enable password on invite or reset

src/command/management/user/userCommand.ts

@@ -7,6 +7,7 @@ export interface CreateUserCommand {
   lastname: string;
   secret: string;
   isOwner: boolean;
+  routine: LoginRoutineEnum;
 }
 
 export interface UpdateUserCommand {

src/command/management/user/userCommandHandler.ts

@@ -31,6 +31,7 @@ export default abstract class UserCommandHandler {
         lastname: createUser.lastname,
         secret: createUser.secret,
         isOwner: createUser.isOwner,
+        routine: createUser.routine,
       })
       .execute()
       .then((result) => {

src/controller/authController.ts

@@ -41,6 +41,8 @@ export async function login(req: Request, res: Response): Promise<any> {
   let { id } = await UserService.getByUsername(username);
   let { secret, routine } = await UserService.getUserSecretAndRoutine(id);
 
+  console.log(secret, passedSecret);
+
   let valid = false;
   if (routine == LoginRoutineEnum.totp) {
     valid = speakeasy.totp.verify({
@@ -50,7 +52,6 @@ export async function login(req: Request, res: Response): Promise<any> {
       window: 2,
     });
   } else {
-    console.log(passedSecret, secret, passedSecret == secret);
     valid = passedSecret == secret;
   }
 

src/controller/inviteController.ts

@@ -16,6 +16,7 @@ import UserService from "../service/management/userService";
 import CustomRequestException from "../exceptions/customRequestException";
 import InviteFactory from "../factory/admin/management/invite";
 import SettingHelper from "../helpers/settingsHelper";
+import { LoginRoutineEnum } from "../enums/loginRoutineEnum";
 
 /**
  * @description get all invites
@@ -112,20 +113,26 @@ export async function verifyInvite(req: Request, res: Response): Promise<any> {
  */
 export async function finishInvite(req: Request, res: Response, grantAdmin: boolean = false): Promise<any> {
   let mail = req.body.mail;
+  let routine = req.body.routine;
   let token = req.body.token;
-  let totp = req.body.totp;
+  let passedSecret = req.body.secret;
 
   let { secret, username, firstname, lastname } = await InviteService.getByMailAndToken(mail, token);
 
-  let valid = speakeasy.totp.verify({
+  let valid = false;
-    secret: secret,
+  if (routine == LoginRoutineEnum.totp) {
-    encoding: "base32",
+    valid = speakeasy.totp.verify({
-    token: totp,
+      secret: secret,
-    window: 2,
+      encoding: "base32",
-  });
+      token: passedSecret,
+      window: 2,
+    });
+  } else {
+    valid = passedSecret != "";
+  }
 
   if (!valid) {
-    throw new UnauthorizedRequestException("Token not valid or expired");
+    throw new UnauthorizedRequestException("Credentials not valid or expired");
   }
 
   let createUser: CreateUserCommand = {
@@ -133,8 +140,9 @@ export async function finishInvite(req: Request, res: Response, grantAdmin: bool
     firstname: firstname,
     lastname: lastname,
     mail: mail,
-    secret: secret,
+    secret: routine == LoginRoutineEnum.totp ? secret : passedSecret,
     isOwner: grantAdmin,
+    routine,
   };
   let id = await UserCommandHandler.create(createUser);
 

src/controller/resetController.ts

@@ -81,28 +81,34 @@ export async function verifyReset(req: Request, res: Response): Promise<any> {
  */
 export async function finishReset(req: Request, res: Response): Promise<any> {
   let mail = req.body.mail;
+  let routine = req.body.routine;
   let token = req.body.token;
-  let totp = req.body.totp;
+  let passedSecret = req.body.secret;
 
   let { secret, username } = await ResetService.getByMailAndToken(mail, token);
 
