@tomei/sso 0.34.2 → 0.34.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/__tests__/unit/components/login-user/login.spec.ts +474 -375
  2. package/dist/__tests__/unit/components/login-user/login.spec.js +71 -219
  3. package/dist/__tests__/unit/components/login-user/login.spec.js.map +1 -1
  4. package/dist/src/components/group/group.d.ts +1 -1
  5. package/dist/src/components/group/group.js +2 -2
  6. package/dist/src/components/group/group.js.map +1 -1
  7. package/dist/src/components/login-user/index.d.ts +1 -0
  8. package/dist/src/components/login-user/index.js +1 -0
  9. package/dist/src/components/login-user/index.js.map +1 -1
  10. package/dist/src/components/login-user/login-user.d.ts +7 -121
  11. package/dist/src/components/login-user/login-user.js +11 -1477
  12. package/dist/src/components/login-user/login-user.js.map +1 -1
  13. package/dist/src/components/login-user/user.d.ts +133 -0
  14. package/dist/src/components/login-user/user.js +1617 -0
  15. package/dist/src/components/login-user/user.js.map +1 -0
  16. package/dist/tsconfig.tsbuildinfo +1 -1
  17. package/package.json +1 -1
  18. package/src/components/group/group.ts +2 -2
  19. package/src/components/login-user/index.ts +1 -0
  20. package/src/components/login-user/login-user.ts +110 -2235
  21. package/src/components/login-user/user.ts +2343 -0
package/dist/src/components/login-user/login-user.js CHANGED
@@ -10,201 +10,26 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
12
  exports.LoginUser = void 0;
13
- const general_1 = require("@tomei/general");
13
+ const user_1 = require("./user");
14
+ const redis_service_1 = require("../../redis-client/redis.service");
14
15
  const user_repository_1 = require("./user.repository");
15
- const system_repository_1 = require("../system/system.repository");
16
- const login_history_repository_1 = require("../login-history/login-history.repository");
17
- const password_hash_service_1 = require("../password-hash/password-hash.service");
18
- const user_group_repository_1 = require("../user-group/user-group.repository");
19
16
  const staff_entity_1 = require("../../models/staff.entity");
20
- const system_privilege_entity_1 = require("../../models/system-privilege.entity");
21
- const yn_enum_1 = require("../../enum/yn.enum");
22
- const enum_1 = require("../../enum");
23
- const config_1 = require("@tomei/config");
24
- const sequelize_1 = require("sequelize");
25
- const activity_history_1 = require("@tomei/activity-history");
26
- const user_entity_1 = require("../../models/user.entity");
27
- const group_entity_1 = require("../../models/group.entity");
28
- const group_system_access_repository_1 = require("../group-system-access/group-system-access.repository");
29
- const group_repository_1 = require("../group/group.repository");
30
- const system_entity_1 = require("../../models/system.entity");
31
- const user_system_access_repository_1 = require("../user-system-access/user-system-access.repository");
32
- const group_system_access_entity_1 = require("../../models/group-system-access.entity");
33
- const user_privilege_repository_1 = require("../user-privilege/user-privilege.repository");
34
- const user_object_privilege_repository_1 = require("../user-object-privilege/user-object-privilege.repository");
35
- const group_privilege_entity_1 = require("../../models/group-privilege.entity");
36
- const group_object_privilege_repository_1 = require("../group-object-privilege/group-object-privilege.repository");
37
- const speakeasy = require("speakeasy");
38
- const login_status_enum_1 = require("../../enum/login-status.enum");
39
- const redis_service_1 = require("../../redis-client/redis.service");
40
- class LoginUser extends general_1.LoginUserBase {
41
- get SessionService() {
42
- return this._SessionService;
43
- }
44
- get UserId() {
45
- return parseInt(this.ObjectId);
46
- }
47
- set UserId(value) {
48
- this.ObjectId = value.toString();
49
- }
50
- get Password() {
51
- return this._Password;
52
- }
53
- set Password(value) {
54
- this._Password = value;
55
- }
56
- get Status() {
57
- return this._Status;
58
- }
59
- set Status(value) {
60
- this._Status = value;
61
- }
62
- get UserName() {
63
- return this._UserName;
64
- }
65
- set UserName(value) {
66
- this._UserName = value;
67
- }
68
- get DefaultPasswordChangedYN() {
69
- return this._DefaultPasswordChangedYN;
70
- }
71
- set DefaultPasswordChangedYN(value) {
72
- this._DefaultPasswordChangedYN = value;
73
- }
74
- get FirstLoginAt() {
75
- return this._FirstLoginAt;
76
- }
77
- set FirstLoginAt(value) {
78
- this._FirstLoginAt = value;
79
- }
80
- get LastLoginAt() {
81
- return this._LastLoginAt;
82
- }
83
- set LastLoginAt(value) {
84
- this._LastLoginAt = value;
85
- }
86
- get MFAEnabled() {
87
- return this._MFAEnabled;
88
- }
89
- set MFAEnabled(value) {
90
- this._MFAEnabled = value;
91
- }
92
- get MFAConfig() {
93
- return this._MFAConfig;
94
- }
95
- set MFAConfig(value) {
96
- this._MFAConfig = value;
97
- }
98
- get RecoveryEmail() {
99
- return this._RecoveryEmail;
100
- }
101
- set RecoveryEmail(value) {
102
- this._RecoveryEmail = value;
103
- }
104
- get FailedLoginAttemptCount() {
105
- return this._FailedLoginAttemptCount;
106
- }
107
- set FailedLoginAttemptCount(value) {
108
- this._FailedLoginAttemptCount = value;
109
- }
110
- get LastFailedLoginAt() {
111
- return this._LastFailedLoginAt;
112
- }
113
- set LastFailedLoginAt(value) {
114
- this._LastFailedLoginAt = value;
115
- }
116
- get LastPasswordChangedAt() {
117
- return this._LastPasswordChangedAt;
118
- }
119
- set LastPasswordChangedAt(value) {
120
- this._LastPasswordChangedAt = value;
121
- }
122
- get NeedToChangePasswordYN() {
123
- return this._NeedToChangePasswordYN;
124
- }
125
- set NeedToChangePasswordYN(value) {
126
- this._NeedToChangePasswordYN = value;
127
- }
128
- get CreatedById() {
129
- return this._CreatedById;
130
- }
131
- set CreatedById(value) {
132
- this._CreatedById = value;
133
- }
134
- get CreatedAt() {
135
- return this._CreatedAt;
136
- }
137
- set CreatedAt(value) {
138
- this._CreatedAt = value;
139
- }
140
- get UpdatedById() {
141
- return this._UpdatedById;
142
- }
143
- set UpdatedById(value) {
144
- this._UpdatedById = value;
145
- }
146
- get UpdatedAt() {
147
- return this._UpdatedAt;
148
- }
149
- set UpdatedAt(value) {
150
- this._UpdatedAt = value;
151
- }
152
- getDetails() {
153
- return __awaiter(this, void 0, void 0, function* () {
154
- return {
155
- FullName: this.FullName,
156
- UserName: this.UserName,
157
- IDNo: this.IDNo,
158
- IDType: this.IDType,
159
- Email: this.Email,
160
- ContactNo: this.ContactNo,
161
- };
162
- });
163
- }
164
- constructor(sessionService, dbTransaction, userInfo) {
165
- super();
166
- this.ObjectName = 'User';
167
- this.TableName = 'sso_Users';
168
- this.ObjectType = 'User';
169
- this._SessionService = sessionService;
170
- if (dbTransaction) {
171
