|
268
|
-
* @param {string} accessToken - User access token.
|
|
269
|
-
* @param {object} impersonated - impersonated user.
|
|
270
|
-
* @param {string} ip - The user ip.
|
|
271
|
-
* @param {string} userAgent - User user agent.
|
|
272
|
-
* @returns {Promise<Object>} - ImpersonationResult
|
|
273
|
-
*/
|
|
274
236
|
AccountsServer.prototype.impersonate = function (accessToken, impersonated, ip, userAgent) {
|
|
275
237
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
276
238
|
var session, user, impersonatedUser, isAuthorized, token, newSessionId, impersonationTokens, impersonationResult, e_1;
|
|
@@ -287,54 +249,54 @@ var AccountsServer = /** @class */ (function () {
|
|
|
287
249
|
catch (err) {
|
|
288
250
|
throw new Error("Access token is not valid");
|
|
289
251
|
}
|
|
290
|
-
return [4
|
|
252
|
+
return [4, this.findSessionByAccessToken(accessToken)];
|
|
291
253
|
case 1:
|
|
292
254
|
session = _a.sent();
|
|
293
255
|
if (!session.valid) {
|
|
294
256
|
throw new Error("Session is not valid for user");
|
|
295
257
|
}
|
|
296
|
-
return [4
|
|
258
|
+
return [4, this.db.findUserById(session.userId)];
|
|
297
259
|
case 2:
|
|
298
260
|
user = _a.sent();
|
|
299
261
|
if (!user) {
|
|
300
262
|
throw new Error("User not found");
|
|
301
263
|
}
|
|
302
264
|
impersonatedUser = void 0;
|
|
303
|
-
if (!impersonated.userId) return [3
|
|
304
|
-
return [4
|
|
265
|
+
if (!impersonated.userId) return [3, 4];
|
|
266
|
+
return [4, this.db.findUserById(impersonated.userId)];
|
|
305
267
|
case 3:
|
|
306
268
|
impersonatedUser = _a.sent();
|
|
307
|
-
return [3
|
|
269
|
+
return [3, 8];
|
|
308
270
|
case 4:
|
|
309
|
-
if (!impersonated.username) return [3
|
|
310
|
-
return [4
|
|
271
|
+
if (!impersonated.username) return [3, 6];
|
|
272
|
+
return [4, this.db.findUserByUsername(impersonated.username)];
|
|
311
273
|
case 5:
|
|
312
274
|
impersonatedUser = _a.sent();
|
|
313
|
-
return [3
|
|
275
|
+
return [3, 8];
|
|
314
276
|
case 6:
|
|
315
|
-
if (!impersonated.email) return [3
|
|
316
|
-
return [4
|
|
277
|
+
if (!impersonated.email) return [3, 8];
|
|
278
|
+
return [4, this.db.findUserByEmail(impersonated.email)];
|
|
317
279
|
case 7:
|
|
318
280
|
impersonatedUser = _a.sent();
|
|
319
281
|
_a.label = 8;
|
|
320
282
|
case 8:
|
|
321
283
|
if (!impersonatedUser) {
|
|
322
284
|
if (this.options.ambiguousErrorMessages) {
|
|
323
|
-
return [2
|
|
285
|
+
return [2, { authorized: false }];
|
|
324
286
|
}
|
|
325
287
|
throw new Error("Impersonated user not found");
|
|
326
288
|
}
|
|
327
289
|
if (!this.options.impersonationAuthorize) {
|
|
328
|
-
return [2
|
|
290
|
+
return [2, { authorized: false }];
|
|
329
291
|
}
|
|
330
|
-
return [4
|
|
292
|
+
return [4, this.options.impersonationAuthorize(user, impersonatedUser)];
|
|
331
293
|
case 9:
|
|
332
294
|
isAuthorized = _a.sent();
|
|
333
295
|
if (!isAuthorized) {
|
|
334
|
-
return [2
|
|
296
|
+
return [2, { authorized: false }];
|
|
335
297
|
}
|
|
336
298
|
token = (0, tokens_1.generateRandomToken)();
|
|
337
|
-
return [4
|
|
299
|
+
return [4, this.db.createSession(impersonatedUser.id, token, {
|
|
338
300
|
ip: ip,
|
|
339
301
|
userAgent: userAgent,
|
|
340
302
|
}, { impersonatorUserId: user.id })];
|
|
@@ -356,24 +318,16 @@ var AccountsServer = /** @class */ (function () {
|
|
|
356
318
|
user: user,
|
|
357
319
|
impersonationResult: impersonationResult,
|
|
358
320
|
});
|
|
359
|
-
return [2
|
|
321
|
+
return [2, impersonationResult];
|
|
360
322
|
case 11:
|
|
361
323
|
e_1 = _a.sent();
|
|
362
324
|
this.hooks.emit(server_hooks_1.ServerHooks.ImpersonationError, e_1);
|
|
363
325
|
throw e_1;
|
|
364
|
-
case 12: return [2
|
|
326
|
+
case 12: return [2];
|
|
365
327
|
}
|
|
366
328
|
});
|
|
367
329
|
});
|
|
368
330
|
};
|
|
369
|
-
/**
|
|
370
|
-
* @description Refresh a user token.
