mongodb-dynamic-api 2.4.1 → 2.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/package.json +1 -1
- package/src/modules/auth/guards/jwt-socket-auth/jwt-socket-auth.guard.d.ts +3 -0
- package/src/modules/auth/guards/jwt-socket-auth/jwt-socket-auth.guard.js +16 -10
- package/src/modules/auth/guards/jwt-socket-auth/jwt-socket-auth.guard.js.map +1 -1
- package/src/modules/auth/mixins/auth-gateway.mixin.js +0 -3
- package/src/modules/auth/mixins/auth-gateway.mixin.js.map +1 -1
- package/src/modules/auth/mixins/auth-policies-guard.mixin.js +10 -4
- package/src/modules/auth/mixins/auth-policies-guard.mixin.js.map +1 -1
- package/src/version.json +1 -1
- package/test/dynamic-api-for-root.e2e-spec.js +420 -0
- package/test/dynamic-api-for-root.e2e-spec.js.map +1 -1
- package/tsconfig.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
Changelog
|
|
2
2
|
|
|
3
|
+
## [2.4.2](https://github.com/MikeDev75015/mongodb-dynamic-api/compare/v2.4.1...v2.4.2) (2024-08-11)
|
|
4
|
+
|
|
3
5
|
## [2.4.1](https://github.com/MikeDev75015/mongodb-dynamic-api/compare/v2.4.0...v2.4.1) (2024-08-11)
|
|
4
6
|
|
|
5
7
|
## [2.4.0](https://github.com/MikeDev75015/mongodb-dynamic-api/compare/v2.3.17...v2.4.0) (2024-08-11)
|
package/package.json
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { ExtendedSocket } from '../../../../interfaces';
|
|
2
3
|
export declare class JwtSocketAuthGuard implements CanActivate {
|
|
3
4
|
private readonly logger;
|
|
4
5
|
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
6
|
+
protected getAccessTokenFromSocketQuery(socket: ExtendedSocket): string;
|
|
7
|
+
protected extractUserFromToken(accessToken: string): Promise<unknown>;
|
|
5
8
|
}
|
|
@@ -19,35 +19,41 @@ let JwtSocketAuthGuard = JwtSocketAuthGuard_1 = class JwtSocketAuthGuard {
|
|
|
19
19
|
}
|
|
20
20
|
async canActivate(context) {
|
|
21
21
|
const [socket] = context.getArgs();
|
|
22
|
+
const accessToken = this.getAccessTokenFromSocketQuery(socket);
|
|
23
|
+
const user = await this.extractUserFromToken(accessToken);
|
|
24
|
+
if ((0, lodash_1.isEmpty)(user)) {
|
|
25
|
+
this.logger.warn('No user data');
|
|
26
|
+
throw new websockets_1.WsException('Unauthorized');
|
|
27
|
+
}
|
|
28
|
+
socket.user = user;
|
|
29
|
+
return true;
|
|
30
|
+
}
|
|
31
|
+
getAccessTokenFromSocketQuery(socket) {
|
|
22
32
|
const accessToken = socket.handshake.query.accessToken;
|
|
23
33
|
if (!accessToken) {
|
|
24
34
|
throw new websockets_1.WsException('Unauthorized');
|
|
25
35
|
}
|
|
36
|
+
return accessToken;
|
|
37
|
+
}
|
|
38
|
+
async extractUserFromToken(accessToken) {
|
|
26
39
|
const jwtService = new jwt_1.JwtService({
|
|
27
40
|
secret: dynamic_api_module_1.DynamicApiModule.state.get('jwtSecret'),
|
|
28
41
|
signOptions: {
|
|
29
42
|
expiresIn: dynamic_api_module_1.DynamicApiModule.state.get('jwtExpirationTime'),
|
|
30
43
|
},
|
|
31
44
|
});
|
|
32
|
-
let verified;
|
|
33
45
|
try {
|
|
34
|
-
|
|
46
|
+
const { iat, exp, ...user } = await jwtService.verifyAsync(accessToken, {
|
|
35
47
|
secret: dynamic_api_module_1.DynamicApiModule.state.get('jwtSecret'),
|
|
36
48
|
ignoreExpiration: false,
|
|
37
49
|
});
|
|
50
|
+
return user;
|
|
38
51
|
}
|
|
39
52
|
catch (e) {
|
|
40
|
-
this.logger.warn('jwtService.verify error');
|
|
53
|
+
this.logger.warn('extractUserFromToken jwtService.verify error');
|
|
41
54
|
this.logger.warn(e.message);
|
|
42
|
-
throw new common_1.UnauthorizedException('Unauthorized');
|
|
43
|
-
}
|
|
44
|
-
const { iat, exp, ...user } = verified;
|
|
45
|
-
if ((0, lodash_1.isEmpty)(user)) {
|
|
46
|
-
this.logger.warn('No user data');
|
|
47
55
|
throw new websockets_1.WsException('Unauthorized');
|
|
48
56
|
}
|
|
49
|
-
socket.user = user;
|
|
50
|
-
return true;
|
|
51
57
|
}
|
|
52
58
|
};
|
|
53
59
|
exports.JwtSocketAuthGuard = JwtSocketAuthGuard;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-socket-auth.guard.js","sourceRoot":"","sources":["../../../../../../libs/dynamic-api/src/modules/auth/guards/jwt-socket-auth/jwt-socket-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"jwt-socket-auth.guard.js","sourceRoot":"","sources":["../../../../../../libs/dynamic-api/src/modules/auth/guards/jwt-socket-auth/jwt-socket-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAmF;AACnF,qCAAyC;AACzC,mDAAiD;AACjD,mCAAiC;AACjC,uEAAkE;AAI3D,IAAM,kBAAkB,0BAAxB,MAAM,kBAAkB;IAAxB;QACY,WAAM,GAAG,IAAI,eAAM,CAAC,oBAAkB,CAAC,IAAI,CAAC,CAAC;IAkDhE,CAAC;IAhDQ,KAAK,CAAC,WAAW,CAAC,OAAyB;QAChD,MAAM,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,IAAA,gBAAO,EAAC,IAAI,CAAC,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,IAAI,wBAAW,CAAC,cAAc,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAES,6BAA6B,CAAC,MAAsB;QAC5D,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,WAAqB,CAAC;QAEjE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,wBAAW,CAAC,cAAc,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAES,KAAK,CAAC,oBAAoB,CAAC,WAAmB;QACtD,MAAM,UAAU,GAAG,IAAI,gBAAU,CAAC;YAChC,MAAM,EAAE,qCAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC;YAC/C,WAAW,EAAE;gBACX,SAAS,EAAE,qCAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC;aAC3D;SACF,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,WAAW,EAAE;gBACtE,MAAM,EAAE,qCAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC;gBAC/C,gBAAgB,EAAE,KAAK;aACxB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YACjE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAE5B,MAAM,IAAI,wBAAW,CAAC,cAAc,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;CACF,CAAA;AAnDY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,mBAAU,GAAE;GACA,kBAAkB,CAmD9B"}
