envoi par sms

Author: alainabbas

package.json

@@ -63,13 +63,15 @@
     "ajv": "^8.16.0",
     "ajv-errors": "^3.0.0",
     "argon2": "^0.40.3",
+    "awesome-phonenumber": "^6.10.0",
     "bullmq": "^5.8.2",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
     "cookie-parser": "^1.4.6",
     "fast-password-entropy": "^1.1.1",
     "handlebars": "^4.7.8",
     "helmet": "^7.1.0",
+    "hibp": "^14.1.2",
     "ioredis": "^5.4.1",
     "loglevel": "^1.9.1",
     "mjml": "^4.15.3",
@@ -86,6 +88,7 @@
     "request-ip": "^3.3.0",
     "rxjs": "^7.8.1",
     "schema-to-yup": "^1.12.18",
+    "smpp": "^0.6.0-rc.4",
     "swagger-themes": "^1.4.3",
     "types-package-json": "^2.0.39",
     "winston": "^3.13.0",

src/config.ts

@@ -39,6 +39,13 @@ export interface ConfigInstance {
     port: number;
     sender: string;
   };
+  sms:{
+    host: string,
+    systemId: string,
+    password: string,
+    sourceAddr: string,
+    regionCode: string
+  },
   frontPwd: {
     url:string;
     identityMailAttribute: string;
@@ -120,6 +127,13 @@ export default (): ConfigInstance => ({
     url: process.env['SESAME_FRONT_MDP'],
     identityMailAttribute: process.env['SESAME_RESET_PWD_MAIL'] || '',
     identityMobileAttribute: process.env['SESAME_RESET_PWD_MOBILE'] || ''
+  },
+  sms:{
+    host: process.env['SESAME_SMPP_SERVER'] || '',
+    systemId: process.env['SESAME_SMPP_SYSTEMID'] || '',
+    password: process.env['SESAME_SMPP_PASSWORD'] || '',
+    sourceAddr: process.env['SESAME_SMPP_SOURCEADDR'] || '',
+    regionCode: process.env['SESAME_SMPP_REGIONCODE'] || 'FR'
   }
 
 });

src/management/passwd/dto/init-reset.dto.ts

@@ -1,8 +1,13 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { IsString } from 'class-validator';
+import {IsNumber, IsString} from 'class-validator';
 
 export class InitResetDto {
   @IsString()
   @ApiProperty({ example: 'paul.bismuth', description: 'User id' })
-  uid: string;
+  uid: string
+
+  @IsNumber()
+  @ApiProperty({ example: 0, description: '0 = send by mail, 1 = send by SMS' })
+  type: number
+
 }

src/management/passwd/passwd.controller.ts

@@ -27,6 +27,7 @@ export class PasswdController {
   @ApiResponse({status: HttpStatus.OK, description: 'Mot de passe synchronisé sur le/les backends'})
   public async change(@Body() body: ChangePasswordDto, @Res() res: Response): Promise<Response> {
     const debug = {}
+
     const [_, data] = await this.passwdService.change(body);
     this.logger.log(`Call passwd change for : ${body.uid}`);
 
@@ -40,6 +41,7 @@ export class PasswdController {
     });
   }
 
+  /*
   @Post('gettoken')
   @ApiOperation({summary: 'Récupère un jeton de réinitialisation de mot de passe'})
   @ApiResponse({status: HttpStatus.OK, description: 'Retourne un jeton de réinitialisation de mot de passe'})
@@ -60,7 +62,7 @@ export class PasswdController {
 
     return res.status(HttpStatus.OK).json({data});
   }
-
+*/
   @Post('resetbycode')
   @ApiOperation({summary: 'reinitialise le mot de passe avec le code reçu'})
   @ApiResponse({status: HttpStatus.OK})

src/management/passwd/passwd.module.ts

@@ -5,12 +5,13 @@ import { BackendsModule } from '~/core/backends/backends.module';
 import { IdentitiesModule } from '../identities/identities.module';
 import { PasswdadmModule} from "~/settings/passwdadm/passwdadm.module";
 import {PasswdadmService} from "~/settings/passwdadm/passwdadm.service";
+import {SmsService} from "~/management/passwd/sms-service";
 