|
|
371
|
-
* @param {string} accessToken - User access token.
|
|
372
|
-
* @param {string} refreshToken - User refresh token.
|
|
373
|
-
* @param {string} ip - User ip.
|
|
374
|
-
* @param {string} userAgent - User user agent.
|
|
375
|
-
* @returns {Promise<Object>} - LoginResult.
|
|
376
|
-
*/
|
|
377
331
|
AccountsServer.prototype.refreshTokens = function (accessToken, refreshToken, ip, userAgent) {
|
|
378
332
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
379
333
|
var sessionToken, decodedAccessToken, session, user, tokens, result, err_2;
|
|
@@ -395,14 +349,14 @@ var AccountsServer = /** @class */ (function () {
|
|
|
395
349
|
catch (err) {
|
|
396
350
|
throw new Error("Tokens are not valid");
|
|
397
351
|
}
|
|
398
|
-
return [4
|
|
352
|
+
return [4, this.db.findSessionByToken(sessionToken)];
|
|
399
353
|
case 1:
|
|
400
354
|
session = _a.sent();
|
|
401
355
|
if (!session) {
|
|
402
356
|
throw new Error("Session not found");
|
|
403
357
|
}
|
|
404
|
-
if (!session.valid) return [3
|
|
405
|
-
return [4
|
|
358
|
+
if (!session.valid) return [3, 4];
|
|
359
|
+
return [4, this.db.findUserById(session.userId)];
|
|
406
360
|
case 2:
|
|
407
361
|
user = _a.sent();
|
|
408
362
|
if (!user) {
|
|
@@ -414,7 +368,7 @@ var AccountsServer = /** @class */ (function () {
|
|
|
414
368
|
name: user.name,
|
|
415
369
|
email: user.email
|
|
416
370
|
});
|
|
417
|
-
return [4
|
|
371
|
+
return [4, this.db.updateSession(session.id, { ip: ip, userAgent: userAgent })];
|
|
418
372
|
case 3:
|
|
419
373
|
_a.sent();
|
|
420
374
|
result = {
|
|
@@ -424,29 +378,22 @@ var AccountsServer = /** @class */ (function () {
|
|
|
424
378
|
tokens: tokens,
|
|
425
379
|
};
|
|
426
380
|
this.hooks.emit(server_hooks_1.ServerHooks.RefreshTokensSuccess, result);
|
|
427
|
-
return [2
|
|
381
|
+
return [2, result];
|
|
428
382
|
case 4: throw new Error("Session is no longer valid");
|
|
429
|
-
case 5: return [3
|
|
383
|
+
case 5: return [3, 7];
|
|
430
384
|
case 6:
|
|
431
385
|
err_2 = _a.sent();
|
|
432
386
|
this.hooks.emit(server_hooks_1.ServerHooks.RefreshTokensError, err_2);
|
|
433
387
|
throw err_2;
|
|
434
|
-
case 7: return [2
|
|
388
|
+
case 7: return [2];
|
|
435
389
|
}
|
|
436
390
|
});
|
|
437
391
|
});
|
|
438
392
|
};
|
|
439
|
-
/**
|
|
440
|
-
* @description Refresh a user token.
|
|
441
|
-
* @param {string} token - User session token.
|
|
442
|
-
* @param {boolean} isImpersonated - Should be true if impersonating another user.
|
|
443
|
-
* @returns {Promise<Object>} - Return a new accessToken and refreshToken.
