@steedos/accounts 3.0.13-beta.9 → 3.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/core/index.js +177 -249
- package/lib/core/index.js.map +1 -1
- package/lib/database-mongo/index.js +1 -1
- package/lib/database-mongo/index.js.map +1 -1
- package/lib/database-mongo/mongo.js +760 -1278
- package/lib/database-mongo/mongo.js.map +1 -1
- package/lib/db.js +2 -2
- package/lib/db.js.map +1 -1
- package/lib/index.js +107 -143
- package/lib/index.js.map +1 -1
- package/lib/mail.js +36 -47
- package/lib/mail.js.map +1 -1
- package/lib/password/accounts-password.js +505 -763
- package/lib/password/accounts-password.js.map +1 -1
- package/lib/password/index.js +2 -2
- package/lib/password/index.js.map +1 -1
- package/lib/password/utils/encryption.js +10 -22
- package/lib/password/utils/encryption.js.map +1 -1
- package/lib/password/utils/is-email.js +2 -2
- package/lib/password/utils/is-email.js.map +1 -1
- package/lib/password/utils/user.js +3 -3
- package/lib/password/utils/user.js.map +1 -1
- package/lib/rest-express/endpoints/authorize.js +47 -54
- package/lib/rest-express/endpoints/authorize.js.map +1 -1
- package/lib/rest-express/endpoints/geetestV3/geetest-init.js +85 -131
- package/lib/rest-express/endpoints/geetestV3/geetest-init.js.map +1 -1
- package/lib/rest-express/endpoints/geetestV3/sdk/geetest_config.js +1 -1
- package/lib/rest-express/endpoints/geetestV3/sdk/geetest_config.js.map +1 -1
- package/lib/rest-express/endpoints/geetestV3/sdk/geetest_lib.js +112 -160
- package/lib/rest-express/endpoints/geetestV3/sdk/geetest_lib.js.map +1 -1
- package/lib/rest-express/endpoints/geetestV3/sdk/geetest_lib_result.js +8 -9
- package/lib/rest-express/endpoints/geetestV3/sdk/geetest_lib_result.js.map +1 -1
- package/lib/rest-express/endpoints/get-user.js +7 -12
- package/lib/rest-express/endpoints/get-user.js.map +1 -1
- package/lib/rest-express/endpoints/impersonate.js +14 -27
- package/lib/rest-express/endpoints/impersonate.js.map +1 -1
- package/lib/rest-express/endpoints/initServer.js +9 -13
- package/lib/rest-express/endpoints/initServer.js.map +1 -1
- package/lib/rest-express/endpoints/login.js +82 -104
- package/lib/rest-express/endpoints/login.js.map +1 -1
- package/lib/rest-express/endpoints/logout.js +68 -86
- package/lib/rest-express/endpoints/logout.js.map +1 -1
- package/lib/rest-express/endpoints/oauth/provider-callback.js +29 -37
- package/lib/rest-express/endpoints/oauth/provider-callback.js.map +1 -1
- package/lib/rest-express/endpoints/password/change-password.js +73 -102
- package/lib/rest-express/endpoints/password/change-password.js.map +1 -1
- package/lib/rest-express/endpoints/password/register.js +63 -95
- package/lib/rest-express/endpoints/password/register.js.map +1 -1
- package/lib/rest-express/endpoints/password/reset.js +27 -48
- package/lib/rest-express/endpoints/password/reset.js.map +1 -1
- package/lib/rest-express/endpoints/password/setSpaceUserPassword.js +112 -144
- package/lib/rest-express/endpoints/password/setSpaceUserPassword.js.map +1 -1
- package/lib/rest-express/endpoints/password/two-factor.js +39 -70
- package/lib/rest-express/endpoints/password/two-factor.js.map +1 -1
- package/lib/rest-express/endpoints/password/verify-email.js +34 -65
- package/lib/rest-express/endpoints/password/verify-email.js.map +1 -1
- package/lib/rest-express/endpoints/password/verify.js +45 -74
- package/lib/rest-express/endpoints/password/verify.js.map +1 -1
- package/lib/rest-express/endpoints/put-user-name.js +19 -32
- package/lib/rest-express/endpoints/put-user-name.js.map +1 -1
- package/lib/rest-express/endpoints/refresh-access-token.js +14 -27
- package/lib/rest-express/endpoints/refresh-access-token.js.map +1 -1
- package/lib/rest-express/endpoints/service-authenticate.js +55 -79
- package/lib/rest-express/endpoints/service-authenticate.js.map +1 -1
- package/lib/rest-express/endpoints/spaces.js +13 -30
- package/lib/rest-express/endpoints/spaces.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/accept_invitation.js +28 -42
- package/lib/rest-express/endpoints/steedos/accept_invitation.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/create-tenant.js +81 -102
- package/lib/rest-express/endpoints/steedos/create-tenant.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/decline_invitation.js +28 -42
- package/lib/rest-express/endpoints/steedos/decline_invitation.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/get-tenant.js +54 -67
- package/lib/rest-express/endpoints/steedos/get-tenant.js.map +1 -1
- package/lib/rest-express/endpoints/steedos/settings.js +110 -127
- package/lib/rest-express/endpoints/steedos/settings.js.map +1 -1
- package/lib/rest-express/endpoints/update-session.js +33 -48
- package/lib/rest-express/endpoints/update-session.js.map +1 -1
- package/lib/rest-express/express-middleware.js +57 -59
- package/lib/rest-express/express-middleware.js.map +1 -1
- package/lib/rest-express/index.js +1 -1
- package/lib/rest-express/index.js.map +1 -1
- package/lib/rest-express/user-loader.js +67 -86
