@tomei/sso 0.60.4-dev.6 → 0.60.4

package/dist/components/login-user/user.js

@@ -0,0 +1,1753 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.User = void 0;
+const general_1 = require("@tomei/general");
+const user_repository_1 = require("./user.repository");
+const system_repository_1 = require("../system/system.repository");
+const login_history_repository_1 = require("../login-history/login-history.repository");
+const password_hash_service_1 = require("../password-hash/password-hash.service");
+const user_group_repository_1 = require("../user-group/user-group.repository");
+const staff_entity_1 = __importDefault(require("../../models/staff.entity"));
+const system_privilege_entity_1 = __importDefault(require("../../models/system-privilege.entity"));
+const yn_enum_1 = require("../../enum/yn.enum");
+const enum_1 = require("../../enum");
+const config_1 = require("@tomei/config");
+const sequelize_1 = require("sequelize");
+const activity_history_1 = require("@tomei/activity-history");
+const user_entity_1 = __importDefault(require("../../models/user.entity"));
+const group_entity_1 = __importDefault(require("../../models/group.entity"));
+const group_system_access_repository_1 = require("../group-system-access/group-system-access.repository");
+const group_repository_1 = require("../group/group.repository");
+const system_entity_1 = __importDefault(require("../../models/system.entity"));
+const user_system_access_repository_1 = require("../user-system-access/user-system-access.repository");
+const group_system_access_entity_1 = __importDefault(require("../../models/group-system-access.entity"));
+const user_privilege_repository_1 = require("../user-privilege/user-privilege.repository");
+const user_object_privilege_repository_1 = require("../user-object-privilege/user-object-privilege.repository");
+const group_privilege_entity_1 = __importDefault(require("../../models/group-privilege.entity"));
+const group_object_privilege_repository_1 = require("../group-object-privilege/group-object-privilege.repository");
+const speakeasy = __importStar(require("speakeasy"));
+const login_status_enum_1 = require("../../enum/login-status.enum");
+const redis_service_1 = require("../../redis-client/redis.service");
+const login_user_1 = require("./login-user");
+const session_service_1 = require("../../session/session.service");
+const crypto_1 = require("crypto");
+class User extends general_1.UserBase {
+    get SessionService() {
+        return this._SessionService;
+    }
+    get UserId() {
+        return parseInt(this.ObjectId);
+    }
+    set UserId(value) {
+        this.ObjectId = value.toString();
+    }
+    get Password() {
+        return this._Password;
+    }
+    set Password(value) {
+        this._Password = value;
+    }
+    get Status() {
+        return this._Status;
+    }
+    set Status(value) {
+        this._Status = value;
+    }
+    get UserName() {
+        return this._UserName;
+    }
+    set UserName(value) {
+        this._UserName = value;
+    }
+    get DefaultPasswordChangedYN() {
+        return this._DefaultPasswordChangedYN;
+    }
+    set DefaultPasswordChangedYN(value) {
+        this._DefaultPasswordChangedYN = value;
+    }
+    get FirstLoginAt() {
+        return this._FirstLoginAt;
+    }
+    set FirstLoginAt(value) {
+        this._FirstLoginAt = value;
+    }
+    get LastLoginAt() {
+        return this._LastLoginAt;
+    }
+    set LastLoginAt(value) {
+        this._LastLoginAt = value;
+    }
+    get MFAEnabled() {
+        return this._MFAEnabled;
+    }
+    set MFAEnabled(value) {
+        this._MFAEnabled = value;
+    }
+    get MFAConfig() {
+        return this._MFAConfig;
+    }
+    set MFAConfig(value) {
+        this._MFAConfig = value;
+    }
+    get RecoveryEmail() {
+        return this._RecoveryEmail;
+    }
+    set RecoveryEmail(value) {
+        this._RecoveryEmail = value;
+    }
+    get FailedLoginAttemptCount() {
+        return this._FailedLoginAttemptCount;
+    }
+    set FailedLoginAttemptCount(value) {
+        this._FailedLoginAttemptCount = value;
+    }
+    get LastFailedLoginAt() {
+        return this._LastFailedLoginAt;
+    }
+    set LastFailedLoginAt(value) {
+        this._LastFailedLoginAt = value;
+    }
+    get LastPasswordChangedAt() {
+        return this._LastPasswordChangedAt;
+    }
+    set LastPasswordChangedAt(value) {
+        this._LastPasswordChangedAt = value;
+    }
+    get NeedToChangePasswordYN() {
+        return this._NeedToChangePasswordYN;
+    }
+    set NeedToChangePasswordYN(value) {
+        this._NeedToChangePasswordYN = value;
+    }
+    get CreatedById() {
+        return this._CreatedById;
+    }
+    set CreatedById(value) {
+        this._CreatedById = value;
+    }
+    get CreatedAt() {
+        return this._CreatedAt;
+    }
+    set CreatedAt(value) {
+        this._CreatedAt = value;
+    }
+    get UpdatedById() {
+        return this._UpdatedById;
+    }
+    set UpdatedById(value) {
+        this._UpdatedById = value;
+    }
+    get UpdatedAt() {
+        return this._UpdatedAt;
+    }
+    set UpdatedAt(value) {
+        this._UpdatedAt = value;
+    }
+    async getDetails() {
+        return {
+            FullName: this.FullName,
+            UserName: this.UserName,
+            IDNo: this.IDNo,
+            IDType: this.IDType,
+            Email: this.Email,
+            ContactNo: this.ContactNo,
+        };
+    }
+    constructor(sessionService, dbTransaction, userInfo) {
+        super();
+        this.ObjectName = 'User';
+        this.TableName = 'sso_Users';
+        this.ObjectType = 'User';
+        this._SessionService = sessionService;
+        if (dbTransaction) {
+            this._dbTransaction = dbTransaction;
+        }
+        if (userInfo) {
+            this.UserId = userInfo.UserId;
+            this.UserName = userInfo.UserName;
+            this.FullName = userInfo.FullName;
+            this.IDNo = userInfo.IDNo;
+            this.IDType = userInfo.IDType;
+            this.Email = userInfo.Email;
+            this.ContactNo = userInfo.ContactNo;
+            this.Password = userInfo.Password;
+            this.staffs = userInfo.staffs;
+            this.Status = userInfo.Status;
+            this.DefaultPasswordChangedYN = userInfo.DefaultPasswordChangedYN;
+            this.FirstLoginAt = userInfo.FirstLoginAt;
+            this.LastLoginAt = userInfo.LastLoginAt;
+            this.MFAEnabled = userInfo.MFAEnabled;
+            this.MFAConfig = userInfo.MFAConfig;
+            this.RecoveryEmail = userInfo.RecoveryEmail;
+            this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
+            this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
+            this.LastPasswordChangedAt = userInfo.LastPasswordChangedAt;
+            this.NeedToChangePasswordYN = userInfo.NeedToChangePasswordYN;
+            this.CreatedById = userInfo.CreatedById;
+            this.CreatedAt = userInfo.CreatedAt;
+            this.UpdatedById = userInfo.UpdatedById;
+            this.UpdatedAt = userInfo.UpdatedAt;
+        }
+    }
+    static async init(sessionService, userId, dbTransaction = null) {
+        User._RedisService = await redis_service_1.RedisService.init();
+        if (userId) {
+            if (dbTransaction) {
+                User._Repository = new user_repository_1.UserRepository();
+            }
+            const user = await User._Repository.findOne({
+                where: {
+                    UserId: userId,
+                },
+                include: [
+                    {
+                        model: staff_entity_1.default,
+                    },
+                ],
+                transaction: dbTransaction,
+            });
+            if (!user) {
+                throw new Error('Invalid credentials.');
+            }
+            if (user) {
+                const userAttr = {
+                    UserId: user.UserId,
+                    UserName: user.UserName,
+                    FullName: user?.FullName || null,
+                    IDNo: user?.IdNo || null,
+                    IDType: user?.IdType || null,
+                    ContactNo: user?.ContactNo || null,
+                    Email: user.Email,
+                    Password: user.Password,
+                    Status: user.Status,
+                    DefaultPasswordChangedYN: user.DefaultPasswordChangedYN,
+                    FirstLoginAt: user.FirstLoginAt,
+                    LastLoginAt: user.LastLoginAt,
+                    MFAEnabled: user.MFAEnabled,
+                    MFAConfig: user.MFAConfig,
+                    RecoveryEmail: user.RecoveryEmail,
+                    FailedLoginAttemptCount: user.FailedLoginAttemptCount,
+                    LastFailedLoginAt: user.LastFailedLoginAt,
+                    LastPasswordChangedAt: user.LastPasswordChangedAt,
+                    NeedToChangePasswordYN: user.NeedToChangePasswordYN,
