espe/backend
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
backend/source/services/member.ts

755 lines
19 KiB
TypeScript
Raw Blame History

namespace _espe.service.member
{
/**
*/
var _hooks_change : Array<() => void> = [];
/**
*/
export function listen_change(
procedure : () => void
) : void
{
_hooks_change.push(procedure);
}
/**
*/
function notify_change(
) : void
{
_hooks_change.forEach(
procedure => {
procedure();
}
);
}
/**
* @todo do not export
*/
export function validate_password(
password : string
) : Array<{incident : string; details : Record<string, any>}>
{
let flaws : Array<{incident : string; details : Record<string, any>}> = [];
if (
(_espe.conf.get().settings.password_policy.minimum_length !== null)
&&
(password.length < _espe.conf.get().settings.password_policy.minimum_length)
) {
flaws.push(
{
"incident": "too_short",
"details": {
"minimum_length": _espe.conf.get().settings.password_policy.minimum_length,
"actual_length": password.length,
}
}
);
}
if (
(_espe.conf.get().settings.password_policy.maximum_length !== null)
&&
(password.length > _espe.conf.get().settings.password_policy.maximum_length)
) {
flaws.push(
{
"incident": "too_long",
"details": {
"maximum_length": _espe.conf.get().settings.password_policy.maximum_length,
"actual_length": password.length,
}
}
);
}
if (
_espe.conf.get().settings.password_policy.must_contain_letter
&&
(! (new RegExp("[a-zA-Z]")).test(password))
) {
flaws.push(
{
"incident": "lacks_letter",
"details": {
}
}
);
}
if (
_espe.conf.get().settings.password_policy.must_contain_number
&&
(! (new RegExp("[0-9]")).test(password))
) {
flaws.push(
{
"incident": "lacks_number",
"details": {
}
}
);
}
if (
_espe.conf.get().settings.password_policy.must_contain_special_character
&&
(! (new RegExp("[!?-_.,;/\~%&$'()\\[\\]{}^'#|+*<>=\"`:@]")).test(password))
) {
flaws.push(
{
"incident": "lacks_special_character",
"details": {
}
}
);
}
return flaws;
}
/**
* ermittelt den Anmelde-Name des Mitglieds
*/
export function name_login(
object : _espe.type.member_object
) : string
{
return lib_plankton.string.coin(
"{{object}}{{extension}}",
{
"object": lib_plankton.call.convey(
object.name_real_value,
[
x => x.toLowerCase(),
x => x.replace(new RegExp(" ", "g"), "."),
x => x.replace(new RegExp("[äÄ]", "g"), "ae"),
x => x.replace(new RegExp("[öÖ]", "g"), "oe"),
x => x.replace(new RegExp("[üÜ]", "g"), "ue"),
x => x.replace(new RegExp("[ß]", "g"), "ss"),
x => x.replace(new RegExp("[^a-z-\.]", "g"), "_"),
]
),
"extension": (
(object.name_real_index <= 1)
? ""
: ("." + object.name_real_index.toFixed(0))
),
}
);
}
/**
* ermittelt den Anzeige-Name des Mitglieds
*/
export function name_display(
object : _espe.type.member_object
) : string
{
return object.name_real_value;
}
/**
* ermittelt die verschleierte E-Mail-Adresse des Mitglieds
*/
export function email_address_veiled(
object : _espe.type.member_object
) : string
{
return lib_plankton.string.coin(
"{{prefix}}{{membership_number}}@{{domain}}",
{
"prefix": _espe.conf.get().settings.prefix_for_numberbased_email_addresses,
"membership_number": object.membership_number,
"domain": _espe.conf.get().settings.target_domain,
}
);
}
/**
* ermittelt die namentliche E-Mail-Adresse des Mitglieds
*/
export function email_address_nominal(
object : _espe.type.member_object
) : string
{
return lib_plankton.string.coin(
"{{user}}@{{domain}}",
{
"user": name_login(object),
"domain": _espe.conf.get().settings.target_domain,
}
);
}
/**
* ermittelt die allgemein zu verwendende E-Mail-Adresse des Mitglieds
*/
export function email_address(
object : _espe.type.member_object
) : (null | string)
{
return (
object.email_use_nominal_address
? email_address_nominal(object)
: (
object.email_use_veiled_address
? email_address_veiled(object)
: object.email_address_private
)
);
}
/**
* ermittelt das Passwort-Abbild anhand des tatsächlichen Passworts
*/
function password_image(
password : (null | string)
) : Promise<string>
{
return (
(
(! (password === null))
&&
(! (password === ""))
)
? _espe.helpers.bcrypt_compute(password)
: null
);
}
/**
* gibt die vollständigen Daten aller Mitglieder aus
*/
async function dump(
) : Promise<
Array<
{
id : _espe.type.member_id;
object : _espe.type.member_object;
}
>
>
{
return _espe.repository.member.dump();
}
/**
* gibt eine Auflistung aller Mitgliedr aus
*/
export async function list(
search_term : (null | string)
) : Promise<
Array<
{
id : _espe.type.member_id;
preview : {
membership_number : string;
name_real_value : string;
name_real_index : int;
};
