@things-factory/auth-base 7.0.70 → 7.0.72

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "7.0.70",
+  "version": "7.0.72",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -32,9 +32,9 @@
   "dependencies": {
     "@simplewebauthn/browser": "^10.0.0",
     "@simplewebauthn/server": "^10.0.0",
-    "@things-factory/email-base": "^7.0.70",
+    "@things-factory/email-base": "^7.0.72",
     "@things-factory/env": "^7.0.70",
-    "@things-factory/shell": "^7.0.70",
+    "@things-factory/shell": "^7.0.72",
     "@things-factory/utils": "^7.0.70",
     "@types/webappsec-credential-management": "^0.6.8",
     "jsonwebtoken": "^9.0.0",
@@ -46,5 +46,5 @@
     "passport-jwt": "^4.0.0",
     "passport-local": "^1.0.0"
   },
-  "gitHead": "f046cfbb15447499fc5be9a9d82e2deb296b5f36"
+  "gitHead": "6131a0f20fcc11bc8e9e9d839de8e9700a2b0ac0"
 }

package/server/controllers/change-pwd.ts

@@ -42,6 +42,7 @@ export async function changePwd(attrs, currentPass, newPass, confirmPass, contex
       }
     })
   }
+
   /* check if password is following the rule */
   User.validatePasswordByRule(newPass, context?.lng)
 

package/server/service/privilege/privilege-directive.ts

@@ -2,7 +2,6 @@ import { defaultFieldResolver, GraphQLSchema } from 'graphql'
 import gql from 'graphql-tag'
 
 import { getDirective, MapperKind, mapSchema } from '@graphql-tools/utils'
-import { User } from '../user/user'
 import { checkPermission } from '../../utils/check-permission'
 
 process['PRIVILEGES'] = {}
@@ -33,6 +32,18 @@ export const privilegeDirectiveResolver = (schema: GraphQLSchema) =>
           process['PRIVILEGES'][`${category} ${privilege}`] = [category, privilege]
         }
 
+        // 필드의 기존 description 가져오기
+        const existingDescription = fieldConfig.description || ''
+
+        // 권한 정보를 포함한 새로운 description 생성
+        const privilegeDescription =
+          `\n\n🔒 Requires privilege: ${category}:${privilege}` +
+          (domainOwnerGranted ? ', Domain ownership' : '') +
+          (superUserGranted ? ', System ownership' : '')
+
+        // 기존 description과 결합
+        fieldConfig.description = `${existingDescription} ${privilegeDescription}`.trim()
+
         fieldConfig.resolve = async function (source, args, context, info) {
           const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
 

package/server/service/user/user-mutation.ts

@@ -28,6 +28,10 @@ export class UserMutation {
       throw new Error(context.t('error.x already exists in y', { x: context.t('field.user'), y: 'operato' }))
     }
 
+    if (!user.password && !defaultPassword) {
+      throw new Error(context.t('error.initial password or default password should be supported'))
+    }
+
     // consider if validation password rule is required
     /* check if password is following the rule */
     // User.validatePasswordByRule(user.password, context.lng)

package/server/service/user/user-query.ts

@@ -3,19 +3,37 @@ import { GraphQLEmailAddress } from 'graphql-scalars'
 import { ILike, SelectQueryBuilder } from 'typeorm'
 
 import { config } from '@things-factory/env'
-import { Domain, getRepository, ListParam, getQueryBuilderFromListParams } from '@things-factory/shell'
+import { getRepository, ListParam, getQueryBuilderFromListParams } from '@things-factory/shell'
 
 import { checkUserBelongsDomain } from '../../utils/check-user-belongs-domain'
 import { buildDomainUsersQueryBuilder } from '../../utils/get-domain-users'
-import { Appliance } from '../appliance/appliance'
-import { Application } from '../application/application'
 import { User } from './user'
-import { UserList } from './user-types'
+import { PasswordRule, UserList } from './user-types'
+
+const passwordRule = config.get('password') || {
+  lowerCase: true,
+  upperCase: true,
+  digit: true,
+  specialCharacter: true,
+  allowRepeat: false,
+  useTightPattern: true,
+  useLoosePattern: false,
+  tightCharacterLength: 8,
+  looseCharacterLength: 15
+}
 
 @Resolver(User)
 export class UserQuery {
+  @Query(returns => PasswordRule, {
+    description:
+      'Retrieves the current password rule configuration for the system, such as required character types and minimum length.'
+  })
+  passwordRule(@Ctx() context: ResolverContext): PasswordRule {
+    return passwordRule
+  }
+
   @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
-  @Query(returns => User, { description: 'To fetch user' })
+  @Query(returns => User, { description: 'Fetches a user by their email address within the current domain.' })
   async user(@Arg('email', type => GraphQLEmailAddress) email: string, @Ctx() context: ResolverContext): Promise<User> {
     const { domain } = context.state
 
@@ -26,7 +44,9 @@ export class UserQuery {
   }
 
   @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
-  @Query(returns => UserList, { description: 'To fetch multiple users' })
+  @Query(returns => UserList, {
+    description: 'Fetches a list of users based on provided search parameters within the current domain.'
+  })
   async users(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<UserList> {
     const { domain } = context.state
 
@@ -58,7 +78,7 @@ export class UserQuery {
     return { items: foundUsers, total }
   }
 
