@things-factory/auth-base 8.0.0-alpha.29 → 8.0.0-alpha.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/constants/error-code.d.ts +2 -0
- package/dist-server/constants/error-code.js +3 -1
- package/dist-server/constants/error-code.js.map +1 -1
- package/dist-server/controllers/change-pwd.js +2 -2
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/delete-user.js +13 -12
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/invitation.d.ts +2 -1
- package/dist-server/controllers/invitation.js +30 -5
- package/dist-server/controllers/invitation.js.map +1 -1
- package/dist-server/controllers/profile.d.ts +4 -3
- package/dist-server/controllers/profile.js +20 -2
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/signin.d.ts +4 -1
- package/dist-server/controllers/signin.js +17 -1
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.js +13 -4
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/controllers/unlock-user.js +1 -0
- package/dist-server/controllers/unlock-user.js.map +1 -1
- package/dist-server/controllers/verification.js +1 -0
- package/dist-server/controllers/verification.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.js +3 -3
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.js +2 -1
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js +8 -2
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +12 -7
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js +14 -5
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js +3 -3
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.d.ts +3 -2
- package/dist-server/service/invitation/invitation-mutation.js +20 -8
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/user/user-mutation.d.ts +3 -2
- package/dist-server/service/user/user-mutation.js +21 -12
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-types.d.ts +1 -0
- package/dist-server/service/user/user-types.js +4 -0
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.d.ts +1 -0
- package/dist-server/service/user/user.js +40 -14
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/templates/account-unlock-email.d.ts +2 -1
- package/dist-server/templates/account-unlock-email.js +1 -1
- package/dist-server/templates/account-unlock-email.js.map +1 -1
- package/dist-server/templates/invitation-email.d.ts +2 -1
- package/dist-server/templates/invitation-email.js +1 -1
- package/dist-server/templates/invitation-email.js.map +1 -1
- package/dist-server/templates/verification-email.d.ts +2 -1
- package/dist-server/templates/verification-email.js +1 -1
- package/dist-server/templates/verification-email.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/package.json +2 -2
- package/server/constants/error-code.ts +2 -0
- package/server/controllers/change-pwd.ts +3 -2
- package/server/controllers/delete-user.ts +16 -13
- package/server/controllers/invitation.ts +36 -5
- package/server/controllers/profile.ts +29 -2
- package/server/controllers/signin.ts +21 -2
- package/server/controllers/signup.ts +16 -4
- package/server/controllers/unlock-user.ts +1 -0
- package/server/controllers/verification.ts +1 -0
- package/server/middlewares/signin-middleware.ts +3 -3
- package/server/migrations/1548206416130-SeedUser.ts +2 -1
- package/server/router/auth-checkin-router.ts +11 -5
- package/server/router/auth-private-process-router.ts +14 -7
- package/server/router/auth-public-process-router.ts +16 -5
- package/server/router/auth-signin-router.ts +3 -3
- package/server/service/invitation/invitation-mutation.ts +24 -9
- package/server/service/user/user-mutation.ts +21 -10
- package/server/service/user/user-types.ts +3 -0
- package/server/service/user/user.ts +41 -14
- package/server/templates/account-unlock-email.ts +1 -1
- package/server/templates/invitation-email.ts +1 -1
- package/server/templates/verification-email.ts +1 -1
- package/translations/en.json +4 -1
- package/translations/ja.json +4 -1
- package/translations/ko.json +5 -3
- package/translations/ms.json +4 -1
- package/translations/zh.json +4 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "8.0.0-alpha.
