@steedos/accounts 2.7.27-beta.6 → 3.0.0-beta.100

package/src/rest-express/endpoints/logout.ts

@@ -3,80 +3,82 @@
  * @Date: 2022-03-28 09:35:34
  * @LastEditors: baozhoutao@steedos.com
  * @LastEditTime: 2024-01-23 14:24:35
- * @Description: 
+ * @Description:
  */
-import * as express from 'express';
-import { get, isEmpty, map } from 'lodash';
-import { AccountsServer } from '../../server';
-import { sendError } from '../utils/send-error';
-import { clearAuthCookies } from '../utils/steedos-auth';
-import { getObject } from '@steedos/objectql';
-import * as requestIp from 'request-ip';
-import { getUserAgent } from '../utils/get-user-agent';
-import isMobile from 'ismobilejs';
-import { getSteedosSchema } from '@steedos/objectql'
-export const logout = (accountsServer: AccountsServer) => async (
-  req: express.Request,
-  res: express.Response
-) => { 
-  
-  let authToken =
-    get(req.cookies, 'X-Auth-Token') ||
-    get(req.headers, 'Authorization') ||
-    get(req.headers, 'authorization');
+import * as express from "express";
+import { get, isEmpty, map } from "lodash";
+import { AccountsServer } from "../../server";
+import { sendError } from "../utils/send-error";
+import { clearAuthCookies } from "../utils/steedos-auth";
+import { getObject } from "@steedos/objectql";
+import * as requestIp from "request-ip";
+import { getUserAgent } from "../utils/get-user-agent";
+import isMobile from "ismobilejs";
+import { getSteedosSchema } from "@steedos/objectql";
+export const logout =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    let authToken =
+      get(req.cookies, "X-Auth-Token") ||
+      get(req.headers, "Authorization") ||
+      get(req.headers, "authorization");
 
-  authToken = authToken && authToken.replace('Bearer ', 'token');
-  authToken = authToken && authToken.split(',').length >1?authToken.split(',')[0]:authToken;
+    authToken = authToken && authToken.replace("Bearer ", "token");
+    authToken =
+      authToken && authToken.split(",").length > 1
+        ? authToken.split(",")[0]
+        : authToken;
 
-  clearAuthCookies(req, res);
-  let session = null;
-  try {
-    session = await accountsServer.logout(authToken);
-  } catch (err) {
-    //sendError(res, err);
-  }finally{
-    let userAgent = getUserAgent(req) || '';
-    const ip = requestIp.getClientIp(req);
-    let status = 'success';
-    let message = '';
-    let is_phone = false;
-    let is_tablet = false;
-    if (userAgent) {
-      try {
-        const { phone, tablet } = isMobile(userAgent);
-        is_phone = phone;
-        is_tablet = tablet;
-      } catch (Exception) {
-        console.log(`Exception`, Exception);
+    clearAuthCookies(req, res);
+    let session = null;
+    try {
+      session = await accountsServer.logout(authToken);
+    } catch (err) {
+      //sendError(res, err);
+    } finally {
+      let userAgent = getUserAgent(req) || "";
+      const ip = requestIp.getClientIp(req);
+      let status = "success";
+      let message = "";
+      let is_phone = false;
+      let is_tablet = false;
+      if (userAgent) {
+        try {
+          const { phone, tablet } = isMobile(userAgent);
+          is_phone = phone;
+          is_tablet = tablet;
+        } catch (Exception) {
+          console.log(`Exception`, Exception);
+        }
       }
-    }
-    await getObject('operation_logs').insert({
-      name: '注销',
-      type: 'logout',
-      remote_user: session?.userId,
-      remote_addr: ip,
-      http_user_agent: userAgent,
-      is_mobile: is_phone,
-      is_tablet,
-      object: 'users',
-      status: status,
-      create: new Date(),
-      space: session?.space,
-      message: message,
-      data: JSON.stringify({
-        authToken: authToken,
-        session: session
-      }),
-      related_to: {
-        o: "users",
-        ids: [session?.userId]
+      await getObject("operation_logs").insert({
+        name: "注销",
+        type: "logout",
+        remote_user: session?.userId,
+        remote_addr: ip,
+        http_user_agent: userAgent,
+        is_mobile: is_phone,
+        is_tablet,
+        object: "users",
+        status: status,
+        create: new Date(),
+        space: session?.space,
+        message: message,
+        data: JSON.stringify({
+          authToken: authToken,
+          session: session,
+        }),
+        related_to: {
+          o: "users",
+          ids: [session?.userId],
+        },
+      });
+      if (authToken) {
+        const broker = getSteedosSchema().broker;
+        broker.broadcast("$user.logout", {
+          authToken: authToken,
+        });
       }
-    });
-
-    const broker = getSteedosSchema().broker;
-    broker.broadcast("$user.logout", {
-      authToken: authToken
-    });
-  }
-  res.json(null);
-};
+    }
+    res.json(null);
+  };