+                    CreatedById: user.CreatedById,
+                    CreatedAt: user.CreatedAt,
+                    UpdatedById: user.UpdatedById,
+                    UpdatedAt: user.UpdatedAt,
+                    staffs: user?.Staff,
+                };
+                return new User(sessionService, dbTransaction, userAttr);
+            }
+            else {
+                throw new Error('User not found');
+            }
+        }
+        return new User(sessionService, dbTransaction);
+    }
+    async setEmail(email, dbTransaction) {
+        try {
+            if (this.Email === email) {
+                return;
+            }
+            const user = await User._Repository.findOne({
+                where: {
+                    Email: email,
+                },
+                transaction: dbTransaction,
+            });
+            if (user) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Email already exists');
+            }
+            this.Email = email;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async login(systemCode, email, password, ipAddress, dbTransaction) {
+        try {
+            if (!this.ObjectId) {
+                const user = await User._Repository.findOne({
+                    transaction: dbTransaction,
+                    where: {
+                        Email: email,
+                        Status: {
+                            [sequelize_1.Op.or]: [enum_1.UserStatus.ACTIVE, enum_1.UserStatus.LOCKED],
+                        },
+                    },
+                    include: [
+                        {
+                            model: staff_entity_1.default,
+                        },
+                    ],
+                });
+                if (user) {
+                    const userAttr = {
+                        UserId: user.UserId,
+                        UserName: user.UserName,
+                        FullName: user?.FullName || null,
+                        IDNo: user?.IdNo || null,
+                        IDType: user?.IdType || null,
+                        ContactNo: user?.ContactNo || null,
+                        Email: user.Email,
+                        Password: user.Password,
+                        Status: user.Status,
+                        DefaultPasswordChangedYN: user.DefaultPasswordChangedYN,
+                        FirstLoginAt: user.FirstLoginAt,
+                        LastLoginAt: user.LastLoginAt,
+                        MFAEnabled: user.MFAEnabled,
+                        MFAConfig: user.MFAConfig,
+                        RecoveryEmail: user.RecoveryEmail,
+                        FailedLoginAttemptCount: user.FailedLoginAttemptCount,
+                        LastFailedLoginAt: user.LastFailedLoginAt,
+                        LastPasswordChangedAt: user.LastPasswordChangedAt,
+                        NeedToChangePasswordYN: user.NeedToChangePasswordYN,
+                        CreatedById: user.CreatedById,
+                        CreatedAt: user.CreatedAt,
+                        UpdatedById: user.UpdatedById,
+                        UpdatedAt: user.UpdatedAt,
+                        staffs: user?.Staff || null,
+                    };
+                    this.UserId = userAttr.UserId;
+                    this.FullName = userAttr.FullName;
+                    this.IDNo = userAttr.IDNo;
+                    this.Email = userAttr.Email;
+                    this.ContactNo = userAttr.ContactNo;
+                    this.Password = userAttr.Password;
+                    this.Status = userAttr.Status;
+                    this.DefaultPasswordChangedYN = userAttr.DefaultPasswordChangedYN;
+                    this.FirstLoginAt = userAttr.FirstLoginAt;
+                    this.LastLoginAt = userAttr.LastLoginAt;
+                    this.MFAEnabled = userAttr.MFAEnabled;
+                    this.MFAConfig = userAttr.MFAConfig;
+                    this.RecoveryEmail = userAttr.RecoveryEmail;
+                    this.FailedLoginAttemptCount = userAttr.FailedLoginAttemptCount;
+                    this.LastFailedLoginAt = userAttr.LastFailedLoginAt;
+                    this.LastPasswordChangedAt = userAttr.LastPasswordChangedAt;
+                    this.NeedToChangePasswordYN = userAttr.NeedToChangePasswordYN;
+                    this.CreatedById = userAttr.CreatedById;
+                    this.CreatedAt = userAttr.CreatedAt;
+                    this.UpdatedById = userAttr.UpdatedById;
+                    this.UpdatedAt = userAttr.UpdatedAt;
+                    this.staffs = userAttr.staffs;
+                }
+                else {
+                    throw new general_1.ClassError('User', 'UserErrMsg0X', 'Invalid Credentials');
+                }
+            }
+            if (this.ObjectId && this.Email !== email) {
+                throw new Error('Invalid credentials.');
+            }
+            const check2FA = await User.check2FA(this, dbTransaction);
+            try {
+                const system = await User._SystemRepository.findOne({
+                    where: {
+                        SystemCode: systemCode,
+                        Status: 'Active',
+                    },
+                });
+                if (!system) {
+                    throw new Error('Invalid credentials.');
+                }
+                const passwordHashService = new password_hash_service_1.PasswordHashService();
+                const isPasswordValid = await passwordHashService.verify(password, this.Password);
+                if (!isPasswordValid) {
+                    throw new Error('Invalid credentials.');
+                }
+                await this.checkSystemAccess(this.UserId, system.SystemCode, dbTransaction);
+                if (this.Status === enum_1.UserStatus.LOCKED) {
+                    const isReleaseLock = User.shouldReleaseLock(this.LastFailedLoginAt);
+                    if (isReleaseLock) {
+                        await User.releaseLock(this.UserId, dbTransaction);
+                        this.Status = enum_1.UserStatus.ACTIVE;
+                    }
+                    else {
+                        throw new Error('Invalid credentials.');
+                    }
+                }
+            }
+            catch (error) {
+                await this.incrementFailedLoginAttemptCount(dbTransaction);
+            }
+            const system = await User._SystemRepository.findOne({
+                where: {
+                    SystemCode: systemCode,
+                },
+            });
+            await this.alertNewLogin(this.ObjectId, system.SystemCode, ipAddress);
+            this.FailedLoginAttemptCount = 0;
+            this.LastLoginAt = new Date();
+            if (!this.FirstLoginAt) {
+                this.FirstLoginAt = new Date();
+            }
+            await User._Repository.update({
+                FullName: this.FullName,
+                UserName: this.UserName,
+                IDNo: this.IDNo,
+                Email: this.Email,
+                ContactNo: this.ContactNo,
+                Password: this.Password,
+                Status: this.Status,
+                DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+                FirstLoginAt: this.FirstLoginAt,
+                LastLoginAt: this.LastLoginAt,
+                MFAEnabled: this.MFAEnabled,
+                MFAConfig: this.MFAConfig,
+                RecoveryEmail: this.RecoveryEmail,
+                FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+                LastFailedLoginAt: this.LastFailedLoginAt,
+                LastPasswordChangedAt: this.LastPasswordChangedAt,
+                NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+            }, {
+                where: {
+                    UserId: this.UserId,
+                },
+                transaction: dbTransaction,
+            });
+            const userSession = await this._SessionService.retrieveUserSession(this.ObjectId);
+            const systemLogin = userSession.systemLogins.find((system) => system.code === systemCode);
+            const sessionId = (0, crypto_1.randomUUID)();
+            if (systemLogin) {
+                const privileges = await this.getPrivileges(system.SystemCode, dbTransaction);
+                systemLogin.sessionId = sessionId;
+                systemLogin.privileges = privileges;
+                userSession.systemLogins.map((system) => system.code === systemCode ? systemLogin : system);
+            }
+            else {
+                const newLogin = {
+                    id: system.SystemCode,
+                    code: system.SystemCode,
+                    sessionId: sessionId,
+                    privileges: await this.getPrivileges(system.SystemCode, dbTransaction),
+                };
+                userSession.systemLogins.push(newLogin);
+            }
