@tomei/sso 0.61.1 → 0.63.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.commitlintrc.json +22 -22
- package/.gitlab-ci.yml +16 -16
- package/.husky/commit-msg +15 -15
- package/.husky/pre-commit +7 -7
- package/.prettierrc +4 -4
- package/Jenkinsfile +57 -57
- package/README.md +23 -23
- package/__tests__/unit/components/group/group.spec.ts +79 -79
- package/__tests__/unit/components/group-object-privilege/group-object-privilege.spec.ts +88 -88
- package/__tests__/unit/components/group-privilege/group-privilege.spec.ts +68 -68
- package/__tests__/unit/components/group-reporting-user/group-reporting-user.spec.ts +66 -66
- package/__tests__/unit/components/group-system-access/group-system-access.spec.ts +83 -83
- package/__tests__/unit/components/login-user/l.spec.ts +746 -746
- package/__tests__/unit/components/login-user/login.spec.ts +1164 -1164
- package/__tests__/unit/components/password-hash/password-hash.service.spec.ts +31 -31
- package/__tests__/unit/components/system/system.spec.ts +254 -254
- package/__tests__/unit/components/system-privilege/system-privilege.spec.ts +83 -83
- package/__tests__/unit/components/user-group/user-group.spec.ts +86 -86
- package/__tests__/unit/components/user-object-privilege/user-object-privilege.spec.ts +78 -78
- package/__tests__/unit/components/user-privilege/user-privilege.spec.ts +72 -72
- package/__tests__/unit/components/user-system-access/user-system-access.spec.ts +89 -89
- package/__tests__/unit/redis-client/redis.service.spec.ts +23 -23
- package/__tests__/unit/session/session.service.spec.ts +47 -47
- package/__tests__/unit/system-privilege/system-privilage.spec.ts +91 -91
- package/coverage/clover.xml +1452 -1452
- package/coverage/coverage-final.json +47 -47
- package/coverage/lcov-report/base.css +224 -224
- package/coverage/lcov-report/block-navigation.js +87 -87
- package/coverage/lcov-report/components/group/group.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group/group.ts.html +327 -327
- package/coverage/lcov-report/components/group/index.html +130 -130
- package/coverage/lcov-report/components/group-object-privilege/group-object-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-object-privilege/group-object-privilege.ts.html +321 -321
- package/coverage/lcov-report/components/group-object-privilege/index.html +130 -130
- package/coverage/lcov-report/components/group-privilege/group-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-privilege/group-privilege.ts.html +303 -303
- package/coverage/lcov-report/components/group-privilege/index.html +130 -130
- package/coverage/lcov-report/components/group-reporting-user/group-reporting-user.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-reporting-user/group-reporting-user.ts.html +327 -327
- package/coverage/lcov-report/components/group-reporting-user/index.html +130 -130
- package/coverage/lcov-report/components/group-system-access/group-system-access.repository.ts.html +117 -117
- package/coverage/lcov-report/components/group-system-access/group-system-access.ts.html +309 -309
- package/coverage/lcov-report/components/group-system-access/index.html +130 -130
- package/coverage/lcov-report/components/login-history/index.html +115 -115
- package/coverage/lcov-report/components/login-history/login-history.repository.ts.html +117 -117
- package/coverage/lcov-report/components/login-user/index.html +130 -130
- package/coverage/lcov-report/components/login-user/login-user.ts.html +5015 -5008
- package/coverage/lcov-report/components/login-user/user.repository.ts.html +117 -117
- package/coverage/lcov-report/components/password-hash/index.html +115 -115
- package/coverage/lcov-report/components/password-hash/password-hash.service.ts.html +126 -126
- package/coverage/lcov-report/components/system/index.html +130 -130
- package/coverage/lcov-report/components/system/system.repository.ts.html +117 -117
- package/coverage/lcov-report/components/system/system.ts.html +909 -909
- package/coverage/lcov-report/components/system-privilege/index.html +130 -130
- package/coverage/lcov-report/components/system-privilege/system-privilege.repository.ts.html +120 -120
- package/coverage/lcov-report/components/system-privilege/system-privilege.ts.html +390 -390
- package/coverage/lcov-report/components/user-group/index.html +130 -130
- package/coverage/lcov-report/components/user-group/user-group.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-group/user-group.ts.html +354 -354
- package/coverage/lcov-report/components/user-object-privilege/index.html +130 -130
