chore: Add PasswdModule to ManagementModule imports

Author: tacxou

src/management/management.module.ts

@@ -3,9 +3,10 @@ import { ManagementService } from './management.service';
 import { ManagementController } from './management.controller';
 import { RouterModule } from '@nestjs/core';
 import { IdentitiesModule } from './identities/identities.module';
+import { PasswdModule } from './passwd/passwd.module';
 
 @Module({
-  imports: [IdentitiesModule],
+  imports: [IdentitiesModule, PasswdModule],
   providers: [ManagementService],
   controllers: [ManagementController],
 })

src/management/passwd/dto/ask-token.dto.ts

@@ -1,10 +1,11 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { IsMongoId, IsString } from 'class-validator';
+import { IsString } from 'class-validator';
 
 export class AskTokenDto {
-  @IsMongoId()
+  @IsString()
   @ApiProperty({ example: 'paul.bismuth', description: 'User id' })
-  id: string;
+  uid: string;
+
   @ApiProperty({ example: 'monemail@mondomaine.com', description: 'secondary mail' })
   @IsString()
   mail: string;

src/management/passwd/dto/change-password.dto.ts

@@ -1,10 +1,10 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { IsMongoId, IsString } from 'class-validator';
+import { IsString } from 'class-validator';
 
 export class ChangePasswordDto {
-  @IsMongoId()
+  @IsString()
   @ApiProperty({ example: 'paul.bismuth', description: 'User object id', type: String })
-  public id: string;
+  public uid: string;
 
   @IsString()
   @ApiProperty({ example: 'MyOldPassword', description: 'Old password', type: String })

src/management/passwd/dto/reset-password.dto.ts

@@ -8,6 +8,7 @@ export class ResetPasswordDto {
     description: 'Token',
   })
   token: string;
+
   @ApiProperty({ example: 'MyNewPassword', description: 'New Password' })
   @IsString()
   newPassword: string;

src/management/passwd/passwd.controller.ts

@@ -1,4 +1,4 @@
-import { Controller, Post, Body, Res, Logger } from '@nestjs/common';
+import { Controller, Post, Body, Res, Logger, HttpStatus } from '@nestjs/common';
 import { PasswdService } from './passwd.service';
 import { ApiTags, ApiOperation, ApiResponse } from '@nestjs/swagger';
 import { Response } from 'express';
@@ -15,59 +15,46 @@ export class PasswdController {
   public constructor(private passwdService: PasswdService) { }
 
   @Post('change')
-  @ApiOperation({ summary: 'change password' })
-  @ApiResponse({ status: 200, description: 'Password has been successfully changed.' })
-  @ApiResponse({ status: 403, description: 'Old password wrong' })
-  @ApiResponse({ status: 500, description: 'Backend error' })
-  public async change(@Body() cpwd: ChangePasswordDto, @Res() res: Response): Promise<Response> {
+  @ApiOperation({ summary: 'Change password' })
+  @ApiResponse({ status: HttpStatus.OK, description: 'Password has been successfully changed.' })
+  @ApiResponse({ status: HttpStatus.BAD_REQUEST, description: 'Old password wrong' })
+  public async change(@Body() body: ChangePasswordDto, @Res() res: Response): Promise<Response> {
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const [_, data] = await this.passwdService.change(cpwd);
-    //TODO: uid ou employeeNumber + employeeType ?
-    data.data.uid = cpwd.id;
-    this.logger.log(`call passwd change for : ${cpwd.id}`);
+    const [_, data] = await this.passwdService.change(body);
+    this.logger.log(`Call passwd change for : ${body.uid}`);
 
-    if (data.data.status === 0) {
-      return res.status(200).json(data);
-    } else {
-      if (data.data.status === 1) {
-        return res.status(403).json(data);
-      }
-      return res.status(200).json(data);
-    }
+    return res.status(HttpStatus.OK).json(data);
   }
 
   @Post('gettoken')
-  @ApiOperation({ summary: 'ask token for reseting password' })
-  @ApiResponse({ status: 200, description: 'Token', content: {} })
-  @ApiResponse({ status: 500, description: 'Backend error' })
+  @ApiOperation({ summary: 'Ask token for reseting password' })
+  @ApiResponse({ status: HttpStatus.OK, description: 'Token' })
+  @ApiResponse({ status: HttpStatus.BAD_REQUEST })
   public async gettoken(@Body() asktoken: AskTokenDto, @Res() res: Response): Promise<Response> {
-    this.logger.log('GetToken for : ' + asktoken.id);
-    const data = await this.passwdService.askToken(asktoken);
-    return res.status(200).json({ token: data });
+    this.logger.log('GetToken for : ' + asktoken.uid);
+    const token = await this.passwdService.askToken(asktoken);
+
+    return res.status(HttpStatus.OK).json({ token });
   }
 
