775 lines
26 KiB
JavaScript
Executable File
775 lines
26 KiB
JavaScript
Executable File
const bcrypt = require( 'bcrypt' );
|
|
const fs = require( 'fs-extra' );
|
|
const jsonfile = require( 'jsonfile' );
|
|
const glob = require( 'glob' );
|
|
const moment = require( 'moment' );
|
|
const jwt = require( 'jwt-simple' );
|
|
const UUID = require( 'uuid' );
|
|
const Outputs = require( './Outputs.js' );
|
|
const config = require( '../tribes/townconf.js' );
|
|
const checkdata = require( `../nationchains/socialworld/contracts/checkdata.js`);
|
|
|
|
/*
|
|
Gestion des utilisateurs connecte
|
|
|
|
/tribes/tribeid/users/
|
|
UUID.json
|
|
/searchindex/indexTOKEN = {TOKEN:UUID}
|
|
to check authentification
|
|
indexLOGIN = {LOGIN:UUID}
|
|
to check if LOGIN exist
|
|
|
|
Used for referntial:
|
|
To update
|
|
Global: datashared/referentials/dataManagement/object/users.json
|
|
Local: data/tribe/*${header.workOn}/referentials/dataManagement/object/users.json
|
|
To use after a server rerun
|
|
data/tribe/*${header.workOn}/referentials/${header.langue}/object/users.json
|
|
|
|
Faire comme contact charger les index au lancement
|
|
et changer la logique de user/id/profil o
|
|
|
|
|
|
On initialise les objets au lancement du serveur
|
|
this.uids[u.UUID] = [u.LOGIN, u.EMAIL, u.password, u.profil, u.TOKEN];
|
|
this.logins[u.LOGIN] = u.UUID;
|
|
this.tokens[u.UUID] = u.TOKEN;
|
|
on stocke /domain/tribeid/users/logins.json et /uids.json
|
|
on stocke /domain/tribeids.json et tokkens.json
|
|
|
|
On retourne l'objet {tribeids:[list tribeid], tokens:{UUID:TOKEN}}
|
|
*/
|
|
const Pagans = {};
|
|
Pagans.init = tribeids => {
|
|
console.group( 'init Pagans logins, tokens ...' );
|
|
// store globaly tokens
|
|
const tokens = {};
|
|
const emailsglob = {};
|
|
const loginsglob = {};
|
|
// For each tribeid create series of indexes
|
|
//logger.info(tribeids);
|
|
tribeids.forEach( tribeid => {
|
|
// Reset for each domain
|
|
const uids = {};
|
|
const logins = {};
|
|
const emails = {};
|
|
//check folder exist
|
|
/*if( !fs.existsSync( `${config.tribes}/${tribeid}/users` ) ) {
|
|
fs.mkdirSync( `${config.tribes}/${tribeid}/users` )
|
|
}
|
|
if( !fs.existsSync( `${config.tribes}/${tribeid}/users/searchindex` ) ) {
|
|
fs.mkdirSync( `${config.tribes}/${tribeid}/users/searchindex` )
|
|
}*/
|
|
glob.sync( `${config.tribes}/${tribeid}/users/*.json` )
|
|
.forEach( file => {
|
|
//logger.info( file );
|
|
const u = fs.readJsonSync( file, 'utf-8' );
|
|
if( !u.TOKEN ) {
|
|
u.TOKEN = '';
|
|
}
|
|
//logger.info( u )
|
|
uids[ u.UUID ] = [ u.LOGIN, u.EMAIL, u.PASSWORD, u.ACCESSRIGHTS, u.TOKEN ];
|
|
logins[ u.LOGIN ] = u.UUID;
|
|
loginsglob[ u.LOGIN ] = tribeid;
|
|
// On ne charge que les TOKEN valide
|
|
let decodedTOKEN = {};
|
|
if( u.TOKEN != '' ) {
|
|
try {
|
|
decodedTOKEN = jwt.decode( u.TOKEN, config.jwtSecret );
|
|
//logger.info( 'decodeTOKEN', decodedTOKEN )
|
|
if( moment( decodedTOKEN.expiration ) > moment() ) {
|
|
tokens[ u.UUID ] = { TOKEN: u.TOKEN, ACCESSRIGHTS: u.ACCESSRIGHTS };
|
|
//logger.info( `add token valid for ${u.UUID}:`, tokens[ u.UUID ] )
|
|
}
|
|
} catch ( err ) {
|
|
logger.info( 'pb de TOKEN impossible a decoder' + u.TOKEN, err );
|
|
}
|
|
}
|
|
if( u.EMAIL ) {
|
|
emails[ u.EMAIL ] = u.UUID;
|
|
emailsglob[ u.EMAIL ] = tribeid;
|
|
}
|
|
} );
|
|
// UIDS INDEX BY DOMAIN ={UUID:[LOGIN,EMAIL,psw,accessRight,TOKEN]}
|
|
fs.outputJson( `${config.tribes}/${tribeid}/users/searchindex/uids.json`, uids, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) throw err;
|
|
} );
|
