@sync-in/server 1.3.9 → 1.5.0

package/server/authentication/guards/auth-token-refresh.strategy.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../backend/src/authentication/guards/auth-token-refresh.strategy.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { PassportStrategy } from '@nestjs/passport'\nimport { FastifyRequest } from 'fastify'\nimport { PinoLogger } from 'nestjs-pino'\nimport { ExtractJwt, Strategy } from 'passport-jwt'\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { JwtPayload } from '../interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from '../interfaces/token.interface'\nimport { AuthManager } from '../services/auth-manager.service'\n\n@Injectable()\nexport class AuthTokenRefreshStrategy extends PassportStrategy(Strategy, 'tokenRefresh') {\n  private static refreshCookieName: string\n\n  constructor(\n    private readonly authManager: AuthManager,\n    private readonly logger: PinoLogger\n  ) {\n    super({\n      jwtFromRequest: ExtractJwt.fromExtractors([AuthTokenRefreshStrategy.extractJWTFromCookie, ExtractJwt.fromAuthHeaderAsBearerToken()]),\n      secretOrKey: authManager.authConfig.token.refresh.secret,\n      ignoreExpiration: false,\n      passReqToCallback: true\n    })\n    AuthTokenRefreshStrategy.refreshCookieName = authManager.authConfig.token.refresh.name\n  }\n\n  // not declared properly:  https://github.com/nestjs/passport/issues/929\n  validate(req: FastifyRequest, jwtPayload: JwtPayload): UserModel {\n    this.logger.assign({ user: jwtPayload.identity.login })\n    this.authManager.csrfValidation(req, jwtPayload, TOKEN_TYPE.REFRESH)\n    // jwt expiration is used later to refresh cookies\n    return new UserModel({ ...jwtPayload.identity, exp: jwtPayload.exp })\n  }\n\n  private static extractJWTFromCookie(req: FastifyRequest): string | null {\n    if (typeof req.cookies === 'object' && req.cookies[AuthTokenRefreshStrategy.refreshCookieName] !== undefined) {\n      return req.cookies[AuthTokenRefreshStrategy.refreshCookieName]\n    }\n    return null\n  }\n}\n"],"names":["AuthTokenRefreshStrategy","PassportStrategy","Strategy","validate","req","jwtPayload","logger","assign","user","identity","login","authManager","csrfValidation","TOKEN_TYPE","REFRESH","UserModel","exp","extractJWTFromCookie","cookies","refreshCookieName","undefined","jwtFromRequest","ExtractJwt","fromExtractors","fromAuthHeaderAsBearerToken","secretOrKey","authConfig","token","refresh","secret","ignoreExpiration","passReqToCallback","name"],"mappings":"AAAA;;;;CAIC;;;;+BAaYA;;;eAAAA;;;wBAXc;0BACM;4BAEN;6BACU;2BACX;gCAEC;oCACC;;;;;;;;;;AAGrB,IAAA,AAAMA,2BAAN,MAAMA,iCAAiCC,IAAAA,0BAAgB,EAACC,qBAAQ,EAAE;IAgBvE,wEAAwE;IACxEC,SAASC,GAAmB,EAAEC,UAAsB,EAAa;QAC/D,IAAI,CAACC,MAAM,CAACC,MAAM,CAAC;YAAEC,MAAMH,WAAWI,QAAQ,CAACC,KAAK;QAAC;QACrD,IAAI,CAACC,WAAW,CAACC,cAAc,CAACR,KAAKC,YAAYQ,0BAAU,CAACC,OAAO;QACnE,kDAAkD;QAClD,OAAO,IAAIC,oBAAS,CAAC;YAAE,GAAGV,WAAWI,QAAQ;YAAEO,KAAKX,WAAWW,GAAG;QAAC;IACrE;IAEA,OAAeC,qBAAqBb,GAAmB,EAAiB;QACtE,IAAI,OAAOA,IAAIc,OAAO,KAAK,YAAYd,IAAIc,OAAO,CAAClB,yBAAyBmB,iBAAiB,CAAC,KAAKC,WAAW;YAC5G,OAAOhB,IAAIc,OAAO,CAAClB,yBAAyBmB,iBAAiB,CAAC;QAChE;QACA,OAAO;IACT;IA1BA,YACE,AAAiBR,WAAwB,EACzC,AAAiBL,MAAkB,CACnC;QACA,KAAK,CAAC;YACJe,gBAAgBC,uBAAU,CAACC,cAAc,CAAC;gBAACvB,yBAAyBiB,oBAAoB;gBAAEK,uBAAU,CAACE,2BAA2B;aAAG;YACnIC,aAAad,YAAYe,UAAU,CAACC,KAAK,CAACC,OAAO,CAACC,MAAM;YACxDC,kBAAkB;YAClBC,mBAAmB;QACrB,SARiBpB,cAAAA,kBACAL,SAAAA;QAQjBN,yBAAyBmB,iBAAiB,GAAGR,YAAYe,UAAU,CAACC,KAAK,CAACC,OAAO,CAACI,IAAI;IACxF;AAgBF"}
+{"version":3,"sources":["../../../../backend/src/authentication/guards/auth-token-refresh.strategy.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { AbstractStrategy, PassportStrategy } from '@nestjs/passport'\nimport { FastifyRequest } from 'fastify'\nimport { PinoLogger } from 'nestjs-pino'\nimport { ExtractJwt, Strategy } from 'passport-jwt'\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { JwtPayload } from '../interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from '../interfaces/token.interface'\nimport { AuthManager } from '../services/auth-manager.service'\n\n@Injectable()\nexport class AuthTokenRefreshStrategy extends PassportStrategy(Strategy, 'tokenRefresh') implements AbstractStrategy {\n  private static refreshCookieName: string\n\n  constructor(\n    private readonly authManager: AuthManager,\n    private readonly logger: PinoLogger\n  ) {\n    super({\n      jwtFromRequest: ExtractJwt.fromExtractors([AuthTokenRefreshStrategy.extractJWTFromCookie, ExtractJwt.fromAuthHeaderAsBearerToken()]),\n      secretOrKey: authManager.authConfig.token.refresh.secret,\n      ignoreExpiration: false,\n      passReqToCallback: true\n    })\n    AuthTokenRefreshStrategy.refreshCookieName = authManager.authConfig.token.refresh.name\n  }\n\n  validate(req: FastifyRequest, jwtPayload: JwtPayload): UserModel {\n    this.logger.assign({ user: jwtPayload.identity.login })\n    this.authManager.csrfValidation(req, jwtPayload, TOKEN_TYPE.REFRESH)\n    // jwt expiration is used later to refresh cookies\n    return new UserModel({ ...jwtPayload.identity, exp: jwtPayload.exp })\n  }\n\n  private static extractJWTFromCookie(req: FastifyRequest): string | null {\n    if (typeof req.cookies === 'object' && req.cookies[AuthTokenRefreshStrategy.refreshCookieName] !== undefined) {\n      return req.cookies[AuthTokenRefreshStrategy.refreshCookieName]\n    }\n    return null\n  }\n}\n"],"names":["AuthTokenRefreshStrategy","PassportStrategy","Strategy","validate","req","jwtPayload","logger","assign","user","identity","login","authManager","csrfValidation","TOKEN_TYPE","REFRESH","UserModel","exp","extractJWTFromCookie","cookies","refreshCookieName","undefined","jwtFromRequest","ExtractJwt","fromExtractors","fromAuthHeaderAsBearerToken","secretOrKey","authConfig","token","refresh","secret","ignoreExpiration","passReqToCallback","name"],"mappings":"AAAA;;;;CAIC;;;;+BAaYA;;;eAAAA;;;wBAXc;0BACwB;4BAExB;6BACU;2BACX;gCAEC;oCACC;;;;;;;;;;AAGrB,IAAA,AAAMA,2BAAN,MAAMA,iCAAiCC,IAAAA,0BAAgB,EAACC,qBAAQ,EAAE;IAgBvEC,SAASC,GAAmB,EAAEC,UAAsB,EAAa;QAC/D,IAAI,CAACC,MAAM,CAACC,MAAM,CAAC;YAAEC,MAAMH,WAAWI,QAAQ,CAACC,KAAK;QAAC;QACrD,IAAI,CAACC,WAAW,CAACC,cAAc,CAACR,KAAKC,YAAYQ,0BAAU,CAACC,OAAO;QACnE,kDAAkD;QAClD,OAAO,IAAIC,oBAAS,CAAC;YAAE,GAAGV,WAAWI,QAAQ;YAAEO,KAAKX,WAAWW,GAAG;QAAC;IACrE;IAEA,OAAeC,qBAAqBb,GAAmB,EAAiB;QACtE,IAAI,OAAOA,IAAIc,OAAO,KAAK,YAAYd,IAAIc,OAAO,CAAClB,yBAAyBmB,iBAAiB,CAAC,KAAKC,WAAW;YAC5G,OAAOhB,IAAIc,OAAO,CAAClB,yBAAyBmB,iBAAiB,CAAC;QAChE;QACA,OAAO;IACT;IAzBA,YACE,AAAiBR,WAAwB,EACzC,AAAiBL,MAAkB,CACnC;QACA,KAAK,CAAC;YACJe,gBAAgBC,uBAAU,CAACC,cAAc,CAAC;gBAACvB,yBAAyBiB,oBAAoB;gBAAEK,uBAAU,CAACE,2BAA2B;aAAG;YACnIC,aAAad,YAAYe,UAAU,CAACC,KAAK,CAACC,OAAO,CAACC,MAAM;YACxDC,kBAAkB;YAClBC,mBAAmB;QACrB,SARiBpB,cAAAA,kBACAL,SAAAA;QAQjBN,yBAAyBmB,iBAAiB,GAAGR,YAAYe,UAAU,CAACC,KAAK,CAACC,OAAO,CAACI,IAAI;IACxF;AAeF"}

