will-auth
Version:
authentication and authorization module
883 lines (882 loc) • 50.7 kB
JavaScript
"use strict";
var __extends = (this && this.__extends) || (function () {
var extendStatics = function (d, b) {
extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
return extendStatics(d, b);
};
return function (d, b) {
if (typeof b !== "function" && b !== null)
throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
};
})();
var __assign = (this && this.__assign) || function () {
__assign = Object.assign || function(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return __assign.apply(this, arguments);
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SigninHandler = void 0;
var uuid_1 = require("uuid");
var will_lib_1 = require("will-lib");
var will_api_1 = require("will-api");
var will_sql_1 = require("will-sql");
var will_util_1 = require("will-util");
var will_lib_2 = require("will-lib");
var EnvironmentVariable_1 = require("../utils/EnvironmentVariable");
var UserToken_1 = require("../models/UserToken");
var VerifyError_1 = require("../models/VerifyError");
var Responser_1 = require("../utils/Responser");
var DiffieHandler_1 = require("./DiffieHandler");
var SchemeHandler_1 = require("./SchemeHandler");
var bcrypt = require('bcrypt');
var SigninHandler = /** @class */ (function (_super) {
__extends(SigninHandler, _super);
function SigninHandler() {
var _this = _super !== null && _super.apply(this, arguments) || this;
_this.model = { name: "tuser", alias: { privateAlias: _this.section } };
//declared addon actions name
_this.handlers = [{ name: "signin" }, { name: "accesstoken" }, { name: "fetchtoken" }, { name: "signout" }];
return _this;
}
SigninHandler.prototype.getSigninInfo = function (context) {
return { username: context.params.username, password: context.params.password, site: context.params.site };
};
SigninHandler.prototype.signin = function (context) {
return __awaiter(this, void 0, void 0, function () {
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!(this.model && this.isValidModelConfig("privateAlias", this.model))) return [3 /*break*/, 2];
return [4 /*yield*/, this.exposeFunctional(context, this.model, { operate: "signin" })];
case 1:
_a.sent();
return [2 /*return*/, this.doSignin(context, this.model)];
case 2: return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid setting", will_api_1.HTTP.NOT_ACCEPTABLE, -16006))];
}
});
});
};
SigninHandler.prototype.doSignin = function (context, model) {
return __awaiter(this, void 0, void 0, function () {
var signinfo, db, authinfo, blib, basicinfo;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
signinfo = this.getSigninInfo(context);
this.logger.debug("doSignin : username=" + signinfo.username);
db = this.getPrivateConnector(model);
_a.label = 1;
case 1:
_a.trys.push([1, , 4, 5]);
authinfo = this.getAuthorizationInfo(context);
this.logger.debug("auth info", authinfo);
if (!(authinfo && authinfo.authorization.trim().length > 0)) return [3 /*break*/, 3];
blib = new will_lib_1.BasicLibrary();
return [4 /*yield*/, blib.decrypt(authinfo.authorization, authinfo.client, db)];
case 2:
basicinfo = _a.sent();
if (basicinfo) {
this.logger.debug("basic info: username=" + basicinfo.username);
signinfo = __assign(__assign({}, signinfo), basicinfo);
}
this.logger.debug("sign info: username=" + signinfo.username);
_a.label = 3;
case 3:
if ((!signinfo.username || signinfo.username.trim().length == 0) || (!signinfo.password || signinfo.password.trim().length == 0)) {
return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid user or password", will_api_1.HTTP.BAD_REQUEST, -16081))];
}
if (EnvironmentVariable_1.AUTHEN_BY_VERIFY_DOMAIN) {
return [2 /*return*/, this.doSigninByDomain(context, model, signinfo, db)];