+            this._SessionService.setUserSession(this.ObjectId, userSession);
+            await User._LoginHistoryRepository.create({
+                UserId: this.UserId,
+                SystemCode: system.SystemCode,
+                OriginIp: ipAddress,
+                CreatedAt: new Date(),
+                LoginStatus: login_status_enum_1.LoginStatusEnum.SUCCESS,
+            }, {
+                transaction: dbTransaction,
+            });
+            const is2FAEnabledYN = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'is2FAEnabledYN');
+            const loginUser = await login_user_1.LoginUser.init(this.SessionService, this.UserId, dbTransaction);
+            if (is2FAEnabledYN === 'Y') {
+                loginUser.session.Id = `${this.UserId}:`;
+            }
+            else {
+                loginUser.session.Id = `${this.UserId}:${sessionId}`;
+            }
+            return loginUser;
+        }
+        catch (error) {
+            if (this.ObjectId) {
+                await User._LoginHistoryRepository.create({
+                    UserId: this.UserId,
+                    SystemCode: systemCode,
+                    OriginIp: ipAddress,
+                    LoginStatus: login_status_enum_1.LoginStatusEnum.FAILURE,
+                    CreatedAt: new Date(),
+                }, {
+                    transaction: dbTransaction,
+                });
+            }
+            throw error;
+        }
+    }
+    async checkSystemAccess(userId, systemCode, dbTransaction) {
+        try {
+            let isUserHaveAccess = false;
+            const systemAccess = await User._UserSystemAccessRepo.findOne({
+                where: {
+                    UserId: userId,
+                    SystemCode: systemCode,
+                    Status: 'Active',
+                },
+                dbTransaction,
+            });
+            if (systemAccess) {
+                isUserHaveAccess = true;
+            }
+            else {
+                const userGroups = await User._UserGroupRepo.findAll({
+                    where: {
+                        UserId: userId,
+                        InheritGroupAccessYN: 'Y',
+                        Status: 'Active',
+                    },
+                    include: [
+                        {
+                            model: group_entity_1.default,
+                        },
+                    ],
+                    dbTransaction,
+                });
+                for (const usergroup of userGroups) {
+                    const group = usergroup.Group;
+                    const groupSystemAccess = await User.getInheritedSystemAccess(dbTransaction, group);
+                    for (const system of groupSystemAccess) {
+                        if (system.SystemCode === systemCode) {
+                            isUserHaveAccess = true;
+                            break;
+                        }
+                    }
+                }
+            }
+            if (!isUserHaveAccess) {
+                throw new Error("User don't have access to the system.");
+            }
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async checkPrivileges(systemCode, privilegeName) {
+        try {
+            if (!this.ObjectId) {
+                throw new Error('ObjectId(UserId) is not set');
+            }
+            const userSession = await this._SessionService.retrieveUserSession(this.ObjectId);
+            const systemLogin = userSession.systemLogins.find((system) => system.code === systemCode);
+            if (!systemLogin) {
+                return false;
+            }
+            const privileges = systemLogin.privileges;
+            const hasPrivilege = privileges.includes(privilegeName);
+            return hasPrivilege;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async alertNewLogin(userId, systemCode, ipAddress) {
+        try {
+            const userLogins = await User._LoginHistoryRepository.findAll({
+                where: {
+                    UserId: userId,
+                    SystemCode: systemCode,
+                },
+            });
+            const gotPreviousLogins = userLogins?.length !== 0;
+            let ipFound = undefined;
+            if (gotPreviousLogins) {
+                ipFound = userLogins.find((item) => item.OriginIp === ipAddress);
+            }
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async getPrivileges(systemCode, dbTransaction) {
+        try {
+            const system = await User._SystemRepository.findOne({
+                where: {
+                    SystemCode: systemCode,
+                },
+                transaction: dbTransaction,
+            });
+            if (!system) {
+                throw new Error('Invalid system code.');
+            }
+            const userPrivileges = await this.getUserPersonalPrivileges(systemCode, dbTransaction);
+            const objectPrivileges = await this.getObjectPrivileges(systemCode, dbTransaction);
+            const userGroupOwnByUser = await User._UserGroupRepo.findAll({
+                where: {
+                    UserId: this.UserId,
+                    InheritGroupSystemAccessYN: 'Y',
+                    InheritGroupPrivilegeYN: 'Y',
+                    Status: 'Active',
+                },
+                include: [
+                    {
+                        model: group_entity_1.default,
+                        where: {
+                            Status: 'Active',
+                        },
+                        include: [
+                            {
+                                model: group_system_access_entity_1.default,
+                                where: {
+                                    SystemCode: systemCode,
+                                },
+                            },
+                        ],
+                    },
+                ],
+                transaction: dbTransaction,
+            });
+            let groupsPrivileges = [];
+            for (const userGroup of userGroupOwnByUser) {
+                const gp = await this.getInheritedPrivileges(userGroup.GroupCode, systemCode, dbTransaction);
+                groupsPrivileges = [...groupsPrivileges, ...gp];
+            }
+            const privileges = [
+                ...userPrivileges,
+                ...objectPrivileges,
+                ...groupsPrivileges,
+            ];
+            return privileges;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async getInheritedPrivileges(groupCode, systemCode, dbTransaction) {
+        try {
+            const group = await User._GroupRepo.findOne({
+                where: {
+                    GroupCode: groupCode,
+                    Status: 'Active',
+                },
+                include: [
+                    {
+                        model: group_privilege_entity_1.default,
+                        where: {
+                            Status: 'Active',
+                        },
+                        include: [
+                            {
+                                model: system_privilege_entity_1.default,
+                                where: {
+                                    SystemCode: systemCode,
+                                    Status: 'Active',
+                                },
+                            },
+                        ],
+                    },
+                ],
+                transaction: dbTransaction,
+            });
+            const objectPrivileges = await User._GroupObjectPrivilegeRepo.findAll({
+                where: {
+                    GroupCode: groupCode,
+                },
+                include: {
+                    model: system_privilege_entity_1.default,
+                    where: {
+                        SystemCode: systemCode,
+                        Status: 'Active',
+                    },
+                },
+                transaction: dbTransaction,
+            });
+            const gp = group?.GroupPrivileges || [];
+            const op = objectPrivileges || [];
+            let privileges = [];
+            const groupPrivileges = [];
+            for (const groupPrivilege of gp) {
+                groupPrivileges.push(groupPrivilege.Privilege.PrivilegeCode);
+            }
+            const ops = [];
+            for (const objectPrivilege of op) {
+                ops.push(objectPrivilege.Privilege.PrivilegeCode);
+            }
+            privileges = [...privileges, ...groupPrivileges, ...ops];
+            if (group?.ParentGroupCode && group?.InheritParentPrivilegeYN === 'Y') {
+                const parentGroupPrivileges = await this.getInheritedPrivileges(group.ParentGroupCode, systemCode, dbTransaction);
+                privileges = [...privileges, ...parentGroupPrivileges];
+            }
+            return privileges;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async getUserPersonalPrivileges(systemCode, dbTransaction) {
