@tomei/sso 0.60.4-dev.7 → 0.60.4-dev.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.commitlintrc.json +22 -22
- package/.gitlab-ci.yml +16 -16
- package/.husky/commit-msg +9 -9
- package/.husky/pre-commit +7 -7
- package/.prettierrc +4 -4
- package/Jenkinsfile +57 -57
- package/README.md +23 -23
- package/__tests__/unit/components/group/group.spec.ts +79 -79
- package/__tests__/unit/components/group-object-privilege/group-object-privilege.spec.ts +88 -88
- package/__tests__/unit/components/group-privilege/group-privilege.spec.ts +68 -68
- package/__tests__/unit/components/group-reporting-user/group-reporting-user.spec.ts +66 -66
- package/__tests__/unit/components/group-system-access/group-system-access.spec.ts +83 -83
- package/__tests__/unit/components/login-user/l.spec.ts +746 -746
- package/__tests__/unit/components/login-user/login.spec.ts +1164 -1164
- package/__tests__/unit/components/password-hash/password-hash.service.spec.ts +31 -31
- package/__tests__/unit/components/system/system.spec.ts +254 -254
- package/__tests__/unit/components/system-privilege/system-privilege.spec.ts +83 -83
- package/__tests__/unit/components/user-group/user-group.spec.ts +86 -86
- package/__tests__/unit/components/user-object-privilege/user-object-privilege.spec.ts +78 -78
- package/__tests__/unit/components/user-privilege/user-privilege.spec.ts +72 -72
- package/__tests__/unit/components/user-system-access/user-system-access.spec.ts +89 -89
- package/__tests__/unit/redis-client/redis.service.spec.ts +23 -23
- package/__tests__/unit/session/session.service.spec.ts +47 -47
- package/__tests__/unit/system-privilege/system-privilage.spec.ts +91 -91
- package/coverage/clover.xml +1452 -1452
- package/coverage/coverage-final.json +47 -47
- package/coverage/lcov-report/base.css +224 -224
- package/coverage/lcov-report/block-navigation.js +87 -87
- package/coverage/lcov-report/components/group/group.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group/group.ts.html +327 -327
- package/coverage/lcov-report/components/group/index.html +130 -130
- package/coverage/lcov-report/components/group-object-privilege/group-object-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-object-privilege/group-object-privilege.ts.html +321 -321
- package/coverage/lcov-report/components/group-object-privilege/index.html +130 -130
- package/coverage/lcov-report/components/group-privilege/group-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-privilege/group-privilege.ts.html +303 -303
- package/coverage/lcov-report/components/group-privilege/index.html +130 -130
- package/coverage/lcov-report/components/group-reporting-user/group-reporting-user.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-reporting-user/group-reporting-user.ts.html +327 -327
- package/coverage/lcov-report/components/group-reporting-user/index.html +130 -130
- package/coverage/lcov-report/components/group-system-access/group-system-access.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-system-access/group-system-access.ts.html +309 -309
- package/coverage/lcov-report/components/group-system-access/index.html +130 -130
- package/coverage/lcov-report/components/login-history/index.html +115 -115
- package/coverage/lcov-report/components/login-history/login-history.repository.ts.html +117 -117
- package/coverage/lcov-report/components/login-user/index.html +130 -130
- package/coverage/lcov-report/components/login-user/login-user.ts.html +5015 -5008
- package/coverage/lcov-report/components/login-user/user.repository.ts.html +117 -117
- package/coverage/lcov-report/components/password-hash/index.html +115 -115
- package/coverage/lcov-report/components/password-hash/password-hash.service.ts.html +126 -126
- package/coverage/lcov-report/components/system/index.html +130 -130
- package/coverage/lcov-report/components/system/system.repository.ts.html +117 -117
- package/coverage/lcov-report/components/system/system.ts.html +909 -909
- package/coverage/lcov-report/components/system-privilege/index.html +130 -130