package/server/authentication/services/auth-methods/auth-method-database.service.js

@@ -31,7 +31,7 @@ let AuthMethodDatabase = class AuthMethodDatabase {
             user = await this.usersManager.findUser(loginOrEmail, false);
         } catch (e) {
             this.logger.error(`${this.validateUser.name} - ${e}`);
-            throw new _common.HttpException(_appconstants.CONNECT_ERROR_CODE.has(e.cause?.code) ? 'Authentication service connection error' : e.message, _common.HttpStatus.INTERNAL_SERVER_ERROR);
+            throw new _common.HttpException(_appconstants.CONNECT_ERROR_CODE.has(e.cause?.code) ? 'Authentication service error' : e.message, _common.HttpStatus.INTERNAL_SERVER_ERROR);
         }
         if (!user) {
             this.logger.warn(`${this.validateUser.name} - login or email not found for *${loginOrEmail}*`);

package/server/authentication/services/auth-methods/auth-method-database.service.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-database.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { AuthMethod } from '../../models/auth-method'\n\n@Injectable()\nexport class AuthMethodDatabase implements AuthMethod {\n  private readonly logger = new Logger(AuthMethodDatabase.name)\n\n  constructor(private readonly usersManager: UsersManager) {}\n\n  async validateUser(loginOrEmail: string, password: string, ip?: string): Promise<UserModel> {\n    let user: UserModel\n    try {\n      user = await this.usersManager.findUser(loginOrEmail, false)\n    } catch (e) {\n      this.logger.error(`${this.validateUser.name} - ${e}`)\n      throw new HttpException(\n        CONNECT_ERROR_CODE.has(e.cause?.code) ? 'Authentication service connection error' : e.message,\n        HttpStatus.INTERNAL_SERVER_ERROR\n      )\n    }\n    if (!user) {\n      this.logger.warn(`${this.validateUser.name} - login or email not found for *${loginOrEmail}*`)\n      return null\n    }\n    return await this.usersManager.logUser(user, password, ip)\n  }\n}\n"],"names":["AuthMethodDatabase","validateUser","loginOrEmail","password","ip","user","usersManager","findUser","e","logger","error","name","HttpException","CONNECT_ERROR_CODE","has","cause","code","message","HttpStatus","INTERNAL_SERVER_ERROR","warn","logUser","Logger"],"mappings":"AAAA;;;;CAIC;;;;+BASYA;;;eAAAA;;;wBAPiD;8BAC3B;qCAEN;;;;;;;;;;AAItB,IAAA,AAAMA,qBAAN,MAAMA;IAKX,MAAMC,aAAaC,YAAoB,EAAEC,QAAgB,EAAEC,EAAW,EAAsB;QAC1F,IAAIC;QACJ,IAAI;YACFA,OAAO,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAACL,cAAc;QACxD,EAAE,OAAOM,GAAG;YACV,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACT,YAAY,CAACU,IAAI,CAAC,GAAG,EAAEH,GAAG;YACpD,MAAM,IAAII,qBAAa,CACrBC,gCAAkB,CAACC,GAAG,CAACN,EAAEO,KAAK,EAAEC,QAAQ,4CAA4CR,EAAES,OAAO,EAC7FC,kBAAU,CAACC,qBAAqB;QAEpC;QACA,IAAI,CAACd,MAAM;YACT,IAAI,CAACI,MAAM,CAACW,IAAI,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACU,IAAI,CAAC,iCAAiC,EAAET,aAAa,CAAC,CAAC;YAC7F,OAAO;QACT;QACA,OAAO,MAAM,IAAI,CAACI,YAAY,CAACe,OAAO,CAAChB,MAAMF,UAAUC;IACzD;IAlBA,YAAY,AAAiBE,YAA0B,CAAE;aAA5BA,eAAAA;aAFZG,SAAS,IAAIa,cAAM,CAACtB,mBAAmBW,IAAI;IAEF;AAmB5D"}
+{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-database.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { AuthMethod } from '../../models/auth-method'\n\n@Injectable()\nexport class AuthMethodDatabase implements AuthMethod {\n  private readonly logger = new Logger(AuthMethodDatabase.name)\n\n  constructor(private readonly usersManager: UsersManager) {}\n\n  async validateUser(loginOrEmail: string, password: string, ip?: string): Promise<UserModel> {\n    let user: UserModel\n    try {\n      user = await this.usersManager.findUser(loginOrEmail, false)\n    } catch (e) {\n      this.logger.error(`${this.validateUser.name} - ${e}`)\n      throw new HttpException(CONNECT_ERROR_CODE.has(e.cause?.code) ? 'Authentication service error' : e.message, HttpStatus.INTERNAL_SERVER_ERROR)\n    }\n    if (!user) {\n      this.logger.warn(`${this.validateUser.name} - login or email not found for *${loginOrEmail}*`)\n      return null\n    }\n    return await this.usersManager.logUser(user, password, ip)\n  }\n}\n"],"names":["AuthMethodDatabase","validateUser","loginOrEmail","password","ip","user","usersManager","findUser","e","logger","error","name","HttpException","CONNECT_ERROR_CODE","has","cause","code","message","HttpStatus","INTERNAL_SERVER_ERROR","warn","logUser","Logger"],"mappings":"AAAA;;;;CAIC;;;;+BASYA;;;eAAAA;;;wBAPiD;8BAC3B;qCAEN;;;;;;;;;;AAItB,IAAA,AAAMA,qBAAN,MAAMA;IAKX,MAAMC,aAAaC,YAAoB,EAAEC,QAAgB,EAAEC,EAAW,EAAsB;QAC1F,IAAIC;QACJ,IAAI;YACFA,OAAO,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAACL,cAAc;QACxD,EAAE,OAAOM,GAAG;YACV,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACT,YAAY,CAACU,IAAI,CAAC,GAAG,EAAEH,GAAG;YACpD,MAAM,IAAII,qBAAa,CAACC,gCAAkB,CAACC,GAAG,CAACN,EAAEO,KAAK,EAAEC,QAAQ,iCAAiCR,EAAES,OAAO,EAAEC,kBAAU,CAACC,qBAAqB;QAC9I;QACA,IAAI,CAACd,MAAM;YACT,IAAI,CAACI,MAAM,CAACW,IAAI,CAAC,GAAG,IAAI,CAACnB,YAAY,CAACU,IAAI,CAAC,iCAAiC,EAAET,aAAa,CAAC,CAAC;YAC7F,OAAO;QACT;QACA,OAAO,MAAM,IAAI,CAACI,YAAY,CAACe,OAAO,CAAChB,MAAMF,UAAUC;IACzD;IAfA,YAAY,AAAiBE,YAA0B,CAAE;aAA5BA,eAAAA;aAFZG,SAAS,IAAIa,cAAM,CAACtB,mBAAmBW,IAAI;IAEF;AAgB5D"}

package/server/authentication/services/auth-methods/auth-method-database.service.spec.js

@@ -7,6 +7,7 @@ Object.defineProperty(exports, "__esModule", {
     value: true
 });
 const _testing = require("@nestjs/testing");
+const _appconstants = require("../../../app.constants");
 const _usermodel = require("../../../applications/users/models/user.model");
 const _adminusersmanagerservice = require("../../../applications/users/services/admin-users-manager.service");