- package/coverage/lcov-report/components/user-object-privilege/user-object-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-object-privilege/user-object-privilege.ts.html +312 -312
- package/coverage/lcov-report/components/user-privilege/index.html +130 -130
- package/coverage/lcov-report/components/user-privilege/user-privilege.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-privilege/user-privilege.ts.html +306 -306
- package/coverage/lcov-report/components/user-system-access/index.html +130 -130
- package/coverage/lcov-report/components/user-system-access/user-system-access.repository.ts.html +117 -117
- package/coverage/lcov-report/components/user-system-access/user-system-access.ts.html +312 -312
- package/coverage/lcov-report/enum/group-type.enum.ts.html +108 -108
- package/coverage/lcov-report/enum/index.html +160 -160
- package/coverage/lcov-report/enum/index.ts.html +93 -93
- package/coverage/lcov-report/enum/user-status.enum.ts.html +105 -105
- package/coverage/lcov-report/enum/yn.enum.ts.html +96 -96
- package/coverage/lcov-report/index.html +370 -370
- package/coverage/lcov-report/models/group-object-privilege.entity.ts.html +333 -333
- package/coverage/lcov-report/models/group-privilege.entity.ts.html +315 -315
- package/coverage/lcov-report/models/group-reporting-user.entity.ts.html +339 -339
- package/coverage/lcov-report/models/group-system-access.entity.ts.html +324 -324
- package/coverage/lcov-report/models/group.entity.ts.html +435 -435
- package/coverage/lcov-report/models/index.html +310 -310
- package/coverage/lcov-report/models/login-history.entity.ts.html +252 -252
- package/coverage/lcov-report/models/staff.entity.ts.html +411 -411
- package/coverage/lcov-report/models/system-privilege.entity.ts.html +354 -354
- package/coverage/lcov-report/models/system.entity.ts.html +423 -423
- package/coverage/lcov-report/models/user-group.entity.ts.html +354 -354
- package/coverage/lcov-report/models/user-object-privilege.entity.ts.html +330 -330
- package/coverage/lcov-report/models/user-privilege.entity.ts.html +315 -315
- package/coverage/lcov-report/models/user-system-access.entity.ts.html +315 -315
- package/coverage/lcov-report/models/user.entity.ts.html +522 -522
- package/coverage/lcov-report/prettify.css +1 -1
- package/coverage/lcov-report/prettify.js +2 -2
- package/coverage/lcov-report/redis-client/index.html +115 -115
- package/coverage/lcov-report/redis-client/redis.service.ts.html +240 -240
- package/coverage/lcov-report/session/index.html +115 -115
- package/coverage/lcov-report/session/session.service.ts.html +246 -246
- package/coverage/lcov-report/sorter.js +196 -196
- package/coverage/lcov.info +2490 -2490
- package/coverage/test-report.xml +128 -128
- package/create-sso-user.sql +39 -39
- package/dist/src/components/login-history/index.d.ts +1 -0
- package/dist/src/components/login-history/index.js +1 -0
- package/dist/src/components/login-history/index.js.map +1 -1
- package/dist/src/components/login-history/login-history.repository.d.ts +2 -2
- package/dist/src/components/login-history/login-history.repository.js.map +1 -1
- package/dist/src/components/login-user/interfaces/user-info.interface.d.ts +1 -0
- package/dist/src/components/login-user/login-user.js +1 -0
- package/dist/src/components/login-user/login-user.js.map +1 -1
- package/dist/src/components/login-user/user.d.ts +28 -3
- package/dist/src/components/login-user/user.js +361 -17
- package/dist/src/components/login-user/user.js.map +1 -1
- package/dist/src/components/user-system-access/user-system-access.js +1 -1
- package/dist/src/components/user-system-access/user-system-access.js.map +1 -1
- package/dist/src/models/login-history.entity.d.ts +2 -2
- package/dist/src/models/login-history.entity.js +13 -13
- package/dist/src/models/login-history.entity.js.map +1 -1
- package/dist/src/models/user.entity.d.ts +1 -0
- package/dist/src/models/user.entity.js +8 -0
- package/dist/src/models/user.entity.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/eslint.config.mjs +58 -58
- package/jest.config.js +14 -14
- package/migrations/20240314080602-create-user-table.js +124 -124
- package/migrations/20240314080603-create-user-group-table.js +85 -85
- package/migrations/20240314080604-create-user-user-group-table.js +55 -55
- package/migrations/20240314080605-create-login-history-table.js +53 -53
- package/migrations/20240527064925-create-system-table.js +78 -78
- package/migrations/20240527064926-create-system-privilege-table.js +71 -71