|
|
444
|
-
*/
|
|
445
393
|
AccountsServer.prototype.createTokens = function (_a) {
|
|
446
394
|
var token = _a.token, _b = _a.isImpersonated, isImpersonated = _b === void 0 ? false : _b, userId = _a.userId, name = _a.name, email = _a.email;
|
|
447
395
|
var _c = this.options, tokenSecret = _c.tokenSecret, tokenConfigs = _c.tokenConfigs;
|
|
448
396
|
var jwtData = {
|
|
449
|
-
// token,
|
|
450
397
|
isImpersonated: isImpersonated,
|
|
451
398
|
userId: userId,
|
|
452
399
|
name: name,
|
|
@@ -463,11 +410,6 @@ var AccountsServer = /** @class */ (function () {
|
|
|
463
410
|
});
|
|
464
411
|
return { accessToken: accessToken, refreshToken: refreshToken };
|
|
465
412
|
};
|
|
466
|
-
/**
|
|
467
|
-
* @description Logout a user and invalidate his session.
|
|
468
|
-
* @param {string} accessToken - User access token.
|
|
469
|
-
* @returns {Promise<void>} - Return a promise.
|
|
470
|
-
*/
|
|
471
413
|
AccountsServer.prototype.logout = function (token) {
|
|
472
414
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
473
415
|
var session, error_1;
|
|
@@ -475,34 +417,29 @@ var AccountsServer = /** @class */ (function () {
|
|
|
475
417
|
switch (_a.label) {
|
|
476
418
|
case 0:
|
|
477
419
|
_a.trys.push([0, 5, , 6]);
|
|
478
|
-
return [4
|
|
420
|
+
return [4, this.db.findSessionByToken(token)];
|
|
479
421
|
case 1:
|
|
480
422
|
session = _a.sent();
|
|
481
|
-
if (!(session && session.valid)) return [3
|
|
482
|
-
return [4
|
|
423
|
+
if (!(session && session.valid)) return [3, 3];
|
|
424
|
+
return [4, this.db.invalidateSession(session.id)];
|
|
483
425
|
case 2:
|
|
484
426
|
_a.sent();
|
|
485
427
|
this.hooks.emit(server_hooks_1.ServerHooks.LogoutSuccess, {
|
|
486
428
|
session: session,
|
|
487
429
|
token: token,
|
|
488
430
|
});
|
|
489
|
-
return [3
|
|
431
|
+
return [3, 4];
|
|
490
432
|
case 3: throw new Error("Session is no longer valid");
|
|
491
|
-
case 4: return [3
|
|
433
|
+
case 4: return [3, 6];
|
|
492
434
|
case 5:
|
|
493
435
|
error_1 = _a.sent();
|
|
494
436
|
this.hooks.emit(server_hooks_1.ServerHooks.LogoutError, error_1);
|
|
495
437
|
throw error_1;
|
|
496
|
-
case 6: return [2
|
|
438
|
+
case 6: return [2];
|
|
497
439
|
}
|
|
498
440
|
});
|
|
499
441
|
});
|
|
500
442
|
};
|
|
501
|
-
/**
|
|
502
|
-
* @description Logout a user and invalidate his session.
|
|
503
|
-
* @param {string} accessToken - User access token.
|
|
504
|
-
* @returns {Promise<void>} - Return a promise.