- package/lib/rest-express/user-loader.js.map +1 -1
- package/lib/rest-express/utils/get-user-agent.js +2 -2
- package/lib/rest-express/utils/get-user-agent.js.map +1 -1
- package/lib/rest-express/utils/getClientIp.js +3 -3
- package/lib/rest-express/utils/getClientIp.js.map +1 -1
- package/lib/rest-express/utils/send-error.js +5 -7
- package/lib/rest-express/utils/send-error.js.map +1 -1
- package/lib/rest-express/utils/steedos-auth.js +21 -21
- package/lib/rest-express/utils/steedos-auth.js.map +1 -1
- package/lib/rest-express/utils/users.js +17 -30
- package/lib/rest-express/utils/users.js.map +1 -1
- package/lib/server/accounts-server.js +413 -574
- package/lib/server/accounts-server.js.map +1 -1
- package/lib/server/index.js +1 -1
- package/lib/server/index.js.map +1 -1
- package/lib/server/utils/email.js +19 -35
- package/lib/server/utils/email.js.map +1 -1
- package/lib/server/utils/get-first-user-email.js +3 -3
- package/lib/server/utils/get-first-user-email.js.map +1 -1
- package/lib/server/utils/tokens.js +14 -24
- package/lib/server/utils/tokens.js.map +1 -1
- package/lib/types/index.js +1 -1
- package/package.json +5 -5
- package/src/database-mongo/mongo.ts +6 -2
- package/src/password/accounts-password.ts +61 -0
- package/src/rest-express/endpoints/password/change-password.ts +1 -1
- package/src/rest-express/endpoints/password/setSpaceUserPassword.ts +5 -0
- package/src/rest-express/endpoints/service-authenticate.ts +2 -5
- package/src/types/types/user.ts +2 -0
|
@@ -1,16 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.AccountsServer = void 0;
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
var defaultOptions = {
|
|
4
|
+
const lodash_1 = require("lodash");
|
|
5
|
+
const jwt = require("jsonwebtoken");
|
|
6
|
+
const Emittery = require("emittery");
|
|
7
|
+
const tokens_1 = require("./utils/tokens");
|
|
8
|
+
const email_1 = require("./utils/email");
|
|
9
|
+
const server_hooks_1 = require("./utils/server-hooks");
|
|
10
|
+
const auth_1 = require("@steedos/auth");
|
|
11
|
+
const ismobilejs_1 = require("ismobilejs");
|
|
12
|
+
const defaultOptions = {
|
|
14
13
|
ambiguousErrorMessages: true,
|
|
15
14
|
tokenSecret: (0, tokens_1.generateRandomToken)(),
|
|
16
15
|
tokenConfigs: {
|
|
@@ -22,620 +21,460 @@ var defaultOptions = {
|
|
|
22
21
|
},
|
|
23
22
|
},
|
|
24
23
|
emailTemplates: email_1.emailTemplates,
|
|
25
|
-
userObjectSanitizer:
|
|
24
|
+
userObjectSanitizer: (user) => user,
|
|
26
25
|
sendMail: email_1.sendMail,
|
|
27
26
|
siteUrl: "http://localhost:3000",
|
|
28
27
|
};
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
28
|
+
class AccountsServer {
|
|
29
|
+
options;
|
|
30
|
+
services;
|
|
31
|
+
db;
|
|
32
|
+
hooks;
|
|
33
|
+
constructor(options, services) {
|
|
34
|
+
this.options = (0, lodash_1.merge)({ ...defaultOptions }, options);
|
|
32
35
|
if (!this.options.db) {
|
|
33
36
|
throw new Error("A database driver is required");
|
|
34
37
|
}
|
|
35
38
|
this.services = services || {};
|
|
36
39
|
this.db = this.options.db;
|
|
37
|
-
for (
|
|
40
|
+
for (const service in this.services) {
|
|
38
41
|
this.services[service].setStore(this.db);
|
|
39
42
|
this.services[service].server = this;
|
|
40
43
|
}
|
|
41
44
|
this.hooks = new Emittery();
|
|
42
45
|
}
|
|
43
|
-
|
|
46
|
+
getServices() {
|
|
44
47
|
return this.services;
|
|
45
|
-
}
|
|
46
|
-
|
|
48
|
+
}
|
|
49
|
+
getOptions() {
|
|
47
50
|
return this.options;
|
|
48
|
-
}
|
|
49
|
-
|
|
51
|
+
}
|
|
52
|
+
getHooks() {
|
|
50
53
|
return this.hooks;
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
var _this = this;
|
|
54
|
+
}
|
|
55
|
+
on(eventName, callback) {
|
|
54
56
|
this.hooks.on(eventName, callback);
|
|
55
|
-
return
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
57
|
+
return () => this.hooks.off(eventName, callback);
|
|
58
|
+
}
|
|
59
|
+
async getUserProfile(userId, serviceName = 'password') {
|
|
60
|
+
const service = this.services[serviceName];
|
|
61
|
+
if (!service) {
|
|
62
|
+
throw new Error(`Service ${serviceName} not found`);
|
|
63
|
+
}
|
|
64
|
+
return await service.getUserProfile(userId);
|
|
65
|
+
}
|
|
66
|
+
async loginWithService(serviceName, params, infos) {
|
|
67
|
+
const hooksInfo = {
|
|
68
|
+
service: serviceName,
|
|
69
|
+
connection: infos,
|
|
70
|
+
params,
|
|
71
|
+
};
|
|
72
|
+
try {
|
|
73
|
+
if (!this.services[serviceName]) {
|
|
74
|
+
throw new Error(`No service with the name ${serviceName} was registered.`);
|
|
75
|
+
}
|
|
76
|
+
const user = await this.services[serviceName].authenticate(params);
|
|
77
|
+
hooksInfo.user = user;
|
|
78
|
+
if (!user) {
|
|
79
|
+
throw new Error(`Service ${serviceName} was not able to authenticate user`);
|
|
80
|
+
}
|
|
81
|
+
if (user.deactivated) {
|
|
82
|
+
throw new Error("Your account has been deactivated");
|
|
83
|
+
}
|
|
84
|
+
await this.hooks.emitSerial(server_hooks_1.ServerHooks.ValidateLogin, hooksInfo);
|
|
85
|
+
let enable_MFA = false;
|
|
86
|
+
