reset

Author: alainabbas

package.json

@@ -30,6 +30,7 @@
     "@types/passport-http": "^0.3.11",
     "bullmq": "^4.14.0",
     "class-validator": "^0.14.0",
+    "ioredis": "^5.3.2",
     "passport": "^0.6.0",
     "passport-headerapikey": "^1.2.2",
     "reflect-metadata": "^0.1.13",

src/config.ts

@@ -6,6 +6,7 @@ export default () => ({
         password: process.env.REDIS_PASSWORD ||''
     },
     logLevel: process.env.LOG_LEVEL || 'info',
-    nameQueue: process.env.NAME_QUEUE || 'backend',
+    nameQueue:  process.env.NAME_QUEUE || 'backend',
+    secret: process.env.SECRET || 'mySecret',
 });
 

src/passwd/dto/ask-token.dto.ts

@@ -0,0 +1,10 @@
+import { IsInt, IsString } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+export class AskTokenDto {
+    @IsString()
+    @ApiProperty({ example: 'paul.bismuth',description: 'User  Uid' })
+    uid: string;
+    @ApiProperty({ example: 'monemail@mondomaine.com',description: 'secondary mail' })
+    @IsString()
+    mail: string
+}

src/passwd/dto/change-password.dto.ts

@@ -6,7 +6,7 @@ export class ChangePasswordDto {
     uid: string;
     @ApiProperty({ example: 'MyOldPassword',description: 'Old Password' })
     @IsString()
-    oldPassword: number;
+    oldPassword:string;
     @ApiProperty({ example: 'MyNewPassword',description: 'New Password' })
     @IsString()
     newPassword: string;

src/passwd/dto/reset-password.dto.ts

@@ -0,0 +1,10 @@
+import { IsInt, IsString } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+export class ResetPasswordDto {
+    @IsString()
+    @ApiProperty({ example: 'S9nv9vjxdW7bS0haoWUmdJ3XPbSJ7dSdRj2ND1z9RvqLK/sF1LKZpfnWDvLX1dZuG0WGEyAb9A==',description: 'Token' })
+    token: string;
+    @ApiProperty({ example: 'MyNewPassword',description: 'New Password' })
+    @IsString()
+    newPassword: string;
+}

src/passwd/dto/verify-token.dto.ts

@@ -0,0 +1,7 @@
+import { IsInt, IsString } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+export class VerifyTokenDto {
+    @ApiProperty({ example: 'S9nv9vjxdW7bS0haoWUmdJ3XPbSJ7dSdRj2ND1z9RvqLK/sF1LKZpfnWDvLX1dZuG0WGEyAb9A==',description: 'token received by getToken' })
+    @IsString()
+    token: string
+}

src/passwd/passwd.controller.ts

@@ -1,40 +1,94 @@
 import {Controller, Post, Body, Res, UseGuards, Logger} from '@nestjs/common';
-import { PasswdService } from './passwd.service';
+import {PasswdService} from './passwd.service';
 import {
     ApiTags,
     ApiOperation,
     ApiResponse, ApiBearerAuth
 } from '@nestjs/swagger';
-import { Response } from 'express';
-import { ChangePasswordDto } from './dto/change-password.dto';
-import { AuthGuard } from '@nestjs/passport';
+import {Response} from 'express';
+import {ChangePasswordDto} from './dto/change-password.dto';
+import {AuthGuard} from '@nestjs/passport';
+import {AskTokenDto} from "./dto/ask-token.dto";
+import {VerifyTokenDto} from "./dto/verify-token.dto";
+import {ResetPasswordDto} from "./dto/reset-password.dto";
 
