@tomei/sso 0.60.4-dev.1 → 0.60.4-dev.10

package/src/components/login-user/user.ts

@@ -49,6 +49,7 @@ export class User extends UserBase {
   private _LastLoginAt: Date;
   private _MFAEnabled: number;
   private _MFAConfig: string;
+  private _MFABypassYN: string;
   private _RecoveryEmail: string;
   private _FailedLoginAttemptCount: number;
   private _LastFailedLoginAt: Date;
@@ -162,6 +163,14 @@ export class User extends UserBase {
     this._MFAConfig = value;
   }
 
+  get MFABypassYN(): string {
+    return this._MFABypassYN;
+  }
+
+  private set MFABypassYN(value: string) {
+    this._MFABypassYN = value;
+  }
+
   get RecoveryEmail(): string {
     return this._RecoveryEmail;
   }
@@ -296,6 +305,7 @@ export class User extends UserBase {
       this.LastLoginAt = userInfo.LastLoginAt;
       this.MFAEnabled = userInfo.MFAEnabled;
       this.MFAConfig = userInfo.MFAConfig;
+      this.MFABypassYN = userInfo.MFABypassYN;
       this.RecoveryEmail = userInfo.RecoveryEmail;
       this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
       this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
@@ -352,6 +362,7 @@ export class User extends UserBase {
           LastLoginAt: user.LastLoginAt,
           MFAEnabled: user.MFAEnabled,
           MFAConfig: user.MFAConfig,
+          MFABypassYN: user.MFABypassYN,
           RecoveryEmail: user.RecoveryEmail,
           FailedLoginAttemptCount: user.FailedLoginAttemptCount,
           LastFailedLoginAt: user.LastFailedLoginAt,
@@ -416,6 +427,7 @@ export class User extends UserBase {
           LastLoginAt: user.LastLoginAt,
           MFAEnabled: user.MFAEnabled,
           MFAConfig: user.MFAConfig,
+          MFABypassYN: user.MFABypassYN,
           RecoveryEmail: user.RecoveryEmail,
           FailedLoginAttemptCount: user.FailedLoginAttemptCount,
           LastFailedLoginAt: user.LastFailedLoginAt,
@@ -510,6 +522,7 @@ export class User extends UserBase {
             LastLoginAt: user.LastLoginAt,
             MFAEnabled: user.MFAEnabled,
             MFAConfig: user.MFAConfig,
+            MFABypassYN: user.MFABypassYN,
             RecoveryEmail: user.RecoveryEmail,
             FailedLoginAttemptCount: user.FailedLoginAttemptCount,
             LastFailedLoginAt: user.LastFailedLoginAt,
@@ -572,7 +585,7 @@ export class User extends UserBase {
           },
         });
         if (!system) {
-          throw new Error('Invalid credentials.');
+          throw new Error('Access denied: invalid or unauthorized system.');
         }
 
         // 1.5: Instantiate new PasswordHashService object and call PasswordHashService.verify method to check whether the param.Password is correct.
@@ -601,12 +614,14 @@ export class User extends UserBase {
             await User.releaseLock(this.UserId, dbTransaction);
             this.Status = UserStatus.ACTIVE;
           } else {
-            throw new Error('Invalid credentials.');
+            throw new Error(
+              'Your account has been locked. Please contact the administrator for assistance.',
+            );
           }
         }
       } catch (error) {
         await this.incrementFailedLoginAttemptCount(dbTransaction);
-        throw new Error('Invalid credentials.');
+        throw error;
       }
 
       // 2.1:  Call alertNewLogin to check whether the ip used is new ip and alert the user if it's new.
@@ -1571,6 +1586,7 @@ export class User extends UserBase {
         LastLoginAt: null,
         MFAEnabled: null,
         MFAConfig: null,
+        MFABypassYN: YN.No,
         RecoveryEmail: null,
         FailedLoginAttemptCount: 0,
         LastFailedLoginAt: null,
@@ -1718,7 +1734,7 @@ export class User extends UserBase {
       throw new ClassError(
         'LoginUser',
         'LoginUserErrMsg0X',
-        'Invalid credentials.',
+        'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account.',
       );
     }
   }
@@ -1989,15 +2005,31 @@ export class User extends UserBase {
     }
 