let logout_other_clients = false;
|
|
87
|
+
let login_expiration_in_days = null;
|
|
88
|
+
let phone_logout_other_clients = false;
|
|
89
|
+
let phone_login_expiration_in_days = null;
|
|
90
|
+
let space = null;
|
|
91
|
+
const userProfile = await this.services[serviceName].getUserProfile(user.id);
|
|
92
|
+
if (userProfile) {
|
|
93
|
+
enable_MFA = userProfile.enable_MFA || false;
|
|
94
|
+
logout_other_clients = userProfile.logout_other_clients || false;
|
|
95
|
+
login_expiration_in_days = userProfile.login_expiration_in_days;
|
|
96
|
+
phone_logout_other_clients =
|
|
97
|
+
userProfile.phone_logout_other_clients || false;
|
|
98
|
+
phone_login_expiration_in_days =
|
|
99
|
+
userProfile.phone_login_expiration_in_days;
|
|
100
|
+
space = userProfile.space;
|
|
101
|
+
}
|
|
102
|
+
if (enable_MFA) {
|
|
103
|
+
if (!(params.user && params.token)) {
|
|
104
|
+
let _next = "TO_MOBILE_CODE_LOGIN";
|
|
105
|
+
return { _next, mobile: user.mobile, mobile_verified: user.mobile_verified };
|
|
70
106
|
}
|
|
107
|
+
}
|
|
108
|
+
const loginResult = await this.loginWithUser(user, Object.assign({}, infos, {
|
|
109
|
+
logout_other_clients,
|
|
110
|
+
login_expiration_in_days,
|
|
111
|
+
phone_logout_other_clients,
|
|
112
|
+
phone_login_expiration_in_days,
|
|
113
|
+
space,
|
|
114
|
+
}));
|
|
115
|
+
this.hooks.emit(server_hooks_1.ServerHooks.LoginSuccess, hooksInfo);
|
|
116
|
+
return loginResult;
|
|
117
|
+
}
|
|
118
|
+
catch (err) {
|
|
119
|
+
this.hooks.emit(server_hooks_1.ServerHooks.LoginError, { ...hooksInfo, error: err });
|
|
120
|
+
throw err;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
async loginWithUser(user, infos) {
|
|
124
|
+
const { ip, userAgent, logout_other_clients, login_expiration_in_days, phone_logout_other_clients, phone_login_expiration_in_days, space, provider, jwtToken, } = infos;
|
|
125
|
+
let is_phone = false;
|
|
126
|
+
let is_tablet = false;
|
|
127
|
+
if (infos.userAgent) {
|
|
128
|
+
try {
|
|
129
|
+
const { phone, tablet } = (0, ismobilejs_1.default)(infos.userAgent);
|
|
130
|
+
is_phone = phone;
|
|
131
|
+
is_tablet = tablet;
|
|
132
|
+
}
|
|
133
|
+
catch (Exception) {
|
|
134
|
+
console.log(`Exception`, Exception);
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
if (logout_other_clients || phone_logout_other_clients) {
|
|
138
|
+
let query = null;
|
|
139
|
+
if (is_phone) {
|
|
140
|
+
query = { is_phone: true };
|
|
141
|
+
}
|
|
142
|
+
else {
|
|
143
|
+
query = { is_phone: { $ne: true } };
|
|
144
|
+
}
|
|
145
|
+
await this.db.updateUser(user.id, {
|
|
146
|
+
$pull: {
|
|
147
|
+
"services.resume.loginTokens": query,
|
|
148
|
+
},
|
|
71
149
|
});
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
var hooksInfo, user, enable_MFA, logout_other_clients, login_expiration_in_days, phone_logout_other_clients, phone_login_expiration_in_days, space, userProfile, _next, loginResult, err_1;
|
|
77
|
-
return tslib_1.__generator(this, function (_a) {
|
|
78
|
-
switch (_a.label) {
|
|
79
|
-
case 0:
|
|
80
|
-
hooksInfo = {
|
|
81
|
-
service: serviceName,
|
|
82
|
-
connection: infos,
|
|
83
|
-
params: params,
|
|
84
|
-
};
|
|
85
|
-
_a.label = 1;
|
|
86
|
-
case 1:
|
|
87
|
-
_a.trys.push([1, 6, , 7]);
|
|
88
|
-
if (!this.services[serviceName]) {
|
|
89
|
-
throw new Error("No service with the name ".concat(serviceName, " was registered."));
|
|
90
|
-
}
|
|
91
|
-
return [4, this.services[serviceName].authenticate(params)];
|
|
92
|
-
case 2:
|
|
93
|
-
user = _a.sent();
|
|
94
|
-
hooksInfo.user = user;
|
|
95
|
-
if (!user) {
|
|
96
|
-
throw new Error("Service ".concat(serviceName, " was not able to authenticate user"));
|
|
97
|
-
}
|
|
98
|
-
if (user.deactivated) {
|
|
99
|
-
throw new Error("Your account has been deactivated");
|
|
100
|
-
}
|
|
101
|
-
return [4, this.hooks.emitSerial(server_hooks_1.ServerHooks.ValidateLogin, hooksInfo)];
|
|
102
|
-
case 3:
|
|
103
|
-
_a.sent();
|
|
104
|
-
enable_MFA = false;
|
|
105
|
-
logout_other_clients = false;
|
|
106
|
-
login_expiration_in_days = null;
|
|
107
|
-
phone_logout_other_clients = false;
|
|
108
|
-
phone_login_expiration_in_days = null;
|
|
109
|
-
space = null;
|
|
110
|
-
return [4, this.services[serviceName].getUserProfile(user.id)];
|
|
111
|
-
case 4:
|
|
112
|
-
userProfile = _a.sent();
|
|
113
|
-
if (userProfile) {
|
|
114
|
-
enable_MFA = userProfile.enable_MFA || false;
|
|
115
|
-
logout_other_clients = userProfile.logout_other_clients || false;
|
|
116
|
-
login_expiration_in_days = userProfile.login_expiration_in_days;
|
|
117
|
-
phone_logout_other_clients =
|
|
118
|
-
userProfile.phone_logout_other_clients || false;
|
|
119
|
-
phone_login_expiration_in_days =
|
|
120
|
-
userProfile.phone_login_expiration_in_days;
|
|
121
|
-
space = userProfile.space;
|
|
122
|
-
}
|
|
123
|
-
if (enable_MFA) {
|
|
124
|
-
if (!(params.user && params.token)) {
|
|
125
|
-
_next = "TO_MOBILE_CODE_LOGIN";
|
|
126
|
-
return [2, { _next: _next, mobile: user.mobile, mobile_verified: user.mobile_verified }];