 const _adminusersqueriesservice = require("../../../applications/users/services/admin-users-queries.service");
@@ -71,17 +72,18 @@ describe(_authmethoddatabaseservice.AuthMethodDatabase.name, ()=>{
         usersManager.findUser = jest.fn().mockReturnValueOnce(null).mockReturnValueOnce({
             ...userTest,
             password: await (0, _functions.hashPassword)('bar')
-        }).mockRejectedValueOnce({
-            message: 'db error',
-            code: 'ECONNREFUSED'
         }).mockRejectedValueOnce({
             message: 'db error',
             code: 'OTHER'
-        });
+        }).mockRejectedValueOnce(new Error('Authentication service error', {
+            cause: {
+                code: Array.from(_appconstants.CONNECT_ERROR_CODE)[0]
+            }
+        }));
         expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull();
         expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull();
-        await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow();
-        await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow();
+        await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/db error/i);
+        await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/authentication service/i);
     });
 });
 

package/server/authentication/services/auth-methods/auth-method-database.service.spec.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-database.service.spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Test, TestingModule } from '@nestjs/testing'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { AdminUsersQueries } from '../../../applications/users/services/admin-users-queries.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { UsersQueries } from '../../../applications/users/services/users-queries.service'\nimport { generateUserTest } from '../../../applications/users/utils/test'\nimport { hashPassword } from '../../../common/functions'\nimport { Cache } from '../../../infrastructure/cache/services/cache.service'\nimport { DB_TOKEN_PROVIDER } from '../../../infrastructure/database/constants'\nimport { AuthManager } from '../auth-manager.service'\nimport { AuthMethodDatabase } from './auth-method-database.service'\n\ndescribe(AuthMethodDatabase.name, () => {\n  let authMethodDatabase: AuthMethodDatabase\n  let usersManager: UsersManager\n  let userTest: UserModel\n\n  beforeAll(async () => {\n    const module: TestingModule = await Test.createTestingModule({\n      providers: [\n        AuthMethodDatabase,\n        UsersManager,\n        UsersQueries,\n        AdminUsersManager,\n        AdminUsersQueries,\n        { provide: AuthManager, useValue: {} },\n        { provide: DB_TOKEN_PROVIDER, useValue: {} },\n        {\n          provide: Cache,\n          useValue: {}\n        }\n      ]\n    }).compile()\n\n    authMethodDatabase = module.get<AuthMethodDatabase>(AuthMethodDatabase)\n    usersManager = module.get<UsersManager>(UsersManager)\n    module.useLogger(['fatal'])\n    // mocks\n    userTest = new UserModel(generateUserTest(), false)\n    usersManager.updateAccesses = jest.fn(() => Promise.resolve())\n  })\n\n  it('should be defined', () => {\n    expect(authMethodDatabase).toBeDefined()\n    expect(usersManager).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should validate the user', async () => {\n    userTest.makePaths = jest.fn()\n    usersManager.findUser = jest.fn().mockReturnValue({ ...userTest, password: await hashPassword(userTest.password) })\n    expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeDefined()\n    expect(userTest.makePaths).toHaveBeenCalled()\n  })\n\n  it('should not validate the user', async () => {\n    usersManager.findUser = jest\n      .fn()\n      .mockReturnValueOnce(null)\n      .mockReturnValueOnce({ ...userTest, password: await hashPassword('bar') })\n      .mockRejectedValueOnce({ message: 'db error', code: 'ECONNREFUSED' })\n      .mockRejectedValueOnce({ message: 'db error', code: 'OTHER' })\n    expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull()\n    expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull()\n    await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow()\n    await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow()\n  })\n})\n"],"names":["describe","AuthMethodDatabase","name","authMethodDatabase","usersManager","userTest","beforeAll","module","Test","createTestingModule","providers","UsersManager","UsersQueries","AdminUsersManager","AdminUsersQueries","provide","AuthManager","useValue","DB_TOKEN_PROVIDER","Cache","compile","get","useLogger","UserModel","generateUserTest","updateAccesses","jest","fn","Promise","resolve","it","expect","toBeDefined","makePaths","findUser","mockReturnValue","password","hashPassword","validateUser","login","toHaveBeenCalled","mockReturnValueOnce","mockRejectedValueOnce","message","code","toBeNull","rejects","toThrow"],"mappings":"AAAA;;;;CAIC;;;;yBAEmC;2BACV;0CACQ;0CACA;qCACL;qCACA;sBACI;2BACJ;8BACP;2BACY;oCACN;2CACO;AAEnCA,SAASC,6CAAkB,CAACC,IAAI,EAAE;IAChC,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACR,MAAMC,SAAwB,MAAMC,aAAI,CAACC,mBAAmB,CAAC;YAC3DC,WAAW;gBACTT,6CAAkB;gBAClBU,iCAAY;gBACZC,iCAAY;gBACZC,2CAAiB;gBACjBC,2CAAiB;gBACjB;oBAAEC,SAASC,+BAAW;oBAAEC,UAAU,CAAC;gBAAE;gBACrC;oBAAEF,SAASG,4BAAiB;oBAAED,UAAU,CAAC;gBAAE;gBAC3C;oBACEF,SAASI,mBAAK;oBACdF,UAAU,CAAC;gBACb;aACD;QACH,GAAGG,OAAO;QAEVjB,qBAAqBI,OAAOc,GAAG,CAAqBpB,6CAAkB;QACtEG,eAAeG,OAAOc,GAAG,CAAeV,iCAAY;QACpDJ,OAAOe,SAAS,CAAC;YAAC;SAAQ;QAC1B,QAAQ;QACRjB,WAAW,IAAIkB,oBAAS,CAACC,IAAAA,sBAAgB,KAAI;QAC7CpB,aAAaqB,cAAc,GAAGC,KAAKC,EAAE,CAAC,IAAMC,QAAQC,OAAO;IAC7D;IAEAC,GAAG,qBAAqB;QACtBC,OAAO5B,oBAAoB6B,WAAW;QACtCD,OAAO3B,cAAc4B,WAAW;QAChCD,OAAO1B,UAAU2B,WAAW;IAC9B;IAEAF,GAAG,4BAA4B;QAC7BzB,SAAS4B,SAAS,GAAGP,KAAKC,EAAE;QAC5BvB,aAAa8B,QAAQ,GAAGR,KAAKC,EAAE,GAAGQ,eAAe,CAAC;YAAE,GAAG9B,QAAQ;YAAE+B,UAAU,MAAMC,IAAAA,uBAAY,EAAChC,SAAS+B,QAAQ;QAAE;QACjHL,OAAO,MAAM5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGJ,WAAW;QAC5FD,OAAO1B,SAAS4B,SAAS,EAAEO,gBAAgB;IAC7C;IAEAV,GAAG,gCAAgC;QACjC1B,aAAa8B,QAAQ,GAAGR,KACrBC,EAAE,GACFc,mBAAmB,CAAC,MACpBA,mBAAmB,CAAC;YAAE,GAAGpC,QAAQ;YAAE+B,UAAU,MAAMC,IAAAA,uBAAY,EAAC;QAAO,GACvEK,qBAAqB,CAAC;YAAEC,SAAS;YAAYC,MAAM;QAAe,GAClEF,qBAAqB,CAAC;YAAEC,SAAS;YAAYC,MAAM;QAAQ;QAC9Db,OAAO,MAAM5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGS,QAAQ;QACzFd,OAAO,MAAM5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGS,QAAQ;QACzF,MAAMd,OAAO5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGU,OAAO,CAACC,OAAO;QAChG,MAAMhB,OAAO5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGU,OAAO,CAACC,OAAO;IAClG;AACF"}
