@tomei/sso 0.60.4-dev.1 → 0.60.4-dev.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/coverage/lcov-report/components/login-user/login-user.ts.html +80 -73
- package/dist/src/components/login-history/index.d.ts +1 -0
- package/dist/src/components/login-history/index.js +1 -0
- package/dist/src/components/login-history/index.js.map +1 -1
- package/dist/src/components/login-history/login-history.d.ts +23 -0
- package/dist/src/components/login-history/login-history.js +88 -0
- package/dist/src/components/login-history/login-history.js.map +1 -0
- package/dist/src/components/login-history/login-history.repository.d.ts +2 -2
- package/dist/src/components/login-history/login-history.repository.js.map +1 -1
- package/dist/src/components/login-user/interfaces/user-info.interface.d.ts +1 -0
- package/dist/src/components/login-user/login-user.js +1 -0
- package/dist/src/components/login-user/login-user.js.map +1 -1
- package/dist/src/components/login-user/user.d.ts +28 -3
- package/dist/src/components/login-user/user.js +356 -13
- package/dist/src/components/login-user/user.js.map +1 -1
- package/dist/src/components/user-system-access/user-system-access.js +1 -1
- package/dist/src/components/user-system-access/user-system-access.js.map +1 -1
- package/dist/src/interfaces/login-history-search-attr.interface.d.ts +8 -0
- package/dist/src/interfaces/login-history-search-attr.interface.js +3 -0
- package/dist/src/interfaces/login-history-search-attr.interface.js.map +1 -0
- package/dist/src/interfaces/login-history.interface.d.ts +11 -0
- package/dist/src/interfaces/login-history.interface.js +3 -0
- package/dist/src/interfaces/login-history.interface.js.map +1 -0
- package/dist/src/models/login-history.entity.d.ts +2 -2
- package/dist/src/models/login-history.entity.js +13 -13
- package/dist/src/models/login-history.entity.js.map +1 -1
- package/dist/src/models/user.entity.d.ts +1 -0
- package/dist/src/models/user.entity.js +8 -0
- package/dist/src/models/user.entity.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/migrations/20250610070720-added-MFBypassYN-to-sso-user.js +30 -0
- package/package.json +1 -1
- package/src/components/login-history/index.ts +1 -0
- package/src/components/login-history/login-history.repository.ts +4 -4
- package/src/components/login-history/login-history.ts +124 -0
- package/src/components/login-user/interfaces/user-info.interface.ts +1 -0
- package/src/components/login-user/login-user.ts +1 -0
- package/src/components/login-user/user.ts +434 -15
- package/src/components/user-system-access/user-system-access.ts +1 -1
- package/src/interfaces/login-history-search-attr.interface.ts +8 -0
- package/src/interfaces/login-history.interface.ts +11 -0
- package/src/models/login-history.entity.ts +2 -2
- package/src/models/user.entity.ts +7 -0
- package/sonar-project.properties +0 -23
@@ -100,6 +100,12 @@ class User extends general_1.UserBase {
|
|
100
100
|
set MFAConfig(value) {
|
101
101
|
this._MFAConfig = value;
|
102
102
|
}
|
103
|
+
get MFABypassYN() {
|
104
|
+
return this._MFABypassYN;
|
105
|
+
}
|
106
|
+
set MFABypassYN(value) {
|
107
|
+
this._MFABypassYN = value;
|
108
|
+
}
|
103
109
|
get RecoveryEmail() {
|
104
110
|
return this._RecoveryEmail;
|
105
111
|
}
|
@@ -203,6 +209,7 @@ class User extends general_1.UserBase {
|
|
203
209
|
this.LastLoginAt = userInfo.LastLoginAt;
|
204
210
|
this.MFAEnabled = userInfo.MFAEnabled;
|
205
211
|
this.MFAConfig = userInfo.MFAConfig;
|
212
|
+
this.MFABypassYN = userInfo.MFABypassYN;
|
206
213
|