|
|
127
|
-
}
|
|
128
|
-
}
|
|
129
|
-
return [4, this.loginWithUser(user, Object.assign({}, infos, {
|
|
130
|
-
logout_other_clients: logout_other_clients,
|
|
131
|
-
login_expiration_in_days: login_expiration_in_days,
|
|
132
|
-
phone_logout_other_clients: phone_logout_other_clients,
|
|
133
|
-
phone_login_expiration_in_days: phone_login_expiration_in_days,
|
|
134
|
-
space: space,
|
|
135
|
-
}))];
|
|
136
|
-
case 5:
|
|
137
|
-
loginResult = _a.sent();
|
|
138
|
-
this.hooks.emit(server_hooks_1.ServerHooks.LoginSuccess, hooksInfo);
|
|
139
|
-
return [2, loginResult];
|
|
140
|
-
case 6:
|
|
141
|
-
err_1 = _a.sent();
|
|
142
|
-
this.hooks.emit(server_hooks_1.ServerHooks.LoginError, tslib_1.__assign(tslib_1.__assign({}, hooksInfo), { error: err_1 }));
|
|
143
|
-
throw err_1;
|
|
144
|
-
case 7: return [2];
|
|
150
|
+
const userSessions = await this.db.findValidSessionsByUserId(user.id, is_phone);
|
|
151
|
+
if (userSessions) {
|
|
152
|
+
for (const userSession of userSessions) {
|
|
153
|
+
await this.db.invalidateSession(userSession.id);
|
|
145
154
|
}
|
|
146
|
-
}
|
|
155
|
+
}
|
|
156
|
+
(0, auth_1.removeUserSessionsCacheByUserId)(user.id, is_phone);
|
|
157
|
+
}
|
|
158
|
+
const token = jwtToken || (0, tokens_1.generateRandomToken)();
|
|
159
|
+
const sessionId = await this.db.createSession(user.id, token, {
|
|
160
|
+
ip,
|
|
161
|
+
userAgent,
|
|
162
|
+
login_expiration_in_days,
|
|
163
|
+
phone_login_expiration_in_days,
|
|
164
|
+
is_phone,
|
|
165
|
+
is_tablet,
|
|
166
|
+
space,
|
|
167
|
+
provider
|
|
147
168
|
});
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
switch (_c.label) {
|
|
154
|
-
case 0:
|
|
155
|
-
ip = infos.ip, userAgent = infos.userAgent, logout_other_clients = infos.logout_other_clients, login_expiration_in_days = infos.login_expiration_in_days, phone_logout_other_clients = infos.phone_logout_other_clients, phone_login_expiration_in_days = infos.phone_login_expiration_in_days, space = infos.space, provider = infos.provider, jwtToken = infos.jwtToken;
|
|
156
|
-
is_phone = false;
|
|
157
|
-
is_tablet = false;
|
|
158
|
-
if (infos.userAgent) {
|
|
159
|
-
try {
|
|
160
|
-
_a = (0, ismobilejs_1.default)(infos.userAgent), phone = _a.phone, tablet = _a.tablet;
|
|
161
|
-
is_phone = phone;
|
|
162
|
-
is_tablet = tablet;
|
|
163
|
-
}
|
|
164
|
-
catch (Exception) {
|
|
165
|
-
console.log("Exception", Exception);
|
|
166
|
-
}
|
|
167
|
-
}
|
|
168
|
-
if (!(logout_other_clients || phone_logout_other_clients)) return [3, 7];
|
|
169
|
-
query = null;
|
|
170
|
-
if (is_phone) {
|
|
171
|
-
query = { is_phone: true };
|
|
172
|
-
}
|
|
173
|
-
else {
|
|
174
|
-
query = { is_phone: { $ne: true } };
|
|
175
|
-
}
|
|
176
|
-
return [4, this.db.updateUser(user.id, {
|
|
177
|
-
$pull: {
|
|
178
|
-
"services.resume.loginTokens": query,
|
|
179
|
-
},
|
|
180
|
-
})];
|
|
181
|
-
case 1:
|
|
182
|
-
_c.sent();
|
|
183
|
-
return [4, this.db.findValidSessionsByUserId(user.id, is_phone)];
|
|
184
|
-
case 2:
|
|
185
|
-
userSessions = _c.sent();
|
|
186
|
-
if (!userSessions) return [3, 6];
|
|
187
|
-
_i = 0, userSessions_1 = userSessions;
|
|
188
|
-
_c.label = 3;
|
|
189
|
-
case 3:
|
|
190
|
-
if (!(_i < userSessions_1.length)) return [3, 6];
|
|
191
|
-
userSession = userSessions_1[_i];
|
|
192
|
-
return [4, this.db.invalidateSession(userSession.id)];
|
|
193
|
-
case 4:
|
|
194
|
-
_c.sent();
|
|
195
|
-
_c.label = 5;
|
|
196
|
-
case 5:
|
|
197
|
-
_i++;
|
|
198
|
-
return [3, 3];
|
|
199
|
-
case 6:
|
|
200
|
-
(0, auth_1.removeUserSessionsCacheByUserId)(user.id, is_phone);
|
|
201
|
-
_c.label = 7;
|
|
202
|
-
case 7:
|
|
203
|
-
token = jwtToken || (0, tokens_1.generateRandomToken)();
|
|
204
|
-
return [4, this.db.createSession(user.id, token, {
|
|
205
|
-
ip: ip,
|
|
206
|
-
userAgent: userAgent,
|
|
207
|
-
login_expiration_in_days: login_expiration_in_days,
|
|
208
|
-
phone_login_expiration_in_days: phone_login_expiration_in_days,
|
|
209
|
-
is_phone: is_phone,
|
|
210
|
-
is_tablet: is_tablet,
|
|
211
|
-
space: space,
|
|
212
|
-
provider: provider
|
|
213
|
-
})];
|
|
214
|
-
case 8:
|
|
215
|
-
sessionId = _c.sent();
|
|
216
|
-
_b = this.createTokens({
|
|
217
|
-
token: token,
|
|
218
|
-
userId: user.id,
|
|
219
|
-
name: user.name,
|
|
220
|
-
email: user.email
|
|
221
|
-
}), accessToken = _b.accessToken, refreshToken = _b.refreshToken;
|
|
222
|
-
return [4, this.db.getMySpaces(user.id)];
|
|
223
|
-
case 9:
|
|
224
|
-
spaces = _c.sent();
|
|
225
|
-
return [2, {
|
|
226
|
-
sessionId: sessionId,
|
|
227
|
-
token: token,
|
|
228
|
-
tokens: {
|
|
229
|
-
refreshToken: refreshToken,
|
|
230
|
-
accessToken: accessToken,
|
|
231
|
-
},
|
|
232
|
-
space: space,
|
|
233
|
-
spaces: spaces,
|
|
234
|
-
user: user,
|
|
235
|
-
}];
|
|
236
|
-
}
|
|
237
|
-
});
|
|
169
|
+
const { accessToken, refreshToken } = this.createTokens({
|
|
170
|
+
token,
|
|
171
|
+
userId: user.id,
|
|
172
|
+
name: user.name,
|
|
173
|
+
email: user.email
|
|
