@tomei/sso 0.60.4-dev.6 → 0.60.4-dev.8

package/migrations/20250610070720-added-MFBypassYN-to-sso-user.js

@@ -0,0 +1,30 @@
+'use strict';
+
+module.exports = {
+  up: async (queryInterface, Sequelize) => {
+    const transaction = await queryInterface.sequelize.transaction();
+    try {
+      await queryInterface.addColumn('sso_User', 'MFABypassYN', {
+        type: Sequelize.CHAR(1),
+        allowNull: false,
+        defaultValue: 'N',
+      });
+
+      await transaction.commit();
+    } catch (error) {
+      await transaction.rollback();
+      throw error;
+    }
+  },
+
+  down: async (queryInterface, Sequelize) => {
+    const transaction = await queryInterface.sequelize.transaction();
+    try {
+      await queryInterface.removeColumn('sso_User', 'MFABypassYN');
+      await transaction.commit();
+    } catch (error) {
+      await transaction.rollback();
+      throw error;
+    }
+  },
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tomei/sso",
-  "version": "0.60.4-dev.6",
+  "version": "0.60.4-dev.8",
   "description": "Tomei SSO Package",
   "main": "dist/index.js",
   "scripts": {

package/src/components/login-history/login-history.ts

@@ -74,6 +74,11 @@ export class LoginHistory extends ObjectBase {
               return;
             }
 
+            if (key === 'UserId') {
+              queryObj[key] = value; // Directly assign UserId
+              return;
+            }
+
             queryObj[key] = {
               [Op.substring]: value,
             };

package/src/components/login-user/interfaces/user-info.interface.ts

@@ -20,6 +20,7 @@ export interface IUserAttr extends IUserInfo {
   LastLoginAt: Date;
   MFAEnabled: number;
   MFAConfig: string;
+  MFABypassYN: string;
   RecoveryEmail: string;
   FailedLoginAttemptCount: number;
   LastFailedLoginAt: Date;

package/src/components/login-user/login-user.ts

@@ -61,6 +61,7 @@ export class LoginUser extends User implements ILoginUser {
           LastLoginAt: user.LastLoginAt,
           MFAEnabled: user.MFAEnabled,
           MFAConfig: user.MFAConfig,
+          MFABypassYN: user.MFABypassYN,
           RecoveryEmail: user.RecoveryEmail,
           FailedLoginAttemptCount: user.FailedLoginAttemptCount,
           LastFailedLoginAt: user.LastFailedLoginAt,

package/src/components/login-user/user.ts

@@ -49,6 +49,7 @@ export class User extends UserBase {
   private _LastLoginAt: Date;
   private _MFAEnabled: number;
   private _MFAConfig: string;
+  private _MFABypassYN: string;
   private _RecoveryEmail: string;
   private _FailedLoginAttemptCount: number;
   private _LastFailedLoginAt: Date;
@@ -162,6 +163,14 @@ export class User extends UserBase {
     this._MFAConfig = value;
   }
 