this.RecoveryEmail = userInfo.RecoveryEmail;
|
207
214
|
this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
|
208
215
|
this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
|
@@ -253,6 +260,7 @@ class User extends general_1.UserBase {
|
|
253
260
|
LastLoginAt: user.LastLoginAt,
|
254
261
|
MFAEnabled: user.MFAEnabled,
|
255
262
|
MFAConfig: user.MFAConfig,
|
263
|
+
MFABypassYN: user.MFABypassYN,
|
256
264
|
RecoveryEmail: user.RecoveryEmail,
|
257
265
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
258
266
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
@@ -312,6 +320,7 @@ class User extends general_1.UserBase {
|
|
312
320
|
LastLoginAt: user.LastLoginAt,
|
313
321
|
MFAEnabled: user.MFAEnabled,
|
314
322
|
MFAConfig: user.MFAConfig,
|
323
|
+
MFABypassYN: user.MFABypassYN,
|
315
324
|
RecoveryEmail: user.RecoveryEmail,
|
316
325
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
317
326
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
@@ -389,6 +398,7 @@ class User extends general_1.UserBase {
|
|
389
398
|
LastLoginAt: user.LastLoginAt,
|
390
399
|
MFAEnabled: user.MFAEnabled,
|
391
400
|
MFAConfig: user.MFAConfig,
|
401
|
+
MFABypassYN: user.MFABypassYN,
|
392
402
|
RecoveryEmail: user.RecoveryEmail,
|
393
403
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
394
404
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
@@ -441,7 +451,7 @@ class User extends general_1.UserBase {
|
|
441
451
|
},
|
442
452
|
});
|
443
453
|
if (!system) {
|
444
|
-
throw new Error('
|
454
|
+
throw new Error('Access denied: invalid or unauthorized system.');
|
445
455
|
}
|
446
456
|
const passwordHashService = new password_hash_service_1.PasswordHashService();
|
447
457
|
const isPasswordValid = yield passwordHashService.verify(password, this.Password);
|
@@ -456,13 +466,13 @@ class User extends general_1.UserBase {
|
|
456
466
|
this.Status = enum_1.UserStatus.ACTIVE;
|
457
467
|
}
|
458
468
|
else {
|
459
|
-
throw new Error('
|
469
|
+
throw new Error('Your account has been locked. Please contact the administrator for assistance.');
|
460
470
|
}
|
461
471
|
}
|
462
472
|
}
|
463
473
|
catch (error) {
|
464
474
|
yield this.incrementFailedLoginAttemptCount(dbTransaction);
|
465
|
-
throw
|
475
|
+
throw error;
|
466
476
|
}
|
467
477
|
const system = yield User._SystemRepository.findOne({
|
468
478
|
where: {
|
@@ -1076,6 +1086,7 @@ class User extends general_1.UserBase {
|
|
1076
1086
|
LastLoginAt: null,
|
1077
1087
|
MFAEnabled: null,
|
1078
1088
|
MFAConfig: null,
|
1089
|
+
MFABypassYN: yn_enum_1.YN.No,
|
1079
1090
|
RecoveryEmail: null,
|
1080
1091
|
FailedLoginAttemptCount: 0,
|
1081
1092
|
LastFailedLoginAt: null,
|
@@ -1164,7 +1175,7 @@ class User extends general_1.UserBase {
|
|
1164
1175
|
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account');
|
1165
1176
|
}
|
1166
1177
|
if (this.Status == enum_1.UserStatus.LOCKED) {
|
1167
|
-
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', '
|
1178
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account.');
|
1168
1179
|
}
|
1169
1180
|
});
|
1170
1181
|
}
|
@@ -1337,13 +1348,31 @@ class User extends general_1.UserBase {
|
|
1337
1348
|
console.error('Invalid JSON string on MFAConfig:', error);
|
1338
1349
|
}
|
1339
1350
|
}
|
1340
|
-
const
|
1351
|
+
const isCurrentValid = yield speakeasy.totp.verify({
|
1341
1352
|
secret: userMFAConfig.totp.secret,
|
1342
1353
|
encoding: 'base32',
|
1343
1354
|
token: mfaToken,
|
1355
|
+
window: 0,
|
1344
1356
|
});
|
1345
|
-
if (!