- package/migrations/20240527065342-create-group-table.js +93 -93
- package/migrations/20240527065633-create-group-reporting-user-table.js +76 -76
- package/migrations/20240528011551-create-group-system-access-table.js +72 -72
- package/migrations/20240528023018-user-system-access-table.js +75 -75
- package/migrations/20240528032229-user-privilege-table.js +76 -76
- package/migrations/20240528063003-create-group-privilege-table.js +76 -76
- package/migrations/20240528063051-create-group-object-privilege-table.js +84 -84
- package/migrations/20240528063107-create-user-object-privilege-table.js +84 -84
- package/migrations/20240528063108-create-api-key-table.js +85 -85
- package/migrations/20241104104802-create-building-table.js +95 -95
- package/migrations/20250108091132-add-area-manager-user-id-to-building-table.js +14 -14
- package/migrations/20250108091133-add-passcode-to-user-table.js +36 -36
- package/migrations/20250210115636-create-user-reporting-hierarchy.js +76 -76
- package/migrations/20250326043818-crate-user-password-history.js +42 -42
- package/migrations/20250610070720-added-MFBypassYN-to-sso-user.js +30 -0
- package/package.json +90 -90
- package/sampledotenv +7 -7
- package/sonar-project.properties +22 -22
- package/src/components/login-history/index.ts +2 -1
- package/src/components/login-history/login-history.repository.ts +11 -11
- package/src/components/login-history/login-history.ts +124 -0
- package/src/components/login-user/interfaces/user-info.interface.ts +1 -0
- package/src/components/login-user/login-user.ts +1 -0
- package/src/components/login-user/user.ts +3563 -3143
- package/src/components/user-system-access/user-system-access.ts +717 -717
- package/src/interfaces/login-history-search-attr.interface.ts +8 -0
- package/src/interfaces/login-history.interface.ts +11 -0
- package/src/models/login-history.entity.ts +63 -63
- package/src/models/user.entity.ts +7 -0
- package/tsconfig.build.json +5 -5
- package/tsconfig.json +23 -23
- package/dist/__tests__/unit/components/group-privilege/group-privilege.test.d.ts +0 -1
- package/dist/__tests__/unit/components/group-privilege/group-privilege.test.js +0 -71
- package/dist/__tests__/unit/components/group-privilege/group-privilege.test.js.map +0 -1
- package/dist/__tests__/unit/components/login-user/login-user.spec.d.ts +0 -0
- package/dist/__tests__/unit/components/login-user/login-user.spec.js +0 -6
- package/dist/__tests__/unit/components/login-user/login-user.spec.js.map +0 -1
|
@@ -100,6 +100,12 @@ class User extends general_1.UserBase {
|
|
|
100
100
|
set MFAConfig(value) {
|
|
101
101
|
this._MFAConfig = value;
|
|
102
102
|
}
|
|
103
|
+
get MFABypassYN() {
|
|
104
|
+
return this._MFABypassYN;
|
|
105
|
+
}
|
|
106
|
+
set MFABypassYN(value) {
|
|
107
|
+
this._MFABypassYN = value;
|
|
108
|
+
}
|
|
103
109
|
get RecoveryEmail() {
|
|
104
110
|
return this._RecoveryEmail;
|
|
105
111
|
}
|
|
@@ -203,6 +209,7 @@ class User extends general_1.UserBase {
|
|
|
203
209
|
this.LastLoginAt = userInfo.LastLoginAt;
|
|
204
210
|
this.MFAEnabled = userInfo.MFAEnabled;
|
|
205
211
|
this.MFAConfig = userInfo.MFAConfig;
|
|
212
|
+
this.MFABypassYN = userInfo.MFABypassYN;
|
|
206
213
|
this.RecoveryEmail = userInfo.RecoveryEmail;
|
|
207
214
|
this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
|
|
208
215
|
this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
|
|
@@ -253,6 +260,7 @@ class User extends general_1.UserBase {
|
|
|
253
260
|
LastLoginAt: user.LastLoginAt,
|
|
254
261
|
MFAEnabled: user.MFAEnabled,
|
|
255
262
|
MFAConfig: user.MFAConfig,
|
|
263
|
+
MFABypassYN: user.MFABypassYN,
|
|
256
264
|
RecoveryEmail: user.RecoveryEmail,
|
|
257
265
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
258
266
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -312,6 +320,7 @@ class User extends general_1.UserBase {
|
|
|
312
320
|
LastLoginAt: user.LastLoginAt,
|
|
313
321
|
MFAEnabled: user.MFAEnabled,
|
|
314
322
|
MFAConfig: user.MFAConfig,
|
|
323
|
+
MFABypassYN: user.MFABypassYN,
|
|
315
324
|
RecoveryEmail: user.RecoveryEmail,
|
|
316
325
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
317
326
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -389,6 +398,7 @@ class User extends general_1.UserBase {
|
|
|
389
398
|
LastLoginAt: user.LastLoginAt,
|
|
390
399
|
MFAEnabled: user.MFAEnabled,
|
|
391
400
|
MFAConfig: user.MFAConfig,
|
|
401
|
+
MFABypassYN: user.MFABypassYN,
|
|
392
402
|
RecoveryEmail: user.RecoveryEmail,
|
|
393
403
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