|
|
@@ -108,9 +108,6 @@ function AuthGatewayMixin(userEntity, { loginField, passwordField, abilityPredic
|
|
|
108
108
|
}
|
|
109
109
|
async register(socket, data) {
|
|
110
110
|
this.addUserToSocket(socket, !registerProtected && !registerAbilityPredicate);
|
|
111
|
-
if (registerAbilityPredicate && !registerAbilityPredicate(socket.user)) {
|
|
112
|
-
throw new websockets_1.WsException('Access denied');
|
|
113
|
-
}
|
|
114
111
|
return {
|
|
115
112
|
event: registerEvent,
|
|
116
113
|
data: await this.service.register(data),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-gateway.mixin.js","sourceRoot":"","sources":["../../../../../libs/dynamic-api/src/modules/auth/mixins/auth-gateway.mixin.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAiD;AAEjD,6CAAuF;AACvF,mDAAiG;AACjG,mCAAiC;AACjC,gDAAgD;AAChD,8CAAoD;AAEpD,4CAAkD;AAElD,qEAAgE;AAChE,mEAA8D;AAC9D,sCAAmE;AASnE,2EAA2E;AAE3E,SAAS,gBAAgB,CACvB,UAAwB,EACxB,EACE,UAAU,EACV,aAAa,EACb,gBAAgB,EAAE,qBAAqB,GACR,EACjC,EACE,gBAAgB,EAAE,8BAA8B,EAChD,SAAS,EAAE,iBAAiB,EAC5B,gBAAgB,EAAE,wBAAwB,MACL,EAAE,EACzC,uBAA+D,EAAE,EACjE,uBAA+D,EAAE;;IAGjE,MAAM,8BAA+B,SAAQ,IAAA,kBAAQ,EAAC,UAAU,EAAE,CAAC,aAAa,CAAC,CAAC;KAIjF;SADE,aAAa;IAAd;QAFC,IAAA,qBAAW,GAAE;;4DAEU;IAI1B,MAAM,kBAAmB,SAAQ,IAAA,0BAAgB,EAC/C,IAAA,kBAAQ,EAAC,UAAU,EAAE,CAAC,UAAU,CAAC,CAAC,EAClC,8BAA8B,CAC/B;KAAG;IAEJ,MAAM,+BAA+B,GAAqB,EAAE,CAAC;IAC7D,MAAM,8BAA8B,GAAqB,EAAE,CAAC;IAE5D,IAAI,CAAC,8BAA8B,EAAE,CAAC;QACpC,8BAA8B,GAAG,EAAE,CAAC;IACtC,CAAC;IAED,8BAA8B,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,KAAmD,CAAC;QAE/E,IAAI,QAAQ,EAAE,CAAC;YACb,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC,CAAC,CAAC;IAGH,MAAM,qBAAsB,SAAQ,IAAA,0BAAgB,EAClD,IAAA,kBAAQ,EAAC,UAAU,EAAE,CAAC,UAAU,EAAE,GAAG,+BAA+B,CAAC,CAAC,EACtE,8BAA8B,EAAE,MAAM;QACpC,CAAC,CAAC,IAAA,0BAAgB,EAChB,8BAA8B,EAC9B,IAAA,qBAAW,EAAC,IAAA,kBAAQ,EAAC,UAAU,EAAE,8BAA8B,CAAC,CAAC,CAClE;QACD,CAAC,CAAC,8BAA8B,CACnC;KAAG;IAEJ,MAAM,oBAAqB,SAAQ,IAAA,wBAAe,EAChD,UAAU,EACV,IAAI,EACJ;QACE,UAAU;QACV,aAAa;QACb,GAAG,oBAAoB,CAAC,yBAAyB,IAAI,EAAE;KACxD,CACF;KAAG;IAEJ,MAAM,yBAA0B,SAAQ,IAAA,wDAA4B,EAAC,UAAU,EAAE,wBAAwB,CAAC;KAAG;IAE7G,MAAM,8BAA+B,SAAQ,IAAA,wDAA4B,EACvE,UAAU,EACV,oBAAoB,CAAC,gBAAgB,CACtC;KAAG;IAEJ,MAAM,eAAe,GAAG,kBAAkB,CAAC;IAC3C,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;IACjD,MAAM,UAAU,GAAG,YAAY,CAAC;IAChC,MAAM,aAAa,GAAG,eAAe,CAAC;IACtC,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;IACjD,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;IAEnD,MAAM,eAAgB,SAAQ,sBAAmB;QAC/C,YACqB,OAA4B,EAC5B,UAAsB;YAEzC,KAAK,CAAC,UAAU,CAAC,CAAC;YAHC,YAAO,GAAP,OAAO,CAAqB;YAC5B,eAAU,GAAV,UAAU,CAAY;QAG3C,CAAC;QAIK,AAAN,KAAK,CAAC,UAAU,CAAoB,MAA8B;YAChE,OAAO;gBACL,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3E,CAAC;QACJ,CAAC;QAIK,AAAN,KAAK,CAAC,aAAa,CACE,MAA8B,EAClC,IAA0B;YAEzC,OAAO;gBACL,KAAK,EAAE,kBAAkB;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aACpF,CAAC;QACJ,CAAC;QAGK,AAAN,KAAK,CAAC,KAAK,CACU,MAA8B,EAClC,EAAE,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,aAAa,CAAC,EAAE,QAAQ,EAAsB;YAErF,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAe,EAAE,QAAkB,CAAC,CAAC;YACrF,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,IAAI,wBAAW,CAAC,cAAc,CAAC,CAAC;YACxC,CAAC;YAED,IAAI,qBAAqB,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,wBAAW,CAAC,eAAe,CAAC,CAAC;YACzC,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;aAC5C,CAAC;QACJ,CAAC;QAIK,AAAN,KAAK,CAAC,QAAQ,CACO,MAA8B,EAClC,IAA2B;YAE1C,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,iBAAiB,IAAI,CAAC,wBAAwB,CAAC,CAAC;YAE9E,
|
|
1
|
+
{"version":3,"file":"auth-gateway.mixin.js","sourceRoot":"","sources":["../../../../../libs/dynamic-api/src/modules/auth/mixins/auth-gateway.mixin.