 
 @Module({
   imports: [BackendsModule,
-    IdentitiesModule, PasswdadmModule],
+    IdentitiesModule, PasswdadmModule ],
   controllers: [PasswdController],
-  providers: [PasswdService],
+  providers: [PasswdService,SmsService],
 })
 export class PasswdModule { }

src/management/passwd/passwd.service.ts

@@ -17,6 +17,10 @@ import {InitAccountDto} from "~/management/passwd/dto/init-account.dto";
 import {ConfigService} from "@nestjs/config";
 import {randomInt} from "crypto";
 import {ResetByCodeDto} from "~/management/passwd/dto/reset-by-code-dto";
+import {PasswdadmService} from "~/settings/passwdadm/passwdadm.service";
+import {IdentityState} from "~/management/identities/_enums/states.enum";
+import {InitResetDto} from "~/management/passwd/dto/init-reset.dto";
+import {SmsService} from "~/management/passwd/sms-service";
 
 interface TokenData {
   k: string;
@@ -43,51 +47,70 @@ export class PasswdService extends AbstractService {
     protected readonly identities: IdentitiesService,
     protected mailer: MailerService,
     protected config: ConfigService,
+    private passwdadmService: PasswdadmService,
+    private smsService: SmsService,
     @InjectRedis() private readonly redis: Redis
   ) {
     super();
   }
-  public async initReset(initDto: InitAccountDto):Promise<any>{
+  //Initialisation du reset de mot de passe envoie un email ou par sms  un code et fourni un token au front.
+  // Le code est la clé du token
+  public async initReset(initDto: InitResetDto):Promise<any>{
     //envoi du mail
     try{
       const identity = await this.identities.findOne({ 'inetOrgPerson.uid': initDto.uid }) as Identities;
+      const k = randomInt(100000, 999999);
+      //asking for padding
+      const padd = await this.getPaddingForCode()
       const mailAttribute=this.config.get('frontPwd.identityMailAttribute')
-      this.logger.log("Reset passord asked for  : " + initDto.uid )
-      if (mailAttribute !== '') {
-        const mail = <string>get(identity.toObject(), mailAttribute)
-        const displayName=identity.inetOrgPerson.displayName
-        //const k=crypto.randomBytes(PasswdService.RANDOM_BYTES_CODE).toString('hex')
-        const k = randomInt(100000, 999999);
-        //asking for padding
-        const padd = await this.getPaddingForCode()
-        const token = await this.askToken({mail: mail, uid: initDto.uid}, padd + k.toString(16),PasswdService.CODE_EXPIRATION)
-        this.logger.log("Token :" + token + '  int : ' + k.toString(10))
-        this.mailer.sendMail({
-          from: this.config.get('mailer.sender'),
-          to: mail,
-          subject: 'Reinitialisation de votre mot de passe',
-          template: "resetaccount",
-          context:{
-            uid: identity.inetOrgPerson.uid,
-            displayName: displayName,
-            code: k
-          }
-
-        })
-          .then(() => {
-            this.logger.log("reset compte envoyé  pour uid" +initDto.uid +" à " + mail )
-          })
-          .catch((e) => {
-            throw new BadRequestException({
-              message: 'Erreur serveur lors de l envoi du mail',
-              error: "Bad Request",
-              statusCode: 400
-            });
+      const mail = <string>get(identity.toObject(), mailAttribute)
+      const token = await this.askToken({mail: mail, uid: initDto.uid}, padd + k.toString(16),PasswdService.CODE_EXPIRATION)
+      this.logger.log("Token :" + token + '  int : ' + k.toString(10))
+      if (initDto.type === 0){
+        this.logger.log("Reset password asked by mail for  : " + initDto.uid )
+        if (mailAttribute !== '') {
+          const displayName=identity.inetOrgPerson.displayName
+          this.mailer.sendMail({
+            from: this.config.get('mailer.sender'),
+            to: mail,
+            subject: 'Reinitialisation de votre mot de passe',
+            template: "resetaccount",
+            context:{
+              uid: identity.inetOrgPerson.uid,
+              displayName: displayName,
+              code: k
+            }
           })
-        return token
+            .then(() => {
+              this.logger.log("reset compte envoyé  pour uid" +initDto.uid +" à " + mail )
+            })
+            .catch((e) => {
+              throw new BadRequestException({
+                message: 'Erreur serveur lors de l envoi du mail',
+                error: "Bad Request",
+                statusCode: 400
+              });
+            })
+          return token
+        }else{
+          return false
+        }
       }else{
-        return false
+        //envoi par SMS si c est possible
+        const policies=await this.passwdadmService.getPolicies()
+        if (policies.resetBySms === true){
+          this.logger.log("Reset password asked by SMS for  : " + initDto.uid )
+          const smsAttribute=this.config.get('frontPwd.identityMobileAttribute')
+          if (smsAttribute !== ''){
+            const numTel = <string>get(identity.toObject(), smsAttribute)
+            this.smsService.send(numTel,"Votre code de reinitialisation : " + k.toString(10))
+          }
+          return token
+        }else{
+          return false
+        }
       }
+
     }catch(e){
       this.logger.error("Error while reseting password. " + e + ` (uid=${initDto?.uid})`);
       //on retoune un token qui ne sert à rien pour ne pas divulguer que l uid n existe pas
@@ -98,6 +121,7 @@ export class PasswdService extends AbstractService {
 