|
|
505
|
-
*/
|
|
506
443
|
AccountsServer.prototype.logoutByAccessToken = function (accessToken) {
|
|
507
444
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
508
445
|
var session, error_2;
|
|
@@ -510,25 +447,25 @@ var AccountsServer = /** @class */ (function () {
|
|
|
510
447
|
switch (_a.label) {
|
|
511
448
|
case 0:
|
|
512
449
|
_a.trys.push([0, 5, , 6]);
|
|
513
|
-
return [4
|
|
450
|
+
return [4, this.findSessionByAccessToken(accessToken)];
|
|
514
451
|
case 1:
|
|
515
452
|
session = _a.sent();
|
|
516
|
-
if (!session.valid) return [3
|
|
517
|
-
return [4
|
|
453
|
+
if (!session.valid) return [3, 3];
|
|
454
|
+
return [4, this.db.invalidateSession(session.id)];
|
|
518
455
|
case 2:
|
|
519
456
|
_a.sent();
|
|
520
457
|
this.hooks.emit(server_hooks_1.ServerHooks.LogoutSuccess, {
|
|
521
458
|
session: session,
|
|
522
459
|
accessToken: accessToken,
|
|
523
460
|
});
|
|
524
|
-
return [3
|
|
461
|
+
return [3, 4];
|
|
525
462
|
case 3: throw new Error("Session is no longer valid");
|
|
526
|
-
case 4: return [3
|
|
463
|
+
case 4: return [3, 6];
|
|
527
464
|
case 5:
|
|
528
465
|
error_2 = _a.sent();
|
|
529
466
|
this.hooks.emit(server_hooks_1.ServerHooks.LogoutError, error_2);
|
|
530
467
|
throw error_2;
|
|
531
|
-
case 6: return [2
|
|
468
|
+
case 6: return [2];
|
|
532
469
|
}
|
|
533
470
|
});
|
|
534
471
|
});
|
|
@@ -540,30 +477,30 @@ var AccountsServer = /** @class */ (function () {
|
|
|
540
477
|
switch (_a.label) {
|
|
541
478
|
case 0:
|
|
542
479
|
_a.trys.push([0, 8, , 9]);
|
|
543
|
-
return [4
|
|
480
|
+
return [4, this.db.findSessionByToken(token)];
|
|
544
481
|
case 1:
|
|
545
482
|
session = _a.sent();
|
|
546
|
-
if (!(session && session.valid)) return [3
|
|
547
|
-
return [4
|
|
483
|
+
if (!(session && session.valid)) return [3, 7];
|
|
484
|
+
return [4, this.db.findUserById(session.userId)];
|
|
548
485
|
case 2:
|
|
549
486
|
user = _a.sent();
|
|
550
487
|
if (!user) {
|
|
551
488
|
throw new Error("User not found");
|
|
552
489
|
}
|
|
553
|
-
if (!this.options.resumeSessionValidator) return [3
|
|
490
|
+
if (!this.options.resumeSessionValidator) return [3, 6];
|
|
554
491
|
_a.label = 3;
|
|
555
492
|
case 3:
|
|
556
493
|
_a.trys.push([3, 5, , 6]);
|
|
557
|
-
return [4
|
|
494
|
+
return [4, this.options.resumeSessionValidator(user, session)];
|
|
558
495
|
case 4:
|
|
559
496
|
_a.sent();
|
|
560
|
-
return [3
|
|
497
|
+
return [3, 6];
|
|
561
498
|
case 5:
|
|
562
499
|
e_2 = _a.sent();
|
|
563
500
|
throw new Error(e_2);
|
|
564
501
|
case 6:
|
|
565
502
|
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionSuccess, { user: user, token: token });
|
|
566
|
-
return [2
|
|
503
|
+
return [2, this.sanitizeUser(user)];
|
|
567
504
|
case 7:
|
|
568
505
|
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, new Error("Invalid Session"));
|
|
569
506
|
throw new Error("Invalid Session");
|
|
@@ -571,7 +508,7 @@ var AccountsServer = /** @class */ (function () {
|
|
|
571
508
|
e_3 = _a.sent();
|
|
572
509
|
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, e_3);
|
|
573
510
|
throw e_3;
|
|
574
|
-
case 9: return [2
|
|
511
|
+
case 9: return [2];
|
|
575
512
|
}
|
|
576
513
|
});
|
|
577
514
|
});
|
|
@@ -583,24 +520,24 @@ var AccountsServer = /** @class */ (function () {
|
|
|
583
520
|
switch (_a.label) {
|
|
584
521
|
case 0:
|
|
585
522
|
_a.trys.push([0, 8, , 9]);
|
|
586
|
-
return [4
|
|
523
|
+
return [4, this.findSessionByAccessToken(accessToken)];
|
|
587
524
|
case 1:
|
|
588
525
|
session = _a.sent();
|
|
589
|
-
if (!session.valid) return [3
|
|
590
|
-
return [4
|
|
526
|
+
if (!session.valid) return [3, 7];
|
|
527
|
+
return [4, this.db.findUserById(session.userId)];
|
|
591
528
|
case 2:
|
|
592
529
|