}
else {
return [2 /*return*/, this.doSigninByConfigure(context, model, signinfo, db)];
}
return [3 /*break*/, 5];
case 4:
if (db)
db.close();
return [7 /*endfinally*/];
case 5: return [2 /*return*/];
}
});
});
};
SigninHandler.prototype.doSigninByDomain = function (context, model, signinfo, db) {
return __awaiter(this, void 0, void 0, function () {
var loginfo, account, adconfig, ex_1;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
_a.trys.push([0, 7, , 8]);
return [4 /*yield*/, this.loginWow(signinfo.username, signinfo.password)];
case 1:
loginfo = _a.sent();
db = this.getPrivateConnector(model);
account = will_lib_2.ActiveAuthen.getAccountDomain(signinfo.username);
return [4 /*yield*/, will_lib_2.ActiveLibrary.getActiveConfig(db, account.domainName)];
case 2:
adconfig = _a.sent();
this.logger.debug("ad config = " + (adconfig ? adconfig.hasConfigure() : false));
if (!(adconfig && adconfig.hasConfigure())) return [3 /*break*/, 4];
return [4 /*yield*/, this.processSigninActiveDirectory(context, signinfo, db, adconfig, loginfo)];
case 3: return [2 /*return*/, _a.sent()];
case 4: return [4 /*yield*/, this.processSigninInternalSystem(context, signinfo, db, loginfo)];
case 5: return [2 /*return*/, _a.sent()];
case 6: return [3 /*break*/, 8];
case 7:
ex_1 = _a.sent();
console.error(ex_1);
return [2 /*return*/, Promise.reject(ex_1)];
case 8: return [2 /*return*/];
}
});
});
};
SigninHandler.prototype.doSigninByConfigure = function (context, model, signinfo, db) {
return __awaiter(this, void 0, void 0, function () {
var loginfo, errmsg, authlist, i, isz, aut, response, adconfig, response, response;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
loginfo = undefined;
errmsg = undefined;
authlist = will_util_1.Configure.getConfig("authentications");
if (!(authlist && authlist.length > 0)) return [3 /*break*/, 9];
i = 0, isz = authlist.length;
_a.label = 1;
case 1:
if (!(i < isz)) return [3 /*break*/, 9];
aut = authlist[i];
if (!aut.enabled) return [3 /*break*/, 8];
if (!("SYSTEM" == aut.authtype)) return [3 /*break*/, 3];
return [4 /*yield*/, this.processSigninInternalSystem(context, signinfo, db, loginfo)];
case 2:
response = _a.sent();
if (response.head.errorflag == "N") {
return [2 /*return*/, Promise.resolve(response)];
}
else {
errmsg = response.head.errordesc;
}
return [3 /*break*/, 8];
case 3:
if (!("AD" == aut.authtype)) return [3 /*break*/, 6];
adconfig = will_lib_2.ActiveLibrary.createConfigure(aut);
this.logger.debug("ad config = " + (adconfig ? adconfig.hasConfigure() : false));
if (!(adconfig && adconfig.hasConfigure())) return [3 /*break*/, 5];
return [4 /*yield*/, this.processSigninActiveDirectory(context, signinfo, db, adconfig, loginfo)];
case 4:
response = _a.sent();
if (response.head.errorflag == "N") {
return [2 /*return*/, Promise.resolve(response)];
}
else {
errmsg = response.head.errordesc;
}
_a.label = 5;
case 5: return [3 /*break*/, 8];
case 6: return [4 /*yield*/, this.processSigninPromptSystem(context, signinfo, db, loginfo)];
case 7:
response = _a.sent();
if (response.head.errorflag == "N") {
return [2 /*return*/, Promise.resolve(response)];
}
else {
errmsg = response.head.errordesc;
}
_a.label = 8;
case 8:
i++;
return [3 /*break*/, 1];
case 9: return [2 /*return*/, Promise.reject(new will_lib_1.AuthenError(errmsg ? errmsg : "Authentication fail", will_api_1.HTTP.UNAUTHORIZED))];
}
});
});
};
SigninHandler.prototype.processSigninInternalSystem = function (context, signinfo, db, loginfo) {
return __awaiter(this, void 0, void 0, function () {
var pname, ppass, pcode, pstate, pnonce, response, body, sql, rs, rows, passed, row, userid, site, failtimes, now, failtime, difftime, ismatch, tempmatch, usrpass, plib, tmppwd, usrinfo, token, dhinfo, er_1, ex_2;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