|
// LOGINS INDEX BY DOMAIN ={LOGIN:UUID}
|
|
fs.outputJson( `${config.tribes}/${tribeid}/users/searchindex/logins.json`, logins, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) throw err;
|
|
} );
|
|
// EMAILS INDEX BY DOMAIN ={EMAIL:UUID}
|
|
fs.outputJson( `${config.tribes}/${tribeid}/users/searchindex/emails.json`, emails, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) throw err;
|
|
} );
|
|
} );
|
|
// EMAILS et appartenance domain
|
|
fs.outputJson( `${config.tmp}/emailsglob.json`, emailsglob, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) throw err;
|
|
} );
|
|
// logins et appartenance domain (permet de retrouver tribeid pour un LOGIN)
|
|
fs.outputJson( `${config.tmp}/loginsglob.json`, loginsglob, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) throw err;
|
|
} );
|
|
// TOKENS GLOBAL INDEX Centralise tous les TOKEN pour plus de rapidité
|
|
// {UUID:TOKEN}
|
|
fs.outputJson( `${config.tmp}/tokens.json`, tokens, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) throw err;
|
|
} );
|
|
console.groupEnd();
|
|
return { tokens };
|
|
};
|
|
/**
|
|
* Update indexes: logins, uids and tokens
|
|
* @param {object} user User object
|
|
* @param {string} tribeid - The client identifier
|
|
* @rm {boolean} false => update, true => remove
|
|
*/
|
|
Pagans.updateDatabase = ( user, tribeid, rm = false ) => {
|
|
console.group( `Pagans.updateDatabase for ${tribeid} with user ${user.LOGIN}` )
|
|
console.assert( config.loglevel == "quiet", 'user', user );
|
|
const loginsIndex = `${config.tribes}/${tribeid}/users/searchindex/logins.json`;
|
|
jsonfile.readFile( loginsIndex, function ( err, logins ) {
|
|
console.assert( config.loglevel == "quiet", 'logins', logins );
|
|
try {
|
|
if( rm ) {
|
|
delete logins[ user.LOGIN ];
|
|
} else {
|
|
logins[ user.LOGIN ] = user.UUID;
|
|
}
|
|
jsonfile.writeFile( loginsIndex, logins, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) logger.info( err );
|
|
} );
|
|
} catch ( err ) {
|
|
logger.info( 'Gros pb de mise à jour Pagans.updateDatabase conflit des logins' );
|
|
}
|
|
} );
|
|
const uidsIndex = `${config.tribes}/${tribeid}/users/searchindex/uids.json`;
|
|
jsonfile.readFile( uidsIndex, function ( err, uids ) {
|
|
try {
|
|
if( rm ) {
|
|
delete uids[ user.UUID ];
|
|
} else {
|
|
uids[ user.UUID ] = [
|
|
user.LOGIN,
|
|
user.EMAIL,
|
|
user.PASSWORD,
|
|
user.ACCESSRIGHTS,
|
|
user.TOKEN
|
|
];
|
|
}
|
|
jsonfile.writeFile( uidsIndex, uids, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) logger.info( err );
|
|
} );
|
|
} catch ( err ) {
|
|
logger.info( 'Gros pb de mise à jour Pagans.updateDatabase conflit des uids si ce reproduit passer en mode sync bloquant' );
|
|
}
|
|
} );
|
|
const emailsIndex = `${config.tribes}/${tribeid}/users/searchindex/emails.json`;
|
|
jsonfile.readFile( emailsIndex, function ( err, emails ) {
|
|
console.assert( config.loglevel == "quiet", 'emailss', emails );
|
|
try {
|
|
if( rm ) {
|
|
delete emails[ user.EMAIL ];
|
|
} else {
|
|
emails[ user.EMAIL ] = user.UUID;
|
|
}
|
|
jsonfile.writeFile( emailsIndex, emails, {
|
|
spaces: 2
|
|
}, err => {
|
|
if( err ) logger.info( err );
|
|
} );
|
|
} catch ( err ) {
|
|
logger.info( 'Gros pb de mise à jour Pagans.updateDatabase conflit des emails' );
|
|
}
|
|
} );
|
|
const tokensIndex = `${config.tmp}/tokens.json`;
|
|
let tokens = {};
|
|
try {
|
|
tokens = jsonfile.readFileSync( tokensIndex );
|
|
} catch ( err ) {
|
|
logger.info( 'tokens.json not available' )
|
|
}
|
|
// tokens[user.UUID] = user.TOKEN;
|
|