package/src/rest-express/endpoints/password/change-password.ts

@@ -3,101 +3,112 @@
  * @Date: 2022-05-19 11:38:30
  * @LastEditors: baozhoutao@steedos.com
  * @LastEditTime: 2023-09-18 17:58:22
- * @Description: 
+ * @Description:
  */
-import * as express from 'express';
-import { AccountsServer } from '../../../server';
-import { sendError } from '../../utils/send-error';
-import { getSteedosConfig, getObject } from '@steedos/objectql'
-import { hashPassword } from '../../../password/utils';
+import * as express from "express";
+import { AccountsServer } from "../../../server";
+import { sendError } from "../../utils/send-error";
+import { getSteedosConfig, getObject } from "@steedos/objectql";
+import { hashPassword } from "../../../password/utils";
 
-import * as requestIp from 'request-ip';
-import { getUserAgent } from '../../utils/get-user-agent';
+import * as requestIp from "request-ip";
+import { getUserAgent } from "../../utils/get-user-agent";
 import isMobile from "ismobilejs";
-import { db } from '../../../db';
+import { db } from "../../../db";
 
 const config = getSteedosConfig();
 declare var Creator;
 
-export const changePassword = (accountsServer: AccountsServer) => async (
-  req: express.Request,
-  res: express.Response
-) => {
-  try {
-    if (!(req as any).userId) {
-      res.status(401);
-      res.json({ message: 'Unauthorized' });
-      return;
-    }
-    // oldPassword 、newPassword 已经是 sha256之后的
-    const { oldPassword, newPassword } = req.body;
+export const changePassword =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    try {
+      if (!(req as any).userId) {
+        res.status(401);
+        res.json({ message: "Unauthorized" });
+        return;
+      }
+      // oldPassword 、newPassword 已经是 sha256之后的
+      const { oldPassword, newPassword } = req.body;
 
-    // let passworPolicy = ((config as any).password || {}).policy
+      // let passworPolicy = ((config as any).password || {}).policy
 
-    // if(passworPolicy){
-    //   if(!(new RegExp(passworPolicy)).test(newPassword || '')){
-    //       sendError(res, new Error((config as any).password.policyError));
-    //       return;
-    //   }
-    // }
-    
-    const password: any = accountsServer.getServices().password;
+      // if(passworPolicy){
+      //   if(!(new RegExp(passworPolicy)).test(newPassword || '')){
+      //       sendError(res, new Error((config as any).password.policyError));
+      //       return;
+      //   }
+      // }
 
-    await password.changePassword((req as any).userId, oldPassword, newPassword);
-    password.db.collection.updateOne({_id: (req as any).userId}, {$set: {password_expired: false}})
-    try {
-      Creator.getCollection('space_users').update({user: (req as any).userId}, {$set: {password_expired: false}}, {
-        multi: true
-      })
+      const password: any = accountsServer.getServices().password;
+
+      await password.changePassword(
+        (req as any).userId,
+        oldPassword,
+        newPassword,
+      );
+      password.db.collection.updateOne(
+        { _id: (req as any).userId },
+        { $set: { password_expired: false } },
+      );
+      try {
+        await db.updateMany(
+          "space_users",
+          [["user", "=", (req as any).userId]],
+          { password_expired: false },
+        );
 
-      const userAgent = getUserAgent(req);
-      const ip = requestIp.getClientIp(req);
-      let is_phone = false;
-      let is_tablet = false;
-      if (userAgent) {
-        try {
-          const { phone, tablet } = isMobile(userAgent);
-          is_phone = phone;
-          is_tablet = tablet;
-        } catch (Exception) {
-          console.log(`Exception`, Exception);
+        const userAgent = getUserAgent(req);
+        const ip = requestIp.getClientIp(req);
+        let is_phone = false;
+        let is_tablet = false;
+        if (userAgent) {
+          try {
+            const { phone, tablet } = isMobile(userAgent);
+            is_phone = phone;
+            is_tablet = tablet;
+          } catch (Exception) {
+            console.log(`Exception`, Exception);
+          }
         }
-      }
 
-      const userSpaces = await db.find("space_users", {
-        filters: [["user", "=", (req as any).userId],["user_accepted", "=", true]],
-        fields: ["space"],
-      });
+        const userSpaces = await db.find("space_users", {
+          filters: [
+            ["user", "=", (req as any).userId],
+            ["user_accepted", "=", true],
+          ],
+          fields: ["space"],
+        });
 
