@tomei/sso 0.62.0 → 0.63.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/coverage/lcov-report/components/login-user/login-user.ts.html +80 -73
  2. package/dist/src/components/login-history/index.d.ts +1 -0
  3. package/dist/src/components/login-history/index.js +1 -0
  4. package/dist/src/components/login-history/index.js.map +1 -1
  5. package/dist/src/components/login-history/login-history.repository.d.ts +2 -2
  6. package/dist/src/components/login-history/login-history.repository.js.map +1 -1
  7. package/dist/src/components/login-user/interfaces/user-info.interface.d.ts +1 -0
  8. package/dist/src/components/login-user/login-user.js +1 -0
  9. package/dist/src/components/login-user/login-user.js.map +1 -1
  10. package/dist/src/components/login-user/user.d.ts +28 -3
  11. package/dist/src/components/login-user/user.js +360 -16
  12. package/dist/src/components/login-user/user.js.map +1 -1
  13. package/dist/src/components/user-system-access/user-system-access.js +1 -1
  14. package/dist/src/components/user-system-access/user-system-access.js.map +1 -1
  15. package/dist/src/models/login-history.entity.d.ts +2 -2
  16. package/dist/src/models/login-history.entity.js +13 -13
  17. package/dist/src/models/login-history.entity.js.map +1 -1
  18. package/dist/src/models/user.entity.d.ts +1 -0
  19. package/dist/src/models/user.entity.js +8 -0
  20. package/dist/src/models/user.entity.js.map +1 -1
  21. package/dist/tsconfig.tsbuildinfo +1 -1
  22. package/migrations/20250610070720-added-MFBypassYN-to-sso-user.js +30 -0
  23. package/package.json +1 -1
  24. package/src/components/login-history/index.ts +1 -0
  25. package/src/components/login-history/login-history.repository.ts +4 -4
  26. package/src/components/login-history/login-history.ts +124 -0
  27. package/src/components/login-user/interfaces/user-info.interface.ts +1 -0
  28. package/src/components/login-user/login-user.ts +1 -0
  29. package/src/components/login-user/user.ts +438 -18
  30. package/src/components/user-system-access/user-system-access.ts +1 -1
  31. package/src/interfaces/login-history-search-attr.interface.ts +8 -0
  32. package/src/interfaces/login-history.interface.ts +11 -0
  33. package/src/models/login-history.entity.ts +2 -2
  34. package/src/models/user.entity.ts +7 -0
package/dist/src/components/login-user/user.js CHANGED
@@ -100,6 +100,12 @@ class User extends general_1.UserBase {
100
100
  set MFAConfig(value) {
101
101
  this._MFAConfig = value;
102
102
  }
103
+ get MFABypassYN() {
104
+ return this._MFABypassYN;
105
+ }
106
+ set MFABypassYN(value) {
107
+ this._MFABypassYN = value;
108
+ }
103
109
  get RecoveryEmail() {
104
110
  return this._RecoveryEmail;
105
111
  }
@@ -203,6 +209,7 @@ class User extends general_1.UserBase {
203
209
  this.LastLoginAt = userInfo.LastLoginAt;
204
210
  this.MFAEnabled = userInfo.MFAEnabled;
205
211
  this.MFAConfig = userInfo.MFAConfig;
212
+ this.MFABypassYN = userInfo.MFABypassYN;
206
213
  this.RecoveryEmail = userInfo.RecoveryEmail;
207
214
  this.FailedLoginAttemptCount = userInfo.FailedLoginAttemptCount;
208
215
  this.LastFailedLoginAt = userInfo.LastFailedLoginAt;
@@ -253,6 +260,7 @@ class User extends general_1.UserBase {
253
260
  LastLoginAt: user.LastLoginAt,
254
261
  MFAEnabled: user.MFAEnabled,
255
262
  MFAConfig: user.MFAConfig,
263