-  @Query(returns => Boolean, { description: 'To check if current user is belongs to current domain' })
+  @Query(returns => Boolean, { description: 'Checks if the current authenticated user belongs to the current domain.' })
   async checkUserBelongsDomain(@Ctx() context: ResolverContext): Promise<Boolean> {
     const { user, domain } = context.state
 
@@ -69,14 +89,18 @@ export class UserQuery {
     }
   }
 
-  @Query(returns => Boolean, { description: 'To check if system would provide default password to create new user' })
+  @Query(returns => Boolean, {
+    description: 'Determines whether the system provides a default password when creating a new user.'
+  })
   async checkResettablePasswordToDefault(@Ctx() context: ResolverContext): Promise<Boolean> {
     const { defaultPassword } = config.get('password')
 
     return Boolean(defaultPassword)
   }
 
-  @Query(returns => Boolean, { description: 'To check if system would provide default password to create new user' })
+  @Query(returns => Boolean, {
+    description: 'Checks if the system is configured to provide a default password for new users.'
+  })
   async checkDefaultPassword(@Ctx() context: ResolverContext): Promise<Boolean> {
     const { defaultPassword } = config.get('password')
 
@@ -84,7 +108,7 @@ export class UserQuery {
   }
 
   @Directive('@privilege(category: "user", privilege: "query")')
-  @Query(returns => Boolean, { description: '...' })
+  @Query(returns => Boolean, { description: 'Checks if a user with the given email address exists in the system.' })
   async checkUserExistence(@Arg('email', type => GraphQLEmailAddress) email: string): Promise<Boolean> {
     return Boolean(await getRepository(User).count({ where: { email: ILike(email) } }))
   }

package/server/service/user/user-types.ts

@@ -3,6 +3,36 @@ import { GraphQLEmailAddress } from 'graphql-scalars'
 import { ObjectRef } from '@things-factory/shell'
 import { User } from './user'
 
+@ObjectType()
+export class PasswordRule {
+  @Field({ nullable: true })
+  lowerCase?: boolean
+
+  @Field({ nullable: true })
+  upperCase?: boolean
+
+  @Field({ nullable: true })
+  digit?: boolean
+
+  @Field({ nullable: true })
+  specialCharacter?: boolean
+
+  @Field({ nullable: true })
+  allowRepeat?: boolean
+
+  @Field({ nullable: true })
+  useTightPattern?: boolean
+
+  @Field({ nullable: true })
+  useLoosePattern?: boolean
+
+  @Field({ nullable: true })
+  tightCharacterLength?: number
+
+  @Field({ nullable: true })
+  looseCharacterLength?: number
+}
+
 @InputType()
 export class NewUser {
   @Field()

package/translations/en.json

@@ -5,6 +5,7 @@
   "error.domain mismatch": "certificate is not for this domain",
   "error.domain not allowed": "user not allowed domain `{subdomain}`",
   "error.failed to find x": "failed to find {x}",
+  "error.password should be supported": "initial password or default password should be supported",
   "error.password should match the rule": "password should match following rule. ${rule}",
   "error.password used in the past": "password used in the past",
   "error.subdomain not found": "domain not found",

package/translations/ja.json

@@ -5,6 +5,7 @@
   "error.domain mismatch": "証明書のドメインと現在のドメインが一致しません.",
   "error.domain not allowed": "'{subdomain}' 領域はこのユーザに許可されていません.",
   "error.failed to find x": "{x}が見つかりません.",
+  "error.password should be supported": "初期パスワードまたはデフォルトパスワードがサポートされるべきです",
   "error.password should match the rule": "パスワードは次の規則を守らなければなりません. {rule}",
   "error.password used in the past": "過去に使用されたパスワードです.",
   "error.subdomain not found": "サブドメインが見つかりません.",

package/translations/ko.json

@@ -5,6 +5,7 @@
   "error.domain mismatch": "인증서의 도메인과 현재 도메인이 일치하지 않습니다.",
   "error.domain not allowed": "'{subdomain}' 영역은 이 사용자에게 허가되지 않았습니다.",
   "error.failed to find x": "{x}을(를) 찾을 수 없습니다.",
+  "error.password should be supported": "초기 비밀번호나 디폴트 비밀번호가 제공되어야 합니다.",
   "error.password should match the rule": "비밀번호는 다음 규칙을 지켜야 합니다. {rule}",
   "error.password used in the past": "과거에 사용된 비밀번호입니다.",
   "error.subdomain not found": "서브도메인을 찾을 수 없습니다.",

package/translations/ms.json

@@ -5,6 +5,7 @@
   "error.domain mismatch": "Sijil tidak sesuai untuk domain ini",
   "error.domain not allowed": "Pengguna tidak dibenarkan domain `{subdomain}`",
   "error.failed to find x": "Gagal mencari {x}",
+  "error.password should be supported": "kata laluan awal atau kata laluan lalai harus disokong",
   "error.password should match the rule": "Kata laluan harus mematuhi peraturan berikut. ${rule}",
   "error.password used in the past": "Kata laluan telah digunakan dalam masa lampau",
   "error.subdomain not found": "Domain tidak ditemui",

package/translations/zh.json

@@ -6,6 +6,7 @@
   "error.domain mismatch": "证书不适用于该域！",
   "error.domain not allowed": "用户无权限使用`{subdomain}`域！",
   "error.failed to find x": "查询{x}失败！",
+  "error.password should be supported": "应支持初始密码或默认密码",
   "error.password should match the rule": "密码应符合以下规则。${rule}",
   "error.password used in the past": "使用过的密码！",
   "error.subdomain not found": "用户域查询失败！",