2020-05-04 01:16:54 +00:00
|
|
|
const { Controller } = require('libflitter')
|
|
|
|
const zxcvbn = require('zxcvbn')
|
|
|
|
|
|
|
|
class PasswordController extends Controller {
|
|
|
|
static get services() {
|
2020-07-13 14:35:11 +00:00
|
|
|
return [...super.services, 'auth', 'jobs', 'models', 'activity']
|
2020-05-04 01:16:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
async get_resets(req, res, next) {
|
|
|
|
return res.api(req.user.password_resets.map(x => {
|
|
|
|
return {
|
|
|
|
reset_on: x.reset_on,
|
|
|
|
reason: x.reason,
|
|
|
|
}
|
|
|
|
}))
|
|
|
|
}
|
|
|
|
|
|
|
|
async get_app_passwords(req, res, next) {
|
|
|
|
return res.api(req.user.app_passwords.map(x => {
|
|
|
|
return {
|
|
|
|
created: x.created,
|
|
|
|
expires: x.expires,
|
|
|
|
active: x.active,
|
2020-05-31 01:16:10 +00:00
|
|
|
name: x.name ?? req.T('common.unnamed'),
|
2020-05-04 01:16:54 +00:00
|
|
|
uuid: x.uuid,
|
|
|
|
}
|
|
|
|
}))
|
|
|
|
}
|
|
|
|
|
|
|
|
async create_app_password(req, res, next) {
|
|
|
|
if ( !req.body.name )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.missing_field')} name`)
|
2020-05-04 01:16:54 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
const { password, record } = await req.user.app_password(req.body.name)
|
|
|
|
await req.user.save()
|
2020-07-13 14:35:11 +00:00
|
|
|
await this.activity.app_password_created({ req, name: req.body.name })
|
2020-05-04 01:16:54 +00:00
|
|
|
|
|
|
|
return res.api({
|
|
|
|
password,
|
|
|
|
name: req.body.name,
|
|
|
|
uuid: record.uuid,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
async delete_app_password(req, res, next) {
|
|
|
|
if ( !req.params.uuid )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.missing_field')} uuid`)
|
2020-05-04 01:16:54 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
const match = req.user.app_passwords.filter(x => x.uuid === req.params.uuid)[0]
|
|
|
|
if ( !match )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.app_pw_not_found'))
|
2020-05-04 01:16:54 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
req.user.app_passwords = req.user.app_passwords.filter(x => x.uuid !== req.params.uuid)
|
|
|
|
await req.user.save()
|
|
|
|
return res.api()
|
|
|
|
}
|
|
|
|
|
|
|
|
async reset_password(req, res, next) {
|
|
|
|
if ( !req.body.password )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.missing_field')} password`)
|
2020-05-04 01:16:54 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
// Verify password complexity
|
|
|
|
const min_score = 3
|
|
|
|
const result = zxcvbn(req.body.password)
|
|
|
|
if ( result.score < min_score )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('auth.password_complexity_fail').replace('MIN_SCORE', min_score))
|
2020-05-04 01:16:54 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
// Make sure it's not a re-do
|
|
|
|
for ( const old_pw of req.user.password_resets ) {
|
|
|
|
if ( await old_pw.check(req.body.password) ) {
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('auth.duplicate_pw'))
|
2020-05-04 01:16:54 +00:00
|
|
|
.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create the password reset
|
|
|
|
const reset = await req.user.reset_password(req.body.password)
|
|
|
|
await req.user.save()
|
2020-07-13 14:35:11 +00:00
|
|
|
await this.activity.password_reset({ req, ip: req.ip })
|
2020-05-20 14:56:03 +00:00
|
|
|
if ( req.trap.has_trap() && req.trap.get_trap() === 'password_reset' ) await req.trap.end()
|
2020-05-04 01:16:54 +00:00
|
|
|
|
2021-05-04 01:06:51 +00:00
|
|
|
if ( req.session.registrant_flow ) {
|
|
|
|
await req.trap.begin('registrant_flow', { session_only: true })
|
|
|
|
}
|
|
|
|
|
2020-05-04 01:16:54 +00:00
|
|
|
// invalidate existing tokens and other logins
|
2020-08-23 19:42:00 +00:00
|
|
|
await req.user.logout(req)
|
2020-05-04 01:16:54 +00:00
|
|
|
await req.user.kickout()
|
2020-05-25 20:45:26 +00:00
|
|
|
req.trust.unassume()
|
2020-05-04 01:16:54 +00:00
|
|
|
return res.api()
|
|
|
|
}
|
2020-05-25 20:45:26 +00:00
|
|
|
|
|
|
|
async request_reset(req, res, next) {
|
|
|
|
if ( !req.body.email )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.missing_field')} email`)
|
2020-05-25 20:45:26 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
const User = this.models.get('auth:User')
|
|
|
|
const user = await User.findOne({ email: req.body.email })
|
|
|
|
|
|
|
|
if ( user ) {
|
|
|
|
const reset_queue = this.jobs.queue('password_resets')
|
|
|
|
await reset_queue.add('PasswordReset', { user_id: user.id })
|
|
|
|
}
|
|
|
|
|
|
|
|
return res.api({ success: true })
|
|
|
|
}
|
2020-05-04 01:16:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
module.exports = exports = PasswordController
|