+ MFABypassYN: user.MFABypassYN,
256
264
  RecoveryEmail: user.RecoveryEmail,
257
265
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
258
266
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -312,6 +320,7 @@ class User extends general_1.UserBase {
312
320
  LastLoginAt: user.LastLoginAt,
313
321
  MFAEnabled: user.MFAEnabled,
314
322
  MFAConfig: user.MFAConfig,
323
+ MFABypassYN: user.MFABypassYN,
315
324
  RecoveryEmail: user.RecoveryEmail,
316
325
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
317
326
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -389,6 +398,7 @@ class User extends general_1.UserBase {
389
398
  LastLoginAt: user.LastLoginAt,
390
399
  MFAEnabled: user.MFAEnabled,
391
400
  MFAConfig: user.MFAConfig,
401
+ MFABypassYN: user.MFABypassYN,
392
402
  RecoveryEmail: user.RecoveryEmail,
393
403
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
394
404
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -443,8 +453,7 @@ class User extends general_1.UserBase {
443
453
  },
444
454
  });
445
455
  if (!system) {
446
- console.error('Invalid system code:', systemCode);
447
- throw new Error('Invalid credentials.');
456
+ throw new Error('Access denied: invalid or unauthorized system.');
448
457
  }
449
458
  const passwordHashService = new password_hash_service_1.PasswordHashService();
450
459
  const isPasswordValid = yield passwordHashService.verify(password, this.Password);
@@ -460,15 +469,13 @@ class User extends general_1.UserBase {
460
469
  this.Status = enum_1.UserStatus.ACTIVE;
461
470
  }
462
471
  else {
463
- console.error('User is still locked:', this.UserId);
464
- throw new Error('Invalid credentials.');
472
+ throw new Error('Your account has been locked. Please contact the administrator for assistance.');
465
473
  }
466
474
  }
467
475
  }
468
476
  catch (error) {
469
477
  yield this.incrementFailedLoginAttemptCount(dbTransaction);
470
- console.error('Login failed for user:', this.UserId, error);
471
- throw new Error('Invalid credentials.');
478
+ throw error;
472
479
  }
473
480
  const system = yield User._SystemRepository.findOne({
474
481
  where: {
@@ -1085,6 +1092,7 @@ class User extends general_1.UserBase {
1085
1092
  LastLoginAt: null,
1086
1093
  MFAEnabled: null,
1087
1094
  MFAConfig: null,
1095
+ MFABypassYN: yn_enum_1.YN.No,
1088
1096
  RecoveryEmail: null,
1089
1097
  FailedLoginAttemptCount: 0,
1090
1098
  LastFailedLoginAt: null,
@@ -1173,7 +1181,7 @@ class User extends general_1.UserBase {
1173
1181
  throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account');
1174
1182
  }
1175
1183
  if (this.Status == enum_1.UserStatus.LOCKED) {
1176
- throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Invalid credentials.');
1184
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account.');
1177
1185
  }
1178
1186
  });
1179
1187
  }
@@ -1346,13 +1354,31 @@ class User extends general_1.UserBase {
1346
1354
  console.error('Invalid JSON string on MFAConfig:', error);
1347
1355
  }
1348
1356
  }
1349
- const isVerified = yield speakeasy.totp.verify({
1357
+ const isCurrentValid = yield speakeasy.totp.verify({
1350
1358
  secret: userMFAConfig.totp.secret,
1351
1359
  encoding: 'base32',
1352
1360
  token: mfaToken,
1361
+ window: 0,
1353
1362
  });
1354
- if (!isVerified) {
1355
- return false;
1363
+ if (!isCurrentValid) {
1364
