chore: Update ExecuteJobOptions interface to include updateStatus field

Author: tacxou

src/core/auth/_strategies/jwt.strategy.ts

@@ -27,7 +27,7 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
     payload: JwtPayload & { identity: AgentType },
     done: VerifiedCallback,
   ): Promise<void> {
-    Logger.debug(`Atempt to authenticate with JTI: <${payload.jti}>`, 'JwtStrategy');
+    Logger.verbose(`Atempt to authenticate with JTI: <${payload.jti}>`, JwtStrategy.name);
     if (!payload?.identity) return done(new UnauthorizedException(), false);
     const user = await this.auth.verifyIdentity(payload);
 

src/core/auth/_strategies/local.strategy.ts

@@ -22,7 +22,7 @@ export class LocalStrategy extends PassportStrategy(Strategy) {
     // eslint-disable-next-line
     done: (error: any, user?: Express.User | false, options?: IVerifyOptions) => void,
   ): Promise<void> {
-    Logger.debug(`Try to authenticate user : ${username}`, 'LocalStrategy');
+    Logger.verbose(`Try to authenticate user : ${username}`, LocalStrategy.name);
     const user = await this.auth.authenticateWithLocal(username, password);
     // console.log(user);
     if (!user) done(new UnauthorizedException(), false);

src/core/auth/auth.service.ts

@@ -70,7 +70,6 @@ export class AuthService extends AbstractService implements OnModuleInit {
   public async authenticateWithLocal(username: string, password: string): Promise<Agents | null> {
     try {
       const user = await this.agentsService.findOne<Agents>({ username });
-      // console.log(user);
       if (user && (await argon2Verify(user.password, password))) {
         return user;
       }
@@ -82,7 +81,6 @@ export class AuthService extends AbstractService implements OnModuleInit {
 
   // eslint-disable-next-line
   public async verifyIdentity(payload: any & { identity: AgentType & { token: string } }): Promise<any> {
-    this.logger.debug(`Atempt to authenticate with JTI: <${payload.jti}>`);
     if (payload.scopes.includes('offline')) {
       return payload.identity;
     }

src/core/backends/_interfaces/execute-job-options.interface.ts

@@ -7,6 +7,7 @@ export interface ExecuteJobOptions {
   disableLogs?: boolean;
   syncTimeout?: number;
   timeoutDiscard?: boolean;
+  updateStatus?: boolean;
   comment?: string;
   task?: Types.ObjectId;
 }

src/core/backends/backends.service.ts

@@ -3,7 +3,6 @@ import {
   HttpException,
   HttpStatus,
   Injectable,
-  NotFoundException,
   UnprocessableEntityException,
 } from '@nestjs/common';
 import { ModuleRef } from '@nestjs/core';
@@ -244,7 +243,7 @@ export class BackendsService extends AbstractQueueProcessor {
       });
     }
 
-    if (concernedTo) {
+    if (concernedTo && !!options?.updateStatus) {
       await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
         $set: {
           state: IdentityState.PROCESSING,
@@ -257,6 +256,7 @@ export class BackendsService extends AbstractQueueProcessor {
       try {
         const response = await job.waitUntilFinished(this.queueEvents, options.syncTimeout || DEFAULT_SYNC_TIMEOUT);
         let jobStoreUpdated: ModifyResult<Query<Jobs, Jobs>> = null;
+
         if (!options?.disableLogs) {
           jobStoreUpdated = await this.jobsService.update<Jobs>(jobStore._id, {
             $set: {
@@ -267,13 +267,15 @@ export class BackendsService extends AbstractQueueProcessor {
             },
           });
         }
-        if (concernedTo) {
+
+        if (concernedTo && !!options?.updateStatus) {
           await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
             $set: {
               state: IdentityState.SYNCED,
             },
           });
         }
+
         return [jobStoreUpdated as unknown as Jobs, response];
       } catch (err) {
         error = err;
@@ -293,7 +295,7 @@ export class BackendsService extends AbstractQueueProcessor {
           },
         });
       }
-      if (concernedTo) {
+      if (concernedTo && !!options?.updateStatus) {
         await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
           $set: {
             state: IdentityState.ON_ERROR,