- this._dbTransaction = dbTransaction;
172
- }
173
- if (userInfo) {
174
- this.UserId = userInfo.UserId;
175
- this.UserName = userInfo.FullName;
176
- this.FullName = userInfo.FullName;
177
- this.IDNo = userInfo.IDNo;
178
- this.Email = userInfo.Email;
179
- this.ContactNo = userInfo.ContactNo;
180
- this.Password = userInfo.Password;
181
- this.staffs = userInfo.staffs;
182
- this.Status = userInfo.Status;
183
- this.DefaultPasswordChangedYN = userInfo.DefaultPasswordChangedYN;
184
- this.FirstLoginAt = userInfo.FirstLoginAt;
185
- this.LastLoginAt = userInfo.LastLoginAt;
186
- this.MFAEnabled = userInfo.MFAEnabled;
187
- this.MFAConfig = userInfo.MFAConfig;
188
- this.RecoveryEmail = userInfo.RecoveryEmail;
189
- this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
190
- this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
191
- this.LastPasswordChangedAt = userInfo.LastPasswordChangedAt;
192
- this.NeedToChangePasswordYN = userInfo.NeedToChangePasswordYN;
193
- this.CreatedById = userInfo.CreatedById;
194
- this.CreatedAt = userInfo.CreatedAt;
195
- this.UpdatedById = userInfo.UpdatedById;
196
- this.UpdatedAt = userInfo.UpdatedAt;
197
- }
17
+ class LoginUser extends user_1.User {
18
+ constructor() {
19
+ super(...arguments);
20
+ this.session = {
21
+ Id: null,
22
+ };
198
23
  }
199
24
  static init(sessionService, userId, dbTransaction = null) {
200
25
  var _a, _b, _c;
201
26
  return __awaiter(this, void 0, void 0, function* () {
202
- LoginUser._RedisService = yield redis_service_1.RedisService.init();
27
+ user_1.User._RedisService = yield redis_service_1.RedisService.init();
203
28
  if (userId) {
204
29
  if (dbTransaction) {
205
- LoginUser._Repository = new user_repository_1.UserRepository();
30
+ user_1.User._Repository = new user_repository_1.UserRepository();
206
31
  }
207
- const user = yield LoginUser._Repository.findOne({
32
+ const user = yield user_1.User._Repository.findOne({
208
33
  where: {
209
34
  UserId: userId,
210
35
  },
@@ -253,453 +78,6 @@ class LoginUser extends general_1.LoginUserBase {
253
78
  return new LoginUser(sessionService, dbTransaction);
254
79
  });
255
80
  }
256
- setEmail(email, dbTransaction) {
257
- return __awaiter(this, void 0, void 0, function* () {
258
- try {
259
- if (this.Email === email) {
260
- return;
261
- }
262
- const user = yield LoginUser._Repository.findOne({
263
- where: {
264
- Email: email,
265
- },
266
- transaction: dbTransaction,
267
- });
268
- if (user) {
269
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Email already exists');
270
- }
271
- this.Email = email;
272
- }
273
- catch (error) {
274
- throw error;
275
- }
276
- });
277
- }
278
- login(systemCode, email, password, ipAddress, dbTransaction) {
279
- var _a, _b, _c;
280
- return __awaiter(this, void 0, void 0, function* () {
281
- try {
282
- if (!this.ObjectId) {
283
- const user = yield LoginUser._Repository.findOne({
284
- transaction: dbTransaction,
285
- where: {
286
- Email: email,
287
- Status: {
288
- [sequelize_1.Op.or]: [enum_1.UserStatus.ACTIVE, enum_1.UserStatus.LOCKED],
289
- },
290
- },
291
- include: [
292
- {
293
- model: staff_entity_1.default,
294
- },
295
- ],
296
- });
297
- if (user) {
298
- const userAttr = {
299
- UserId: user.UserId,
300
- UserName: user.UserName,
301
- FullName: ((_a = user === null || user === void 0 ? void 0 : user.Staff) === null || _a === void 0 ? void 0 : _a.FullName) || null,
302
- IDNo: ((_b = user === null || user === void 0 ? void 0 : user.Staff) === null || _b === void 0 ? void 0 : _b.IdNo) || null,
303
- ContactNo: ((_c = user === null || user === void 0 ? void 0 : user.Staff) === null || _c === void 0 ? void 0 : _c.Mobile) || null,
304
- Email: user.Email,
305
- Password: user.Password,
306
- Status: user.Status,
307
- DefaultPasswordChangedYN: user.DefaultPasswordChangedYN,
308
- FirstLoginAt: user.FirstLoginAt,
309
- LastLoginAt: user.LastLoginAt,
310
- MFAEnabled: user.MFAEnabled,
311
- MFAConfig: user.MFAConfig,
312
- RecoveryEmail: user.RecoveryEmail,
313
- FailedLoginAttemptCount: user.FailedLoginAttemptCount,
314
- LastFailedLoginAt: user.LastFailedLoginAt,
315
- LastPasswordChangedAt: user.LastPasswordChangedAt,
316
- NeedToChangePasswordYN: user.NeedToChangePasswordYN,
317
- CreatedById: user.CreatedById,
318
- CreatedAt: user.CreatedAt,
319
- UpdatedById: user.UpdatedById,
320
- UpdatedAt: user.UpdatedAt,
321
- staffs: (user === null || user === void 0 ? void 0 : user.Staff) || null,
322
- };
323
- this.UserId = userAttr.UserId;
324
- this.FullName = userAttr.FullName;
325
- this.IDNo = userAttr.IDNo;
326
- this.Email = userAttr.Email;
327
- this.ContactNo = userAttr.ContactNo;
328
- this.Password = userAttr.Password;
329
- this.Status = userAttr.Status;
330
- this.DefaultPasswordChangedYN = userAttr.DefaultPasswordChangedYN;
331
- this.FirstLoginAt = userAttr.FirstLoginAt;
332
- this.LastLoginAt = userAttr.LastLoginAt;
333
- this.MFAEnabled = userAttr.MFAEnabled;
334
- this.MFAConfig = userAttr.MFAConfig;
335
- this.RecoveryEmail = userAttr.RecoveryEmail;
336
- this.FailedLoginAttemptCount = userAttr.FailedLoginAttemptCount;
337
- this.LastFailedLoginAt = userAttr.LastFailedLoginAt;
338
- this.LastPasswordChangedAt = userAttr.LastPasswordChangedAt;
339
- this.NeedToChangePasswordYN = userAttr.NeedToChangePasswordYN;
340
- this.CreatedById = userAttr.CreatedById;
341
- this.CreatedAt = userAttr.CreatedAt;
342
- this.UpdatedById = userAttr.UpdatedById;
343
- this.UpdatedAt = userAttr.UpdatedAt;
344
- this.staffs = userAttr.staffs;
345
- }
346
- else {
347
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Credentials');
348
- }
349
- }
350
- if (this.ObjectId && this.Email !== email) {
351
- throw new Error('Invalid credentials.');
352
- }
353
- const check2FA = yield LoginUser.check2FA(this, dbTransaction);
354
- try {
355
- const system = yield LoginUser._SystemRepository.findOne({
356
- where: {
357
- SystemCode: systemCode,
358
- Status: 'Active',
359
- },
360
- });
361
- if (!system) {
362
- throw new Error('Invalid credentials.');
363
- }
364
- const passwordHashService = new password_hash_service_1.PasswordHashService();
365
- const isPasswordValid = yield passwordHashService.verify(password, this.Password);
366
- if (!isPasswordValid) {
367
- throw new Error('Invalid credentials.');
368
- }
369
- yield this.checkSystemAccess(this.UserId, system.SystemCode, dbTransaction);
370
- if (this.Status === enum_1.UserStatus.LOCKED) {
371
- const isReleaseLock = LoginUser.shouldReleaseLock(this.LastFailedLoginAt);
372
- if (isReleaseLock) {
373
- yield LoginUser.releaseLock(this.UserId, dbTransaction);
374
- this.Status = enum_1.UserStatus.ACTIVE;
375
- }
376
- else {
377
- throw new Error('Invalid credentials.');
378
- }
379
- }
380
- }
381
- catch (error) {
382
- yield this.incrementFailedLoginAttemptCount(dbTransaction);
383
- }
384
- const system = yield LoginUser._SystemRepository.findOne({
385