+ const isExpired = yield speakeasy.totp.verify({
1365
+ secret: userMFAConfig.totp.secret,
1366
+ encoding: 'base32',
1367
+ token: mfaToken,
1368
+ window: 2,
1369
+ });
1370
+ if (isExpired) {
1371
+ return {
1372
+ success: false,
1373
+ reason: 'MFA token has expired. Please try again.',
1374
+ };
1375
+ }
1376
+ else {
1377
+ return {
1378
+ success: false,
1379
+ reason: 'Invalid MFA token. Check your authenticator app.',
1380
+ };
1381
+ }
1356
1382
  }
1357
1383
  user.MFAEnabled = 1;
1358
1384
  yield user.save({ transaction: dbTransaction });
@@ -1365,7 +1391,7 @@ class User extends general_1.UserBase {
1365
1391
  systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1366
1392
  }
1367
1393
  const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1368
- return `${userId}:${systemLogin.sessionId}`;
1394
+ return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
1369
1395
  });
1370
1396
  }
1371
1397
  verify2FACode(userId, mfaToken, systemCode, dbTransaction) {
@@ -1388,13 +1414,31 @@ class User extends general_1.UserBase {
1388
1414
  console.error('Invalid JSON string on MFAConfig:', error);
1389
1415
  }
1390
1416
  }
1391
- const isVerified = yield speakeasy.totp.verify({
1417
+ const isCurrentValid = yield speakeasy.totp.verify({
1392
1418
  secret: userMFAConfig.totp.secret,
1393
1419
  encoding: 'base32',
1394
1420
  token: mfaToken,
1421
+ window: 0,
1395
1422
  });
1396
- if (!isVerified) {
1397
- return false;
1423
+ if (!isCurrentValid) {
1424
+ const isExpired = yield speakeasy.totp.verify({
1425
+ secret: userMFAConfig.totp.secret,
1426
+ encoding: 'base32',
1427
+ token: mfaToken,
1428
+ window: 2,
1429
+ });
1430
+ if (isExpired) {
1431
+ return {
1432
+ success: false,
1433
+ reason: 'MFA token has expired. Please try again.',
1434
+ };
1435
+ }
1436
+ else {
1437
+ return {
1438
+ success: false,
1439
+ reason: 'Invalid MFA token. Check your authenticator app.',
1440
+ };
1441
+ }
1398
1442
  }
1399
1443
  const sessionName = config_1.ApplicationConfig.getComponentConfigValue('sessionName');
1400
1444
  if (!sessionName) {
@@ -1405,7 +1449,7 @@ class User extends general_1.UserBase {
1405
1449
  systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1406
1450
  }
1407
1451
  const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1408
- return `${userId}:${systemLogin.sessionId}`;
1452
+ return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
1409
1453
  });
1410
1454
  }
1411
1455
  bypass2FA(systemCode, dbTransaction) {
@@ -1429,7 +1473,10 @@ class User extends general_1.UserBase {
1429
1473
  systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
1430
1474
  }
1431
1475
  const systemLogin = userSession.systemLogins.find((e) => e.code === systemCode);
1432
- return `${this.UserId}:${systemLogin.sessionId}`;
1476
+ return {
1477
+ success: true,
1478
+ sessionId: `${this.UserId}:${systemLogin.sessionId}`,
1479
+ };
1433
1480
  }
1434
1481
  catch (error) {
1435
1482
  throw error;
@@ -1759,6 +1806,7 @@ class User extends general_1.UserBase {
1759
1806
  LastLoginAt: user.LastLoginAt,
1760
1807
  MFAEnabled: user.MFAEnabled,
1761
1808
  MFAConfig: user.MFAConfig,
1809
+ MFABypassYN: user.MFABypassYN,
1762
1810
  RecoveryEmail: user.RecoveryEmail,
1763
1811
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
1764
1812