- package/coverage/lcov-report/components/system-privilege/system-privilege.repository.ts.html +120 -120
- package/coverage/lcov-report/components/system-privilege/system-privilege.ts.html +390 -390
- package/coverage/lcov-report/components/user-group/index.html +130 -130
- package/coverage/lcov-report/components/user-group/user-group.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-group/user-group.ts.html +354 -354
- package/coverage/lcov-report/components/user-object-privilege/index.html +130 -130
- package/coverage/lcov-report/components/user-object-privilege/user-object-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-object-privilege/user-object-privilege.ts.html +312 -312
- package/coverage/lcov-report/components/user-privilege/index.html +130 -130
- package/coverage/lcov-report/components/user-privilege/user-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-privilege/user-privilege.ts.html +306 -306
- package/coverage/lcov-report/components/user-system-access/index.html +130 -130
- package/coverage/lcov-report/components/user-system-access/user-system-access.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-system-access/user-system-access.ts.html +312 -312
- package/coverage/lcov-report/enum/group-type.enum.ts.html +108 -108
- package/coverage/lcov-report/enum/index.html +160 -160
- package/coverage/lcov-report/enum/index.ts.html +93 -93
- package/coverage/lcov-report/enum/user-status.enum.ts.html +105 -105
- package/coverage/lcov-report/enum/yn.enum.ts.html +96 -96
- package/coverage/lcov-report/index.html +370 -370
- package/coverage/lcov-report/models/group-object-privilege.entity.ts.html +333 -333
- package/coverage/lcov-report/models/group-privilege.entity.ts.html +315 -315
- package/coverage/lcov-report/models/group-reporting-user.entity.ts.html +339 -339
- package/coverage/lcov-report/models/group-system-access.entity.ts.html +324 -324
- package/coverage/lcov-report/models/group.entity.ts.html +435 -435
- package/coverage/lcov-report/models/index.html +310 -310
- package/coverage/lcov-report/models/login-history.entity.ts.html +252 -252
- package/coverage/lcov-report/models/staff.entity.ts.html +411 -411
- package/coverage/lcov-report/models/system-privilege.entity.ts.html +354 -354
- package/coverage/lcov-report/models/system.entity.ts.html +423 -423
- package/coverage/lcov-report/models/user-group.entity.ts.html +354 -354
- package/coverage/lcov-report/models/user-object-privilege.entity.ts.html +330 -330
- package/coverage/lcov-report/models/user-privilege.entity.ts.html +315 -315
- package/coverage/lcov-report/models/user-system-access.entity.ts.html +315 -315
- package/coverage/lcov-report/models/user.entity.ts.html +522 -522
- package/coverage/lcov-report/prettify.css +1 -1
- package/coverage/lcov-report/prettify.js +2 -2
- package/coverage/lcov-report/redis-client/index.html +115 -115
- package/coverage/lcov-report/redis-client/redis.service.ts.html +240 -240
- package/coverage/lcov-report/session/index.html +115 -115
- package/coverage/lcov-report/session/session.service.ts.html +246 -246
- package/coverage/lcov-report/sorter.js +196 -196
- package/coverage/lcov.info +2490 -2490
- package/coverage/test-report.xml +128 -128
- package/create-sso-user.sql +39 -39
- package/dist/src/components/login-user/interfaces/user-info.interface.d.ts +1 -0
- package/dist/src/components/login-user/login-user.js +1 -0
- package/dist/src/components/login-user/login-user.js.map +1 -1
- package/dist/src/components/login-user/user.d.ts +6 -0
- package/dist/src/components/login-user/user.js +304 -0
- package/dist/src/components/login-user/user.js.map +1 -1
- package/dist/src/models/user.entity.d.ts +1 -0
- package/dist/src/models/user.entity.js +8 -0
- package/dist/src/models/user.entity.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/eslint.config.mjs +58 -58
- package/jest.config.js +14 -14
- package/migrations/20240314080602-create-user-table.js +124 -124