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAiD;AAEjD,6CAAuF;AACvF,mDAAiG;AACjG,mCAAiC;AACjC,gDAAgD;AAChD,8CAAoD;AAEpD,4CAAkD;AAElD,qEAAgE;AAChE,mEAA8D;AAC9D,sCAAmE;AASnE,2EAA2E;AAE3E,SAAS,gBAAgB,CACvB,UAAwB,EACxB,EACE,UAAU,EACV,aAAa,EACb,gBAAgB,EAAE,qBAAqB,GACR,EACjC,EACE,gBAAgB,EAAE,8BAA8B,EAChD,SAAS,EAAE,iBAAiB,EAC5B,gBAAgB,EAAE,wBAAwB,MACL,EAAE,EACzC,uBAA+D,EAAE,EACjE,uBAA+D,EAAE;;IAGjE,MAAM,8BAA+B,SAAQ,IAAA,kBAAQ,EAAC,UAAU,EAAE,CAAC,aAAa,CAAC,CAAC;KAIjF;SADE,aAAa;IAAd;QAFC,IAAA,qBAAW,GAAE;;4DAEU;IAI1B,MAAM,kBAAmB,SAAQ,IAAA,0BAAgB,EAC/C,IAAA,kBAAQ,EAAC,UAAU,EAAE,CAAC,UAAU,CAAC,CAAC,EAClC,8BAA8B,CAC/B;KAAG;IAEJ,MAAM,+BAA+B,GAAqB,EAAE,CAAC;IAC7D,MAAM,8BAA8B,GAAqB,EAAE,CAAC;IAE5D,IAAI,CAAC,8BAA8B,EAAE,CAAC;QACpC,8BAA8B,GAAG,EAAE,CAAC;IACtC,CAAC;IAED,8BAA8B,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,KAAmD,CAAC;QAE/E,IAAI,QAAQ,EAAE,CAAC;YACb,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC,CAAC,CAAC;IAGH,MAAM,qBAAsB,SAAQ,IAAA,0BAAgB,EAClD,IAAA,kBAAQ,EAAC,UAAU,EAAE,CAAC,UAAU,EAAE,GAAG,+BAA+B,CAAC,CAAC,EACtE,8BAA8B,EAAE,MAAM;QACpC,CAAC,CAAC,IAAA,0BAAgB,EAChB,8BAA8B,EAC9B,IAAA,qBAAW,EAAC,IAAA,kBAAQ,EAAC,UAAU,EAAE,8BAA8B,CAAC,CAAC,CAClE;QACD,CAAC,CAAC,8BAA8B,CACnC;KAAG;IAEJ,MAAM,oBAAqB,SAAQ,IAAA,wBAAe,EAChD,UAAU,EACV,IAAI,EACJ;QACE,UAAU;QACV,aAAa;QACb,GAAG,oBAAoB,CAAC,yBAAyB,IAAI,EAAE;KACxD,CACF;KAAG;IAEJ,MAAM,yBAA0B,SAAQ,IAAA,wDAA4B,EAAC,UAAU,EAAE,wBAAwB,CAAC;KAAG;IAE7G,MAAM,8BAA+B,SAAQ,IAAA,wDAA4B,EACvE,UAAU,EACV,oBAAoB,CAAC,gBAAgB,CACtC;KAAG;IAEJ,MAAM,eAAe,GAAG,kBAAkB,CAAC;IAC3C,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;IACjD,MAAM,UAAU,GAAG,YAAY,CAAC;IAChC,MAAM,aAAa,GAAG,eAAe,CAAC;IACtC,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;IACjD,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;IAEnD,MAAM,eAAgB,SAAQ,sBAAmB;QAC/C,YACqB,OAA4B,EAC5B,UAAsB;YAEzC,KAAK,CAAC,UAAU,CAAC,CAAC;YAHC,YAAO,GAAP,OAAO,CAAqB;YAC5B,eAAU,GAAV,UAAU,CAAY;QAG3C,CAAC;QAIK,AAAN,KAAK,CAAC,UAAU,CAAoB,MAA8B;YAChE,OAAO;gBACL,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3E,CAAC;QACJ,CAAC;QAIK,AAAN,KAAK,CAAC,aAAa,CACE,MAA8B,EAClC,IAA0B;YAEzC,OAAO;gBACL,KAAK,EAAE,kBAAkB;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aACpF,CAAC;QACJ,CAAC;QAGK,AAAN,KAAK,CAAC,KAAK,CACU,MAA8B,EAClC,EAAE,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,aAAa,CAAC,EAAE,QAAQ,EAAsB;YAErF,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAe,EAAE,QAAkB,CAAC,CAAC;YACrF,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,IAAI,wBAAW,CAAC,cAAc,CAAC,CAAC;YACxC,CAAC;YAED,IAAI,qBAAqB,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,wBAAW,CAAC,eAAe,CAAC,CAAC;YACzC,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;aAC5C,CAAC;QACJ,CAAC;QAIK,AAAN,KAAK,CAAC,QAAQ,CACO,MAA8B,EAClC,IAA2B;YAE1C,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,iBAAiB,IAAI,CAAC,wBAAwB,CAAC,CAAC;YAE9E,OAAO;gBACL,KAAK,EAAE,aAAa;gBACpB,IAAI,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;aACxC,CAAC;QACJ,CAAC;QAIK,AAAN,KAAK,CAAC,aAAa,CAAgB,EAAE,KAAK,EAAoB;YAC5D,IAAI,IAAA,gBAAO,EAAC,oBAAoB,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,wBAAW,CAAC,6BAA6B,CAAC,CAAC;YACvD,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,kBAAkB;gBACzB,IAAI,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC;aAC9C,CAAC;QACJ,CAAC;QAIK,AAAN,KAAK,CAAC,cAAc,CAAgB,EAAE,kBAAkB,EAAE,WAAW,EAAqB;YACxF,IAAI,IAAA,gBAAO,EAAC,oBAAoB,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,wBAAW,CAAC,6BAA6B,CAAC,CAAC;YACvD,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,mBAAmB;gBAC1B,IAAI,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,kBAAkB,EAAE,WAAW,CAAC;aACzE,CAAC;QACJ,CAAC;KACF;IAjFO;QAFL,IAAA,kBAAS,EAAC,IAAI,2BAAkB,EAAE,CAAC;QACnC,IAAA,6BAAgB,EAAC,eAAe,CAAC;QAChB,WAAA,IAAA,4BAAe,GAAE,CAAA;;;;qDAKlC;IAIK;QAFL,IAAA,kBAAS,EAAC,IAAI,2BAAkB,EAAE,EAAE,IAAI,8BAA8B,EAAE,CAAC;QACzE,IAAA,6BAAgB,EAAC,kBAAkB,CAAC;QAElC,WAAA,IAAA,4BAAe,GAAE,CAAA;QACjB,WAAA,IAAA,wBAAW,GAAE,CAAA;;iDAAO,oBAAoB;;wDAM1C;IAGK;QADL,IAAA,6BAAgB,EAAC,UAAU,CAAC;QAE1B,WAAA,IAAA,4BAAe,GAAE,CAAA;QACjB,WAAA,IAAA,wBAAW,GAAE,CAAA;;iDAAqD,kBAAkB;;gDAkBtF;IAIK;QAFL,IAAA,kBAAS,EAAC,IAAI,yBAAyB,EAAE,CAAC;QAC1C,IAAA,6BAAgB,EAAC,aAAa,CAAC;QAE7B,WAAA,IAAA,4BAAe,GAAE,CAAA;QACjB,WAAA,IAAA,wBAAW,GAAE,CAAA;;iDAAO,qBAAqB;;mDAQ3C;IAIK;QAFL,IAAA,kBAAS,EAAC,IAAI,2BAAkB,CAAC,IAAA,0BAAgB,EAAC,oBAAoB,CAAC,CAAC,CAAC;QACzE,IAAA,6BAAgB,EAAC,kBAAkB,CAAC;QAChB,WAAA,IAAA,wBAAW,GAAE,CAAA;;yCAAY,qCAAgB;;wDAS7D;IAIK;QAFL,IAAA,kBAAS,EAAC,IAAI,2BAAkB,CAAC,IAAA,0BAAgB,EAAC,oBAAoB,CAAC,CAAC,CAAC;QACzE,IAAA,6BAAgB,EAAC,mBAAmB,CAAC;QAChB,WAAA,IAAA,wBAAW,GAAE,CAAA;;yCAAsC,uCAAiB;;yDASzF;IAGH,OAAO,eAAe,CAAC;AACzB,CAAC;AAEQ,4CAAgB"}
|
|
@@ -9,6 +9,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
9
9
|
exports.AuthSocketPoliciesGuardMixin = exports.AuthPoliciesGuardMixin = void 0;
|
|
10
10
|
const common_1 = require("@nestjs/common");
|
|
11
11
|
const websockets_1 = require("@nestjs/websockets");
|
|
12
|
+
const guards_1 = require("../guards");
|
|
12
13
|
function AuthPoliciesGuardMixin(entity, abilityPredicate) {
|
|
13
14
|
let BaseAuthPoliciesGuard = class BaseAuthPoliciesGuard {
|
|
14
15
|
constructor() {
|
|
@@ -30,15 +31,20 @@ function AuthPoliciesGuardMixin(entity, abilityPredicate) {
|
|
|
30
31
|
}
|
|
31
32
|
exports.AuthPoliciesGuardMixin = AuthPoliciesGuardMixin;
|
|
32
33
|
function AuthSocketPoliciesGuardMixin(entity, abilityPredicate) {
|
|
33
|
-
let BaseAuthSocketPoliciesGuard = class BaseAuthSocketPoliciesGuard {
|
|
34
|
+
let BaseAuthSocketPoliciesGuard = class BaseAuthSocketPoliciesGuard extends guards_1.JwtSocketAuthGuard {
|
|
34
35
|
constructor() {
|
|
36
|