238
174
|
});
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
impersonatedUser = _a.sent();
|
|
285
|
-
_a.label = 8;
|
|
286
|
-
case 8:
|
|
287
|
-
if (!impersonatedUser) {
|
|
288
|
-
if (this.options.ambiguousErrorMessages) {
|
|
289
|
-
return [2, { authorized: false }];
|
|
290
|
-
}
|
|
291
|
-
throw new Error("Impersonated user not found");
|
|
292
|
-
}
|
|
293
|
-
if (!this.options.impersonationAuthorize) {
|
|
294
|
-
return [2, { authorized: false }];
|
|
295
|
-
}
|
|
296
|
-
return [4, this.options.impersonationAuthorize(user, impersonatedUser)];
|
|
297
|
-
case 9:
|
|
298
|
-
isAuthorized = _a.sent();
|
|
299
|
-
if (!isAuthorized) {
|
|
300
|
-
return [2, { authorized: false }];
|
|
301
|
-
}
|
|
302
|
-
token = (0, tokens_1.generateRandomToken)();
|
|
303
|
-
return [4, this.db.createSession(impersonatedUser.id, token, {
|
|
304
|
-
ip: ip,
|
|
305
|
-
userAgent: userAgent,
|
|
306
|
-
}, { impersonatorUserId: user.id })];
|
|
307
|
-
case 10:
|
|
308
|
-
newSessionId = _a.sent();
|
|
309
|
-
impersonationTokens = this.createTokens({
|
|
310
|
-
token: newSessionId,
|
|
311
|
-
isImpersonated: true,
|
|
312
|
-
userId: user.id,
|
|
313
|
-
name: user.name,
|
|
314
|
-
email: user.email,
|
|
315
|
-
});
|
|
316
|
-
impersonationResult = {
|
|
317
|
-
authorized: true,
|
|
318
|
-
tokens: impersonationTokens,
|
|
319
|
-
user: this.sanitizeUser(impersonatedUser),
|
|
320
|
-
};
|
|
321
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ImpersonationSuccess, {
|
|
322
|
-
user: user,
|
|
323
|
-
impersonationResult: impersonationResult,
|
|
324
|
-
});
|
|
325
|
-
return [2, impersonationResult];
|
|
326
|
-
case 11:
|
|
327
|
-
e_1 = _a.sent();
|
|
328
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ImpersonationError, e_1);
|
|
329
|
-
throw e_1;
|
|
330
|
-
case 12: return [2];
|
|
175
|
+
const spaces = await this.db.getMySpaces(user.id);
|
|
176
|
+
return {
|
|
177
|
+
sessionId,
|
|
178
|
+
token,
|
|
179
|
+
tokens: {
|
|
180
|
+
refreshToken,
|
|
181
|
+
accessToken,
|
|
182
|
+
},
|
|
183
|
+
space,
|
|
184
|
+
spaces,
|
|
185
|
+
user,
|
|
186
|
+
};
|
|
187
|
+
}
|
|
188
|
+
async impersonate(accessToken, impersonated, ip, userAgent) {
|
|
189
|
+
try {
|
|
190
|
+
if (!(0, lodash_1.isString)(accessToken)) {
|
|
191
|
+
throw new Error("An access token is required");
|
|
192
|
+
}
|
|
193
|
+
try {
|
|
194
|
+
jwt.verify(accessToken, this.options.tokenSecret);
|
|
195
|
+
}
|
|
196
|
+
catch (err) {
|
|
197
|
+
throw new Error("Access token is not valid");
|
|
198
|
+
}
|
|
199
|
+
const session = await this.findSessionByAccessToken(accessToken);
|
|
200
|
+
if (!session.valid) {
|
|
201
|
+
throw new Error("Session is not valid for user");
|
|
202
|
+
}
|
|
203
|
+
const user = await this.db.findUserById(session.userId);
|
|
204
|
+
if (!user) {
|
|
205
|
+
throw new Error("User not found");
|
|
206
|
+
}
|
|
207
|
+
let impersonatedUser;
|
|
208
|
+
if (impersonated.userId) {
|
|
209
|
+
impersonatedUser = await this.db.findUserById(impersonated.userId);
|
|
210
|
+
}
|
|
211
|
+
else if (impersonated.username) {
|
|
212
|
+
impersonatedUser = await this.db.findUserByUsername(impersonated.username);
|
|
213
|
+
}
|
|
214
|
+
else if (impersonated.email) {
|
|
215
|
+
impersonatedUser = await this.db.findUserByEmail(impersonated.email);
|
|
216
|
+
}
|
|
217
|
+
if (!impersonatedUser) {
|
|
218
|
+
if (this.options.ambiguousErrorMessages) {
|
|
219
|
+
return { authorized: false };
|
|
331
220
|
}
|
|
221
|
+
throw new Error(`Impersonated user not found`);
|
|
222
|
+
}
|
|
223
|
+
if (!this.options.impersonationAuthorize) {
|
|
224
|
+
return { authorized: false };
|
|
225
|
+
}
|
|
226
|
+
const isAuthorized = await this.options.impersonationAuthorize(user, impersonatedUser);
|
|
227
|
+
if (!isAuthorized) {
|
|
228
|
+
return { authorized: false };
|
|
229
|
+
}
|
|
230
|
+
const token = (0, tokens_1.generateRandomToken)();
|
|
231
|
+
const newSessionId = await this.db.createSession(impersonatedUser.id, token, {
|
|
232
|
+
ip,
|
|
233
|
+
userAgent,
|
|
234
|
+
}, { impersonatorUserId: user.id });
|
|
235
|
+
const impersonationTokens = this.createTokens({
|
|
236
|
+
token: newSessionId,
|
|
237
|
+
isImpersonated: true,
|
|
238
|
+
userId: user.id,
|
|
239
|
+
name: user.name,
|
|
240
|
+
email: user.email,
|
|
332
241
|
});
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
_a.trys.push([0, 6, , 7]);
|
|
342
|
-
if (!(0, lodash_1.isString)(accessToken) || !(0, lodash_1.isString)(refreshToken)) {
|
|
343
|
-
throw new Error("An accessToken and refreshToken are required");
|
|
344
|
-
}
|
|
345
|
-
sessionToken = void 0;
|
|
346
|
-
try {
|
|
347
|
-
jwt.verify(refreshToken, this.options.tokenSecret);
|
|
348
|
-
decodedAccessToken = jwt.verify(accessToken, this.options.tokenSecret, {
|
|
349
|
-
ignoreExpiration: true,
|
|
350
|
-
});
|
|
351
|
-
sessionToken = decodedAccessToken.data.token;
|
|
352
|
-
}
|
|
353
|
-
catch (err) {
|
|
354
|
-
throw new Error("Tokens are not valid");
|