394
404
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -443,8 +453,7 @@ class User extends general_1.UserBase {
|
|
|
443
453
|
},
|
|
444
454
|
});
|
|
445
455
|
if (!system) {
|
|
446
|
-
|
|
447
|
-
throw new Error('Invalid credentials.');
|
|
456
|
+
throw new Error('Access denied: invalid or unauthorized system.');
|
|
448
457
|
}
|
|
449
458
|
const passwordHashService = new password_hash_service_1.PasswordHashService();
|
|
450
459
|
const isPasswordValid = yield passwordHashService.verify(password, this.Password);
|
|
@@ -460,15 +469,13 @@ class User extends general_1.UserBase {
|
|
|
460
469
|
this.Status = enum_1.UserStatus.ACTIVE;
|
|
461
470
|
}
|
|
462
471
|
else {
|
|
463
|
-
|
|
464
|
-
throw new Error('Invalid credentials.');
|
|
472
|
+
throw new Error('Your account has been locked. Please contact the administrator for assistance.');
|
|
465
473
|
}
|
|
466
474
|
}
|
|
467
475
|
}
|
|
468
476
|
catch (error) {
|
|
469
477
|
yield this.incrementFailedLoginAttemptCount(dbTransaction);
|
|
470
|
-
|
|
471
|
-
throw new Error('Invalid credentials.');
|
|
478
|
+
throw error;
|
|
472
479
|
}
|
|
473
480
|
const system = yield User._SystemRepository.findOne({
|
|
474
481
|
where: {
|
|
@@ -1045,7 +1052,7 @@ class User extends general_1.UserBase {
|
|
|
1045
1052
|
},
|
|
1046
1053
|
transaction: dbTransaction,
|
|
1047
1054
|
});
|
|
1048
|
-
yield user_password_history_1.UserPasswordHistory.create(dbTransaction, parseInt(userId),
|
|
1055
|
+
yield user_password_history_1.UserPasswordHistory.create(dbTransaction, parseInt(userId), user._Password);
|
|
1049
1056
|
}
|
|
1050
1057
|
catch (error) {
|
|
1051
1058
|
throw error;
|
|
@@ -1085,6 +1092,7 @@ class User extends general_1.UserBase {
|
|
|
1085
1092
|
LastLoginAt: null,
|
|
1086
1093
|
MFAEnabled: null,
|
|
1087
1094
|
MFAConfig: null,
|
|
1095
|
+
MFABypassYN: yn_enum_1.YN.No,
|
|
1088
1096
|
RecoveryEmail: null,
|
|
1089
1097
|
FailedLoginAttemptCount: 0,
|
|
1090
1098
|
LastFailedLoginAt: null,
|
|
@@ -1173,7 +1181,7 @@ class User extends general_1.UserBase {
|
|
|
1173
1181
|
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account');
|
|
1174
1182
|
}
|
|
1175
1183
|
if (this.Status == enum_1.UserStatus.LOCKED) {
|
|
1176
|
-
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', '
|
|
1184
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account.');
|
|
1177
1185
|
}
|
|
1178
1186
|
});
|
|
1179
1187
|
}
|
|
@@ -1346,13 +1354,31 @@ class User extends general_1.UserBase {
|
|
|
1346
1354
|
console.error('Invalid JSON string on MFAConfig:', error);
|
|
1347
1355
|
}
|
|
1348
1356
|
}
|
|
1349
|
-
const
|
|
1357
|
+
const isCurrentValid = yield speakeasy.totp.verify({
|
|
1350
1358
|
secret: userMFAConfig.totp.secret,
|
|
1351
1359
|
encoding: 'base32',
|
|
1352
1360
|
token: mfaToken,
|
|
1361
|
+
window: 0,
|
|
1353
1362
|
});
|
|
1354
|
-
if (!
|
|
1355
|
-
|
|
1363
|
+
if (!isCurrentValid) {
|
|
1364
|
+
const isExpired = yield speakeasy.totp.verify({
|
|
1365
|
+
secret: userMFAConfig.totp.secret,
|
|
1366
|
+
encoding: 'base32',
|
|
1367
|
+
token: mfaToken,
|
|
1368
|
+
window: 2,
|
|
1369
|
+
});
|
|
1370
|
+
if (isExpired) {
|
|
1371
|
+
return {
|
|
1372
|
+
success: false,
|
|
1373
|
+
reason: 'MFA token has expired. Please try again.',
|
|
1374
|
+
};
|
|
1375
|
+
}
|
|
1376
|
+
else {
|
|
1377
|
+
return {
|
|
1378
|
+
success: false,
|
|
1379
|
+
reason: 'Invalid MFA token. Check your authenticator app.',
|
|
1380
|
+
};
|
|
1381
|
+
}
|
|
1356
1382
|
}
|
|
1357
1383
|
user.MFAEnabled = 1;
|
|
1358
1384
|
yield user.save({ transaction: dbTransaction });
|
|
@@ -1365,7 +1391,7 @@ class User extends general_1.UserBase {
|
|
|
1365
1391
|
systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
1366
1392
|
}
|
|
1367
1393
|
const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
|
|
1368
|
-
return `${userId}:${systemLogin.sessionId}
|
|
1394
|
+
return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
|
|
1369
1395
|
});
|
|
1370
1396
|
}
|
|
1371
1397
|
verify2FACode(userId, mfaToken, systemCode, dbTransaction) {
|
|
@@ -1388,13 +1414,31 @@ class User extends general_1.UserBase {
|
|
|
1388
1414
|
console.error('Invalid JSON string on MFAConfig:', error);
|
|
1389
1415
|
}
|
|
1390
1416
|
}
|
|
1391
|
-
const
|
|
1417
|
+
const isCurrentValid = yield speakeasy.totp.verify({
|
|
1392
1418
|
secret: userMFAConfig.totp.secret,
|
|
1393
1419
|
encoding: 'base32',
|
|
1394
1420
|
token: mfaToken,
|
|
1421
|
+
window: 0,
|
|
1395
1422
|
});
|
|
1396
|
-
if (!
