save

Author: alainabbas

package.json

@@ -48,6 +48,7 @@
   "dependencies": {
     "@kradihsoy/lt-schematics": "^1.0.13",
     "@nestjs-modules/ioredis": "^2.0.2",
+    "@nestjs-modules/mailer": "^2.0.2",
     "@nestjs/bullmq": "^10.1.1",
     "@nestjs/common": "^10.3.9",
     "@nestjs/config": "^3.2.2",
@@ -66,13 +67,16 @@
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
     "cookie-parser": "^1.4.6",
+    "handlebars": "^4.7.8",
     "helmet": "^7.1.0",
     "ioredis": "^5.4.1",
     "loglevel": "^1.9.1",
+    "mjml": "^4.15.3",
     "mongoose": "^8.4.3",
     "nest-commander": "^3.13.0",
     "nest-winston": "^1.10.0",
     "nestjs-request-context": "^3.0.0",
+    "nodemailer": "^6.9.14",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0",
@@ -101,6 +105,7 @@
     "@types/inquirer": "^9.0.7",
     "@types/jest": "^29.5.12",
     "@types/node": "^20.14.8",
+    "@types/nodemailer": "^6.4.15",
     "@types/passport": "^1.0.16",
     "@types/passport-http": "^0.3.11",
     "@types/passport-jwt": "^4.0.1",

src/app.module.ts

@@ -15,13 +15,34 @@ import { APP_FILTER, APP_GUARD, APP_PIPE } from '@nestjs/core';
 import { AuthGuard } from './_common/guards/auth.guard';
 import { MongooseValidationFilter } from './_common/filters/mongoose-validation.filter';
 import { DtoValidationPipe } from './_common/pipes/dto-validation.pipe';
+import {SettingstModule} from "~/settings/settings.module";
+import {MailerModule} from "@nestjs-modules/mailer";
+import {HandlebarsAdapter} from "@nestjs-modules/mailer/dist/adapters/handlebars.adapter";
+import {MjmlAdapter} from "@nestjs-modules/mailer/dist/adapters/mjml.adapter";
 
 @Module({
   imports: [
     ConfigModule.forRoot({
       isGlobal: true,
       load: [config],
     }),
+    MailerModule.forRootAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: async (config: ConfigService) => ({
+        transport: config.get('mailer.host'),
+        defaults: {
+          from: config.get('mailer.sender'),
+        },
+        template: {
+          dir: __dirname + '/../templates',
+          adapter: new HandlebarsAdapter(),
+          options: {
+            strict: true,
+          },
+        },
+      }),
+    }),
     MongooseModule.forRootAsync({
       imports: [ConfigModule],
       inject: [ConfigService],
@@ -59,6 +80,7 @@ import { DtoValidationPipe } from './_common/pipes/dto-validation.pipe';
     RequestContextModule,
     CoreModule.register(),
     ManagementModule.register(),
+    SettingstModule.register()
   ],
   controllers: [AppController],
   providers: [

src/config.ts

@@ -34,6 +34,16 @@ export interface ConfigInstance {
   jwt: {
     options: JwtModuleOptions;
   };
+  mailer: {
+    host: string;
+    port: number;
+    sender: string;
+  };
+  frontPwd: {
+    url:string;
+    identityMailAttribute: string;
+    identityMobileAttribute: string;
+  };
   swagger: {
     path: string;
     api: string;
@@ -101,4 +111,15 @@ export default (): ConfigInstance => ({
       },
     },
   },
+  mailer:{
+    host: process.env['SESAME_SMTP_SERVER'],
+    port: parseInt(process.env['SESAME_SMTP_PORT']) || 25,
+    sender: process.env['SESAME_MDP_SENDER'] || 'noreply@mydomain.com'
+  },
+  frontPwd:{
+    url: process.env['SESAME_FRONT_MDP'],
+    identityMailAttribute: process.env['SESAME_RESET_PWD_MAIL'] || '',
+    identityMobileAttribute: process.env['SESAME_RESET_PWD_MOBILE'] || ''
+  }
+
 });