|
1346
|
-
|
1357
|
+
if (!isCurrentValid) {
|
1358
|
+
const isExpired = yield speakeasy.totp.verify({
|
1359
|
+
secret: userMFAConfig.totp.secret,
|
1360
|
+
encoding: 'base32',
|
1361
|
+
token: mfaToken,
|
1362
|
+
window: 2,
|
1363
|
+
});
|
1364
|
+
if (isExpired) {
|
1365
|
+
return {
|
1366
|
+
success: false,
|
1367
|
+
reason: 'MFA token has expired. Please try again.',
|
1368
|
+
};
|
1369
|
+
}
|
1370
|
+
else {
|
1371
|
+
return {
|
1372
|
+
success: false,
|
1373
|
+
reason: 'Invalid MFA token. Check your authenticator app.',
|
1374
|
+
};
|
1375
|
+
}
|
1347
1376
|
}
|
1348
1377
|
user.MFAEnabled = 1;
|
1349
1378
|
yield user.save({ transaction: dbTransaction });
|
@@ -1356,7 +1385,7 @@ class User extends general_1.UserBase {
|
|
1356
1385
|
systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
1357
1386
|
}
|
1358
1387
|
const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
|
1359
|
-
return `${userId}:${systemLogin.sessionId}
|
1388
|
+
return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
|
1360
1389
|
});
|
1361
1390
|
}
|
1362
1391
|
verify2FACode(userId, mfaToken, systemCode, dbTransaction) {
|
@@ -1379,13 +1408,31 @@ class User extends general_1.UserBase {
|
|
1379
1408
|
console.error('Invalid JSON string on MFAConfig:', error);
|
1380
1409
|
}
|
1381
1410
|
}
|
1382
|
-
const
|
1411
|
+
const isCurrentValid = yield speakeasy.totp.verify({
|
1383
1412
|
secret: userMFAConfig.totp.secret,
|
1384
1413
|
encoding: 'base32',
|
1385
1414
|
token: mfaToken,
|
1415
|
+
window: 0,
|
1386
1416
|
});
|
1387
|
-
if (!
|
1388
|
-
|
1417
|
+
if (!isCurrentValid) {
|
1418
|
+
const isExpired = yield speakeasy.totp.verify({
|
1419
|
+
secret: userMFAConfig.totp.secret,
|
1420
|
+
encoding: 'base32',
|
1421
|
+
token: mfaToken,
|
1422
|
+
window: 2,
|
1423
|
+
});
|
1424
|
+
if (isExpired) {
|
1425
|
+
return {
|
1426
|
+
success: false,
|
1427
|
+
reason: 'MFA token has expired. Please try again.',
|
1428
|
+
};
|
1429
|
+
}
|
1430
|
+
else {
|
1431
|
+
return {
|
1432
|
+
success: false,
|
1433
|
+
reason: 'Invalid MFA token. Check your authenticator app.',
|
1434
|
+
};
|
1435
|
+
}
|
1389
1436
|
}
|
1390
1437
|
const sessionName = config_1.ApplicationConfig.getComponentConfigValue('sessionName');
|
1391
1438
|
if (!sessionName) {
|
@@ -1396,7 +1443,7 @@ class User extends general_1.UserBase {
|
|
1396
1443
|
systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
1397
1444
|
}
|
1398
1445
|
const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
|
1399
|
-
return `${userId}:${systemLogin.sessionId}
|
1446
|
+
return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
|
1400
1447
|
});
|
1401
1448
|
}
|
1402
1449
|
bypass2FA(systemCode, dbTransaction) {
|
@@ -1420,7 +1467,10 @@ class User extends general_1.UserBase {
|
|
1420
1467
|
systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
1421
1468
|
}
|
1422
1469
|
const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
|
1423
|
-
return
|
1470
|
+
return {
|
1471
|
+
success: true,
|
1472
|
+
sessionId: `${this.UserId}:${systemLogin.sessionId}`,
|
1473
|
+
};
|
1424
1474
|
}
|
1425
1475
|
catch (error) {
|
1426
1476
|
throw error;
|
@@ -1750,6 +1800,7 @@ class User extends general_1.UserBase {
|
|
1750
1800
|
LastLoginAt: user.LastLoginAt,
|
1751
1801
|
MFAEnabled: user.MFAEnabled,
|
1752
1802
|
MFAConfig: user.MFAConfig,
|
1803
|
+
MFABypassYN: user.MFABypassYN,
|
1753
1804
|
RecoveryEmail: user.RecoveryEmail,
|
1754
1805
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
1755
1806