|
|
3
|
+
"version": "8.0.0-alpha.35",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "dist-client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -46,5 +46,5 @@
|
|
|
46
46
|
"passport-jwt": "^4.0.0",
|
|
47
47
|
"passport-local": "^1.0.0"
|
|
48
48
|
},
|
|
49
|
-
"gitHead": "
|
|
49
|
+
"gitHead": "94fe243a5c99837a1e6f98de2c454c351ac8e6fd"
|
|
50
50
|
}
|
|
@@ -17,4 +17,6 @@ export const PASSWORD_USED_PAST = 'password used in the past'
|
|
|
17
17
|
export const VERIFICATION_ERROR = 'user or verification token not found'
|
|
18
18
|
export const AUTHN_VERIFICATION_FAILED = 'authn verification failed'
|
|
19
19
|
export const USER_CREDENTIAL_NOT_FOUND = 'user credential not found'
|
|
20
|
+
export const EMAIL_ALREADY_EXISTS = 'email already exists'
|
|
21
|
+
export const USERNAME_ALREADY_EXISTS = 'email already exists'
|
|
20
22
|
export const AUTH_ERROR = 'auth error'
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { ILike } from 'typeorm'
|
|
2
1
|
import { config } from '@things-factory/env'
|
|
3
2
|
import { getRepository } from '@things-factory/shell'
|
|
4
3
|
|
|
@@ -19,7 +18,8 @@ export async function changePwd(attrs, currentPass, newPass, confirmPass, contex
|
|
|
19
18
|
|
|
20
19
|
// TODO 이 사용자가 이 도메인에 속한 사용자인지 확인해야함.
|
|
21
20
|
const repository = getRepository(User)
|
|
22
|
-
|
|
21
|
+
|
|
22
|
+
const user: User = await repository.findOne({ where: { id: attrs.id } })
|
|
23
23
|
|
|
24
24
|
if (!user) {
|
|
25
25
|
throw new AuthError({
|
|
@@ -37,6 +37,7 @@ export async function changePwd(attrs, currentPass, newPass, confirmPass, contex
|
|
|
37
37
|
throw new AuthError({
|
|
38
38
|
errorCode: PASSWORD_NOT_MATCHED,
|
|
39
39
|
detail: {
|
|
40
|
+
username: user.username,
|
|
40
41
|
email: user.email,
|
|
41
42
|
failCount: user.failCount
|
|
42
43
|
}
|
|
@@ -8,7 +8,20 @@ export async function deleteUser(attrs, tx?: EntityManager) {
|
|
|
8
8
|
// TODO 다른 도메인에도 포함되어있다면, domains-users 관게와 해당 도메인 관련 정보만 삭제해야 함.
|
|
9
9
|
|
|
10
10
|
const repository = tx?.getRepository(User)
|
|
11
|
-
const
|
|
11
|
+
const { username } = attrs
|
|
12
|
+
|
|
13
|
+
var user = await repository.findOne({
|
|
14
|
+
where: { username },
|
|
15
|
+
relations: ['domains']
|
|
16
|
+
})
|
|
17
|
+
|
|
18
|
+
if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
|
|
19
|
+
user = await repository.findOne({
|
|
20
|
+
where: { email: ILike(username) },
|
|
21
|
+
relations: ['domains']
|
|
22
|
+
})
|
|
23
|
+
}
|
|
24
|
+
|
|
12
25
|
if (!user) {
|
|
13
26
|
throw new AuthError({
|
|
14
27
|
errorCode: USER_NOT_FOUND
|
|
@@ -19,29 +32,19 @@ export async function deleteUser(attrs, tx?: EntityManager) {
|
|
|
19
32
|
user.domains = []
|
|
20
33
|
|
|
21
34
|
await repository.save(user)
|
|
22
|
-
|
|
23
|
-
// repository api는 작동하지 않음.
|
|
24
|
-
// await txManager
|
|
25
|
-
// .createQueryBuilder()
|
|
26
|
-
// .delete()
|
|
27
|
-
// .from('users_domains')
|
|
28
|
-
// .where({
|
|
29
|
-
// usersId: user.id
|
|
30
|
-
// })
|
|
31
|
-
// .execute()
|
|
32
35
|
}
|
|
33
36
|
|
|
34
37
|
export async function deleteUsers(attrs, tx?: EntityManager) {
|
|
35
38
|
// TODO 이 사용자가 이 도메인에 속한 사용자인지 확인해야함.