tokens[ user.UUID ] = { TOKEN: user.TOKEN, ACCESSRIGHTS: user.ACCESSRIGHTS };
|
|
jsonfile.writeFileSync( tokensIndex, tokens, {
|
|
spaces: 2
|
|
} );
|
|
/*
|
|
jsonfile.readFile(tokensIndex, function(err, tokens) {
|
|
tokens[user.UUID] = user.TOKEN;
|
|
jsonfile.writeFile(tokensIndex, tokens, { spaces: 2 }, err => {
|
|
if (err) logger.info(err);
|
|
});
|
|
});*/
|
|
console.groupEnd();
|
|
};
|
|
/**
|
|
* Read the profil.json of an user
|
|
* @param {[type]} UUID ID of the user
|
|
* @param {[type]} tribeid tribeid
|
|
* @return {Promise} - Return a promise resolved with user data or rejected with an error
|
|
*/
|
|
// A S U P P R I M E R utiliser getinfousers pour recuperer des indexs de users
|
|
// en créer d'autres si necessaire
|
|
Pagans.getUserlist = ( header, filter, field ) => {
|
|
console.group( `getUserlist filter with filter ${filter} to get ${field}` );
|
|
/* const getuser = Pagans.getUser(header.xuuid, header.xtribeid);
|
|
if (getuser.status != 200)
|
|
return { status: getuser.status, data: getuser.payload };
|
|
const user = getuser.payload.data;
|
|
// logger.info(user);
|
|
// check if update accessright allowed
|
|
// choose the level depending of ownby xuuid
|
|
let accessright = user.objectRights[header.xtribeid].users[0];
|
|
if (user.ownby.includes(header.xtribeid)) {
|
|
accessright = user.objectRights[header.xtribeid].users[1];
|
|
}
|
|
// Check update is possible at least user itself ownby itself
|
|
logger.info(accessright);
|
|
logger.info(accessright & 4);
|
|
if ((accessright & 4) != 4) {
|
|
return {
|
|
status: 403,
|
|
data: { info: ['forbiddenAccess'], model: 'Pagans' }
|
|
};
|
|
}
|
|
*/
|
|
const Userlist = [];
|
|
glob.sync( `${config.tribes}/${header.xworkon}/users/*/profil.json` )
|
|
.forEach( f => {
|
|
const infouser = jsonfile.readFileSync( f );
|
|
// Ajouter filter et liste de field
|
|
if( filter != 'all' ) {
|
|
// decode filter et test
|
|
}
|
|
const info = {};
|
|
field.split( '______' )
|
|
.forEach( k => {
|
|
if( ![ 'password' ].includes( k ) ) info[ k ] = infouser[ k ];
|
|
} );
|
|
Userlist.push( info );
|
|
} );
|
|
// logger.info('userlist', Userlist);
|
|
console.groupEnd();
|
|
return {
|
|
status: 200,
|
|
data: {
|
|
data: Userlist
|
|
}
|
|
};
|
|
};
|
|
Pagans.getinfoPagans = ( tribeid, accessrights, listindex ) => {
|
|
const info = {}
|
|
const object = 'users';
|
|
const indexs = listindex.split( '_' )
|
|
let access = true;
|
|
indexs.forEach( index => {
|
|
access = !( [ 'emails', 'logins', 'uids' ].includes( index ) && !( accessrights.data[ object ] && accessrights.data[ object ].includes( 'R' ) ) );
|
|
if( access && fs.existsSync( `${config.tribes}/${tribeid}/${object}/searchindex/${index}.json` ) ) {
|
|
info[ index ] = jsonfile.readFileSync( `${config.tribes}/${tribeid}/${object}/searchindex/${index}.json` )
|
|
}
|
|
} )
|
|
logger.info( info )
|
|
return { status: 200, data: { info: info } }
|
|
}
|
|
Pagans.getUser = ( UUID, tribeid, accessrights ) => {
|
|
console.assert( config.loglevel == "quiet", `getUser on ${UUID} for ${tribeid} with ${JSON.stringify(accessrights)}` );
|
|
if( !fs.existsSync( `${config.tribes}/${tribeid}/users/${UUID}.json` ) ) {
|
|
return {
|
|
status: 404,
|
|
data: {
|
|
info: [ 'useridNotfound' ],
|
|
model: 'Pagans',
|
|
render: {
|
|
UUID,
|
|
tribeid
|
|
}
|
|
}
|
|
}
|
|
}
|
|
const user = jsonfile.readFileSync( `${config.tribes}/${tribeid}/users/${UUID}.json` );
|
|
let access = true;
|
|
//logger.info("test accessrights.data['users'].includes('R')", accessrights.data['users'].includes('R'))