src/management/passwd/dto/ask-code.dto.ts

@@ -0,0 +1,13 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString } from 'class-validator';
+
+export class AskCodeDto {
+  @IsString()
+  @ApiProperty({ example: 'paul.bismuth', description: 'User id' })
+  uid: string;
+
+  @ApiProperty({ example: 'monemail@mondomaine.com', description: 'secondary mail' })
+  @IsString()
+  mail: string;
+
+}

src/management/passwd/dto/ask-token.dto.ts

@@ -9,4 +9,5 @@ export class AskTokenDto {
   @ApiProperty({ example: 'monemail@mondomaine.com', description: 'secondary mail' })
   @IsString()
   mail: string;
+
 }

src/management/passwd/dto/init-account.dto.ts

@@ -0,0 +1,9 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString } from 'class-validator';
+
+export class InitAccountDto {
+
+  @ApiProperty({ example: 'uid', description: 'paul.smith' })
+  @IsString()
+  uid: string;
+}

src/management/passwd/passwd.controller.ts

@@ -7,13 +7,16 @@ import { AskTokenDto } from './dto/ask-token.dto';
 import { VerifyTokenDto } from './dto/verify-token.dto';
 import { ResetPasswordDto } from './dto/reset-password.dto';
 import {omit} from "radash";
+import {PasswdadmService} from "~/settings/passwdadm/passwdadm.service";
+import {PasswordPolicies} from "~/settings/passwdadm/_schemas/PasswordPolicies";
+import {InitAccountDto} from "~/management/passwd/dto/init-account.dto";
 
 @Controller('passwd')
 @ApiTags('management/passwd')
 export class PasswdController {
   private readonly logger = new Logger(PasswdController.name);
 
-  public constructor(private passwdService: PasswdService) { }
+  public constructor(private passwdService: PasswdService,private passwdadmService: PasswdadmService) { }
 
   @Post('change')
   @ApiOperation({ summary: 'Execute un job de changement de mot de passe sur le/les backends' })
@@ -73,8 +76,19 @@ export class PasswdController {
   @ApiOperation({ summary: 'Retourne la politique de mot de passe à appliquer' })
   @ApiResponse({ status: HttpStatus.OK })
   public async getPolicies(@Res() res: Response): Promise<Response> {
-    const data = await this.passwdService.getPolicies()
+    const data = await this.passwdadmService.getPolicies()
     //const datax=omit(data.toObject,['_id'])
     return res.status(HttpStatus.OK).json({data})
   }
+  @Post('init')
+  @ApiOperation({ summary: 'Initialise le compte envoi un jeton par mail à l\'identité' })
+  @ApiResponse({ status: HttpStatus.OK })
+  public async init(@Body() body: InitAccountDto, @Res() res: Response): Promise<Response> {
+    const debug = {}
+    const ok=await this.passwdService.initAccount(body)
+    return res.status(HttpStatus.OK).json({
+      message: 'Email envoyé verifiez votre boite mail alternative et vos spam',
+      ...debug,
+    });
+  }
 }

src/management/passwd/passwd.module.ts

@@ -3,20 +3,13 @@ import { PasswdService } from './passwd.service';
 import { PasswdController } from './passwd.controller';
 import { BackendsModule } from '~/core/backends/backends.module';
 import { IdentitiesModule } from '../identities/identities.module';
-import {MongooseModule} from "@nestjs/mongoose";
-import {Agents, AgentsSchema} from "~/core/agents/_schemas/agents.schema";
-import {PasswordPolicies,PasswordPoliciesSchema} from "~/management/passwd/_schemas/PasswordPolicies";
+import { PasswdadmModule} from "~/settings/passwdadm/passwdadm.module";
+import {PasswdadmService} from "~/settings/passwdadm/passwdadm.service";
+
 