}
>
>
{
return _espe.repository.member.list(search_term);
}
/**
* gibt die Angaben eines bestimmten Mitglieds aus
*/
export function get(
id : _espe.type.member_id
) : Promise<_espe.type.member_object>
{
return _espe.repository.member.read(id);
}
/**
* legt ein Mitglied an
*/
export async function project(
data : {
membership_number : string;
name_real_value : string;
email_address_private : (null | string);
}
) : Promise<_espe.type.member_id>
{
const name_real_index : int = await _espe.service.name_index.next(data.name_real_value);
const object : _espe.type.member_object = {
"membership_number": data.membership_number,
"name_real_value": data.name_real_value,
"name_real_index": name_real_index,
"email_address_private": data.email_address_private,
"registered": false,
"enabled": true,
"email_use_veiled_address": false,
"email_use_nominal_address": false,
"email_redirect_to_private_address": false,
"email_allow_sending": false,
"password_image": null,
"password_change_last_attempt": null,
"password_change_token": null,
};
const id : _espe.type.member_id = await _espe.repository.member.create(object);
notify_change();
return id;
}
/**
* sendet an ein Mitglied eine E-Mail mit Aufforderung zur Registrierung
*
* @todo conf:settings.frontend_url_base verwenden
*/
export async function summon(
member_id : _espe.type.member_id,
url_template : string
) : Promise<string>
{
const member_object : _espe.type.member_object = await get(member_id);
const verification : string = await _espe.helpers.verification_get(member_id);
const url : string = lib_plankton.string.coin(
url_template,
{
"verification": verification,
}
);
await _espe.helpers.email_send(
[
member_object.email_address_private,
],
_espe.conf.get().settings.registration_email.subject,
lib_plankton.string.coin(
_espe.conf.get().settings.registration_email.body,
{
"name": member_object.name_real_value,
"url": url,
}
)
);
return url;
}
/**
* gibt Daten über ein Mitglied aus, die relevant für die Registrierung sind
*/
export async function info(
member_id : _espe.type.member_id
) : Promise<
(
null
|
{
name_real_value : string;
name_real_index : int;
name_login : string;
email_address_veiled : string;
email_address_nominal : string;
}
)
>
{
const member_object : _espe.type.member_object = await _espe.repository.member.read(member_id);
if (! member_object.registered) {
return {
"name_real_value": member_object.name_real_value,
"name_real_index": member_object.name_real_index,
"name_login": name_login(member_object),
"email_address_veiled": email_address_veiled(member_object),
"email_address_nominal": email_address_nominal(member_object),
};
}
else {
return null;
}
}
/**
* führt die Registrierung für ein Mitglied durch
*
* @todo customize notifiation email (conf values)
*/
export async function register(
member_id : _espe.type.member_id,
data : {
email_use_veiled_address : boolean;
email_use_nominal_address : boolean;
email_redirect_to_private_address : boolean;
password : string;
},
options : {
notify_admins ?: boolean;
} = {}
) : Promise<Array<{incident : string; details : Record<string, any>;}>>
{
options = Object.assign(
{
"notify_admins": false,
},
options
);
const member_object : _espe.type.member_object = await get(member_id);
let flaws : Array<{incident : string; details : Record<string, any>;}> = [];
const password_set : boolean = (
(data.password !== null)
&&
(data.password !== "")
);
if (member_object.registered) {
flaws.push({"incident": "already_registered", "details": {}});
}
else {
if (password_set) {
flaws = flaws.concat(
validate_password(data.password)
.map(flaw => ({"incident": ("password_" + flaw.incident), "details": flaw.details}))
);
}
else {
// do nothing
}
}
if (flaws.length > 0) {
// do nothing
}
else {
member_object.email_use_veiled_address = data.email_use_veiled_address
member_object.email_use_nominal_address = data.email_use_nominal_address
member_object.email_redirect_to_private_address = data.email_redirect_to_private_address;
member_object.password_image = await password_image(data.password);
member_object.registered = true;
await _espe.repository.member.update(member_id, member_object);
notify_change();
if (! options.notify_admins) {
// do nothing
}
else {
await _espe.helpers.email_send(
(
_espe.conf.get().admins
.map(admin => admin.email_address)
.filter(x => (x !== null))
),
"Eingegangene Registrierung", // TODO
("Member-ID: " + member_id.toFixed(0))
);
}
}
return Promise.resolve(flaws);
}
/**
* ändert bestimmte Daten des Mitglied
*/
export async function modify(
