@tomei/sso 0.60.4-dev.1 → 0.60.4-dev.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/coverage/lcov-report/components/login-user/login-user.ts.html +80 -73
  2. package/dist/src/components/login-history/index.d.ts +1 -0
  3. package/dist/src/components/login-history/index.js +1 -0
  4. package/dist/src/components/login-history/index.js.map +1 -1
  5. package/dist/src/components/login-history/login-history.d.ts +23 -0
  6. package/dist/src/components/login-history/login-history.js +88 -0
  7. package/dist/src/components/login-history/login-history.js.map +1 -0
  8. package/dist/src/components/login-history/login-history.repository.d.ts +2 -2
  9. package/dist/src/components/login-history/login-history.repository.js.map +1 -1
  10. package/dist/src/components/login-user/interfaces/user-info.interface.d.ts +1 -0
  11. package/dist/src/components/login-user/login-user.js +1 -0
  12. package/dist/src/components/login-user/login-user.js.map +1 -1
  13. package/dist/src/components/login-user/user.d.ts +28 -3
  14. package/dist/src/components/login-user/user.js +356 -13
  15. package/dist/src/components/login-user/user.js.map +1 -1
  16. package/dist/src/components/user-system-access/user-system-access.js +1 -1
  17. package/dist/src/components/user-system-access/user-system-access.js.map +1 -1
  18. package/dist/src/interfaces/login-history-search-attr.interface.d.ts +8 -0
  19. package/dist/src/interfaces/login-history-search-attr.interface.js +3 -0
  20. package/dist/src/interfaces/login-history-search-attr.interface.js.map +1 -0
  21. package/dist/src/interfaces/login-history.interface.d.ts +11 -0
  22. package/dist/src/interfaces/login-history.interface.js +3 -0
  23. package/dist/src/interfaces/login-history.interface.js.map +1 -0
  24. package/dist/src/models/login-history.entity.d.ts +2 -2
  25. package/dist/src/models/login-history.entity.js +13 -13
  26. package/dist/src/models/login-history.entity.js.map +1 -1
  27. package/dist/src/models/user.entity.d.ts +1 -0
  28. package/dist/src/models/user.entity.js +8 -0
  29. package/dist/src/models/user.entity.js.map +1 -1
  30. package/dist/tsconfig.tsbuildinfo +1 -1
  31. package/migrations/20250610070720-added-MFBypassYN-to-sso-user.js +30 -0
  32. package/package.json +1 -1
  33. package/src/components/login-history/index.ts +1 -0
  34. package/src/components/login-history/login-history.repository.ts +4 -4
  35. package/src/components/login-history/login-history.ts +124 -0
  36. package/src/components/login-user/interfaces/user-info.interface.ts +1 -0
  37. package/src/components/login-user/login-user.ts +1 -0
  38. package/src/components/login-user/user.ts +434 -15
  39. package/src/components/user-system-access/user-system-access.ts +1 -1
  40. package/src/interfaces/login-history-search-attr.interface.ts +8 -0
  41. package/src/interfaces/login-history.interface.ts +11 -0
  42. package/src/models/login-history.entity.ts +2 -2
  43. package/src/models/user.entity.ts +7 -0
  44. package/sonar-project.properties +0 -23
@@ -100,6 +100,12 @@ class User extends general_1.UserBase {
100
100
  set MFAConfig(value) {
101
101
  this._MFAConfig = value;
102
102
  }
103
+ get MFABypassYN() {
104
+ return this._MFABypassYN;
105
+ }
106
+ set MFABypassYN(value) {
107
+ this._MFABypassYN = value;
108
+ }
103
109
  get RecoveryEmail() {
104
110
  return this._RecoveryEmail;
105
111
  }
@@ -203,6 +209,7 @@ class User extends general_1.UserBase {
203
209
  this.LastLoginAt = userInfo.LastLoginAt;
204
210
  this.MFAEnabled = userInfo.MFAEnabled;
205
211
  this.MFAConfig = userInfo.MFAConfig;
212
+ this.MFABypassYN = userInfo.MFABypassYN;
206
213
  this.RecoveryEmail = userInfo.RecoveryEmail;
207
214
  this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
208
215
  this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
@@ -253,6 +260,7 @@ class User extends general_1.UserBase {
253
260
  LastLoginAt: user.LastLoginAt,
254
261