+{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-database.service.spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Test, TestingModule } from '@nestjs/testing'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { AdminUsersQueries } from '../../../applications/users/services/admin-users-queries.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { UsersQueries } from '../../../applications/users/services/users-queries.service'\nimport { generateUserTest } from '../../../applications/users/utils/test'\nimport { hashPassword } from '../../../common/functions'\nimport { Cache } from '../../../infrastructure/cache/services/cache.service'\nimport { DB_TOKEN_PROVIDER } from '../../../infrastructure/database/constants'\nimport { AuthManager } from '../auth-manager.service'\nimport { AuthMethodDatabase } from './auth-method-database.service'\n\ndescribe(AuthMethodDatabase.name, () => {\n  let authMethodDatabase: AuthMethodDatabase\n  let usersManager: UsersManager\n  let userTest: UserModel\n\n  beforeAll(async () => {\n    const module: TestingModule = await Test.createTestingModule({\n      providers: [\n        AuthMethodDatabase,\n        UsersManager,\n        UsersQueries,\n        AdminUsersManager,\n        AdminUsersQueries,\n        { provide: AuthManager, useValue: {} },\n        { provide: DB_TOKEN_PROVIDER, useValue: {} },\n        {\n          provide: Cache,\n          useValue: {}\n        }\n      ]\n    }).compile()\n\n    authMethodDatabase = module.get<AuthMethodDatabase>(AuthMethodDatabase)\n    usersManager = module.get<UsersManager>(UsersManager)\n    module.useLogger(['fatal'])\n    // mocks\n    userTest = new UserModel(generateUserTest(), false)\n    usersManager.updateAccesses = jest.fn(() => Promise.resolve())\n  })\n\n  it('should be defined', () => {\n    expect(authMethodDatabase).toBeDefined()\n    expect(usersManager).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should validate the user', async () => {\n    userTest.makePaths = jest.fn()\n    usersManager.findUser = jest.fn().mockReturnValue({ ...userTest, password: await hashPassword(userTest.password) })\n    expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeDefined()\n    expect(userTest.makePaths).toHaveBeenCalled()\n  })\n\n  it('should not validate the user', async () => {\n    usersManager.findUser = jest\n      .fn()\n      .mockReturnValueOnce(null)\n      .mockReturnValueOnce({ ...userTest, password: await hashPassword('bar') })\n      .mockRejectedValueOnce({ message: 'db error', code: 'OTHER' })\n      .mockRejectedValueOnce(\n        new Error('Authentication service error', {\n          cause: { code: Array.from(CONNECT_ERROR_CODE)[0] }\n        })\n      )\n    expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull()\n    expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull()\n    await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/db error/i)\n    await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/authentication service/i)\n  })\n})\n"],"names":["describe","AuthMethodDatabase","name","authMethodDatabase","usersManager","userTest","beforeAll","module","Test","createTestingModule","providers","UsersManager","UsersQueries","AdminUsersManager","AdminUsersQueries","provide","AuthManager","useValue","DB_TOKEN_PROVIDER","Cache","compile","get","useLogger","UserModel","generateUserTest","updateAccesses","jest","fn","Promise","resolve","it","expect","toBeDefined","makePaths","findUser","mockReturnValue","password","hashPassword","validateUser","login","toHaveBeenCalled","mockReturnValueOnce","mockRejectedValueOnce","message","code","Error","cause","Array","from","CONNECT_ERROR_CODE","toBeNull","rejects","toThrow"],"mappings":"AAAA;;;;CAIC;;;;yBAEmC;8BACD;2BACT;0CACQ;0CACA;qCACL;qCACA;sBACI;2BACJ;8BACP;2BACY;oCACN;2CACO;AAEnCA,SAASC,6CAAkB,CAACC,IAAI,EAAE;IAChC,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACR,MAAMC,SAAwB,MAAMC,aAAI,CAACC,mBAAmB,CAAC;YAC3DC,WAAW;gBACTT,6CAAkB;gBAClBU,iCAAY;gBACZC,iCAAY;gBACZC,2CAAiB;gBACjBC,2CAAiB;gBACjB;oBAAEC,SAASC,+BAAW;oBAAEC,UAAU,CAAC;gBAAE;gBACrC;oBAAEF,SAASG,4BAAiB;oBAAED,UAAU,CAAC;gBAAE;gBAC3C;oBACEF,SAASI,mBAAK;oBACdF,UAAU,CAAC;gBACb;aACD;QACH,GAAGG,OAAO;QAEVjB,qBAAqBI,OAAOc,GAAG,CAAqBpB,6CAAkB;QACtEG,eAAeG,OAAOc,GAAG,CAAeV,iCAAY;QACpDJ,OAAOe,SAAS,CAAC;YAAC;SAAQ;QAC1B,QAAQ;QACRjB,WAAW,IAAIkB,oBAAS,CAACC,IAAAA,sBAAgB,KAAI;QAC7CpB,aAAaqB,cAAc,GAAGC,KAAKC,EAAE,CAAC,IAAMC,QAAQC,OAAO;IAC7D;IAEAC,GAAG,qBAAqB;QACtBC,OAAO5B,oBAAoB6B,WAAW;QACtCD,OAAO3B,cAAc4B,WAAW;QAChCD,OAAO1B,UAAU2B,WAAW;IAC9B;IAEAF,GAAG,4BAA4B;QAC7BzB,SAAS4B,SAAS,GAAGP,KAAKC,EAAE;QAC5BvB,aAAa8B,QAAQ,GAAGR,KAAKC,EAAE,GAAGQ,eAAe,CAAC;YAAE,GAAG9B,QAAQ;YAAE+B,UAAU,MAAMC,IAAAA,uBAAY,EAAChC,SAAS+B,QAAQ;QAAE;QACjHL,OAAO,MAAM5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGJ,WAAW;QAC5FD,OAAO1B,SAAS4B,SAAS,EAAEO,gBAAgB;IAC7C;IAEAV,GAAG,gCAAgC;QACjC1B,aAAa8B,QAAQ,GAAGR,KACrBC,EAAE,GACFc,mBAAmB,CAAC,MACpBA,mBAAmB,CAAC;YAAE,GAAGpC,QAAQ;YAAE+B,UAAU,MAAMC,IAAAA,uBAAY,EAAC;QAAO,GACvEK,qBAAqB,CAAC;YAAEC,SAAS;YAAYC,MAAM;QAAQ,GAC3DF,qBAAqB,CACpB,IAAIG,MAAM,gCAAgC;YACxCC,OAAO;gBAAEF,MAAMG,MAAMC,IAAI,CAACC,gCAAkB,CAAC,CAAC,EAAE;YAAC;QACnD;QAEJlB,OAAO,MAAM5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGc,QAAQ;QACzFnB,OAAO,MAAM5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGc,QAAQ;QACzF,MAAMnB,OAAO5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGe,OAAO,CAACC,OAAO,CAAC;QACjG,MAAMrB,OAAO5B,mBAAmBmC,YAAY,CAACjC,SAASkC,KAAK,EAAElC,SAAS+B,QAAQ,GAAGe,OAAO,CAACC,OAAO,CAAC;IACnG;AACF"}

package/server/authentication/services/auth-methods/auth-method-ldap.service.js

@@ -34,7 +34,7 @@ let AuthMethodLdapService = class AuthMethodLdapService {
         let user = await this.usersManager.findUser(loginOrEmail, false);
         if (user) {
             if (user.isGuest) {
-                // allow guests to be authenticated from db & check if current user is defined as active