     // 3. Verify the mfaToken by calling speakeasy.totp.verify
-    const isVerified = await speakeasy.totp.verify({
+    const isCurrentValid = await speakeasy.totp.verify({
       secret: userMFAConfig.totp.secret,
       encoding: 'base32',
       token: mfaToken,
+      window: 0, // strict current time window
     });
+    if (!isCurrentValid) {
+      const isExpired = await speakeasy.totp.verify({
+        secret: userMFAConfig.totp.secret,
+        encoding: 'base32',
+        token: mfaToken,
+        window: 2, // allow slight leeway: previous or next 2 time steps
+      });
 
-    // 4. if not verified, then return false. if verified, Call LoginUser._Repo.update and update user data in database
-    if (!isVerified) {
-      return false;
+      if (isExpired) {
+        return {
+          success: false,
+          reason: 'MFA token has expired. Please try again.',
+        };
+      } else {
+        return {
+          success: false,
+          reason: 'Invalid MFA token. Check your authenticator app.',
+        };
+      }
     }
 
     user.MFAEnabled = 1;
@@ -2026,7 +2058,7 @@ export class User extends UserBase {
     const systemLogin = userSession.systemLogins.find(
       (e) => e.code === systemCode,
     );
-    return `${userId}:${systemLogin.sessionId}`;
+    return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
   }
 
   // This method will verify  2FA codes
@@ -2064,15 +2096,31 @@ export class User extends UserBase {
     }
 
     // 3. Verify the mfaToken by calling speakeasy.totp.verify
-    const isVerified = await speakeasy.totp.verify({
+    const isCurrentValid = await speakeasy.totp.verify({
       secret: userMFAConfig.totp.secret,
       encoding: 'base32',
       token: mfaToken,
+      window: 0, // strict current time window
     });
+    if (!isCurrentValid) {
+      const isExpired = await speakeasy.totp.verify({
+        secret: userMFAConfig.totp.secret,
+        encoding: 'base32',
+        token: mfaToken,
+        window: 2, // allow slight leeway: previous or next 2 time steps
+      });
 
-    // 4. if not verified, then return false. if verified, Call LoginUser._Repo.update and update user data in database
-    if (!isVerified) {
-      return false;
+      if (isExpired) {
+        return {
+          success: false,
+          reason: 'MFA token has expired. Please try again.',
+        };
+      } else {
+        return {
+          success: false,
+          reason: 'Invalid MFA token. Check your authenticator app.',
+        };
+      }
     }
 
     // 5. Retrieve Session
@@ -2095,7 +2143,7 @@ export class User extends UserBase {
     const systemLogin = userSession.systemLogins.find(
       (e) => e.code === systemCode,
     );
-    return `${userId}:${systemLogin.sessionId}`;
+    return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
   }
 