+
super(...arguments);
|
|
35
37
|
this.entity = entity;
|
|
36
38
|
this.abilityPredicate = abilityPredicate;
|
|
37
39
|
}
|
|
38
|
-
canActivate(context) {
|
|
40
|
+
async canActivate(context) {
|
|
39
41
|
const [socket] = context.getArgs();
|
|
40
|
-
if (this.abilityPredicate
|
|
41
|
-
|
|
42
|
+
if (this.abilityPredicate) {
|
|
43
|
+
const accessToken = this.getAccessTokenFromSocketQuery(socket);
|
|
44
|
+
socket.user = await this.extractUserFromToken(accessToken);
|
|
45
|
+
if (!socket.user || !this.abilityPredicate(socket.user)) {
|
|
46
|
+
throw new websockets_1.WsException('Access denied');
|
|
47
|
+
}
|
|
42
48
|
}
|
|
43
49
|
return true;
|
|
44
50
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-policies-guard.mixin.js","sourceRoot":"","sources":["../../../../../libs/dynamic-api/src/modules/auth/mixins/auth-policies-guard.mixin.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwF;AACxF,mDAAiD;
|
|
1
|
+
{"version":3,"file":"auth-policies-guard.mixin.js","sourceRoot":"","sources":["../../../../../libs/dynamic-api/src/modules/auth/mixins/auth-policies-guard.mixin.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwF;AACxF,mDAAiD;AAGjD,sCAA+C;AAE/C,SAAS,sBAAsB,CAC7B,MAAoB,EACpB,gBAAkD;IAGlD,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;QAA3B;YACY,WAAM,GAAG,MAAM,CAAC;YAChB,qBAAgB,GAAG,gBAAgB,CAAC;QAahD,CAAC;QAXC,WAAW,CAAC,OAAyB;YACnC,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YAErD,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAC3B,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CACtC,EAAE,CAAC;gBACF,MAAM,IAAI,2BAAkB,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAA;IAfK,qBAAqB;QAD1B,IAAA,mBAAU,GAAE;OACP,qBAAqB,CAe1B;IAED,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AA+BQ,wDAAsB;AA7B/B,SAAS,4BAA4B,CACnC,MAAoB,EACpB,gBAAkD;IAGlD,IAAM,2BAA2B,GAAjC,MAAM,2BAA4B,SAAQ,2BAAkB;QAA5D;;YACY,WAAM,GAAG,MAAM,CAAC;YAChB,qBAAgB,GAAG,gBAAgB,CAAC;QAiBhD,CAAC;QAfU,KAAK,CAAC,WAAW,CAAC,OAAyB;YAClD,MAAM,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;YAEnC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAC;gBAE/D,MAAM,CAAC,IAAI,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;gBAE3D,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,IAAI,wBAAW,CAAC,eAAe,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAA;IAnBK,2BAA2B;QADhC,IAAA,mBAAU,GAAE;OACP,2BAA2B,CAmBhC;IAED,OAAO,2BAA2B,CAAC;AACrC,CAAC;AAEgC,oEAA4B"}
|
package/src/version.json
CHANGED
|
@@ -1147,6 +1147,426 @@ describe('DynamicApiModule forRoot (e2e)', () => {
|
|
|
1147
1147
|
});
|
|
1148
1148
|
});
|
|
1149
1149
|
});
|
|
1150
|
+
describe('EVENT auth-register with register options', () => {
|
|
1151
|
+
let User = class User extends src_1.BaseEntity {
|
|
1152
|
+
constructor() {
|
|
1153
|
+
super(...arguments);
|
|
1154
|
+
this.role = 'user';
|
|
1155
|
+
}
|
|
1156
|
+
};
|
|
1157
|
+
__decorate([
|
|
1158
|
+
(0, mongoose_1.Prop)({ type: String, required: true }),
|
|
1159
|
+
__metadata("design:type", String)
|
|
1160
|
+
], User.prototype, "email", void 0);
|
|
1161
|
+
__decorate([
|
|
1162
|
+
(0, mongoose_1.Prop)({ type: String, required: true }),
|
|
1163
|
+
__metadata("design:type", String)
|
|
1164
|
+
], User.prototype, "password", void 0);
|
|
1165
|
+
__decorate([
|
|
1166
|
+
(0, mongoose_1.Prop)({ type: String, default: 'user' }),
|
|
1167
|
+
__metadata("design:type", String)
|
|
1168
|
+
], User.prototype, "role", void 0);
|
|
1169
|
+
__decorate([
|
|
1170
|
+
(0, mongoose_1.Prop)({ type: Boolean, default: false }),
|
|
1171
|
+
__metadata("design:type", Boolean)
|
|
1172
|
+
], User.prototype, "isVerified", void 0);
|
|
1173
|
+
User = __decorate([
|
|
1174
|
+
(0, mongoose_1.Schema)({ collection: 'users' })
|
|
1175
|
+
], User);
|
|
1176
|
+
const admin = { email: 'admin@test.co', password: 'admin', role: 'admin', isVerified: true };
|
|
1177
|
+
const user = { email: 'user@test.co', password: 'user' };
|
|
1178
|
+
beforeEach(async () => {
|
|
1179
|
+
const bcryptService = new src_1.BcryptService();
|
|
1180
|
+
const fixtures = async (_) => {
|
|
1181
|
+
const model = await (0, utils_1.getModelFromEntity)(User);
|
|
1182
|
+
await model.insertMany([
|
|
1183
|
+
{ ...admin, password: await bcryptService.hashPassword(admin.password) },
|
|
1184
|
+
{ ...user, password: await bcryptService.hashPassword(user.password) },
|
|
1185
|
+
]);
|
|
1186
|
+
};
|
|
1187
|
+
await initModule({
|
|
1188
|
+
useAuth: {
|
|
1189
|
+
userEntity: User,
|
|
1190
|
+
register: {
|
|
1191
|
+
protected: true,
|
|
1192
|
+
abilityPredicate: (user) => user.isVerified,
|
|
1193
|
+
additionalFields: ['role'],
|
|
1194
|
+
callback: async (user, { updateOneDocument }) => {
|
|
1195
|
+
if (user.role !== 'admin') {
|
|
1196
|
+
return;
|
|
1197
|
+
}
|
|
1198
|
+
await updateOneDocument(User, { _id: user.id }, { $set: { isVerified: true } });
|
|
1199
|
+
},
|
|
1200
|
+
},
|
|
1201
|
+
login: {
|
|
1202
|
+
additionalFields: ['role', 'isVerified'],
|
|
