@things-factory/auth-base 8.0.0-alpha.28 → 8.0.0-alpha.29

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "8.0.0-alpha.28",
+  "version": "8.0.0-alpha.29",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -32,10 +32,10 @@
   "dependencies": {
     "@simplewebauthn/browser": "^10.0.0",
     "@simplewebauthn/server": "^10.0.0",
-    "@things-factory/email-base": "^8.0.0-alpha.28",
+    "@things-factory/email-base": "^8.0.0-alpha.29",
     "@things-factory/env": "^8.0.0-alpha.8",
-    "@things-factory/shell": "^8.0.0-alpha.28",
-    "@things-factory/utils": "^8.0.0-alpha.14",
+    "@things-factory/shell": "^8.0.0-alpha.29",
+    "@things-factory/utils": "^8.0.0-alpha.29",
     "@types/webappsec-credential-management": "^0.6.8",
     "jsonwebtoken": "^9.0.0",
     "koa-passport": "^6.0.0",
@@ -46,5 +46,5 @@
     "passport-jwt": "^4.0.0",
     "passport-local": "^1.0.0"
   },
-  "gitHead": "a686f7c8320e5a67280cdb307f32f220c0297c77"
+  "gitHead": "a7592d7dc0886734d2798ee5756c51b0c0aa13fa"
 }

package/server/service/user/user-mutation.ts

@@ -1,6 +1,6 @@
 import { Arg, Ctx, Directive, Mutation, Resolver } from 'type-graphql'
 import { GraphQLEmailAddress } from 'graphql-scalars'
-import { ILike, In, SelectQueryBuilder } from 'typeorm'
+import { ILike, In, SelectQueryBuilder, EntityManager } from 'typeorm'
 
 import { config } from '@things-factory/env'
 import { Domain, getRepository, ObjectRef } from '@things-factory/shell'
@@ -17,13 +17,13 @@ export class UserMutation {
   @Directive('@transaction')
   @Mutation(returns => User, { description: 'To create new user' })
   async createUser(@Arg('user') user: NewUser, @Ctx() context: ResolverContext) {
-    const { domain } = context.state
+    const { domain, tx } = context.state
     const { defaultPassword } = config.get('password')
     const { email } = user
 
     user.email = email.trim()
 
-    const oldUser: User = await getRepository(User).findOne({ where: { email: ILike(user.email) } })
+    const oldUser: User = await getRepository(User, tx).findOne({ where: { email: ILike(user.email) } })
     if (oldUser) {
       throw new Error(context.t('error.x already exists in y', { x: context.t('field.user'), y: 'operato' }))
     }
@@ -38,14 +38,14 @@ export class UserMutation {
 
     const salt = User.generateSalt()
 
-    return await getRepository(User).save({
+    return await getRepository(User, tx).save({
       creator: context.state.user,
       updater: context.state.user,
       ...user,
       domains: [domain],
       roles:
         user.roles && user.roles.length
-          ? await getRepository(Role).findBy({
+          ? await getRepository(Role, tx).findBy({
               id: In(user.roles.map(role => role.id)),
               domain: { id: domain.id }
             })
@@ -64,7 +64,7 @@ export class UserMutation {
     @Arg('patch') patch: UserPatch,
     @Ctx() context: ResolverContext
   ) {
-    const { domain, user: updater }: { domain: Domain; user: User } = context.state
+    const { domain, user: updater, tx }: { domain: Domain; user: User; tx?: EntityManager } = context.state
     const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id, 'USER')
     const user: User = await qb
       .andWhere('LOWER(USER.email) = :email', { email: email?.toLowerCase().trim() || '' })
@@ -73,14 +73,16 @@ export class UserMutation {
       .getOne()
 
     if (patch.roles) {
-      patch.roles = await getRepository(Role).find({ where: { id: In(patch.roles.map((r: Partial<Role>) => r.id)) } })
+      patch.roles = await getRepository(Role, tx).find({
+        where: { id: In(patch.roles.map((r: Partial<Role>) => r.id)) }
+      })
     }
 
     if (patch.status && patch.status === 'activated') {
       user.status = UserStatus.ACTIVATED
     }
 
-    return await getRepository(User).save({
+    return await getRepository(User, tx).save({
       ...user,
       ...patch,
       updater
@@ -92,7 +94,7 @@ export class UserMutation {
   @Mutation(returns => [User], { description: 'To modify multiple users information' })
   async updateMultipleUser(@Arg('patches', type => [UserPatch]) patches: UserPatch[], @Ctx() context: ResolverContext) {
     const { domain, user, tx } = context.state
-    const userRepo = tx.getRepository(User)
+    const userRepo = getRepository(User, tx)
 
     let results = []
     const _createRecords = patches.filter((patch: any) => patch.cuFlag.toUpperCase() === '+')
@@ -207,8 +209,8 @@ export class UserMutation {
     @Arg('email', type => GraphQLEmailAddress) email: string,
     @Ctx() context: ResolverContext
   ): Promise<boolean> {
-    const { domain } = context.state
-    const invitee: User = await getRepository(User).findOne({
+    const { domain, tx } = context.state
+    const invitee: User = await getRepository(User, tx).findOne({
       where: { email: ILike(email) },
       relations: ['domains']
     })
@@ -222,7 +224,7 @@ export class UserMutation {
       throw new Error(context.t('error.x already exists in y', { x: context.t('field.user'), y: domain.name }))
     }
     invitee.domains = [...existingDomains, domain]
-    await getRepository(User).save(invitee)
+    await getRepository(User, tx).save(invitee)
 
     return true
   }
@@ -236,9 +238,10 @@ export class UserMutation {
   ): Promise<boolean> {
     const { tx, domain } = context.state
 