- package/migrations/20240314080603-create-user-group-table.js +85 -85
- package/migrations/20240314080604-create-user-user-group-table.js +55 -55
- package/migrations/20240314080605-create-login-history-table.js +53 -53
- package/migrations/20240527064925-create-system-table.js +78 -78
- package/migrations/20240527064926-create-system-privilege-table.js +71 -71
- package/migrations/20240527065342-create-group-table.js +93 -93
- package/migrations/20240527065633-create-group-reporting-user-table.js +76 -76
- package/migrations/20240528011551-create-group-system-access-table.js +72 -72
- package/migrations/20240528023018-user-system-access-table.js +75 -75
- package/migrations/20240528032229-user-privilege-table.js +76 -76
- package/migrations/20240528063003-create-group-privilege-table.js +76 -76
- package/migrations/20240528063051-create-group-object-privilege-table.js +84 -84
- package/migrations/20240528063107-create-user-object-privilege-table.js +84 -84
- package/migrations/20240528063108-create-api-key-table.js +85 -85
- package/migrations/20241104104802-create-building-table.js +95 -95
- package/migrations/20250108091132-add-area-manager-user-id-to-building-table.js +14 -14
- package/migrations/20250108091133-add-passcode-to-user-table.js +36 -36
- package/migrations/20250210115636-create-user-reporting-hierarchy.js +76 -76
- package/migrations/20250326043818-crate-user-password-history.js +42 -42
- package/migrations/20250610070720-added-MFBypassYN-to-sso-user.js +30 -0
- package/package.json +90 -90
- package/sampledotenv +7 -7
- package/src/components/login-user/interfaces/user-info.interface.ts +1 -0
- package/src/components/login-user/login-user.ts +1 -0
- package/src/components/login-user/user.ts +382 -0
- package/src/models/user.entity.ts +7 -0
- package/tsconfig.build.json +5 -5
- package/tsconfig.json +23 -23
- package/dist/__tests__/unit/components/group-privilege/group-privilege.test.d.ts +0 -1
- package/dist/__tests__/unit/components/group-privilege/group-privilege.test.js +0 -71
- package/dist/__tests__/unit/components/group-privilege/group-privilege.test.js.map +0 -1
- package/dist/__tests__/unit/components/login-user/login-user.spec.d.ts +0 -0
- package/dist/__tests__/unit/components/login-user/login-user.spec.js +0 -6
- package/dist/__tests__/unit/components/login-user/login-user.spec.js.map +0 -1
- package/sonar-project.properties +0 -23
|
@@ -100,6 +100,12 @@ class User extends general_1.UserBase {
|
|
|
100
100
|
set MFAConfig(value) {
|
|
101
101
|
this._MFAConfig = value;
|
|
102
102
|
}
|
|
103
|
+
get MFABypassYN() {
|
|
104
|
+
return this._MFABypassYN;
|
|
105
|
+
}
|
|
106
|
+
set MFABypassYN(value) {
|
|
107
|
+
this._MFABypassYN = value;
|
|
108
|
+
}
|
|
103
109
|
get RecoveryEmail() {
|
|
104
110
|
return this._RecoveryEmail;
|
|
105
111
|
}
|
|
@@ -203,6 +209,7 @@ class User extends general_1.UserBase {
|
|
|
203
209
|
this.LastLoginAt = userInfo.LastLoginAt;
|
|
204
210
|
this.MFAEnabled = userInfo.MFAEnabled;
|
|
205
211
|
this.MFAConfig = userInfo.MFAConfig;
|
|
212
|
+
this.MFABypassYN = userInfo.MFABypassYN;
|
|
206
213
|
this.RecoveryEmail = userInfo.RecoveryEmail;
|
|
207
214
|
this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
|
|
208
215
|
this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
|
|
@@ -253,6 +260,7 @@ class User extends general_1.UserBase {
|
|
|
253
260
|
LastLoginAt: user.LastLoginAt,
|
|
254
261
|
MFAEnabled: user.MFAEnabled,
|
|
255
262
|
MFAConfig: user.MFAConfig,
|
|
263
|
+
MFABypassYN: user.MFABypassYN,
|
|
256
264
|
RecoveryEmail: user.RecoveryEmail,
|
|
257
265
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
258
266
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -312,6 +320,7 @@ class User extends general_1.UserBase {
|
|
|
312
320
|
LastLoginAt: user.LastLoginAt,
|
|
313
321
|
MFAEnabled: user.MFAEnabled,
|
|
314
322
|
MFAConfig: user.MFAConfig,
|
|
323
|
+
MFABypassYN: user.MFABypassYN,
|
|
315
324
|
RecoveryEmail: user.RecoveryEmail,
|
|
316
325