-      if(userSpaces && userSpaces.length > 0){
-        for (let userSpace of userSpaces) {
-          const userId = (req as any).userId
-          await getObject('operation_logs').insert({
-            name: '修改密码',
-            type: 'change_password',
-            remote_user: userId,
-            remote_addr: ip,
-            http_user_agent: userAgent,
-            is_mobile: is_phone,
-            is_tablet,
-            object: 'users',
-            status: 'success',
-            create: new Date(),
-            create_by: userId,
-            modified_by: userId,
-            space: userSpace.space,
-            related_to: {
-              o: "users",
-              ids: [userId]
-            }
-          })
+        if (userSpaces && userSpaces.length > 0) {
+          for (let userSpace of userSpaces) {
+            const userId = (req as any).userId;
+            await getObject("operation_logs").insert({
+              name: "修改密码",
+              type: "change_password",
+              remote_user: userId,
+              remote_addr: ip,
+              http_user_agent: userAgent,
+              is_mobile: is_phone,
+              is_tablet,
+              object: "users",
+              status: "success",
+              create: new Date(),
+              create_by: userId,
+              modified_by: userId,
+              space: userSpace.space,
+              related_to: {
+                o: "users",
+                ids: [userId],
+              },
+            });
+          }
         }
+      } catch (error) {
+        console.log("error", error);
       }
-    } catch (error) {
-      console.log('error', error);
+      res.json({ userId: (req as any).userId, password_expired: false });
+    } catch (err) {
+      sendError(res, err);
     }
-    res.json({userId: (req as any).userId, password_expired: false});
-  } catch (err) {
-    sendError(res, err);
-  }
-};
+  };

package/src/rest-express/endpoints/password/setSpaceUserPassword.ts

@@ -0,0 +1,127 @@
+/*
+ * @Author: baozhoutao@steedos.com
+ * @Date: 2022-05-19 11:38:30
+ * @LastEditors: 孙浩林 sunhaolin@steedos.com
+ * @LastEditTime: 2025-03-04 10:35:09
+ * @Description:
+ */
+import { t } from "@steedos/i18n";
+import { getObject } from "@steedos/objectql";
+import * as express from "express";
+import * as _ from "lodash";
+import { bcryptPassword } from "../../../password/utils";
+import { AccountsServer } from "../../../server";
+
+declare var SMSQueue;
+
+export const setSpaceUserPassword =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    const userSession = (req as any).user;
+    let { space_user_id, space_id, password } = req.body;
+    try {
+      if (!userSession) {
+        res.status(401);
+        res.json({ message: "Unauthorized" });
+        return;
+      }
+      const spaceUser = await getObject("space_users").findOne(space_user_id);
+      const userId = userSession.userId;
+      let canEdit = spaceUser.user === userId;
+      if (!canEdit) {
+        const space = await getObject("spaces").findOne(space_id);
+        const isSpaceAdmin = space?.admins?.includes(userSession.userId);
+        canEdit = isSpaceAdmin;
+      }
+      const companyIds = spaceUser.company_ids;
+      if (!canEdit && companyIds && companyIds.length) {
+        const companys = await getObject("company").find({
+          filters: [
+            ["_id", "in", companyIds],
+            ["space", "=", space_id],
+          ],
+          fields: ["admins"],
+        });
+        if (companys && companys.length) {
+          canEdit = _.some(companys, function (item) {
+            return item.admins && item.admins.indexOf(userId) > -1;
+          });
+        }
+      }
+      if (!canEdit) {
+        throw new Error("您没有权限修改该用户密码");
+      }
+      const user_id = spaceUser.user;
+      const userCP = await getObject("users").findOne(user_id);
+      if (
+        spaceUser.invite_state === "pending" ||
+        spaceUser.invite_state === "refused"
+      ) {
+        throw new Error("该用户尚未同意加入该工作区，无法修改密码");
+      }
+      let logout = true;
+      if (userSession.userId === user_id) {
+        logout = false;
+      }
+      const bcryptedPassword = await bcryptPassword(password);
+      const servicePassword: any = accountsServer.getServices().password;
+      await servicePassword.db.setPassword(user_id, bcryptedPassword);
+      const changedUserInfo = await getObject("users").findOne(user_id);
+      if (changedUserInfo?.services?.password?.bcrypt) {
+        await getObject("users").update(user_id, {
+          $push: {
+            "services.password_history":
+              changedUserInfo.services.password.bcrypt,
+          },
+        });
+      }
+      if (userCP.mobile && userCP.mobile_verified) {
+        let lang = "en";
+        if (userCP.locale === "zh-cn") {
+          lang = "zh-CN";
+        }
+        SMSQueue.send({
+          Format: "JSON",
+          Action: "SingleSendSms",
+          ParamString: "",
+          RecNum: userCP.mobile,
+          SignName: "华炎办公",
+          TemplateCode: "SMS_67200967",
+          msg: t("sms.change_password.template", {}, lang),
+        });
+      }
+      try {
+        await getObject("operation_logs").insert({
+          name: "修改密码",
+          type: "change_password",
+          remote_user: userId,
+          status: "success",
+          space: space_id,
+          message:
+            "[系统管理员]修改了用户[" +
+            (changedUserInfo != null ? changedUserInfo.name : void 0) +
+            "]的密码",
+          data: JSON.stringify({
+            changeUser: user_id,
+          }),
+          related_to: {
+            o: "users",
+            ids: [user_id],
+          },
+        });
+      } catch (e) {
+        console.error(e);
+      }
+      return res.json({
+        status: 0,
+        msg: "",
+        data: {},
+      });
+    } catch (e) {
+      return res.json({
+        status: -1,
+        msg: e.message,
+        data: {},
+      });
+    }
+  };

