UNPKG

@zowe/zosmf-for-zowe-sdk

Version:

Zowe SDK to interact with the z/OS Management Facility

123 lines 6.42 kB
"use strict"; /* * This program and the accompanying materials are made available under the terms of the * Eclipse Public License v2.0 which accompanies this distribution, and is available at * https://www.eclipse.org/legal/epl-v20.html * * SPDX-License-Identifier: EPL-2.0 * * Copyright Contributors to the Zowe Project. * */ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.ZosmfChangePassword = void 0; const util_1 = require("util"); const imperative_1 = require("@zowe/imperative"); const core_for_zowe_sdk_1 = require("@zowe/core-for-zowe-sdk"); const Zosmf_constants_1 = require("./constants/Zosmf.constants"); const Zosmf_messages_1 = require("./constants/Zosmf.messages"); /** * Class to handle changing a z/OS password or passphrase via z/OSMF. * * https://www.ibm.com/docs/en/zos/3.2.0?topic=services-change-user-password-passphrase * @export * @class ZosmfChangePassword */ class ZosmfChangePassword { /** * Change the password or passphrase for a z/OS user ID via z/OSMF. * @param {AbstractSession} session * @param {string} newPassword * @returns {Promise<IZosmfChangePasswordResponse>} */ static changePassword(session, newPassword) { return __awaiter(this, void 0, void 0, function* () { ZosmfChangePassword.log.trace("ZosmfChangePassword.changePassword()"); imperative_1.ImperativeExpect.toNotBeNullOrUndefined(session, Zosmf_messages_1.ZosmfMessages.missingSession.message); imperative_1.ImperativeExpect.toNotBeNullOrUndefined(newPassword, "New password must be defined"); const userID = session.ISession.user; const oldPwd = session.ISession.password; imperative_1.ImperativeExpect.toNotBeNullOrUndefined(userID, "Session user must be defined"); imperative_1.ImperativeExpect.toNotBeNullOrUndefined(oldPwd, "Session password must be defined"); let zosmfResponse; try { zosmfResponse = yield core_for_zowe_sdk_1.ZosmfRestClient.putExpectJSON(session, Zosmf_constants_1.ZosmfConstants.AUTHENTICATE_RESOURCE, [imperative_1.Headers.APPLICATION_JSON], { userID, oldPwd, newPwd: newPassword }); } catch (err) { throw ZosmfChangePassword.sanitizeError(err, oldPwd, newPassword); } return { success: zosmfResponse.returnCode === 0 && zosmfResponse.reasonCode === 0, returnCode: zosmfResponse.returnCode, reasonCode: zosmfResponse.reasonCode, message: zosmfResponse.message }; }); } /** * Remove passwords from diagnostic fields so they are never shown to the user or written to logs. * @param err - The original error * @param passwords - Password strings to censor * @returns The sanitised error */ static sanitizeError(err, ...passwords) { if (err instanceof imperative_1.RestClientError) { // Censor password values inside the payload object if (err.mDetails.payload != null && typeof err.mDetails.payload === "object") { for (const key of Object.keys(err.mDetails.payload)) { if (typeof err.mDetails.payload[key] === "string") { for (const pwd of passwords) { if (err.mDetails.payload[key] === pwd) { err.mDetails.payload[key] = this.CENSORED; } } } } } // Censor the payload string that appears in additionalDetails if (err.mDetails.additionalDetails && err.mDetails.payload != null) { const censoredPayloadStr = (0, util_1.inspect)(err.mDetails.payload, { depth: null }); err.mDetails.additionalDetails = err.mDetails.additionalDetails.replace(/\nPayload: +.*/, "\nPayload: " + censoredPayloadStr); } // Append extra context when the generic 8/2 error is returned // https://www.ibm.com/docs/en/zos/3.2.0?topic=services-change-user-password-passphrase#izuprog_API_PUTWebTokenChangePWService__title__11 if (err.causeErrors) { try { const errorResponse = JSON.parse(err.causeErrors); if (errorResponse.returnCode === this.EXTRA_RET_CODE && errorResponse.reasonCode === this.EXTRA_REASON_CODE) { const extraDetails = "\n\nNote: This generic failure message may also indicate " + "that the user ID was revoked or the user ID is not defined in RACF."; const updatedDetails = Object.assign({}, err.mDetails); updatedDetails.msg += extraDetails; return new imperative_1.RestClientError(updatedDetails); } } catch (parseErr) { this.log.warn("Unable to parse error response body for additional details. " + "Original error will be returned without additional details.\n" + "Parse error: %s\nError body: %s", parseErr, err.causeErrors); } } } return err; } static get log() { return imperative_1.Logger.getAppLogger(); } } exports.ZosmfChangePassword = ZosmfChangePassword; ZosmfChangePassword.CENSORED = "****"; /* z/OSMF return/reason codes that may hide specific errors */ ZosmfChangePassword.EXTRA_RET_CODE = 8; ZosmfChangePassword.EXTRA_REASON_CODE = 2; //# sourceMappingURL=ChangePassword.js.map