pname = signinfo.username;
ppass = signinfo.password;
pcode = context.params.code;
pstate = context.params.state;
pnonce = context.params.nonce;
response = new will_api_1.JSONReply();
response.head.modeling("signin", "signin");
response.head.composeNoError();
body = new Map();
sql = new will_sql_1.KnSQL("select tuser.userid,tuser.username,tuser.userpassword,tuser.site,tuser.accessdate,tuser.accesstime,tuser.changeflag,tuser.loginfailtimes,tuser.failtime,tuser.lockflag,");
sql.append("tuserinfo.userename,tuserinfo.useresurname,tuserinfo.email,tuserinfo.displayname,tuserinfo.activeflag,tuserinfo.usercontents ");
sql.append("from tuser,tuserinfo ");
sql.append("where tuser.username = ?username ");
sql.append("and tuser.userid = tuserinfo.userid ");
sql.set("username", pname);
this.logger.info(sql);
return [4 /*yield*/, sql.executeQuery(db)];
case 1:
rs = _a.sent();
rows = rs.rows;
this.logger.debug("processSignin: effected " + rows.length + " rows.");
passed = true;
if (!(rows && rows.length > 0)) return [3 /*break*/, 15];
row = rows[0];
userid = row.userid;
site = row.site;
this.logger.debug("MAX_FAILURE=" + EnvironmentVariable_1.MAX_FAILURE + ", loginfailtimes=" + row.loginfailtimes);
failtimes = row.loginfailtimes;
if (failtimes >= EnvironmentVariable_1.MAX_FAILURE) {
now = new Date();
failtime = row.failtime;
difftime = now.getTime() - failtime;
this.logger.debug("MAX_WAITTIME=" + EnvironmentVariable_1.MAX_WAITTIME + ", failtime=" + failtime + ", difftime=" + difftime);
if (difftime <= EnvironmentVariable_1.MAX_WAITTIME) {
passed = false;
response.head.composeError("-5012", "Signin failure over " + EnvironmentVariable_1.MAX_FAILURE + " times. Please contact administrator or wait and retry again after 3 minute");
}
}
if (!passed) return [3 /*break*/, 14];
ismatch = false;
tempmatch = false;
usrpass = row.userpassword;
plib = new will_lib_2.PasswordLibrary();
return [4 /*yield*/, plib.getUserTemporaryPassword(db, userid)];
case 2:
tmppwd = _a.sent();
if (tmppwd && tmppwd.trxid) {
tempmatch = bcrypt.compareSync(ppass, tmppwd.userpassword);
ismatch = tempmatch;
}
if (!ismatch) {
ismatch = bcrypt.compareSync(ppass, usrpass);
}
this.logger.debug("temporary match=" + tempmatch + ", is match=" + ismatch);
if (!!ismatch) return [3 /*break*/, 3];
passed = false;
response.head.composeError("-3002", "Invalid user or password");
return [3 /*break*/, 14];
case 3:
_a.trys.push([3, 13, , 14]);
return [4 /*yield*/, db.beginWork()];
case 4:
_a.sent();
_a.label = 5;
case 5:
_a.trys.push([5, 11, , 12]);
if (!tempmatch) return [3 /*break*/, 7];
return [4 /*yield*/, plib.updatePasswordFromTemporary(db, tmppwd.trxid, userid)];
case 6:
_a.sent();
_a.label = 7;
case 7:
usrinfo = { userid: userid, site: site, code: pcode, state: pstate, nonce: pnonce, loginfo: loginfo };
return [4 /*yield*/, this.createUserAccess(db, usrinfo)];
case 8:
token = _a.sent();
return [4 /*yield*/, this.createDiffie(context, db, token)];
case 9:
dhinfo = _a.sent();
this.composeResponseBody(body, token, pname, __assign(__assign({}, row), { accesscontents: loginfo }), tempmatch, dhinfo);
return [4 /*yield*/, db.commitWork()];
case 10:
_a.sent();
return [3 /*break*/, 12];
case 11:
er_1 = _a.sent();
console.error(er_1);
db.rollbackWork();
this.logger.debug("roll back work");
response = Responser_1.Responser.createDbError("ensure", "signin", er_1);
return [3 /*break*/, 12];
case 12: return [3 /*break*/, 14];
case 13:
ex_2 = _a.sent();
console.error(ex_2);
response = Responser_1.Responser.createDbError("ensure", "signin", ex_2);
return [3 /*break*/, 14];
case 14: return [3 /*break*/, 16];
case 15:
passed = false;
response.head.composeError("-3003", "Invalid user or password");