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
317
326
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -389,6 +398,7 @@ class User extends general_1.UserBase {
|
|
|
389
398
|
LastLoginAt: user.LastLoginAt,
|
|
390
399
|
MFAEnabled: user.MFAEnabled,
|
|
391
400
|
MFAConfig: user.MFAConfig,
|
|
401
|
+
MFABypassYN: user.MFABypassYN,
|
|
392
402
|
RecoveryEmail: user.RecoveryEmail,
|
|
393
403
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
394
404
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -1076,6 +1086,7 @@ class User extends general_1.UserBase {
|
|
|
1076
1086
|
LastLoginAt: null,
|
|
1077
1087
|
MFAEnabled: null,
|
|
1078
1088
|
MFAConfig: null,
|
|
1089
|
+
MFABypassYN: yn_enum_1.YN.No,
|
|
1079
1090
|
RecoveryEmail: null,
|
|
1080
1091
|
FailedLoginAttemptCount: 0,
|
|
1081
1092
|
LastFailedLoginAt: null,
|
|
@@ -1750,6 +1761,7 @@ class User extends general_1.UserBase {
|
|
|
1750
1761
|
LastLoginAt: user.LastLoginAt,
|
|
1751
1762
|
MFAEnabled: user.MFAEnabled,
|
|
1752
1763
|
MFAConfig: user.MFAConfig,
|
|
1764
|
+
MFABypassYN: user.MFABypassYN,
|
|
1753
1765
|
RecoveryEmail: user.RecoveryEmail,
|
|
1754
1766
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
1755
1767
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -1832,6 +1844,7 @@ class User extends general_1.UserBase {
|
|
|
1832
1844
|
LastLoginAt: user.LastLoginAt,
|
|
1833
1845
|
MFAEnabled: user.MFAEnabled,
|
|
1834
1846
|
MFAConfig: user.MFAConfig,
|
|
1847
|
+
MFABypassYN: user.MFABypassYN,
|
|
1835
1848
|
RecoveryEmail: user.RecoveryEmail,
|
|
1836
1849
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
1837
1850
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -1877,6 +1890,7 @@ class User extends general_1.UserBase {
|
|
|
1877
1890
|
LastLoginAt: this.LastLoginAt,
|
|
1878
1891
|
MFAEnabled: this.MFAEnabled,
|
|
1879
1892
|
MFAConfig: this.MFAConfig,
|
|
1893
|
+
MFABypassYN: this.MFABypassYN,
|
|
1880
1894
|
RecoveryEmail: this.RecoveryEmail,
|
|
1881
1895
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
1882
1896
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -1906,6 +1920,7 @@ class User extends general_1.UserBase {
|
|
|
1906
1920
|
LastLoginAt: this.LastLoginAt,
|
|
1907
1921
|
MFAEnabled: this.MFAEnabled,
|
|
1908
1922
|
MFAConfig: this.MFAConfig,
|
|
1923
|
+
MFABypassYN: this.MFABypassYN,
|
|
1909
1924
|
RecoveryEmail: this.RecoveryEmail,
|
|
1910
1925
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
1911
1926
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -1967,6 +1982,7 @@ class User extends general_1.UserBase {
|
|
|
1967
1982
|
LastLoginAt: this.LastLoginAt,
|
|
1968
1983
|
MFAEnabled: this.MFAEnabled,
|
|
1969
1984
|
MFAConfig: this.MFAConfig,
|
|
1985
|
+
MFABypassYN: this.MFABypassYN,
|
|
1970
1986
|
RecoveryEmail: this.RecoveryEmail,
|
|
1971
1987
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
1972
1988
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -1996,6 +2012,7 @@ class User extends general_1.UserBase {
|
|
|
1996
2012
|
LastLoginAt: this.LastLoginAt,
|
|
1997
2013
|
MFAEnabled: this.MFAEnabled,
|
|
1998
2014
|
MFAConfig: this.MFAConfig,
|
|
2015
|
+
MFABypassYN: this.MFABypassYN,
|
|
1999
2016
|
RecoveryEmail: this.RecoveryEmail,
|
|
2000
2017
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2001
2018
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -2122,6 +2139,293 @@ class User extends general_1.UserBase {
|
|
|
2122
2139
|
}
|
|
2123
2140
|
});
|
|
2124
2141
|
}
|
|
2142
|
+
enable2FABypass(loginUser, dbTransaction) {
|
|
2143
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2144
|
+
try {
|
|
2145
|
+
if (this.MFABypassYN === yn_enum_1.YN.Yes) {
|
|
2146
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already enabled.', 'enable2FABypass');
|
|
2147
|
+
}
|
|
2148
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
2149
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
|
2150
|
+
if (!isPrivileged) {
|
|
2151
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