package/src/rest-express/endpoints/steedos/get-tenant.ts

@@ -1,44 +1,62 @@
-import * as express from 'express';
-import { AccountsServer } from '../../../server';
-import { sendError } from '../../utils/send-error';
-import { getSteedosConfig } from '@steedos/objectql'
-import { db } from '../../../db';
-import {getSteedosService } from '../../../core'
+import * as express from "express";
+import { AccountsServer } from "../../../server";
+import { sendError } from "../../utils/send-error";
+import { getSteedosConfig } from "@steedos/objectql";
+import { db } from "../../../db";
+import { getSteedosService } from "../../../core";
 
-export const getTenant = (accountsServer: AccountsServer) => async (
-  req: express.Request,
-  res: express.Response
-) => {
-  try {
+export const getTenant =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    try {
+      const spaceId = req.params.id;
+      if (!spaceId) throw new Error("accounts.tenant_id_required");
 
-    const spaceId = req.params.id;
-    if (!spaceId)
-      throw new Error("accounts.tenant_id_required")
-    
-    const spaceDoc = await db.findOne("spaces", spaceId, {fields: ["name", "avatar", "avatar_dark", "background", "enable_register", "account_logo"]})
-
-    if(!spaceDoc){
-      return res.send({
-          exists: false
+      const spaceDoc = await db.findOne("spaces", spaceId, {
+        fields: [
+          "name",
+          "avatar",
+          "avatar_dark",
+          "background",
+          "enable_register",
+          "account_logo",
+        ],
       });
-    }
-    
-    let steedosService = getSteedosService();
 
-    if (steedosService) {
-      if (spaceDoc.account_logo) {
-        spaceDoc.logo_url = steedosService + "api/files/avatars/" + spaceDoc.account_logo
-      } else if (spaceDoc.avatar_dark) {
-        spaceDoc.logo_url = steedosService + "api/files/avatars/" + spaceDoc.avatar_dark
-      } else if (spaceDoc.avatar) {
-        spaceDoc.logo_url = steedosService + "api/files/avatars/" + spaceDoc.avatar
-      } 
-      if (spaceDoc.background) {
-        spaceDoc.background_url = steedosService + "api/files/avatars/" + spaceDoc.background
+      if (!spaceDoc) {
+        return res.send({
+          exists: false,
+        });
+      }
+
+      let steedosService = getSteedosService();
+
+      if (steedosService) {
+        if (spaceDoc.account_logo) {
+          spaceDoc.logo_url =
+            steedosService +
+            "api/v6/files/cfs.avatars.filerecord/" +
+            spaceDoc.account_logo;
+        } else if (spaceDoc.avatar_dark) {
+          spaceDoc.logo_url =
+            steedosService +
+            "api/v6/files/cfs.avatars.filerecord/" +
+            spaceDoc.avatar_dark;
+        } else if (spaceDoc.avatar) {
+          spaceDoc.logo_url =
+            steedosService +
+            "api/v6/files/cfs.avatars.filerecord/" +
+            spaceDoc.avatar;
+        }
+        if (spaceDoc.background) {
+          spaceDoc.background_url =
+            steedosService +
+            "api/v6/files/cfs.avatars.filerecord/" +
+            spaceDoc.background;
+        }
       }
+      res.json(spaceDoc);
+    } catch (err) {
+      sendError(res, err);
     }
-    res.json(spaceDoc);
-  } catch (err) {
-    sendError(res, err);
-  }
-};
+  };