|
|
36
39
|
// TODO 다른 도메인에도 포함되어있다면, domains-users 관게와 해당 도메인 관련 정보만 삭제해야 함.
|
|
37
40
|
|
|
38
|
-
const {
|
|
41
|
+
const { usernames } = attrs
|
|
39
42
|
|
|
40
43
|
const repo = tx?.getRepository(User)
|
|
41
44
|
|
|
42
45
|
const users = await repo.find({
|
|
43
46
|
where: {
|
|
44
|
-
|
|
47
|
+
username: In(usernames)
|
|
45
48
|
}
|
|
46
49
|
})
|
|
47
50
|
|
|
@@ -5,15 +5,27 @@ import { sendEmail } from '@things-factory/email-base'
|
|
|
5
5
|
import { Domain, getRepository } from '@things-factory/shell'
|
|
6
6
|
|
|
7
7
|
import { Invitation } from '../service/invitation/invitation'
|
|
8
|
-
import { User } from '../service/user/user'
|
|
8
|
+
import { User, UserStatus } from '../service/user/user'
|
|
9
9
|
import { getInvitationEmailForm } from '../templates/invitation-email'
|
|
10
10
|
import { makeInvitationToken } from './utils/make-invitation-token'
|
|
11
11
|
import { saveInvitationToken } from './utils/save-invitation-token'
|
|
12
12
|
|
|
13
13
|
export async function invite(attrs, withEmailInvitation?: Boolean) {
|
|
14
|
-
const {
|
|
14
|
+
const { username, reference, type, context } = attrs
|
|
15
|
+
const repository = getRepository(User)
|
|
16
|
+
|
|
17
|
+
var user = await repository.findOne({
|
|
18
|
+
where: { username },
|
|
19
|
+
relations: ['domains']
|
|
20
|
+
})
|
|
21
|
+
|
|
22
|
+
if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
|
|
23
|
+
user = await repository.findOne({
|
|
24
|
+
where: { email: ILike(username) },
|
|
25
|
+
relations: ['domains']
|
|
26
|
+
})
|
|
27
|
+
}
|
|
15
28
|
|
|
16
|
-
var user = await getRepository(User).findOne({ where: { email: ILike(email) }, relations: ['domains'] })
|
|
17
29
|
var domains = user.domains
|
|
18
30
|
|
|
19
31
|
// TODO reference should not be a domain.id (security reason)
|
|
@@ -28,6 +40,9 @@ export async function invite(attrs, withEmailInvitation?: Boolean) {
|
|
|
28
40
|
}
|
|
29
41
|
|
|
30
42
|
if (withEmailInvitation) {
|
|
43
|
+
const email = user.email
|
|
44
|
+
|
|
45
|
+
// TODO 초대장의 유효기간을 설정할 수 있어야 함.
|
|
31
46
|
var invitation = await getRepository(Invitation).findOneBy({
|
|
32
47
|
email: ILike(email),
|
|
33
48
|
reference,
|
|
@@ -44,6 +59,7 @@ export async function invite(attrs, withEmailInvitation?: Boolean) {
|
|
|
44
59
|
|
|
45
60
|
return await sendInvitationEmail({
|
|
46
61
|
invitation,
|
|
62
|
+
user,
|
|
47
63
|
context
|
|
48
64
|
})
|
|
49
65
|
}
|
|
@@ -89,7 +105,7 @@ export async function acceptInvitation(token) {
|
|
|
89
105
|
return true
|
|
90
106
|
}
|
|
91
107
|
|
|
92
|
-
export async function sendInvitationEmail({ invitation, context }) {
|
|
108
|
+
export async function sendInvitationEmail({ invitation, user, context }) {
|
|
93
109
|
try {
|
|
94
110
|
var token = makeInvitationToken()
|
|
95
111
|