|
|
2152
|
+
}
|
|
2153
|
+
const entityValueBefore = {
|
|
2154
|
+
UserId: this.UserId,
|
|
2155
|
+
UserName: this.UserName,
|
|
2156
|
+
FullName: this.FullName,
|
|
2157
|
+
IDNo: this.IDNo,
|
|
2158
|
+
IDType: this.IDType,
|
|
2159
|
+
ContactNo: this.ContactNo,
|
|
2160
|
+
Email: this.Email,
|
|
2161
|
+
Password: this.Password,
|
|
2162
|
+
Status: this.Status,
|
|
2163
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2164
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2165
|
+
LastLoginAt: this.LastLoginAt,
|
|
2166
|
+
MFAEnabled: this.MFAEnabled,
|
|
2167
|
+
MFAConfig: this.MFAConfig,
|
|
2168
|
+
MFABypassYN: this.MFABypassYN,
|
|
2169
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2170
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2171
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2172
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2173
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2174
|
+
CreatedById: this.CreatedById,
|
|
2175
|
+
CreatedAt: this.CreatedAt,
|
|
2176
|
+
UpdatedById: this.UpdatedById,
|
|
2177
|
+
UpdatedAt: this.UpdatedAt,
|
|
2178
|
+
PasscodeHash: this.PasscodeHash,
|
|
2179
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2180
|
+
};
|
|
2181
|
+
this.MFABypassYN = yn_enum_1.YN.Yes;
|
|
2182
|
+
this.UpdatedAt = new Date();
|
|
2183
|
+
this.UpdatedById = loginUser.UserId;
|
|
2184
|
+
yield User._Repository.update({
|
|
2185
|
+
MFABypassYN: this.MFABypassYN,
|
|
2186
|
+
UpdatedAt: this.UpdatedAt,
|
|
2187
|
+
UpdatedById: this.UpdatedById,
|
|
2188
|
+
}, {
|
|
2189
|
+
where: {
|
|
2190
|
+
UserId: this.UserId,
|
|
2191
|
+
},
|
|
2192
|
+
transaction: dbTransaction,
|
|
2193
|
+
});
|
|
2194
|
+
const entityValueAfter = {
|
|
2195
|
+
UserId: this.UserId,
|
|
2196
|
+
UserName: this.UserName,
|
|
2197
|
+
FullName: this.FullName,
|
|
2198
|
+
IDNo: this.IDNo,
|
|
2199
|
+
IDType: this.IDType,
|
|
2200
|
+
ContactNo: this.ContactNo,
|
|
2201
|
+
Email: this.Email,
|
|
2202
|
+
Password: this.Password,
|
|
2203
|
+
Status: this.Status,
|
|
2204
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2205
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2206
|
+
LastLoginAt: this.LastLoginAt,
|
|
2207
|
+
MFAEnabled: this.MFAEnabled,
|
|
2208
|
+
MFAConfig: this.MFAConfig,
|
|
2209
|
+
MFABypassYN: this.MFABypassYN,
|
|
2210
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2211
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2212
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2213
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2214
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2215
|
+
CreatedById: this.CreatedById,
|
|
2216
|
+
CreatedAt: this.CreatedAt,
|
|
2217
|
+
UpdatedById: this.UpdatedById,
|
|
2218
|
+
UpdatedAt: this.UpdatedAt,
|
|
2219
|
+
PasscodeHash: this.PasscodeHash,
|
|
2220
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2221
|
+
};
|
|
2222
|
+
const activity = new activity_history_1.Activity();
|
|
2223
|
+
activity.ActivityId = activity.createId();
|
|
2224
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
|
2225
|
+
activity.Description = `Enable 2FA Bypass For User ${this.Email}`;
|
|
2226
|
+
activity.EntityType = this.ObjectType;
|
|
2227
|
+
activity.EntityId = this.UserId.toString();
|
|
2228
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
|
2229
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
|
2230
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
|
2231
|
+
}
|
|
2232
|
+
catch (error) {
|
|
2233
|
+
throw error;
|
|
2234
|
+
}
|
|
2235
|
+
});
|
|
2236
|
+
}
|
|
2237
|
+
disable2FABypass(loginUser, dbTransaction) {
|
|
2238
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2239
|
+
try {
|
|
2240
|
+
if (this.MFABypassYN === yn_enum_1.YN.No) {
|
|
2241
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already disabled.', 'disable2FABypass');
|
|
2242
|
+
}
|
|
2243
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
2244
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