1203
|
+
},
|
|
1204
|
+
},
|
|
1205
|
+
webSocket: true,
|
|
1206
|
+
}, fixtures, async (_) => {
|
|
1207
|
+
_.useWebSocketAdapter(new socket_adapter_1.SocketAdapter(_));
|
|
1208
|
+
});
|
|
1209
|
+
});
|
|
1210
|
+
describe('protected', () => {
|
|
1211
|
+
it('should throw a ws exception if user is not logged in and protected is true', async () => {
|
|
1212
|
+
await e2e_setup_1.server.emit('auth-register', { email: 'unit@test.co', password: 'test' });
|
|
1213
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1214
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1215
|
+
message: 'Unauthorized',
|
|
1216
|
+
});
|
|
1217
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1218
|
+
});
|
|
1219
|
+
});
|
|
1220
|
+
describe('abilityPredicate', () => {
|
|
1221
|
+
it('should not create a new user if user is not verified', async () => {
|
|
1222
|
+
const { email, password } = user;
|
|
1223
|
+
const { accessToken } = await e2e_setup_1.server.emit('auth-login', { email, password });
|
|
1224
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1225
|
+
await e2e_setup_1.server.emit('auth-register', { email: 'unit@test.co', password: 'test' }, {
|
|
1226
|
+
accessToken,
|
|
1227
|
+
});
|
|
1228
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1229
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1230
|
+
message: 'Access denied',
|
|
1231
|
+
});
|
|
1232
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1233
|
+
});
|
|
1234
|
+
it('should create a new user and return access token if user is verified', async () => {
|
|
1235
|
+
const { email, password } = admin;
|
|
1236
|
+
const { accessToken } = await e2e_setup_1.server.emit('auth-login', { email, password });
|
|
1237
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1238
|
+
await e2e_setup_1.server.emit('auth-register', { email: 'unit@test.co', password: 'test' }, {
|
|
1239
|
+
accessToken,
|
|
1240
|
+
});
|
|
1241
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1242
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1243
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledWith({ accessToken: expect.any(String) });
|
|
1244
|
+
});
|
|
1245
|
+
});
|
|
1246
|
+
describe('additionalFields', () => {
|
|
1247
|
+
it('should allow to register a new user with additional fields', async () => {
|
|
1248
|
+
const { email, password } = admin;
|
|
1249
|
+
const { accessToken } = await e2e_setup_1.server.emit('auth-login', { email, password });
|
|
1250
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1251
|
+
await e2e_setup_1.server.emit('auth-register', { email: 'client@test.co', password: 'client', role: 'client' }, {
|
|
1252
|
+
accessToken,
|
|
1253
|
+
});
|
|
1254
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1255
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1256
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledWith({ accessToken: expect.any(String) });
|
|
1257
|
+
});
|
|
1258
|
+
});
|
|
1259
|
+
describe('callback', () => {
|
|
1260
|
+
let adminAccessToken;
|
|
1261
|
+
beforeEach(async () => {
|
|
1262
|
+
const { email, password } = admin;
|
|
1263
|
+
const { accessToken } = await e2e_setup_1.server.emit('auth-login', { email, password });
|
|
1264
|
+
adminAccessToken = accessToken;
|
|
1265
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1266
|
+
});
|
|
1267
|
+
it('should not set isVerified to true if role is not admin', async () => {
|
|
1268
|
+
const { accessToken: clientAccessToken } = await e2e_setup_1.server.emit('auth-register', { email: 'client@test.co', password: 'client', role: 'client' }, {
|
|
1269
|
+
accessToken: adminAccessToken,
|
|
1270
|
+
});
|
|
1271
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1272
|
+
const body = await e2e_setup_1.server.emit('auth-get-account', undefined, { accessToken: clientAccessToken });
|
|
1273
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1274
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1275
|
+
expect(body).toHaveProperty('isVerified', false);
|
|
1276
|
+
});
|
|
1277
|
+
it('should set isVerified to true if role is admin', async () => {
|
|
1278
|
+
const { accessToken: admin2AccessToken } = await e2e_setup_1.server.emit('auth-register', { email: 'admin2@test.co', password: 'admin2', role: 'admin' }, {
|
|
1279
|
+
accessToken: adminAccessToken,
|
|
1280
|
+
});
|
|
1281
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1282
|
+
const body = await e2e_setup_1.server.emit('auth-get-account', undefined, { accessToken: admin2AccessToken });
|
|
1283
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1284
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1285
|
+
expect(body).toHaveProperty('isVerified', true);
|
|
1286
|
+
});
|
|
1287
|
+
});
|
|
1288
|
+
});
|
|
1289
|
+
describe('EVENT auth-login with login options', () => {
|
|
1290
|
+
let User = class User extends src_1.BaseEntity {
|
|
1291
|
+
constructor() {
|
|
1292
|
+
super(...arguments);
|
|
1293
|
+
