npm - @things-factory/auth-base - Versions diffs - 8.0.0-alpha.8 → 8.0.0-beta.1 - Mend

@things-factory/auth-base 8.0.0-alpha.8 → 8.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/client/actions/auth.ts +5 -4
package/client/index.ts +1 -0
package/client/verify-webauthn.ts +86 -0
package/dist-client/actions/auth.d.ts +5 -4
package/dist-client/actions/auth.js.map +1 -1
package/dist-client/index.d.ts +1 -0
package/dist-client/index.js +1 -0
package/dist-client/index.js.map +1 -1
package/dist-client/tsconfig.tsbuildinfo +1 -1
package/dist-client/verify-webauthn.d.ts +13 -0
package/dist-client/verify-webauthn.js +72 -0
package/dist-client/verify-webauthn.js.map +1 -0
package/dist-server/constants/error-code.d.ts +2 -0
package/dist-server/constants/error-code.js +3 -1
package/dist-server/constants/error-code.js.map +1 -1
package/dist-server/controllers/change-pwd.js +2 -2
package/dist-server/controllers/change-pwd.js.map +1 -1
package/dist-server/controllers/delete-user.js +13 -12
package/dist-server/controllers/delete-user.js.map +1 -1
package/dist-server/controllers/invitation.d.ts +2 -1
package/dist-server/controllers/invitation.js +30 -5
package/dist-server/controllers/invitation.js.map +1 -1
package/dist-server/controllers/profile.d.ts +4 -3
package/dist-server/controllers/profile.js +20 -2
package/dist-server/controllers/profile.js.map +1 -1
package/dist-server/controllers/signin.d.ts +4 -1
package/dist-server/controllers/signin.js +17 -1
package/dist-server/controllers/signin.js.map +1 -1
package/dist-server/controllers/signup.js +13 -4
package/dist-server/controllers/signup.js.map +1 -1
package/dist-server/controllers/unlock-user.js +1 -0
package/dist-server/controllers/unlock-user.js.map +1 -1
package/dist-server/controllers/verification.js +1 -0
package/dist-server/controllers/verification.js.map +1 -1
package/dist-server/index.d.ts +1 -0
package/dist-server/index.js +1 -0
package/dist-server/index.js.map +1 -1
package/dist-server/middlewares/signin-middleware.js +3 -3
package/dist-server/middlewares/signin-middleware.js.map +1 -1
package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
package/dist-server/migrations/1548206416130-SeedUser.js +2 -1
package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
package/dist-server/router/auth-checkin-router.js +8 -2
package/dist-server/router/auth-checkin-router.js.map +1 -1
package/dist-server/router/auth-private-process-router.js +12 -7
package/dist-server/router/auth-private-process-router.js.map +1 -1
package/dist-server/router/auth-public-process-router.js +20 -9
package/dist-server/router/auth-public-process-router.js.map +1 -1
package/dist-server/router/auth-signin-router.js +3 -3
package/dist-server/router/auth-signin-router.js.map +1 -1
package/dist-server/router/webauthn-router.js +51 -1
package/dist-server/router/webauthn-router.js.map +1 -1
package/dist-server/service/appliance/appliance.js +4 -1
package/dist-server/service/appliance/appliance.js.map +1 -1
package/dist-server/service/application/application.js +11 -3
package/dist-server/service/application/application.js.map +1 -1
package/dist-server/service/invitation/invitation-mutation.d.ts +3 -2
package/dist-server/service/invitation/invitation-mutation.js +20 -8
package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
package/dist-server/service/user/user-mutation.d.ts +10 -9
package/dist-server/service/user/user-mutation.js +135 -61
package/dist-server/service/user/user-mutation.js.map +1 -1
package/dist-server/service/user/user-types.d.ts +1 -0
package/dist-server/service/user/user-types.js +4 -0
package/dist-server/service/user/user-types.js.map +1 -1
package/dist-server/service/user/user.d.ts +1 -0
package/dist-server/service/user/user.js +57 -17
package/dist-server/service/user/user.js.map +1 -1
package/dist-server/service/verification-token/verification-token.js +7 -2
package/dist-server/service/verification-token/verification-token.js.map +1 -1
package/dist-server/templates/account-unlock-email.d.ts +2 -1
package/dist-server/templates/account-unlock-email.js +1 -1
package/dist-server/templates/account-unlock-email.js.map +1 -1
package/dist-server/templates/invitation-email.d.ts +2 -1
package/dist-server/templates/invitation-email.js +1 -1
package/dist-server/templates/invitation-email.js.map +1 -1
package/dist-server/templates/verification-email.d.ts +2 -1
package/dist-server/templates/verification-email.js +1 -1
package/dist-server/templates/verification-email.js.map +1 -1
package/dist-server/tsconfig.tsbuildinfo +1 -1
package/dist-server/utils/check-user-has-role.d.ts +12 -0
package/dist-server/utils/check-user-has-role.js +28 -0
package/dist-server/utils/check-user-has-role.js.map +1 -0
package/package.json +6 -6
package/server/constants/error-code.ts +2 -0
package/server/controllers/change-pwd.ts +3 -2
package/server/controllers/delete-user.ts +16 -13
package/server/controllers/invitation.ts +36 -5
package/server/controllers/profile.ts +29 -2
package/server/controllers/signin.ts +21 -2
package/server/controllers/signup.ts +16 -4
package/server/controllers/unlock-user.ts +1 -0
package/server/controllers/verification.ts +1 -0
package/server/index.ts +1 -0
package/server/middlewares/signin-middleware.ts +3 -3
package/server/middlewares/webauthn-middleware.ts +7 -8
package/server/migrations/1548206416130-SeedUser.ts +2 -1
package/server/router/auth-checkin-router.ts +11 -5
package/server/router/auth-private-process-router.ts +14 -7
package/server/router/auth-public-process-router.ts +22 -10
package/server/router/auth-signin-router.ts +3 -3
package/server/router/webauthn-router.ts +71 -9
package/server/service/appliance/appliance.ts +4 -1
package/server/service/application/application.ts +12 -3
package/server/service/invitation/invitation-mutation.ts +24 -9
package/server/service/user/user-mutation.ts +152 -62
package/server/service/user/user-types.ts +3 -0
package/server/service/user/user.ts +74 -18
package/server/service/verification-token/verification-token.ts +9 -3
package/server/templates/account-unlock-email.ts +1 -1
package/server/templates/invitation-email.ts +1 -1
package/server/templates/verification-email.ts +1 -1
package/server/utils/check-user-has-role.ts +29 -0
package/translations/en.json +5 -1
package/translations/ja.json +5 -1
package/translations/ko.json +6 -3
package/translations/ms.json +5 -1
package/translations/zh.json +5 -1