 
   }
+  //Initialisation du compte. Envoi d' un mail avec un token pour l'init du compte
   public async initAccount(initDto: InitAccountDto):Promise<any>{
     //recherche de l'identity
     try{
@@ -144,10 +168,19 @@ export class PasswdService extends AbstractService {
     }
 
   }
+  //Changement du password
   public async change(passwdDto: ChangePasswordDto): Promise<[Jobs, any]> {
     try {
-      const identity = await this.identities.findOne({ 'inetOrgPerson.uid': passwdDto.uid }) as Identities;
-
+      const identity = await this.identities.findOne({ 'inetOrgPerson.uid': passwdDto.uid,'state':IdentityState.SYNCED }) as Identities;
+      //verification de la police de mdp
+      if (await this.passwdadmService.checkPolicies(passwdDto.newPassword) === false){
+        throw new BadRequestException({
+          message: 'Une erreur est survenue : Le mot de passe ne respecte pas la politique des mots de passe',
+          error: "Bad Request",
+          statusCode: 400,
+        });
+      }
+      //tout est ok en envoie au backend
       return await this.backends.executeJob(ActionType.IDENTITY_PASSWORD_CHANGE, identity._id, {
         ...passwdDto,
         ...pick(identity.toJSON(), ['inetOrgPerson']),
@@ -181,7 +214,8 @@ export class PasswdService extends AbstractService {
     }
   }
 
