From f36ee0f36618e8142ce2b2f9cd3a93be4ea950e7 Mon Sep 17 00:00:00 2001 From: Abhishek Mishra Date: Wed, 28 Dec 2022 17:31:47 +0530 Subject: [PATCH] User Login: restricting user login if registration doesn't match with the current application-id passed --- src/api/api.service.ts | 15 ++++++- src/user/user.service.ts | 88 +++++++++++++++++++++++++--------------- 2 files changed, 69 insertions(+), 34 deletions(-) diff --git a/src/api/api.service.ts b/src/api/api.service.ts index 221a32a..b7ef165 100644 --- a/src/api/api.service.ts +++ b/src/api/api.service.ts @@ -58,9 +58,22 @@ export class ApiService { .then(async (resp: ClientResponse) => { let fusionAuthUser: any = resp.response; if (fusionAuthUser.user === undefined) { - console.log('Here'); fusionAuthUser = fusionAuthUser.loginResponse.successResponse; } + if ( + fusionAuthUser.user.registrations.filter((registration) => { + return registration.applicationId == user.applicationId; + }).length == 0 + ) { + // User is not registered in the requested application. Let's throw error. + const response: SignupResponse = new SignupResponse().init(uuidv4()); + response.responseCode = ResponseCode.FAILURE; + response.params.err = 'INVALID_REGISTRATION'; + response.params.errMsg = + 'User registration not found in the given application.'; + response.params.status = ResponseStatus.failure; + return response; + } // if (fusionAuthUser.user.data.accountName === undefined) { // if (fusionAuthUser.user.fullName == undefined) { // if (fusionAuthUser.user.firstName === undefined) { diff --git a/src/user/user.service.ts b/src/user/user.service.ts index 57359f2..f1be9e1 100644 --- a/src/user/user.service.ts +++ b/src/user/user.service.ts @@ -1,25 +1,15 @@ import * as addressSchema from './schema/address.json'; import * as educationSchema from './schema/education.json'; import * as userSchema from './schema/user.json'; -const env = require("dotenv").config(); -const CryptoJS = require("crypto-js"); -const AES = require("crypto-js/aes"); - -CryptoJS.lib.WordArray.words; - -const encodedBase64Key = process.env.ENCRYPTION_KEY; -const parsedBase64Key = ((encodedBase64Key === undefined) ? "bla" : CryptoJS.enc.Base64.parse(encodedBase64Key)); - import { AccountStatus, ResponseCode, ResponseStatus, SignupResponse, - UsersResponse, } from './user.interface'; import Ajv, { ErrorObject } from 'ajv'; import { FAStatus, FusionauthService } from './fusionauth/fusionauth.service'; -import { LoginResponse, UUID, User } from '@fusionauth/typescript-client'; +import { LoginResponse, User, UUID } from '@fusionauth/typescript-client'; import { ChangePasswordDTO } from './dto/changePassword.dto'; import ClientResponse from '@fusionauth/typescript-client/build/src/ClientResponse'; @@ -28,6 +18,18 @@ import { OtpService } from './otp/otp.service'; import { SMSResponseStatus } from './sms/sms.interface'; import { UserDBService } from './user-db/user-db.service'; import { v4 as uuidv4 } from 'uuid'; +// eslint-disable-next-line @typescript-eslint/no-var-requires +const CryptoJS = require('crypto-js'); +// eslint-disable-next-line @typescript-eslint/no-var-requires +const AES = require('crypto-js/aes'); + +CryptoJS.lib.WordArray.words; + +const encodedBase64Key = process.env.ENCRYPTION_KEY; +const parsedBase64Key = + encodedBase64Key === undefined + ? 