+        try {
+            const userPrivileges = (await User._UserPrivilegeRepo.findAll({
+                where: {
+                    UserId: this.UserId,
+                    Status: 'Active',
+                },
+                include: {
+                    model: system_privilege_entity_1.default,
+                    where: {
+                        SystemCode: systemCode,
+                        Status: 'Active',
+                    },
+                },
+                transaction: dbTransaction,
+            })) || [];
+            const privileges = userPrivileges.map((u) => u.Privilege.PrivilegeCode);
+            return privileges;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async getObjectPrivileges(systemCode, dbTransaction) {
+        try {
+            const userObjectPrivileges = (await User._UserObjectPrivilegeRepo.findAll({
+                where: {
+                    UserId: this.UserId,
+                },
+                include: {
+                    model: system_privilege_entity_1.default,
+                    where: {
+                        SystemCode: systemCode,
+                        Status: 'Active',
+                    },
+                },
+                transaction: dbTransaction,
+            })) || [];
+            const privilegesCodes = userObjectPrivileges.map((u) => u.Privilege.PrivilegeCode);
+            return privilegesCodes;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    static async checkUserInfoDuplicated(dbTransaction, query) {
+        try {
+            const { Email, UserName, IdType, IdNo, ContactNo } = query;
+            const where = {
+                [sequelize_1.Op.or]: {},
+            };
+            if (Email) {
+                where[sequelize_1.Op.or]['Email'] = Email;
+            }
+            if (UserName) {
+                where[sequelize_1.Op.or]['UserName'] = UserName;
+            }
+            if (IdType && IdNo) {
+                where[sequelize_1.Op.and] = [{ IdType: IdType }, { IdNo: IdNo }];
+            }
+            if (ContactNo) {
+                where[sequelize_1.Op.or]['ContactNo'] = ContactNo;
+            }
+            const user = await User._Repository.findAll({
+                where,
+                transaction: dbTransaction,
+            });
+            if (user && user.length > 0) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'User info already exists');
+            }
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    static generateDefaultPassword() {
+        try {
+            const passwordPolicy = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'passwordPolicy');
+            if (!passwordPolicy ||
+                !passwordPolicy.maxLen ||
+                !passwordPolicy.minLen ||
+                !passwordPolicy.nonAcceptableChar ||
+                !passwordPolicy.numOfCapitalLetters ||
+                !passwordPolicy.numOfNumbers ||
+                !passwordPolicy.numOfSpecialChars) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing password policy. Please set in config file.');
+            }
+            if (passwordPolicy.numOfCapitalLetters +
+                passwordPolicy.numOfNumbers +
+                passwordPolicy.numOfSpecialChars >
+                passwordPolicy.maxLen) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Password policy is invalid. Please set in config file.');
+            }
+            const { maxLen, minLen, nonAcceptableChar, numOfCapitalLetters, numOfNumbers, numOfSpecialChars, } = passwordPolicy;
+            const passwordLength = Math.floor(Math.random() * (maxLen - minLen + 1)) + minLen;
+            const words = 'abcdefghijklmnopqrstuvwxyz';
+            const capitalLetters = words.toUpperCase();
+            const numbers = '0123456789';
+            const specialChars = '!@#$%^&*()_+-={}[]|:;"<>,.?/~`';
+            const nonAcceptableChars = nonAcceptableChar.split(',');
+            const filteredWords = words
+                .split('')
+                .filter((word) => !nonAcceptableChars.includes(word));
+            const filteredCapitalLetters = capitalLetters
+                .split('')
+                .filter((word) => !nonAcceptableChars.includes(word));
+            const filteredNumbers = numbers
+                .split('')
+                .filter((word) => !nonAcceptableChars.includes(word));
+            const filteredSpecialChars = specialChars
+                .split('')
+                .filter((word) => !nonAcceptableChars.includes(word));
+            const generatedCapitalLetters = [];
+            const generatedNumbers = [];
+            const generatedSpecialChars = [];
+            const generatedWords = [];
+            for (let i = 0; i < numOfCapitalLetters; i++) {
+                const randomIndex = Math.floor(Math.random() * filteredCapitalLetters.length);
+                generatedCapitalLetters.push(filteredCapitalLetters[randomIndex]);
+            }
+            for (let i = 0; i < numOfNumbers; i++) {
+                const randomIndex = Math.floor(Math.random() * filteredNumbers.length);
+                generatedNumbers.push(filteredNumbers[randomIndex]);
+            }
+            for (let i = 0; i < numOfSpecialChars; i++) {
+                const randomIndex = Math.floor(Math.random() * filteredSpecialChars.length);
+                generatedSpecialChars.push(filteredSpecialChars[randomIndex]);
+            }
+            for (let i = 0; i <
+                passwordLength -
+                    (numOfCapitalLetters + numOfNumbers + numOfSpecialChars); i++) {
+                const randomIndex = Math.floor(Math.random() * filteredWords.length);
+                generatedWords.push(filteredWords[randomIndex]);
+            }
+            let generatedPassword = '';
+            const allGeneratedChars = generatedCapitalLetters.concat(generatedNumbers, generatedSpecialChars, generatedWords);
+            allGeneratedChars.sort(() => Math.random() - 0.5);
+            generatedPassword = allGeneratedChars.join('');
+            return generatedPassword;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    static async setPassword(dbTransaction, user, password) {
+        try {
+            const passwordPolicy = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'passwordPolicy');
+            if (!passwordPolicy ||
+                !passwordPolicy.maxLen ||
+                !passwordPolicy.minLen ||
+                !passwordPolicy.nonAcceptableChar ||
+                !passwordPolicy.numOfCapitalLetters ||
+                !passwordPolicy.numOfNumbers ||
+                !passwordPolicy.numOfSpecialChars) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing password policy. Please set in config file.');
+            }
+            try {
+                if (password.length < passwordPolicy.minLen) {
+                    throw Error('Password is too short');
+                }
+                if (password.length > passwordPolicy.maxLen) {
+                    throw Error('Password is too long');
+                }
+                const nonAcceptableChars = passwordPolicy.nonAcceptableChar.split(',');
+                const nonAcceptableCharsFound = nonAcceptableChars.some((char) => password.includes(char));
+                if (nonAcceptableCharsFound) {
+                    throw Error('Password contains unacceptable characters');
+                }
+                const capitalLetters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+                const numOfCapitalLetters = passwordPolicy.numOfCapitalLetters;
+                const capitalLettersFound = capitalLetters
+                    .split('')
+                    .filter((char) => password.includes(char)).length;
+                if (capitalLettersFound < numOfCapitalLetters) {
+                    throw Error('Password does not contain enough capital letters');
+                }
+                const numbers = '0123456789';
+                const numOfNumbers = passwordPolicy.numOfNumbers;
+                const numbersFound = numbers
+                    .split('')
+                    .filter((char) => password.includes(char)).length;
+                if (numbersFound < numOfNumbers) {
+                    throw Error('Password does not contain enough numbers');
+                }
+                const specialChars = '!@#$%^&*()_+-={}[]|:;"<>,.?/~`';
+                const numOfSpecialChars = passwordPolicy.numOfSpecialChars;
+                const specialCharsFound = specialChars
+                    .split('')
+                    .filter((char) => password.includes(char)).length;
+                if (specialCharsFound < numOfSpecialChars) {
+                    throw Error('Password does not contain enough special characters');
+                }
+            }