 
 @Controller('passwd')
 @ApiTags('passwd')
 export class PasswdController {
     private readonly logger = new Logger(PasswdController.name);
-  constructor(private passwdService: PasswdService) {
-  }
-  @Post()
-  @ApiOperation({ summary: 'change password' })
-  @ApiResponse({ status: 201, description: 'Password has been successfully changed.'})
-  @ApiResponse({ status: 403, description: 'Old password wrong'})
-  @ApiResponse({ status: 500, description: 'Backend error'})
-  @ApiBearerAuth()
-  @UseGuards(AuthGuard("api-key"))
-  async change(@Body() cpwd: ChangePasswordDto,@Res() res: Response): Promise<Response>{
-       this.logger.log('call passwd')
-       const data= await this.passwdService.change(cpwd)
-       console.log(data)
-       data.data.uid=cpwd.uid
-      if ( data.data.status === 0){
+
+    constructor(private passwdService: PasswdService) {
+    }
+
+    @Post('change')
+    @ApiOperation({summary: 'change password'})
+    @ApiResponse({status: 201, description: 'Password has been successfully changed.'})
+    @ApiResponse({status: 403, description: 'Old password wrong'})
+    @ApiResponse({status: 500, description: 'Backend error'})
+    @ApiBearerAuth()
+    @UseGuards(AuthGuard("api-key"))
+    async change(@Body() cpwd: ChangePasswordDto, @Res() res: Response): Promise<Response> {
+
+        const data = await this.passwdService.change(cpwd)
+        console.log(data)
+        data.data.uid = cpwd.uid
+        this.logger.log('call passwd change for : ' + cpwd.uid)
+        if (data.data.status === 0) {
+            return res.status(201).json(data);
+        } else {
+            if (data.data.status === 1) {
+                return res.status(403).json(data);
+            }
+            this.logger.log('ERROR : ' + data)
             return res.status(201).json(data);
+        }
+    }
+
+    @Post('gettoken')
+    @ApiOperation({summary: 'ask token for reseting password'})
+    @ApiResponse({status: 201, description: 'Token', content: {}})
+    @ApiResponse({status: 500, description: 'Backend error'})
+    @ApiBearerAuth()
+    @UseGuards(AuthGuard("api-key"))
+    async gettoken(@Body() asktoken: AskTokenDto, @Res() res: Response): Promise<Response> {
+        const data = await this.passwdService.askToken(asktoken)
+        const ret = {token: data}
+        console.log(ret)
+        return res.status(201).json(ret);
+    }
+    @Post('verifytoken')
+    @ApiOperation({summary: 'ask token for reseting password'})
+    @ApiResponse({status: 201, description: 'Token OK'})
+    @ApiResponse({status: 500, description: 'Token KO'})
+    @ApiBearerAuth()
+    @UseGuards(AuthGuard("api-key"))
+    async verifyToken(@Body() token:VerifyTokenDto ,@Res() res: Response): Promise<Response> {
+    const ok=await this.passwdService.verifyToken(token.token)
+        if (ok === true){
+            return res.status(201).json(token)
+        }else{
+            return res.status(500).json(token)
+        }
+
+    }
+    @Post('reset')
+    @ApiOperation({summary: 'reset password'})
+    @ApiResponse({status: 201, description: 'Reset OK'})
+    @ApiResponse({status: 500, description: 'Reset KO'})
+    @ApiBearerAuth()
+    @UseGuards(AuthGuard("api-key"))
+    async reset(@Body() data:ResetPasswordDto,@Res()res:Response):Promise<Response>{
+        const tokenData=await this.passwdService.decryptToken(data.token)
+        if (Object.keys(tokenData).length === 0){
+            return res.status(500).json({'status':1,'error':'invalid token'})
         }else{
-          if (data.data.status === 1){
-              return res.status(403).json(data);
-          }
-          return res.status(201).json(data);
+
+            return res.status(200).json({'status':0,'error':''})
+
+
         }
-  }
+
+    }
 }
+

src/passwd/passwd.service.ts

@@ -1,8 +1,11 @@
 import { Injectable } from '@nestjs/common';
 import {ChangePasswordDto} from "./dto/change-password.dto";
-import {InjectQueue} from "@nestjs/bullmq";
 import { Queue,QueueEvents} from 'bullmq'
 import { ConfigService } from '@nestjs/config';
+import * as crypto from 'crypto'
+import {AskTokenDto} from "./dto/ask-token.dto";
+import Redis from "ioredis";
+import {ResetPasswordDto} from "./dto/reset-password.dto";
 @Injectable()
 export class PasswdService {
 
@@ -17,6 +20,68 @@ export class PasswdService {
       })
         return await job.waitUntilFinished(queueEvents,30000)
   }
+  async askToken(askToken:AskTokenDto){
+      const redisConfig={host:this.configService.get('redis.host'),port:this.configService.get('redis.port'),db:1}
+      let redis=new Redis(redisConfig)
+      const iv = crypto.randomBytes(12).toString('base64')
+      const key = crypto.randomBytes(16).toString('hex')
+      const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+      const dataStruct={'uid':askToken.uid,'mail':askToken.mail}
+      let ciphertext = cipher.update(JSON.stringify(dataStruct), 'utf8', 'base64')
+      ciphertext += cipher.final('base64');
+      const tag = cipher.getAuthTag();
+      const tokenStruct=JSON.stringify({k:key,iv:iv,tag:tag})
+      await redis.set(ciphertext, tokenStruct)
+      await redis.expire(ciphertext, 3600)
+      return ciphertext
+  }
+  async verifyToken(token){
+      const data=await this.decryptToken(token)
+      console.log('r :  '+JSON.stringify(data))
+      if (Object.keys(data).length === 0){
+          return false
+      }else{
+          return true
+      }
+
+  }
+  async decryptToken(token:string){
+      const redisConfig={host:this.configService.get('redis.host'),port:this.configService.get('redis.port'),db:1}
+      let redis=new Redis(redisConfig)
+      const ok=await redis.exists(token)
+      if (ok === 1){
+          const result=await redis.get(token)
+          const cypherData=JSON.parse(result)
+          console.log(cypherData)
+          const decipher = crypto.createDecipheriv(
+                  "aes-256-gcm",
+                  cypherData.k,
+                  cypherData.iv
+          );
+          decipher.setAuthTag(Buffer.from(cypherData.tag, 'base64'));
+          let plaintext = decipher.update(token, 'base64', 'ascii');
+          console.log('texte : ' + plaintext)
+          return JSON.parse(plaintext)
+      }else{
+          return {}
+      }
+  }
+  async reset(data:ResetPasswordDto){
+      const tokenData=await this.decryptToken(data.token)
+      if (Object.keys(tokenData).length === 0){
+          return false
+      }
+      const redisConfig={host:this.configService.get('redis.host'),port:this.configService.get('redis.port')}
+      const queue=new Queue(this.configService.get('nameQueue'),{connection:redisConfig})
+      const queueEvents = new QueueEvents(this.configService.get('nameQueue'),{connection: redisConfig})
+      const job=await queue.add('RESETPWD',tokenData)
+      queueEvents.on('failed',(errors)=>{
+          console.log(errors)
+      })
+      return await job.waitUntilFinished(queueEvents,30000)
+
+  }
+
 }