   @Post('verifytoken')
-  @ApiOperation({ summary: 'ask token for reseting password' })
-  @ApiResponse({ status: 201, description: 'Token OK' })
-  @ApiResponse({ status: 500, description: 'Token KO' })
-  public async verifyToken(@Body() token: VerifyTokenDto, @Res() res: Response): Promise<Response> {
-    this.logger.log('Verify token : ' + token.token);
-    if (await this.passwdService.verifyToken(token.token)) {
-      return res.status(200).json({ status: 0 });
-    }
-    return res.status(200).json({ status: 1 });
+  @ApiOperation({ summary: 'Ask token for reseting password' })
+  @ApiResponse({ status: HttpStatus.OK })
+  @ApiResponse({ status: HttpStatus.BAD_REQUEST })
+  public async verifyToken(@Body() body: VerifyTokenDto, @Res() res: Response): Promise<Response> {
+    this.logger.log('Verify token : ' + body.token);
+    const data = await this.passwdService.decryptToken(body.token);
+
+    return res.status(HttpStatus.OK).json(data);
   }
 
   @Post('reset')
-  @ApiOperation({ summary: 'reset password' })
-  @ApiResponse({ status: 200, description: 'Reset OK' })
-  @ApiResponse({ status: 500, description: 'Reset KO' })
-  public async reset(@Body() data: ResetPasswordDto, @Res() res: Response): Promise<Response> {
+  @ApiOperation({ summary: 'Reset password' })
+  @ApiResponse({ status: HttpStatus.OK })
+  @ApiResponse({ status: HttpStatus.BAD_REQUEST })
+  public async reset(@Body() body: ResetPasswordDto, @Res() res: Response): Promise<Response> {
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const [_, resetData] = await this.passwdService.reset(data);
-    if (resetData.status === 0) {
-      return res.status(200).json(resetData);
-    }
-    return res.status(200).json({ status: 1, error: 'invalid token' });
+    const [_, data] = await this.passwdService.reset(body);
+    return res.status(HttpStatus.OK).json(data);
   }
 }

src/management/passwd/passwd.module.ts

@@ -1,10 +1,12 @@
 import { Module } from '@nestjs/common';
 import { PasswdService } from './passwd.service';
 import { PasswdController } from './passwd.controller';
+import { BackendsModule } from '~/core/backends/backends.module';
+import { IdentitiesModule } from '../identities/identities.module';
 
 @Module({
-  imports: [PasswdModule],
+  imports: [BackendsModule, IdentitiesModule],
   controllers: [PasswdController],
   providers: [PasswdService],
 })
-export class PasswdModule {}
+export class PasswdModule { }

src/management/passwd/passwd.service.ts

@@ -1,5 +1,5 @@
 import { InjectRedis } from '@nestjs-modules/ioredis';
-import { Injectable } from '@nestjs/common';
+import { BadRequestException, Injectable, InternalServerErrorException, NotFoundException } from '@nestjs/common';
 import * as crypto from 'crypto';
 import Redis from 'ioredis';
 import { AbstractService } from '~/_common/abstracts/abstract.service';
@@ -9,69 +9,93 @@ import { Jobs } from '~/core/jobs/_schemas/jobs.schema';
 import { AskTokenDto } from './dto/ask-token.dto';
 import { ChangePasswordDto } from './dto/change-password.dto';
 import { ResetPasswordDto } from './dto/reset-password.dto';
-import { Types } from 'mongoose';
+import { IdentitiesService } from '../identities/identities.service';
+
+interface TokenData {
+  k: string;
+  iv: string;
+  tag: string;
+}
+
+interface CipherData {
+  uid: string;
+  mail: string;
+}
 
 @Injectable()
 export class PasswdService extends AbstractService {
+  public static readonly RANDOM_BYTES_K = 16;
+  public static readonly RANDOM_BYTES_IV = 12;
+
+  public static readonly TOKEN_ALGORITHM = 'aes-256-gcm';
+
+  public static readonly TOKEN_EXPIRATION = 3600;
+
   public constructor(
-    protected backends: BackendsService,
+    protected readonly backends: BackendsService,
+    protected readonly identities: IdentitiesService,
     @InjectRedis() private readonly redis: Redis,
   ) {
     super();
   }
 