  MFAEnabled: user.MFAEnabled,
255
262
  MFAConfig: user.MFAConfig,
263
+ MFABypassYN: user.MFABypassYN,
256
264
  RecoveryEmail: user.RecoveryEmail,
257
265
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
258
266
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -312,6 +320,7 @@ class User extends general_1.UserBase {
312
320
  LastLoginAt: user.LastLoginAt,
313
321
  MFAEnabled: user.MFAEnabled,
314
322
  MFAConfig: user.MFAConfig,
323
+ MFABypassYN: user.MFABypassYN,
315
324
  RecoveryEmail: user.RecoveryEmail,
316
325
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
317
326
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -389,6 +398,7 @@ class User extends general_1.UserBase {
389
398
  LastLoginAt: user.LastLoginAt,
390
399
  MFAEnabled: user.MFAEnabled,
391
400
  MFAConfig: user.MFAConfig,
401
+ MFABypassYN: user.MFABypassYN,
392
402
  RecoveryEmail: user.RecoveryEmail,
393
403
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
394
404
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -441,7 +451,7 @@ class User extends general_1.UserBase {
441
451
  },
442
452
  });
443
453
  if (!system) {
444
- throw new Error('Invalid credentials.');
454
+ throw new Error('Access denied: invalid or unauthorized system.');
445
455
  }
446
456
  const passwordHashService = new password_hash_service_1.PasswordHashService();
447
457
  const isPasswordValid = yield passwordHashService.verify(password, this.Password);
@@ -456,13 +466,13 @@ class User extends general_1.UserBase {
456
466
  this.Status = enum_1.UserStatus.ACTIVE;
457
467
  }
458
468
  else {
459
- throw new Error('Invalid credentials.');
469
+ throw new Error('Your account has been locked. Please contact the administrator for assistance.');
460
470
  }
461
471
  }
462
472
  }
463
473
  catch (error) {
464
474
  yield this.incrementFailedLoginAttemptCount(dbTransaction);
465
- throw new Error('Invalid credentials.');
475
+ throw error;
466
476
  }
467
477
  const system = yield User._SystemRepository.findOne({
468
478
  where: {
@@ -1076,6 +1086,7 @@ class User extends general_1.UserBase {
1076
1086
  LastLoginAt: null,
1077
1087
  MFAEnabled: null,
1078
1088
  MFAConfig: null,
1089
+ MFABypassYN: yn_enum_1.YN.No,
1079
1090
  RecoveryEmail: null,
1080
1091
  FailedLoginAttemptCount: 0,
1081
1092
  LastFailedLoginAt: null,
@@ -1164,7 +1175,7 @@ class User extends general_1.UserBase {
1164
1175
  throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account');
1165
1176
  }
1166
1177
  if (this.Status == enum_1.UserStatus.LOCKED) {
1167
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid credentials.');
1178
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account.');
1168
1179
  }
1169
1180
  });
1170
1181
  }
@@ -1337,13 +1348,31 @@ class User extends general_1.UserBase {
1337
1348
  console.error('Invalid JSON string on MFAConfig:', error);
1338
1349
  }
1339
1350
  }
1340
- const isVerified = yield speakeasy.totp.verify({
1351
+ const isCurrentValid = yield speakeasy.totp.verify({
1341
1352
  secret: userMFAConfig.totp.secret,
1342
1353
  encoding: 'base32',
1343
1354
  token: mfaToken,
1355
+ window: 0,
1344
1356
  });
1345
- if (!isVerified) {
1346
- return false;
1357
+ if (!isCurrentValid) {
1358
+ const isExpired = yield speakeasy.totp.verify({
1359
+ secret: userMFAConfig.totp.secret,
1360
+ encoding: 'base32',
1361
+ token: mfaToken,
1362
+ window: 2,
1363
+ });
1364
+ if (isExpired) {
1365
+ return {
1366
+ success: false,
1367
+ reason: 'MFA token has expired. Please try again.',
1368
+ };
1369
+ }
1370
+ else {
1371
+ return {
1372
+ success: false,
1373
+ reason: 'Invalid MFA token. Check your authenticator app.',
1374
+ };
1375
+ }
1347
1376
  }
1348
1377
  user.MFAEnabled = 1;
1349
1378
  yield user.save({ transaction: dbTransaction });
@@ -1356,7 +1385,7 @@ class User extends general_1.UserBase {
1356
1385
  systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1357
1386