|
|
1397
|
-
|
|
1423
|
+
if (!isCurrentValid) {
|
|
1424
|
+
const isExpired = yield speakeasy.totp.verify({
|
|
1425
|
+
secret: userMFAConfig.totp.secret,
|
|
1426
|
+
encoding: 'base32',
|
|
1427
|
+
token: mfaToken,
|
|
1428
|
+
window: 2,
|
|
1429
|
+
});
|
|
1430
|
+
if (isExpired) {
|
|
1431
|
+
return {
|
|
1432
|
+
success: false,
|
|
1433
|
+
reason: 'MFA token has expired. Please try again.',
|
|
1434
|
+
};
|
|
1435
|
+
}
|
|
1436
|
+
else {
|
|
1437
|
+
return {
|
|
1438
|
+
success: false,
|
|
1439
|
+
reason: 'Invalid MFA token. Check your authenticator app.',
|
|
1440
|
+
};
|
|
1441
|
+
}
|
|
1398
1442
|
}
|
|
1399
1443
|
const sessionName = config_1.ApplicationConfig.getComponentConfigValue('sessionName');
|
|
1400
1444
|
if (!sessionName) {
|
|
@@ -1405,7 +1449,7 @@ class User extends general_1.UserBase {
|
|
|
1405
1449
|
systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
1406
1450
|
}
|
|
1407
1451
|
const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
|
|
1408
|
-
return `${userId}:${systemLogin.sessionId}
|
|
1452
|
+
return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
|
|
1409
1453
|
});
|
|
1410
1454
|
}
|
|
1411
1455
|
bypass2FA(systemCode, dbTransaction) {
|
|
@@ -1429,7 +1473,10 @@ class User extends general_1.UserBase {
|
|
|
1429
1473
|
systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
1430
1474
|
}
|
|
1431
1475
|
const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
|
|
1432
|
-
return
|
|
1476
|
+
return {
|
|
1477
|
+
success: true,
|
|
1478
|
+
sessionId: `${this.UserId}:${systemLogin.sessionId}`,
|
|
1479
|
+
};
|
|
1433
1480
|
}
|
|
1434
1481
|
catch (error) {
|
|
1435
1482
|
throw error;
|
|
@@ -1759,6 +1806,7 @@ class User extends general_1.UserBase {
|
|
|
1759
1806
|
LastLoginAt: user.LastLoginAt,
|
|
1760
1807
|
MFAEnabled: user.MFAEnabled,
|
|
1761
1808
|
MFAConfig: user.MFAConfig,
|
|
1809
|
+
MFABypassYN: user.MFABypassYN,
|
|
1762
1810
|
RecoveryEmail: user.RecoveryEmail,
|
|
1763
1811
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
1764
1812
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -1841,6 +1889,7 @@ class User extends general_1.UserBase {
|
|
|
1841
1889
|
LastLoginAt: user.LastLoginAt,
|
|
1842
1890
|
MFAEnabled: user.MFAEnabled,
|
|
1843
1891
|
MFAConfig: user.MFAConfig,
|
|
1892
|
+
MFABypassYN: user.MFABypassYN,
|
|
1844
1893
|
RecoveryEmail: user.RecoveryEmail,
|
|
1845
1894
|
FailedLoginAttemptCount: user.FailedLoginAttemptCount,
|
|
1846
1895
|
LastFailedLoginAt: user.LastFailedLoginAt,
|
|
@@ -1886,6 +1935,7 @@ class User extends general_1.UserBase {
|
|
|
1886
1935
|
LastLoginAt: this.LastLoginAt,
|
|
1887
1936
|
MFAEnabled: this.MFAEnabled,
|
|
1888
1937
|
MFAConfig: this.MFAConfig,
|
|
1938
|
+
MFABypassYN: this.MFABypassYN,
|
|
1889
1939
|
RecoveryEmail: this.RecoveryEmail,
|
|
1890
1940
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
1891
1941
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -1915,6 +1965,7 @@ class User extends general_1.UserBase {
|
|
|
1915
1965
|
LastLoginAt: this.LastLoginAt,
|
|
1916
1966
|
MFAEnabled: this.MFAEnabled,
|
|
1917
1967
|
MFAConfig: this.MFAConfig,
|
|
1968
|
+
MFABypassYN: this.MFABypassYN,
|
|
1918
1969
|
RecoveryEmail: this.RecoveryEmail,
|
|
1919
1970
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
1920
1971
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -1976,6 +2027,7 @@ class User extends general_1.UserBase {
|
|
|
1976
2027
|
LastLoginAt: this.LastLoginAt,
|
|
1977
2028
|
MFAEnabled: this.MFAEnabled,
|
|
1978
2029
|
MFAConfig: this.MFAConfig,
|
|
2030
|
+
MFABypassYN: this.MFABypassYN,
|
|
1979
2031
|
RecoveryEmail: this.RecoveryEmail,
|
|
1980
2032
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
1981
2033
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -2005,6 +2057,7 @@ class User extends general_1.UserBase {
|
|
|
2005
2057
|
LastLoginAt: this.LastLoginAt,
|
|
2006
2058
|
MFAEnabled: this.MFAEnabled,
|
|
2007
2059
|
MFAConfig: this.MFAConfig,
|
|
2060
|
+
MFABypassYN: this.MFABypassYN,
|
|
2008
2061
|
RecoveryEmail: this.RecoveryEmail,
|
|
2009
2062
|
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2010
2063
|
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
@@ -2131,6 +2184,297 @@ class User extends general_1.UserBase {