   public async bypass2FA(systemCode: string, dbTransaction: any) {
@@ -2138,7 +2186,10 @@ export class User extends UserBase {
       const systemLogin = userSession.systemLogins.find(
         (e) => e.code === systemCode,
       );
-      return `${this.UserId}:${systemLogin.sessionId}`;
+      return {
+        success: true,
+        sessionId: `${this.UserId}:${systemLogin.sessionId}`,
+      };
     } catch (error) {
       throw error;
     }
@@ -2601,6 +2652,7 @@ export class User extends UserBase {
       LastLoginAt: user.LastLoginAt,
       MFAEnabled: user.MFAEnabled,
       MFAConfig: user.MFAConfig,
+      MFABypassYN: user.MFABypassYN,
       RecoveryEmail: user.RecoveryEmail,
       FailedLoginAttemptCount: user.FailedLoginAttemptCount,
       LastFailedLoginAt: user.LastFailedLoginAt,
@@ -2727,6 +2779,7 @@ export class User extends UserBase {
         LastLoginAt: user.LastLoginAt,
         MFAEnabled: user.MFAEnabled,
         MFAConfig: user.MFAConfig,
+        MFABypassYN: user.MFABypassYN,
         RecoveryEmail: user.RecoveryEmail,
         FailedLoginAttemptCount: user.FailedLoginAttemptCount,
         LastFailedLoginAt: user.LastFailedLoginAt,
@@ -2790,6 +2843,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2821,6 +2875,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2911,6 +2966,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2942,6 +2998,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -3131,4 +3188,366 @@ export class User extends UserBase {
       throw error;
     }
   }
+
+  public async enable2FABypass(loginUser: LoginUser, dbTransaction: any) {
+    try {
+      // 1. Check if MFABypassYN is already enabled
+      if (this.MFABypassYN === YN.Yes) {
+        throw new ClassError(
+          'User',
+          'UserErrMsg0X',
+          'Bypass already enabled.',
+          'enable2FABypass',
+        );
+      }
+
+      // 2. Check if user has MANAGE_MFA privilege
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'MANAGE_MFA',
+      );
+      if (!isPrivileged) {
+        throw new ClassError(
+          'LoginUser',
+          'LoginUserErrMsg0X',
+          'You do not have permission to enable MFA bypass.',
+        );
+      }
+
+      const entityValueBefore: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // 3. Update user record
+      this.MFABypassYN = YN.Yes;
+      this.UpdatedAt = new Date();
+      this.UpdatedById = loginUser.UserId;
+
+      await User._Repository.update(
+        {
+          MFABypassYN: this.MFABypassYN,
+          UpdatedAt: this.UpdatedAt,
+          UpdatedById: this.UpdatedById,
+        },
+        {
+          where: {
+            UserId: this.UserId,
+          },
+          transaction: dbTransaction,
+        },
+      );
+
+      const entityValueAfter: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // Record update activity using Activity class create method.
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.UPDATE;
+      activity.Description = `Enable 2FA Bypass For User ${this.Email}`;
+      activity.EntityType = this.ObjectType;
+      activity.EntityId = this.UserId.toString();
+      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+      activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+
+      await activity.create(loginUser.ObjectId, dbTransaction);
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public async disable2FABypass(loginUser: LoginUser, dbTransaction: any) {
+    try {
+      // 1. Check if MFABypassYN is already disabled
+      if (this.MFABypassYN === YN.No) {
+        throw new ClassError(
+          'User',
+          'UserErrMsg0X',
+          'Bypass already disabled.',
+          'disable2FABypass',
+        );
+      }
+
+      // 2. Check if user has MANAGE_MFA privilege
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'MANAGE_MFA',
+      );
+      if (!isPrivileged) {
+        throw new ClassError(
+          'LoginUser',
+          'LoginUserErrMsg0X',
+          'You do not have permission to enable MFA bypass.',
+        );
+      }
+
+      const entityValueBefore: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // 3. Update user record
+      this.MFABypassYN = YN.No;
+      this.UpdatedAt = new Date();
+      this.UpdatedById = loginUser.UserId;
+
+      await User._Repository.update(
+        {
+          MFABypassYN: this.MFABypassYN,
+          UpdatedAt: this.UpdatedAt,
+          UpdatedById: this.UpdatedById,
+        },
+        {
+          where: {
+            UserId: this.UserId,
+          },
+          transaction: dbTransaction,
+        },
+      );
+
+      const entityValueAfter: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // Record update activity using Activity class create method.
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.UPDATE;
+      activity.Description = `Disable 2FA Bypass For User ${this.Email}`;
+      activity.EntityType = this.ObjectType;
+      activity.EntityId = this.UserId.toString();
+      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+      activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+
+      await activity.create(loginUser.ObjectId, dbTransaction);
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public async reset2FA(loginUser: LoginUser, dbTransaction: any) {
+    try {
+      // 1. Check if MFABypassYN is already disabled
+      if (this.MFAEnabled === 0) {
+        throw new ClassError(
+          'User',
+          'UserErrMsg0X',
+          'User not yet setup 2FA.',
+          'reset2FA',
+        );
+      }
+
+      // 2. Check if user has MANAGE_MFA privilege
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'MANAGE_MFA',
+      );
+      if (!isPrivileged) {
+        throw new ClassError(
+          'LoginUser',
+          'LoginUserErrMsg0X',
+          'You do not have permission to reset 2FA.',
+        );
+      }
+
+      const entityValueBefore: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // 3. Update user record
+      this.MFAEnabled = 0;
+      this.MFABypassYN = YN.No;
+      this.UpdatedAt = new Date();
+      this.UpdatedById = loginUser.UserId;
+
+      await User._Repository.update(
+        {
+          MFAEnabled: this.MFAEnabled,
+          MFABypassYN: this.MFABypassYN,
+          UpdatedAt: this.UpdatedAt,
+          UpdatedById: this.UpdatedById,
+        },
+        {
+          where: {
+            UserId: this.UserId,
+          },
+          transaction: dbTransaction,
+        },
+      );
+
+      const entityValueAfter: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // Record update activity using Activity class create method.
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.UPDATE;
+      activity.Description = `Reset 2FA for User ${this.Email}`;
+      activity.EntityType = this.ObjectType;
+      activity.EntityId = this.UserId.toString();
+      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+      activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+
+      await activity.create(loginUser.ObjectId, dbTransaction);
+    } catch (error) {
+      throw error;
+    }
+  }
 }