member_id : _espe.type.member_id,
data : {
email_address_private : (null | string);
registered : boolean;
enabled : boolean;
}
) : Promise<void>
{
const member_object_old : _espe.type.member_object = await get(member_id);
const member_object_new : _espe.type.member_object = {
"membership_number": member_object_old.membership_number,
"name_real_value": member_object_old.name_real_value,
"name_real_index": member_object_old.name_real_index,
"email_address_private": data.email_address_private,
"registered": data.registered,
"enabled": data.enabled,
"email_use_veiled_address": member_object_old.email_use_veiled_address,
"email_use_nominal_address": member_object_old.email_use_nominal_address,
"email_redirect_to_private_address": member_object_old.email_redirect_to_private_address,
"email_allow_sending": member_object_old.email_allow_sending,
"password_image": member_object_old.password_image,
"password_change_last_attempt": member_object_old.password_change_last_attempt,
"password_change_token": member_object_old.password_change_token,
};
await _espe.repository.member.update(member_id, member_object_new);
notify_change();
}
/**
* bereitet eine Passwort-Rücksetzung für Mitglieder vor
*
* @todo Zwangs-Pause falls Abklingzeit noch nicht vorbei um vorzugaukeln, dass es geklappt hat?
*/
export async function password_change_initialize(
identifier : string,
url_template : string
) : Promise<void>
{
if (_espe.conf.get().settings.frontend_url_base === null) {
return Promise.reject<void>(new Error("no frontend url base set; add in conf as 'settings.frontend_url_base'!"));
}
else {
const now : int = lib_plankton.base.get_current_timestamp(true);
const cooldown_time : int = _espe.conf.get().settings.password_change.cooldown_time;
const member_ids : Array<_espe.type.member_id> = await (
(await _espe.repository.member.dump())
.filter(
member_entry => (
(
(! (member_entry.object.email_address_private === null))
&&
(member_entry.object.email_address_private === identifier)
)
||
(name_login(member_entry.object) === identifier)
)
)
.map(
member_entry => member_entry.id
)
);
for await (const member_id of member_ids) {
const member_object_old : _espe.type.member_object = await _espe.repository.member.read(member_id);
if (
(! (member_object_old.password_change_last_attempt === null))
&&
((now - member_object_old.password_change_last_attempt) <= cooldown_time)
) {
lib_plankton.log.notice(
"member_password_change_cooldown_not_over",
{
"member_id": member_id,
"last_attempt": member_object_old.password_change_last_attempt,
"now": now,
}
);
// do nothing
}
else {
if (member_object_old.email_address_private === null) {
lib_plankton.log.notice(
"member_password_change_impossible_due_to_missing_private_email_address",
{
"member_id": member_id,
}
);
// do nothing
}
else {
// keine echte Verifizierung, der Algorithmus ist aber der passende
const token : string = await _espe.helpers.verification_get(Math.floor(Math.random() * (1 << 24)));
const member_object_new : _espe.type.member_object = {
"membership_number": member_object_old.membership_number,
"name_real_value": member_object_old.name_real_value,
"name_real_index": member_object_old.name_real_index,
"email_address_private": member_object_old.email_address_private,
"registered": member_object_old.registered,
"enabled": member_object_old.enabled,
"email_use_veiled_address": member_object_old.email_use_veiled_address,
"email_use_nominal_address": member_object_old.email_use_nominal_address,
"email_redirect_to_private_address": member_object_old.email_redirect_to_private_address,
"email_allow_sending": member_object_old.email_allow_sending,
"password_image": member_object_old.password_image,
"password_change_last_attempt": now,
"password_change_token": token,
};
await _espe.repository.member.update(member_id, member_object_new);
// notify_change();
// do NOT wait in order to reduce information for potential attackers
/*await*/ _espe.helpers.email_send(
[
member_object_old.email_address_private,
],
_espe.conf.get().settings.password_change.initialization_email.subject,
lib_plankton.string.coin(
_espe.conf.get().settings.password_change.initialization_email.body,
{
"name": name_display(member_object_old),
"url": lib_plankton.string.coin(
"{{base}}{{rest}}",
{
"base": _espe.conf.get().settings.frontend_url_base,
"rest": lib_plankton.string.coin(
url_template,
{
"id": member_id.toFixed(0),
"token": token,
}
),
}
),
}
)
);
}
}
}
}
}
/**
* führt eine Passwort-Rücksetzung für ein Mitglied durch
*
* @todo zeitliche Begrenzung?