src/management/passwd/passwd.controller.ts

@@ -18,10 +18,18 @@ export class PasswdController {
   @ApiOperation({ summary: 'Execute un job de changement de mot de passe sur le/les backends' })
   @ApiResponse({ status: HttpStatus.OK, description: 'Mot de passe synchronisé sur le/les backends' })
   public async change(@Body() body: ChangePasswordDto, @Res() res: Response): Promise<Response> {
+    const debug = {}
     const [_, data] = await this.passwdService.change(body);
     this.logger.log(`Call passwd change for : ${body.uid}`);
 
-    return res.status(HttpStatus.OK).json(data);
+    if (process.env.NODE_ENV === 'development') {
+      debug['_debug'] = data;
+    }
+
+    return res.status(HttpStatus.OK).json({
+      message: 'Password changed',
+      ...debug,
+    });
   }
 
   @Post('gettoken')
@@ -31,7 +39,7 @@ export class PasswdController {
     this.logger.log('GetToken for : ' + asktoken.uid);
     const token = await this.passwdService.askToken(asktoken);
 
-    return res.status(HttpStatus.OK).json({ token });
+    return res.status(HttpStatus.OK).json({ data: { token } });
   }
 
   @Post('verifytoken')
@@ -41,15 +49,23 @@ export class PasswdController {
     this.logger.log('Verify token : ' + body.token);
     const data = await this.passwdService.decryptToken(body.token);
 
-    return res.status(HttpStatus.OK).json(data);
+    return res.status(HttpStatus.OK).json({ data });
   }
 
   @Post('reset')
   @ApiOperation({ summary: 'Execute un job de réinitialisation de mot de passe sur le/les backends' })
   @ApiResponse({ status: HttpStatus.OK })
   public async reset(@Body() body: ResetPasswordDto, @Res() res: Response): Promise<Response> {
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const debug = {}
     const [_, data] = await this.passwdService.reset(body);
-    return res.status(HttpStatus.OK).json(data);
+
+    if (process.env.NODE_ENV === 'development') {
+      debug['_debug'] = data;
+    }
+
+    return res.status(HttpStatus.OK).json({
+      message: 'Password changed',
+      ...debug,
+    });
   }
 }

src/management/passwd/passwd.service.ts

@@ -42,68 +42,101 @@ export class PasswdService extends AbstractService {
   }
 
   public async change(passwdDto: ChangePasswordDto): Promise<[Jobs, any]> {
-    const identity = await this.identities.findOne({ 'inetOrgPerson.uid': passwdDto.uid }) as Identities;
-
-    return await this.backends.executeJob(ActionType.IDENTITY_PASSWORD_CHANGE, identity._id, {
-      ...passwdDto,
-      ...pick(identity.toJSON(), ['inetOrgPerson']),
-    }, {
-      async: false,
-    });
+    try {
+      const identity = await this.identities.findOne({ 'inetOrgPerson.uid': passwdDto.uid }) as Identities;
+
+      return await this.backends.executeJob(ActionType.IDENTITY_PASSWORD_CHANGE, identity._id, {
+        ...passwdDto,
+        ...pick(identity.toJSON(), ['inetOrgPerson']),
+      }, {
+        async: false,
+        timeoutDiscard: true,
+        disableLogs: true,
+      });
+    } catch (e) {
+      this.logger.error("Error while changing password. " + e + ` (uid=${passwdDto?.uid})`);
+      throw new BadRequestException('Une erreur est survenue : Mot de passe incorrect ou utilisateur inconnu');
+    }
   }
 