 @Module({
   imports: [BackendsModule,
-    IdentitiesModule,
-    MongooseModule.forFeatureAsync([
-      {
-        name: PasswordPolicies.name,
-        useFactory: () => PasswordPoliciesSchema,
-      },
-    ]),
-  ],
+    IdentitiesModule, PasswdadmModule],
   controllers: [PasswdController],
   providers: [PasswdService],
 })

src/management/passwd/passwd.service.ts

@@ -10,11 +10,11 @@ import { AskTokenDto } from './dto/ask-token.dto';
 import { ChangePasswordDto } from './dto/change-password.dto';
 import { ResetPasswordDto } from './dto/reset-password.dto';
 import { IdentitiesService } from '../identities/identities.service';
-import { pick } from 'radash';
+import { pick,get } from 'radash';
 import { Identities } from '../identities/_schemas/identities.schema';
-import {PasswordPolicies} from "~/management/passwd/_schemas/PasswordPolicies";
-import {Model} from "mongoose";
-import {InjectModel} from "@nestjs/mongoose";
+import {MailerModule, MailerService} from "@nestjs-modules/mailer";
+import {InitAccountDto} from "~/management/passwd/dto/init-account.dto";
+import {ConfigService} from "@nestjs/config";
 
 interface TokenData {
   k: string;
@@ -31,20 +31,63 @@ interface CipherData {
 export class PasswdService extends AbstractService {
   public static readonly RANDOM_BYTES_K = 16;
   public static readonly RANDOM_BYTES_IV = 12;
+  public static readonly RANDOM_BYTES_CODE = 5;
 
   public static readonly TOKEN_ALGORITHM = 'aes-256-gcm';
 
-  public static readonly TOKEN_EXPIRATION = 3600;
+  public static readonly TOKEN_EXPIRATION = 604800;
+  public static readonly CODE_EXPIRATION = 900;
 
   public constructor(
     protected readonly backends: BackendsService,
     protected readonly identities: IdentitiesService,
-    @InjectRedis() private readonly redis: Redis,
-    @InjectModel(PasswordPolicies.name) protected passwordPolicies: Model<PasswordPolicies>
+    protected mailer: MailerService,
+    protected config: ConfigService,
+    @InjectRedis() private readonly redis: Redis
   ) {
     super();
   }
+  public async initAccount(initDto: InitAccountDto):Promise<any>{
+    //recherche de l'identity
+    try{
+      const identity = await this.identities.findOne({ 'inetOrgPerson.uid': initDto.uid }) as Identities;
+      //envoi du mail
+      const mailAttribute=this.config.get('frontPwd.identityMailAttribute')
+      this.logger.log("mailer.identityMailAttribute : " +mailAttribute )
+      if (mailAttribute !== '') {
+        const mail = <string>get(identity.toObject(), mailAttribute)
+        //demande du token
+        const token = await this.askToken({mail: mail, uid: initDto.uid})
+        //envoi du token
+        this.mailer.sendMail({
+          from: this.config.get('mailer.sender'),
+          to: mail,
+          subject: 'Activation de votre compte',
+          template: "initaccount",
+          context:{
+            uid: initDto.uid,
+            url:this.config.get('frontPwd.url')+'/initaccount/'+ token
+          }
+
+        })
+          .then(() => {
+            this.logger.log("Init compte envoyé  pour uid" +initDto.uid +" à " + mail )
+          })
+          .catch((e) => {
+            this.logger.error("Erreur envoi mail" + e )
+          })
+
+        return true
+      }else{
+        this.logger.error("Error while initAccount identityMailAttribute nor defined");
+        return false
+      }
+    }catch(e){
+      this.logger.error("Error while changing password. " + e + ` (uid=${initDto?.uid})`);
+      return false
+    }
 