this.role = 'user';
|
|
1294
|
+
}
|
|
1295
|
+
};
|
|
1296
|
+
__decorate([
|
|
1297
|
+
(0, mongoose_1.Prop)({ type: String, required: true }),
|
|
1298
|
+
__metadata("design:type", String)
|
|
1299
|
+
], User.prototype, "username", void 0);
|
|
1300
|
+
__decorate([
|
|
1301
|
+
(0, mongoose_1.Prop)({ type: String, required: true }),
|
|
1302
|
+
__metadata("design:type", String)
|
|
1303
|
+
], User.prototype, "pass", void 0);
|
|
1304
|
+
__decorate([
|
|
1305
|
+
(0, mongoose_1.Prop)({ type: String, default: 'user' }),
|
|
1306
|
+
__metadata("design:type", String)
|
|
1307
|
+
], User.prototype, "role", void 0);
|
|
1308
|
+
__decorate([
|
|
1309
|
+
(0, mongoose_1.Prop)({ type: Boolean, default: false }),
|
|
1310
|
+
__metadata("design:type", Boolean)
|
|
1311
|
+
], User.prototype, "isVerified", void 0);
|
|
1312
|
+
User = __decorate([
|
|
1313
|
+
(0, mongoose_1.Schema)({ collection: 'users' })
|
|
1314
|
+
], User);
|
|
1315
|
+
const admin = { username: 'admin', pass: 'admin', role: 'admin', isVerified: true };
|
|
1316
|
+
const user = { username: 'user', pass: 'user' };
|
|
1317
|
+
const client = { username: 'client', pass: 'client', role: 'client', isVerified: true };
|
|
1318
|
+
beforeEach(async () => {
|
|
1319
|
+
const bcryptService = new src_1.BcryptService();
|
|
1320
|
+
const fixtures = async (_) => {
|
|
1321
|
+
const model = await (0, utils_1.getModelFromEntity)(User);
|
|
1322
|
+
await model.insertMany([
|
|
1323
|
+
{ ...admin, pass: await bcryptService.hashPassword(admin.pass) },
|
|
1324
|
+
{ ...user, pass: await bcryptService.hashPassword(user.pass) },
|
|
1325
|
+
{ ...client, pass: await bcryptService.hashPassword(client.pass) },
|
|
1326
|
+
]);
|
|
1327
|
+
};
|
|
1328
|
+
await initModule({
|
|
1329
|
+
useAuth: {
|
|
1330
|
+
userEntity: User,
|
|
1331
|
+
login: {
|
|
1332
|
+
loginField: 'username',
|
|
1333
|
+
passwordField: 'pass',
|
|
1334
|
+
additionalFields: ['role', 'isVerified'],
|
|
1335
|
+
abilityPredicate: (user) => user.role === 'admin' || user.role === 'user',
|
|
1336
|
+
callback: async (user) => {
|
|
1337
|
+
if (user.isVerified) {
|
|
1338
|
+
return;
|
|
1339
|
+
}
|
|
1340
|
+
throw new common_1.UnauthorizedException(`Hello ${user.username}, you must verify your account first!`);
|
|
1341
|
+
},
|
|
1342
|
+
},
|
|
1343
|
+
},
|
|
1344
|
+
webSocket: true,
|
|
1345
|
+
}, fixtures, async (_) => {
|
|
1346
|
+
_.useWebSocketAdapter(new socket_adapter_1.SocketAdapter(_));
|
|
1347
|
+
});
|
|
1348
|
+
});
|
|
1349
|
+
describe('loginField', () => {
|
|
1350
|
+
it('should throw a ws exception if loginField is missing', async () => {
|
|
1351
|
+
await e2e_setup_1.server.emit('auth-login', { pass: 'test' });
|
|
1352
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1353
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1354
|
+
message: 'Unauthorized',
|
|
1355
|
+
});
|
|
1356
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1357
|
+
});
|
|
1358
|
+
});
|
|
1359
|
+
describe('passwordField', () => {
|
|
1360
|
+
it('should throw an unauthorized exception if passwordField is missing', async () => {
|
|
1361
|
+
await e2e_setup_1.server.emit('auth-login', { username: 'unit' });
|
|
1362
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1363
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1364
|
+
message: 'Unauthorized',
|
|
1365
|
+
});
|
|
1366
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1367
|
+
});
|
|
1368
|
+
});
|
|
1369
|
+
describe('abilityPredicate', () => {
|
|
1370
|
+
it('should throw a ws exception if user role is not admin or user', async () => {
|
|
1371
|
+
const { username, pass } = client;
|
|
1372
|
+
await e2e_setup_1.server.emit('auth-login', { username, pass });
|
|
1373
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1374
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1375
|
+
message: 'Access denied',
|
|
1376
|
+
});
|
|
1377
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1378
|
+
});
|
|
1379
|
+
});
|
|
1380
|
+
describe('callback', () => {
|
|
1381
|
+
it('should throw a ws exception if user is not verified', async () => {
|
|
1382
|
+
const { username, pass } = user;
|
|
1383
|
+
await e2e_setup_1.server.emit('auth-login', { username, pass });
|
|
1384
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1385
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1386
|
+
message: 'Hello user, you must verify your account first!',
|
|
1387
|
+
});
|
|
1388
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1389
|
+
});
|
|
1390
|
+
});
|
|
1391
|
+
describe('additionalFields', () => {
|
|
1392
|
+
it('should return additional fields', async () => {
|
|
1393
|
+
const { username, pass } = admin;
|
|
1394
|
+
const { accessToken } = await e2e_setup_1.server.emit('auth-login', { username, pass });
|
|
1395
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1396
|
+
await e2e_setup_1.server.emit('auth-get-account', undefined, { accessToken });
|
|