   public async askToken(askToken: AskTokenDto): Promise<string> {
-    await this.identities.findOne({ 'inetOrgPerson.uid': askToken.uid });
-
-    const k = crypto.randomBytes(PasswdService.RANDOM_BYTES_K).toString('hex');
-    const iv = crypto.randomBytes(PasswdService.RANDOM_BYTES_IV).toString('base64');
-    const cipher = crypto.createCipheriv(PasswdService.TOKEN_ALGORITHM, k, iv);
-
-    let ciphertext = cipher.update(
-      JSON.stringify(<CipherData>{ uid: askToken.uid, mail: askToken.mail }),
-      'utf8',
-      'base64',
-    );
-    ciphertext += cipher.final('base64');
-
-    await this.redis.set(
-      ciphertext,
-      JSON.stringify(<TokenData>{
-        k,
-        iv,
-        tag: cipher.getAuthTag().toString('base64'),
-      }),
-    );
-    await this.redis.expire(ciphertext, PasswdService.TOKEN_EXPIRATION);
-    return ciphertext;
+    try {
+      await this.identities.findOne({ 'inetOrgPerson.uid': askToken.uid });
+
+      const k = crypto.randomBytes(PasswdService.RANDOM_BYTES_K).toString('hex');
+      const iv = crypto.randomBytes(PasswdService.RANDOM_BYTES_IV).toString('base64');
+      const cipher = crypto.createCipheriv(PasswdService.TOKEN_ALGORITHM, k, iv);
+
+      let ciphertext = cipher.update(
+        JSON.stringify(<CipherData>{ uid: askToken.uid, mail: askToken.mail }),
+        'utf8',
+        'base64',
+      );
+      ciphertext += cipher.final('base64');
+
+      await this.redis.set(
+        ciphertext,
+        JSON.stringify(<TokenData>{
+          k,
+          iv,
+          tag: cipher.getAuthTag().toString('base64'),
+        }),
+      );
+      await this.redis.expire(ciphertext, PasswdService.TOKEN_EXPIRATION);
+      return ciphertext;
+    } catch (e) {
+      this.logger.error("Error while ask token. " + e + ` (uid=${askToken?.uid})`);
+      throw new BadRequestException('Impossible de générer un token, une erreur est survenue');
+    }
   }
 
   public async decryptToken(token: string): Promise<CipherData> {
     try {
       const result = await this.redis.get(token);
       const cypherData: TokenData = JSON.parse(result);
 
+      if (cypherData?.iv === undefined || cypherData?.k === undefined || cypherData?.tag === undefined) {
+        throw new NotFoundException('Invalid token');
+      }
+
       const decipher = crypto.createDecipheriv(PasswdService.TOKEN_ALGORITHM, cypherData.k, cypherData.iv);
       decipher.setAuthTag(Buffer.from(cypherData.tag, 'base64'));
       const plaintext = decipher.update(token, 'base64', 'ascii');
 
       return JSON.parse(plaintext);
     } catch (error) {
+      this.logger.verbose("Error while decrypting token. " + error + ` (token=${token})`);
       throw new BadRequestException('Invalid token');
     }
   }
 
   public async reset(data: ResetPasswordDto): Promise<[Jobs, any]> {
     const tokenData = await this.decryptToken(data.token);
-    const identity = await this.identities.findOne({ 'inetOrgPerson.uid': tokenData.uid }) as Identities;
 
-    return await this.backends.executeJob(
-      ActionType.IDENTITY_PASSWORD_RESET,
-      identity._id,
-      { uid: tokenData.uid, newPassword: data.newPassword, ...pick(identity, ['inetOrgPerson']) },
-      {
-        async: false,
-      },
-    );
+    try {
+      const identity = await this.identities.findOne({ 'inetOrgPerson.uid': tokenData.uid }) as Identities;
+
+      const [_, response] = await this.backends.executeJob(
+        ActionType.IDENTITY_PASSWORD_RESET,
+        identity._id,
+        { uid: tokenData.uid, newPassword: data.newPassword, ...pick(identity, ['inetOrgPerson']) },
+        {
+          async: false,
+          timeoutDiscard: true,
+          disableLogs: true,
+        },
+      );
+
+      if (response?.status === 0) {
+        await this.redis.del(data.token);
+        return [_, response];
+      }
+
+      throw new InternalServerErrorException('Une erreur est survenue : Impossible de réinitialiser le mot de passe');
+
+    } catch (e) {
+      this.logger.error("Error while reseting password. " + e + ` (token=${data?.token})`);
+      throw new BadRequestException('Une erreur est survenue : Tentative de réinitialisation de mot de passe impossible');
+    }
   }
 }