|
|
|
2131
2184
|
}
|
|
2132
2185
|
});
|
|
2133
2186
|
}
|
|
2187
|
+
enable2FABypass(loginUser, dbTransaction) {
|
|
2188
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2189
|
+
try {
|
|
2190
|
+
if (this.MFABypassYN === yn_enum_1.YN.Yes) {
|
|
2191
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already enabled.', 'enable2FABypass');
|
|
2192
|
+
}
|
|
2193
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
2194
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
|
2195
|
+
if (!isPrivileged) {
|
|
2196
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
|
|
2197
|
+
}
|
|
2198
|
+
const entityValueBefore = {
|
|
2199
|
+
UserId: this.UserId,
|
|
2200
|
+
UserName: this.UserName,
|
|
2201
|
+
FullName: this.FullName,
|
|
2202
|
+
IDNo: this.IDNo,
|
|
2203
|
+
IDType: this.IDType,
|
|
2204
|
+
ContactNo: this.ContactNo,
|
|
2205
|
+
Email: this.Email,
|
|
2206
|
+
Password: this.Password,
|
|
2207
|
+
Status: this.Status,
|
|
2208
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2209
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2210
|
+
LastLoginAt: this.LastLoginAt,
|
|
2211
|
+
MFAEnabled: this.MFAEnabled,
|
|
2212
|
+
MFAConfig: this.MFAConfig,
|
|
2213
|
+
MFABypassYN: this.MFABypassYN,
|
|
2214
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2215
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2216
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2217
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2218
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2219
|
+
CreatedById: this.CreatedById,
|
|
2220
|
+
CreatedAt: this.CreatedAt,
|
|
2221
|
+
UpdatedById: this.UpdatedById,
|
|
2222
|
+
UpdatedAt: this.UpdatedAt,
|
|
2223
|
+
PasscodeHash: this.PasscodeHash,
|
|
2224
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2225
|
+
};
|
|
2226
|
+
this.MFABypassYN = yn_enum_1.YN.Yes;
|
|
2227
|
+
this.MFAEnabled = 0;
|
|
2228
|
+
this.UpdatedAt = new Date();
|
|
2229
|
+
this.UpdatedById = loginUser.UserId;
|
|
2230
|
+
yield User._Repository.update({
|
|
2231
|
+
MFABypassYN: this.MFABypassYN,
|
|
2232
|
+
MFAEnabled: this.MFAEnabled,
|
|
2233
|
+
UpdatedAt: this.UpdatedAt,
|
|
2234
|
+
UpdatedById: this.UpdatedById,
|
|
2235
|
+
}, {
|
|
2236
|
+
where: {
|
|
2237
|
+
UserId: this.UserId,
|
|
2238
|
+
},
|
|
2239
|
+
transaction: dbTransaction,
|
|
2240
|
+
});
|
|
2241
|
+
const entityValueAfter = {
|
|
2242
|
+
UserId: this.UserId,
|
|
2243
|
+
UserName: this.UserName,
|
|
2244
|
+
FullName: this.FullName,
|
|
2245
|
+
IDNo: this.IDNo,
|
|
2246
|
+
IDType: this.IDType,
|
|
2247
|
+
ContactNo: this.ContactNo,
|
|
2248
|
+
Email: this.Email,
|
|
2249
|
+
Password: this.Password,
|
|
2250
|
+
Status: this.Status,
|
|
2251
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2252
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2253
|
+
LastLoginAt: this.LastLoginAt,
|
|
2254
|
+
MFAEnabled: this.MFAEnabled,
|
|
2255
|
+
MFAConfig: this.MFAConfig,
|
|
2256
|
+
MFABypassYN: this.MFABypassYN,
|
|
2257
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2258
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2259
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2260
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2261
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2262
|
+
CreatedById: this.CreatedById,
|
|
2263
|
+
CreatedAt: this.CreatedAt,
|
|
2264
|
+
UpdatedById: this.UpdatedById,
|
|
2265
|
+
UpdatedAt: this.UpdatedAt,
|
|
2266
|
+
PasscodeHash: this.PasscodeHash,
|
|
2267
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2268
|
+
};
|
|
2269
|
+
const activity = new activity_history_1.Activity();
|
|
2270
|
+
activity.ActivityId = activity.createId();
|
|
2271
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
|
2272
|
+
activity.Description = `Enable 2FA Bypass For User ${this.Email}`;
|
|
2273
|
+
activity.EntityType = this.ObjectType;
|
|
2274
|
+
activity.EntityId = this.UserId.toString();
|
|
2275
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
|
2276
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
|
2277
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
|
2278
|
+
}
|
|
2279
|
+
catch (error) {
|
|
2280
|
+
throw error;
|
|
2281
|
+
}
|
|
2282
|
+
});
|
|
2283
|
+
}
|
|
2284
|
+