1397
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1398
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1399
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledWith({ id: expect.any(String), username: 'admin', role: 'admin', isVerified: true });
|
|
1400
|
+
});
|
|
1401
|
+
});
|
|
1402
|
+
});
|
|
1403
|
+
describe('useAuth with resetPassword options', () => {
|
|
1404
|
+
let User = class User extends src_1.BaseEntity {
|
|
1405
|
+
};
|
|
1406
|
+
__decorate([
|
|
1407
|
+
(0, mongoose_1.Prop)({ type: String, required: true }),
|
|
1408
|
+
__metadata("design:type", String)
|
|
1409
|
+
], User.prototype, "email", void 0);
|
|
1410
|
+
__decorate([
|
|
1411
|
+
(0, mongoose_1.Prop)({ type: String, required: true }),
|
|
1412
|
+
__metadata("design:type", String)
|
|
1413
|
+
], User.prototype, "password", void 0);
|
|
1414
|
+
__decorate([
|
|
1415
|
+
(0, mongoose_1.Prop)({ type: Boolean, default: false }),
|
|
1416
|
+
__metadata("design:type", Boolean)
|
|
1417
|
+
], User.prototype, "isVerified", void 0);
|
|
1418
|
+
__decorate([
|
|
1419
|
+
(0, mongoose_1.Prop)({ type: String }),
|
|
1420
|
+
__metadata("design:type", String)
|
|
1421
|
+
], User.prototype, "resetPasswordToken", void 0);
|
|
1422
|
+
User = __decorate([
|
|
1423
|
+
(0, mongoose_1.Schema)({ collection: 'users' })
|
|
1424
|
+
], User);
|
|
1425
|
+
let model;
|
|
1426
|
+
let user;
|
|
1427
|
+
let client;
|
|
1428
|
+
let app;
|
|
1429
|
+
beforeEach(async () => {
|
|
1430
|
+
user = { email: 'user@test.co', password: 'user', isVerified: true };
|
|
1431
|
+
client = { email: 'client@test.co', password: 'client' };
|
|
1432
|
+
const bcryptService = new src_1.BcryptService();
|
|
1433
|
+
const fixtures = async (_) => {
|
|
1434
|
+
model = await (0, utils_1.getModelFromEntity)(User);
|
|
1435
|
+
await model.insertMany([
|
|
1436
|
+
{ ...user, password: await bcryptService.hashPassword(user.password) },
|
|
1437
|
+
{ ...client, password: await bcryptService.hashPassword(client.password) },
|
|
1438
|
+
]);
|
|
1439
|
+
};
|
|
1440
|
+
app = await initModule({
|
|
1441
|
+
useAuth: {
|
|
1442
|
+
userEntity: User,
|
|
1443
|
+
resetPassword: {
|
|
1444
|
+
emailField: 'email',
|
|
1445
|
+
expirationInMinutes: 1,
|
|
1446
|
+
resetPasswordCallback: async ({ resetPasswordToken }, { updateUserByEmail }) => {
|
|
1447
|
+
await updateUserByEmail({ $set: { resetPasswordToken } });
|
|
1448
|
+
},
|
|
1449
|
+
changePasswordAbilityPredicate: (user) => user.isVerified && !!user.resetPasswordToken,
|
|
1450
|
+
changePasswordCallback: async (user, { updateOneDocument }) => {
|
|
1451
|
+
await updateOneDocument(User, { _id: user.id }, { $unset: { resetPasswordToken: 1 } });
|
|
1452
|
+
},
|
|
1453
|
+
},
|
|
1454
|
+
},
|
|
1455
|
+
webSocket: true,
|
|
1456
|
+
}, fixtures, async (_) => {
|
|
1457
|
+
_.useWebSocketAdapter(new socket_adapter_1.SocketAdapter(_));
|
|
1458
|
+
});
|
|
1459
|
+
});
|
|
1460
|
+
describe('EVENT auth-reset-password', () => {
|
|
1461
|
+
it('should throw a ws exception if email is missing if no validation options are provided', async () => {
|
|
1462
|
+
await e2e_setup_1.server.emit('auth-reset-password', {});
|
|
1463
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1464
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1465
|
+
message: 'Invalid or missing argument',
|
|
1466
|
+
});
|
|
1467
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1468
|
+
});
|
|
1469
|
+
it('should not throw a ws exception if email is invalid if no validation options are provided', async () => {
|
|
1470
|
+
await e2e_setup_1.server.emit('auth-reset-password', { email: 'unit.test.co' });
|
|
1471
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1472
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1473
|
+
});
|
|
1474
|
+
it('should not throw a ws exception if email is not found', async () => {
|
|
1475
|
+
await e2e_setup_1.server.emit('auth-reset-password', { email: 'invalid@test.co' });
|
|
1476
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1477
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1478
|
+
});
|
|
1479
|
+
describe('resetPasswordCallback', () => {
|
|
1480
|
+
it('should set resetPasswordToken if email is valid', async () => {
|
|
1481
|
+
const { email } = user;
|
|
1482
|
+
const { resetPasswordToken: resetPasswordTokenBeforeUpdate } = (await model.findOne({ email }).lean().exec());
|
|
1483
|
+
await e2e_setup_1.server.emit('auth-reset-password', { email });
|
|
1484
|
+
const { resetPasswordToken: resetPasswordTokenAfterUpdate } = (await model.findOne({ email }).lean().exec());
|
|
1485
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1486
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1487
|
+
expect(resetPasswordTokenBeforeUpdate).toStrictEqual(undefined);
|
|
1488
|
+
expect(resetPasswordTokenAfterUpdate).toStrictEqual(expect.any(String));
|
|
1489
|
+
});
|
|
1490
|
+
});
|
|
1491
|
+
});
|
|
1492
|
+