var verifaction = await saveInvitationToken(invitation.id, token)
|
|
@@ -101,6 +117,7 @@ export async function sendInvitationEmail({ invitation, context }) {
|
|
|
101
117
|
receiver: invitation.email,
|
|
102
118
|
subject: 'Invitation',
|
|
103
119
|
content: getInvitationEmailForm({
|
|
120
|
+
username: user.username,
|
|
104
121
|
email: invitation.email,
|
|
105
122
|
acceptUrl: serviceUrl
|
|
106
123
|
})
|
|
@@ -123,10 +140,24 @@ export async function resendInvitationEmail(
|
|
|
123
140
|
type
|
|
124
141
|
})
|
|
125
142
|
|
|
126
|
-
if (!invitation)
|
|
143
|
+
if (!invitation) {
|
|
144
|
+
throw new Error(`not found invitation.`)
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
var user = await getRepository(User).findOne({
|
|
148
|
+
where: {
|
|
149
|
+
email: ILike(email),
|
|
150
|
+
status: UserStatus.ACTIVATED
|
|
151
|
+
}
|
|
152
|
+
})
|
|
153
|
+
|
|
154
|
+
if (!user) {
|
|
155
|
+
throw new Error(`user not found: ${email}`)
|
|
156
|
+
}
|
|
127
157
|
|
|
128
158
|
return await sendInvitationEmail({
|
|
129
159
|
invitation,
|
|
160
|
+
user,
|
|
130
161
|
context
|
|
131
162
|
})
|
|
132
163
|
}
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import { ILike } from 'typeorm'
|
|
2
|
+
|
|
1
3
|
import { getRepository } from '@things-factory/shell'
|
|
2
4
|
|
|
3
5
|
import { USER_NOT_FOUND } from '../constants/error-code'
|
|
@@ -13,14 +15,39 @@ export async function updateProfile({ id }, newProfiles) {
|
|
|
13
15
|
})
|
|
14
16
|
}
|
|
15
17
|
|
|
16
|
-
/* only 'name', 'email' and 'locale' attributes can be changed */
|
|
17
|
-
var allowed
|
|
18
|
+
/* only 'username', 'name', 'email' and 'locale' attributes can be changed */
|
|
19
|
+
var allowed: {
|
|
20
|
+
username?: string
|
|
21
|
+
name?: string
|
|
22
|
+
email?: string
|
|
23
|
+
locale?: string
|
|
24
|
+
} = ['username', 'name', 'email', 'locale']
|
|
18
25
|
.filter(attr => attr in newProfiles)
|
|
19
26
|
.reduce((sum, attr) => {
|
|
20
27
|
sum[attr] = newProfiles[attr]
|
|
21
28
|
return sum
|
|
22
29
|
}, {})
|
|
23
30
|
|
|
31
|
+
/* check if email and username is unique */
|
|
32
|
+
if ('email' in allowed) {
|
|
33
|
+
var found: User = await repository.findOne({ where: { email: ILike(allowed.email) } })
|
|
34
|
+
|
|
35
|
+
if (found && found.id != id) {
|
|
36
|
+
throw new AuthError({
|
|
37
|
+
errorCode: AuthError.ERROR_CODES.EMAIL_ALREADY_EXISTS
|
|
38
|
+
})
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
if ('username' in allowed) {
|
|
43
|
+
var found: User = await repository.findOne({ where: { username: allowed.username } })
|
|
44
|
+
if (found && found.id != id) {
|
|
45
|
+
throw new AuthError({
|
|
46
|
+
errorCode: AuthError.ERROR_CODES.USERNAME_ALREADY_EXISTS
|
|
47
|
+
})
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
|
|
24
51
|