|
|
console.assert( config.loglevel == "quiet", 'accessrights', accessrights )
|
|
access = accessrights.users && ( accessrights.users.includes( 'R' ) || ( accessrights.users.includes( 'O' ) && user.OWNEDBY.includes( UUID ) ) );
|
|
if( access ) {
|
|
return {
|
|
status: 200,
|
|
data: {
|
|
user: user,
|
|
model: "User",
|
|
info: [ "Authorizedtogetuserinfo" ]
|
|
}
|
|
};
|
|
}
|
|
return {
|
|
status: 403,
|
|
data: {
|
|
info: [ 'Forbidden' ],
|
|
model: 'Pagans',
|
|
render: {
|
|
UUID,
|
|
tribeid
|
|
}
|
|
}
|
|
};
|
|
};
|
|
Pagans.getUserIdFromEMAIL = ( tribeid, EMAIL ) => {
|
|
if( !checkdata.test.EMAIL( EMAIL ) ) {
|
|
return {
|
|
status: 400,
|
|
data: {
|
|
info: [ 'ERREMAIL' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
}
|
|
const emailsIndex = jsonfile.readFileSync( `${config.tribes}/${tribeid}/users/searchindex/emails.json` );
|
|
if( !emailsIndex.hasOwnProperty( EMAIL ) ) {
|
|
return {
|
|
status: 404,
|
|
data: {
|
|
info: [ 'userEMAILNotfound' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
}
|
|
return emailsIndex[ EMAIL ];
|
|
};
|
|
Pagans.updateUserpassword = ( UUID, header, data ) => {
|
|
const getUser = Pagans.getUser( UUID, header.xtribeid, { users: 'W' } );
|
|
if( getUser.status == 200 ) {
|
|
const user = getUser.data.user;
|
|
// logger.info('user exist', user);
|
|
const match = bcrypt.compareSync( data.password, user.PASSWORD );
|
|
if( !match ) {
|
|
return {
|
|
status: 401,
|
|
data: {
|
|
info: [ 'checkCredentials' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
}
|
|
// logger.info('Credentials are matching!');
|
|
if( checkdata.test.password( {}, data.pswnew ) ) {
|
|
user.PASSWORD = bcrypt.hashSync( data.pswnew, config.saltRounds );
|
|
jsonfile.writeFileSync( `${config.tribes}/${header.xworkon}/users/${UUID}.json`, user, {
|
|
spaces: 2
|
|
} );
|
|
Pagans.updateDatabase( user, header.xworkon, false );
|
|
return {
|
|
status: 200,
|
|
data: {
|
|
info: [ 'successfulUpdate' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
} else {
|
|
return {
|
|
status: 401,
|
|
data: {
|
|
info: [ 'pswTooSimple' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
}
|
|
}
|
|
};
|
|
Pagans.createUser = ( header, data ) => {
|
|
/*
|
|
@input data={PUBKEY,EMAIL,LOGIN,UUID} check and create for header xworkon a user with generic password
|
|
*/
|
|
logger.info( 'createUser on header.xworkon:' + header.xworkon + ' by user:' + header.xpaganid );
|
|
console.assert( config.loglevel == "quiet", 'with data:', data );
|
|
const ref = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/referentials/${header.xlang}/object/users.json` );
|
|
const logins = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/users/searchindex/logins.json` );
|
|
const LOGIN = Object.keys( logins );
|
|
console.assert( config.loglevel == "quiet", 'LOGIN list', LOGIN );
|
|
const emails = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/users/searchindex/emails.json` );
|
|
console.assert( config.loglevel == "quiet", 'emails', emails );
|
|
const EMAIL = Object.keys( emails );
|
|
console.assert( config.loglevel == "quiet", 'EMAIL list', EMAIL );
|
|
// list.UUID est forcement unique car on est en update et pas en create
|
|
if( !data.UUID ) data.UUID = UUID.v4();
|
|
// pour la logique de checkdata il faut passer le parametre
|
|
const check = checkdata.evaluate( {
|
|
list: {
|
|
LOGIN,
|
|
EMAIL,
|
|
UUID: []
|
|
}
|
|
}, ref, data );
|
|
console.assert( config.loglevel == "quiet", 'check & clean data before update ', check );
|
|
if( check.invalidefor.length > 0 ) {