user = _a.sent();
|
|
593
530
|
if (!user) {
|
|
594
531
|
throw new Error("User not found");
|
|
595
532
|
}
|
|
596
|
-
if (!this.options.resumeSessionValidator) return [3
|
|
533
|
+
if (!this.options.resumeSessionValidator) return [3, 6];
|
|
597
534
|
_a.label = 3;
|
|
598
535
|
case 3:
|
|
599
536
|
_a.trys.push([3, 5, , 6]);
|
|
600
|
-
return [4
|
|
537
|
+
return [4, this.options.resumeSessionValidator(user, session)];
|
|
601
538
|
case 4:
|
|
602
539
|
_a.sent();
|
|
603
|
-
return [3
|
|
540
|
+
return [3, 6];
|
|
604
541
|
case 5:
|
|
605
542
|
e_4 = _a.sent();
|
|
606
543
|
throw new Error(e_4);
|
|
@@ -609,7 +546,7 @@ var AccountsServer = /** @class */ (function () {
|
|
|
609
546
|
user: user,
|
|
610
547
|
accessToken: accessToken,
|
|
611
548
|
});
|
|
612
|
-
return [2
|
|
549
|
+
return [2, this.sanitizeUser(user)];
|
|
613
550
|
case 7:
|
|
614
551
|
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, new Error("Invalid Session"));
|
|
615
552
|
throw new Error("Invalid Session");
|
|
@@ -617,16 +554,11 @@ var AccountsServer = /** @class */ (function () {
|
|
|
617
554
|
e_5 = _a.sent();
|
|
618
555
|
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, e_5);
|
|
619
556
|
throw e_5;
|
|
620
|
-
case 9: return [2
|
|
557
|
+
case 9: return [2];
|
|
621
558
|
}
|
|
622
559
|
});
|
|
623
560
|
});
|
|
624
561
|
};
|
|
625
|
-
/**
|
|
626
|
-
* @description Find a session by his token.
|
|
627
|
-
* @param {string} accessToken
|
|
628
|
-
* @returns {Promise<Session>} - Return a session.
|
|
629
|
-
*/
|
|
630
562
|
AccountsServer.prototype.findSessionByAccessToken = function (accessToken) {
|
|
631
563
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
632
564
|
var sessionToken, decodedAccessToken, session;
|
|
@@ -643,46 +575,31 @@ var AccountsServer = /** @class */ (function () {
|
|
|
643
575
|
catch (err) {
|
|
644
576
|
throw new Error("Tokens are not valid");
|
|
645
577
|
}
|
|
646
|
-
return [4
|
|
578
|
+
return [4, this.db.findSessionByToken(sessionToken)];
|
|
647
579
|
case 1:
|
|
648
580
|
session = _a.sent();
|
|
649
581
|
if (!session) {
|
|
650
582
|
throw new Error("Session not found");
|
|
651
583
|
}
|
|
652
|
-
return [2
|
|
584
|
+
return [2, session];
|
|
653
585
|
}
|
|
654
586
|
});
|
|
655
587
|
});
|
|
656
588
|
};
|
|
657
|
-
/**
|
|
658
|
-
* @description Find a user by his id.
|
|
659
|
-
* @param {string} userId - User id.
|
|
660
|
-
* @returns {Promise<Object>} - Return a user or null if not found.
|
|
661
|
-
*/
|
|
662
589
|
AccountsServer.prototype.findUserById = function (userId) {
|
|
663
590
|
return this.db.findUserById(userId);
|
|
664
591
|
};
|
|
665
|
-
/**
|
|
666
|
-
* @description Deactivate a user, the user will not be able to login until his account is reactivated.
|
|
667
|
-
* @param {string} userId - User id.
|
|
668
|
-
* @returns {Promise<void>} - Return a Promise.
|
|
669
|
-
*/
|
|
670
592
|
AccountsServer.prototype.deactivateUser = function (userId) {
|
|
671
593
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
672
594
|
return tslib_1.__generator(this, function (_a) {
|
|
673
|
-
return [2
|
|
595
|
+
return [2, this.db.setUserDeactivated(userId, true)];
|
|
674
596
|
});
|
|
675
597
|
});
|
|
676
598
|
};
|
|
677
|
-
/**
|
|
678
|
-
* @description Activate a user.
|
|
679
|
-
* @param {string} userId - User id.
|
|
680
|
-
* @returns {Promise<void>} - Return a Promise.
|
|
681
|
-
*/
|
|
682
599
|
AccountsServer.prototype.activateUser = function (userId) {
|
|
683
600
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
684
601
|
return tslib_1.__generator(this, function (_a) {
|
|
685
|
-
return [2
|
|
602
|
+
return [2, this.db.setUserDeactivated(userId, false)];
|
|
686
603
|
});
|
|
687
604
|
});
|
|
688
605
|
};
|