+                // allow guests to be authenticated from db and check if the current user is defined as active
                 return this.usersManager.logUser(user, password, ip);
             }
             if (!user.isActive) {
@@ -93,7 +93,7 @@ let AuthMethodLdapService = class AuthMethodLdapService {
             }
         }
         if (error && _appconstants.CONNECT_ERROR_CODE.has(error.code)) {
-            throw new _common.HttpException('Authentication service connection error', _common.HttpStatus.INTERNAL_SERVER_ERROR);
+            throw new _common.HttpException('Authentication service error', _common.HttpStatus.INTERNAL_SERVER_ERROR);
         }
         return false;
     }

package/server/authentication/services/auth-methods/auth-method-ldap.service.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-ldap.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { Client, ClientOptions, Entry, InvalidCredentialsError } from 'ldapts'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { USER_ROLE } from '../../../applications/users/constants/user'\nimport { CreateUserDto, UpdateUserDto } from '../../../applications/users/dto/create-or-update-user.dto'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { comparePassword, splitFullName } from '../../../common/functions'\nimport { configuration } from '../../../configuration/config.environment'\nimport { AuthMethod } from '../../models/auth-method'\n\ntype LdapUserEntry = Entry & { uid: string; mail: string; cn: string }\n\n@Injectable()\nexport class AuthMethodLdapService implements AuthMethod {\n  private readonly logger = new Logger(AuthMethodLdapService.name)\n  private readonly entryAttributes = ['uid', 'mail', 'cn']\n  private clientOptions: ClientOptions = { timeout: 6000, connectTimeout: 6000, url: '' }\n\n  constructor(\n    private readonly usersManager: UsersManager,\n    private readonly adminUsersManager: AdminUsersManager\n  ) {}\n\n  async validateUser(loginOrEmail: string, password: string, ip?: string): Promise<UserModel> {\n    let user = await this.usersManager.findUser(loginOrEmail, false)\n    if (user) {\n      if (user.isGuest) {\n        // allow guests to be authenticated from db & check if current user is defined as active\n        return this.usersManager.logUser(user, password, ip)\n      }\n      if (!user.isActive) {\n        this.logger.error(`${this.validateUser.name} - user *${user.login}* is locked`)\n        throw new HttpException('Account locked', HttpStatus.FORBIDDEN)\n      }\n    }\n    const entry = await this.checkAuth(loginOrEmail, password)\n    if (entry === false) {\n      if (user) {\n        this.usersManager.updateAccesses(user, ip, false).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n      }\n      return null\n    } else if (!entry.mail || !entry.uid) {\n      this.logger.error(`${this.validateUser.name} - ${loginOrEmail} : some ldap fields are missing => (${JSON.stringify(entry)})`)\n      return null\n    }\n    const identity = { login: entry.uid, email: entry.mail, password: password, ...splitFullName(entry.cn) } satisfies CreateUserDto\n    user = await this.updateOrCreateUser(identity, user)\n    this.usersManager.updateAccesses(user, ip, true).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n    return user\n  }\n\n  private async checkAuth(uid: string, password: string): Promise<LdapUserEntry | false> {\n    const servers = configuration.auth.ldap.servers\n    const bindUserDN = `${configuration.auth.ldap.loginAttribute}=${uid},${configuration.auth.ldap.baseDN}`\n    let client: Client\n    let error: any\n    for (const s of servers) {\n      client = new Client({ ...this.clientOptions, url: s })\n      try {\n        await client.bind(bindUserDN, password)\n        return await this.checkAccess(client, uid)\n      } catch (e) {\n        if (e.errors?.length) {\n          for (const err of e.errors) {\n            this.logger.warn(`${this.checkAuth.name} - ${uid} : ${err}`)\n            error = err\n          }\n        } else {\n          error = e\n          this.logger.warn(`${this.checkAuth.name} - ${uid} : ${e}`)\n        }\n        if (error instanceof InvalidCredentialsError) {\n          return false\n        }\n      } finally {\n        await client.unbind()\n      }\n    }\n    if (error && CONNECT_ERROR_CODE.has(error.code)) {\n      throw new HttpException('Authentication service connection error', HttpStatus.INTERNAL_SERVER_ERROR)\n    }\n    return false\n  }\n\n  private async checkAccess(client: Client, uid: string): Promise<LdapUserEntry | false> {\n    const searchFilter = `(&(${configuration.auth.ldap.loginAttribute}=${uid})${configuration.auth.ldap.filter || ''})`\n    try {\n      const { searchEntries } = await client.search(configuration.auth.ldap.baseDN, {\n        scope: 'sub',\n        filter: searchFilter,\n        attributes: this.entryAttributes\n      })\n      for (const entry of searchEntries) {\n        if (entry[configuration.auth.ldap.loginAttribute] === uid) {\n          if (Array.isArray(entry.mail)) {\n            // handles the case of multiple emails, keep the first\n            entry.mail = entry.mail[0]\n          }\n          return entry as LdapUserEntry\n        }\n      }\n      return false\n    } catch (e) {\n      this.logger.warn(`${this.checkAccess.name} - ${uid} : ${e}`)\n      return false\n    }\n  }\n\n  private async updateOrCreateUser(identity: CreateUserDto, user: UserModel): Promise<UserModel> {\n    if (user === null) {\n      return this.adminUsersManager.createUserOrGuest(identity, USER_ROLE.USER)\n    } else {\n      if (identity.login !== user.login) {\n        this.logger.error(`${this.updateOrCreateUser.name} - user id mismatch : ${identity.login} !== ${user.login}`)\n        throw new HttpException('Account matching error', HttpStatus.FORBIDDEN)\n      }\n      // check if user information has changed\n      const identityHasChanged: UpdateUserDto = Object.fromEntries(\n        (\n          await Promise.all(\n            Object.keys(identity).map(async (key: string) => {\n              if (key === 'password') {\n                const isSame = await comparePassword(identity[key], user.password)\n                return isSame ? null : [key, identity[key]]\n              }\n              return identity[key] !