|
|
return {
|
|
status: 403,
|
|
data: {
|
|
model: 'Pagans',
|
|
info: check.invalidefor
|
|
}
|
|
};
|
|
}
|
|
const clientConfig = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/clientconf.json` );
|
|
const user = check.data;
|
|
user.DATE_CREATE = new Date()
|
|
.toISOString();
|
|
user.PASSWORD = bcrypt.hashSync( clientConfig.genericpsw, config.saltRounds );
|
|
user.OWNBY = [ data.UUID ];
|
|
user.OBJECT = 'users';
|
|
// set le minimum de droit sur l'objet users dont il est le Owner
|
|
if( data.ACCESSRIGHTS ) {
|
|
user.ACCESSRIGHTS = data.ACCESSRIGHTS
|
|
} else {
|
|
user.ACCESSRIGHTS = { app: {}, data: {} };
|
|
}
|
|
user.ACCESSRIGHTS.data[ header.xworkon ] = { users: "O" };
|
|
jsonfile.writeFileSync( `${config.tribes}/${header.xworkon}/users/${user.UUID}.json`, user, {
|
|
spaces: 2
|
|
} );
|
|
Pagans.updateDatabase( user, header.xworkon, false );
|
|
return {
|
|
status: 200,
|
|
data: {
|
|
uuid: user.UUID,
|
|
info: [ 'successfulCreate' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
};
|
|
Pagans.updateUser = ( UUID, header, data ) => {
|
|
logger.info( 'updateUser UUID:' + UUID + ' on header.xworkon:' + header.xworkon + ' by user' + header.xpaganid );
|
|
// logger.info('header', header);
|
|
console.assert( config.loglevel == "quiet", 'with data', data );
|
|
const getuser = Pagans.getUser( UUID, header.xworkon, { users: 'R' } );
|
|
if( getuser.status != 200 ) return {
|
|
status: getuser.status,
|
|
data: getuser.data.user
|
|
};
|
|
const user = getuser.data.user;
|
|
/*
|
|
let userconnected = user;
|
|
if (UUID != header.xuuid) {
|
|
// mean connected user want to change other user
|
|
const getuserconnected = Pagans.getUser(header.xuuid, header.xtribeid);
|
|
userconnected = getuserconnected.payload.data;
|
|
}
|
|
logger.info('user to update', user);
|
|
logger.info('user connected that request update', userconnected);
|
|
|
|
// check if update accessright allowed
|
|
// choose the level depending of ownby xuuid
|
|
let accessright = userconnected.objectRights[header.xworkon].users[0];
|
|
if (user.ownby.includes(header.xuuid)) {
|
|
accessright = userconnected.objectRights[header.xworkon].users[1];
|
|
}
|
|
// Check update is possible at least user itself ownby itself
|
|
logger.info(accessright);
|
|
logger.info(accessright & 2);
|
|
if ((accessright & 2) != 2) {
|
|
return {
|
|
status: 403,
|
|
data: { info: ['forbiddenAccess'], model: 'Pagans' }
|
|
};
|
|
}
|
|
*/
|
|
const ref = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/referentials/object/users_${
|
|
header.xlang
|
|
}.json` );
|
|
const logins = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/users/searchindex/logins.json` );
|
|
const LOGIN = Object.keys( logins )
|
|
.filter( l => logins[ l ] != user.UUID );
|
|
// logger.info( 'LOGIN list', LOGIN );
|
|
const emails = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/users/searchindex/emails.json` );
|
|
// logger.info( 'emails', emails );
|
|
const EMAIL = Object.keys( emails )
|
|
.filter( e => emails[ e ] != user.UUID );
|
|
// logger.info( 'EMAIL list', EMAIL );
|
|
// list.UUID est forcement unique car on est en update et pas en create
|
|
// pour la logique de checkdata il faut passer le parametre
|
|
const check = checkdata.evaluate( {
|
|
profil: user[ 'apps' + header.xworkon + 'profil' ],
|
|
list: {
|
|
LOGIN,
|
|
EMAIL,
|
|
UUID: []
|
|
}
|
|
}, ref, data );
|
|
if( check.invalidefor.length > 0 ) {
|
|
return {
|
|
status: 403,
|
|
data: {
|
|
model: 'Pagans',
|
|
info: check.invalidefor,
|
|
}
|
|
};