|
2245
|
+
if (!isPrivileged) {
|
|
2246
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
|
|
2247
|
+
}
|
|
2248
|
+
const entityValueBefore = {
|
|
2249
|
+
UserId: this.UserId,
|
|
2250
|
+
UserName: this.UserName,
|
|
2251
|
+
FullName: this.FullName,
|
|
2252
|
+
IDNo: this.IDNo,
|
|
2253
|
+
IDType: this.IDType,
|
|
2254
|
+
ContactNo: this.ContactNo,
|
|
2255
|
+
Email: this.Email,
|
|
2256
|
+
Password: this.Password,
|
|
2257
|
+
Status: this.Status,
|
|
2258
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2259
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2260
|
+
LastLoginAt: this.LastLoginAt,
|
|
2261
|
+
MFAEnabled: this.MFAEnabled,
|
|
2262
|
+
MFAConfig: this.MFAConfig,
|
|
2263
|
+
MFABypassYN: this.MFABypassYN,
|
|
2264
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2265
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2266
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2267
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2268
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2269
|
+
CreatedById: this.CreatedById,
|
|
2270
|
+
CreatedAt: this.CreatedAt,
|
|
2271
|
+
UpdatedById: this.UpdatedById,
|
|
2272
|
+
UpdatedAt: this.UpdatedAt,
|
|
2273
|
+
PasscodeHash: this.PasscodeHash,
|
|
2274
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2275
|
+
};
|
|
2276
|
+
this.MFABypassYN = yn_enum_1.YN.No;
|
|
2277
|
+
this.UpdatedAt = new Date();
|
|
2278
|
+
this.UpdatedById = loginUser.UserId;
|
|
2279
|
+
yield User._Repository.update({
|
|
2280
|
+
MFABypassYN: this.MFABypassYN,
|
|
2281
|
+
UpdatedAt: this.UpdatedAt,
|
|
2282
|
+
UpdatedById: this.UpdatedById,
|
|
2283
|
+
}, {
|
|
2284
|
+
where: {
|
|
2285
|
+
UserId: this.UserId,
|
|
2286
|
+
},
|
|
2287
|
+
transaction: dbTransaction,
|
|
2288
|
+
});
|
|
2289
|
+
const entityValueAfter = {
|
|
2290
|
+
UserId: this.UserId,
|
|
2291
|
+
UserName: this.UserName,
|
|
2292
|
+
FullName: this.FullName,
|
|
2293
|
+
IDNo: this.IDNo,
|
|
2294
|
+
IDType: this.IDType,
|
|
2295
|
+
ContactNo: this.ContactNo,
|
|
2296
|
+
Email: this.Email,
|
|
2297
|
+
Password: this.Password,
|
|
2298
|
+
Status: this.Status,
|
|
2299
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2300
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2301
|
+
LastLoginAt: this.LastLoginAt,
|
|
2302
|
+
MFAEnabled: this.MFAEnabled,
|
|
2303
|
+
MFAConfig: this.MFAConfig,
|
|
2304
|
+
MFABypassYN: this.MFABypassYN,
|
|
2305
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2306
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2307
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2308
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2309
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2310
|
+
CreatedById: this.CreatedById,
|
|
2311
|
+
CreatedAt: this.CreatedAt,
|
|
2312
|
+
UpdatedById: this.UpdatedById,
|
|
2313
|
+
UpdatedAt: this.UpdatedAt,
|
|
2314
|
+
PasscodeHash: this.PasscodeHash,
|
|
2315
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2316
|
+
};
|
|
2317
|
+
const activity = new activity_history_1.Activity();
|
|
2318
|
+
activity.ActivityId = activity.createId();
|
|
2319
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
|
2320
|
+
activity.Description = `Disable 2FA Bypass For User ${this.Email}`;
|
|
2321
|
+
activity.EntityType = this.ObjectType;
|
|
2322
|
+
activity.EntityId = this.UserId.toString();
|
|
2323
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
|
2324
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
|
2325
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
|
2326
|
+
}
|
|
2327
|
+
catch (error) {
|
|
2328
|
+
throw error;
|
|
2329
|
+
}
|
|
2330
|
+
});
|
|
2331
|
+
}
|
|
2332
|
+
reset2FA(loginUser, dbTransaction) {
|
|
2333
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2334
|
+
try {
|
|
2335
|
+
if (this.MFAEnabled === 0) {
|
|
2336
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'User not yet setup 2FA.', 'reset2FA');
|
|
2337
|
+
}
|
|
2338