_a.label = 16;
case 16:
try {
if (passed) {
this.updateUserAccess(db, "" + body.get("userid"));
this.updateUserLock(db, pname, "0");
}
else {
this.updateUserLock(db, pname, "1");
}
}
catch (ex) {
console.error(ex);
}
response.body = Object.fromEntries(body);
return [2 /*return*/, Promise.resolve(response)];
}
});
});
};
SigninHandler.prototype.processSigninActiveDirectory = function (context, signinfo, db, config, loginfo) {
return __awaiter(this, void 0, void 0, function () {
var pname, ppass, pcode, pstate, pnonce, response, body, alib, au, row, sql, rs, usrinfo, token, dhinfo, er_2, ex_3, ex_4;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
pname = signinfo.username;
ppass = signinfo.password;
pcode = context.params.code;
pstate = context.params.state;
pnonce = context.params.nonce;
response = new will_api_1.JSONReply();
response.head.modeling("signin", "signin");
response.head.composeNoError();
body = new Map();
alib = new will_lib_2.ActiveLibrary();
_a.label = 1;
case 1:
_a.trys.push([1, 15, , 16]);
return [4 /*yield*/, alib.authenticate(pname, ppass, config, db)];
case 2:
au = _a.sent();
_a.label = 3;
case 3:
_a.trys.push([3, 13, , 14]);
return [4 /*yield*/, db.beginWork()];
case 4:
_a.sent();
_a.label = 5;
case 5:
_a.trys.push([5, 11, , 12]);
return [4 /*yield*/, alib.saveUserInfo(db, au)];
case 6:
_a.sent();
row = { accessdate: new Date(), accesstime: will_util_1.Utilities.currentTime(), userid: au.accountName, userename: au.firstName, useresurname: au.lastName, email: au.principalName, displayname: au.displayName, activeflag: "1", usercontents: null, changeflag: "0", site: undefined };
sql = new will_sql_1.KnSQL("select site,accessdate,accesstime,userid,userename,useresurname,email,displayname,activeflag,usercontents,'0' as changeflag from tuserinfo where userid = ?userid ");
sql.set("userid", au.accountName);
return [4 /*yield*/, sql.executeQuery(db)];
case 7:
rs = _a.sent();
if (rs.rows && rs.rows.length > 0) {
row = rs.rows[0];
}
usrinfo = { userid: au.accountName, site: row.site, code: pcode, state: pstate, nonce: pnonce, loginfo: loginfo };
return [4 /*yield*/, this.createUserAccess(db, usrinfo)];
case 8:
token = _a.sent();
return [4 /*yield*/, this.createDiffie(context, db, token)];
case 9:
dhinfo = _a.sent();
this.composeResponseBody(body, token, pname, __assign(__assign({}, row), { accesscontents: loginfo }), false, dhinfo);
return [4 /*yield*/, db.commitWork()];
case 10:
_a.sent();
this.updateUserAccess(db, au.accountName);
return [3 /*break*/, 12];
case 11:
er_2 = _a.sent();
console.error(er_2);
db.rollbackWork();
this.logger.debug("roll back work");
response = Responser_1.Responser.createError("ensure", "signin", er_2);
return [3 /*break*/, 12];
case 12: return [3 /*break*/, 14];
case 13:
ex_3 = _a.sent();
console.error(ex_3);
response = Responser_1.Responser.createError("ensure", "signin", ex_3);
return [3 /*break*/, 14];
case 14:
response.body = Object.fromEntries(body);
return [3 /*break*/, 16];
case 15:
ex_4 = _a.sent();
console.error(ex_4);
response = Responser_1.Responser.createError("ensure", "signin", ex_4);
return [3 /*break*/, 16];
case 16: return [2 /*return*/, Promise.resolve(response)];
}
});
});
};
SigninHandler.prototype.processSigninPromptSystem = function (context, signinfo, db, config, loginfo) {
return __awaiter(this, void 0, void 0, function () {
var pname, ppass, pcode, pstate, pnonce, response, body, alib, pu, row, sql, rs, usrinfo, token, dhinfo, er_3, ex_5, ex_6;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
pname = signinfo.username;
ppass = signinfo.password;
pcode = context.params.code;
pstate = context.params.state;
pnonce = context.params.nonce;
response = new will_api_1.JSONReply();