package/server/router/auth-public-process-router.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import Router from 'koa-router'
+import { ILike } from 'typeorm'
 import { config } from '@things-factory/env'
 import { getRepository, getSiteRootPath } from '@things-factory/shell'
@@ -31,16 +32,26 @@ export const authPublicProcessRouter = new Router({
 })
 authPublicProcessRouter.post('/join', async (context, next) => {
-  const { email } = context.request.body || {}
+  const { username } = context.request.body || {}
-  const user: User = await getRepository(User).findOneBy({
-    email
+  const repository = getRepository(User)
+  var user = await repository.findOne({
+    where: { username },
+    relations: ['domains']
   })
+  if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
+    user = await repository.findOne({
+      where: { email: ILike(username) },
+      relations: ['domains']
+    })
+  }
   if (user) {
-    context.redirect(`/auth/signin?email=${email}`)
+    context.redirect(`/auth/signin?username=${username}`)
   } else {
-    context.redirect(`/auth/signup?email=${email}`)
+    context.redirect(`/auth/signup?username=${username}`)
   }
 })
@@ -200,10 +211,9 @@ authPublicProcessRouter.post('/forgot-password', async (context, next) => {
 authPublicProcessRouter.post('/reset-password', async (context, next) => {
   const { header, t } = context
+  const { password, token } = context.request.body
   try {
-    const { password, token } = context.request.body
     if (!(token && password)) {
       let message = t('error.token or password is invalid')
@@ -232,7 +242,7 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
     await resetPassword(token, password, context)
-    var message = t('text.password reset succeed')
+    var message = t('text.password changed successfully')
     context.body = message
     clearAccessTokenCookie(context)
@@ -255,10 +265,12 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
     if (accepts(header.accept, ['text/html', '*/*'])) {
       await context.render('auth-page', {
-        pageElement: 'auth-result',
-        elementScript: '/auth/result.js',
+        pageElement: 'reset-password',
+        elementScript: '/auth/reset-password.js',
         data: {
+          token,
           message: e.message,
+          passwordRule,
           disableUserSignupProcess,
           disableUserFavoredLanguage,
           languages