package/src/components/user-system-access/user-system-access.ts

@@ -249,7 +249,7 @@ export class UserSystemAccess extends ObjectBase {
                 Status: UserStatus.ACTIVE,
               },
               as: 'User',
-              attributes: ['UserId', 'FullName'],
+              attributes: ['UserId', 'FullName', 'Email'],
             },
           ],
         };

package/src/interfaces/login-history-search-attr.interface.ts

@@ -0,0 +1,8 @@
+export interface ILoginHistorySearchAttr {
+  UserId?: number;
+  SystemCode?: string;
+  LoginStatus?: string;
+  OriginIP?: string;
+  DateFrom?: Date;
+  DateTo?: Date;
+}

package/src/interfaces/login-history.interface.ts

@@ -0,0 +1,11 @@
+export interface ILoginHistoryAttr {
+  HistoryId: number;
+  UserId: number;
+  User?: {
+    UserName: string;
+  };
+  OriginIp: string;
+  SystemCode: string;
+  LoginStatus: string;
+  CreatedAt: Date;
+}

package/src/models/login-history.entity.ts

@@ -17,7 +17,7 @@ import { LoginStatusEnum } from '../enum/login-status.enum';
   createdAt: 'CreatedAt',
   updatedAt: false,
 })
-export default class LoginHistory extends Model {
+export default class LoginHistoryModel extends Model {
   @Column({
     primaryKey: true,
     allowNull: false,
@@ -38,7 +38,7 @@ export default class LoginHistory extends Model {
     allowNull: true,
     type: DataType.STRING(10),
   })
-  SystemCode: number;
+  SystemCode: string;
 
   @Column({
     allowNull: true,

package/src/models/user.entity.ts

@@ -88,6 +88,13 @@ export default class User extends Model {
   })
   DefaultPasswordChangedYN: YN;
 
+  @Column({
+    allowNull: true,
+    type: DataType.CHAR(1),
+    defaultValue: 'N',
+  })
+  MFABypassYN: YN;
+
   @Column({
     type: DataType.DATE,
   })

package/sonar-project.properties

@@ -1,23 +0,0 @@
-sonar.projectKey=all-tomei-projects_sso
-sonar.organization=all-tomei-projects
-sonar.exclusions=**/*.js,test-data,dist,coverage, node_modules, __tests__, **/*.spec.ts, __mocks__
-sonar.scm.provider=git
-
-sonar.sources=src
-sonar.test=__tests__
-sonar.test.inclusions=src/**/*.spec.ts
-
-sonar.javascript.lcov.reportPaths=./coverage/lcov.info
-sonar.testExecutionReportPaths=coverage/test-report.xml
-sonar.sourceEnconding=UTF-8
-
-# This is the name and version displayed in the SonarCloud UI.
-#sonar.projectName=sso
-#sonar.projectVersion=1.0
-
-
-# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
-#sonar.sources=.
-
-# Encoding of the source code. Default is default system encoding
-#sonar.sourceEncoding=UTF-8