return await repository.save({
|
|
25
52
|
...user,
|
|
26
53
|
...allowed
|
|
@@ -5,11 +5,26 @@ import { sendUnlockUserEmail } from '../controllers/unlock-user'
|
|
|
5
5
|
import { AuthError } from '../errors/auth-error'
|
|
6
6
|
import { User, UserStatus } from '../service/user/user'
|
|
7
7
|
|
|
8
|
-
export async function signin(attrs, context?) {
|
|
8
|
+
export async function signin(attrs: { username: string; password: string }, context?) {
|
|
9
9
|
const { domain } = context?.state || {}
|
|
10
|
+
const { username } = attrs
|
|
10
11
|
|
|
11
12
|
const repository = getRepository(User)
|
|
12
|
-
|
|
13
|
+
|
|
14
|
+
var user = await repository.findOne({
|
|
15
|
+
where: { username },
|
|
16
|
+
relations: ['domains']
|
|
17
|
+
})
|
|
18
|
+
|
|
19
|
+
if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
|
|
20
|
+
user = await repository.findOne({
|
|
21
|
+
where: {
|
|
22
|
+
email: ILike(username)
|
|
23
|
+
},
|
|
24
|
+
relations: ['domains']
|
|
25
|
+
})
|
|
26
|
+
}
|
|
27
|
+
|
|
13
28
|
if (!user)
|
|
14
29
|
throw new AuthError({
|
|
15
30
|
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
@@ -29,6 +44,7 @@ export async function signin(attrs, context?) {
|
|
|
29
44
|
throw new AuthError({
|
|
30
45
|
errorCode: AuthError.ERROR_CODES.USER_LOCKED,
|
|
31
46
|
detail: {
|
|
47
|
+
username: user.username,
|
|
32
48
|
email: user.email
|
|
33
49
|
}
|
|
34
50
|
})
|
|
@@ -46,6 +62,7 @@ export async function signin(attrs, context?) {
|
|
|
46
62
|
throw new AuthError({
|
|
47
63
|
errorCode: AuthError.ERROR_CODES.USER_LOCKED,
|
|
48
64
|
detail: {
|
|
65
|
+
username: user.username,
|
|
49
66
|
email: user.email
|
|
50
67
|
}
|
|
51
68
|
})
|
|
@@ -53,6 +70,7 @@ export async function signin(attrs, context?) {
|
|
|
53
70
|
throw new AuthError({
|
|
54
71
|
errorCode: AuthError.ERROR_CODES.PASSWORD_NOT_MATCHED,
|
|
55
72
|
detail: {
|
|
73
|
+
username: user.username,
|
|
56
74
|
email: user.email,
|
|
57
75
|
failCount: user.failCount
|
|
58
76
|
}
|
|
@@ -66,6 +84,7 @@ export async function signin(attrs, context?) {
|
|
|
66
84
|
throw new AuthError({
|
|
67
85
|
errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,
|
|
68
86
|
detail: {
|
|
87
|
+
username: user.username,
|
|
69
88
|
email: user.email
|
|
70
89
|
}
|
|
71
90
|
})
|
|
@@ -8,19 +8,31 @@ import { signin } from './signin'
|
|
|
8
8
|
import { sendVerificationEmail } from './verification'
|
|
9
9
|
|
|
10
10
|
export async function signup(attrs, withEmailVerification?: Boolean) {
|
|
11
|
-
const { name,
|
|
11
|
+
const { name, username, password, domain, context } = attrs
|
|
12
12
|
|
|
13
13
|
/* check if password is following the rule */
|
|
14
14
|
User.validatePasswordByRule(password, context.lng)
|
|
15
15
|
|
|
16
16
|
const repository = getRepository(User)
|
|
17
|
-
|
|
17
|