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -1841,6 +1889,7 @@ class User extends general_1.UserBase {
1841
1889
  LastLoginAt: user.LastLoginAt,
1842
1890
  MFAEnabled: user.MFAEnabled,
1843
1891
  MFAConfig: user.MFAConfig,
1892
+ MFABypassYN: user.MFABypassYN,
1844
1893
  RecoveryEmail: user.RecoveryEmail,
1845
1894
  FailedLoginAttemptCount: user.FailedLoginAttemptCount,
1846
1895
  LastFailedLoginAt: user.LastFailedLoginAt,
@@ -1886,6 +1935,7 @@ class User extends general_1.UserBase {
1886
1935
  LastLoginAt: this.LastLoginAt,
1887
1936
  MFAEnabled: this.MFAEnabled,
1888
1937
  MFAConfig: this.MFAConfig,
1938
+ MFABypassYN: this.MFABypassYN,
1889
1939
  RecoveryEmail: this.RecoveryEmail,
1890
1940
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1891
1941
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -1915,6 +1965,7 @@ class User extends general_1.UserBase {
1915
1965
  LastLoginAt: this.LastLoginAt,
1916
1966
  MFAEnabled: this.MFAEnabled,
1917
1967
  MFAConfig: this.MFAConfig,
1968
+ MFABypassYN: this.MFABypassYN,
1918
1969
  RecoveryEmail: this.RecoveryEmail,
1919
1970
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1920
1971
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -1976,6 +2027,7 @@ class User extends general_1.UserBase {
1976
2027
  LastLoginAt: this.LastLoginAt,
1977
2028
  MFAEnabled: this.MFAEnabled,
1978
2029
  MFAConfig: this.MFAConfig,
2030
+ MFABypassYN: this.MFABypassYN,
1979
2031
  RecoveryEmail: this.RecoveryEmail,
1980
2032
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
1981
2033
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2005,6 +2057,7 @@ class User extends general_1.UserBase {
2005
2057
  LastLoginAt: this.LastLoginAt,
2006
2058
  MFAEnabled: this.MFAEnabled,
2007
2059
  MFAConfig: this.MFAConfig,
2060
+ MFABypassYN: this.MFABypassYN,
2008
2061
  RecoveryEmail: this.RecoveryEmail,
2009
2062
  FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2010
2063
  LastFailedLoginAt: this.LastFailedLoginAt,
@@ -2131,6 +2184,297 @@ class User extends general_1.UserBase {
2131
2184
  }
2132
2185
  });
2133
2186
  }
2187
+ enable2FABypass(loginUser, dbTransaction) {
2188
+ return __awaiter(this, void 0, void 0, function* () {
2189
+ try {
2190
+ if (this.MFABypassYN === yn_enum_1.YN.Yes) {
2191
+ throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already enabled.', 'enable2FABypass');
2192
+ }
2193
+ const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
2194
+ const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
2195
+ if (!isPrivileged) {
2196
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
2197
+ }
2198
+ const entityValueBefore = {
2199
+ UserId: this.UserId,
2200
+ UserName: this.UserName,
2201
+ FullName: this.FullName,
2202
+ IDNo: this.IDNo,
2203
+ IDType: this.IDType,
2204
+ ContactNo: this.ContactNo,
2205
+ Email: this.Email,
2206
+ Password: this.Password,
2207
+ Status: this.Status,
2208
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2209
+ FirstLoginAt: this.FirstLoginAt,
2210
+ LastLoginAt: this.LastLoginAt,
2211
+ MFAEnabled: this.MFAEnabled,
2212
+ MFAConfig: this.MFAConfig,
2213
+ MFABypassYN: this.MFABypassYN,
2214
+ RecoveryEmail: this.RecoveryEmail,
2215
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2216
+ LastFailedLoginAt: this.LastFailedLoginAt,
2217
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2218