+            catch (error) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', "Your password doesn't meet security requirements. Try using a mix of uppercase and lowercase letters, numbers, and symbols.");
+            }
+            const passwordHashService = new password_hash_service_1.PasswordHashService();
+            const hashedPassword = await passwordHashService.hashPassword(password);
+            user._Password = hashedPassword;
+            return user;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async generateAuthorizationToken() {
+        const plaintextToken = (0, crypto_1.randomBytes)(32).toString('hex');
+        const hashedToken = (0, crypto_1.createHash)('sha256')
+            .update(plaintextToken)
+            .digest('hex');
+        this._SessionService.setAuthorizationCode(hashedToken, this.ObjectId, 60 * 60 * 24);
+        return { plaintextToken, hashedToken };
+    }
+    async validateAuthorizationToken(autorizationToken) {
+        try {
+            const hashedSubmittedToken = (0, crypto_1.createHash)('sha256')
+                .update(autorizationToken)
+                .digest('hex');
+            const userId = await this._SessionService.retrieveAuthorizationCode(hashedSubmittedToken);
+            if (!userId) {
+                return null;
+            }
+            await this._SessionService.deleteAuthorizationCode(hashedSubmittedToken);
+            return userId;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    static async resetPassword(sessionService, autorizationToken, password, dbTransaction) {
+        try {
+            const hashedSubmittedToken = (0, crypto_1.createHash)('sha256')
+                .update(autorizationToken)
+                .digest('hex');
+            const userId = await sessionService.retrieveAuthorizationCode(hashedSubmittedToken);
+            if (!userId) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid token', 'setupFirstPassword', 401);
+            }
+            await sessionService.deleteAuthorizationCode(hashedSubmittedToken);
+            console.log(`Token verified for user: ${userId}`);
+            const user = await User.init(sessionService, parseInt(userId), dbTransaction);
+            await User.setPassword(dbTransaction, user, password);
+            await User._Repository.update({
+                Password: user._Password,
+                DefaultPasswordChangedYN: yn_enum_1.YN.Yes,
+                NeedToChangePasswordYN: yn_enum_1.YN.No,
+            }, {
+                where: {
+                    UserId: user.UserId,
+                },
+                transaction: dbTransaction,
+            });
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    static async create(loginUser, dbTransaction, user) {
+        try {
+            const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+            const isPrivileged = await loginUser.checkPrivileges(systemCode, 'User - Create');
+            if (!isPrivileged) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have the privilege to create user');
+            }
+            if (!user.Email && !user.UserName) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Email and Username is required');
+            }
+            await User.checkUserInfoDuplicated(dbTransaction, {
+                Email: user.Email,
+                UserName: user.UserName,
+                IdType: user.IDType,
+                IdNo: user.IDNo,
+                ContactNo: user.ContactNo,
+            });
+            const defaultPassword = User.generateDefaultPassword();
+            user = await User.setPassword(dbTransaction, user, defaultPassword);
+            const userInfo = {
+                UserName: user.UserName,
+                FullName: user.FullName,
+                IDNo: user.IDNo,
+                IDType: user.IDType,
+                Email: user.Email,
+                ContactNo: user.ContactNo,
+                Password: user.Password,
+                Status: enum_1.UserStatus.ACTIVE,
+                FirstLoginAt: null,
+                LastLoginAt: null,
+                MFAEnabled: null,
+                MFAConfig: null,
+                RecoveryEmail: null,
+                FailedLoginAttemptCount: 0,
+                LastFailedLoginAt: null,
+                LastPasswordChangedAt: null,
+                DefaultPasswordChangedYN: yn_enum_1.YN.No,
+                NeedToChangePasswordYN: yn_enum_1.YN.Yes,
+                CreatedById: loginUser.UserId,
+                CreatedAt: new Date(),
+                UpdatedById: loginUser.UserId,
+                UpdatedAt: new Date(),
+                UserId: null,
+            };
+            const newUser = await User._Repository.create({
+                Email: userInfo.Email,
+                UserName: userInfo.UserName,
+                FullName: userInfo.FullName,
+                IdNo: userInfo.IDNo,
+                IdType: userInfo.IDType,
+                Password: userInfo.Password,
+                Status: userInfo.Status,
+                DefaultPasswordChangedYN: userInfo.DefaultPasswordChangedYN,
+                FirstLoginAt: userInfo.FirstLoginAt,
+                LastLoginAt: userInfo.LastLoginAt,
+                MFAEnabled: userInfo.MFAEnabled,
+                MFAConfig: userInfo.MFAConfig,
+                RecoveryEmail: userInfo.RecoveryEmail,
+                FailedLoginAttemptCount: userInfo.FailedLoginAttemptCount,
+                LastFailedLoginAt: userInfo.LastFailedLoginAt,
+                LastPasswordChangedAt: userInfo.LastPasswordChangedAt,
+                NeedToChangePasswordYN: userInfo.NeedToChangePasswordYN,
+                CreatedById: userInfo.CreatedById,
+                CreatedAt: userInfo.CreatedAt,
+                UpdatedById: userInfo.UpdatedById,
+                UpdatedAt: userInfo.UpdatedAt,
+            }, {
+                transaction: dbTransaction,
+            });
+            userInfo.UserId = newUser.UserId;
+            const userToBeCreated = new User(loginUser.SessionService, dbTransaction, userInfo);
+            const activity = new activity_history_1.Activity();
+            activity.ActivityId = activity.createId();
+            activity.Action = activity_history_1.ActionEnum.CREATE;
+            activity.Description = 'Create User';
+            activity.EntityType = 'LoginUser';
+            activity.EntityId = newUser.UserId.toString();
+            activity.EntityValueBefore = JSON.stringify({});
+            activity.EntityValueAfter = JSON.stringify(newUser.get({ plain: true }));
+            await activity.create(loginUser.ObjectId, dbTransaction);
+            return userToBeCreated;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async incrementFailedLoginAttemptCount(dbTransaction) {
+        const maxFailedLoginAttempts = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'maxFailedLoginAttempts');
+        const autoReleaseYN = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'autoReleaseYN');
+        if (!maxFailedLoginAttempts || !autoReleaseYN) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing maxFailedLoginAttempts and or autoReleaseYN. Please set in config file.');
+        }
+        const FailedLoginAttemptCount = this.FailedLoginAttemptCount + 1;
+        const LastFailedLoginAt = new Date();
+        if (FailedLoginAttemptCount > maxFailedLoginAttempts) {
+            this.Status = enum_1.UserStatus.LOCKED;
+        }
+        await User._Repository.update({
+            FailedLoginAttemptCount: FailedLoginAttemptCount,
+            LastFailedLoginAt: LastFailedLoginAt,
+            Status: this.Status,
+        }, {
+            where: {
+                UserId: this.UserId,
+            },
+            transaction: dbTransaction,
+        });
+        if (this.Status === enum_1.UserStatus.LOCKED && autoReleaseYN === 'Y') {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been temporarily locked due to too many failed login attempts, please try again later.');
+        }
+        if (this.Status === enum_1.UserStatus.LOCKED && autoReleaseYN === 'N') {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account');
+        }
+    }
+    static shouldReleaseLock(LastFailedLoginAt) {
+        const minuteToAutoRelease = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'minuteToAutoRelease');
+        const autoReleaseYN = config_1.ComponentConfig.getComponentConfigValue('@tomei/sso', 'autoReleaseYN');
+        if (!minuteToAutoRelease || !autoReleaseYN) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Missing minuteToAutoRelease and or autoReleaseYN. Please set in config file.');
+        }
+        if (autoReleaseYN === 'Y') {
+            const lastFailedDate = new Date(LastFailedLoginAt);
+            const currentDate = new Date();
+            const timeDifferenceInMillis = currentDate.getTime() - lastFailedDate.getTime();
+            const timeDifferenceInMinutes = timeDifferenceInMillis / (1000 * 60);