|
|
}
|
|
data = check.data;
|
|
let saveuser = false;
|
|
let updateDatabase = false;
|
|
Object.keys( data )
|
|
.forEach( k => {
|
|
//logger.info( user[ k ] )
|
|
//logger.info( data[ k ] )
|
|
//logger.info( '---' )
|
|
if( user[ k ] != data[ k ] ) {
|
|
user[ k ] = data[ k ];
|
|
saveuser = true;
|
|
if( [ 'TOKEN', 'LOGIN', 'EMAIL' ].includes( k ) ) updateDatabase = true;
|
|
// attention si LOGIN ou EMAIL change il faut checker qu il n existe pas dejà risque de conflit
|
|
}
|
|
} );
|
|
if( saveuser ) {
|
|
//logger.info( 'mise à jour user profile.json' );
|
|
if( data.TOKEN ) {
|
|
user.date_lastLOGIN = new Date()
|
|
.toISOString();
|
|
} else {
|
|
user.date_update = new Date()
|
|
.toISOString();
|
|
}
|
|
try {
|
|
jsonfile.writeFileSync( `${config.tribes}/${header.xworkon}/users/${UUID}.json`, user, {
|
|
spaces: 2
|
|
} );
|
|
//logger.info( 'declenche updatabase', updateDatabase )
|
|
if( updateDatabase ) {
|
|
// mean index have to be updated
|
|
Pagans.updateDatabase( user, header.xworkon, false );
|
|
console.assert( config.loglevel == "quiet", 'MISE A JOUR DU TOKEN ou de l\'EMAIL ou du LOGIN' );
|
|
}
|
|
} catch ( err ) {
|
|
logger.info( 'ERRRRR need to understand update impossible of user: ' + UUID + ' in domain:' + header.xworkon + ' from user ' + header.xpaganid + ' of domain:' + header.xtribe );
|
|
logger.info( 'with data :', data );
|
|
return {
|
|
status: 400,
|
|
data: {
|
|
info: [ 'failtoWritefs' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
}
|
|
}
|
|
return {
|
|
status: 200,
|
|
data: {
|
|
info: [ 'successfulUpdate' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
};
|
|
Pagans.deleteUser = ( UUID, header ) => {
|
|
// Delete remove from users object UUID and update index
|
|
// Activity is not deleted => means some activity can concern an UUID that does not exist anymore.
|
|
// update index
|
|
const infouser = jsonfile.readFileSync( `${config.tribes}/${header.xworkon}/users/${UUID}.json` );
|
|
Pagans.updateDatabase( infouser, header.xworkon, true );
|
|
fs.removeSync( `${config.tribes}/${header.xworkon}/users/${UUID}.json` );
|
|
return {
|
|
status: 200,
|
|
data: {
|
|
info: [ 'successfulDelete' ],
|
|
modedl: 'Pagans'
|
|
}
|
|
};
|
|
};
|
|
/*
|
|
@header { xtribeid: client domain name data
|
|
A VERIFIER inutile ,xworkon: client domain name where user is store and where data are stored
|
|
,xuuid: 1 if unknown else if user id auhtneticated
|
|
,xlanguage: langue used fr en return referential in this lang
|
|
,xauth: TOKEN valid for 24h'}
|
|
workon=xtribeid in an app client usage
|
|
in case of xtribeid=mymaidigit,
|
|
if workon==mymaildigit => admin role on any xworkon
|
|
else adlin role only in xworkon specified
|
|
@body {LOGIN: password:}
|
|
return {status:200, data:{data:{TOKEN,UUID}}}
|
|
return {status:401,data:{info:[code list], model: referential}}
|
|
*/
|
|
Pagans.loginUser = ( header, body, checkpsw ) => {
|
|
// On recupere tribeid du LOGIN
|
|
// ATTENTION xworkon peut être different du user xtribeid
|
|
//(cas d'un user qui a des droits sur un autre domain et qui travail sur cet autre domain)
|
|
// les function Pagans utilise le domain de travail xWorkon
|
|
// il faut donc modifier le header au moment du LOGIN
|
|
// pour que l'update du user au moment du LOGIN concerne bien le bon domain
|
|
header.xworkon = header.xtribe
|
|
const LOGINdom = jsonfile.readFileSync( `${config.tmp}/loginsglob.json` );
|
|
console.assert( config.loglevel == "quiet", LOGINdom )
|
|
console.assert( config.loglevel == "quiet", body )
|
|