*/
export async function password_change_execute(
member_id : _espe.type.member_id,
token : string,
password_new : string
) : Promise<Array<{incident : string; details : Record<string, any>;}>>
{
const member_object_old : _espe.type.member_object = await _espe.repository.member.read(member_id);
let flaws : Array<{incident : string; details : Record<string, any>;}> = [];
if (
(member_object_old.password_change_token === null)
||
(! (token === member_object_old.password_change_token))
) {
lib_plankton.log.notice(
"member_password_change_token_invalid",
{
"member_id": member_id,
"token_sent": token,
}
);
flaws.push({"incident": "token_invalid", "details": {}});
}
else {
flaws = flaws.concat(
validate_password(password_new)
.map(flaw => ({"incident": ("password_" + flaw.incident), "details": flaw.details}))
);
if (flaws.length > 0) {
// do nothing
}
else {
const member_object_new : _espe.type.member_object = {
"membership_number": member_object_old.membership_number,
"name_real_value": member_object_old.name_real_value,
"name_real_index": member_object_old.name_real_index,
"email_address_private": member_object_old.email_address_private,
"registered": member_object_old.registered,
"enabled": member_object_old.enabled,
"email_use_veiled_address": member_object_old.email_use_veiled_address,
"email_use_nominal_address": member_object_old.email_use_nominal_address,
"email_redirect_to_private_address": member_object_old.email_redirect_to_private_address,
"email_allow_sending": member_object_old.email_allow_sending,
"password_image": await password_image(password_new),
"password_change_last_attempt": member_object_old.password_change_last_attempt,
"password_change_token": null,
};
await _espe.repository.member.update(member_id, member_object_new);
notify_change();
await _espe.helpers.email_send(
[
member_object_old.email_address_private,
],
_espe.conf.get().settings.password_change.execution_email.subject,
lib_plankton.string.coin(
_espe.conf.get().settings.password_change.execution_email.body,
{
"name": name_display(member_object_old),
}
)
);
}
}
return flaws;
}
/*
export async function remove(
id : _espe.type.member_id
) : Promise<void>
{
await _espe.repository.member.delete(id);
notify_change();
}
*/
/**
* @todo check validity (e.g. username characters)
*/
export async function export_authelia_user_file(
options : {
custom_data ?: (null | Array<_espe.type.member_object>);
} = {}
) : Promise<string>
{
options = Object.assign(
{
"custom_data": null,
},
options
);
const nm_yaml = require("yaml");
return lib_plankton.call.convey(
(
(options.custom_data !== null)
? (options.custom_data.map((member_object, index) => ({"id": index, "object": member_object})))
: await dump()
),
[
x => x.map(
entry => Object.assign(
entry,
{"email_address": email_address(entry.object)}
)
),
x => x.filter(
entry => (
entry.object.registered
&&
(
(entry.object.password_image !== null)
&&
(entry.object.password_image !== "")
)
&&
(entry.email_address !== null)
)
),
x => x.map(
entry => ([
name_login(entry.object),
{
"disabled": (! entry.object.enabled),
"displayname": name_display(entry.object),
"email": entry.email_address,
"groups": [],
"password": entry.object.password_image,
}
])
),
Object.fromEntries,
x => ({"users": x}),
x => nm_yaml.stringify(x),
]
);
}
}
Reference in a new issue View git blame Copy permalink