- where: {
386
- SystemCode: systemCode,
387
- },
388
- });
389
- yield this.alertNewLogin(this.ObjectId, system.SystemCode, ipAddress);
390
- this.FailedLoginAttemptCount = 0;
391
- this.LastLoginAt = new Date();
392
- if (!this.FirstLoginAt) {
393
- this.FirstLoginAt = new Date();
394
- }
395
- yield LoginUser._Repository.update({
396
- FullName: this.FullName,
397
- UserName: this.UserName,
398
- IDNo: this.IDNo,
399
- Email: this.Email,
400
- ContactNo: this.ContactNo,
401
- Password: this.Password,
402
- Status: this.Status,
403
- DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
404
- FirstLoginAt: this.FirstLoginAt,
405
- LastLoginAt: this.LastLoginAt,
406
- MFAEnabled: this.MFAEnabled,
407
- MFAConfig: this.MFAConfig,
408
- RecoveryEmail: this.RecoveryEmail,
409
- FailedLoginAttemptCount: this.FailedLoginAttemptCount,
410
- LastFailedLoginAt: this.LastFailedLoginAt,
411
- LastPasswordChangedAt: this.LastPasswordChangedAt,
412
- NeedToChangePasswordYN: this.NeedToChangePasswordYN,
413
- }, {
414
- where: {
415
- UserId: this.UserId,
416
- },
417
- transaction: dbTransaction,
418
- });
419
- const userSession = yield this._SessionService.retrieveUserSession(this.ObjectId);
420
- let systemLogin = userSession.systemLogins.find((system) => system.code === systemCode);
421
- const { randomUUID } = require('crypto');
422
- const sessionId = randomUUID();
423
- if (systemLogin) {
424
- systemLogin = systemLogin.sessionId = sessionId;
425
- userSession.systemLogins.map((system) => system.code === systemCode ? systemLogin : system);
426
- }
427
- else {
428
- const newLogin = {
429
- id: system.SystemCode,
430
- code: system.SystemCode,
431
- sessionId: sessionId,
432
- privileges: yield this.getPrivileges(system.SystemCode, dbTransaction),
433
- };
434
- userSession.systemLogins.push(newLogin);
435
- }
436
- this._SessionService.setUserSession(this.ObjectId, userSession);
437
- yield LoginUser._LoginHistoryRepository.create({
438
- UserId: this.UserId,
439
- SystemCode: system.SystemCode,
440
- OriginIp: ipAddress,
441
- CreatedAt: new Date(),
442
- LoginStatus: login_status_enum_1.LoginStatusEnum.SUCCESS,
443
- }, {
444
- transaction: dbTransaction,
445
- });
446
- const is2FAEnabledYN = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'is2FAEnabledYN');
447
- if (is2FAEnabledYN === 'Y') {
448
- return `${this.UserId}:`;
449
- }
450
- return `${this.UserId}:${sessionId}`;
451
- }
452
- catch (error) {
453
- if (this.ObjectId) {
454
- yield LoginUser._LoginHistoryRepository.create({
455
- UserId: this.UserId,
456
- SystemCode: systemCode,
457
- OriginIp: ipAddress,
458
- LoginStatus: login_status_enum_1.LoginStatusEnum.FAILURE,
459
- CreatedAt: new Date(),
460
- }, {
461
- transaction: dbTransaction,
462
- });
463
- }
464
- throw error;
465
- }
466
- });
467
- }
468
- checkSystemAccess(userId, systemCode, dbTransaction) {
469
- return __awaiter(this, void 0, void 0, function* () {
470
- try {
471
- let isUserHaveAccess = false;
472
- const systemAccess = yield LoginUser._UserSystemAccessRepo.findOne({
473
- where: {
474
- UserId: userId,
475
- SystemCode: systemCode,
476
- Status: 'Active',
477
- },
478
- dbTransaction,
479
- });
480
- if (systemAccess) {
481
- isUserHaveAccess = true;
482
- }
483
- else {
484
- const userGroups = yield LoginUser._UserGroupRepo.findAll({
485
- where: {
486
- UserId: userId,
487
- InheritGroupAccessYN: 'Y',
488
- Status: 'Active',
489
- },
490
- include: [
491
- {
492
- model: group_entity_1.default,
493
- },
494
- ],
495
- dbTransaction,
496
- });
497
- for (const usergroup of userGroups) {
498
- const group = usergroup.Group;
499
- const groupSystemAccess = yield LoginUser.getInheritedSystemAccess(dbTransaction, group);
500
- for (const system of groupSystemAccess) {
501
- if (system.SystemCode === systemCode) {
502
- isUserHaveAccess = true;
503
- break;
504
- }
505
- }
506
- }
507
- }
508
- if (!isUserHaveAccess) {
509
- throw new Error("User don't have access to the system.");
510
- }
511
- }
512
- catch (error) {
513
- throw error;
514
- }
515
- });
516
- }
517
- alertNewLogin(userId, systemCode, ipAddress) {
518
- return __awaiter(this, void 0, void 0, function* () {
519
- try {
520
- const userLogins = yield LoginUser._LoginHistoryRepository.findAll({
521
- where: {
522
- UserId: userId,
523
- SystemCode: systemCode,
524
- },
525
- });
526
- const gotPreviousLogins = (userLogins === null || userLogins === void 0 ? void 0 : userLogins.length) !== 0;
527
- let ipFound = undefined;
528
- if (gotPreviousLogins) {
529
- ipFound = userLogins.find((item) => item.OriginIp === ipAddress);
530
- }
531
- }
532
- catch (error) {
533
- throw error;
534
- }
535
- });
536
- }
537
- getPrivileges(systemCode, dbTransaction) {
538
- return __awaiter(this, void 0, void 0, function* () {
539
- try {
540
- const system = yield LoginUser._SystemRepository.findOne({
541
- where: {
542
- SystemCode: systemCode,
543
- },
544
- transaction: dbTransaction,
545
- });
546
- if (!system) {
547
- throw new Error('Invalid system code.');
548
- }
549
- const userPrivileges = yield this.getUserPersonalPrivileges(systemCode, dbTransaction);
550
- const objectPrivileges = yield this.getObjectPrivileges(systemCode, dbTransaction);
551
- const userGroupOwnByUser = yield LoginUser._UserGroupRepo.findAll({
552
- where: {
553
- UserId: this.UserId,
554
- InheritGroupSystemAccessYN: 'Y',
555
- InheritGroupPrivilegeYN: 'Y',
556
- Status: 'Active',
557
- },
558
- include: [
559
- {
560
- model: group_entity_1.default,
561
- where: {
562
- Status: 'Active',
563
- },
564
- include: [
565
- {
566
- model: group_system_access_entity_1.default,
567
- where: {
568
- SystemCode: systemCode,
569
- },
570
- },
571
- ],
572
- },
573
- ],
574
- transaction: dbTransaction,
575
- });
576
- let groupsPrivileges = [];
577
- for (const userGroup of userGroupOwnByUser) {
578
- const gp = yield this.getInheritedPrivileges(userGroup.GroupCode, systemCode, dbTransaction);
579
- groupsPrivileges = [...groupsPrivileges, ...gp];
580
- }
581
- const privileges = [
582
- ...userPrivileges,
583
- ...objectPrivileges,
584
- ...groupsPrivileges,
585
- ];
586
- return privileges;
587
- }
588
- catch (error) {
589
- throw error;
590
- }
591
- });
592
- }
593
- getInheritedPrivileges(groupCode, systemCode, dbTransaction) {
594
- return __awaiter(this, void 0, void 0, function* () {
595
- try {
596
- const group = yield LoginUser._GroupRepo.findOne({
597
- where: {
598
- GroupCode: groupCode,
599
- Status: 'Active',
600
- },
601
- include: [
602
- {
603
- model: group_privilege_entity_1.default,
604
- where: {
605
- Status: 'Active',
606
- },
607
- include: [
608
- {
609
- model: system_privilege_entity_1.default,
610
- where: {
611
- SystemCode: systemCode,
612
- Status: 'Active',
613
- },
614
- },
615
- ],
616
- },
617
- ],
618
- transaction: dbTransaction,
619
- });
620
- const objectPrivileges = yield LoginUser._GroupObjectPrivilegeRepo.findAll({
