@tomei/sso 0.64.0-dev.1 → 0.64.0-staging.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/src/components/login-user/user.d.ts +3 -22
  2. package/dist/src/components/login-user/user.js +14 -53
  3. package/dist/src/components/login-user/user.js.map +1 -1
  4. package/dist/tsconfig.tsbuildinfo +1 -1
  5. package/package.json +1 -1
  6. package/src/components/login-user/user.ts +16 -53
  7. package/migrations/20250805085707-add-bulk-approval-code-to-sso-user.js +0 -29
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tomei/sso",
3
- "version": "0.64.0-dev.1",
3
+ "version": "0.64.0-staging.1",
4
4
  "description": "Tomei SSO Package",
5
5
  "main": "dist/index.js",
6
6
  "scripts": {
package/src/components/login-user/user.ts CHANGED
@@ -585,7 +585,7 @@ export class User extends UserBase {
585
585
  },
586
586
  });
587
587
  if (!system) {
588
- throw new Error('Access denied: invalid or unauthorized system.');
588
+ throw new Error('Invalid credentials.');
589
589
  }
590
590
 
591
591
  // 1.5: Instantiate new PasswordHashService object and call PasswordHashService.verify method to check whether the param.Password is correct.
@@ -614,14 +614,12 @@ export class User extends UserBase {
614
614
  await User.releaseLock(this.UserId, dbTransaction);
615
615
  this.Status = UserStatus.ACTIVE;
616
616
  } else {
617
- throw new Error(
618
- 'Your account has been locked. Please contact the administrator for assistance.',
619
- );
617
+ throw new Error('Invalid credentials.');
620
618
  }
621
619
  }
622
620
  } catch (error) {
623
621
  await this.incrementFailedLoginAttemptCount(dbTransaction);
624
- throw error;
622
+ throw new Error('Invalid credentials.');
625
623
  }
626
624
 
627
625
  // 2.1: Call alertNewLogin to check whether the ip used is new ip and alert the user if it's new.
@@ -1734,7 +1732,7 @@ export class User extends UserBase {
1734
1732
  throw new ClassError(
1735
1733
  'LoginUser',
1736
1734
  'LoginUserErrMsg0X',
1737
- 'Your account has been locked due to too many failed login attempts, please contact IT Support for instructions on how to unlock your account.',
1735
+ 'Invalid credentials.',
1738
1736
  );
1739
1737
  }
1740
1738
  }
@@ -1820,7 +1818,7 @@ export class User extends UserBase {
1820
1818
 
1821
1819
  // Part 2: Retrieve Parent Group System Access If Applicable
1822
1820
  // 2.1 Check if Params.group.InheritParentSystemAccessYN is "Y" and Params.group.ParentGroupCode is not empty
1823
- if (group.InheritParentSystemAccessYN === 'Y' && group.ParentGroupCode) {
1821
+ if (group.InheritParentPrivilegeYN === 'Y' && group.ParentGroupCode) {
1824
1822
  const GroupCode = group.ParentGroupCode;
1825
1823
  const parentGroup = await User._GroupRepo.findByPk(
1826
1824
  GroupCode,
@@ -2005,31 +2003,15 @@ export class User extends UserBase {
2005
2003
  }
2006
2004
 
2007
2005
  // 3. Verify the mfaToken by calling speakeasy.totp.verify
2008
- const isCurrentValid = await speakeasy.totp.verify({
2006
+ const isVerified = await speakeasy.totp.verify({
2009
2007
  secret: userMFAConfig.totp.secret,
2010
2008
  encoding: 'base32',
2011
2009
  token: mfaToken,
2012
- window: 0, // strict current time window
2013
2010
  });
2014
- if (!isCurrentValid) {
2015
- const isExpired = await speakeasy.totp.verify({
2016
- secret: userMFAConfig.totp.secret,
2017
- encoding: 'base32',
2018
- token: mfaToken,
2019
- window: 2, // allow slight leeway: previous or next 2 time steps
2020
- });
2021
2011
 