'bla' + : CryptoJS.enc.Base64.parse(encodedBase64Key); // ajv.addSchema(educationSchema, 'education'); // ajv.addSchema(userSchema, 'user'); @@ -129,7 +131,7 @@ export class UserService { }, }; } else { - const deletedUser = await this.fusionAuthService.delete(userId); + await this.fusionAuthService.delete(userId); // Update response with correct status - ERROR. response.responseCode = ResponseCode.FAILURE; if (!status) { @@ -190,7 +192,7 @@ export class UserService { }: { statusFA: FAStatus; userId: UUID; fusionAuthUser: User } = await this.fusionAuthService.update(userID, authObj); - if (this.isOldSchoolUser(fusionAuthUser)) { + if (UserService.isOldSchoolUser(fusionAuthUser)) { response.result = { responseMsg: 'User Updated Successfully', accountStatus: null, @@ -263,23 +265,47 @@ export class UserService { .then(async (resp: ClientResponse) => { let fusionAuthUser: any = resp.response; if (fusionAuthUser.user === undefined) { - console.log("Here") fusionAuthUser = fusionAuthUser.loginResponse.successResponse; } - if (fusionAuthUser.user.data.accountName === undefined) { - if (fusionAuthUser.user.fullName == undefined) { - if (fusionAuthUser.user.firstName === undefined){ - fusionAuthUser['user']['data']['accountName'] = this.decrypt(user.loginId) + if ( + fusionAuthUser.user.registrations.filter((registration) => { + return registration.applicationId == user.applicationId; + }).length == 0 + ) { + // User is not registered in the requested application. Let's throw error. + const response: SignupResponse = new SignupResponse().init(uuidv4()); + response.responseCode = ResponseCode.FAILURE; + response.params.err = 'INVALID_REGISTRATION'; + response.params.errMsg = + 'User registration not found in the given application.'; + response.params.status = ResponseStatus.failure; + return response; + } + if (fusionAuthUser?.user?.data?.accountName === undefined) { + if (fusionAuthUser?.user?.fullName == undefined) { + if (fusionAuthUser?.user?.firstName === undefined) { + if (!fusionAuthUser.user.data) { + fusionAuthUser.user.data = {}; + } + fusionAuthUser['user']['data']['accountName'] = this.decrypt( + user.loginId, + ); + } else { + if (!fusionAuthUser.user.data) { + fusionAuthUser.user.data = {}; + } + fusionAuthUser['user']['data']['accountName'] = + fusionAuthUser.user.firstName; } - else { - fusionAuthUser['user']['data']['accountName'] = fusionAuthUser.user.firstName + } else { + if (!fusionAuthUser.user.data) { + fusionAuthUser.user.data = {}; } - } - else{ - fusionAuthUser['user']['data']['accountName'] = fusionAuthUser.user.fullName + fusionAuthUser['user']['data']['accountName'] = + fusionAuthUser.user.fullName; } } - if (this.isOldSchoolUser(fusionAuthUser.user)) { + if (UserService.isOldSchoolUser(fusionAuthUser.user)) { //updateUserData with school and udise fusionAuthUser.user.data = {}; const udise = fusionAuthUser.user.username; @@ -295,7 +321,6 @@ export class UserService { //login again to get new JWT fusionAuthUser = (await this.fusionAuthService.login(user)).response; if (fusionAuthUser.user === undefined) { - console.log("Here") fusionAuthUser = fusionAuthUser.loginResponse.successResponse; } const response: SignupResponse = new SignupResponse().init(uuidv4()); @@ -474,7 +499,7 @@ export class UserService { return response; } - private isOldSchoolUser(fusionAuthUser: User) { + private static isOldSchoolUser(fusionAuthUser: User) { return ( fusionAuthUser.registrations[0].roles === undefined || (fusionAuthUser.registrations.length > 0 && @@ -500,17 +525,14 @@ export class UserService { } encrypt(plainString: any): any { - const encryptedString = AES.encrypt(plainString, parsedBase64Key, { + return AES.encrypt(plainString, parsedBase64Key, { mode: CryptoJS.mode.ECB, }).toString(); - return encryptedString; - }; + } decrypt(encryptedString: any): any { - const plainString = AES.decrypt(encryptedString, parsedBase64Key, { + return AES.decrypt(encryptedString, parsedBase64Key, { mode: CryptoJS.mode.ECB, }).toString(CryptoJS.enc.Utf8); - return plainString; - }; - + } }