621
- where: {
622
- GroupCode: groupCode,
623
- },
624
- include: {
625
- model: system_privilege_entity_1.default,
626
- where: {
627
- SystemCode: systemCode,
628
- Status: 'Active',
629
- },
630
- },
631
- transaction: dbTransaction,
632
- });
633
- let privileges = [];
634
- const groupPrivileges = [];
635
- for (const groupPrivilege of group.GroupPrivileges) {
636
- groupPrivileges.push(groupPrivilege.Privilege.PrivilegeCode);
637
- }
638
- const ops = [];
639
- for (const objectPrivilege of objectPrivileges) {
640
- ops.push(objectPrivilege.Privilege.PrivilegeCode);
641
- }
642
- privileges = [...privileges, ...groupPrivileges, ...ops];
643
- if (group.ParentGroupCode && group.InheritParentPrivilegeYN === 'Y') {
644
- const parentGroupPrivileges = yield this.getInheritedPrivileges(group.ParentGroupCode, systemCode, dbTransaction);
645
- privileges = [...privileges, ...parentGroupPrivileges];
646
- }
647
- return privileges;
648
- }
649
- catch (error) {
650
- throw error;
651
- }
652
- });
653
- }
654
- getUserPersonalPrivileges(systemCode, dbTransaction) {
655
- return __awaiter(this, void 0, void 0, function* () {
656
- try {
657
- const userPrivileges = yield LoginUser._UserPrivilegeRepo.findAll({
658
- where: {
659
- UserId: this.UserId,
660
- Status: 'Active',
661
- },
662
- include: {
663
- model: system_privilege_entity_1.default,
664
- where: {
665
- SystemCode: systemCode,
666
- Status: 'Active',
667
- },
668
- },
669
- transaction: dbTransaction,
670
- });
671
- const privileges = userPrivileges.map((u) => u.Privilege.PrivilegeCode);
672
- return privileges;
673
- }
674
- catch (error) {
675
- throw error;
676
- }
677
- });
678
- }
679
- getObjectPrivileges(systemCode, dbTransaction) {
680
- return __awaiter(this, void 0, void 0, function* () {
681
- try {
682
- const userObjectPrivileges = yield LoginUser._UserObjectPrivilegeRepo.findAll({
683
- where: {
684
- UserId: this.UserId,
685
- },
686
- include: {
687
- model: system_privilege_entity_1.default,
688
- where: {
689
- SystemCode: systemCode,
690
- Status: 'Active',
691
- },
692
- },
693
- transaction: dbTransaction,
694
- });
695
- const privilegesCodes = userObjectPrivileges.map((u) => u.Privilege.PrivilegeCode);
696
- return privilegesCodes;
697
- }
698
- catch (error) {
699
- throw error;
700
- }
701
- });
702
- }
703
81
  checkPrivileges(systemCode, privilegeName) {
704
82
  return __awaiter(this, void 0, void 0, function* () {
705
83
  try {
@@ -758,850 +136,6 @@ class LoginUser extends general_1.LoginUserBase {
758
136
  }
759
137
  });
760
138
  }
761
- static checkUserInfoDuplicated(dbTransaction, query) {
762
- return __awaiter(this, void 0, void 0, function* () {
763
- try {
764
- const { Email, UserName, IdType, IdNo, ContactNo } = query;
765
- const where = {
766
- [sequelize_1.Op.or]: {},
767
- };
768
- if (Email) {
769
- where[sequelize_1.Op.or]['Email'] = Email;
770
- }
771
- if (UserName) {
772
- where[sequelize_1.Op.or]['UserName'] = UserName;
773
- }
774
- if (IdType && IdNo) {
775
- where[sequelize_1.Op.or]['IdType'] = IdType;
776
- where[sequelize_1.Op.or]['IdNo'] = IdNo;
777
- }
778
- if (ContactNo) {
779
- where[sequelize_1.Op.or]['ContactNo'] = ContactNo;
780
- }
781
- const user = yield LoginUser._Repository.findAll({
782
- where,
783
- transaction: dbTransaction,
784
- });
785
- if (user && user.length > 0) {
786
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'User info already exists');
787
- }
788
- }
789
- catch (error) {
790
- throw error;
791
- }
792
- });
793
- }
794
- static generateDefaultPassword() {
795
- try {
796
- const passwordPolicy = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'passwordPolicy');
797
- if (!passwordPolicy ||
798
- !passwordPolicy.maxLen ||
799
- !passwordPolicy.minLen ||
800
- !passwordPolicy.nonAcceptableChar ||
801
- !passwordPolicy.numOfCapitalLetters ||
802
- !passwordPolicy.numOfNumbers ||
803
- !passwordPolicy.numOfSpecialChars) {
804
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing password policy. Please set in config file.');
805
- }
806
- if (passwordPolicy.numOfCapitalLetters +
807
- passwordPolicy.numOfNumbers +
808
- passwordPolicy.numOfSpecialChars >
809
- passwordPolicy.maxLen) {
810
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Password policy is invalid. Please set in config file.');
811
- }
812
- const { maxLen, minLen, nonAcceptableChar, numOfCapitalLetters, numOfNumbers, numOfSpecialChars, } = passwordPolicy;
813
- const passwordLength = Math.floor(Math.random() * (maxLen - minLen + 1)) + minLen;
814
- const words = 'abcdefghijklmnopqrstuvwxyz';
815
- const capitalLetters = words.toUpperCase();
816
- const numbers = '0123456789';
817
- const specialChars = '!@#$%^&*()_+-={}[]|:;"<>,.?/~`';
818
- const nonAcceptableChars = nonAcceptableChar.split(',');
819
- const filteredWords = words
820
- .split('')
821
- .filter((word) => !nonAcceptableChars.includes(word));
822
- const filteredCapitalLetters = capitalLetters
823
- .split('')
824
- .filter((word) => !nonAcceptableChars.includes(word));
825
- const filteredNumbers = numbers
826
- .split('')
827
- .filter((word) => !nonAcceptableChars.includes(word));
828
- const filteredSpecialChars = specialChars
829
- .split('')
830
- .filter((word) => !nonAcceptableChars.includes(word));
831
- const generatedCapitalLetters = [];
832
- const generatedNumbers = [];
833
- const generatedSpecialChars = [];
834
- const generatedWords = [];
835
- for (let i = 0; i < numOfCapitalLetters; i++) {
836
- const randomIndex = Math.floor(Math.random() * filteredCapitalLetters.length);
837
- generatedCapitalLetters.push(filteredCapitalLetters[randomIndex]);
838
- }
839
- for (let i = 0; i < numOfNumbers; i++) {
840
- const randomIndex = Math.floor(Math.random() * filteredNumbers.length);
841
- generatedNumbers.push(filteredNumbers[randomIndex]);
842
- }
843
- for (let i = 0; i < numOfSpecialChars; i++) {
844
- const randomIndex = Math.floor(Math.random() * filteredSpecialChars.length);
845
- generatedSpecialChars.push(filteredSpecialChars[randomIndex]);
846
- }
847
- for (let i = 0; i <
848
- passwordLength -
849
- (numOfCapitalLetters + numOfNumbers + numOfSpecialChars); i++) {
850
- const randomIndex = Math.floor(Math.random() * filteredWords.length);
851
- generatedWords.push(filteredWords[randomIndex]);
852
- }
853
- let generatedPassword = '';
854
- const allGeneratedChars = generatedCapitalLetters.concat(generatedNumbers, generatedSpecialChars, generatedWords);
855
- allGeneratedChars.sort(() => Math.random() - 0.5);
856
- generatedPassword = allGeneratedChars.join('');
857
- return generatedPassword;
858
- }
859
- catch (error) {
860
- throw error;
861
- }
862
- }
863
- static setPassword(dbTransaction, user, password) {
864
- return __awaiter(this, void 0, void 0, function* () {
865
- try {
866
- const passwordPolicy = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'passwordPolicy');
867