|
355
|
-
}
|
|
356
|
-
return [4, this.db.findSessionByToken(sessionToken)];
|
|
357
|
-
case 1:
|
|
358
|
-
session = _a.sent();
|
|
359
|
-
if (!session) {
|
|
360
|
-
throw new Error("Session not found");
|
|
361
|
-
}
|
|
362
|
-
if (!session.valid) return [3, 4];
|
|
363
|
-
return [4, this.db.findUserById(session.userId)];
|
|
364
|
-
case 2:
|
|
365
|
-
user = _a.sent();
|
|
366
|
-
if (!user) {
|
|
367
|
-
throw new Error("User not found");
|
|
368
|
-
}
|
|
369
|
-
tokens = this.createTokens({
|
|
370
|
-
token: sessionToken,
|
|
371
|
-
userId: user.id,
|
|
372
|
-
name: user.name,
|
|
373
|
-
email: user.email
|
|
374
|
-
});
|
|
375
|
-
return [4, this.db.updateSession(session.id, { ip: ip, userAgent: userAgent })];
|
|
376
|
-
case 3:
|
|
377
|
-
_a.sent();
|
|
378
|
-
result = {
|
|
379
|
-
sessionId: session.id,
|
|
380
|
-
user: this.sanitizeUser(user),
|
|
381
|
-
token: sessionToken,
|
|
382
|
-
tokens: tokens,
|
|
383
|
-
};
|
|
384
|
-
this.hooks.emit(server_hooks_1.ServerHooks.RefreshTokensSuccess, result);
|
|
385
|
-
return [2, result];
|
|
386
|
-
case 4: throw new Error("Session is no longer valid");
|
|
387
|
-
case 5: return [3, 7];
|
|
388
|
-
case 6:
|
|
389
|
-
err_2 = _a.sent();
|
|
390
|
-
this.hooks.emit(server_hooks_1.ServerHooks.RefreshTokensError, err_2);
|
|
391
|
-
throw err_2;
|
|
392
|
-
case 7: return [2];
|
|
393
|
-
}
|
|
242
|
+
const impersonationResult = {
|
|
243
|
+
authorized: true,
|
|
244
|
+
tokens: impersonationTokens,
|
|
245
|
+
user: this.sanitizeUser(impersonatedUser),
|
|
246
|
+
};
|
|
247
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ImpersonationSuccess, {
|
|
248
|
+
user,
|
|
249
|
+
impersonationResult,
|
|
394
250
|
});
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
251
|
+
return impersonationResult;
|
|
252
|
+
}
|
|
253
|
+
catch (e) {
|
|
254
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ImpersonationError, e);
|
|
255
|
+
throw e;
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
async refreshTokens(accessToken, refreshToken, ip, userAgent) {
|
|
259
|
+
try {
|
|
260
|
+
if (!(0, lodash_1.isString)(accessToken) || !(0, lodash_1.isString)(refreshToken)) {
|
|
261
|
+
throw new Error("An accessToken and refreshToken are required");
|
|
262
|
+
}
|
|
263
|
+
let sessionToken;
|
|
264
|
+
try {
|
|
265
|
+
jwt.verify(refreshToken, this.options.tokenSecret);
|
|
266
|
+
const decodedAccessToken = jwt.verify(accessToken, this.options.tokenSecret, {
|
|
267
|
+
ignoreExpiration: true,
|
|
268
|
+
});
|
|
269
|
+
sessionToken = decodedAccessToken.data.token;
|
|
270
|
+
}
|
|
271
|
+
catch (err) {
|
|
272
|
+
throw new Error("Tokens are not valid");
|
|
273
|
+
}
|
|
274
|
+
const session = await this.db.findSessionByToken(sessionToken);
|
|
275
|
+
if (!session) {
|
|
276
|
+
throw new Error("Session not found");
|
|
277
|
+
}
|
|
278
|
+
if (session.valid) {
|
|
279
|
+
const user = await this.db.findUserById(session.userId);
|
|
280
|
+
if (!user) {
|
|
281
|
+
throw new Error("User not found");
|
|
282
|
+
}
|
|
283
|
+
const tokens = this.createTokens({
|
|
284
|
+
token: sessionToken,
|
|
285
|
+
userId: user.id,
|
|
286
|
+
name: user.name,
|
|
287
|
+
email: user.email
|
|
288
|
+
});
|
|
289
|
+
await this.db.updateSession(session.id, { ip, userAgent });
|
|
290
|
+
const result = {
|
|
291
|
+
sessionId: session.id,
|
|
292
|
+
user: this.sanitizeUser(user),
|
|
293
|
+
token: sessionToken,
|
|
294
|
+
tokens,
|
|
295
|
+
};
|
|
296
|
+
this.hooks.emit(server_hooks_1.ServerHooks.RefreshTokensSuccess, result);
|
|
297
|
+
return result;
|
|
298
|
+
}
|
|
299
|
+
else {
|
|
300
|
+
throw new Error("Session is no longer valid");
|
|
301
|
+
}
|
|
302
|
+
}
|
|
303
|
+
catch (err) {
|
|
304
|
+
this.hooks.emit(server_hooks_1.ServerHooks.RefreshTokensError, err);
|
|
305
|
+
throw err;
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
createTokens({ token, isImpersonated = false, userId, name, email }) {
|
|
309
|
+
const { tokenSecret, tokenConfigs } = this.options;
|
|
310
|
+
const jwtData = {
|
|
311
|
+
isImpersonated,
|
|
312
|
+
userId,
|
|
313
|
+
name,
|
|
314
|
+
email
|
|
405
315
|
};
|
|
406
|
-
|
|
316
|
+
const accessToken = (0, tokens_1.generateAccessToken)({
|
|
407
317
|
data: jwtData,
|
|
408
318
|
secret: tokenSecret,
|
|
409
319
|
config: tokenConfigs.accessToken,
|
|
410
320
|
});
|
|
411
|
-
|
|
321
|
+
const refreshToken = (0, tokens_1.generateRefreshToken)({
|
|
412
322
|
secret: tokenSecret,
|
|
413
323
|
config: tokenConfigs.refreshToken,
|
|
414
324
|
});
|
|
415
|
-
return { accessToken
|
|
416
|
-
}
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
accessToken: accessToken,
|
|
464
|
-
});
|
|
465
|
-
return [3, 4];
|
|
466
|
-
case 3: throw new Error("Session is no longer valid");
|
|
467
|
-
case 4: return [3, 6];
|
|
468
|
-
case 5:
|
|
469
|
-
error_2 = _a.sent();
|
|
470
|
-
this.hooks.emit(server_hooks_1.ServerHooks.LogoutError, error_2);
|
|
471
|
-
throw error_2;
|
|
472
|
-
case 6: return [2];