+  }
   public async change(passwdDto: ChangePasswordDto): Promise<[Jobs, any]> {
     try {
       const identity = await this.identities.findOne({ 'inetOrgPerson.uid': passwdDto.uid }) as Identities;
@@ -81,8 +124,40 @@ export class PasswdService extends AbstractService {
       });
     }
   }
+  /*
+ public async askCode(askCode: AdkCode):Promise<[string,string]>{
+   try {
+     await this.identities.findOne({'inetOrgPerson.uid': askCode.uid});
+     const code = crypto.randomBytes(PasswdService.RANDOM_BYTES_CODE).toString('utf8')
+     const k = crypto.randomBytes(PasswdService.RANDOM_BYTES_K).toString('hex');
+     const iv = crypto.randomBytes(PasswdService.RANDOM_BYTES_IV).toString('base64');
+     const cipher = crypto.createCipheriv(PasswdService.TOKEN_ALGORITHM, k, iv);
+
+     let ciphertext = cipher.update(
+       JSON.stringify(<CipherData>{ code:code,uid: askToken.uid}),
+       'utf8',
+       'base64',
+     );
+     ciphertext += cipher.final('base64');
+
+     await this.redis.set(
+       ciphertext,
+       JSON.stringify(<TokenData>{
+         k,
+         iv,
+         tag: cipher.getAuthTag().toString('base64'),
+       }),
+     );
+     await this.redis.expire(ciphertext, PasswdService.TOKEN_EXPIRATION);
+     return [k,cipherText]
+   } catch (e) {
+    this.logger.error("Error while ask Code. " + e + ` (uid=${askToken?.uid})`);
+    throw new BadRequestException('Impossible de générer un token, une erreur est survenue');
+  }
+ }
+ */
 
-  public async askToken(askToken: AskTokenDto): Promise<string> {
+ public async askToken(askToken: AskTokenDto): Promise<string> {
     try {
       await this.identities.findOne({ 'inetOrgPerson.uid': askToken.uid });
 
@@ -106,7 +181,7 @@ export class PasswdService extends AbstractService {
         }),
       );
       await this.redis.expire(ciphertext, PasswdService.TOKEN_EXPIRATION);
-      return ciphertext;
+      return encodeURIComponent(ciphertext);
     } catch (e) {
       this.logger.error("Error while ask token. " + e + ` (uid=${askToken?.uid})`);
       throw new BadRequestException('Impossible de générer un token, une erreur est survenue');
@@ -115,6 +190,7 @@ export class PasswdService extends AbstractService {
 
   public async decryptToken(token: string): Promise<CipherData> {
     try {
+      token=decodeURIComponent(token)
       const result = await this.redis.get(token);
       const cypherData: TokenData = JSON.parse(result);
 
@@ -164,11 +240,5 @@ export class PasswdService extends AbstractService {
     }
   }
 
-  public async getPolicies(): Promise<any>{
-    const passwordPolicies = await this.passwordPolicies.findOne()
-    if (passwordPolicies === null){
-      return new this.passwordPolicies()
-    }
-    return passwordPolicies
-  }
+
 }

…ment/passwd/_schemas/PasswordPolicies.ts …s/passwdadm/_schemas/PasswordPolicies.tssrc/management/passwd/_schemas/PasswordPolicies.ts renamed to src/settings/passwdadm/_schemas/PasswordPolicies.ts src/management/passwd/_schemas/PasswordPolicies.ts renamed to src/settings/passwdadm/_schemas/PasswordPolicies.ts

@@ -6,7 +6,7 @@ export type PasswordPoliciesDocument = Identities & Document;
 
 @Schema({ versionKey: false })
 export class PasswordPolicies extends AbstractSchema {
-  @Prop({ type: Number, default: 8 })
+  @Prop({ type: Number, default: 10 })
   len: Number;
 
   @Prop({ type: Number,default:1 })
@@ -35,7 +35,11 @@ export class PasswordPolicies extends AbstractSchema {
 
   @Prop({ type: Number,default:3600 })
   bannedTime: Number;
+  @Prop({ type: Boolean,default:false })
+  resetBySms: Boolean;
 
+  @Prop({ type: String,default:'https://google.fr' })
+  redirectUrl: String;
 }
 
 export const PasswordPoliciesSchema = SchemaFactory.createForClass(PasswordPolicies);