- if (!passwordPolicy ||
868
- !passwordPolicy.maxLen ||
869
- !passwordPolicy.minLen ||
870
- !passwordPolicy.nonAcceptableChar ||
871
- !passwordPolicy.numOfCapitalLetters ||
872
- !passwordPolicy.numOfNumbers ||
873
- !passwordPolicy.numOfSpecialChars) {
874
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing password policy. Please set in config file.');
875
- }
876
- try {
877
- if (password.length < passwordPolicy.minLen) {
878
- throw Error('Password is too short');
879
- }
880
- if (password.length > passwordPolicy.maxLen) {
881
- throw Error('Password is too long');
882
- }
883
- const nonAcceptableChars = passwordPolicy.nonAcceptableChar.split(',');
884
- const nonAcceptableCharsFound = nonAcceptableChars.some((char) => password.includes(char));
885
- if (nonAcceptableCharsFound) {
886
- throw Error('Password contains unacceptable characters');
887
- }
888
- const capitalLetters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
889
- const numOfCapitalLetters = passwordPolicy.numOfCapitalLetters;
890
- const capitalLettersFound = capitalLetters
891
- .split('')
892
- .filter((char) => password.includes(char)).length;
893
- if (capitalLettersFound < numOfCapitalLetters) {
894
- throw Error('Password does not contain enough capital letters');
895
- }
896
- const numbers = '0123456789';
897
- const numOfNumbers = passwordPolicy.numOfNumbers;
898
- const numbersFound = numbers
899
- .split('')
900
- .filter((char) => password.includes(char)).length;
901
- if (numbersFound < numOfNumbers) {
902
- throw Error('Password does not contain enough numbers');
903
- }
904
- const specialChars = '!@#$%^&*()_+-={}[]|:;"<>,.?/~`';
905
- const numOfSpecialChars = passwordPolicy.numOfSpecialChars;
906
- const specialCharsFound = specialChars
907
- .split('')
908
- .filter((char) => password.includes(char)).length;
909
- if (specialCharsFound < numOfSpecialChars) {
910
- throw Error('Password does not contain enough special characters');
911
- }
912
- }
913
- catch (error) {
914
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', "Your password doesn't meet security requirements. Try using a mix of uppercase and lowercase letters, numbers, and symbols.");
915
- }
916
- const passwordHashService = new password_hash_service_1.PasswordHashService();
917
- const hashedPassword = yield passwordHashService.hashPassword(password);
918
- user._Password = hashedPassword;
919
- return user;
920
- }
921
- catch (error) {
922
- throw error;
923
- }
924
- });
925
- }
926
- static create(loginUser, dbTransaction, user) {
927
- return __awaiter(this, void 0, void 0, function* () {
928
- try {
929
- const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
930
- const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'User - Create');
931
- if (!isPrivileged) {
932
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have the privilege to create user');
933
- }
934
- if (!user.Email && !user.UserName) {
935
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Email and Username is required');
936
- }
937
- yield LoginUser.checkUserInfoDuplicated(dbTransaction, {
938
- Email: user.Email,
939
- UserName: user.UserName,
940
- IdType: user.IDType,
941
- IdNo: user.IDNo,
942
- ContactNo: user.ContactNo,
943
- });
944
- const defaultPassword = LoginUser.generateDefaultPassword();
945
- user = yield LoginUser.setPassword(dbTransaction, user, defaultPassword);
946
- const userInfo = {
947
- UserName: user.UserName,
948
- FullName: user.FullName,
949
- IDNo: user.IDNo,
950
- Email: user.Email,
951
- ContactNo: user.ContactNo,
952
- Password: user.Password,
953
- Status: enum_1.UserStatus.ACTIVE,
954
- FirstLoginAt: null,
955
- LastLoginAt: null,
956
- MFAEnabled: null,
957
- MFAConfig: null,
958
- RecoveryEmail: null,
959
- FailedLoginAttemptCount: 0,
960
- LastFailedLoginAt: null,
961
- LastPasswordChangedAt: null,
962
- DefaultPasswordChangedYN: yn_enum_1.YN.No,
963
- NeedToChangePasswordYN: yn_enum_1.YN.Yes,
964
- CreatedById: loginUser.UserId,
965
- CreatedAt: new Date(),
966
- UpdatedById: loginUser.UserId,
967
- UpdatedAt: new Date(),
968
- UserId: null,
969
- };
970
- const newUser = yield LoginUser._Repository.create({
971
- Email: userInfo.Email,
972
- UserName: userInfo.UserName,
973
- Password: userInfo.Password,
974
- Status: userInfo.Status,
975
- DefaultPasswordChangedYN: userInfo.DefaultPasswordChangedYN,
976
- FirstLoginAt: userInfo.FirstLoginAt,
977
- LastLoginAt: userInfo.LastLoginAt,
978
- MFAEnabled: userInfo.MFAEnabled,
979
- MFAConfig: userInfo.MFAConfig,
980
- RecoveryEmail: userInfo.RecoveryEmail,
981
- FailedLoginAttemptCount: userInfo.FailedLoginAttemptCount,
982
- LastFailedLoginAt: userInfo.LastFailedLoginAt,
983
- LastPasswordChangedAt: userInfo.LastPasswordChangedAt,
984
- NeedToChangePasswordYN: userInfo.NeedToChangePasswordYN,
985
- CreatedById: userInfo.CreatedById,
986
- CreatedAt: userInfo.CreatedAt,
987
- UpdatedById: userInfo.UpdatedById,
988
- UpdatedAt: userInfo.UpdatedAt,
989
- }, {
990
- transaction: dbTransaction,
991
- });
992
- userInfo.UserId = newUser.UserId;
993
- const userToBeCreated = new LoginUser(loginUser.SessionService, dbTransaction, userInfo);
994
- const activity = new activity_history_1.Activity();
995
- activity.ActivityId = activity.createId();
996
- activity.Action = activity_history_1.ActionEnum.ADD;
997
- activity.Description = 'Create User';
998
- activity.EntityType = 'LoginUser';
999
- activity.EntityId = newUser.UserId.toString();
1000
- activity.EntityValueBefore = JSON.stringify({});
1001
- activity.EntityValueAfter = JSON.stringify(newUser.get({ plain: true }));
1002
- yield activity.create(loginUser.ObjectId, dbTransaction);
1003
- return userToBeCreated;
1004
- }
1005
- catch (error) {
1006
- throw error;
1007
- }
1008
- });
1009
- }
1010
- incrementFailedLoginAttemptCount(dbTransaction) {
1011
- return __awaiter(this, void 0, void 0, function* () {
1012
- const maxFailedLoginAttempts = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'maxFailedLoginAttempts');
1013
- const autoReleaseYN = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'autoReleaseYN');
1014
- if (!maxFailedLoginAttempts || !autoReleaseYN) {
1015
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing maxFailedLoginAttempts and or autoReleaseYN. Please set in config file.');
1016
- }
1017
- const FailedLoginAttemptCount = this.FailedLoginAttemptCount + 1;
1018
- const LastFailedLoginAt = new Date();
1019
- if (FailedLoginAttemptCount > maxFailedLoginAttempts) {
1020
- this.Status = enum_1.UserStatus.LOCKED;
1021
- }
1022
- yield LoginUser._Repository.update({
1023
- FailedLoginAttemptCount: FailedLoginAttemptCount,
1024
- LastFailedLoginAt: LastFailedLoginAt,
1025
- Status: this.Status,
1026
- }, {
1027
- where: {
1028
- UserId: this.UserId,
1029
- },
1030
- transaction: dbTransaction,
1031
- });
1032
- if (this.Status === enum_1.UserStatus.LOCKED && autoReleaseYN === 'Y') {
1033