== user[key] ? [key, identity[key]] : null\n            })\n          )\n        ).filter(Boolean)\n      )\n      if (Object.keys(identityHasChanged).length > 0) {\n        try {\n          await this.adminUsersManager.updateUserOrGuest(user.id, identityHasChanged)\n          if (identityHasChanged?.password) {\n            delete identityHasChanged.password\n          }\n          Object.assign(user, identityHasChanged)\n        } catch (e) {\n          this.logger.warn(`${this.updateOrCreateUser.name} - unable to update user *${user.login}* : ${e}`)\n        }\n      }\n      await user.makePaths()\n      return user\n    }\n  }\n}\n"],"names":["AuthMethodLdapService","validateUser","loginOrEmail","password","ip","user","usersManager","findUser","isGuest","logUser","isActive","logger","error","name","login","HttpException","HttpStatus","FORBIDDEN","entry","checkAuth","updateAccesses","catch","e","mail","uid","JSON","stringify","identity","email","splitFullName","cn","updateOrCreateUser","servers","configuration","auth","ldap","bindUserDN","loginAttribute","baseDN","client","s","Client","clientOptions","url","bind","checkAccess","errors","length","err","warn","InvalidCredentialsError","unbind","CONNECT_ERROR_CODE","has","code","INTERNAL_SERVER_ERROR","searchFilter","filter","searchEntries","search","scope","attributes","entryAttributes","Array","isArray","adminUsersManager","createUserOrGuest","USER_ROLE","USER","identityHasChanged","Object","fromEntries","Promise","all","keys","map","key","isSame","comparePassword","Boolean","updateUserOrGuest","id","assign","makePaths","Logger","timeout","connectTimeout"],"mappings":"AAAA;;;;CAIC;;;;+BAiBYA;;;eAAAA;;;wBAfiD;wBACQ;8BACnC;sBACT;0CAGQ;qCACL;2BACkB;mCACjB;;;;;;;;;;AAMvB,IAAA,AAAMA,wBAAN,MAAMA;IAUX,MAAMC,aAAaC,YAAoB,EAAEC,QAAgB,EAAEC,EAAW,EAAsB;QAC1F,IAAIC,OAAO,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAACL,cAAc;QAC1D,IAAIG,MAAM;YACR,IAAIA,KAAKG,OAAO,EAAE;gBAChB,wFAAwF;gBACxF,OAAO,IAAI,CAACF,YAAY,CAACG,OAAO,CAACJ,MAAMF,UAAUC;YACnD;YACA,IAAI,CAACC,KAAKK,QAAQ,EAAE;gBAClB,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,SAAS,EAAER,KAAKS,KAAK,CAAC,WAAW,CAAC;gBAC9E,MAAM,IAAIC,qBAAa,CAAC,kBAAkBC,kBAAU,CAACC,SAAS;YAChE;QACF;QACA,MAAMC,QAAQ,MAAM,IAAI,CAACC,SAAS,CAACjB,cAAcC;QACjD,IAAIe,UAAU,OAAO;YACnB,IAAIb,MAAM;gBACR,IAAI,CAACC,YAAY,CAACc,cAAc,CAACf,MAAMD,IAAI,OAAOiB,KAAK,CAAC,CAACC,IAAa,IAAI,CAACX,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,GAAG,EAAES,GAAG;YAC5H;YACA,OAAO;QACT,OAAO,IAAI,CAACJ,MAAMK,IAAI,IAAI,CAACL,MAAMM,GAAG,EAAE;YACpC,IAAI,CAACb,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,GAAG,EAAEX,aAAa,oCAAoC,EAAEuB,KAAKC,SAAS,CAACR,OAAO,CAAC,CAAC;YAC5H,OAAO;QACT;QACA,MAAMS,WAAW;YAAEb,OAAOI,MAAMM,GAAG;YAAEI,OAAOV,MAAMK,IAAI;YAAEpB,UAAUA;YAAU,GAAG0B,IAAAA,wBAAa,EAACX,MAAMY,EAAE,CAAC;QAAC;QACvGzB,OAAO,MAAM,IAAI,CAAC0B,kBAAkB,CAACJ,UAAUtB;QAC/C,IAAI,CAACC,YAAY,CAACc,cAAc,CAACf,MAAMD,IAAI,MAAMiB,KAAK,CAAC,CAACC,IAAa,IAAI,CAACX,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,GAAG,EAAES,GAAG;QACzH,OAAOjB;IACT;IAEA,MAAcc,UAAUK,GAAW,EAAErB,QAAgB,EAAkC;QACrF,MAAM6B,UAAUC,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACH,OAAO;QAC/C,MAAMI,aAAa,GAAGH,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACE,cAAc,CAAC,CAAC,EAAEb,IAAI,CAAC,EAAES,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACG,MAAM,EAAE;QACvG,IAAIC;QACJ,IAAI3B;QACJ,KAAK,MAAM4B,KAAKR,QAAS;YACvBO,SAAS,IAAIE,cAAM,CAAC;gBAAE,GAAG,IAAI,CAACC,aAAa;gBAAEC,KAAKH;YAAE;YACpD,IAAI;gBACF,MAAMD,OAAOK,IAAI,CAACR,YAAYjC;gBAC9B,OAAO,MAAM,IAAI,CAAC0C,WAAW,CAACN,QAAQf;YACxC,EAAE,OAAOF,GAAG;gBACV,IAAIA,EAAEwB,MAAM,EAAEC,QAAQ;oBACpB,KAAK,MAAMC,OAAO1B,EAAEwB,MAAM,CAAE;wBAC1B,IAAI,CAACnC,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACN,IAAI,CAAC,GAAG,EAAEW,IAAI,GAAG,EAAEwB,KAAK;wBAC3DpC,QAAQoC;oBACV;gBACF,OAAO;oBACLpC,QAAQU;oBACR,IAAI,CAACX,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACN,IAAI,CAAC,GAAG,EAAEW,IAAI,GAAG,EAAEF,GAAG;gBAC3D;gBACA,IAAIV,iBAAiBsC,+BAAuB,EAAE;oBAC5C,OAAO;gBACT;YACF,SAAU;gBACR,MAAMX,OAAOY,MAAM;YACrB;QACF;QACA,IAAIvC,SAASwC,gCAAkB,CAACC,GAAG,CAACzC,MAAM0C,IAAI,GAAG;YAC/C,MAAM,IAAIvC,qBAAa,CAAC,2CAA2CC,kBAAU,CAACuC,qBAAqB;QACrG;QACA,OAAO;IACT;IAEA,MAAcV,YAAYN,MAAc,EAAEf,GAAW,EAAkC;QACrF,MAAMgC,eAAe,CAAC,GAAG,EAAEvB,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACE,cAAc,CAAC,CAAC,EAAEb,IAAI,CAAC,EAAES,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACsB,MAAM,IAAI,GAAG,CAAC,CAAC;QACnH,IAAI;YACF,MAAM,EAAEC,aAAa,EAAE,GAAG,MAAMnB,OAAOoB,MAAM,CAAC1B,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACG,MAAM,EAAE;gBAC5EsB,OAAO;gBACPH,QAAQD;gBACRK,YAAY,IAAI,CAACC,eAAe;YAClC;YACA,KAAK,MAAM5C,SAASwC,cAAe;gBACjC,IAAIxC,KAAK,CAACe,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACE,cAAc,CAAC,KAAKb,KAAK;oBACzD,IAAIuC,MAAMC,OAAO,CAAC9C,MAAMK,IAAI,GAAG;wBAC7B,sDAAsD;wBACtDL,MAAMK,IAAI,GAAGL,MAAMK,IAAI,CAAC,EAAE;oBAC5B;oBACA,OAAOL;gBACT;YACF;YACA,OAAO;QACT,EAAE,OAAOI,GAAG;YACV,IAAI,CAACX,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAChC,IAAI,CAAC,GAAG,EAAEW,IAAI,GAAG,EAAEF,GAAG;YAC3D,OAAO;QACT;IACF;IAEA,MAAcS,mBAAmBJ,QAAuB,EAAEtB,IAAe,EAAsB;QAC7F,IAAIA,SAAS,MAAM;YACjB,OAAO,IAAI,CAAC4D,iBAAiB,CAACC,iBAAiB,CAACvC,UAAUwC,eAAS,CAACC,IAAI;QAC1E,OAAO;YACL,IAAIzC,SAASb,KAAK,KAAKT,KAAKS,KAAK,EAAE;gBACjC,IAAI,CAACH,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,sBAAsB,EAAEc,SAASb,KAAK,CAAC,KAAK,EAAET,KAAKS,KAAK,EAAE;gBAC5G,MAAM,IAAIC,qBAAa,CAAC,0BAA0BC,kBAAU,CAACC,SAAS;YACxE;YACA,wCAAwC;YACxC,MAAMoD,qBAAoCC,OAAOC,WAAW,CAC1D,AACE,CAAA,MAAMC,QAAQC,GAAG,CACfH,OAAOI,IAAI,CAAC/C,UAAUgD,GAAG,CAAC,OAAOC;gBAC/B,IAAIA,QAAQ,YAAY;oBACtB,MAAMC,SAAS,MAAMC,IAAAA,0BAAe,EAACnD,QAAQ,CAACiD,IAAI,EAAEvE,KAAKF,QAAQ;oBACjE,OAAO0E,SAAS,OAAO;wBAACD;wBAAKjD,QAAQ,CAACiD,IAAI;qBAAC;gBAC7C;gBACA,OAAOjD,QAAQ,CAACiD,IAAI,KAAKvE,IAAI,CAACuE,IAAI,GAAG;oBAACA;oBAAKjD,QAAQ,CAACiD,IAAI;iBAAC,GAAG;YAC9D,GACF,EACAnB,MAAM,CAACsB;YAEX,IAAIT,OAAOI,IAAI,CAACL,oBAAoBtB,MAAM,GAAG,GAAG;gBAC9C,IAAI;oBACF,MAAM,IAAI,CAACkB,iBAAiB,CAACe,iBAAiB,CAAC3E,KAAK4E,EAAE,EAAEZ;oBACxD,IAAIA,oBAAoBlE,UAAU;wBAChC,OAAOkE,mBAAmBlE,QAAQ;oBACpC;oBACAmE,OAAOY,MAAM,CAAC7E,MAAMgE;gBACtB,EAAE,OAAO/C,GAAG;oBACV,IAAI,CAACX,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAAClB,kBAAkB,CAAClB,IAAI,CAAC,0BAA0B,EAAER,KAAKS,KAAK,CAAC,IAAI,EAAEQ,GAAG;gBACnG;YACF;YACA,MAAMjB,KAAK8E,SAAS;YACpB,OAAO9E;QACT;IACF;IA9HA,YACE,AAAiBC,YAA0B,EAC3C,AAAiB2D,iBAAoC,CACrD;aAFiB3D,eAAAA;aACA2D,oBAAAA;aANFtD,SAAS,IAAIyE,cAAM,CAACpF,sBAAsBa,IAAI;aAC9CiD,kBAAkB;YAAC;YAAO;YAAQ;SAAK;aAChDpB,gBAA+B;YAAE2C,SAAS;YAAMC,gBAAgB;YAAM3C,KAAK;QAAG;IAKnF;AA4HL"}