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
@@ -1832,6 +1883,7 @@ class User extends general_1.UserBase {
|
|
1832
1883
|
LastLoginAt: user.LastLoginAt,
|
1833
1884
|
MFAEnabled: user.MFAEnabled,
|
1834
1885
|
MFAConfig: user.MFAConfig,
|
1886
|
+
MFABypassYN: user.MFABypassYN,
|
1835
1887
|
RecoveryEmail: user.RecoveryEmail,
|
1836
1888
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
1837
1889
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
@@ -1877,6 +1929,7 @@ class User extends general_1.UserBase {
|
|
1877
1929
|
LastLoginAt: this.LastLoginAt,
|
1878
1930
|
MFAEnabled: this.MFAEnabled,
|
1879
1931
|
MFAConfig: this.MFAConfig,
|
1932
|
+
MFABypassYN: this.MFABypassYN,
|
1880
1933
|
RecoveryEmail: this.RecoveryEmail,
|
1881
1934
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
1882
1935
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
@@ -1906,6 +1959,7 @@ class User extends general_1.UserBase {
|
|
1906
1959
|
LastLoginAt: this.LastLoginAt,
|
1907
1960
|
MFAEnabled: this.MFAEnabled,
|
1908
1961
|
MFAConfig: this.MFAConfig,
|
1962
|
+
MFABypassYN: this.MFABypassYN,
|
1909
1963
|
RecoveryEmail: this.RecoveryEmail,
|
1910
1964
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
1911
1965
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
@@ -1967,6 +2021,7 @@ class User extends general_1.UserBase {
|
|
1967
2021
|
LastLoginAt: this.LastLoginAt,
|
1968
2022
|
MFAEnabled: this.MFAEnabled,
|
1969
2023
|
MFAConfig: this.MFAConfig,
|
2024
|
+
MFABypassYN: this.MFABypassYN,
|
1970
2025
|
RecoveryEmail: this.RecoveryEmail,
|
1971
2026
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
1972
2027
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
@@ -1996,6 +2051,7 @@ class User extends general_1.UserBase {
|
|
1996
2051
|
LastLoginAt: this.LastLoginAt,
|
1997
2052
|
MFAEnabled: this.MFAEnabled,
|
1998
2053
|
MFAConfig: this.MFAConfig,
|
2054
|
+
MFABypassYN: this.MFABypassYN,
|
1999
2055
|
RecoveryEmail: this.RecoveryEmail,
|
2000
2056
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
2001
2057
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
@@ -2122,6 +2178,293 @@ class User extends general_1.UserBase {
|
|
2122
2178
|
}
|
2123
2179
|
});
|
2124
2180
|
}
|
2181
|
+
enable2FABypass(loginUser, dbTransaction) {
|
2182
|
+
return __awaiter(this, void 0, void 0, function* () {
|
2183
|
+
try {
|
2184
|
+
if (this.MFABypassYN === yn_enum_1.YN.Yes) {
|
2185
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already enabled.', 'enable2FABypass');
|
2186
|
+
}
|
2187
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
2188
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
2189
|
+
if (!isPrivileged) {
|
2190
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
|
2191
|
+
}
|
2192
|
+
const entityValueBefore = {
|
2193
|
+
UserId: this.UserId,
|
2194
|
+
UserName: this.UserName,
|
2195
|
+
FullName: this.FullName,
|
2196
|
+
IDNo: this.IDNo,
|
2197
|
+
IDType: this.IDType,
|
2198
|
+
ContactNo: this.ContactNo,
|
2199
|
+
Email: this.Email,
|
2200
|
+
Password: this.Password,
|
2201
|
+
Status: this.Status,
|
2202
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
2203
|
+
FirstLoginAt: this.FirstLoginAt,
|
2204
|
+
LastLoginAt: this.LastLoginAt,
|
2205
|
+
MFAEnabled: this.MFAEnabled,
|
2206
|
+
MFAConfig: this.MFAConfig,
|
2207
|
+
MFABypassYN: this.MFABypassYN,
|
2208
|
+
RecoveryEmail: this.RecoveryEmail,
|
2209
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
2210
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
2211