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been temporarily locked due to too many failed login attempts, please try again later.');
1034
- }
1035
- if (this.Status === enum_1.UserStatus.LOCKED && autoReleaseYN === 'N') {
1036
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account');
1037
- }
1038
- if (this.Status == enum_1.UserStatus.LOCKED) {
1039
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid credentials.');
1040
- }
1041
- });
1042
- }
1043
- static shouldReleaseLock(LastFailedLoginAt) {
1044
- const minuteToAutoRelease = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'minuteToAutoRelease');
1045
- const autoReleaseYN = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'autoReleaseYN');
1046
- if (!minuteToAutoRelease || !autoReleaseYN) {
1047
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing minuteToAutoRelease and or autoReleaseYN. Please set in config file.');
1048
- }
1049
- if (autoReleaseYN === 'Y') {
1050
- const lastFailedDate = new Date(LastFailedLoginAt);
1051
- const currentDate = new Date();
1052
- const timeDifferenceInMillis = currentDate.getTime() - lastFailedDate.getTime();
1053
- const timeDifferenceInMinutes = timeDifferenceInMillis / (1000 * 60);
1054
- if (timeDifferenceInMinutes > +minuteToAutoRelease) {
1055
- return true;
1056
- }
1057
- else {
1058
- return false;
1059
- }
1060
- }
1061
- else if (autoReleaseYN === 'N') {
1062
- return false;
1063
- }
1064
- }
1065
- static releaseLock(UserId, dbTransaction) {
1066
- this._Repository.update({
1067
- FailedLoginAttemptCount: 0,
1068
- Status: enum_1.UserStatus.ACTIVE,
1069
- }, {
1070
- where: {
1071
- UserId: UserId,
1072
- },
1073
- transaction: dbTransaction,
1074
- });
1075
- }
1076
- static getGroups(loginUser, dbTransaction) {
1077
- return __awaiter(this, void 0, void 0, function* () {
1078
- const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1079
- const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'UserGroup - List Own');
1080
- if (!isPrivileged) {
1081
- throw new Error('You do not have permission to list UserGroup.');
1082
- }
1083
- const userGroups = yield LoginUser._UserGroupRepo.findAll({
1084
- where: {
1085
- UserId: loginUser.ObjectId,
1086
- Status: 'Active',
1087
- },
1088
- include: [{ model: user_entity_1.default, as: 'User' }, { model: group_entity_1.default }],
1089
- transaction: dbTransaction,
1090
- });
1091
- return userGroups;
1092
- });
1093
- }
1094
- static getInheritedSystemAccess(dbTransaction, group) {
1095
- return __awaiter(this, void 0, void 0, function* () {
1096
- const dataSystemAccesses = yield LoginUser._GroupSystemAccessRepo.findAll({
1097
- where: {
1098
- GroupCode: group.GroupCode,
1099
- Status: 'Active',
1100
- },
1101
- include: [{ model: system_entity_1.default }],
1102
- transaction: dbTransaction,
1103
- });
1104
- let systemAccesses = dataSystemAccesses;
1105
- if (group.InheritParentPrivilegeYN === 'Y' && group.ParentGroupCode) {
1106
- const GroupCode = group.ParentGroupCode;
1107
- const parentGroup = yield LoginUser._GroupRepo.findByPk(GroupCode, dbTransaction);
1108
- const dataParentSystemAccesses = yield LoginUser.getInheritedSystemAccess(dbTransaction, parentGroup);
1109
- const parentSystemAccesses = dataParentSystemAccesses;
1110
- systemAccesses = systemAccesses.concat(parentSystemAccesses);
1111
- }
1112
- return systemAccesses;
1113
- });
1114
- }
1115
- static combineSystemAccess(loginUser, dbTransaction, groups) {
1116
- return __awaiter(this, void 0, void 0, function* () {
1117
- const userAccess = yield LoginUser._UserSystemAccessRepo.findAll({
1118
- where: {
1119
- UserId: loginUser.ObjectId,
1120
- Status: 'Active',
1121
- },
1122
- include: [{ model: system_entity_1.default }],
1123
- transaction: dbTransaction,
1124
- });
1125
- const groupAccessPromises = groups.map((e) => __awaiter(this, void 0, void 0, function* () {
1126
- if (e.InheritParentSystemAccessYN) {
1127
- return yield this.getInheritedSystemAccess(dbTransaction, e);
1128
- }
1129
- else {
1130
- return [];
1131
- }
1132
- }));
1133
- const groupAccess = (yield Promise.all(groupAccessPromises)).flat();
1134
- const allAccess = userAccess.concat(groupAccess);
1135
- const uniqueAccess = new Set(allAccess.filter((value, index, self) => {
1136
- return self.some((prev) => prev.SystemCode === value.SystemCode);
1137
- }));
1138
- return Array.from(uniqueAccess);
1139
- });
1140
- }
1141
- static getSystems(loginUser, dbTransaction) {
1142
- return __awaiter(this, void 0, void 0, function* () {
1143
- const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1144
- const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'System – List Own');
1145
- if (!isPrivileged) {
1146
- throw new Error('You do not have permission to list UserGroup.');
1147
- }
1148
- const groups = yield LoginUser.getGroups(loginUser, dbTransaction);
1149
- const systemAccess = yield LoginUser.combineSystemAccess(loginUser, dbTransaction, groups);
1150
- const output = [];
1151
- if (systemAccess) {
1152
- for (let i = 0; i < systemAccess.length; i++) {
1153
- const system = yield LoginUser._SystemRepository.findOne({
1154
- where: {
1155
- SystemCode: systemAccess[i].SystemCode,
1156
- Status: 'Active',
1157
- },
1158
- });
1159
- output.push({
1160
- UserSystemAccessId: systemAccess[i].UserSystemAccessId,
1161
- UserId: systemAccess[i].UserId,
1162
- SystemCode: systemAccess[i].SystemCode,
1163
- Status: systemAccess[i].Status,
1164
- CreatedById: systemAccess[i].CreatedById,
1165
- UpdatedById: systemAccess[i].UpdatedById,
1166
- CreatedAt: systemAccess[i].CreatedAt,
1167
- UpdatedAt: systemAccess[i].UpdatedAt,
1168
- System: system,
1169
- });
1170
- }
1171
- }
1172
- return output;
1173
- });
1174
- }
1175
- static check2FA(loginUser, dbTransaction) {
1176
- return __awaiter(this, void 0, void 0, function* () {
1177
- try {
1178
- const user = yield LoginUser._Repository.findOne({
1179
- where: {
1180
- UserId: loginUser.UserId,
1181
- },
1182
- transaction: dbTransaction,
1183
- });
1184
- if (user.MFAEnabled === 1) {
1185
- return true;
1186
- }
1187
- return false;
1188
- }
1189
- catch (error) {
1190
- throw error;
1191
- }
1192
- });
1193
- }
1194
- static setup2FA(userId, dbTransaction) {
1195
- var _a, _b, _c, _d;
1196
- return __awaiter(this, void 0, void 0, function* () {
1197
- const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1198
- const user = yield LoginUser._Repository.findOne({
1199
- where: {
1200
- UserId: userId,
1201
- },
1202
- });
1203
- if (!user) {
1204
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Credentials');
1205
- }
1206
- const secretCode = speakeasy.generateSecret({ name: systemCode });
1207
- let userMFAConfig = null;
1208
- if ((user === null || user === void 0 ? void 0 : user.MFAConfig) !== null && typeof (user === null || user === void 0 ? void 0 : user.MFAConfig) === 'string') {
1209
- try {
1210
- userMFAConfig = JSON.parse(user === null || user === void 0 ? void 0 : user.MFAConfig);