if( !LOGINdom[ body.LOGIN ] ) {
|
|
return {
|
|
status: 401,
|
|
data: { info: [ 'LoginDoesNotExist' ], model: 'Pagans' }
|
|
};
|
|
}
|
|
const logins = jsonfile.readFileSync( `${config.tribes}/${LOGINdom[body.LOGIN]}/users/searchindex/logins.json` );
|
|
if( !Object.keys( logins )
|
|
.includes( body.LOGIN ) ) {
|
|
return {
|
|
status: 401,
|
|
data: {
|
|
info: [ 'LOGINDoesNotExist' ],
|
|
model: 'Pagans',
|
|
moreinfo: `Le login ${body.LOGIN} does not exist for tribeid ${LOGINdom[body.LOGIN]}`
|
|
}
|
|
};
|
|
}
|
|
// Load user
|
|
const uid = logins[ body.LOGIN ];
|
|
const getUser = Pagans.getUser( uid, LOGINdom[ body.LOGIN ], { users: 'R' } );
|
|
logger.info( 'getPagans', getUser )
|
|
if( getUser.status != 200 ) {
|
|
return { status: 200, data: { model: 'Pagans', user: getUser.data.user } };
|
|
}
|
|
const user = getUser.data.user;
|
|
logger.info( 'user', user )
|
|
if( checkpsw ) {
|
|
const match = bcrypt.compareSync( body.PASSWORD, user.PASSWORD );
|
|
if( !match ) {
|
|
return {
|
|
status: 401,
|
|
data: {
|
|
info: [ 'checkCredentials' ],
|
|
model: 'Pagans'
|
|
}
|
|
};
|
|
}
|
|
}
|
|
// Mise à jour user pour app LOGIN
|
|
user.tribeid = LOGINdom[ body.LOGIN ]
|
|
user.TOKEN = jwt.encode( {
|
|
expiration: moment()
|
|
.add( 1, 'day' ),
|
|
UUID: user.UUID
|
|
}, config.jwtSecret );
|
|
// on met à jour le header qui authentifie le user connecte
|
|
header.xtribe = LOGINdom[ body.LOGIN ]
|
|
header.xpaganid = user.UUID;
|
|
header.xauth = user.TOKEN;
|
|
// On modifie xworkon car au LOGIN on est forcemenet identifiable sur tribeid
|
|
// xworkon est utiliser pour travailler sur un environnement client different de celui
|
|
// de l'appartenace du user
|
|
header.xworkon = LOGINdom[ body.LOGIN ];
|
|
const majuser = Pagans.updateUser( user.UUID, header, {
|
|
UUID: user.UUID,
|
|
TOKEN: user.TOKEN
|
|
} );
|
|
// Enleve info confidentiel
|
|
delete user.PASSWORD;
|
|
if( user.ACCESSRIGHTS.data[ "Alltribeid" ] ) {
|
|
//cas admin on transforme les droits sur tous les tribeid existant
|
|
const newaccessrightsdata = {}
|
|
jsonfile.readFileSync( `${config.tribes}/tribeids.json` )
|
|
.forEach( cid => {
|
|
newaccessrightsdata[ cid ] = user.ACCESSRIGHTS.data[ "Alltribeid" ]
|
|
} )
|
|
user.ACCESSRIGHTS.data = newaccessrightsdata;
|
|
}
|
|
// on recupere le menu de l app qui demande le LOGIN si existe dans user.ACCESSRIGHTS.app[]
|
|
// header['X-app'] = tribeid:Projet pour récuperer le menu correspondant
|
|
console.assert( config.loglevel == "quiet", "header.xapp", header.xapp )
|
|
console.assert( config.loglevel == "quiet", "user.ACCESSRIGHTS.app[header.xapp]", user.ACCESSRIGHTS.app[ header.xapp ] );
|
|
|
|
return {
|
|
status: 200,
|
|
data: {
|
|
model: "Pagans",
|
|
info: [ 'loginSuccess' ],
|
|
user: user
|
|
}
|
|
};
|
|
};
|
|
Pagans.getlinkwithoutpsw = async ( EMAIL, header ) => {
|
|
// check le domain d'appartenance de l'eamail dans /tribes/emailsglob.json={email:cleintId}
|
|
// on remplace le header.xtribeid
|
|
const domforemail = jsonfile.readFileSync( `${config.tribes}/emailsglob.json`, 'utf-8' );
|
|
if( domforemail[ EMAIL ] ) {
|
|
header.xtribe = domforemail[ EMAIL ]
|
|
} else {
|
|
return { status: 404, info: { model: 'Pagans', info: [ 'emailnotfound' ], moreinfo: "email does not exist in /emailsglob.json" } };
|
|
}
|
|
// recupere le uuid du user dans /tribes/tribeid/users/searchindex/emails.json
|
|
// puis l'ensemble des info des user du domain /uuids.json
|
|
// infoforuuid[uuidforemail[EMAIL]] permet de récupérer toutes info du user, droit, etc...