response.head.modeling("signin", "signin");
response.head.composeNoError();
body = new Map();
alib = new will_lib_2.AuthenLibrary();
_a.label = 1;
case 1:
_a.trys.push([1, 15, , 16]);
return [4 /*yield*/, alib.authenticate(pname, ppass, config, db)];
case 2:
pu = _a.sent();
_a.label = 3;
case 3:
_a.trys.push([3, 13, , 14]);
return [4 /*yield*/, db.beginWork()];
case 4:
_a.sent();
_a.label = 5;
case 5:
_a.trys.push([5, 11, , 12]);
return [4 /*yield*/, alib.saveUserInfo(db, pu)];
case 6:
_a.sent();
row = { accessdate: new Date(), accesstime: will_util_1.Utilities.currentTime(), userid: pu.userid, userename: pu.username, useresurname: pu.usersurname, email: pu.email, displayname: pu.displayname, activeflag: "1", usercontents: null, changeflag: "0", site: undefined };
sql = new will_sql_1.KnSQL("select site,accessdate,accesstime,userid,userename,useresurname,email,displayname,activeflag,usercontents,'0' as changeflag from tuserinfo where userid = ?userid ");
sql.set("userid", pu.userid);
this.logger.info(sql);
return [4 /*yield*/, sql.executeQuery(db)];
case 7:
rs = _a.sent();
if (rs.rows && rs.rows.length > 0) {
row = rs.rows[0];
}
usrinfo = { userid: pu.userid, site: row.site, code: pcode, state: pstate, nonce: pnonce, loginfo: pu };
return [4 /*yield*/, this.createUserAccess(db, usrinfo)];
case 8:
token = _a.sent();
return [4 /*yield*/, this.createDiffie(context, db, token)];
case 9:
dhinfo = _a.sent();
this.composeResponseBody(body, token, pname, __assign(__assign({}, row), { accesscontents: pu }), false, dhinfo);
return [4 /*yield*/, db.commitWork()];
case 10:
_a.sent();
this.updateUserAccess(db, pu.userid);
return [3 /*break*/, 12];
case 11:
er_3 = _a.sent();
console.error(er_3);
db.rollbackWork();
this.logger.debug("roll back work");
response = Responser_1.Responser.createError("ensure", "signin", er_3);
return [3 /*break*/, 12];
case 12: return [3 /*break*/, 14];
case 13:
ex_5 = _a.sent();
console.error(ex_5);
response = Responser_1.Responser.createError("ensure", "signin", ex_5);
return [3 /*break*/, 14];
case 14:
response.body = Object.fromEntries(body);
return [3 /*break*/, 16];
case 15:
ex_6 = _a.sent();
console.error(ex_6);
response = Responser_1.Responser.createError("ensure", "signin", ex_6);
return [3 /*break*/, 16];
case 16: return [2 /*return*/, Promise.resolve(response)];
}
});
});
};
SigninHandler.prototype.composeResponseBody = function (body, token, username, row, tempmatch, dhinfo) {
if (tempmatch === void 0) { tempmatch = false; }
var expdate = new Date(token.expiretimes);
body.set("useruuid", token.useruuid);
body.set("expiretimes", token.expiretimes);
body.set("expireddate", will_util_1.Utilities.currentDate(expdate) + " " + will_util_1.Utilities.currentTime(expdate));
body.set("code", token.code);
body.set("state", token.state);
body.set("nonce", token.nonce);
body.set("authtoken", token.authtoken);
body.set("username", username);
body.set("userid", row.userid);
body.set("name", row.userename);
body.set("surname", row.useresurname);
body.set("displayname", row.displayname);
body.set("email", row.email);
body.set("site", row.site);
body.set("accessdate", will_util_1.Utilities.getDMY(row.accessdate));
body.set("accesstime", will_util_1.Utilities.getHMS(row.accesstime));
body.set("activeflag", row.activeflag);
body.set("changeflag", row.changeflag);
body.set("usercontents", row.usercontents);
var accessinfo = row.accesscontents;
if (will_util_1.Utilities.isString(row.accesscontents) && row.accesscontents.trim().length > 0) {
accessinfo = JSON.parse(row.accesscontents);
}
body.set("accesscontents", accessinfo);
if (tempmatch)
body.set("changeflag", "1");
if (dhinfo)
body.set("info", dhinfo);
};
SigninHandler.prototype.createUserAccess = function (db, usrinfo) {