-    let user: User = await tx
-      .getRepository(User)
-      .findOne({ where: { email: ILike(email) }, relations: ['domains', 'roles', 'roles.domain'] })
+    let user: User = await getRepository(User, tx).findOne({
+      where: { email: ILike(email) },
+      relations: ['domains', 'roles', 'roles.domain']
+    })
     if (!user) {
       throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
     }
@@ -254,7 +257,7 @@ export class UserMutation {
     // Remove domain's roles that user has
     user.roles = user.roles.filter((role: Role) => role.domain.id !== domain.id)
 
-    await tx.getRepository(User).save(user)
+    await getRepository(User, tx).save(user)
 
     return true
   }
@@ -266,12 +269,30 @@ export class UserMutation {
     @Arg('email', type => GraphQLEmailAddress) email: string,
     @Ctx() context: ResolverContext
   ): Promise<boolean> {
-    const { domain } = context.state
-    const user: User = await getRepository(User).findOne({
-      where: { email: ILike(email) }
+    const { domain, tx } = context.state
+    const user: User = await getRepository(User, tx).findOne({
+      where: { email: ILike(email) },
+      relations: ['domains', 'roles']
     })
+
+    if (!user) {
+      throw new Error('Failed to find user')
+    }
+
+    if (user.status !== UserStatus.ACTIVATED) {
+      throw new Error('Only activated users are eligible to receive admin privileges.')
+    }
+
+    if (user.domains.map((d: Domain) => d.id).indexOf(domain.id) < 0) {
+      throw new Error(`User is not belongs to current domain`)
+    }
+
+    if (user.roles.filter((r: Role) => r.domainId == domain.id).length == 0) {
+      throw new Error(`Only users with at least one role in this domain are eligible to receive admin privileges.`)
+    }
+
     domain.owner = user.id
-    await getRepository(Domain).save(domain)
+    await getRepository(Domain, tx).save(domain)
 
     return true
   }
@@ -282,7 +303,7 @@ export class UserMutation {
   async activateUser(@Arg('userId') userId: string, @Ctx() context: ResolverContext): Promise<boolean> {
     const { tx, domain } = context.state
 
-    const targetUser: User = await tx.getRepository(User).findOne({
+    const targetUser: User = await getRepository(User, tx).findOne({
       where: { id: userId },
       relations: ['domains']
     })
@@ -297,7 +318,7 @@ export class UserMutation {
     targetUser.failCount = 0
     targetUser.status = UserStatus.ACTIVATED
 
-    await tx.getRepository(User).save(targetUser)
+    await getRepository(User, tx).save(targetUser)
 
     return true
   }
@@ -308,7 +329,7 @@ export class UserMutation {
   async inactivateUser(@Arg('userId') userId: string, @Ctx() context: ResolverContext): Promise<boolean> {
     const { tx, domain } = context.state
 
-    const targetUser: User = await tx.getRepository(User).findOne({
+    const targetUser: User = await getRepository(User, tx).findOne({
       where: { id: userId },
       relations: ['domains']
     })
@@ -326,7 +347,7 @@ export class UserMutation {
 
     targetUser.status = UserStatus.INACTIVE
 
-    await tx.getRepository(User).save(targetUser)
+    await getRepository(User, tx).save(targetUser)
 
     return true
   }
@@ -342,7 +363,7 @@ export class UserMutation {
       throw new Error('No default password found')
     }
 
-    const targetUser: User = await tx.getRepository(User).findOne({
+    const targetUser: User = await getRepository(User, tx).findOne({
       where: { id: userId },
       relations: ['domains']
     })
@@ -356,7 +377,7 @@ export class UserMutation {
 
     targetUser.salt = User.generateSalt()
     targetUser.password = User.encode(defaultPassword, targetUser.salt)
-    await tx.getRepository(User).save(targetUser)
+    await getRepository(User, tx).save(targetUser)
 
     return true
   }
@@ -371,7 +392,7 @@ export class UserMutation {
     @Ctx() context: ResolverContext
   ) {
     const { domain, tx } = context.state
-    let user: User = await tx.getRepository(User).findOne({
+    let user: User = await getRepository(User, tx).findOne({
       where: { id: userId },
       relations: ['domains', 'roles']
     })
@@ -387,6 +408,6 @@ export class UserMutation {
     user.roles = user.roles.filter((r: Role) => availableRoleIds.indexOf(r.id) < 0)
     user.roles = user.roles.concat(selectedRoles as Role[])
 
-    return await tx.getRepository(User).save(user)
+    return await getRepository(User, tx).save(user)
   }
 }