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
2339
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
|
2340
|
+
if (!isPrivileged) {
|
|
2341
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to reset 2FA.');
|
|
2342
|
+
}
|
|
2343
|
+
const entityValueBefore = {
|
|
2344
|
+
UserId: this.UserId,
|
|
2345
|
+
UserName: this.UserName,
|
|
2346
|
+
FullName: this.FullName,
|
|
2347
|
+
IDNo: this.IDNo,
|
|
2348
|
+
IDType: this.IDType,
|
|
2349
|
+
ContactNo: this.ContactNo,
|
|
2350
|
+
Email: this.Email,
|
|
2351
|
+
Password: this.Password,
|
|
2352
|
+
Status: this.Status,
|
|
2353
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2354
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2355
|
+
LastLoginAt: this.LastLoginAt,
|
|
2356
|
+
MFAEnabled: this.MFAEnabled,
|
|
2357
|
+
MFAConfig: this.MFAConfig,
|
|
2358
|
+
MFABypassYN: this.MFABypassYN,
|
|
2359
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2360
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2361
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2362
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2363
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2364
|
+
CreatedById: this.CreatedById,
|
|
2365
|
+
CreatedAt: this.CreatedAt,
|
|
2366
|
+
UpdatedById: this.UpdatedById,
|
|
2367
|
+
UpdatedAt: this.UpdatedAt,
|
|
2368
|
+
PasscodeHash: this.PasscodeHash,
|
|
2369
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2370
|
+
};
|
|
2371
|
+
this.MFAEnabled = 0;
|
|
2372
|
+
this.MFABypassYN = yn_enum_1.YN.No;
|
|
2373
|
+
this.UpdatedAt = new Date();
|
|
2374
|
+
this.UpdatedById = loginUser.UserId;
|
|
2375
|
+
yield User._Repository.update({
|
|
2376
|
+
MFAEnabled: this.MFAEnabled,
|
|
2377
|
+
MFABypassYN: this.MFABypassYN,
|
|
2378
|
+
UpdatedAt: this.UpdatedAt,
|
|
2379
|
+
UpdatedById: this.UpdatedById,
|
|
2380
|
+
}, {
|
|
2381
|
+
where: {
|
|
2382
|
+
UserId: this.UserId,
|
|
2383
|
+
},
|
|
2384
|
+
transaction: dbTransaction,
|
|
2385
|
+
});
|
|
2386
|
+
const entityValueAfter = {
|
|
2387
|
+
UserId: this.UserId,
|
|
2388
|
+
UserName: this.UserName,
|
|
2389
|
+
FullName: this.FullName,
|
|
2390
|
+
IDNo: this.IDNo,
|
|
2391
|
+
IDType: this.IDType,
|
|
2392
|
+
ContactNo: this.ContactNo,
|
|
2393
|
+
Email: this.Email,
|
|
2394
|
+
Password: this.Password,
|
|
2395
|
+
Status: this.Status,
|
|
2396
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2397
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2398
|
+
LastLoginAt: this.LastLoginAt,
|
|
2399
|
+
MFAEnabled: this.MFAEnabled,
|
|
2400
|
+
MFAConfig: this.MFAConfig,
|
|
2401
|
+
MFABypassYN: this.MFABypassYN,
|
|
2402
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2403
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2404
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2405
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2406
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2407
|
+
CreatedById: this.CreatedById,
|
|
2408
|
+
CreatedAt: this.CreatedAt,
|
|
2409
|
+
UpdatedById: this.UpdatedById,
|
|
2410
|
+
UpdatedAt: this.UpdatedAt,
|
|
2411
|
+
PasscodeHash: this.PasscodeHash,
|
|
2412
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2413
|
+
};
|
|
2414
|
+
const activity = new activity_history_1.Activity();
|
|
2415
|
+
activity.ActivityId = activity.createId();
|
|
2416
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
|
2417
|
+
activity.Description = `Reset 2FA for User ${this.Email}`;
|
|
2418
|
+
activity.EntityType = this.ObjectType;
|
|
2419
|
+
activity.EntityId = this.UserId.toString();
|
|
2420
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
|
2421
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
|
2422
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
|
2423
|
+
}
|
|
2424
|
+
catch (error) {
|
|
2425
|
+
throw error;
|
|
2426
|
+
}
|
|
2427
|
+
});
|
|
2428
|
+
}
|
|
2125
2429
|
}
|
|
2126
2430
|
exports.User = User;
|
|
2127
2431
|
User._Repository = new user_repository_1.UserRepository();
|