  }
1358
1387
  const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1359
- return `${userId}:${systemLogin.sessionId}`;
1388
+ return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
1360
1389
  });
1361
1390
  }
1362
1391
  verify2FACode(userId, mfaToken, systemCode, dbTransaction) {
@@ -1379,13 +1408,31 @@ class User extends general_1.UserBase {
1379
1408
  console.error('Invalid JSON string on MFAConfig:', error);
1380
1409
  }
1381
1410
  }
1382
- const isVerified = yield speakeasy.totp.verify({
1411
+ const isCurrentValid = yield speakeasy.totp.verify({
1383
1412
  secret: userMFAConfig.totp.secret,
1384
1413
  encoding: 'base32',
1385
1414
  token: mfaToken,
1415
+ window: 0,
1386
1416
  });
1387
- if (!isVerified) {
1388
- return false;
1417
+ if (!isCurrentValid) {
1418
+ const isExpired = yield speakeasy.totp.verify({
1419
+ secret: userMFAConfig.totp.secret,
1420
+ encoding: 'base32',
1421
+ token: mfaToken,
1422
+ window: 2,
1423
+ });
1424
+ if (isExpired) {
1425
+ return {
1426
+ success: false,
1427
+ reason: 'MFA token has expired. Please try again.',
1428
+ };
1429
+ }
1430
+ else {
1431
+ return {
1432
+ success: false,
1433
+ reason: 'Invalid MFA token. Check your authenticator app.',
1434
+ };
1435
+ }
1389
1436
  }
1390
1437
  const sessionName = config_1.ApplicationConfig.getComponentConfigValue('sessionName');
1391
1438
  if (!sessionName) {
@@ -1396,7 +1443,7 @@ class User extends general_1.UserBase {
1396
1443
  systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1397
1444
  }
1398
1445
  const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1399
- return `${userId}:${systemLogin.sessionId}`;
1446
+ return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
1400
1447
  });
1401
1448
  }
1402
1449
  bypass2FA(systemCode, dbTransaction) {
@@ -1420,7 +1467,10 @@ class User extends general_1.UserBase {
1420
1467
  systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1421
1468
  }
1422
1469
  const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1423
- return `${this.UserId}:${systemLogin.sessionId}`;
1470
+ return {
1471
+ success: true,
1472
+ sessionId: `${this.UserId}:${systemLogin.sessionId}`,
1473
+ };
1424
1474
  }
1425
1475
  catch (error) {
1426
1476
  throw error;
@@ -1750,6 +1800,7 @@ class User extends general_1.UserBase {
1750
1800
  LastLoginAt: user.LastLoginAt,
1751
1801
  MFAEnabled: user.MFAEnabled,
1752
1802
  MFAConfig: user.MFAConfig,
1803
+ MFABypassYN: user.MFABypassYN,
1753
1804
  RecoveryEmail: user.RecoveryEmail,
1754
1805
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
1755
1806
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -1832,6 +1883,7 @@ class User extends general_1.UserBase {
1832
1883
  LastLoginAt: user.LastLoginAt,
1833
1884
  MFAEnabled: user.MFAEnabled,
1834
1885
  MFAConfig: user.MFAConfig,
1886
+ MFABypassYN: user.MFABypassYN,
1835
1887
  RecoveryEmail: user.RecoveryEmail,
1836
1888
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
1837
1889
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -1877,6 +1929,7 @@ class User extends general_1.UserBase {
1877
1929
  LastLoginAt: this.LastLoginAt,
1878
1930
  MFAEnabled: this.MFAEnabled,
1879
1931
  MFAConfig: this.MFAConfig,
1932
+ MFABypassYN: this.MFABypassYN,
1880
1933
  RecoveryEmail: this.RecoveryEmail,
1881
1934
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1882
1935
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -1906,6 +1959,7 @@ class User extends general_1.UserBase {
1906
1959
  LastLoginAt: this.LastLoginAt,
1907
1960
  MFAEnabled: this.MFAEnabled,
1908
1961
  MFAConfig: this.MFAConfig,
1962
+ MFABypassYN: this.MFABypassYN,
1909
1963
  RecoveryEmail: this.RecoveryEmail,
1910
1964
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1911
1965
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -1967,6 +2021,7 @@ class User extends general_1.UserBase {
1967
2021
  LastLoginAt: this.LastLoginAt,
1968