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2219
+ CreatedById: this.CreatedById,
2220
+ CreatedAt: this.CreatedAt,
2221
+ UpdatedById: this.UpdatedById,
2222
+ UpdatedAt: this.UpdatedAt,
2223
+ PasscodeHash: this.PasscodeHash,
2224
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2225
+ };
2226
+ this.MFABypassYN = yn_enum_1.YN.Yes;
2227
+ this.MFAEnabled = 0;
2228
+ this.UpdatedAt = new Date();
2229
+ this.UpdatedById = loginUser.UserId;
2230
+ yield User._Repository.update({
2231
+ MFABypassYN: this.MFABypassYN,
2232
+ MFAEnabled: this.MFAEnabled,
2233
+ UpdatedAt: this.UpdatedAt,
2234
+ UpdatedById: this.UpdatedById,
2235
+ }, {
2236
+ where: {
2237
+ UserId: this.UserId,
2238
+ },
2239
+ transaction: dbTransaction,
2240
+ });
2241
+ const entityValueAfter = {
2242
+ UserId: this.UserId,
2243
+ UserName: this.UserName,
2244
+ FullName: this.FullName,
2245
+ IDNo: this.IDNo,
2246
+ IDType: this.IDType,
2247
+ ContactNo: this.ContactNo,
2248
+ Email: this.Email,
2249
+ Password: this.Password,
2250
+ Status: this.Status,
2251
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2252
+ FirstLoginAt: this.FirstLoginAt,
2253
+ LastLoginAt: this.LastLoginAt,
2254
+ MFAEnabled: this.MFAEnabled,
2255
+ MFAConfig: this.MFAConfig,
2256
+ MFABypassYN: this.MFABypassYN,
2257
+ RecoveryEmail: this.RecoveryEmail,
2258
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2259
+ LastFailedLoginAt: this.LastFailedLoginAt,
2260
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2261
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2262
+ CreatedById: this.CreatedById,
2263
+ CreatedAt: this.CreatedAt,
2264
+ UpdatedById: this.UpdatedById,
2265
+ UpdatedAt: this.UpdatedAt,
2266
+ PasscodeHash: this.PasscodeHash,
2267
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2268
+ };
2269
+ const activity = new activity_history_1.Activity();
2270
+ activity.ActivityId = activity.createId();
2271
+ activity.Action = activity_history_1.ActionEnum.UPDATE;
2272
+ activity.Description = `Enable 2FA Bypass For User ${this.Email}`;
2273
+ activity.EntityType = this.ObjectType;
2274
+ activity.EntityId = this.UserId.toString();
2275
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
2276
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
2277
+ yield activity.create(loginUser.ObjectId, dbTransaction);
2278
+ }
2279
+ catch (error) {
2280
+ throw error;
2281
+ }
2282
+ });
2283
+ }
2284
+ disable2FABypass(loginUser, dbTransaction) {
2285
+ return __awaiter(this, void 0, void 0, function* () {
2286
+ try {
2287
+ if (this.MFABypassYN === yn_enum_1.YN.No) {
2288
+ throw new general_1.ClassError('User', 'UserErrMsg0X', 'Bypass already disabled.', 'disable2FABypass');
2289
+ }
2290
+ const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
2291
+ const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
2292
+ if (!isPrivileged) {
2293
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to enable MFA bypass.');
2294
+ }
2295
+ const entityValueBefore = {
2296
+ UserId: this.UserId,
2297
+ UserName: this.UserName,
2298
+ FullName: this.FullName,
2299
+ IDNo: this.IDNo,
2300
+ IDType: this.IDType,
2301
+ ContactNo: this.ContactNo,
2302
+ Email: this.Email,
2303
+ Password: this.Password,
2304
+ Status: this.Status,
2305
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2306