package/server/router/auth-signin-router.ts CHANGED Viewed

@@ -19,13 +19,13 @@ const SSOLinks = Object.values(SSOConfig)
 export const authSigninRouter = new Router()
 authSigninRouter.get('/auth/signin', async (context, next) => {
-  const { redirect_to, email } = context.query
+  const { redirect_to, username } = context.query
   await context.render('auth-page', {
     pageElement: 'auth-signin',
     elementScript: '/auth/signin.js',
     data: {
-      email,
+      username,
       redirectTo: redirect_to,
       ssoLinks: SSOLinks,
       disableUserSignupProcess,
@@ -37,7 +37,7 @@ authSigninRouter.get('/auth/signin', async (context, next) => {
 authSigninRouter.post('/auth/signin', signinMiddleware, async (context, next) => {
   const { request, t } = context
-  const { token, user, domain } = context.state
+  const { token, domain } = context.state
   const { body: reqBody, header } = request
   if (!accepts(header.accept, ['text/html', '*/*'])) {

package/server/router/webauthn-router.ts CHANGED Viewed

@@ -5,17 +5,75 @@ import { appPackage } from '@things-factory/env'
 import { generateRegistrationOptions, generateAuthenticationOptions } from '@simplewebauthn/server'
 import { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'
-import {
-  PublicKeyCredentialCreationOptionsJSON,
-} from '@simplewebauthn/server/script/deps'
+import { PublicKeyCredentialCreationOptionsJSON } from '@simplewebauthn/server/script/deps'
 import { setAccessTokenCookie } from '../utils/access-token-cookie'
-import { createWebAuthnMiddleware } from '../middlewares/webauthn-middleware';
+import { createWebAuthnMiddleware } from '../middlewares/webauthn-middleware'
 export const webAuthnGlobalPublicRouter = new Router()
 export const webAuthnGlobalPrivateRouter = new Router()
 const { name: rpName } = appPackage as any
+// Generate authentication challenge for the currently logged-in user
+webAuthnGlobalPrivateRouter.get('/auth/verify-webauthn/challenge', async (context, next) => {
+  const { user } = context.state
+  const rpID = context.hostname
+  if (!user) {
+    context.status = 401
+    context.body = { error: 'User not authenticated' }
+    return
+  }
+  const webAuthCredentials = await getRepository(WebAuthCredential).find({
+    where: { user: { id: user.id } }
+  })
+  if (webAuthCredentials.length === 0) {
+    context.status = 400
+    context.body = { error: 'No biometric credentials registered for this user' }
+    return
+  }
+  const options = await generateAuthenticationOptions({
+    rpID,
+    userVerification: 'preferred',
+    allowCredentials: webAuthCredentials.map(credential => ({
+      id: credential.credentialId,
+      type: 'public-key'
+    }))
+  })
+  context.session.challenge = options.challenge
+  context.body = options
+})
+// Verify biometric authentication
+webAuthnGlobalPrivateRouter.post(
+  '/auth/verify-webauthn',
+  /* reuse webauthn-login as webauthn-verify strategy */
+  createWebAuthnMiddleware('webauthn-login'),
+  async (context, next) => {
+    const { user } = context.state
+    const { request } = context
+    const { body: reqBody } = request
+    if (!user) {
+      context.status = 401
+      context.body = { verified: false, message: 'User not authenticated' }
+      return
+    }
+    context.body = {
+      verified: true,
+      message: 'Biometric authentication successful'
+    }
+    await next()
+  }
+)
+// Generate registration challenge for the currently logged-in user
 webAuthnGlobalPrivateRouter.get('/auth/register-webauthn/challenge', async (context, next) => {
   const { user } = context.state
   const rpID = context.hostname
@@ -53,8 +111,10 @@ webAuthnGlobalPrivateRouter.get('/auth/register-webauthn/challenge', async (cont
   context.body = options
 })
-webAuthnGlobalPrivateRouter.post('/auth/verify-registration', createWebAuthnMiddleware('webauthn-register'));
+// Verify registration
+webAuthnGlobalPrivateRouter.post('/auth/verify-registration', createWebAuthnMiddleware('webauthn-register'))
+// Generate sign-in challenge
 webAuthnGlobalPublicRouter.get('/auth/signin-webauthn/challenge', async (context, next) => {
   const rpID = context.hostname
@@ -67,10 +127,12 @@ webAuthnGlobalPublicRouter.get('/auth/signin-webauthn/challenge', async (context
   context.body = options
 })
+// Sign in with biometric authentication
 webAuthnGlobalPublicRouter.post(
-  '/auth/signin-webauthn', createWebAuthnMiddleware('webauthn-login'),
+  '/auth/signin-webauthn',
+  createWebAuthnMiddleware('webauthn-login'),
   async (context, next) => {
-    const { domain, user } = context. state
+    const { domain, user } = context.state
     const { request } = context
     const { body: reqBody } = request
@@ -79,9 +141,9 @@ webAuthnGlobalPublicRouter.post(
     var redirectURL = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(reqBody.redirectTo || '/')}`
-    /* 2단계 인터렉션 때문에 브라우저에서 fetch(...)로 진행될 것이므로, redirect(3xx) 응답으로 처리할 수 없다. 따라서, 데이타로 redirectURL를 응답한다. */
+    /* Due to the two-step interaction, it will be processed by fetch(...) in the browser, so it cannot be handled with a redirect(3xx) response. Therefore, respond with redirectURL as data. */
     context.body = { redirectURL, verified: true }
-    await next();
+    await next()
   }
 )