+{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-ldap.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { Client, ClientOptions, Entry, InvalidCredentialsError } from 'ldapts'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { USER_ROLE } from '../../../applications/users/constants/user'\nimport { CreateUserDto, UpdateUserDto } from '../../../applications/users/dto/create-or-update-user.dto'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { comparePassword, splitFullName } from '../../../common/functions'\nimport { configuration } from '../../../configuration/config.environment'\nimport { AuthMethod } from '../../models/auth-method'\n\ntype LdapUserEntry = Entry & { uid: string; mail: string; cn: string }\n\n@Injectable()\nexport class AuthMethodLdapService implements AuthMethod {\n  private readonly logger = new Logger(AuthMethodLdapService.name)\n  private readonly entryAttributes = ['uid', 'mail', 'cn']\n  private clientOptions: ClientOptions = { timeout: 6000, connectTimeout: 6000, url: '' }\n\n  constructor(\n    private readonly usersManager: UsersManager,\n    private readonly adminUsersManager: AdminUsersManager\n  ) {}\n\n  async validateUser(loginOrEmail: string, password: string, ip?: string): Promise<UserModel> {\n    let user = await this.usersManager.findUser(loginOrEmail, false)\n    if (user) {\n      if (user.isGuest) {\n        // allow guests to be authenticated from db and check if the current user is defined as active\n        return this.usersManager.logUser(user, password, ip)\n      }\n      if (!user.isActive) {\n        this.logger.error(`${this.validateUser.name} - user *${user.login}* is locked`)\n        throw new HttpException('Account locked', HttpStatus.FORBIDDEN)\n      }\n    }\n    const entry: false | LdapUserEntry = await this.checkAuth(loginOrEmail, password)\n    if (entry === false) {\n      if (user) {\n        this.usersManager.updateAccesses(user, ip, false).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n      }\n      return null\n    } else if (!entry.mail || !entry.uid) {\n      this.logger.error(`${this.validateUser.name} - ${loginOrEmail} : some ldap fields are missing => (${JSON.stringify(entry)})`)\n      return null\n    }\n    const identity = { login: entry.uid, email: entry.mail, password: password, ...splitFullName(entry.cn) } satisfies CreateUserDto\n    user = await this.updateOrCreateUser(identity, user)\n    this.usersManager.updateAccesses(user, ip, true).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n    return user\n  }\n\n  private async checkAuth(uid: string, password: string): Promise<LdapUserEntry | false> {\n    const servers = configuration.auth.ldap.servers\n    const bindUserDN = `${configuration.auth.ldap.loginAttribute}=${uid},${configuration.auth.ldap.baseDN}`\n    let client: Client\n    let error: any\n    for (const s of servers) {\n      client = new Client({ ...this.clientOptions, url: s })\n      try {\n        await client.bind(bindUserDN, password)\n        return await this.checkAccess(client, uid)\n      } catch (e) {\n        if (e.errors?.length) {\n          for (const err of e.errors) {\n            this.logger.warn(`${this.checkAuth.name} - ${uid} : ${err}`)\n            error = err\n          }\n        } else {\n          error = e\n          this.logger.warn(`${this.checkAuth.name} - ${uid} : ${e}`)\n        }\n        if (error instanceof InvalidCredentialsError) {\n          return false\n        }\n      } finally {\n        await client.unbind()\n      }\n    }\n    if (error && CONNECT_ERROR_CODE.has(error.code)) {\n      throw new HttpException('Authentication service error', HttpStatus.INTERNAL_SERVER_ERROR)\n    }\n    return false\n  }\n\n  private async checkAccess(client: Client, uid: string): Promise<LdapUserEntry | false> {\n    const searchFilter = `(&(${configuration.auth.ldap.loginAttribute}=${uid})${configuration.auth.ldap.filter || ''})`\n    try {\n      const { searchEntries } = await client.search(configuration.auth.ldap.baseDN, {\n        scope: 'sub',\n        filter: searchFilter,\n        attributes: this.entryAttributes\n      })\n      for (const entry of searchEntries) {\n        if (entry[configuration.auth.ldap.loginAttribute] === uid) {\n          if (Array.isArray(entry.mail)) {\n            // handles the case of multiple emails, keep the first\n            entry.mail = entry.mail[0]\n          }\n          return entry as LdapUserEntry\n        }\n      }\n      return false\n    } catch (e) {\n      this.logger.warn(`${this.checkAccess.name} - ${uid} : ${e}`)\n      return false\n    }\n  }\n\n  private async updateOrCreateUser(identity: CreateUserDto, user: UserModel): Promise<UserModel> {\n    if (user === null) {\n      return this.adminUsersManager.createUserOrGuest(identity, USER_ROLE.USER)\n    } else {\n      if (identity.login !== user.login) {\n        this.logger.error(`${this.updateOrCreateUser.name} - user id mismatch : ${identity.login} !== ${user.login}`)\n        throw new HttpException('Account matching error', HttpStatus.FORBIDDEN)\n      }\n      // check if user information has changed\n      const identityHasChanged: UpdateUserDto = Object.fromEntries(\n        (\n          await Promise.all(\n            Object.keys(identity).map(async (key: string) => {\n              if (key === 'password') {\n                const isSame = await comparePassword(identity[key], user.password)\n                return isSame ? null : [key, identity[key]]\n              }\n              return identity[key] !