|
|
325
|
+
return { accessToken, refreshToken };
|
|
326
|
+
}
|
|
327
|
+
async logout(token) {
|
|
328
|
+
try {
|
|
329
|
+
const session = await this.db.findSessionByToken(token);
|
|
330
|
+
if (session && session.valid) {
|
|
331
|
+
await this.db.invalidateSession(session.id);
|
|
332
|
+
this.hooks.emit(server_hooks_1.ServerHooks.LogoutSuccess, {
|
|
333
|
+
session,
|
|
334
|
+
token,
|
|
335
|
+
});
|
|
336
|
+
}
|
|
337
|
+
else {
|
|
338
|
+
throw new Error("Session is no longer valid");
|
|
339
|
+
}
|
|
340
|
+
return session;
|
|
341
|
+
}
|
|
342
|
+
catch (error) {
|
|
343
|
+
this.hooks.emit(server_hooks_1.ServerHooks.LogoutError, error);
|
|
344
|
+
throw error;
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
async logoutByAccessToken(accessToken) {
|
|
348
|
+
try {
|
|
349
|
+
const session = await this.findSessionByAccessToken(accessToken);
|
|
350
|
+
if (session.valid) {
|
|
351
|
+
await this.db.invalidateSession(session.id);
|
|
352
|
+
this.hooks.emit(server_hooks_1.ServerHooks.LogoutSuccess, {
|
|
353
|
+
session,
|
|
354
|
+
accessToken,
|
|
355
|
+
});
|
|
356
|
+
}
|
|
357
|
+
else {
|
|
358
|
+
throw new Error("Session is no longer valid");
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
catch (error) {
|
|
362
|
+
this.hooks.emit(server_hooks_1.ServerHooks.LogoutError, error);
|
|
363
|
+
throw error;
|
|
364
|
+
}
|
|
365
|
+
}
|
|
366
|
+
async resumeSession(token) {
|
|
367
|
+
try {
|
|
368
|
+
const session = await this.db.findSessionByToken(token);
|
|
369
|
+
if (session && session.valid) {
|
|
370
|
+
const user = await this.db.findUserById(session.userId);
|
|
371
|
+
if (!user) {
|
|
372
|
+
throw new Error("User not found");
|
|
473
373
|
}
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
switch (_a.label) {
|
|
482
|
-
case 0:
|
|
483
|
-
_a.trys.push([0, 8, , 9]);
|
|
484
|
-
return [4, this.db.findSessionByToken(token)];
|
|
485
|
-
case 1:
|
|
486
|
-
session = _a.sent();
|
|
487
|
-
if (!(session && session.valid)) return [3, 7];
|
|
488
|
-
return [4, this.db.findUserById(session.userId)];
|
|
489
|
-
case 2:
|
|
490
|
-
user = _a.sent();
|
|
491
|
-
if (!user) {
|
|
492
|
-
throw new Error("User not found");
|
|
493
|
-
}
|
|
494
|
-
if (!this.options.resumeSessionValidator) return [3, 6];
|
|
495
|
-
_a.label = 3;
|
|
496
|
-
case 3:
|
|
497
|
-
_a.trys.push([3, 5, , 6]);
|
|
498
|
-
return [4, this.options.resumeSessionValidator(user, session)];
|
|
499
|
-
case 4:
|
|
500
|
-
_a.sent();
|
|
501
|
-
return [3, 6];
|
|
502
|
-
case 5:
|
|
503
|
-
e_2 = _a.sent();
|
|
504
|
-
throw new Error(e_2);
|
|
505
|
-
case 6:
|
|
506
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionSuccess, { user: user, token: token });
|
|
507
|
-
return [2, this.sanitizeUser(user)];
|
|
508
|
-
case 7:
|
|
509
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, new Error("Invalid Session"));
|
|
510
|
-
throw new Error("Invalid Session");
|
|
511
|
-
case 8:
|
|
512
|
-
e_3 = _a.sent();
|
|
513
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, e_3);
|
|
514
|
-
throw e_3;
|
|
515
|
-
case 9: return [2];
|
|
374
|
+
if (this.options.resumeSessionValidator) {
|
|
375
|
+
try {
|
|
376
|
+
await this.options.resumeSessionValidator(user, session);
|
|
377
|
+
}
|
|
378
|
+
catch (e) {
|
|
379
|
+
throw new Error(e);
|
|
380
|
+
}
|
|
516
381
|
}
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
throw new Error("User not found");
|
|
536
|
-
}
|
|
537
|
-
if (!this.options.resumeSessionValidator) return [3, 6];
|
|
538
|
-
_a.label = 3;
|
|
539
|
-
case 3:
|
|
540
|
-
_a.trys.push([3, 5, , 6]);
|
|
541
|
-
return [4, this.options.resumeSessionValidator(user, session)];
|
|
542
|
-
case 4:
|
|
543
|
-
_a.sent();
|
|
544
|
-
return [3, 6];
|
|
545
|
-
case 5:
|
|
546
|
-
e_4 = _a.sent();
|
|
547
|
-
throw new Error(e_4);
|
|
548
|
-
case 6:
|
|
549
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionSuccess, {
|
|
550
|
-
user: user,
|
|
551
|
-
accessToken: accessToken,
|
|
552
|
-
});
|
|
553
|
-
return [2, this.sanitizeUser(user)];
|
|
554
|
-
case 7:
|
|
555
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, new Error("Invalid Session"));
|
|
556
|
-
throw new Error("Invalid Session");
|
|
557
|
-
case 8:
|
|
558
|
-
e_5 = _a.sent();
|
|
559
|
-
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, e_5);
|
|
560
|
-
throw e_5;
|
|
561
|
-
case 9: return [2];
|
|
382
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionSuccess, { user, token });
|
|
383
|
+
return this.sanitizeUser(user);
|
|
384
|
+
}
|
|
385
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, new Error("Invalid Session"));
|
|
386
|
+
throw new Error("Invalid Session");
|
|
387
|
+
}
|
|
388
|
+
catch (e) {
|
|
389
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, e);
|
|
390
|
+
throw e;
|
|
391
|
+
}
|
|
392
|
+
}
|
|
393
|
+
async resumeSessionByAccessToken(accessToken) {
|
|
394
|
+
try {
|
|
395
|
+
const session = await this.findSessionByAccessToken(accessToken);
|
|
396
|
+