return __awaiter(this, void 0, void 0, function () {
var now, useruuid, authtoken, expiretimes, expdate, code, state, nonce, accesscontents, sql, rs;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
now = new Date();
useruuid = (0, uuid_1.v4)();
authtoken = will_lib_2.AuthenToken.createAuthenToken({ identifier: useruuid, site: usrinfo.site, accessor: usrinfo.userid });
expiretimes = now.getTime() + EnvironmentVariable_1.EXPIRE_TIMES;
expdate = new Date(expiretimes);
code = usrinfo.code ? usrinfo.code : (0, uuid_1.v4)();
state = usrinfo.state ? usrinfo.state : (0, uuid_1.v4)();
nonce = usrinfo.nonce ? usrinfo.nonce : (0, uuid_1.v4)();
accesscontents = usrinfo.loginfo ? JSON.stringify(usrinfo.loginfo) : null;
sql = new will_sql_1.KnSQL("insert into tusertoken(useruuid,userid,createdate,createtime,createmillis,");
sql.append("expiredate,expiretime,expiretimes,site,code,state,nonce,authtoken,accesscontents) ");
sql.append("values(?useruuid,?userid,?createdate,?createtime,?createmillis,");
sql.append("?expiredate,?expiretime,?expiretimes,?site,?code,?state,?nonce,?authtoken,?accesscontents) ");
sql.set("useruuid", useruuid);
sql.set("userid", usrinfo.userid);
sql.set("createdate", now, "DATE");
sql.set("createtime", now, "TIME");
sql.set("createmillis", now.getTime());
sql.set("expiredate", expdate, "DATE");
sql.set("expiretime", expdate, "TIME");
sql.set("expiretimes", expiretimes);
sql.set("site", usrinfo.site);
sql.set("code", code);
sql.set("state", state);
sql.set("nonce", nonce);
sql.set("authtoken", authtoken);
sql.set("accesscontents", accesscontents);
this.logger.info(sql);
return [4 /*yield*/, sql.executeQuery(db)];
case 1:
rs = _a.sent();
this.logger.debug("createUserAccess: affected " + rs.rows.affectedRows + " rows.");
return [2 /*return*/, Promise.resolve(new UserToken_1.UserToken(useruuid, expiretimes, code, state, nonce, authtoken))];
}
});
});
};
SigninHandler.prototype.createDiffie = function (context, db, token) {
return __awaiter(this, void 0, void 0, function () {
var handler, dh, info;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
handler = new DiffieHandler_1.DiffieHandler();
return [4 /*yield*/, handler.createDiffie(context)];
case 1:
dh = _a.sent();
console.log("SigninHandler.createDiffie", dh);
return [4 /*yield*/, handler.saveDiffie(db, { useruuid: token.useruuid }, dh)];
case 2:
_a.sent();
info = handler.createDiffieInfo(dh);
return [2 /*return*/, Promise.resolve(info)];
}
});
});
};
SigninHandler.prototype.updateUserAccess = function (db, userid) {
return __awaiter(this, void 0, void 0, function () {
var now, sql, rs;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
now = new Date();
sql = new will_sql_1.KnSQL("update tuser set accessdate=?accessdate, accesstime=?accesstime, ");
sql.append("accesshits = accesshits + ?accesshits, mistakens = 0, mistakentime = 0 ");
sql.append("where userid=?userid ");
sql.set("accessdate", now, "DATE");
sql.set("accesstime", now, "TIME");
sql.set("accesshits", 1);
sql.set("userid", userid);
this.logger.info(sql);
return [4 /*yield*/, sql.executeUpdate(db)];
case 1:
rs = _a.sent();
this.logger.debug("updateUserAccess: affected " + rs.rows.affectedRows + " rows.");
sql.clear();
sql.append("update tuserinfo set accessdate=?accessdate, accesstime=?accesstime where userid=?userid ");
sql.set("accessdate", now, "DATE");
sql.set("accesstime", now, "TIME");
sql.set("userid", userid);
this.logger.info(sql);
return [4 /*yield*/, sql.executeUpdate(db)];
case 2:
rs = _a.sent();
this.logger.debug("updateUserAccess: affected " + rs.rows.affectedRows + " rows.");
return [2 /*return*/, Promise.resolve()];
}
});
});
};
SigninHandler.prototype.updateUserLock = function (db, username, lockflag) {