+            if (timeDifferenceInMinutes > +minuteToAutoRelease) {
+                return true;
+            }
+            else {
+                return false;
+            }
+        }
+        else if (autoReleaseYN === 'N') {
+            return false;
+        }
+    }
+    static releaseLock(UserId, dbTransaction) {
+        this._Repository.update({
+            FailedLoginAttemptCount: 0,
+            Status: enum_1.UserStatus.ACTIVE,
+        }, {
+            where: {
+                UserId: UserId,
+            },
+            transaction: dbTransaction,
+        });
+    }
+    static async getGroups(loginUser, dbTransaction) {
+        const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+        const isPrivileged = await loginUser.checkPrivileges(systemCode, 'UserGroup - List Own');
+        if (!isPrivileged) {
+            throw new Error('You do not have permission to list UserGroup.');
+        }
+        const userGroups = await User._UserGroupRepo.findAll({
+            where: {
+                UserId: loginUser.ObjectId,
+                Status: 'Active',
+            },
+            include: [{ model: user_entity_1.default, as: 'User' }, { model: group_entity_1.default }],
+            transaction: dbTransaction,
+        });
+        return userGroups;
+    }
+    static async getInheritedSystemAccess(dbTransaction, group) {
+        const dataSystemAccesses = await User._GroupSystemAccessRepo.findAll({
+            where: {
+                GroupCode: group.GroupCode,
+                Status: 'Active',
+            },
+            include: [{ model: system_entity_1.default }],
+            transaction: dbTransaction,
+        });
+        let systemAccesses = dataSystemAccesses;
+        if (group.InheritParentPrivilegeYN === 'Y' && group.ParentGroupCode) {
+            const GroupCode = group.ParentGroupCode;
+            const parentGroup = await User._GroupRepo.findByPk(GroupCode, dbTransaction);
+            const dataParentSystemAccesses = await User.getInheritedSystemAccess(dbTransaction, parentGroup);
+            const parentSystemAccesses = dataParentSystemAccesses;
+            systemAccesses = systemAccesses.concat(parentSystemAccesses);
+        }
+        return systemAccesses;
+    }
+    static async combineSystemAccess(loginUser, dbTransaction, groups) {
+        const userAccess = await User._UserSystemAccessRepo.findAll({
+            where: {
+                UserId: loginUser.ObjectId,
+                Status: 'Active',
+            },
+            include: [{ model: system_entity_1.default }],
+            transaction: dbTransaction,
+        });
+        const groupAccessPromises = groups.map(async (e) => {
+            if (e.InheritParentSystemAccessYN) {
+                return await this.getInheritedSystemAccess(dbTransaction, e);
+            }
+            else {
+                return [];
+            }
+        });
+        const groupAccess = (await Promise.all(groupAccessPromises)).flat();
+        const allAccess = userAccess.concat(groupAccess);
+        const uniqueAccess = new Set(allAccess.filter((value, index, self) => {
+            return self.some((prev) => prev.SystemCode === value.SystemCode);
+        }));
+        return Array.from(uniqueAccess);
+    }
+    static async getSystems(loginUser, dbTransaction) {
+        const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+        const isPrivileged = await loginUser.checkPrivileges(systemCode, 'System – List Own');
+        if (!isPrivileged) {
+            throw new Error('You do not have permission to list UserGroup.');
+        }
+        const groups = await User.getGroups(loginUser, dbTransaction);
+        const systemAccess = await User.combineSystemAccess(loginUser, dbTransaction, groups);
+        const output = [];
+        if (systemAccess) {
+            for (let i = 0; i < systemAccess.length; i++) {
+                const system = await User._SystemRepository.findOne({
+                    where: {
+                        SystemCode: systemAccess[i].SystemCode,
+                        Status: 'Active',
+                    },
+                });
+                output.push({
+                    UserSystemAccessId: systemAccess[i].UserSystemAccessId,
+                    UserId: systemAccess[i].UserId,
+                    SystemCode: systemAccess[i].SystemCode,
+                    Status: systemAccess[i].Status,
+                    CreatedById: systemAccess[i].CreatedById,
+                    UpdatedById: systemAccess[i].UpdatedById,
+                    CreatedAt: systemAccess[i].CreatedAt,
+                    UpdatedAt: systemAccess[i].UpdatedAt,
+                    System: system,
+                });
+            }
+        }
+        return output;
+    }
+    static async check2FA(loginUser, dbTransaction) {
+        try {
+            const user = await User._Repository.findOne({
+                where: {
+                    UserId: loginUser.UserId,
+                },
+                transaction: dbTransaction,
+            });
+            if (user.MFAEnabled === 1) {
+                return true;
+            }
+            return false;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    static async setup2FA(userId, dbTransaction) {
+        const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+        const user = await User._Repository.findOne({
+            where: {
+                UserId: userId,
+            },
+        });
+        if (!user) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Credentials');
+        }
+        const secretCode = speakeasy.generateSecret({ name: 'Tomei SSO' });
+        let userMFAConfig = null;
+        if (user?.MFAConfig !== null && typeof user?.MFAConfig === 'string') {
+            try {
+                userMFAConfig = JSON.parse(user?.MFAConfig);
+            }
+            catch (error) {
+                console.error('Invalid JSON string on MFAConfig:', error);
+            }
+        }
+        const MFAConfig = {
+            totp: {
+                enabled: true,
+                secret: secretCode.base32,
+                issuer: systemCode,
+            },
+            sms: {
+                enabled: userMFAConfig?.sms?.enable || false,
+                phoneNumber: userMFAConfig?.sms?.phoneNumber || '',
+            },
+            email: {
+                enabled: userMFAConfig?.email?.enable || false,
+                emailAddress: userMFAConfig?.email?.emailAddress || '',
+            },
+        };
+        user.MFAEnabled = 0;
+        user.MFAConfig = JSON.stringify(MFAConfig);
+        await User._Repository.update({
+            MFAEnabled: user.MFAEnabled,
+            MFAConfig: user.MFAConfig,
+        }, {
+            where: {
+                UserId: userId,
+            },
+            transaction: dbTransaction,
+        });
+        return secretCode.otpauth_url;
+    }
+    async verify2FASetup(userId, mfaToken, systemCode, dbTransaction) {
+        const user = await User._Repository.findOne({
+            where: {
+                UserId: userId,
+            },
+        });
+        if (!user) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Credentials');
+        }
+        let userMFAConfig = null;
+        if (user?.MFAConfig !== null && typeof user?.MFAConfig === 'string') {
+            try {
+                userMFAConfig = JSON.parse(user?.MFAConfig);
+            }
+            catch (error) {
+                console.error('Invalid JSON string on MFAConfig:', error);
+            }
+        }
+        const isVerified = await speakeasy.totp.verify({
+            secret: userMFAConfig.totp.secret,
+            encoding: 'base32',
+            token: mfaToken,
+        });
+        if (!isVerified) {
+            return false;
+        }
+        user.MFAEnabled = 1;
+        await user.save({ transaction: dbTransaction });
+        const userSession = await this._SessionService.retrieveUserSession(`${userId}`);
+        if (!systemCode) {
+            systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+        }
+        const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
+        return `${userId}:${systemLogin.sessionId}`;
+    }
+    async verify2FACode(userId, mfaToken, systemCode, dbTransaction) {
+        const user = await User._Repository.findOne({
+            where: {
+                UserId: userId,
+            },
+            transaction: dbTransaction,
+        });
+        if (!user) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Credentials');
+        }
+        let userMFAConfig = null;
+        if (user?.MFAConfig !== null && typeof user?.MFAConfig === 'string') {
+            try {
+                userMFAConfig = JSON.parse(user?.MFAConfig);
+            }
+            catch (error) {
+                console.error('Invalid JSON string on MFAConfig:', error);
+            }
+        }