+
|
|
18
|
+
var duplicated = await repository.findOne({
|
|
19
|
+
where: { username },
|
|
20
|
+
relations: ['domains']
|
|
21
|
+
})
|
|
22
|
+
|
|
23
|
+
if (!duplicated && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
|
|
24
|
+
user = await repository.findOne({
|
|
25
|
+
where: { email: ILike(username) },
|
|
26
|
+
relations: ['domains']
|
|
27
|
+
})
|
|
28
|
+
}
|
|
29
|
+
|
|
18
30
|
if (duplicated) {
|
|
19
31
|
throw new AuthError({
|
|
20
32
|
errorCode: USER_DUPLICATED,
|
|
21
33
|
detail: {
|
|
22
34
|
name,
|
|
23
|
-
|
|
35
|
+
username
|
|
24
36
|
}
|
|
25
37
|
})
|
|
26
38
|
}
|
|
@@ -48,7 +60,7 @@ export async function signup(attrs, withEmailVerification?: Boolean) {
|
|
|
48
60
|
return {
|
|
49
61
|
token: await signin(
|
|
50
62
|
{
|
|
51
|
-
|
|
63
|
+
username,
|
|
52
64
|
password
|
|
53
65
|
},
|
|
54
66
|
{ domain }
|
|
@@ -7,17 +7,17 @@ passport.use(
|
|
|
7
7
|
'signin',
|
|
8
8
|
new localStrategy(
|
|
9
9
|
{
|
|
10
|
-
usernameField: '
|
|
10
|
+
usernameField: 'username',
|
|
11
11
|
passwordField: 'password'
|
|
12
12
|
},
|
|
13
|
-
async (
|
|
13
|
+
async (username, password, done) => {
|
|
14
14
|
try {
|
|
15
15
|
const {
|
|
16
16
|
user: userInfo,
|
|
17
17
|
token,
|
|
18
18
|
domains
|
|
19
19
|
} = await signin({
|
|
20
|
-
|
|
20
|
+
username,
|
|
21
21
|
password
|
|
22
22
|
})
|
|
23
23
|
|
|
@@ -6,6 +6,7 @@ import { Domain, getRepository } from '@things-factory/shell'
|
|
|
6
6
|
import { User, UserStatus } from '../service/user/user'
|
|
7
7
|
|
|
8
8
|
const ADMIN_ACCOUNT = config.get('adminAccount', {
|
|
9
|
+
username: 'admin',
|
|
9
10
|
name: 'Admin',
|
|
10
11
|
email: 'admin@hatiolab.com',
|
|
11
12
|
password: 'admin'
|
|
@@ -42,7 +43,7 @@ export class SeedUsers1548206416130 implements MigrationInterface {
|
|
|
42
43
|
logger.error(e)
|
|
43
44
|
}
|
|
44
45
|
|
|
45
|
-
const admin = await userRepository.findOne({ where: { email: ILike(
|
|
46
|
+
const admin = await userRepository.findOne({ where: { email: ILike(ADMIN_ACCOUNT.email) } })
|
|
46
47
|
domain.owner = admin.id
|
|
47
48
|
|
|
48
49
|
await domainRepository.save(domain)
|
|
@@ -63,7 +63,13 @@ authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {
|
|
|
63
63
|
pageElement: 'auth-checkin',
|
|
64
64
|
elementScript: '/auth/checkin.js',
|
|
65
65
|
data: {
|
|
66
|
-
user: {
|
|
66
|
+
user: {
|
|
67
|
+
username: user.username,
|
|
68
|
+
email: user.email,
|
|
69
|
+
locale: user.locale,
|
|
70
|
+
name: user.name,
|
|
71
|
+
userType: user.userType
|
|
72
|
+
},
|
|
67
73
|
domains,
|
|
68
74
|
domainType,
|
|
69
75
|
redirectTo,
|
|
@@ -73,7 +79,7 @@ authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {
|
|
|
73
79
|
} catch (e) {
|
|
74
80
|
clearAccessTokenCookie(context)
|
|
75
81
|
context.redirect(
|
|
76
|
-
`/auth/signin?