2022
  MFAEnabled: this.MFAEnabled,
1969
2023
  MFAConfig: this.MFAConfig,
2024
+ MFABypassYN: this.MFABypassYN,
1970
2025
  RecoveryEmail: this.RecoveryEmail,
1971
2026
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1972
2027
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -1996,6 +2051,7 @@ class User extends general_1.UserBase {
1996
2051
  LastLoginAt: this.LastLoginAt,
1997
2052
  MFAEnabled: this.MFAEnabled,
1998
2053
  MFAConfig: this.MFAConfig,
2054
+ MFABypassYN: this.MFABypassYN,
1999
2055
  RecoveryEmail: this.RecoveryEmail,
2000
2056
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2001
2057
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2122,6 +2178,293 @@ class User extends general_1.UserBase {
2122
2178
  }
2123
2179
  });
2124
2180
  }
2181
+ enable2FABypass(loginUser, dbTransaction) {
2182
+ return __awaiter(this, void 0, void 0, function* () {
2183
+ try {
2184
+ if (this.MFABypassYN === yn_enum_1.YN.Yes) {
2185
+ throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already enabled.', 'enable2FABypass');
2186
+ }
2187
+ const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
2188
+ const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
2189
+ if (!isPrivileged) {
2190
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
2191
+ }
2192
+ const entityValueBefore = {
2193
+ UserId: this.UserId,
2194
+ UserName: this.UserName,
2195
+ FullName: this.FullName,
2196
+ IDNo: this.IDNo,
2197
+ IDType: this.IDType,
2198
+ ContactNo: this.ContactNo,
2199
+ Email: this.Email,
2200
+ Password: this.Password,
2201
+ Status: this.Status,
2202
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2203
+ FirstLoginAt: this.FirstLoginAt,
2204
+ LastLoginAt: this.LastLoginAt,
2205
+ MFAEnabled: this.MFAEnabled,
2206
+ MFAConfig: this.MFAConfig,
2207
+ MFABypassYN: this.MFABypassYN,
2208
+ RecoveryEmail: this.RecoveryEmail,
2209
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2210
+ LastFailedLoginAt: this.LastFailedLoginAt,
2211
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2212
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2213
+ CreatedById: this.CreatedById,
2214
+ CreatedAt: this.CreatedAt,
2215
+ UpdatedById: this.UpdatedById,
2216
+ UpdatedAt: this.UpdatedAt,
2217
+ PasscodeHash: this.PasscodeHash,
2218
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2219
+ };
2220
+ this.MFABypassYN = yn_enum_1.YN.Yes;
2221
+ this.UpdatedAt = new Date();
2222
+ this.UpdatedById = loginUser.UserId;
2223
+ yield User._Repository.update({
2224
+ MFABypassYN: this.MFABypassYN,
2225
+ UpdatedAt: this.UpdatedAt,
2226
+ UpdatedById: this.UpdatedById,
2227
+ }, {
2228
+ where: {
2229
+ UserId: this.UserId,
2230
+ },
2231
+ transaction: dbTransaction,
2232
+ });
2233
+ const entityValueAfter = {
2234
+ UserId: this.UserId,
2235
+ UserName: this.UserName,
2236
+ FullName: this.FullName,
2237
+ IDNo: this.IDNo,
2238
+ IDType: this.IDType,
2239
+ ContactNo: this.ContactNo,
2240
+ Email: this.Email,
2241
+ Password: this.Password,
2242
+ Status: this.Status,
2243
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2244
+ FirstLoginAt: this.FirstLoginAt,
2245
+ LastLoginAt: this.LastLoginAt,
2246
+ MFAEnabled: this.MFAEnabled,
2247
+ MFAConfig: this.MFAConfig,
2248
+ MFABypassYN: this.MFABypassYN,
2249
+ RecoveryEmail: this.RecoveryEmail,
2250
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2251
+ LastFailedLoginAt: this.LastFailedLoginAt,
2252
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2253
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2254
+ CreatedById: this.CreatedById,
2255
+ CreatedAt: this.CreatedAt,
2256
+ UpdatedById: this.UpdatedById,
2257
+ UpdatedAt: this.UpdatedAt,
2258
+ PasscodeHash: this.PasscodeHash,
2259
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2260
+ };
2261
+ const activity = new activity_history_1.Activity();
2262
+ activity.ActivityId = activity.createId();
2263
