@zowe/zosmf-for-zowe-sdk
Version:
Zowe SDK to interact with the z/OS Management Facility
123 lines • 6.42 kB
JavaScript
;
/*
* This program and the accompanying materials are made available under the terms of the
* Eclipse Public License v2.0 which accompanies this distribution, and is available at
* https://www.eclipse.org/legal/epl-v20.html
*
* SPDX-License-Identifier: EPL-2.0
*
* Copyright Contributors to the Zowe Project.
*
*/
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.ZosmfChangePassword = void 0;
const util_1 = require("util");
const imperative_1 = require("@zowe/imperative");
const core_for_zowe_sdk_1 = require("@zowe/core-for-zowe-sdk");
const Zosmf_constants_1 = require("./constants/Zosmf.constants");
const Zosmf_messages_1 = require("./constants/Zosmf.messages");
/**
* Class to handle changing a z/OS password or passphrase via z/OSMF.
*
* https://www.ibm.com/docs/en/zos/3.2.0?topic=services-change-user-password-passphrase
* @export
* @class ZosmfChangePassword
*/
class ZosmfChangePassword {
/**
* Change the password or passphrase for a z/OS user ID via z/OSMF.
* @param {AbstractSession} session
* @param {string} newPassword
* @returns {Promise<IZosmfChangePasswordResponse>}
*/
static changePassword(session, newPassword) {
return __awaiter(this, void 0, void 0, function* () {
ZosmfChangePassword.log.trace("ZosmfChangePassword.changePassword()");
imperative_1.ImperativeExpect.toNotBeNullOrUndefined(session, Zosmf_messages_1.ZosmfMessages.missingSession.message);
imperative_1.ImperativeExpect.toNotBeNullOrUndefined(newPassword, "New password must be defined");
const userID = session.ISession.user;
const oldPwd = session.ISession.password;
imperative_1.ImperativeExpect.toNotBeNullOrUndefined(userID, "Session user must be defined");
imperative_1.ImperativeExpect.toNotBeNullOrUndefined(oldPwd, "Session password must be defined");
let zosmfResponse;
try {
zosmfResponse = yield core_for_zowe_sdk_1.ZosmfRestClient.putExpectJSON(session, Zosmf_constants_1.ZosmfConstants.AUTHENTICATE_RESOURCE, [imperative_1.Headers.APPLICATION_JSON], { userID, oldPwd, newPwd: newPassword });
}
catch (err) {
throw ZosmfChangePassword.sanitizeError(err, oldPwd, newPassword);
}
return {
success: zosmfResponse.returnCode === 0 && zosmfResponse.reasonCode === 0,
returnCode: zosmfResponse.returnCode,
reasonCode: zosmfResponse.reasonCode,
message: zosmfResponse.message
};
});
}
/**
* Remove passwords from diagnostic fields so they are never shown to the user or written to logs.
* @param err - The original error
* @param passwords - Password strings to censor
* @returns The sanitised error
*/
static sanitizeError(err, ...passwords) {
if (err instanceof imperative_1.RestClientError) {
// Censor password values inside the payload object
if (err.mDetails.payload != null && typeof err.mDetails.payload === "object") {
for (const key of Object.keys(err.mDetails.payload)) {
if (typeof err.mDetails.payload[key] === "string") {
for (const pwd of passwords) {
if (err.mDetails.payload[key] === pwd) {
err.mDetails.payload[key] = this.CENSORED;
}
}
}
}
}
// Censor the payload string that appears in additionalDetails
if (err.mDetails.additionalDetails && err.mDetails.payload != null) {
const censoredPayloadStr = (0, util_1.inspect)(err.mDetails.payload, { depth: null });
err.mDetails.additionalDetails = err.mDetails.additionalDetails.replace(/\nPayload: +.*/, "\nPayload: " + censoredPayloadStr);
}
// Append extra context when the generic 8/2 error is returned
// https://www.ibm.com/docs/en/zos/3.2.0?topic=services-change-user-password-passphrase#izuprog_API_PUTWebTokenChangePWService__title__11
if (err.causeErrors) {
try {
const errorResponse = JSON.parse(err.causeErrors);
if (errorResponse.returnCode === this.EXTRA_RET_CODE &&
errorResponse.reasonCode === this.EXTRA_REASON_CODE) {
const extraDetails = "\n\nNote: This generic failure message may also indicate " +
"that the user ID was revoked or the user ID is not defined in RACF.";
const updatedDetails = Object.assign({}, err.mDetails);
updatedDetails.msg += extraDetails;
return new imperative_1.RestClientError(updatedDetails);
}
}
catch (parseErr) {
this.log.warn("Unable to parse error response body for additional details. " +
"Original error will be returned without additional details.\n" +
"Parse error: %s\nError body: %s", parseErr, err.causeErrors);
}
}
}
return err;
}
static get log() {
return imperative_1.Logger.getAppLogger();
}
}
exports.ZosmfChangePassword = ZosmfChangePassword;
ZosmfChangePassword.CENSORED = "****";
/* z/OSMF return/reason codes that may hide specific errors */
ZosmfChangePassword.EXTRA_RET_CODE = 8;
ZosmfChangePassword.EXTRA_REASON_CODE = 2;
//# sourceMappingURL=ChangePassword.js.map