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
2212
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
2213
|
+
CreatedById: this.CreatedById,
|
2214
|
+
CreatedAt: this.CreatedAt,
|
2215
|
+
UpdatedById: this.UpdatedById,
|
2216
|
+
UpdatedAt: this.UpdatedAt,
|
2217
|
+
PasscodeHash: this.PasscodeHash,
|
2218
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
2219
|
+
};
|
2220
|
+
this.MFABypassYN = yn_enum_1.YN.Yes;
|
2221
|
+
this.UpdatedAt = new Date();
|
2222
|
+
this.UpdatedById = loginUser.UserId;
|
2223
|
+
yield User._Repository.update({
|
2224
|
+
MFABypassYN: this.MFABypassYN,
|
2225
|
+
UpdatedAt: this.UpdatedAt,
|
2226
|
+
UpdatedById: this.UpdatedById,
|
2227
|
+
}, {
|
2228
|
+
where: {
|
2229
|
+
UserId: this.UserId,
|
2230
|
+
},
|
2231
|
+
transaction: dbTransaction,
|
2232
|
+
});
|
2233
|
+
const entityValueAfter = {
|
2234
|
+
UserId: this.UserId,
|
2235
|
+
UserName: this.UserName,
|
2236
|
+
FullName: this.FullName,
|
2237
|
+
IDNo: this.IDNo,
|
2238
|
+
IDType: this.IDType,
|
2239
|
+
ContactNo: this.ContactNo,
|
2240
|
+
Email: this.Email,
|
2241
|
+
Password: this.Password,
|
2242
|
+
Status: this.Status,
|
2243
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
2244
|
+
FirstLoginAt: this.FirstLoginAt,
|
2245
|
+
LastLoginAt: this.LastLoginAt,
|
2246
|
+
MFAEnabled: this.MFAEnabled,
|
2247
|
+
MFAConfig: this.MFAConfig,
|
2248
|
+
MFABypassYN: this.MFABypassYN,
|
2249
|
+
RecoveryEmail: this.RecoveryEmail,
|
2250
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
2251
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
2252
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
2253
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
2254
|
+
CreatedById: this.CreatedById,
|
2255
|
+
CreatedAt: this.CreatedAt,
|
2256
|
+
UpdatedById: this.UpdatedById,
|
2257
|
+
UpdatedAt: this.UpdatedAt,
|
2258
|
+
PasscodeHash: this.PasscodeHash,
|
2259
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
2260
|
+
};
|
2261
|
+
const activity = new activity_history_1.Activity();
|
2262
|
+
activity.ActivityId = activity.createId();
|
2263
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
2264
|
+
activity.Description = `Enable 2FA Bypass For User ${this.Email}`;
|
2265
|
+
activity.EntityType = this.ObjectType;
|
2266
|
+
activity.EntityId = this.UserId.toString();
|
2267
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
2268
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
2269
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
2270
|
+
}
|
2271
|
+
catch (error) {
|
2272
|
+
throw error;
|
2273
|
+
}
|
2274
|
+
});
|
2275
|
+
}
|
2276
|
+
disable2FABypass(loginUser, dbTransaction) {
|
2277
|
+
return __awaiter(this, void 0, void 0, function* () {
|
2278
|
+
try {
|
2279
|
+
if (this.MFABypassYN === yn_enum_1.YN.No) {
|
2280
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already disabled.', 'disable2FABypass');
|
2281
|
+
}
|
2282
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
2283
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
2284
|
+
if (!isPrivileged) {
|
2285
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
|
2286
|
+
}
|
2287
|
+
const entityValueBefore = {
|
2288
|
+
UserId: this.UserId,
|
2289
|
+
UserName: this.UserName,
|
2290
|
+
FullName: this.FullName,
|
2291
|
+
IDNo: this.IDNo,
|
2292
|
+
IDType: this.IDType,
|
2293
|
+
ContactNo: this.ContactNo,
|
2294
|
+
Email: this.Email,
|
2295
|
+
Password: this.Password,
|
2296
|
+
Status: this.Status,
|
2297
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
2298
|
+