disable2FABypass(loginUser, dbTransaction) {
|
|
2285
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2286
|
+
try {
|
|
2287
|
+
if (this.MFABypassYN === yn_enum_1.YN.No) {
|
|
2288
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already disabled.', 'disable2FABypass');
|
|
2289
|
+
}
|
|
2290
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
2291
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
|
2292
|
+
if (!isPrivileged) {
|
|
2293
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
|
|
2294
|
+
}
|
|
2295
|
+
const entityValueBefore = {
|
|
2296
|
+
UserId: this.UserId,
|
|
2297
|
+
UserName: this.UserName,
|
|
2298
|
+
FullName: this.FullName,
|
|
2299
|
+
IDNo: this.IDNo,
|
|
2300
|
+
IDType: this.IDType,
|
|
2301
|
+
ContactNo: this.ContactNo,
|
|
2302
|
+
Email: this.Email,
|
|
2303
|
+
Password: this.Password,
|
|
2304
|
+
Status: this.Status,
|
|
2305
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2306
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2307
|
+
LastLoginAt: this.LastLoginAt,
|
|
2308
|
+
MFAEnabled: this.MFAEnabled,
|
|
2309
|
+
MFAConfig: this.MFAConfig,
|
|
2310
|
+
MFABypassYN: this.MFABypassYN,
|
|
2311
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2312
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2313
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2314
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2315
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2316
|
+
CreatedById: this.CreatedById,
|
|
2317
|
+
CreatedAt: this.CreatedAt,
|
|
2318
|
+
UpdatedById: this.UpdatedById,
|
|
2319
|
+
UpdatedAt: this.UpdatedAt,
|
|
2320
|
+
PasscodeHash: this.PasscodeHash,
|
|
2321
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2322
|
+
};
|
|
2323
|
+
this.MFABypassYN = yn_enum_1.YN.No;
|
|
2324
|
+
this.MFAEnabled = 0;
|
|
2325
|
+
this.UpdatedAt = new Date();
|
|
2326
|
+
this.UpdatedById = loginUser.UserId;
|
|
2327
|
+
yield User._Repository.update({
|
|
2328
|
+
MFABypassYN: this.MFABypassYN,
|
|
2329
|
+
MFAEnabled: this.MFAEnabled,
|
|
2330
|
+
UpdatedAt: this.UpdatedAt,
|
|
2331
|
+
UpdatedById: this.UpdatedById,
|
|
2332
|
+
}, {
|
|
2333
|
+
where: {
|
|
2334
|
+
UserId: this.UserId,
|
|
2335
|
+
},
|
|
2336
|
+
transaction: dbTransaction,
|
|
2337
|
+
});
|
|
2338
|
+
const entityValueAfter = {
|
|
2339
|
+
UserId: this.UserId,
|
|
2340
|
+
UserName: this.UserName,
|
|
2341
|
+
FullName: this.FullName,
|
|
2342
|
+
IDNo: this.IDNo,
|
|
2343
|
+
IDType: this.IDType,
|
|
2344
|
+
ContactNo: this.ContactNo,
|
|
2345
|
+
Email: this.Email,
|
|
2346
|
+
Password: this.Password,
|
|
2347
|
+
Status: this.Status,
|
|
2348
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2349
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2350
|
+
LastLoginAt: this.LastLoginAt,
|
|
2351
|
+
MFAEnabled: this.MFAEnabled,
|
|
2352
|
+
MFAConfig: this.MFAConfig,
|
|
2353
|
+
MFABypassYN: this.MFABypassYN,
|
|
2354
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2355
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2356
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2357
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2358
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2359
|
+
CreatedById: this.CreatedById,
|
|
2360
|
+
CreatedAt: this.CreatedAt,
|
|
2361
|
+
UpdatedById: this.UpdatedById,
|
|
2362
|
+
UpdatedAt: this.UpdatedAt,
|
|
2363
|
+
PasscodeHash: this.PasscodeHash,
|
|
2364
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2365
|
+
};
|
|
2366
|
+
const activity = new activity_history_1.Activity();
|
|
2367
|
+
activity.ActivityId = activity.createId();
|
|
2368
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
|
2369
|
+
activity.Description = `Disable 2FA Bypass For User ${this.Email}`;
|
|
2370
|
+
activity.EntityType = this.ObjectType;
|
|
2371
|
+
activity.EntityId = this.UserId.toString();
|
|
2372
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
|
2373
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
|
2374
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
|
2375
|
+
}
|
|
2376
|
+
catch (error) {
|
|
2377
|
+
throw error;
|
|
2378
|
+
}
|
|
2379
|
+
});
|
|
2380
|
+
}
|
|
2381
|
+
reset2FA(loginUser, dbTransaction) {
|
|
2382
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
2383