if (session.valid) {
|
|
397
|
+
const user = await this.db.findUserById(session.userId);
|
|
398
|
+
if (!user) {
|
|
399
|
+
throw new Error("User not found");
|
|
562
400
|
}
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
switch (_a.label) {
|
|
571
|
-
case 0:
|
|
572
|
-
if (!(0, lodash_1.isString)(accessToken)) {
|
|
573
|
-
throw new Error("An accessToken is required");
|
|
574
|
-
}
|
|
575
|
-
try {
|
|
576
|
-
decodedAccessToken = jwt.verify(accessToken, this.options.tokenSecret);
|
|
577
|
-
sessionToken = decodedAccessToken.data.token;
|
|
578
|
-
}
|
|
579
|
-
catch (err) {
|
|
580
|
-
throw new Error("Tokens are not valid");
|
|
581
|
-
}
|
|
582
|
-
return [4, this.db.findSessionByToken(sessionToken)];
|
|
583
|
-
case 1:
|
|
584
|
-
session = _a.sent();
|
|
585
|
-
if (!session) {
|
|
586
|
-
throw new Error("Session not found");
|
|
587
|
-
}
|
|
588
|
-
return [2, session];
|
|
401
|
+
if (this.options.resumeSessionValidator) {
|
|
402
|
+
try {
|
|
403
|
+
await this.options.resumeSessionValidator(user, session);
|
|
404
|
+
}
|
|
405
|
+
catch (e) {
|
|
406
|
+
throw new Error(e);
|
|
407
|
+
}
|
|
589
408
|
}
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
409
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionSuccess, {
|
|
410
|
+
user,
|
|
411
|
+
accessToken,
|
|
412
|
+
});
|
|
413
|
+
return this.sanitizeUser(user);
|
|
414
|
+
}
|
|
415
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, new Error("Invalid Session"));
|
|
416
|
+
throw new Error("Invalid Session");
|
|
417
|
+
}
|
|
418
|
+
catch (e) {
|
|
419
|
+
this.hooks.emit(server_hooks_1.ServerHooks.ResumeSessionError, e);
|
|
420
|
+
throw e;
|
|
421
|
+
}
|
|
422
|
+
}
|
|
423
|
+
async findSessionByAccessToken(accessToken) {
|
|
424
|
+
if (!(0, lodash_1.isString)(accessToken)) {
|
|
425
|
+
throw new Error("An accessToken is required");
|
|
426
|
+
}
|
|
427
|
+
let sessionToken;
|
|
428
|
+
try {
|
|
429
|
+
const decodedAccessToken = jwt.verify(accessToken, this.options.tokenSecret);
|
|
430
|
+
sessionToken = decodedAccessToken.data.token;
|
|
431
|
+
}
|
|
432
|
+
catch (err) {
|
|
433
|
+
throw new Error("Tokens are not valid");
|
|
434
|
+
}
|
|
435
|
+
const session = await this.db.findSessionByToken(sessionToken);
|
|
436
|
+
if (!session) {
|
|
437
|
+
throw new Error("Session not found");
|
|
438
|
+
}
|
|
439
|
+
return session;
|
|
440
|
+
}
|
|
441
|
+
findUserById(userId) {
|
|
594
442
|
return this.db.findUserById(userId);
|
|
595
|
-
}
|
|
596
|
-
|
|
597
|
-
return
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
AccountsServer.prototype.activateUser = function (userId) {
|
|
604
|
-
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
605
|
-
return tslib_1.__generator(this, function (_a) {
|
|
606
|
-
return [2, this.db.setUserDeactivated(userId, false)];
|
|
607
|
-
});
|
|
608
|
-
});
|
|
609
|
-
};
|
|
610
|
-
AccountsServer.prototype.prepareMail = function (to, token, user, pathFragment, emailTemplate, from) {
|
|
443
|
+
}
|
|
444
|
+
async deactivateUser(userId) {
|
|
445
|
+
return this.db.setUserDeactivated(userId, true);
|
|
446
|
+
}
|
|
447
|
+
async activateUser(userId) {
|
|
448
|
+
return this.db.setUserDeactivated(userId, false);
|
|
449
|
+
}
|
|
450
|
+
prepareMail(to, token, user, pathFragment, emailTemplate, from) {
|
|
611
451
|
if (this.options.prepareMail) {
|
|
612
452
|
return this.options.prepareMail(to, token, user, pathFragment, emailTemplate, from);
|
|
613
453
|
}
|
|
614
454
|
return this.defaultPrepareEmail(to, token, user, pathFragment, emailTemplate, from);
|
|
615
|
-
}
|
|
616
|
-
|
|
617
|
-
|
|
455
|
+
}
|
|
456
|
+
sanitizeUser(user) {
|
|
457
|
+
const { userObjectSanitizer } = this.options;
|
|
618
458
|
return userObjectSanitizer(this.internalUserSanitizer(user), lodash_1.omit, lodash_1.pick);
|
|
619
|
-
}
|
|
620
|
-
|
|
459
|
+
}
|
|
460
|
+
internalUserSanitizer(user) {
|
|
621
461
|
return (0, lodash_1.omit)(user, ["services"]);
|
|
622
|
-
}
|
|
623
|
-
|
|
624
|
-
|
|
462
|
+
}
|
|
463
|
+
defaultPrepareEmail(to, token, user, pathFragment, emailTemplate, from) {
|
|
464
|
+
const tokenizedUrl = this.defaultCreateTokenizedUrl(pathFragment, token);
|
|
625
465
|
return {
|
|
626
466
|
from: emailTemplate.from || from,
|
|
627
|
-
to
|
|
467
|
+
to,
|
|
628
468
|
subject: emailTemplate.subject(user, token),
|
|
629
469
|
text: emailTemplate.text(user, tokenizedUrl, token),
|
|
630
470
|
html: emailTemplate.html && emailTemplate.html(user, tokenizedUrl, token),
|
|
631
471
|
};
|
|
632
|
-
}
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
return
|
|
636
|
-
}
|
|
637
|
-
|
|
638
|
-
}());
|
|
472
|
+
}
|
|
473
|
+
defaultCreateTokenizedUrl(pathFragment, token) {
|
|
474
|
+
const siteUrl = this.options.siteUrl;
|
|
475
|
+
return `${siteUrl}/${pathFragment}/${token}`;
|
|
476
|
+
}
|
|
477
|
+
}
|
|
639
478
|
exports.AccountsServer = AccountsServer;
|
|
640
479
|
exports.default = AccountsServer;
|
|
641
480
|
//# sourceMappingURL=accounts-server.js.map
|