+ activity.Action = activity_history_1.ActionEnum.UPDATE;
2264
+ activity.Description = `Enable 2FA Bypass For User ${this.Email}`;
2265
+ activity.EntityType = this.ObjectType;
2266
+ activity.EntityId = this.UserId.toString();
2267
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
2268
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
2269
+ yield activity.create(loginUser.ObjectId, dbTransaction);
2270
+ }
2271
+ catch (error) {
2272
+ throw error;
2273
+ }
2274
+ });
2275
+ }
2276
+ disable2FABypass(loginUser, dbTransaction) {
2277
+ return __awaiter(this, void 0, void 0, function* () {
2278
+ try {
2279
+ if (this.MFABypassYN === yn_enum_1.YN.No) {
2280
+ throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already disabled.', 'disable2FABypass');
2281
+ }
2282
+ const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
2283
+ const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
2284
+ if (!isPrivileged) {
2285
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
2286
+ }
2287
+ const entityValueBefore = {
2288
+ UserId: this.UserId,
2289
+ UserName: this.UserName,
2290
+ FullName: this.FullName,
2291
+ IDNo: this.IDNo,
2292
+ IDType: this.IDType,
2293
+ ContactNo: this.ContactNo,
2294
+ Email: this.Email,
2295
+ Password: this.Password,
2296
+ Status: this.Status,
2297
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2298
+ FirstLoginAt: this.FirstLoginAt,
2299
+ LastLoginAt: this.LastLoginAt,
2300
+ MFAEnabled: this.MFAEnabled,
2301
+ MFAConfig: this.MFAConfig,
2302
+ MFABypassYN: this.MFABypassYN,
2303
+ RecoveryEmail: this.RecoveryEmail,
2304
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2305
+ LastFailedLoginAt: this.LastFailedLoginAt,
2306
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2307
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2308
+ CreatedById: this.CreatedById,
2309
+ CreatedAt: this.CreatedAt,
2310
+ UpdatedById: this.UpdatedById,
2311
+ UpdatedAt: this.UpdatedAt,
2312
+ PasscodeHash: this.PasscodeHash,
2313
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2314
+ };
2315
+ this.MFABypassYN = yn_enum_1.YN.No;
2316
+ this.UpdatedAt = new Date();
2317
+ this.UpdatedById = loginUser.UserId;
2318
+ yield User._Repository.update({
2319
+ MFABypassYN: this.MFABypassYN,
2320
+ UpdatedAt: this.UpdatedAt,
2321
+ UpdatedById: this.UpdatedById,
2322
+ }, {
2323
+ where: {
2324
+ UserId: this.UserId,
2325
+ },
2326
+ transaction: dbTransaction,
2327
+ });
2328
+ const entityValueAfter = {
2329
+ UserId: this.UserId,
2330
+ UserName: this.UserName,
2331
+ FullName: this.FullName,
2332
+ IDNo: this.IDNo,
2333
+ IDType: this.IDType,
2334
+ ContactNo: this.ContactNo,
2335
+ Email: this.Email,
2336
+ Password: this.Password,
2337
+ Status: this.Status,
2338
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2339
+ FirstLoginAt: this.FirstLoginAt,
2340
+ LastLoginAt: this.LastLoginAt,
2341
+ MFAEnabled: this.MFAEnabled,
2342
+ MFAConfig: this.MFAConfig,
2343
+ MFABypassYN: this.MFABypassYN,
2344
+ RecoveryEmail: this.RecoveryEmail,
2345
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2346
+ LastFailedLoginAt: this.LastFailedLoginAt,
2347
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2348
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2349
+ CreatedById: this.CreatedById,
2350
+ CreatedAt: this.CreatedAt,
2351
+ UpdatedById: this.UpdatedById,
2352
+ UpdatedAt: this.UpdatedAt,
2353
+ PasscodeHash: this.PasscodeHash,
2354
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2355
+ };
2356
+ const activity = new activity_history_1.Activity();
2357
+ activity.ActivityId = activity.createId();
2358
+ activity.Action = activity_history_1.ActionEnum.UPDATE;
2359
+ activity.Description = `Disable 2FA Bypass For User ${this.Email}`;
2360
+ activity.EntityType = this.ObjectType;
2361
+ activity.EntityId = this.UserId.toString();
2362
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
2363
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