FirstLoginAt: this.FirstLoginAt,
|
2299
|
+
LastLoginAt: this.LastLoginAt,
|
2300
|
+
MFAEnabled: this.MFAEnabled,
|
2301
|
+
MFAConfig: this.MFAConfig,
|
2302
|
+
MFABypassYN: this.MFABypassYN,
|
2303
|
+
RecoveryEmail: this.RecoveryEmail,
|
2304
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
2305
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
2306
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
2307
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
2308
|
+
CreatedById: this.CreatedById,
|
2309
|
+
CreatedAt: this.CreatedAt,
|
2310
|
+
UpdatedById: this.UpdatedById,
|
2311
|
+
UpdatedAt: this.UpdatedAt,
|
2312
|
+
PasscodeHash: this.PasscodeHash,
|
2313
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
2314
|
+
};
|
2315
|
+
this.MFABypassYN = yn_enum_1.YN.No;
|
2316
|
+
this.UpdatedAt = new Date();
|
2317
|
+
this.UpdatedById = loginUser.UserId;
|
2318
|
+
yield User._Repository.update({
|
2319
|
+
MFABypassYN: this.MFABypassYN,
|
2320
|
+
UpdatedAt: this.UpdatedAt,
|
2321
|
+
UpdatedById: this.UpdatedById,
|
2322
|
+
}, {
|
2323
|
+
where: {
|
2324
|
+
UserId: this.UserId,
|
2325
|
+
},
|
2326
|
+
transaction: dbTransaction,
|
2327
|
+
});
|
2328
|
+
const entityValueAfter = {
|
2329
|
+
UserId: this.UserId,
|
2330
|
+
UserName: this.UserName,
|
2331
|
+
FullName: this.FullName,
|
2332
|
+
IDNo: this.IDNo,
|
2333
|
+
IDType: this.IDType,
|
2334
|
+
ContactNo: this.ContactNo,
|
2335
|
+
Email: this.Email,
|
2336
|
+
Password: this.Password,
|
2337
|
+
Status: this.Status,
|
2338
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
2339
|
+
FirstLoginAt: this.FirstLoginAt,
|
2340
|
+
LastLoginAt: this.LastLoginAt,
|
2341
|
+
MFAEnabled: this.MFAEnabled,
|
2342
|
+
MFAConfig: this.MFAConfig,
|
2343
|
+
MFABypassYN: this.MFABypassYN,
|
2344
|
+
RecoveryEmail: this.RecoveryEmail,
|
2345
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
2346
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
2347
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
2348
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
2349
|
+
CreatedById: this.CreatedById,
|
2350
|
+
CreatedAt: this.CreatedAt,
|
2351
|
+
UpdatedById: this.UpdatedById,
|
2352
|
+
UpdatedAt: this.UpdatedAt,
|
2353
|
+
PasscodeHash: this.PasscodeHash,
|
2354
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
2355
|
+
};
|
2356
|
+
const activity = new activity_history_1.Activity();
|
2357
|
+
activity.ActivityId = activity.createId();
|
2358
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
2359
|
+
activity.Description = `Disable 2FA Bypass For User ${this.Email}`;
|
2360
|
+
activity.EntityType = this.ObjectType;
|
2361
|
+
activity.EntityId = this.UserId.toString();
|
2362
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
2363
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
2364
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
2365
|
+
}
|
2366
|
+
catch (error) {
|
2367
|
+
throw error;
|
2368
|
+
}
|
2369
|
+
});
|
2370
|
+
}
|
2371
|
+
reset2FA(loginUser, dbTransaction) {
|
2372
|
+
return __awaiter(this, void 0, void 0, function* () {
|
2373
|
+
try {
|
2374
|
+
if (this.MFAEnabled === 0) {
|
2375
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'User not yet setup 2FA.', 'reset2FA');
|
2376
|
+
}
|
2377
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
2378
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
2379
|
+
if (!isPrivileged) {
|
2380
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to reset 2FA.');
|
2381
|
+
}
|
2382
|
+
const entityValueBefore = {