+ FirstLoginAt: this.FirstLoginAt,
2307
+ LastLoginAt: this.LastLoginAt,
2308
+ MFAEnabled: this.MFAEnabled,
2309
+ MFAConfig: this.MFAConfig,
2310
+ MFABypassYN: this.MFABypassYN,
2311
+ RecoveryEmail: this.RecoveryEmail,
2312
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2313
+ LastFailedLoginAt: this.LastFailedLoginAt,
2314
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2315
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2316
+ CreatedById: this.CreatedById,
2317
+ CreatedAt: this.CreatedAt,
2318
+ UpdatedById: this.UpdatedById,
2319
+ UpdatedAt: this.UpdatedAt,
2320
+ PasscodeHash: this.PasscodeHash,
2321
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2322
+ };
2323
+ this.MFABypassYN = yn_enum_1.YN.No;
2324
+ this.MFAEnabled = 0;
2325
+ this.UpdatedAt = new Date();
2326
+ this.UpdatedById = loginUser.UserId;
2327
+ yield User._Repository.update({
2328
+ MFABypassYN: this.MFABypassYN,
2329
+ MFAEnabled: this.MFAEnabled,
2330
+ UpdatedAt: this.UpdatedAt,
2331
+ UpdatedById: this.UpdatedById,
2332
+ }, {
2333
+ where: {
2334
+ UserId: this.UserId,
2335
+ },
2336
+ transaction: dbTransaction,
2337
+ });
2338
+ const entityValueAfter = {
2339
+ UserId: this.UserId,
2340
+ UserName: this.UserName,
2341
+ FullName: this.FullName,
2342
+ IDNo: this.IDNo,
2343
+ IDType: this.IDType,
2344
+ ContactNo: this.ContactNo,
2345
+ Email: this.Email,
2346
+ Password: this.Password,
2347
+ Status: this.Status,
2348
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2349
+ FirstLoginAt: this.FirstLoginAt,
2350
+ LastLoginAt: this.LastLoginAt,
2351
+ MFAEnabled: this.MFAEnabled,
2352
+ MFAConfig: this.MFAConfig,
2353
+ MFABypassYN: this.MFABypassYN,
2354
+ RecoveryEmail: this.RecoveryEmail,
2355
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2356
+ LastFailedLoginAt: this.LastFailedLoginAt,
2357
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2358
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2359
+ CreatedById: this.CreatedById,
2360
+ CreatedAt: this.CreatedAt,
2361
+ UpdatedById: this.UpdatedById,
2362
+ UpdatedAt: this.UpdatedAt,
2363
+ PasscodeHash: this.PasscodeHash,
2364
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2365
+ };
2366
+ const activity = new activity_history_1.Activity();
2367
+ activity.ActivityId = activity.createId();
2368
+ activity.Action = activity_history_1.ActionEnum.UPDATE;
2369
+ activity.Description = `Disable 2FA Bypass For User ${this.Email}`;
2370
+ activity.EntityType = this.ObjectType;
2371
+ activity.EntityId = this.UserId.toString();
2372
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
2373
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
2374
+ yield activity.create(loginUser.ObjectId, dbTransaction);
2375
+ }
2376
+ catch (error) {
2377
+ throw error;
2378
+ }
2379
+ });
2380
+ }
2381
+ reset2FA(loginUser, dbTransaction) {
2382
+ return __awaiter(this, void 0, void 0, function* () {
2383
+ try {
2384
+ if (this.MFAEnabled === 0) {
2385
+ throw new general_1.ClassError('User', 'UserErrMsg0X', 'User not yet setup 2FA.', 'reset2FA');
2386
+ }
2387
+ const systemCode = config_1.ApplicationConfig.getComponentConfigValue('system-code');
2388
+ const isPrivileged = yield loginUser.checkPrivileges(systemCode, 'MANAGE_MFA');
2389
+ if (!isPrivileged) {
2390
+ throw new general_1.ClassError('LoginUser', 'LoginUserErrMsg0X', 'You do not have permission to reset 2FA.');