1211
- }
1212
- catch (error) {
1213
- console.error('Invalid JSON string on MFAConfig:', error);
1214
- }
1215
- }
1216
- const MFAConfig = {
1217
- totp: {
1218
- enabled: true,
1219
- secret: secretCode.base32,
1220
- issuer: systemCode,
1221
- },
1222
- sms: {
1223
- enabled: ((_a = userMFAConfig === null || userMFAConfig === void 0 ? void 0 : userMFAConfig.sms) === null || _a === void 0 ? void 0 : _a.enable) || false,
1224
- phoneNumber: ((_b = userMFAConfig === null || userMFAConfig === void 0 ? void 0 : userMFAConfig.sms) === null || _b === void 0 ? void 0 : _b.phoneNumber) || '',
1225
- },
1226
- email: {
1227
- enabled: ((_c = userMFAConfig === null || userMFAConfig === void 0 ? void 0 : userMFAConfig.email) === null || _c === void 0 ? void 0 : _c.enable) || false,
1228
- emailAddress: ((_d = userMFAConfig === null || userMFAConfig === void 0 ? void 0 : userMFAConfig.email) === null || _d === void 0 ? void 0 : _d.emailAddress) || '',
1229
- },
1230
- };
1231
- user.MFAEnabled = 0;
1232
- user.MFAConfig = JSON.stringify(MFAConfig);
1233
- yield LoginUser._Repository.update({
1234
- MFAEnabled: user.MFAEnabled,
1235
- MFAConfig: user.MFAConfig,
1236
- }, {
1237
- where: {
1238
- UserId: userId,
1239
- },
1240
- transaction: dbTransaction,
1241
- });
1242
- return secretCode.otpauth_url;
1243
- });
1244
- }
1245
- verify2FASetup(userId, mfaToken, dbTransaction) {
1246
- return __awaiter(this, void 0, void 0, function* () {
1247
- const user = yield LoginUser._Repository.findOne({
1248
- where: {
1249
- UserId: userId,
1250
- },
1251
- });
1252
- if (!user) {
1253
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Credentials');
1254
- }
1255
- let userMFAConfig = null;
1256
- if ((user === null || user === void 0 ? void 0 : user.MFAConfig) !== null && typeof (user === null || user === void 0 ? void 0 : user.MFAConfig) === 'string') {
1257
- try {
1258
- userMFAConfig = JSON.parse(user === null || user === void 0 ? void 0 : user.MFAConfig);
1259
- }
1260
- catch (error) {
1261
- console.error('Invalid JSON string on MFAConfig:', error);
1262
- }
1263
- }
1264
- const isVerified = yield speakeasy.totp.verify({
1265
- secret: userMFAConfig.totp.secret,
1266
- encoding: 'base32',
1267
- token: mfaToken,
1268
- });
1269
- if (!isVerified) {
1270
- return false;
1271
- }
1272
- yield LoginUser._Repository.update({
1273
- MFAEnabled: 1,
1274
- }, {
1275
- where: {
1276
- UserId: userId,
1277
- },
1278
- transaction: dbTransaction,
1279
- });
1280
- const userSession = yield this._SessionService.retrieveUserSession(`${userId}`);
1281
- const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1282
- const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1283
- return `${userId}:${systemLogin.sessionId}`;
1284
- });
1285
- }
1286
- verify2FACode(userId, mfaToken, dbTransaction) {
1287
- return __awaiter(this, void 0, void 0, function* () {
1288
- const user = yield LoginUser._Repository.findOne({
1289
- where: {
1290
- UserId: userId,
1291
- },
1292
- transaction: dbTransaction,
1293
- });
1294
- if (!user) {
1295
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Credentials');
1296
- }
1297
- let userMFAConfig = null;
1298
- if ((user === null || user === void 0 ? void 0 : user.MFAConfig) !== null && typeof (user === null || user === void 0 ? void 0 : user.MFAConfig) === 'string') {
1299
- try {
1300
- userMFAConfig = JSON.parse(user === null || user === void 0 ? void 0 : user.MFAConfig);
1301
- }
1302
- catch (error) {
1303
- console.error('Invalid JSON string on MFAConfig:', error);
1304
- }
1305
- }
1306
- const isVerified = yield speakeasy.totp.verify({
1307
- secret: userMFAConfig.totp.secret,
1308
- encoding: 'base32',
1309
- token: mfaToken,
1310
- });
1311
- if (!isVerified) {
1312
- return false;
1313
- }
1314
- const userSession = yield this._SessionService.retrieveUserSession(`${userId}`);
1315
- const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1316
- const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1317
- return `${userId}:${systemLogin.sessionId}`;
1318
- });
1319
- }
1320
- addUserGroup(GroupCode, loginUser, dbTransaction) {
1321
- return __awaiter(this, void 0, void 0, function* () {
1322
- const group = yield LoginUser._GroupRepo.findOne({
1323
- where: {
1324
- GroupCode,
1325
- },
1326
- transaction: dbTransaction,
1327
- });
1328
- if (!group) {
1329
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Group Code');
1330
- }
1331
- const entityValueAfter = {
1332
- UserId: this.UserId,
1333
- GroupCode: group.GroupCode,
1334
- CreatedAt: new Date(),
1335
- CreatedById: loginUser.UserId,
1336
- UpdatedAt: new Date(),
1337
- UpdatedById: loginUser.UserId,
1338
- };
1339
- yield LoginUser._UserGroupRepo.create(entityValueAfter, {
1340
- transaction: dbTransaction,
1341
- });
1342
- const activity = new activity_history_1.Activity();
1343
- activity.ActivityId = activity.createId();
1344
- activity.Action = activity_history_1.ActionEnum.ADD;
1345
- activity.Description = 'Add User Group';
1346
- activity.EntityType = 'UserGroup';
1347
- activity.EntityId = group.GroupCode;
1348
- activity.EntityValueBefore = JSON.stringify({});
1349
- activity.EntityValueAfter = JSON.stringify(entityValueAfter);
1350
- yield activity.create(loginUser.ObjectId, dbTransaction);
1351
- });
1352
- }
1353
- update(data, loginUser, dbTransaction) {
1354
- return __awaiter(this, void 0, void 0, function* () {
1355
- const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1356
- const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'User - Update');
1357
- if (!isPrivileged) {
1358
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have the privilege to update user');
1359
- }
1360
- if (!this.UserId) {
1361
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'UserId is required');
1362
- }
1363
- if (data.Email !== this.Email || data.UserName !== this.UserName) {
1364
- yield LoginUser.checkUserInfoDuplicated(dbTransaction, {
1365
- Email: data.Email,
1366
- UserName: data.UserName,
1367
- });
1368
- }
1369
- if (data.BuildingCode) {
1370
- const building = yield group_entity_1.default.findOne({
1371
- where: {
1372
- Type: 'Building',
1373
- GroupCode: data.BuildingCode,
1374
- },
1375
- transaction: dbTransaction,
1376
- });
1377
- if (!building) {
1378
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Building Code');
1379
- }
1380
- const userBuilding = yield LoginUser._UserGroupRepo.findOne({
1381
- where: {
1382
- UserId: this.UserId,
1383
- },
1384
- include: [
1385
- {
1386
- model: group_entity_1.default,
1387
- where: {
1388
- Type: 'Building',
1389
- },
1390
- },
1391
- ],
1392
- transaction: dbTransaction,
1393
- });
1394
- if (userBuilding) {
1395
- yield LoginUser._UserGroupRepo.update({
1396
- GroupCode: data.BuildingCode,
1397
- UpdatedAt: new Date(),
1398
- UpdatedById: loginUser.UserId,
1399
- }, {
1400
- where: {
1401
- UserId: this.UserId,