return __awaiter(this, void 0, void 0, function () {
var loginfailtimes, now, failtime, sql, locked, rs;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
loginfailtimes = 0;
now = new Date();
failtime = now.getTime();
sql = new will_sql_1.KnSQL();
locked = "1" == lockflag;
if (locked) {
loginfailtimes = 1;
sql.append("update tuser set loginfailtimes = loginfailtimes + ?loginfailtimes, failtime=?failtime ");
}
else {
sql.append("update tuser set loginfailtimes=?loginfailtimes, failtime=?failtime ");
failtime = 0;
}
sql.append("where username = ?username ");
sql.set("loginfailtimes", loginfailtimes);
sql.set("failtime", failtime);
sql.set("username", username);
this.logger.info(sql);
return [4 /*yield*/, sql.executeUpdate(db)];
case 1:
rs = _a.sent();
this.logger.debug("updateUserLock: affected " + rs.rows.affectedRows + " rows.");
return [2 /*return*/, Promise.resolve()];
}
});
});
};
SigninHandler.prototype.accesstoken = function (context) {
return __awaiter(this, void 0, void 0, function () {
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!(this.model && this.isValidModelConfig("privateAlias", this.model))) return [3 /*break*/, 2];
return [4 /*yield*/, this.exposeFunctional(context, this.model, { operate: "accesstoken" })];
case 1:
_a.sent();
return [2 /*return*/, this.doAccessToken(context, this.model)];
case 2: return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid setting", will_api_1.HTTP.NOT_ACCEPTABLE, -16006))];
}
});
});
};
SigninHandler.prototype.doAccessToken = function (context, model) {
return __awaiter(this, void 0, void 0, function () {
var puuid, db;
return __generator(this, function (_a) {
puuid = context.params.useruuid;
this.logger.debug("doAccessToken : uuid = " + puuid);
if (!puuid || puuid == "") {
return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid access token", will_api_1.HTTP.BAD_REQUEST, -3010))];
}
db = this.getPrivateConnector(model);
try {
return [2 /*return*/, this.processAccessToken(db, puuid)];
}
finally {
if (db)
db.close();
}
return [2 /*return*/];
});
});
};
SigninHandler.prototype.processAccessToken = function (db, useruuid) {
return __awaiter(this, void 0, void 0, function () {
var body, now, sql, rs, row, token, dh;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
body = new Map();
now = new Date();
sql = new will_sql_1.KnSQL("select tuser.userid,tuser.username,tuser.userpassword,tuser.site,tuser.accessdate,tuser.accesstime,tuser.changeflag,tuser.loginfailtimes,tuser.failtime,tuser.lockflag,");
sql.append("tuserinfo.userename,tuserinfo.useresurname,tuserinfo.email,tuserinfo.displayname,tuserinfo.activeflag,tuserinfo.usercontents,");
sql.append("tusertoken.expiretimes,tusertoken.code,tusertoken.state,tusertoken.nonce,tusertoken.authtoken,tusertoken.accesscontents,");
sql.append("tusertoken.prime,tusertoken.generator,tusertoken.publickey ");
sql.append("from tusertoken,tuser,tuserinfo ");
sql.append("where tusertoken.useruuid = ?useruuid and tusertoken.expiretimes >= ?expiretimes ");
sql.append("and tusertoken.outdate is null and tusertoken.outtime is null ");
sql.append("and tusertoken.userid = tuser.userid ");
sql.append("and tuser.userid = tuserinfo.userid ");
sql.set("useruuid", useruuid);
sql.set("expiretimes", now.getTime());
this.logger.info(sql);
return [4 /*yield*/, sql.executeQuery(db)];
case 1:
rs = _a.sent();
this.logger.debug("processAccessToken: effected " + rs.rows.length + " rows.");
if (rs.rows && rs.rows.length > 0) {
row = rs.rows[0];
token = new UserToken_1.UserToken(useruuid, row.expiretimes, row.code, row.state, row.nonce, row.authtoken);
dh = { prime: row.prime, generator: row.generator, publickey: row.publickey };
this.composeResponseBody(body, token, row.username, row, false, dh);