|
|
82
|
+
`/auth/signin?username=${encodeURIComponent(user.username)}&redirect_to=${encodeURIComponent(redirectTo)}`
|
|
77
83
|
)
|
|
78
84
|
}
|
|
79
85
|
}
|
|
@@ -95,9 +101,9 @@ async function checkIn(
|
|
|
95
101
|
context: ResolverContext
|
|
96
102
|
): Promise<void> {
|
|
97
103
|
const { user }: { user: User } = context.state
|
|
98
|
-
const remoteAddress = context.req.headers['x-forwarded-for']
|
|
99
|
-
|
|
100
|
-
|
|
104
|
+
const remoteAddress = context.req.headers['x-forwarded-for']
|
|
105
|
+
? (context.req.headers['x-forwarded-for'] as string).split(',')[0].trim()
|
|
106
|
+
: context.req.connection.remoteAddress
|
|
101
107
|
|
|
102
108
|
await LoginHistory.stamp(checkInDomain, user, remoteAddress)
|
|
103
109
|
|
|
@@ -43,19 +43,25 @@ authPrivateProcessRouter
|
|
|
43
43
|
.post('/delete-user', async (context, next) => {
|
|
44
44
|
const { t, session } = context
|
|
45
45
|
var { user } = context.state
|
|
46
|
-
var {
|
|
46
|
+
var { id: userId } = user
|
|
47
47
|
|
|
48
|
-
var { password,
|
|
48
|
+
var { password, username } = context.request.body
|
|
49
49
|
|
|
50
50
|
const userRepo = getRepository(User)
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
},
|
|
51
|
+
|
|
52
|
+
var userInfo = await userRepo.findOne({
|
|
53
|
+
where: { username },
|
|
55
54
|
relations: ['domains']
|
|
56
55
|
})
|
|
57
56
|
|
|
58
|
-
if (
|
|
57
|
+
if (!userInfo && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
|
|
58
|
+
userInfo = await userRepo.findOne({
|
|
59
|
+
where: { email: ILike(username) },
|
|
60
|
+
relations: ['domains']
|
|
61
|
+
})
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
if (userInfo.id != userId || !User.verify(userInfo.password, password, userInfo.salt)) {
|
|
59
65
|
context.status = 401
|
|
60
66
|
context.body = t('error.user validation failed')
|
|
61
67
|
return
|
|
@@ -89,6 +95,7 @@ authPrivateProcessRouter
|
|
|
89
95
|
|
|
90
96
|
context.body = {
|
|
91
97
|
user: {
|
|
98
|
+
username: user.username,
|
|
92
99
|
email: user.email,
|
|
93
100
|
name: user.name,
|
|
94
101
|
userType: user.userType,
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import Router from 'koa-router'
|
|
2
|
+
import { ILike } from 'typeorm'
|
|
2
3
|
|
|
3
4
|
import { config } from '@things-factory/env'
|
|
4
5
|
import { getRepository, getSiteRootPath } from '@things-factory/shell'
|
|
@@ -31,16 +32,26 @@ export const authPublicProcessRouter = new Router({
|
|
|
31
32
|
})
|
|
32
33
|
|
|
33
34
|
authPublicProcessRouter.post('/join', async (context, next) => {
|
|
34
|
-
const {
|
|
35
|
+
const { username } = context.request.body || {}
|
|
35
36
|
|
|
36
|
-
const
|
|
37
|
-
|
|
37
|
+
const repository = getRepository(User)
|
|
38
|
+
|
|
39
|
+
var user = await repository.findOne({
|
|
40
|
+
where: { username },
|
|
41
|
+
relations: ['domains']
|
|
38
42
|
})
|
|
39
43
|
|
|
44
|
+
if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
|
|
45
|
+
user = await repository.findOne({
|
|
46
|
+
where: { email: ILike(username) },
|
|
47
|
+
relations: ['domains']
|
|
48
|
+
})
|
|
49
|
+
}
|
|
50
|
+
|
|
40
51
|
if (user) {
|
|
41
|
-
context.redirect(`/auth/signin?
|
|
52
|
+
context.redirect(`/auth/signin?username=${username}`)
|
|
42
53
|
} else {
|
|
43
|
-
context.redirect(`/auth/signup?