-  public async change(passwd: ChangePasswordDto): Promise<[Jobs, any]> {
-    return await this.backends.executeJob(ActionType.IDENTITY_PASSWORD_CHANGE, new Types.ObjectId(passwd.id), passwd, {
+  public async change(passwdDto: ChangePasswordDto): Promise<[Jobs, any]> {
+    const identity = await this.identities.findOne({ 'inetOrgPerson.uid': passwdDto.uid });
+
+    return await this.backends.executeJob(ActionType.IDENTITY_PASSWORD_CHANGE, identity._id, passwdDto, {
       async: false,
     });
   }
 
   public async askToken(askToken: AskTokenDto): Promise<string> {
-    const iv = crypto.randomBytes(12).toString('base64');
-    const key = crypto.randomBytes(16).toString('hex');
-    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
-    //TODO: uid ou employeeNumber + employeeType ?
-    const dataStruct = { uid: askToken.id, mail: askToken.mail };
-    let ciphertext = cipher.update(JSON.stringify(dataStruct), 'utf8', 'base64');
+    await this.identities.findOne({ 'inetOrgPerson.uid': askToken.uid });
+
+    const k = crypto.randomBytes(PasswdService.RANDOM_BYTES_K).toString('hex');
+    const iv = crypto.randomBytes(PasswdService.RANDOM_BYTES_IV).toString('base64');
+    const cipher = crypto.createCipheriv(PasswdService.TOKEN_ALGORITHM, k, iv);
+
+    let ciphertext = cipher.update(
+      JSON.stringify(<CipherData>{ uid: askToken.uid, mail: askToken.mail }),
+      'utf8',
+      'base64',
+    );
     ciphertext += cipher.final('base64');
-    const tag = cipher.getAuthTag();
-    const tokenStruct = JSON.stringify({ k: key, iv: iv, tag: tag });
-    await this.redis.set(ciphertext, tokenStruct);
-    await this.redis.expire(ciphertext, 3600);
-    return ciphertext;
-  }
 
-  public async verifyToken(token: string): Promise<boolean> {
-    const data = await this.decryptToken(token);
-    return Object.keys(data).length === 0;
+    await this.redis.set(
+      ciphertext,
+      JSON.stringify(<TokenData>{
+        k,
+        iv,
+        tag: cipher.getAuthTag().toString('base64'),
+      }),
+    );
+    await this.redis.expire(ciphertext, PasswdService.TOKEN_EXPIRATION);
+    return ciphertext;
   }
 
-  public async decryptToken(token: string): Promise<any> {
-    if (!(await this.redis.exists(token))) {
-      throw new Error('Token not found');
-    }
+  public async decryptToken(token: string): Promise<CipherData> {
+    try {
+      const result = await this.redis.get(token);
+      const cypherData: TokenData = JSON.parse(result);
 
-    const result = await this.redis.get(token);
-    const cypherData = JSON.parse(result);
-    const decipher = crypto.createDecipheriv('aes-256-gcm', cypherData.k, cypherData.iv);
-    decipher.setAuthTag(Buffer.from(cypherData.tag, 'base64'));
-    const plaintext = decipher.update(token, 'base64', 'ascii');
+      const decipher = crypto.createDecipheriv(PasswdService.TOKEN_ALGORITHM, cypherData.k, cypherData.iv);
+      decipher.setAuthTag(Buffer.from(cypherData.tag, 'base64'));
+      const plaintext = decipher.update(token, 'base64', 'ascii');
 
-    return JSON.parse(plaintext);
+      return JSON.parse(plaintext);
+    } catch (error) {
+      throw new BadRequestException('Invalid token');
+    }
   }
 
   public async reset(data: ResetPasswordDto): Promise<[Jobs, any]> {
     const tokenData = await this.decryptToken(data.token);
-    if (Object.keys(tokenData).length === 0) {
-      throw new Error('Invalid token');
-    }
+    const identity = await this.identities.findOne({ 'inetOrgPerson.uid': tokenData.uid });
 
-    //TODO: uid ou employeeNumber + employeeType ?
-    const backendData = { uid: tokenData.uid, newPassword: data.newPassword };
     return await this.backends.executeJob(
       ActionType.IDENTITY_PASSWORD_RESET,
-      new Types.ObjectId(`${tokenData.id}`),
-      backendData,
+      identity._id,
+      { uid: tokenData.uid, newPassword: data.newPassword },
       {
         async: false,
       },