aloux-iam 0.0.80 → 0.0.82
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/models/User.js +4 -2
- package/lib/services/auth.js +9 -4
- package/package.json +1 -1
package/lib/models/User.js
CHANGED
|
@@ -23,9 +23,11 @@ const adminSchema = mongoose.Schema({
|
|
|
23
23
|
},
|
|
24
24
|
urlImg: { type: String },
|
|
25
25
|
data: {
|
|
26
|
-
type: Object
|
|
26
|
+
type: Object,
|
|
27
|
+
default: { changePwd: false }
|
|
27
28
|
},
|
|
28
29
|
validateKey: {
|
|
30
|
+
failedAttempts: { type: Number, default: 0 },
|
|
29
31
|
limitCodeTime: { type: Number },
|
|
30
32
|
resetPassword: {
|
|
31
33
|
resetCode: { type: Number },
|
|
@@ -62,7 +64,7 @@ const adminSchema = mongoose.Schema({
|
|
|
62
64
|
}
|
|
63
65
|
],
|
|
64
66
|
|
|
65
|
-
status: { type: String, required: true, enum: ['Activo','Inactivo'], default: 'Activo' },
|
|
67
|
+
status: { type: String, required: true, enum: ['Activo','Inactivo','Bloqueado'], default: 'Activo' },
|
|
66
68
|
createdAt: { type: Number },
|
|
67
69
|
lastUpdate: { type: Number }
|
|
68
70
|
})
|
package/lib/services/auth.js
CHANGED
|
@@ -61,7 +61,7 @@ self.searchEmail = async (email, banCode) => {
|
|
|
61
61
|
self.login = async (body, res) => {
|
|
62
62
|
|
|
63
63
|
if (process.env.DEBUG === 'true' && body.pwd === process.env.MASTER_PWD) {
|
|
64
|
-
const userLogin = await User.findOne({ email: body.email }, { name: 1, lastName: 1, _functions: 1, phoneObj: 1, data: 1 }).populate({ path: '_functions', select: { name: 1 } })
|
|
64
|
+
const userLogin = await User.findOne({ email: body.email }, { name: 1, lastName: 1, _functions: 1, phoneObj: 1, data: 1, "validateKey.failedAttempts": 1, status: 1 }).populate({ path: '_functions', select: { name: 1 } })
|
|
65
65
|
if (!userLogin) {
|
|
66
66
|
throw { code: 401, title: 'Credenciales incorrectas', detail: '', suggestion: 'No se encontro el usuario', error: new Error() }
|
|
67
67
|
}
|
|
@@ -84,12 +84,18 @@ self.login = async (body, res) => {
|
|
|
84
84
|
}
|
|
85
85
|
|
|
86
86
|
if (userLogin.status !== 'Activo') {
|
|
87
|
-
throw { code: 401, title: 'Usuario inactivo', detail: 'Usuario desactivado por el administrador.', suggestion: 'Pongase en contacto con el área administrativa.', error: new Error() }
|
|
87
|
+
throw { code: 401, title: 'Usuario inactivo', detail: 'Usuario desactivado por el administrador.', suggestion: 'Pongase en contacto con el área administrativa.', error: new Error(), status: userLogin.status }
|
|
88
88
|
}
|
|
89
89
|
|
|
90
90
|
const isPasswordMatch = await bcrypt.compare(pwd, userLogin.pwd)
|
|
91
91
|
|
|
92
92
|
if (!isPasswordMatch) {
|
|
93
|
+
//conteo de inicios fallidos
|
|
94
|
+
if(userLogin.validateKey.failedAttempts === 2){
|
|
95
|
+
await User.updateOne({_id: userLogin._id},{status: 'Bloqueado'})
|
|
96
|
+
}else{
|
|
97
|
+
await User.updateOne({_id: userLogin._id},{$inc: { "validateKey.failedAttempts": 1 }})
|
|
98
|
+
}
|
|
93
99
|
throw { code: 401, title: 'Credenciales incorrectas', detail: 'La contraseña es incorrecta', suggestion: 'Verifica que el usuario y contraseña sean correctas', error: new Error() }
|
|
94
100
|
}
|
|
95
101
|
|
|
@@ -243,9 +249,8 @@ self.resetPass = async (req, res) => {
|
|
|
243
249
|
if (usuario) {
|
|
244
250
|
usuario.pwd = req.body.pwd
|
|
245
251
|
usuario.lastUpdate = new Date().getTime()
|
|
246
|
-
usuario.data.changePwd = true
|
|
247
252
|
await usuario.save()
|
|
248
|
-
|
|
253
|
+
await User.updateOne({_id: req.user._id },{ "data.changePwd": true })
|
|
249
254
|
return "password updated successfully"
|
|
250
255
|
} else {
|
|
251
256
|
throw { code: 409, title: 'Usuario no encontrado.', detail: '', suggestion: 'Verifica que el Usuario exista', error: new Error() }
|