2391
+ }
2392
+ const entityValueBefore = {
2393
+ UserId: this.UserId,
2394
+ UserName: this.UserName,
2395
+ FullName: this.FullName,
2396
+ IDNo: this.IDNo,
2397
+ IDType: this.IDType,
2398
+ ContactNo: this.ContactNo,
2399
+ Email: this.Email,
2400
+ Password: this.Password,
2401
+ Status: this.Status,
2402
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2403
+ FirstLoginAt: this.FirstLoginAt,
2404
+ LastLoginAt: this.LastLoginAt,
2405
+ MFAEnabled: this.MFAEnabled,
2406
+ MFAConfig: this.MFAConfig,
2407
+ MFABypassYN: this.MFABypassYN,
2408
+ RecoveryEmail: this.RecoveryEmail,
2409
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2410
+ LastFailedLoginAt: this.LastFailedLoginAt,
2411
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2412
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2413
+ CreatedById: this.CreatedById,
2414
+ CreatedAt: this.CreatedAt,
2415
+ UpdatedById: this.UpdatedById,
2416
+ UpdatedAt: this.UpdatedAt,
2417
+ PasscodeHash: this.PasscodeHash,
2418
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2419
+ };
2420
+ this.MFAEnabled = 0;
2421
+ this.MFABypassYN = yn_enum_1.YN.No;
2422
+ this.UpdatedAt = new Date();
2423
+ this.UpdatedById = loginUser.UserId;
2424
+ yield User._Repository.update({
2425
+ MFAEnabled: this.MFAEnabled,
2426
+ MFABypassYN: this.MFABypassYN,
2427
+ UpdatedAt: this.UpdatedAt,
2428
+ UpdatedById: this.UpdatedById,
2429
+ }, {
2430
+ where: {
2431
+ UserId: this.UserId,
2432
+ },
2433
+ transaction: dbTransaction,
2434
+ });
2435
+ const entityValueAfter = {
2436
+ UserId: this.UserId,
2437
+ UserName: this.UserName,
2438
+ FullName: this.FullName,
2439
+ IDNo: this.IDNo,
2440
+ IDType: this.IDType,
2441
+ ContactNo: this.ContactNo,
2442
+ Email: this.Email,
2443
+ Password: this.Password,
2444
+ Status: this.Status,
2445
+ DefaultPasswordChangedYN: this.DefaultPasswordChangedYN,
2446
+ FirstLoginAt: this.FirstLoginAt,
2447
+ LastLoginAt: this.LastLoginAt,
2448
+ MFAEnabled: this.MFAEnabled,
2449
+ MFAConfig: this.MFAConfig,
2450
+ MFABypassYN: this.MFABypassYN,
2451
+ RecoveryEmail: this.RecoveryEmail,
2452
+ FailedLoginAttemptCount: this.FailedLoginAttemptCount,
2453
+ LastFailedLoginAt: this.LastFailedLoginAt,
2454
+ LastPasswordChangedAt: this.LastPasswordChangedAt,
2455
+ NeedToChangePasswordYN: this.NeedToChangePasswordYN,
2456
+ CreatedById: this.CreatedById,
2457
+ CreatedAt: this.CreatedAt,
2458
+ UpdatedById: this.UpdatedById,
2459
+ UpdatedAt: this.UpdatedAt,
2460
+ PasscodeHash: this.PasscodeHash,
2461
+ PasscodeUpdatedAt: this.PasscodeUpdatedAt,
2462
+ };
2463
+ const activity = new activity_history_1.Activity();
2464
+ activity.ActivityId = activity.createId();
2465
+ activity.Action = activity_history_1.ActionEnum.UPDATE;
2466
+ activity.Description = `Reset 2FA for User ${this.Email}`;
2467
+ activity.EntityType = this.ObjectType;
2468
+ activity.EntityId = this.UserId.toString();
2469
+ activity.EntityValueBefore = JSON.stringify(entityValueBefore);
2470
+ activity.EntityValueAfter = JSON.stringify(entityValueAfter);
2471
+ yield activity.create(loginUser.ObjectId, dbTransaction);
2472
+ }
2473
+ catch (error) {
2474
+ throw error;
2475
+ }
2476
+ });
2477
+ }
2134
2478
  }
2135
2479
  exports.User = User;
2136
2480
  User._Repository = new user_repository_1.UserRepository();