|
|
54
|
+
context.redirect(`/auth/signup?username=${username}`)
|
|
44
55
|
}
|
|
45
56
|
})
|
|
46
57
|
|
|
@@ -19,13 +19,13 @@ const SSOLinks = Object.values(SSOConfig)
|
|
|
19
19
|
export const authSigninRouter = new Router()
|
|
20
20
|
|
|
21
21
|
authSigninRouter.get('/auth/signin', async (context, next) => {
|
|
22
|
-
const { redirect_to,
|
|
22
|
+
const { redirect_to, username } = context.query
|
|
23
23
|
|
|
24
24
|
await context.render('auth-page', {
|
|
25
25
|
pageElement: 'auth-signin',
|
|
26
26
|
elementScript: '/auth/signin.js',
|
|
27
27
|
data: {
|
|
28
|
-
|
|
28
|
+
username,
|
|
29
29
|
redirectTo: redirect_to,
|
|
30
30
|
ssoLinks: SSOLinks,
|
|
31
31
|
disableUserSignupProcess,
|
|
@@ -37,7 +37,7 @@ authSigninRouter.get('/auth/signin', async (context, next) => {
|
|
|
37
37
|
|
|
38
38
|
authSigninRouter.post('/auth/signin', signinMiddleware, async (context, next) => {
|
|
39
39
|
const { request, t } = context
|
|
40
|
-
const { token,
|
|
40
|
+
const { token, domain } = context.state
|
|
41
41
|
const { body: reqBody, header } = request
|
|
42
42
|
|
|
43
43
|
if (!accepts(header.accept, ['text/html', '*/*'])) {
|
|
@@ -1,8 +1,11 @@
|
|
|
1
|
+
import { ILike } from 'typeorm'
|
|
2
|
+
|
|
1
3
|
import { Arg, Ctx, Mutation, Resolver } from 'type-graphql'
|
|
2
4
|
import { GraphQLEmailAddress } from 'graphql-scalars'
|
|
3
5
|
|
|
4
6
|
import { getRepository } from '@things-factory/shell'
|
|
5
7
|
|
|
8
|
+
import { User, UserStatus } from '../../service/user/user'
|
|
6
9
|
import { sendInvitationEmail } from '../../controllers/invitation'
|
|
7
10
|
import { Invitation } from './invitation'
|
|
8
11
|
|
|
@@ -32,32 +35,44 @@ export class InvitationMutation {
|
|
|
32
35
|
@Arg('type') type: string,
|
|
33
36
|
@Ctx() context: ResolverContext
|
|
34
37
|
) {
|
|
35
|
-
const
|
|
38
|
+
const { user: updater } = context.state
|
|
39
|
+
const invitationRepository = getRepository(Invitation)
|
|
36
40
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
+
var user = await getRepository(User).findOne({
|
|
42
|
+
where: {
|
|
43
|
+
email: ILike(email),
|
|
44
|
+
status: UserStatus.ACTIVATED
|
|
45
|
+
}
|
|
41
46
|
})
|
|
42
47
|
|
|
43
|
-
|
|
48
|
+
if (!user) {
|
|
49
|
+
throw new Error(`user not found: ${email}`)
|
|
50
|
+
}
|
|
51
|
+
|
|
44
52
|
await sendInvitationEmail({
|
|
45
53
|
invitation: {
|
|
46
54
|
email,
|
|
47
55
|
reference,
|
|
48
56
|
type
|
|
49
57
|
},
|
|
58
|
+
user,
|
|
50
59
|
context
|
|
51
60
|
})
|
|
52
61
|
|
|
62
|
+
const oldone = await invitationRepository.findOneBy({
|
|
63
|
+
email,
|
|
64
|
+
type,
|
|
65
|
+
reference
|
|
66
|
+
})
|
|
67
|
+
|
|
53
68
|
// update or create
|
|
54
|
-
return await
|
|
69
|
+
return await invitationRepository.save({
|
|
70
|
+
creator: updater,
|
|
55
71
|
...oldone, // take only id from oldone for update
|
|
56
72
|
email,
|
|
57
73
|
reference,
|
|
58
74
|
type,
|
|
59
|
-
|
|
60
|
-
updater: context.state.user
|
|
75
|
+
updater: updater
|
|
61
76
|
})
|
|
62
77
|
}
|
|
63
78
|
}
|