- public async askToken(askToken: AskTokenDto,k,ttl): Promise<string> {
+  // Genere un token pour les autres methodes
+  public async askToken(askToken: AskTokenDto,k, ttl: number): Promise<string> {
     try {
       /*
       if (ttl >0){
@@ -217,6 +251,7 @@ export class PasswdService extends AbstractService {
       throw new BadRequestException('Impossible de générer un token, une erreur est survenue');
     }
   }
+  // decrypte le token à l aide du code
   public async decryptTokenWithCode(token: string,code: number): Promise<CipherData> {
     try {
       token=decodeURIComponent(token)
@@ -238,6 +273,7 @@ export class PasswdService extends AbstractService {
       throw new BadRequestException('Invalid token xx');
     }
   }
+  // decrypte le token d'initialisation du compte
   public async decryptToken(token: string): Promise<CipherData> {
     try {
       token=decodeURIComponent(token)
@@ -258,8 +294,17 @@ export class PasswdService extends AbstractService {
       throw new BadRequestException('Invalid token');
     }
   }
+  // reset du password
   public async resetByCode(data:ResetByCodeDto):Promise<[Jobs,any]>{
     this.logger.log('resetByCode : ' + data.token+ ' '+ data.code )
+    //verification du passwordPolicies
+    if (await this.passwdadmService.checkPolicies(data.newpassword) === false){
+      throw new BadRequestException({
+        message: 'Une erreur est survenue : Le mot de passe ne respecte pas la politique de securité',
+        error: "Bad Request",
+        statusCode: 400,
+      });
+    }
     const tokenData=await this.decryptTokenWithCode(data.token,data.code)
     this.logger.log( 'dataToken :' + tokenData)
     try{
@@ -288,11 +333,12 @@ export class PasswdService extends AbstractService {
       throw new BadRequestException('Une erreur est survenue : Tentative de réinitialisation de mot de passe impossible');
     }
   }
+  // methode pour le reset par token (pour l initialisation du compte)
   public async reset(data: ResetPasswordDto): Promise<[Jobs, any]> {
     const tokenData = await this.decryptToken(data.token);
 
     try {
-      const identity = await this.identities.findOne({ 'inetOrgPerson.uid': tokenData.uid }) as Identities;
+      const identity = await this.identities.findOne({ 'inetOrgPerson.uid': tokenData.uid,'state':IdentityState.SYNCED }) as Identities;
 
       const [_, response] = await this.backends.executeJob(
         ActionType.IDENTITY_PASSWORD_RESET,

src/management/passwd/sms-service.ts

@@ -0,0 +1,70 @@
+import {Injectable} from "@nestjs/common";
+import {AbstractService} from "~/_common/abstracts/abstract.service";
+import {ConfigService} from "@nestjs/config";
+import { parsePhoneNumber } from 'awesome-phonenumber'
+
+@Injectable()
+export class SmsService extends AbstractService {
+  public constructor(protected config: ConfigService){
+    super()
+  }
+  public send(telNumber: string , message:string){
+    this.logger.log('Envoi SMS : ' +telNumber + ' message :' + message)
+    const host = this.config.get('sms.host')
+    const systemId = this.config.get('sms.systemId')
+    const password = this.config.get('sms.password')
+    const sourceAddr=this.config.get('sms.sourceAddr')
+    const smpp = require('smpp');
+    const logger=this.logger
+    //normalisation du numero de telephone
+    const pTelNumber=parsePhoneNumber(telNumber,{ regionCode: this.config.get('sms.regionCode') })
+    this.logger.log('phone number parsed :' +pTelNumber.number.e164)
+    if (pTelNumber.valid === true){
+      const session = smpp.connect({
+        url: host,
+        debug: true
+      }, function() {
+        session.bind_transmitter({
+          system_id: systemId,
+          password: password,
+        }, function(pdu) {
+          if (pdu.command_status === 0) {
+            // Successfully bound
+            session.submit_sm({
+              source_addr_ton: 5,
+              source_addr_npi:0,
+              source_addr : sourceAddr,
+              destination_addr: pTelNumber.number.e164,
+              dest_addr_ton:1,
+              dest_addr_npi:1,
+              data_coding: 'GSM 03.38',
+              short_message: message
+            }, function(pdu) {
+              if (pdu.command_status === 0) {
+                // Message successfully sent
+                console.log('SUCCESS : ' + pdu.message_id);
+                logger.log('SMS SUCCESS ')
+                session.unbind()
+                session.close()
+              }else{
+                console.log('FAIL : ' + pdu.command_status)
+                session.unbind()
+                session.close()
+              }
+            });
+          }
+          session.on('error', function(error){
+            console.log('smpp error', error)
+            logger.log('SMS ERREUR ' + error)
+            session.unbind()
+            session.close()
+          })
+        });
+      });
+    }else{
+      this.logger.error( 'Numero invalide :' + telNumber)
+    }
+
+
+  }
+}