describe('EVENT auth-change-password', () => {
|
|
1493
|
+
it('should throw a ws exception if resetPasswordToken is missing', async () => {
|
|
1494
|
+
await e2e_setup_1.server.emit('auth-change-password', { newPassword: 'test' });
|
|
1495
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1496
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1497
|
+
message: 'Invalid or missing argument',
|
|
1498
|
+
});
|
|
1499
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1500
|
+
});
|
|
1501
|
+
it('should throw a ws exception if newPassword is missing', async () => {
|
|
1502
|
+
await e2e_setup_1.server.emit('auth-change-password', { resetPasswordToken: 'resetPasswordToken' });
|
|
1503
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1504
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1505
|
+
message: 'Invalid or missing argument',
|
|
1506
|
+
});
|
|
1507
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1508
|
+
});
|
|
1509
|
+
it('should throw a ws exception if resetPasswordToken is invalid', async () => {
|
|
1510
|
+
await e2e_setup_1.server.emit('auth-change-password', { resetPasswordToken: 'test', newPassword: 'newPassword' });
|
|
1511
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1512
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1513
|
+
message: 'Invalid reset password token. Please redo the reset password process.',
|
|
1514
|
+
});
|
|
1515
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1516
|
+
});
|
|
1517
|
+
it('should throw a ws exception if resetPasswordToken is expired', async () => {
|
|
1518
|
+
const jwtService = app.get(jwt_1.JwtService);
|
|
1519
|
+
const expiredResetPasswordToken = jwtService.sign({ email: user.email }, { expiresIn: 1 });
|
|
1520
|
+
await (0, utils_1.wait)(500);
|
|
1521
|
+
await e2e_setup_1.server.emit('auth-change-password', { resetPasswordToken: expiredResetPasswordToken, newPassword: 'newPassword' });
|
|
1522
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1523
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1524
|
+
message: 'Time to reset password has expired. Please redo the reset password process.',
|
|
1525
|
+
});
|
|
1526
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1527
|
+
});
|
|
1528
|
+
describe('changePasswordAbilityPredicate', () => {
|
|
1529
|
+
let resetPasswordToken;
|
|
1530
|
+
beforeEach(async () => {
|
|
1531
|
+
await e2e_setup_1.server.emit('auth-reset-password', { email: client.email });
|
|
1532
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1533
|
+
const { resetPasswordToken: token } = (await model.findOne({ email: client.email }).lean().exec());
|
|
1534
|
+
resetPasswordToken = token;
|
|
1535
|
+
});
|
|
1536
|
+
it('should throw a ws exception if user is not allowed to change password', async () => {
|
|
1537
|
+
await e2e_setup_1.server.emit('auth-change-password', { resetPasswordToken, newPassword: 'newPassword' });
|
|
1538
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledTimes(1);
|
|
1539
|
+
expect(e2e_setup_1.handleSocketException).toHaveBeenCalledWith({
|
|
1540
|
+
message: 'You are not allowed to change your password.',
|
|
1541
|
+
});
|
|
1542
|
+
expect(e2e_setup_1.handleSocketResponse).not.toHaveBeenCalled();
|
|
1543
|
+
});
|
|
1544
|
+
});
|
|
1545
|
+
describe('changePasswordCallback', () => {
|
|
1546
|
+
let resetPasswordToken;
|
|
1547
|
+
beforeEach(async () => {
|
|
1548
|
+
await e2e_setup_1.server.emit('auth-reset-password', { email: user.email });
|
|
1549
|
+
e2e_setup_1.handleSocketResponse.mockReset();
|
|
1550
|
+
const { resetPasswordToken: token } = (await model.findOne({ email: user.email }).lean().exec());
|
|
1551
|
+
resetPasswordToken = token;
|
|
1552
|
+
});
|
|
1553
|
+
it('should change password and unset resetPasswordToken if resetPasswordToken is valid', async () => {
|
|
1554
|
+
const newPassword = 'newPassword';
|
|
1555
|
+
const bcryptService = app.get(src_1.BcryptService);
|
|
1556
|
+
const { password: passwordBeforeUpdate } = (await model.findOne({ email: user.email }).lean().exec());
|
|
1557
|
+
await e2e_setup_1.server.emit('auth-change-password', { resetPasswordToken, newPassword });
|
|
1558
|
+
const { password: passwordAfterUpdate, resetPasswordToken: tokenAfterUpdate } = (await model.findOne({ email: user.email }).lean().exec());
|
|
1559
|
+
const isPreviousPassword = await bcryptService.comparePassword(user.password, passwordBeforeUpdate);
|
|
1560
|
+
expect(isPreviousPassword).toBe(true);
|
|
1561
|
+
const isNewPassword = await bcryptService.comparePassword(newPassword, passwordAfterUpdate);
|
|
1562
|
+
expect(isNewPassword).toBe(true);
|
|
1563
|
+
expect(tokenAfterUpdate).toStrictEqual(undefined);
|
|
1564
|
+
expect(e2e_setup_1.handleSocketException).not.toHaveBeenCalled();
|
|
1565
|
+
expect(e2e_setup_1.handleSocketResponse).toHaveBeenCalledTimes(1);
|
|
1566
|
+
});
|
|
1567
|
+
});
|
|
1568
|
+
});
|
|
1569
|
+
});
|
|
1150
1570
|
});
|
|
1151
1571
|
});
|
|
1152
1572
|
});
|