this.updateUserAccess(db, row.userid);
}
else {
return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid access token", will_api_1.HTTP.NOT_ACCEPTABLE, -3011))];
}
return [2 /*return*/, Promise.resolve(body)];
}
});
});
};
SigninHandler.prototype.fetchtoken = function (context) {
return __awaiter(this, void 0, void 0, function () {
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!(this.model && this.isValidModelConfig("privateAlias", this.model))) return [3 /*break*/, 2];
return [4 /*yield*/, this.exposeFunctional(context, this.model, { operate: "fetchtoken" })];
case 1:
_a.sent();
return [2 /*return*/, this.doFetchToken(context, this.model)];
case 2: return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid setting", will_api_1.HTTP.NOT_ACCEPTABLE, -16006))];
}
});
});
};
SigninHandler.prototype.doFetchToken = function (context, model) {
return __awaiter(this, void 0, void 0, function () {
var puuid, db;
return __generator(this, function (_a) {
puuid = context.params.useruuid;
this.logger.debug("doFetchToken : uuid = " + puuid);
if (!puuid || puuid == "") {
return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid access token", will_api_1.HTTP.BAD_REQUEST, -3010))];
}
db = this.getPrivateConnector(model);
try {
return [2 /*return*/, this.processAccessToken(db, puuid)];
}
finally {
if (db)
db.close();
}
return [2 /*return*/];
});
});
};
SigninHandler.prototype.signout = function (context) {
return __awaiter(this, void 0, void 0, function () {
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!(this.model && this.isValidModelConfig("privateAlias", this.model))) return [3 /*break*/, 2];
return [4 /*yield*/, this.exposeFunctional(context, this.model, { operate: "singout" })];
case 1:
_a.sent();
return [2 /*return*/, this.doSignout(context, this.model)];
case 2: return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid setting", will_api_1.HTTP.NOT_ACCEPTABLE, -16006))];
}
});
});
};
SigninHandler.prototype.doSignout = function (context, model) {
return __awaiter(this, void 0, void 0, function () {
var puuid, db;
return __generator(this, function (_a) {
puuid = context.params.useruuid;
this.logger.debug("doSignout : uuid = " + puuid);
if (!puuid || puuid == "") {
return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid access token", will_api_1.HTTP.BAD_REQUEST, -3010))];
}
db = this.getPrivateConnector(model);
try {
return [2 /*return*/, this.processSignout(db, puuid)];
}
finally {
if (db)
db.close();
}
return [2 /*return*/];
});
});
};
SigninHandler.prototype.processSignout = function (db, useruuid) {
return __awaiter(this, void 0, void 0, function () {
var body, sql, rs;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
body = new Map();
sql = new will_sql_1.KnSQL("delete from tusertoken where useruuid = ?useruuid ");
sql.set("useruuid", useruuid);
this.logger.info(sql);
return [4 /*yield*/, sql.executeUpdate(db)];
case 1:
rs = _a.sent();
this.logger.debug("processSignout: affected " + rs.rows.affectedRows + " rows.");
if (rs.rows.affectedRows > 0) {
body.set("affected", rs.rows.affectedRows);
}
else {
return [2 /*return*/, Promise.reject(new VerifyError_1.VerifyError("Invalid access token", will_api_1.HTTP.BAD_REQUEST, -3011))];
}
return [2 /*return*/, Promise.resolve(body)];
}
});
});
};
SigninHandler.prototype.loginWow = function (userid, pwd, site) {
return __awaiter(this, void 0, void 0, function () {
var result, cfg, alib, res, ex_7;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
result = {};
if (EnvironmentVariable_1.NEWS_URL_ALWAYS_OPEN)
result = will_lib_2.AuthenLibrary.getDefaultResponse();
_a.label = 1;
case 1:
_a.trys.push([1, 3, , 4]);
cfg = will_lib_2.AuthenLibrary.getDefaultConfigure(site);
this.logger.debug("login config", cfg);