2022
- if (isExpired) {
2023
- return {
2024
- success: false,
2025
- reason: 'MFA token has expired. Please try again.',
2026
- };
2027
- } else {
2028
- return {
2029
- success: false,
2030
- reason: 'Invalid MFA token. Check your authenticator app.',
2031
- };
2032
- }
2012
+ // 4. if not verified, then return false. if verified, Call LoginUser._Repo.update and update user data in database
2013
+ if (!isVerified) {
2014
+ return false;
2033
2015
  }
2034
2016
 
2035
2017
  user.MFAEnabled = 1;
@@ -2058,7 +2040,7 @@ export class User extends UserBase {
2058
2040
  const systemLogin = userSession.systemLogins.find(
2059
2041
  (e) => e.code === systemCode,
2060
2042
  );
2061
- return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
2043
+ return `${userId}:${systemLogin.sessionId}`;
2062
2044
  }
2063
2045
 
2064
2046
  // This method will verify 2FA codes
@@ -2096,31 +2078,15 @@ export class User extends UserBase {
2096
2078
  }
2097
2079
 
2098
2080
  // 3. Verify the mfaToken by calling speakeasy.totp.verify
2099
- const isCurrentValid = await speakeasy.totp.verify({
2081
+ const isVerified = await speakeasy.totp.verify({
2100
2082
  secret: userMFAConfig.totp.secret,
2101
2083
  encoding: 'base32',
2102
2084
  token: mfaToken,
2103
- window: 0, // strict current time window
2104
2085
  });
2105
- if (!isCurrentValid) {
2106
- const isExpired = await speakeasy.totp.verify({
2107
- secret: userMFAConfig.totp.secret,
2108
- encoding: 'base32',
2109
- token: mfaToken,
2110
- window: 2, // allow slight leeway: previous or next 2 time steps
2111
- });
2112
2086
 
2113
- if (isExpired) {
2114
- return {
2115
- success: false,
2116
- reason: 'MFA token has expired. Please try again.',
2117
- };
2118
- } else {
2119
- return {
2120
- success: false,
2121
- reason: 'Invalid MFA token. Check your authenticator app.',
2122
- };
2123
- }
2087
+ // 4. if not verified, then return false. if verified, Call LoginUser._Repo.update and update user data in database
2088
+ if (!isVerified) {
2089
+ return false;
2124
2090
  }
2125
2091
 
2126
2092
  // 5. Retrieve Session
@@ -2143,7 +2109,7 @@ export class User extends UserBase {
2143
2109
  const systemLogin = userSession.systemLogins.find(
2144
2110
  (e) => e.code === systemCode,
2145
2111
  );
2146
- return { success: true, sessionId: `${userId}:${systemLogin.sessionId}` };
2112
+ return `${userId}:${systemLogin.sessionId}`;
2147
2113
  }
2148
2114
 
2149
2115
  public async bypass2FA(systemCode: string, dbTransaction: any) {
@@ -2186,10 +2152,7 @@ export class User extends UserBase {
2186
2152
  const systemLogin = userSession.systemLogins.find(
2187
2153
  (e) => e.code === systemCode,
2188
2154
  );
2189
- return {
2190
- success: true,
2191
- sessionId: `${this.UserId}:${systemLogin.sessionId}`,
2192
- };
2155
+ return `${this.UserId}:${systemLogin.sessionId}`;
2193
2156
  } catch (error) {
2194
2157
  throw error;
2195
2158
  }
package/migrations/20250805085707-add-bulk-approval-code-to-sso-user.js DELETED
@@ -1,29 +0,0 @@
1
- 'use strict';
2
-
3
- module.exports = {
4
- up: async (queryInterface, Sequelize) => {
5
- const transaction = await queryInterface.sequelize.transaction();
6
- try {
7
- await queryInterface.addColumn('sso_User', 'BulkApprovalCode', {
8
- type: Sequelize.STRING(100),
9
- allowNull: true,
10
- });
11
-
12
- await transaction.commit();
13
- } catch (error) {
14
- await transaction.rollback();
15
- throw error;
16
- }
17
- },
18
-
19
- down: async (queryInterface, Sequelize) => {
20
- const transaction = await queryInterface.sequelize.transaction();
21
- try {
22
- await queryInterface.removeColumn('sso_User', 'BulkApprovalCode');
23
- await transaction.commit();
24
- } catch (error) {
25
- await transaction.rollback();
26
- throw error;
27
- }
28
- },
29
- };