2023-11-08 07:29:39 -08:00
|
|
|
import { hash } from 'bcryptjs';
|
2024-09-26 05:58:49 -07:00
|
|
|
import { randomString } from 'n8n-workflow';
|
2024-09-12 09:07:18 -07:00
|
|
|
import Container from 'typedi';
|
|
|
|
|
2024-08-27 07:44:32 -07:00
|
|
|
import { AuthIdentity } from '@/databases/entities/auth-identity';
|
2024-08-28 08:57:46 -07:00
|
|
|
import { type GlobalRole, type User } from '@/databases/entities/user';
|
2024-09-26 05:58:49 -07:00
|
|
|
import { ApiKeyRepository } from '@/databases/repositories/api-key.repository';
|
2024-08-27 08:24:20 -07:00
|
|
|
import { AuthIdentityRepository } from '@/databases/repositories/auth-identity.repository';
|
2024-09-12 09:07:18 -07:00
|
|
|
import { AuthUserRepository } from '@/databases/repositories/auth-user.repository';
|
2024-08-27 08:24:20 -07:00
|
|
|
import { UserRepository } from '@/databases/repositories/user.repository';
|
2024-08-22 02:10:37 -07:00
|
|
|
import { MfaService } from '@/mfa/mfa.service';
|
2024-09-12 09:07:18 -07:00
|
|
|
import { TOTPService } from '@/mfa/totp.service';
|
2023-11-08 07:29:39 -08:00
|
|
|
|
|
|
|
import { randomApiKey, randomEmail, randomName, randomValidPassword } from '../random';
|
|
|
|
|
2024-02-07 08:56:02 -08:00
|
|
|
// pre-computed bcrypt hash for the string 'password', using `await hash('password', 10)`
|
|
|
|
const passwordHash = '$2a$10$njedH7S6V5898mj6p0Jr..IGY9Ms.qNwR7RbSzzX9yubJocKfvGGK';
|
|
|
|
|
2024-04-05 04:47:49 -07:00
|
|
|
/** Store a new user object, defaulting to a `member` */
|
|
|
|
export async function newUser(attributes: Partial<User> = {}): Promise<User> {
|
2024-01-24 04:38:57 -08:00
|
|
|
const { email, password, firstName, lastName, role, ...rest } = attributes;
|
2024-04-05 04:47:49 -07:00
|
|
|
return Container.get(UserRepository).create({
|
2023-11-08 07:29:39 -08:00
|
|
|
email: email ?? randomEmail(),
|
2024-02-07 08:56:02 -08:00
|
|
|
password: password ? await hash(password, 1) : passwordHash,
|
2023-11-08 07:29:39 -08:00
|
|
|
firstName: firstName ?? randomName(),
|
|
|
|
lastName: lastName ?? randomName(),
|
2024-01-24 04:38:57 -08:00
|
|
|
role: role ?? 'global:member',
|
2023-11-08 07:29:39 -08:00
|
|
|
...rest,
|
2023-11-29 06:48:36 -08:00
|
|
|
});
|
2024-04-05 04:47:49 -07:00
|
|
|
}
|
2023-11-08 07:29:39 -08:00
|
|
|
|
2024-04-05 04:47:49 -07:00
|
|
|
/** Store a user object in the DB */
|
|
|
|
export async function createUser(attributes: Partial<User> = {}): Promise<User> {
|
2024-05-17 01:53:15 -07:00
|
|
|
const userInstance = await newUser(attributes);
|
|
|
|
const { user } = await Container.get(UserRepository).createUserWithProject(userInstance);
|
2024-04-05 04:47:49 -07:00
|
|
|
user.computeIsOwner();
|
2024-05-17 01:53:15 -07:00
|
|
|
return user;
|
2023-11-08 07:29:39 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
export async function createLdapUser(attributes: Partial<User>, ldapId: string): Promise<User> {
|
|
|
|
const user = await createUser(attributes);
|
|
|
|
await Container.get(AuthIdentityRepository).save(AuthIdentity.create(user, ldapId, 'ldap'));
|
|
|
|
return user;
|
|
|
|
}
|
|
|
|
|
|
|
|
export async function createUserWithMfaEnabled(
|
|
|
|
data: { numberOfRecoveryCodes: number } = { numberOfRecoveryCodes: 10 },
|
|
|
|
) {
|
|
|
|
const email = randomEmail();
|
|
|
|
const password = randomValidPassword();
|
|
|
|
|
|
|
|
const toptService = new TOTPService();
|
|
|
|
|
|
|
|
const secret = toptService.generateSecret();
|
|
|
|
|
|
|
|
const mfaService = Container.get(MfaService);
|
|
|
|
|
|
|
|
const recoveryCodes = mfaService.generateRecoveryCodes(data.numberOfRecoveryCodes);
|
|
|
|
|
|
|
|
const { encryptedSecret, encryptedRecoveryCodes } = mfaService.encryptSecretAndRecoveryCodes(
|
|
|
|
secret,
|
|
|
|
recoveryCodes,
|
|
|
|
);
|
|
|
|
|
2024-05-31 00:40:19 -07:00
|
|
|
const user = await createUser({
|
|
|
|
mfaEnabled: true,
|
|
|
|
password,
|
|
|
|
email,
|
|
|
|
});
|
|
|
|
|
|
|
|
await Container.get(AuthUserRepository).update(user.id, {
|
|
|
|
mfaSecret: encryptedSecret,
|
|
|
|
mfaRecoveryCodes: encryptedRecoveryCodes,
|
|
|
|
});
|
|
|
|
|
2023-11-08 07:29:39 -08:00
|
|
|
return {