|
+
try {
|
|
2384
|
+
if (this.MFAEnabled === 0) {
|
|
2385
|
+
throw new general_1.ClassError('User', 'UserErrMsg0X', 'User not yet setup 2FA.', 'reset2FA');
|
|
2386
|
+
}
|
|
2387
|
+
const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
|
|
2388
|
+
const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
|
|
2389
|
+
if (!isPrivileged) {
|
|
2390
|
+
throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to reset 2FA.');
|
|
2391
|
+
}
|
|
2392
|
+
const entityValueBefore = {
|
|
2393
|
+
UserId: this.UserId,
|
|
2394
|
+
UserName: this.UserName,
|
|
2395
|
+
FullName: this.FullName,
|
|
2396
|
+
IDNo: this.IDNo,
|
|
2397
|
+
IDType: this.IDType,
|
|
2398
|
+
ContactNo: this.ContactNo,
|
|
2399
|
+
Email: this.Email,
|
|
2400
|
+
Password: this.Password,
|
|
2401
|
+
Status: this.Status,
|
|
2402
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2403
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2404
|
+
LastLoginAt: this.LastLoginAt,
|
|
2405
|
+
MFAEnabled: this.MFAEnabled,
|
|
2406
|
+
MFAConfig: this.MFAConfig,
|
|
2407
|
+
MFABypassYN: this.MFABypassYN,
|
|
2408
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2409
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2410
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2411
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2412
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2413
|
+
CreatedById: this.CreatedById,
|
|
2414
|
+
CreatedAt: this.CreatedAt,
|
|
2415
|
+
UpdatedById: this.UpdatedById,
|
|
2416
|
+
UpdatedAt: this.UpdatedAt,
|
|
2417
|
+
PasscodeHash: this.PasscodeHash,
|
|
2418
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2419
|
+
};
|
|
2420
|
+
this.MFAEnabled = 0;
|
|
2421
|
+
this.MFABypassYN = yn_enum_1.YN.No;
|
|
2422
|
+
this.UpdatedAt = new Date();
|
|
2423
|
+
this.UpdatedById = loginUser.UserId;
|
|
2424
|
+
yield User._Repository.update({
|
|
2425
|
+
MFAEnabled: this.MFAEnabled,
|
|
2426
|
+
MFABypassYN: this.MFABypassYN,
|
|
2427
|
+
UpdatedAt: this.UpdatedAt,
|
|
2428
|
+
UpdatedById: this.UpdatedById,
|
|
2429
|
+
}, {
|
|
2430
|
+
where: {
|
|
2431
|
+
UserId: this.UserId,
|
|
2432
|
+
},
|
|
2433
|
+
transaction: dbTransaction,
|
|
2434
|
+
});
|
|
2435
|
+
const entityValueAfter = {
|
|
2436
|
+
UserId: this.UserId,
|
|
2437
|
+
UserName: this.UserName,
|
|
2438
|
+
FullName: this.FullName,
|
|
2439
|
+
IDNo: this.IDNo,
|
|
2440
|
+
IDType: this.IDType,
|
|
2441
|
+
ContactNo: this.ContactNo,
|
|
2442
|
+
Email: this.Email,
|
|
2443
|
+
Password: this.Password,
|
|
2444
|
+
Status: this.Status,
|
|
2445
|
+
DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
|
|
2446
|
+
FirstLoginAt: this.FirstLoginAt,
|
|
2447
|
+
LastLoginAt: this.LastLoginAt,
|
|
2448
|
+
MFAEnabled: this.MFAEnabled,
|
|
2449
|
+
MFAConfig: this.MFAConfig,
|
|
2450
|
+
MFABypassYN: this.MFABypassYN,
|
|
2451
|
+
RecoveryEmail: this.RecoveryEmail,
|
|
2452
|
+
FailedLoginAttemptCount: this.FailedLoginAttemptCount,
|
|
2453
|
+
LastFailedLoginAt: this.LastFailedLoginAt,
|
|
2454
|
+
LastPasswordChangedAt: this.LastPasswordChangedAt,
|
|
2455
|
+
NeedToChangePasswordYN: this.NeedToChangePasswordYN,
|
|
2456
|
+
CreatedById: this.CreatedById,
|
|
2457
|
+
CreatedAt: this.CreatedAt,
|
|
2458
|
+
UpdatedById: this.UpdatedById,
|
|
2459
|
+
UpdatedAt: this.UpdatedAt,
|
|
2460
|
+
PasscodeHash: this.PasscodeHash,
|
|
2461
|
+
PasscodeUpdatedAt: this.PasscodeUpdatedAt,
|
|
2462
|
+
};
|
|
2463
|
+
const activity = new activity_history_1.Activity();
|
|
2464
|
+
activity.ActivityId = activity.createId();
|
|
2465
|
+
activity.Action = activity_history_1.ActionEnum.UPDATE;
|
|
2466
|
+
activity.Description = `Reset 2FA for User ${this.Email}`;
|
|
2467
|
+
activity.EntityType = this.ObjectType;
|
|
2468
|
+
activity.EntityId = this.UserId.toString();
|
|
2469
|
+
activity.EntityValueBefore = JSON.stringify(entityValueBefore);
|
|
2470
|
+
activity.EntityValueAfter = JSON.stringify(entityValueAfter);
|
|
2471
|
+
yield activity.create(loginUser.ObjectId, dbTransaction);
|
|
2472
|
+
}
|
|
2473
|
+
catch (error) {
|
|
2474
|
+
throw error;
|
|
2475
|
+
}
|
|
2476
|
+
});
|
|
2477
|
+
}
|
|
2134
2478
|
}
|
|
2135
2479
|
exports.User = User;
|
|
2136
2480
|
User._Repository = new user_repository_1.UserRepository();
|