package/server/service/appliance/appliance.ts CHANGED Viewed

@@ -73,7 +73,10 @@ export class Appliance {
         ? 'longtext'
         : DATABASE_TYPE == 'oracle'
           ? 'clob'
-          : 'varchar'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    length: DATABASE_TYPE == 'mssql' ? 'MAX' : undefined
   })
   @Field({ nullable: true })
   @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')

package/server/service/application/application.ts CHANGED Viewed

@@ -99,7 +99,10 @@ export class Application {
         ? 'longtext'
         : DATABASE_TYPE == 'oracle'
           ? 'clob'
-          : 'varchar'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    length: DATABASE_TYPE == 'mssql' ? 'MAX' : undefined
   })
   @Field({ nullable: true })
   @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
@@ -115,8 +118,14 @@ export class Application {
         ? 'enum'
         : DATABASE_TYPE == 'oracle'
           ? 'varchar2'
-          : 'smallint',
-    enum: ApplicationType,
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    enum:
+      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? ApplicationType
+        : undefined,
+    length: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? undefined : 32,
     default: ApplicationType.OTHERS
   })
   @Field()

package/server/service/invitation/invitation-mutation.ts CHANGED Viewed

@@ -1,8 +1,11 @@
+import { ILike } from 'typeorm'
 import { Arg, Ctx, Mutation, Resolver } from 'type-graphql'
 import { GraphQLEmailAddress } from 'graphql-scalars'
 import { getRepository } from '@things-factory/shell'
+import { User, UserStatus } from '../../service/user/user'
 import { sendInvitationEmail } from '../../controllers/invitation'
 import { Invitation } from './invitation'
@@ -32,32 +35,44 @@ export class InvitationMutation {
     @Arg('type') type: string,
     @Ctx() context: ResolverContext
   ) {
-    const repository = getRepository(Invitation)
+    const { user: updater } = context.state
+    const invitationRepository = getRepository(Invitation)
-    const oldone = await repository.findOneBy({
-      email,
-      type,
-      reference
+    var user = await getRepository(User).findOne({
+      where: {
+        email: ILike(email),
+        status: UserStatus.ACTIVATED
+      }
     })
-    // TODO send invitation
+    if (!user) {
+      throw new Error(`user not found: ${email}`)
+    }
     await sendInvitationEmail({
       invitation: {
         email,
         reference,
         type
       },
+      user,
       context
     })
+    const oldone = await invitationRepository.findOneBy({
+      email,
+      type,
+      reference
+    })
     // update or create
-    return await repository.save({
+    return await invitationRepository.save({
+      creator: updater,
       ...oldone, // take only id from oldone for update
       email,
       reference,
       type,
-      creator: context.state.user,
-      updater: context.state.user
+      updater: updater
     })
   }
 }