+  get MFABypassYN(): string {
+    return this._MFABypassYN;
+  }
+
+  private set MFABypassYN(value: string) {
+    this._MFABypassYN = value;
+  }
+
   get RecoveryEmail(): string {
     return this._RecoveryEmail;
   }
@@ -296,6 +305,7 @@ export class User extends UserBase {
       this.LastLoginAt = userInfo.LastLoginAt;
       this.MFAEnabled = userInfo.MFAEnabled;
       this.MFAConfig = userInfo.MFAConfig;
+      this.MFABypassYN = userInfo.MFABypassYN;
       this.RecoveryEmail = userInfo.RecoveryEmail;
       this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
       this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
@@ -352,6 +362,7 @@ export class User extends UserBase {
           LastLoginAt: user.LastLoginAt,
           MFAEnabled: user.MFAEnabled,
           MFAConfig: user.MFAConfig,
+          MFABypassYN: user.MFABypassYN,
           RecoveryEmail: user.RecoveryEmail,
           FailedLoginAttemptCount: user.FailedLoginAttemptCount,
           LastFailedLoginAt: user.LastFailedLoginAt,
@@ -416,6 +427,7 @@ export class User extends UserBase {
           LastLoginAt: user.LastLoginAt,
           MFAEnabled: user.MFAEnabled,
           MFAConfig: user.MFAConfig,
+          MFABypassYN: user.MFABypassYN,
           RecoveryEmail: user.RecoveryEmail,
           FailedLoginAttemptCount: user.FailedLoginAttemptCount,
           LastFailedLoginAt: user.LastFailedLoginAt,
@@ -510,6 +522,7 @@ export class User extends UserBase {
             LastLoginAt: user.LastLoginAt,
             MFAEnabled: user.MFAEnabled,
             MFAConfig: user.MFAConfig,
+            MFABypassYN: user.MFABypassYN,
             RecoveryEmail: user.RecoveryEmail,
             FailedLoginAttemptCount: user.FailedLoginAttemptCount,
             LastFailedLoginAt: user.LastFailedLoginAt,
@@ -1571,6 +1584,7 @@ export class User extends UserBase {
         LastLoginAt: null,
         MFAEnabled: null,
         MFAConfig: null,
+        MFABypassYN: YN.No,
         RecoveryEmail: null,
         FailedLoginAttemptCount: 0,
         LastFailedLoginAt: null,
@@ -2601,6 +2615,7 @@ export class User extends UserBase {
       LastLoginAt: user.LastLoginAt,
       MFAEnabled: user.MFAEnabled,
       MFAConfig: user.MFAConfig,
+      MFABypassYN: user.MFABypassYN,
       RecoveryEmail: user.RecoveryEmail,
       FailedLoginAttemptCount: user.FailedLoginAttemptCount,
       LastFailedLoginAt: user.LastFailedLoginAt,
@@ -2727,6 +2742,7 @@ export class User extends UserBase {
         LastLoginAt: user.LastLoginAt,
         MFAEnabled: user.MFAEnabled,
         MFAConfig: user.MFAConfig,
+        MFABypassYN: user.MFABypassYN,
         RecoveryEmail: user.RecoveryEmail,
         FailedLoginAttemptCount: user.FailedLoginAttemptCount,
         LastFailedLoginAt: user.LastFailedLoginAt,
@@ -2790,6 +2806,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2821,6 +2838,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2911,6 +2929,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2942,6 +2961,7 @@ export class User extends UserBase {
         LastLoginAt: this.LastLoginAt,
         MFAEnabled: this.MFAEnabled,
         MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
         RecoveryEmail: this.RecoveryEmail,
         FailedLoginAttemptCount: this.FailedLoginAttemptCount,
         LastFailedLoginAt: this.LastFailedLoginAt,
@@ -3131,4 +3151,244 @@ export class User extends UserBase {
       throw error;
     }
   }
+
+  public async enable2FABypass(loginUser: LoginUser, dbTransaction: any) {
+    try {
+      // 1. Check if MFABypassYN is already enabled
+      if (this.MFABypassYN === YN.Yes) {
+        throw new ClassError(
+          'User',
+          'UserErrMsg0X',
+          'Bypass already enabled.',
+          'enable2FABypass',
+        );
+      }
+
+      // 2. Check if user has MANAGE_MFA privilege
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'MANAGE_MFA',
+      );
+      if (!isPrivileged) {
+        throw new ClassError(
+          'LoginUser',
+          'LoginUserErrMsg0X',
+          'You do not have permission to enable MFA bypass.',
+        );
+      }
+
+      const entityValueBefore: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // 3. Update user record
+      this.MFABypassYN = YN.Yes;
+      this.UpdatedAt = new Date();
+      this.UpdatedById = loginUser.UserId;
+
+      await User._Repository.update(
+        {
+          MFABypassYN: this.MFABypassYN,
+          UpdatedAt: this.UpdatedAt,
+          UpdatedById: this.UpdatedById,
+        },
+        {
+          where: {
+            UserId: this.UserId,
+          },
+          transaction: dbTransaction,
+        },
+      );
+
+      const entityValueAfter: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // Record update activity using Activity class create method.
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.UPDATE;
+      activity.Description = `Enable 2FA Bypass For User ${this.Email}`;
+      activity.EntityType = this.ObjectType;
+      activity.EntityId = this.UserId.toString();
+      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+      activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+
+      await activity.create(loginUser.ObjectId, dbTransaction);
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  public async disable2FABypass(loginUser: LoginUser, dbTransaction: any) {
+    try {
+      // 1. Check if MFABypassYN is already disabled
+      if (this.MFABypassYN === YN.No) {
+        throw new ClassError(
+          'User',
+          'UserErrMsg0X',
+          'Bypass already disabled.',
+          'disable2FABypass',
+        );
+      }
+
+      // 2. Check if user has MANAGE_MFA privilege
+      const systemCode =
+        ApplicationConfig.getComponentConfigValue('system-code');
+      const isPrivileged = await loginUser.checkPrivileges(
+        systemCode,
+        'MANAGE_MFA',
+      );
+      if (!isPrivileged) {
+        throw new ClassError(
+          'LoginUser',
+          'LoginUserErrMsg0X',
+          'You do not have permission to enable MFA bypass.',
+        );
+      }
+
+      const entityValueBefore: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // 3. Update user record
+      this.MFABypassYN = YN.No;
+      this.UpdatedAt = new Date();
+      this.UpdatedById = loginUser.UserId;
+
+      await User._Repository.update(
+        {
+          MFABypassYN: this.MFABypassYN,
+          UpdatedAt: this.UpdatedAt,
+          UpdatedById: this.UpdatedById,
+        },
+        {
+          where: {
+            UserId: this.UserId,
+          },
+          transaction: dbTransaction,
+        },
+      );
+
+      const entityValueAfter: IUserAttr = {
+        UserId: this.UserId,
+        UserName: this.UserName,
+        FullName: this.FullName,
+        IDNo: this.IDNo,
+        IDType: this.IDType,
+        ContactNo: this.ContactNo,
+        Email: this.Email,
+        Password: this.Password,
+        Status: this.Status,
+        DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+        FirstLoginAt: this.FirstLoginAt,
+        LastLoginAt: this.LastLoginAt,
+        MFAEnabled: this.MFAEnabled,
+        MFAConfig: this.MFAConfig,
+        MFABypassYN: this.MFABypassYN,
+        RecoveryEmail: this.RecoveryEmail,
+        FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+        LastFailedLoginAt: this.LastFailedLoginAt,
+        LastPasswordChangedAt: this.LastPasswordChangedAt,
+        NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+        CreatedById: this.CreatedById,
+        CreatedAt: this.CreatedAt,
+        UpdatedById: this.UpdatedById,
+        UpdatedAt: this.UpdatedAt,
+        PasscodeHash: this.PasscodeHash,
+        PasscodeUpdatedAt: this.PasscodeUpdatedAt,
+      };
+
+      // Record update activity using Activity class create method.
+      const activity = new Activity();
+      activity.ActivityId = activity.createId();
+      activity.Action = ActionEnum.UPDATE;
+      activity.Description = `Disable 2FA Bypass For User ${this.Email}`;
+      activity.EntityType = this.ObjectType;
+      activity.EntityId = this.UserId.toString();
+      activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+      activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+
+      await activity.create(loginUser.ObjectId, dbTransaction);
+    } catch (error) {
+      throw error;
+    }
+  }
 }