2364
+ yield activity.create(loginUser.ObjectId, dbTransaction);
2365
+ }
2366
+ catch (error) {
2367
+ throw error;
2368
+ }
2369
+ });
2370
+ }
2371
+ reset2FA(loginUser, dbTransaction) {
2372
+ return __awaiter(this, void 0, void 0, function* () {
2373
+ try {
2374
+ if (this.MFAEnabled === 0) {
2375
+ throw new general_1.ClassError('User', 'UserErrMsg0X', 'User not yet setup 2FA.', 'reset2FA');
2376
+ }
2377
+ const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
2378
+ const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
2379
+ if (!isPrivileged) {
2380
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to reset 2FA.');
2381
+ }
2382
+ const entityValueBefore = {
2383
+ UserId: this.UserId,
2384
+ UserName: this.UserName,
2385
+ FullName: this.FullName,
2386
+ IDNo: this.IDNo,
2387
+ IDType: this.IDType,
2388
+ ContactNo: this.ContactNo,
2389
+ Email: this.Email,
2390
+ Password: this.Password,
2391
+ Status: this.Status,
2392
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2393
+ FirstLoginAt: this.FirstLoginAt,
2394
+ LastLoginAt: this.LastLoginAt,
2395
+ MFAEnabled: this.MFAEnabled,
2396
+ MFAConfig: this.MFAConfig,
2397
+ MFABypassYN: this.MFABypassYN,
2398
+ RecoveryEmail: this.RecoveryEmail,
2399
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2400
+ LastFailedLoginAt: this.LastFailedLoginAt,
2401
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2402
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2403
+ CreatedById: this.CreatedById,
2404
+ CreatedAt: this.CreatedAt,
2405
+ UpdatedById: this.UpdatedById,
2406
+ UpdatedAt: this.UpdatedAt,
2407
+ PasscodeHash: this.PasscodeHash,
2408
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2409
+ };
2410
+ this.MFAEnabled = 0;
2411
+ this.MFABypassYN = yn_enum_1.YN.No;
2412
+ this.UpdatedAt = new Date();
2413
+ this.UpdatedById = loginUser.UserId;
2414
+ yield User._Repository.update({
2415
+ MFAEnabled: this.MFAEnabled,
2416
+ MFABypassYN: this.MFABypassYN,
2417
+ UpdatedAt: this.UpdatedAt,
2418
+ UpdatedById: this.UpdatedById,
2419
+ }, {
2420
+ where: {
2421
+ UserId: this.UserId,
2422
+ },
2423
+ transaction: dbTransaction,
2424
+ });
2425
+ const entityValueAfter = {
2426
+ UserId: this.UserId,
2427
+ UserName: this.UserName,
2428
+ FullName: this.FullName,
2429
+ IDNo: this.IDNo,
2430
+ IDType: this.IDType,
2431
+ ContactNo: this.ContactNo,
2432
+ Email: this.Email,
2433
+ Password: this.Password,
2434
+ Status: this.Status,
2435
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2436
+ FirstLoginAt: this.FirstLoginAt,
2437
+ LastLoginAt: this.LastLoginAt,
2438
+ MFAEnabled: this.MFAEnabled,
2439
+ MFAConfig: this.MFAConfig,
2440
+ MFABypassYN: this.MFABypassYN,
2441
+ RecoveryEmail: this.RecoveryEmail,
2442
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2443
+ LastFailedLoginAt: this.LastFailedLoginAt,
2444
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2445
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2446
+ CreatedById: this.CreatedById,
2447
+ CreatedAt: this.CreatedAt,
2448
+ UpdatedById: this.UpdatedById,
2449
+ UpdatedAt: this.UpdatedAt,
2450
+ PasscodeHash: this.PasscodeHash,
2451
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2452
+ };
2453
+ const activity = new activity_history_1.Activity();
2454
+ activity.ActivityId = activity.createId();
2455
+ activity.Action = activity_history_1.ActionEnum.UPDATE;
2456
+ activity.Description = `Reset 2FA for User ${this.Email}`;
2457
+ activity.EntityType = this.ObjectType;
2458
+ activity.EntityId = this.UserId.toString();
2459
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
2460
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
2461
+ yield activity.create(loginUser.ObjectId, dbTransaction);
2462
+ }
2463
+ catch (error) {
2464
+ throw error;
2465
+ }
2466
+ });
2467
+ }
2125
2468
  }
2126
2469
  exports.User = User;
2127
2470
  User._Repository = new user_repository_1.UserRepository();