force password

Author: alainabbas

src/management/identities/_dto/force-password-dto.ts

@@ -0,0 +1,12 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString } from 'class-validator';
+
+export class ForcePasswordDto {
+  @IsString()
+  @ApiProperty({ example: '66d80ab41821baca9bf965b2', description: 'User object id', type: String })
+  public id: string;
+
+  @IsString()
+  @ApiProperty({ example: 'MyNewPassword', description: 'New password', type: String })
+  public newPassword: string;
+}

src/management/identities/abstract-identities.service.ts

@@ -13,13 +13,15 @@ import { BackendsService } from '~/core/backends/backends.service';
 import { construct, omit } from 'radash';
 import { toPlainAndCrush } from '~/_common/functions/to-plain-and-crush';
 import { createHash } from 'node:crypto';
+import {PasswdadmService} from "~/settings/passwdadm.service";
 
 @Injectable()
 export abstract class AbstractIdentitiesService extends AbstractServiceSchema {
   public constructor(
     @InjectModel(Identities.name) protected _model: Model<Identities>,
     protected readonly _validation: IdentitiesValidationService,
     protected readonly storage: FactorydriveService,
+    protected readonly passwdAdmService: PasswdadmService,
     @Inject(forwardRef(() => BackendsService)) protected readonly backends: BackendsService,
   ) {
     super();

src/management/identities/identities-forcepassword.controller.ts

@@ -0,0 +1,33 @@
+import { AbstractController } from '~/_common/abstracts/abstract.controller';
+import { IdentitiesActivationService } from '~/management/identities/identities-activation.service';
+import { ApiOperation, ApiResponse, ApiTags} from '@nestjs/swagger';
+import { Body, Controller, HttpStatus, Post, Res} from '@nestjs/common';
+import { Response } from 'express';
+import { ActivationDto } from '~/management/identities/_dto/_parts/activation-dto';
+import {ForcePasswordDto} from "~/management/identities/_dto/force-password-dto";
+import {IdentitiesForcepasswordService} from "~/management/identities/identities-forcepassword.service";
+
+@ApiTags('management/identities')
+@Controller('identities')
+export class IdentitiesForcePasswordController extends AbstractController {
+  public constructor(protected readonly _service: IdentitiesForcepasswordService) {
+    super();
+  }
+  @Post('forcepassword')
+  @ApiOperation({ summary: 'force le mot de passe de l identite' })
+  @ApiResponse({ status: HttpStatus.OK })
+  public async forcePassword(@Res() res: Response, @Body() body: ForcePasswordDto): Promise<Response> {
+    try {
+      const data = await this._service.forcePassword(body.id, body.newPassword);
+      return res.status(HttpStatus.OK).json({
+        statusCode: HttpStatus.OK,
+        data,
+      });
+    } catch (error) {
+      return res.status(HttpStatus.BAD_REQUEST).json({
+        statusCode: HttpStatus.BAD_REQUEST,
+        message: error.message,
+      });
+    }
+  }
+}

src/management/identities/identities-forcepassword.service.ts

@@ -0,0 +1,60 @@
+import { AbstractIdentitiesService } from '~/management/identities/abstract-identities.service';
+import { Identities } from '~/management/identities/_schemas/identities.schema';
+import {BadRequestException, HttpException, Injectable} from '@nestjs/common';
+import { DataStatusEnum } from '~/management/identities/_enums/data-status';
+import {ActionType} from "~/core/backends/_enum/action-type.enum";
+
+
+
+@Injectable()
+export class IdentitiesForcepasswordService extends AbstractIdentitiesService {
+
+  public async forcePassword(id: string, newPassword: string) {
+    //recherche de l'identité
+    let identity: Identities = null;
+    try {
+      identity = await this.findById<Identities>(id);
+    } catch (error) {
+      throw new HttpException('Id not found', 400);
+    }
+    if (identity.lastBackendSync === null) {
+      throw new HttpException('Identity has never been synced', 400);
+    }
+    if (identity.dataStatus === DataStatusEnum.DELETED) {
+      throw new BadRequestException('Identity is in status deleted');
+    }
+    //changement du password check de la policy
+    if ((await this.passwdAdmService.checkPolicies(newPassword)) === false) {
+      throw new BadRequestException({
+        message: 'Une erreur est survenue : Le mot de passe ne respecte pas la politique des mots de passe',
+        error: 'Bad Request',
+        statusCode: 400,
+      });
+     //ok on envoie le changement de mdp
+      try{
+        const [_, response] = await this.backends.executeJob(
+          ActionType.IDENTITY_PASSWORD_RESET,
+          identity._id,
+          { uid: identity.inetOrgPerson.uid, newPassword: newPassword, ...identity.toJSON() },
+          {
+            async: false,
+            timeoutDiscard: true,
+            disableLogs: false,
+            switchToProcessing: false,
+            updateStatus: false,
+          },
+        );
+        if (response?.status === 0) {
+          return [_, response];
+        }
+      }catch (e) {
+        this.logger.error('Error while reseting password. ' + e + ` (uid=${identity.inetOrgPerson.uid})`);
+        throw new BadRequestException(
+          'Une erreur est survenue : Tentative de réinitialisation de mot de passe impossible',
+        );
+      }
+
+
+    }
+  }
+}

src/management/identities/identities.module.ts

@@ -18,6 +18,11 @@ import { IdentitiesPhotoController } from '~/management/identities/identities-ph
 import { IdentitiesActivationController } from '~/management/identities/identities-activation.controller';
 import { IdentitiesActivationService } from '~/management/identities/identities-activation.service';
 import { IdentitiesDoublonController } from '~/management/identities/identities-doublon.controller';
+import {IdentitiesForcePasswordController} from "~/management/identities/identities-forcepassword.controller";
+import {IdentitiesForcepasswordService} from "~/management/identities/identities-forcepassword.service";
+import {SettingsModule} from "~/settings/settings.module";
+import {PasswdadmService} from "~/settings/passwdadm.service";
+import {PasswdModule} from "~/management/passwd/passwd.module";
 
 @Module({
   imports: [
@@ -31,6 +36,7 @@ import { IdentitiesDoublonController } from '~/management/identities/identities-
     ]),
     FilestorageModule,
     forwardRef(() => BackendsModule),
+    SettingsModule
   ],
   providers: [
     IdentitiesUpsertService,
@@ -43,13 +49,15 @@ import { IdentitiesDoublonController } from '~/management/identities/identities-
       useClass: IdentitiesValidationFilter,
     },
     IdentitiesJsonformsService,
+    IdentitiesForcepasswordService
   ],
   controllers: [
     IdentitiesCrudController,
     IdentitiesUpsertController,
     IdentitiesPhotoController,
     IdentitiesDoublonController,
     IdentitiesActivationController,
+    IdentitiesForcePasswordController
   ],
   exports: [IdentitiesCrudService],
 })