+        const isVerified = await speakeasy.totp.verify({
+            secret: userMFAConfig.totp.secret,
+            encoding: 'base32',
+            token: mfaToken,
+        });
+        if (!isVerified) {
+            return false;
+        }
+        const userSession = await this._SessionService.retrieveUserSession(`${userId}`);
+        if (!systemCode) {
+            systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+        }
+        const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
+        return `${userId}:${systemLogin.sessionId}`;
+    }
+    async bypass2FA(systemCode, dbTransaction) {
+        try {
+            const user = await User._Repository.findOne({
+                where: {
+                    UserId: this.UserId,
+                },
+                transaction: dbTransaction,
+            });
+            if (user.MFAEnabled === 1) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Cannot bypass 2FA as it is enabled');
+            }
+            const userSession = await this._SessionService.retrieveUserSession(`${this.UserId}`);
+            if (!systemCode) {
+                systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+            }
+            const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
+            return `${this.UserId}:${systemLogin.sessionId}`;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async addUserGroup(GroupCode, loginUser, dbTransaction) {
+        const group = await User._GroupRepo.findOne({
+            where: {
+                GroupCode,
+            },
+            transaction: dbTransaction,
+        });
+        if (!group) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Group Code');
+        }
+        const entityValueAfter = {
+            UserId: this.UserId,
+            GroupCode: group.GroupCode,
+            CreatedAt: new Date(),
+            CreatedById: loginUser.UserId,
+            UpdatedAt: new Date(),
+            UpdatedById: loginUser.UserId,
+        };
+        await User._UserGroupRepo.create(entityValueAfter, {
+            transaction: dbTransaction,
+        });
+        const activity = new activity_history_1.Activity();
+        activity.ActivityId = activity.createId();
+        activity.Action = activity_history_1.ActionEnum.CREATE;
+        activity.Description = 'Add User Group';
+        activity.EntityType = 'UserGroup';
+        activity.EntityId = group.GroupCode;
+        activity.EntityValueBefore = JSON.stringify({});
+        activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+        await activity.create(loginUser.ObjectId, dbTransaction);
+    }
+    async update(data, loginUser, dbTransaction) {
+        const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+        const isPrivileged = await loginUser.checkPrivileges(systemCode, 'User - Update');
+        if (!isPrivileged) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have the privilege to update user');
+        }
+        if (!this.UserId) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'UserId is required');
+        }
+        if (data.Email !== this.Email) {
+            await User.checkUserInfoDuplicated(dbTransaction, {
+                UserName: data.UserName,
+            });
+        }
+        if (data.UserName !== this.UserName) {
+            await User.checkUserInfoDuplicated(dbTransaction, {
+                UserName: data.UserName,
+            });
+        }
+        if (data.BuildingCode) {
+            const building = await group_entity_1.default.findOne({
+                where: {
+                    Type: 'Building',
+                    GroupCode: data.BuildingCode,
+                },
+                transaction: dbTransaction,
+            });
+            if (!building) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Building Code');
+            }
+            const userBuilding = await User._UserGroupRepo.findOne({
+                where: {
+                    UserId: this.UserId,
+                },
+                include: [
+                    {
+                        model: group_entity_1.default,
+                        where: {
+                            Type: 'Building',
+                        },
+                    },
+                ],
+                transaction: dbTransaction,
+            });
+            if (userBuilding) {
+                await User._UserGroupRepo.update({
+                    GroupCode: data.BuildingCode,
+                    UpdatedAt: new Date(),
+                    UpdatedById: loginUser.UserId,
+                }, {
+                    where: {
+                        UserId: this.UserId,
+                        GroupCode: userBuilding.GroupCode,
+                    },
+                    transaction: dbTransaction,
+                });
+            }
+            else {
+                await User._UserGroupRepo.create({
+                    UserId: this.UserId,
+                    GroupCode: data.BuildingCode,
+                    CreatedAt: new Date(),
+                    CreatedById: loginUser.UserId,
+                    UpdatedAt: new Date(),
+                    UpdatedById: loginUser.UserId,
+                }, {
+                    transaction: dbTransaction,
+                });
+            }
+        }
+        if (data.CompanyCode) {
+            const company = await group_entity_1.default.findOne({
+                where: {
+                    Type: 'Company',
+                    GroupCode: data.CompanyCode,
+                },
+                transaction: dbTransaction,
+            });
+            if (!company) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Company Code');
+            }
+            const userCompany = await User._UserGroupRepo.findOne({
+                where: {
+                    UserId: this.UserId,
+                },
+                include: [
+                    {
+                        model: group_entity_1.default,
+                        where: {
+                            Type: 'Company',
+                        },
+                    },
+                ],
+                transaction: dbTransaction,
+            });
+            if (userCompany) {
+                await User._UserGroupRepo.update({
+                    GroupCode: data.CompanyCode,
+                    UpdatedAt: new Date(),
+                    UpdatedById: loginUser.UserId,
+                }, {
+                    where: {
+                        UserId: this.UserId,
+                        GroupCode: userCompany.GroupCode,
+                    },
+                    transaction: dbTransaction,
+                });
+            }
+            else {
+                await User._UserGroupRepo.create({
+                    UserId: this.UserId,
+                    GroupCode: data.CompanyCode,
+                    CreatedAt: new Date(),
+                    CreatedById: loginUser.UserId,
+                    UpdatedAt: new Date(),
+                    UpdatedById: loginUser.UserId,
+                }, {
+                    transaction: dbTransaction,
+                });
+            }
+        }
+        if (data.DepartmentCode) {
+            const department = await group_entity_1.default.findOne({
+                where: {
+                    Type: 'Department',
+                    GroupCode: data.DepartmentCode,
+                },
+                transaction: dbTransaction,
+            });
+            if (!department) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid Department Code');
+            }
+            const userDepartment = await User._UserGroupRepo.findOne({
+                where: {
+                    UserId: this.UserId,
+                },
+                include: [
+                    {
+                        model: group_entity_1.default,
+                        where: {
+                            Type: 'Department',
+                        },
+                    },
+                ],
+                transaction: dbTransaction,
+            });
+            if (userDepartment) {
+                await User._UserGroupRepo.update({
+                    GroupCode: data.DepartmentCode,
+                    UpdatedAt: new Date(),
+                    UpdatedById: loginUser.UserId,
+                }, {
+                    where: {
+                        UserId: this.UserId,
+                        GroupCode: userDepartment.GroupCode,
+                    },
+                    transaction: dbTransaction,
+                });
+            }
+            else {
+                await User._UserGroupRepo.create({
+                    UserId: this.UserId,
+                    GroupCode: data.DepartmentCode,
+                    CreatedAt: new Date(),
+                    CreatedById: loginUser.UserId,
+                    UpdatedAt: new Date(),
+                    UpdatedById: loginUser.UserId,
+                }, {