package/src/models/user.entity.ts

@@ -88,6 +88,13 @@ export default class User extends Model {
   })
   DefaultPasswordChangedYN: YN;
 
+  @Column({
+    allowNull: true,
+    type: DataType.CHAR(1),
+    defaultValue: 'N',
+  })
+  MFABypassYN: YN;
+
   @Column({
     type: DataType.DATE,
   })

package/sonar-project.properties

@@ -1,23 +0,0 @@
-sonar.projectKey=all-tomei-projects_sso
-sonar.organization=all-tomei-projects
-sonar.exclusions=**/*.js,test-data,dist,coverage, node_modules, __tests__, **/*.spec.ts, __mocks__
-sonar.scm.provider=git
-
-sonar.sources=src
-sonar.test=__tests__
-sonar.test.inclusions=src/**/*.spec.ts
-
-sonar.javascript.lcov.reportPaths=./coverage/lcov.info
-sonar.testExecutionReportPaths=coverage/test-report.xml
-sonar.sourceEnconding=UTF-8
-
-# This is the name and version displayed in the SonarCloud UI.
-#sonar.projectName=sso
-#sonar.projectVersion=1.0
-
-
-# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
-#sonar.sources=.
-
-# Encoding of the source code. Default is default system encoding
-#sonar.sourceEncoding=UTF-8