|
2024-05-31 00:40:19 -07:00
|
|
|
user,
|
2023-11-08 07:29:39 -08:00
|
|
|
rawPassword: password,
|
|
|
|
rawSecret: secret,
|
|
|
|
rawRecoveryCodes: recoveryCodes,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2024-09-26 05:58:49 -07:00
|
|
|
const createApiKeyEntity = (user: User) => {
|
|
|
|
const apiKey = randomApiKey();
|
|
|
|
return Container.get(ApiKeyRepository).create({
|
|
|
|
userId: user.id,
|
|
|
|
label: randomString(10),
|
|
|
|
apiKey,
|
|
|
|
});
|
|
|
|
};
|
2024-07-30 05:58:07 -07:00
|
|
|
|
2024-09-26 05:58:49 -07:00
|
|
|
export const addApiKey = async (user: User) => {
|
|
|
|
return await Container.get(ApiKeyRepository).save(createApiKeyEntity(user));
|
|
|
|
};
|
|
|
|
|
|
|
|
export async function createOwnerWithApiKey() {
|
|
|
|
const owner = await createOwner();
|
|
|
|
const apiKey = await addApiKey(owner);
|
|
|
|
owner.apiKeys = [apiKey];
|
|
|
|
return owner;
|
2023-11-08 07:29:39 -08:00
|
|
|
}
|
|
|
|
|
2024-09-26 05:58:49 -07:00
|
|
|
export async function createMemberWithApiKey() {
|
|
|
|
const member = await createMember();
|
|
|
|
const apiKey = await addApiKey(member);
|
|
|
|
member.apiKeys = [apiKey];
|
|
|
|
return member;
|
|
|
|
}
|
2024-08-02 03:02:05 -07:00
|
|
|
|
2024-09-26 05:58:49 -07:00
|
|
|
export async function createOwner() {
|
|
|
|
return await createUser({ role: 'global:owner' });
|
|
|
|
}
|
|
|
|
|
|
|
|
export async function createMember() {
|
2024-01-24 04:38:57 -08:00
|
|
|
return await createUser({ role: 'global:member' });
|
2023-11-08 07:29:39 -08:00
|
|
|
}
|
|
|
|
|
2023-11-24 02:40:08 -08:00
|
|
|
export async function createAdmin() {
|
2024-01-24 04:38:57 -08:00
|
|
|
return await createUser({ role: 'global:admin' });
|
2023-11-24 02:40:08 -08:00
|
|
|
}
|
|
|
|
|
2024-01-24 04:38:57 -08:00
|
|
|
export async function createUserShell(role: GlobalRole): Promise<User> {
|
|
|
|
const shell: Partial<User> = { role };
|
2023-11-08 07:29:39 -08:00
|
|
|
|
2024-01-24 04:38:57 -08:00
|
|
|
if (role !== 'global:owner') {
|
2023-11-08 07:29:39 -08:00
|
|
|
shell.email = randomEmail();
|
|
|
|
}
|
|
|
|
|
2024-05-17 01:53:15 -07:00
|
|
|
const { user } = await Container.get(UserRepository).createUserWithProject(shell);
|
|
|
|
return user;
|
2023-11-08 07:29:39 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create many users in the DB, defaulting to a `member`.
|
|
|
|
*/
|
|
|
|
export async function createManyUsers(
|
|
|
|
amount: number,
|
|
|
|
attributes: Partial<User> = {},
|
|
|
|
): Promise<User[]> {
|
2024-05-17 01:53:15 -07:00
|
|
|
const result = await Promise.all(
|
2024-04-05 04:47:49 -07:00
|
|
|
Array(amount)
|
|
|
|
.fill(0)
|
2024-05-17 01:53:15 -07:00
|
|
|
.map(async () => {
|
|
|
|
const userInstance = await newUser(attributes);
|
|
|
|
return await Container.get(UserRepository).createUserWithProject(userInstance);
|
|
|
|
}),
|
2023-11-08 07:29:39 -08:00
|
|
|
);
|
2024-05-17 01:53:15 -07:00
|
|
|
return result.map((result) => result.user);
|
2023-11-08 07:29:39 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
export const getAllUsers = async () =>
|
2024-01-17 07:08:50 -08:00
|
|
|
await Container.get(UserRepository).find({
|
2024-01-24 04:38:57 -08:00
|
|
|
relations: ['authIdentities'],
|
2023-11-08 07:29:39 -08:00
|
|
|
});
|
|
|
|
|
2023-11-24 02:40:08 -08:00
|
|
|
export const getUserById = async (id: string) =>
|
2024-01-17 07:08:50 -08:00
|
|
|
await Container.get(UserRepository).findOneOrFail({
|
2023-11-24 02:40:08 -08:00
|
|
|
where: { id },
|
2024-01-24 04:38:57 -08:00
|
|
|
relations: ['authIdentities'],
|
2023-11-24 02:40:08 -08:00
|
|
|
});
|
|
|
|
|
2023-11-08 07:29:39 -08:00
|
|
|
export const getLdapIdentities = async () =>
|
2024-01-17 07:08:50 -08:00
|
|
|
await Container.get(AuthIdentityRepository).find({
|
2023-11-08 07:29:39 -08:00
|
|
|
where: { providerType: 'ldap' },
|
2024-05-17 01:53:15 -07:00
|
|
|
relations: { user: true },
|
2023-11-08 07:29:39 -08:00
|
|
|
});
|
2024-03-26 09:18:41 -07:00
|
|
|
|
|
|
|
export async function getGlobalOwner() {
|
|
|
|
return await Container.get(UserRepository).findOneByOrFail({ role: 'global:owner' });
|
|
|
|
}
|