+                    transaction: dbTransaction,
+                });
+            }
+        }
+        const entityValueBefore = {
+            UserId: this.UserId,
+            UserName: this.UserName,
+            Email: this.Email,
+            Password: this.Password,
+            Status: this.Status,
+            DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+            FirstLoginAt: this.FirstLoginAt,
+            LastLoginAt: this.LastLoginAt,
+            MFAEnabled: this.MFAEnabled,
+            MFAConfig: this.MFAConfig,
+            RecoveryEmail: this.RecoveryEmail,
+            FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+            LastFailedLoginAt: this.LastFailedLoginAt,
+            LastPasswordChangedAt: this.LastPasswordChangedAt,
+            NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+            CreatedById: this.CreatedById,
+            CreatedAt: this.CreatedAt,
+            UpdatedById: this.UpdatedById,
+            UpdatedAt: this.UpdatedAt,
+        };
+        this.UserName = data.UserName;
+        this.Email = data.Email;
+        this.Status = data.Status;
+        this.RecoveryEmail = data.RecoveryEmail;
+        this.UpdatedAt = new Date();
+        this.UpdatedById = loginUser.UserId;
+        await User._Repository.update({
+            UserName: this.UserName,
+            Email: this.Email,
+            Status: this.Status,
+            RecoveryEmail: this.RecoveryEmail,
+            UpdatedById: this.UpdatedById,
+            UpdatedAt: this.UpdatedAt,
+        }, {
+            where: {
+                UserId: this.UserId,
+            },
+            transaction: dbTransaction,
+        });
+        const entityValueAfter = {
+            UserId: this.UserId,
+            UserName: this.UserName,
+            Email: this.Email,
+            Password: this.Password,
+            Status: this.Status,
+            DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
+            FirstLoginAt: this.FirstLoginAt,
+            LastLoginAt: this.LastLoginAt,
+            MFAEnabled: this.MFAEnabled,
+            MFAConfig: this.MFAConfig,
+            RecoveryEmail: this.RecoveryEmail,
+            FailedLoginAttemptCount: this.FailedLoginAttemptCount,
+            LastFailedLoginAt: this.LastFailedLoginAt,
+            LastPasswordChangedAt: this.LastPasswordChangedAt,
+            NeedToChangePasswordYN: this.NeedToChangePasswordYN,
+            CreatedById: this.CreatedById,
+            CreatedAt: this.CreatedAt,
+            UpdatedById: this.UpdatedById,
+            UpdatedAt: this.UpdatedAt,
+        };
+        const activity = new activity_history_1.Activity();
+        activity.ActivityId = activity.createId();
+        activity.Action = activity_history_1.ActionEnum.UPDATE;
+        activity.Description = 'Update User';
+        activity.EntityType = 'LoginUser';
+        activity.EntityId = this.UserId.toString();
+        activity.EntityValueBefore = JSON.stringify(entityValueBefore);
+        activity.EntityValueAfter = JSON.stringify(entityValueAfter);
+        await activity.create(loginUser.ObjectId, dbTransaction);
+        return this;
+    }
+    static async findById(loginUser, dbTransaction, UserId) {
+        const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+        const isPrivileged = await loginUser.checkPrivileges(systemCode, 'USER_VIEW');
+        if (!isPrivileged) {
+            throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have the privilege to find user');
+        }
+        const user = await User._Repository.findOne({
+            where: {
+                UserId: UserId,
+                Status: 'Active',
+            },
+            transaction: dbTransaction,
+        });
+        const userAttr = {
+            UserId: user.UserId,
+            UserName: user.UserName,
+            FullName: user?.FullName || null,
+            IDNo: user?.IdNo || null,
+            IDType: user?.IdType || null,
+            ContactNo: user?.ContactNo || null,
+            Email: user.Email,
+            Password: user.Password,
+            Status: user.Status,
+            DefaultPasswordChangedYN: user.DefaultPasswordChangedYN,
+            FirstLoginAt: user.FirstLoginAt,
+            LastLoginAt: user.LastLoginAt,
+            MFAEnabled: user.MFAEnabled,
+            MFAConfig: user.MFAConfig,
+            RecoveryEmail: user.RecoveryEmail,
+            FailedLoginAttemptCount: user.FailedLoginAttemptCount,
+            LastFailedLoginAt: user.LastFailedLoginAt,
+            LastPasswordChangedAt: user.LastPasswordChangedAt,
+            NeedToChangePasswordYN: user.NeedToChangePasswordYN,
+            CreatedById: user.CreatedById,
+            CreatedAt: user.CreatedAt,
+            UpdatedById: user.UpdatedById,
+            UpdatedAt: user.UpdatedAt,
+            staffs: user?.Staff || null,
+        };
+        return new User(null, dbTransaction, userAttr);
+    }
+    static async getFullName(dbTransaction, UserId) {
+        try {
+            const user = await User._Repository.findOne({
+                where: {
+                    UserId: UserId,
+                },
+                transaction: dbTransaction,
+            });
+            if (!user) {
+                throw new general_1.ClassError('User', 'UserErrMsg0X', 'No user found.');
+            }
+            if (user?.FullName) {
+                return user?.FullName;
+            }
+            else if (user?.UserName) {
+                return user?.UserName;
+            }
+            else {
+                return '';
+            }
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    static async findByEmail(loginUser, dbTransaction, Email) {
+        try {
+            const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
+            const isPrivileged = await loginUser.checkPrivileges(systemCode, 'USER_VIEW');
+            if (!isPrivileged) {
+                throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have the privilege to find user');
+            }
+            const user = await User._Repository.findOne({
+                where: {
+                    Email: Email,
+                },
+                include: [
+                    {
+                        model: staff_entity_1.default,
+                    },
+                ],
+                transaction: dbTransaction,
+            });
+            if (!user) {
+                throw new general_1.ClassError('User', 'UserErrMsg0X', 'User not found.');
+            }
+            const userAttr = {
+                UserId: user.UserId,
+                UserName: user.UserName,
+                FullName: user?.FullName || null,
+                IDNo: user?.IdNo || null,
+                IDType: user?.IdType || null,
+                ContactNo: user?.ContactNo || null,
+                Email: user.Email,
+                Password: user.Password,
+                Status: user.Status,
+                DefaultPasswordChangedYN: user.DefaultPasswordChangedYN,
+                FirstLoginAt: user.FirstLoginAt,
+                LastLoginAt: user.LastLoginAt,
+                MFAEnabled: user.MFAEnabled,
+                MFAConfig: user.MFAConfig,
+                RecoveryEmail: user.RecoveryEmail,
+                FailedLoginAttemptCount: user.FailedLoginAttemptCount,
+                LastFailedLoginAt: user.LastFailedLoginAt,
+                LastPasswordChangedAt: user.LastPasswordChangedAt,
+                NeedToChangePasswordYN: user.NeedToChangePasswordYN,
+                CreatedById: user.CreatedById,
+                CreatedAt: user.CreatedAt,
+                UpdatedById: user.UpdatedById,
+                UpdatedAt: user.UpdatedAt,
+                staffs: user?.Staff,
+            };
+            const sessionService = await session_service_1.SessionService.init(undefined);
+            const usr = new User(sessionService, undefined, userAttr);
+            return usr;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+}
+exports.User = User;
+User._Repository = new user_repository_1.UserRepository();
+User._LoginHistoryRepository = new login_history_repository_1.LoginHistoryRepository();
+User._UserGroupRepo = new user_group_repository_1.UserGroupRepository();
+User._UserPrivilegeRepo = new user_privilege_repository_1.UserPrivilegeRepository();
+User._UserObjectPrivilegeRepo = new user_object_privilege_repository_1.UserObjectPrivilegeRepository();
+User._GroupObjectPrivilegeRepo = new group_object_privilege_repository_1.GroupObjectPrivilegeRepository();
+User._SystemRepository = new system_repository_1.SystemRepository();
+User._UserSystemAccessRepo = new user_system_access_repository_1.UserSystemAccessRepository();
+User._GroupSystemAccessRepo = new group_system_access_repository_1.GroupSystemAccessRepository();
+User._GroupRepo = new group_repository_1.GroupRepository();
+//# sourceMappingURL=user.js.map