|
2383
|
+
UserId: this.UserId,
|
2384
|
+
UserName: this.UserName,
|
2385
|
+
FullName: this.FullName,
|
2386
|
+
IDNo: this.IDNo,
|
2387
|
+
IDType: this.IDType,
|
2388
|
+
ContactNo: this.ContactNo,
|
2389
|
+
Email: this.Email,
|
2390
|
+
Password: this.Password,
|
2391
|
+
Status: this.Status,
|
2392
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
2393
|
+
FirstLoginAt: this.FirstLoginAt,
|
2394
|
+
LastLoginAt: this.LastLoginAt,
|
2395
|
+
MFAEnabled: this.MFAEnabled,
|
2396
|
+
MFAConfig: this.MFAConfig,
|
2397
|
+
MFABypassYN: this.MFABypassYN,
|
2398
|
+
RecoveryEmail: this.RecoveryEmail,
|
2399
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
2400
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
2401
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
2402
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
2403
|
+
CreatedById: this.CreatedById,
|
2404
|
+
CreatedAt: this.CreatedAt,
|
2405
|
+
UpdatedById: this.UpdatedById,
|
2406
|
+
UpdatedAt: this.UpdatedAt,
|
2407
|
+
PasscodeHash: this.PasscodeHash,
|
2408
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
2409
|
+
};
|
2410
|
+
this.MFAEnabled = 0;
|
2411
|
+
this.MFABypassYN = yn_enum_1.YN.No;
|
2412
|
+
this.UpdatedAt = new Date();
|
2413
|
+
this.UpdatedById = loginUser.UserId;
|
2414
|
+
yield User._Repository.update({
|
2415
|
+
MFAEnabled: this.MFAEnabled,
|
2416
|
+
MFABypassYN: this.MFABypassYN,
|
2417
|
+
UpdatedAt: this.UpdatedAt,
|
2418
|
+
UpdatedById: this.UpdatedById,
|
2419
|
+
}, {
|
2420
|
+
where: {
|
2421
|
+
UserId: this.UserId,
|
2422
|
+
},
|
2423
|
+
transaction: dbTransaction,
|
2424
|
+
});
|
2425
|
+
const entityValueAfter = {
|
2426
|
+
UserId: this.UserId,
|
2427
|
+
UserName: this.UserName,
|
2428
|
+
FullName: this.FullName,
|
2429
|
+
IDNo: this.IDNo,
|
2430
|
+
IDType: this.IDType,
|
2431
|
+
ContactNo: this.ContactNo,
|
2432
|
+
Email: this.Email,
|
2433
|
+
Password: this.Password,
|
2434
|
+
Status: this.Status,
|
2435
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
2436
|
+
FirstLoginAt: this.FirstLoginAt,
|
2437
|
+
LastLoginAt: this.LastLoginAt,
|
2438
|
+
MFAEnabled: this.MFAEnabled,
|
2439
|
+
MFAConfig: this.MFAConfig,
|
2440
|
+
MFABypassYN: this.MFABypassYN,
|
2441
|
+
RecoveryEmail: this.RecoveryEmail,
|
2442
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
2443
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
2444
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
2445
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
2446
|
+
CreatedById: this.CreatedById,
|
2447
|
+
CreatedAt: this.CreatedAt,
|
2448
|
+
UpdatedById: this.UpdatedById,
|
2449
|
+
UpdatedAt: this.UpdatedAt,
|
2450
|
+
PasscodeHash: this.PasscodeHash,
|
2451
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
2452
|
+
};
|
2453
|
+
const activity = new activity_history_1.Activity();
|
2454
|
+
activity.ActivityId = activity.createId();
|
2455
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
2456
|
+
activity.Description = `Reset 2FA for User ${this.Email}`;
|
2457
|
+
activity.EntityType = this.ObjectType;
|
2458
|
+
activity.EntityId = this.UserId.toString();
|
2459
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
2460
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
2461
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
2462
|
+
}
|
2463
|
+
catch (error) {
|
2464
|
+
throw error;
|
2465
|
+
}
|
2466
|
+
});
|
2467
|
+
}
|
2125
2468
|
}
|
2126
2469
|
exports.User = User;
|
2127
2470
|
User._Repository = new user_repository_1.UserRepository();
|