== user[key] ? [key, identity[key]] : null\n            })\n          )\n        ).filter(Boolean)\n      )\n      if (Object.keys(identityHasChanged).length > 0) {\n        try {\n          await this.adminUsersManager.updateUserOrGuest(user.id, identityHasChanged)\n          if (identityHasChanged?.password) {\n            delete identityHasChanged.password\n          }\n          Object.assign(user, identityHasChanged)\n        } catch (e) {\n          this.logger.warn(`${this.updateOrCreateUser.name} - unable to update user *${user.login}* : ${e}`)\n        }\n      }\n      await user.makePaths()\n      return user\n    }\n  }\n}\n"],"names":["AuthMethodLdapService","validateUser","loginOrEmail","password","ip","user","usersManager","findUser","isGuest","logUser","isActive","logger","error","name","login","HttpException","HttpStatus","FORBIDDEN","entry","checkAuth","updateAccesses","catch","e","mail","uid","JSON","stringify","identity","email","splitFullName","cn","updateOrCreateUser","servers","configuration","auth","ldap","bindUserDN","loginAttribute","baseDN","client","s","Client","clientOptions","url","bind","checkAccess","errors","length","err","warn","InvalidCredentialsError","unbind","CONNECT_ERROR_CODE","has","code","INTERNAL_SERVER_ERROR","searchFilter","filter","searchEntries","search","scope","attributes","entryAttributes","Array","isArray","adminUsersManager","createUserOrGuest","USER_ROLE","USER","identityHasChanged","Object","fromEntries","Promise","all","keys","map","key","isSame","comparePassword","Boolean","updateUserOrGuest","id","assign","makePaths","Logger","timeout","connectTimeout"],"mappings":"AAAA;;;;CAIC;;;;+BAiBYA;;;eAAAA;;;wBAfiD;wBACQ;8BACnC;sBACT;0CAGQ;qCACL;2BACkB;mCACjB;;;;;;;;;;AAMvB,IAAA,AAAMA,wBAAN,MAAMA;IAUX,MAAMC,aAAaC,YAAoB,EAAEC,QAAgB,EAAEC,EAAW,EAAsB;QAC1F,IAAIC,OAAO,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAACL,cAAc;QAC1D,IAAIG,MAAM;YACR,IAAIA,KAAKG,OAAO,EAAE;gBAChB,8FAA8F;gBAC9F,OAAO,IAAI,CAACF,YAAY,CAACG,OAAO,CAACJ,MAAMF,UAAUC;YACnD;YACA,IAAI,CAACC,KAAKK,QAAQ,EAAE;gBAClB,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,SAAS,EAAER,KAAKS,KAAK,CAAC,WAAW,CAAC;gBAC9E,MAAM,IAAIC,qBAAa,CAAC,kBAAkBC,kBAAU,CAACC,SAAS;YAChE;QACF;QACA,MAAMC,QAA+B,MAAM,IAAI,CAACC,SAAS,CAACjB,cAAcC;QACxE,IAAIe,UAAU,OAAO;YACnB,IAAIb,MAAM;gBACR,IAAI,CAACC,YAAY,CAACc,cAAc,CAACf,MAAMD,IAAI,OAAOiB,KAAK,CAAC,CAACC,IAAa,IAAI,CAACX,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,GAAG,EAAES,GAAG;YAC5H;YACA,OAAO;QACT,OAAO,IAAI,CAACJ,MAAMK,IAAI,IAAI,CAACL,MAAMM,GAAG,EAAE;YACpC,IAAI,CAACb,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,GAAG,EAAEX,aAAa,oCAAoC,EAAEuB,KAAKC,SAAS,CAACR,OAAO,CAAC,CAAC;YAC5H,OAAO;QACT;QACA,MAAMS,WAAW;YAAEb,OAAOI,MAAMM,GAAG;YAAEI,OAAOV,MAAMK,IAAI;YAAEpB,UAAUA;YAAU,GAAG0B,IAAAA,wBAAa,EAACX,MAAMY,EAAE,CAAC;QAAC;QACvGzB,OAAO,MAAM,IAAI,CAAC0B,kBAAkB,CAACJ,UAAUtB;QAC/C,IAAI,CAACC,YAAY,CAACc,cAAc,CAACf,MAAMD,IAAI,MAAMiB,KAAK,CAAC,CAACC,IAAa,IAAI,CAACX,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACX,YAAY,CAACY,IAAI,CAAC,GAAG,EAAES,GAAG;QACzH,OAAOjB;IACT;IAEA,MAAcc,UAAUK,GAAW,EAAErB,QAAgB,EAAkC;QACrF,MAAM6B,UAAUC,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACH,OAAO;QAC/C,MAAMI,aAAa,GAAGH,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACE,cAAc,CAAC,CAAC,EAAEb,IAAI,CAAC,EAAES,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACG,MAAM,EAAE;QACvG,IAAIC;QACJ,IAAI3B;QACJ,KAAK,MAAM4B,KAAKR,QAAS;YACvBO,SAAS,IAAIE,cAAM,CAAC;gBAAE,GAAG,IAAI,CAACC,aAAa;gBAAEC,KAAKH;YAAE;YACpD,IAAI;gBACF,MAAMD,OAAOK,IAAI,CAACR,YAAYjC;gBAC9B,OAAO,MAAM,IAAI,CAAC0C,WAAW,CAACN,QAAQf;YACxC,EAAE,OAAOF,GAAG;gBACV,IAAIA,EAAEwB,MAAM,EAAEC,QAAQ;oBACpB,KAAK,MAAMC,OAAO1B,EAAEwB,MAAM,CAAE;wBAC1B,IAAI,CAACnC,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACN,IAAI,CAAC,GAAG,EAAEW,IAAI,GAAG,EAAEwB,KAAK;wBAC3DpC,QAAQoC;oBACV;gBACF,OAAO;oBACLpC,QAAQU;oBACR,IAAI,CAACX,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACN,IAAI,CAAC,GAAG,EAAEW,IAAI,GAAG,EAAEF,GAAG;gBAC3D;gBACA,IAAIV,iBAAiBsC,+BAAuB,EAAE;oBAC5C,OAAO;gBACT;YACF,SAAU;gBACR,MAAMX,OAAOY,MAAM;YACrB;QACF;QACA,IAAIvC,SAASwC,gCAAkB,CAACC,GAAG,CAACzC,MAAM0C,IAAI,GAAG;YAC/C,MAAM,IAAIvC,qBAAa,CAAC,gCAAgCC,kBAAU,CAACuC,qBAAqB;QAC1F;QACA,OAAO;IACT;IAEA,MAAcV,YAAYN,MAAc,EAAEf,GAAW,EAAkC;QACrF,MAAMgC,eAAe,CAAC,GAAG,EAAEvB,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACE,cAAc,CAAC,CAAC,EAAEb,IAAI,CAAC,EAAES,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACsB,MAAM,IAAI,GAAG,CAAC,CAAC;QACnH,IAAI;YACF,MAAM,EAAEC,aAAa,EAAE,GAAG,MAAMnB,OAAOoB,MAAM,CAAC1B,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACG,MAAM,EAAE;gBAC5EsB,OAAO;gBACPH,QAAQD;gBACRK,YAAY,IAAI,CAACC,eAAe;YAClC;YACA,KAAK,MAAM5C,SAASwC,cAAe;gBACjC,IAAIxC,KAAK,CAACe,gCAAa,CAACC,IAAI,CAACC,IAAI,CAACE,cAAc,CAAC,KAAKb,KAAK;oBACzD,IAAIuC,MAAMC,OAAO,CAAC9C,MAAMK,IAAI,GAAG;wBAC7B,sDAAsD;wBACtDL,MAAMK,IAAI,GAAGL,MAAMK,IAAI,CAAC,EAAE;oBAC5B;oBACA,OAAOL;gBACT;YACF;YACA,OAAO;QACT,EAAE,OAAOI,GAAG;YACV,IAAI,CAACX,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAChC,IAAI,CAAC,GAAG,EAAEW,IAAI,GAAG,EAAEF,GAAG;YAC3D,OAAO;QACT;IACF;IAEA,MAAcS,mBAAmBJ,QAAuB,EAAEtB,IAAe,EAAsB;QAC7F,IAAIA,SAAS,MAAM;YACjB,OAAO,IAAI,CAAC4D,iBAAiB,CAACC,iBAAiB,CAACvC,UAAUwC,eAAS,CAACC,IAAI;QAC1E,OAAO;YACL,IAAIzC,SAASb,KAAK,KAAKT,KAAKS,KAAK,EAAE;gBACjC,IAAI,CAACH,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,sBAAsB,EAAEc,SAASb,KAAK,CAAC,KAAK,EAAET,KAAKS,KAAK,EAAE;gBAC5G,MAAM,IAAIC,qBAAa,CAAC,0BAA0BC,kBAAU,CAACC,SAAS;YACxE;YACA,wCAAwC;YACxC,MAAMoD,qBAAoCC,OAAOC,WAAW,CAC1D,AACE,CAAA,MAAMC,QAAQC,GAAG,CACfH,OAAOI,IAAI,CAAC/C,UAAUgD,GAAG,CAAC,OAAOC;gBAC/B,IAAIA,QAAQ,YAAY;oBACtB,MAAMC,SAAS,MAAMC,IAAAA,0BAAe,EAACnD,QAAQ,CAACiD,IAAI,EAAEvE,KAAKF,QAAQ;oBACjE,OAAO0E,SAAS,OAAO;wBAACD;wBAAKjD,QAAQ,CAACiD,IAAI;qBAAC;gBAC7C;gBACA,OAAOjD,QAAQ,CAACiD,IAAI,KAAKvE,IAAI,CAACuE,IAAI,GAAG;oBAACA;oBAAKjD,QAAQ,CAACiD,IAAI;iBAAC,GAAG;YAC9D,GACF,EACAnB,MAAM,CAACsB;YAEX,IAAIT,OAAOI,IAAI,CAACL,oBAAoBtB,MAAM,GAAG,GAAG;gBAC9C,IAAI;oBACF,MAAM,IAAI,CAACkB,iBAAiB,CAACe,iBAAiB,CAAC3E,KAAK4E,EAAE,EAAEZ;oBACxD,IAAIA,oBAAoBlE,UAAU;wBAChC,OAAOkE,mBAAmBlE,QAAQ;oBACpC;oBACAmE,OAAOY,MAAM,CAAC7E,MAAMgE;gBACtB,EAAE,OAAO/C,GAAG;oBACV,IAAI,CAACX,MAAM,CAACsC,IAAI,CAAC,GAAG,IAAI,CAAClB,kBAAkB,CAAClB,IAAI,CAAC,0BAA0B,EAAER,KAAKS,KAAK,CAAC,IAAI,EAAEQ,GAAG;gBACnG;YACF;YACA,MAAMjB,KAAK8E,SAAS;YACpB,OAAO9E;QACT;IACF;IA9HA,YACE,AAAiBC,YAA0B,EAC3C,AAAiB2D,iBAAoC,CACrD;aAFiB3D,eAAAA;aACA2D,oBAAAA;aANFtD,SAAS,IAAIyE,cAAM,CAACpF,sBAAsBa,IAAI;aAC9CiD,kBAAkB;YAAC;YAAO;YAAQ;SAAK;aAChDpB,gBAA+B;YAAE2C,SAAS;YAAMC,gBAAgB;YAAM3C,KAAK;QAAG;IAKnF;AA4HL"}