-  let valid = speakeasy.totp.verify({
+  let valid = false;
-    secret: secret,
+  if (routine == LoginRoutineEnum.totp) {
-    encoding: "base32",
+    valid = speakeasy.totp.verify({
-    token: totp,
+      secret: secret,
-    window: 2,
+      encoding: "base32",
-  });
+      token: passedSecret,
+      window: 2,
+    });
+  } else {
+    valid = passedSecret != "";
+  }
 
   if (!valid) {
-    throw new UnauthorizedRequestException("Token not valid or expired");
+    throw new UnauthorizedRequestException("Credentials not valid or expired");
   }
 
   let { id } = await UserService.getByUsername(username);
 
   let updateUserSecret: UpdateUserSecretCommand = {
     id,
-    secret,
+    secret: routine == LoginRoutineEnum.totp ? secret : passedSecret,
-    routine: LoginRoutineEnum.totp,
+    routine,
   };
   await UserCommandHandler.updateSecret(updateUserSecret);
 

src/helpers/settingsHelper.ts

@@ -56,12 +56,17 @@ export default abstract class SettingHelper {
       return rawValue as unknown as SettingValueMapping[K];
     }
 
+    let processedValue = rawValue;
+    if (typeof settingType.type === "string" && settingType.type.includes("/crypt")) {
+      processedValue = CodingHelper.decrypt(APPLICATION_SECRET, processedValue);
+    }
+
     const baseType =
       typeof settingType.type === "string"
         ? (settingType.type.split("/")[0] as SettingTypeAtom)
         : (settingType.type as SettingTypeAtom);
 
-    return this.converters[baseType].fromString(rawValue) as unknown as SettingValueMapping[K];
+    return this.converters[baseType].fromString(processedValue) as unknown as SettingValueMapping[K];
   }
 
   /**
@@ -81,11 +86,11 @@ export default abstract class SettingHelper {
     const settingType = settingsType[key];
     this.validateSetting(key, stringValue);
 
-    const oldValue = this.getSetting(key);
+    const oldValue = cloneDeep(this.settings[key]);
-    let finalValue = stringValue;
+    let newValue = stringValue;
 
     if (typeof settingType.type === "string" && settingType.type.includes("/crypt")) {
-      finalValue = CodingHelper.encrypt(APPLICATION_SECRET, stringValue);
+      newValue = CodingHelper.encrypt(APPLICATION_SECRET, stringValue);
     }
 
     this.settings[key] = stringValue;
@@ -94,10 +99,9 @@ export default abstract class SettingHelper {
     await SettingCommandHandler.create({
       topic,
       key: settingKey,
-      value: finalValue,
+      value: newValue,
     });
 
-    const newValue = this.getSetting(key);
     this.notifyListeners(key, newValue, oldValue);
   }
 

src/routes/invite.ts

@@ -8,8 +8,12 @@ router.post("/verify", ParamaterPassCheckHelper.requiredIncludedMiddleware(["mai
   await verifyInvite(req, res);
 });
 
-router.put("/", ParamaterPassCheckHelper.requiredIncludedMiddleware(["mail", "token", "totp"]), async (req, res) => {
+router.put(
-  await finishInvite(req, res);
+  "/",
-});
+  ParamaterPassCheckHelper.requiredIncludedMiddleware(["mail", "token", "secret", "routine "]),
+  async (req, res) => {
+    await finishInvite(req, res);
+  }
+);
 
 export default router;

src/routes/reset.ts

@@ -12,8 +12,12 @@ router.post("/", ParamaterPassCheckHelper.requiredIncludedMiddleware(["username"
   await startReset(req, res);
 });
 
-router.put("/", ParamaterPassCheckHelper.requiredIncludedMiddleware(["mail", "token", "totp"]), async (req, res) => {
+router.put(
-  await finishReset(req, res);
+  "/",
-});
+  ParamaterPassCheckHelper.requiredIncludedMiddleware(["mail", "token", "secret", "routine"]),
+  async (req, res) => {
+    await finishReset(req, res);
+  }
+);
 
 export default router;