1402
- GroupCode: userBuilding.GroupCode,
1403
- },
1404
- transaction: dbTransaction,
1405
- });
1406
- }
1407
- else {
1408
- yield LoginUser._UserGroupRepo.create({
1409
- UserId: this.UserId,
1410
- GroupCode: data.BuildingCode,
1411
- CreatedAt: new Date(),
1412
- CreatedById: loginUser.UserId,
1413
- UpdatedAt: new Date(),
1414
- UpdatedById: loginUser.UserId,
1415
- }, {
1416
- transaction: dbTransaction,
1417
- });
1418
- }
1419
- }
1420
- if (data.CompanyCode) {
1421
- const company = yield group_entity_1.default.findOne({
1422
- where: {
1423
- Type: 'Company',
1424
- GroupCode: data.CompanyCode,
1425
- },
1426
- transaction: dbTransaction,
1427
- });
1428
- if (!company) {
1429
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Company Code');
1430
- }
1431
- const userCompany = yield LoginUser._UserGroupRepo.findOne({
1432
- where: {
1433
- UserId: this.UserId,
1434
- },
1435
- include: [
1436
- {
1437
- model: group_entity_1.default,
1438
- where: {
1439
- Type: 'Company',
1440
- },
1441
- },
1442
- ],
1443
- transaction: dbTransaction,
1444
- });
1445
- if (userCompany) {
1446
- yield LoginUser._UserGroupRepo.update({
1447
- GroupCode: data.CompanyCode,
1448
- UpdatedAt: new Date(),
1449
- UpdatedById: loginUser.UserId,
1450
- }, {
1451
- where: {
1452
- UserId: this.UserId,
1453
- GroupCode: userCompany.GroupCode,
1454
- },
1455
- transaction: dbTransaction,
1456
- });
1457
- }
1458
- else {
1459
- yield LoginUser._UserGroupRepo.create({
1460
- UserId: this.UserId,
1461
- GroupCode: data.CompanyCode,
1462
- CreatedAt: new Date(),
1463
- CreatedById: loginUser.UserId,
1464
- UpdatedAt: new Date(),
1465
- UpdatedById: loginUser.UserId,
1466
- }, {
1467
- transaction: dbTransaction,
1468
- });
1469
- }
1470
- }
1471
- if (data.DepartmentCode) {
1472
- const department = yield group_entity_1.default.findOne({
1473
- where: {
1474
- Type: 'Department',
1475
- GroupCode: data.DepartmentCode,
1476
- },
1477
- transaction: dbTransaction,
1478
- });
1479
- if (!department) {
1480
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Department Code');
1481
- }
1482
- const userDepartment = yield LoginUser._UserGroupRepo.findOne({
1483
- where: {
1484
- UserId: this.UserId,
1485
- },
1486
- include: [
1487
- {
1488
- model: group_entity_1.default,
1489
- where: {
1490
- Type: 'Department',
1491
- },
1492
- },
1493
- ],
1494
- transaction: dbTransaction,
1495
- });
1496
- if (userDepartment) {
1497
- yield LoginUser._UserGroupRepo.update({
1498
- GroupCode: data.DepartmentCode,
1499
- UpdatedAt: new Date(),
1500
- UpdatedById: loginUser.UserId,
1501
- }, {
1502
- where: {
1503
- UserId: this.UserId,
1504
- GroupCode: userDepartment.GroupCode,
1505
- },
1506
- transaction: dbTransaction,
1507
- });
1508
- }
1509
- else {
1510
- yield LoginUser._UserGroupRepo.create({
1511
- UserId: this.UserId,
1512
- GroupCode: data.DepartmentCode,
1513
- CreatedAt: new Date(),
1514
- CreatedById: loginUser.UserId,
1515
- UpdatedAt: new Date(),
1516
- UpdatedById: loginUser.UserId,
1517
- }, {
1518
- transaction: dbTransaction,
1519
- });
1520
- }
1521
- }
1522
- const entityValueBefore = {
1523
- UserId: this.UserId,
1524
- UserName: this.UserName,
1525
- Email: this.Email,
1526
- Password: this.Password,
1527
- Status: this.Status,
1528
- DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
1529
- FirstLoginAt: this.FirstLoginAt,
1530
- LastLoginAt: this.LastLoginAt,
1531
- MFAEnabled: this.MFAEnabled,
1532
- MFAConfig: this.MFAConfig,
1533
- RecoveryEmail: this.RecoveryEmail,
1534
- FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1535
- LastFailedLoginAt: this.LastFailedLoginAt,
1536
- LastPasswordChangedAt: this.LastPasswordChangedAt,
1537
- NeedToChangePasswordYN: this.NeedToChangePasswordYN,
1538
- CreatedById: this.CreatedById,
1539
- CreatedAt: this.CreatedAt,
1540
- UpdatedById: this.UpdatedById,
1541
- UpdatedAt: this.UpdatedAt,
1542
- };
1543
- this.UserName = data.UserName;
1544
- this.Email = data.Email;
1545
- this.Status = data.Status;
1546
- this.RecoveryEmail = data.RecoveryEmail;
1547
- this.UpdatedAt = new Date();
1548
- this.UpdatedById = loginUser.UserId;
1549
- yield LoginUser._Repository.update({
1550
- UserName: this.UserName,
1551
- Email: this.Email,
1552
- Status: this.Status,
1553
- RecoveryEmail: this.RecoveryEmail,
1554
- UpdatedById: this.UpdatedById,
1555
- UpdatedAt: this.UpdatedAt,
1556
- }, {
1557
- where: {
1558
- UserId: this.UserId,
1559
- },
1560
- transaction: dbTransaction,
1561
- });
1562
- const entityValueAfter = {
1563
- UserId: this.UserId,
1564
- UserName: this.UserName,
1565
- Email: this.Email,
1566
- Password: this.Password,
1567
- Status: this.Status,
1568
- DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
1569
- FirstLoginAt: this.FirstLoginAt,
1570
- LastLoginAt: this.LastLoginAt,
1571
- MFAEnabled: this.MFAEnabled,
1572
- MFAConfig: this.MFAConfig,
1573
- RecoveryEmail: this.RecoveryEmail,
1574
- FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1575
- LastFailedLoginAt: this.LastFailedLoginAt,
1576
- LastPasswordChangedAt: this.LastPasswordChangedAt,
1577
- NeedToChangePasswordYN: this.NeedToChangePasswordYN,
1578
- CreatedById: this.CreatedById,
1579
- CreatedAt: this.CreatedAt,
1580
- UpdatedById: this.UpdatedById,
1581
- UpdatedAt: this.UpdatedAt,
1582
- };
1583
- const activity = new activity_history_1.Activity();
1584
- activity.ActivityId = activity.createId();
1585
- activity.Action = activity_history_1.ActionEnum.UPDATE;
1586
- activity.Description = 'Update User';
1587
- activity.EntityType = 'LoginUser';
1588
- activity.EntityId = this.UserId.toString();
1589
- activity.EntityValueBefore = JSON.stringify(entityValueBefore);
1590
- activity.EntityValueAfter = JSON.stringify(entityValueAfter);
1591
- yield activity.create(loginUser.ObjectId, dbTransaction);
1592
- return this;
1593
- });
1594
- }
1595
139
  }
1596
140
  exports.LoginUser = LoginUser;
1597
- LoginUser._Repository = new user_repository_1.UserRepository();
1598
- LoginUser._LoginHistoryRepository = new login_history_repository_1.LoginHistoryRepository();
1599
- LoginUser._UserGroupRepo = new user_group_repository_1.UserGroupRepository();
1600
- LoginUser._UserPrivilegeRepo = new user_privilege_repository_1.UserPrivilegeRepository();
1601
- LoginUser._UserObjectPrivilegeRepo = new user_object_privilege_repository_1.UserObjectPrivilegeRepository();
1602
- LoginUser._GroupObjectPrivilegeRepo = new group_object_privilege_repository_1.GroupObjectPrivilegeRepository();
1603
- LoginUser._SystemRepository = new system_repository_1.SystemRepository();
1604
- LoginUser._UserSystemAccessRepo = new user_system_access_repository_1.UserSystemAccessRepository();
1605
- LoginUser._GroupSystemAccessRepo = new group_system_access_repository_1.GroupSystemAccessRepository();
1606
- LoginUser._GroupRepo = new group_repository_1.GroupRepository();
1607
141
  //# sourceMappingURL=login-user.js.map