|
|
const uuidforemail = jsonfile.readFileSync( `${config.tribes}/${header.xtribe}/users/searchindex/emails.json`, 'utf8' );
|
|
const infoforuuid = jsonfile.readFileSync( `${config.tribes}/${header.xtribe}/users/searchindex/uids.json`, 'utf8' );
|
|
// On recupere le modele d'email appemailinfo qui doit être présent dans clientconf.json
|
|
let confdom = jsonfile.readFileSync( `${config.tribes}/${header.xtribe}/clientconf.json`, 'utf8' );
|
|
let checkinfomail = "";
|
|
if( !confdom.appemailinfo ) {
|
|
checkinfomail += ' Erreur de clientconfig il manque un objet appemailinfo pour poursuivre';
|
|
}
|
|
if( checkinfomail != "" ) {
|
|
logger.info( `Pb de config pour ${header.xtribe} ${checkinfomail} ` )
|
|
return {
|
|
status: 500,
|
|
info: {
|
|
model: 'Pagans',
|
|
info: [ 'objectmissingclientconf' ],
|
|
moreinfo: checkinfomail
|
|
}
|
|
};
|
|
}
|
|
let simulelogin;
|
|
try {
|
|
simulelogin = await Pagans.loginUser( header, {
|
|
LOGIN: infoforuuid[ uuidforemail[ EMAIL ] ][ 0 ],
|
|
PASSWORD: ""
|
|
}, false );
|
|
logger.info( 'info simulelogin', simulelogin )
|
|
} catch ( err ) {
|
|
return {
|
|
status: 501,
|
|
info: {
|
|
model: 'Pagans',
|
|
info: [ 'loginImpossible' ],
|
|
moreinfo: "Impossible de se loger avec " + infoforuuid[ uuidforemail[ EMAIL ] ][ 0 ]
|
|
}
|
|
};
|
|
}
|
|
const url = `${config.rootURL}?xauth=${simulelogin.data.TOKEN}&xuuid=${simulelogin.data.UUID}&xtribeid=${simulelogin.data.tribeid}&xworkOn=${header.xworkon}&xlang=${header.xlang}`
|
|
//logger.info('envoi email avec' + url)
|
|
confdom.appemailinfo.msg.destperso = [ {} ];
|
|
confdom.appemailinfo.msg.destperso[ 0 ].email = EMAIL;
|
|
confdom.appemailinfo.msg.destperso[ 0 ].subject = "Lien de réinitialisation valable 1h"
|
|
confdom.appemailinfo.msg.destperso[ 0 ].titre = "Vous avez oublier votre mot de passe"
|
|
confdom.appemailinfo.msg.destperso[ 0 ].texte = `
|
|
<p style='color: #999999; font-size: 16px; line-height: 24px; margin: 0;text-align:justify;'>
|
|
Bonjour,<br> Vous nous avez signalé que vous avez oublié votre mot de passe pour cette email.
|
|
Avec le lien suivant vous allez pouvoir utiliser votre interface 1h maximum.
|
|
<a href="${url}">Clicker ICI</a>.<br>
|
|
Nous vous conseillons de changer votre mot de passe.</p>
|
|
`
|
|
//logger.info('envoi header :', header);
|
|
Outputs.sendMailcampain( confdom.appemailinfo.msg, header );
|
|
logger.info( confdom.appemailinfo );
|
|
return {
|
|
status: 200,
|
|
info: {
|
|
model: 'Pagans',
|
|
info: [ 'emailsentforReinit' ],
|
|
moreinfo: 'EMAIL sent with unique link ' + url
|
|
}
|
|
};
|
|
}
|
|
module.exports = Pagans;
|