SudoSOS Back-end API / internal/services / AuthenticationService
Class: AuthenticationService ​
The authentication service is responsible for verifying user authentications and handing out json web tokens.
Extends ​
Constructors ​
Constructor ​
new AuthenticationService(manager?): AuthenticationService;Parameters ​
| Parameter | Type |
|---|---|
manager? | EntityManager |
Returns ​
AuthenticationService
Inherited from ​
Properties ​
| Property | Modifier | Type | Inherited from |
|---|---|---|---|
manager | protected | EntityManager | WithManager.manager |
Methods ​
compareHash() ​
compareHash(password, hash): Promise<boolean>;Parameters ​
| Parameter | Type |
|---|---|
password | string |
hash | string |
Returns ​
Promise<boolean>
createResetToken() ​
createResetToken(user): Promise<ResetTokenInfo>;Creates a ResetToken for the given user.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
user | User | - |
Returns ​
Promise<ResetTokenInfo>
createUserAndBind() ​
createUserAndBind(ADUser): Promise<User>;Creates a new User and binds it to the ObjectGUID of the provided LDAPUser. Function is ran in a single DB transaction in the context of an EntityManager
Parameters ​
| Parameter | Type | Description |
|---|---|---|
ADUser | LDAPUser | The user for which to create a new account. |
Returns ​
Promise<User>
getMemberAuthenticators() ​
getMemberAuthenticators(user): Promise<User[]>;Get a list of all organs this user is a member of.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
user | User | - |
Returns ​
Promise<User[]>
getSaltedToken() ​
getSaltedToken(params): Promise<AuthenticationResult>;Created a salted JWT token for the given userId.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
params | { context: AuthenticationContext; expiry?: number; posId?: number; salt?: string; user: User; } | - |
params.context | AuthenticationContext | Authentication context with role manager and token handler |
params.expiry? | number | Custom expiry time (in seconds). If not set, the default tokenHandler expiry will be used |
params.posId? | number | Optional POS identifier. If provided, creates a lesser token (restricted access). |
params.salt? | string | Optional salt for token generation. If not provided, a new salt will be generated. |
params.user | User | The user for which to generate the token |
Returns ​
Promise<AuthenticationResult>
HashAuthentication() ​
HashAuthentication<T>(
pass,
authenticator,
context,
posId?): Promise<AuthenticationResult>;Authenticates the account against a local password
Type Parameters ​
| Type Parameter |
|---|
T extends HashBasedAuthenticationMethod |
Parameters ​
| Parameter | Type | Description |
|---|---|---|
pass | string | The provided password |
authenticator | T | The stored authentication |
context | AuthenticationContext | AuthenticationContext to use |
posId? | number | Optional POS identifier. If provided, creates a lesser token (restricted access). |
Returns ​
Promise<AuthenticationResult>
hashPassword() ​
hashPassword(password): Promise<string>;Helper function hashes the given string with salt.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
password | string | password to hash |
Returns ​
Promise<string>
hashPinPassword() ​
hashPinPassword(pin): Promise<string>;Helper function hashes a PIN with fewer rounds for better performance.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
pin | string | PIN code to hash |
Returns ​
Promise<string>
isResetTokenRequestValid() ​
isResetTokenRequestValid(request): Promise<ResetToken>;Function that checks if the provided request corresponds to a valid reset token in the DB.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
request | AuthenticationResetTokenRequest | - |
Returns ​
Promise<ResetToken>
LDAPAuthentication() ​
LDAPAuthentication(
uid,
password,
onNewUser): Promise<User>;Authenticates the account against the AD
Parameters ​
| Parameter | Type | Description |
|---|---|---|
uid | string | The AD account name. |
password | string | The password user for authentication. |
onNewUser | (ADUser) => Promise<User> | Callback function when user does not exist in local system. |
Returns ​
Promise<User>
makeJsonWebToken() ​
makeJsonWebToken(
user,
roles,
organs,
overrideMaintenance,
posId?): Promise<JsonWebToken>;Creates the corresponding token-content of the given user in the given context.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
user | User | The user for which to generate the token-content |
roles | Role[] | The roles this user has |
organs | User[] | The organs this user belongs to |
overrideMaintenance | boolean | If the token should be able to access all endpoints in maintenance mode |
posId? | number | Optional POS identifier. If provided, creates a lesser token (restricted access). |
Returns ​
Promise<JsonWebToken>
resetLocalUsingToken() ​
resetLocalUsingToken(
resetToken,
token,
newPassword): Promise<LocalAuthenticator>;Resets the user local authenticator if token matches stored hash
Parameters ​
| Parameter | Type | Description |
|---|---|---|
resetToken | ResetToken | The stored reset token |
token | string | Passcode of the reset token |
newPassword | string | New password to set for the authentication |
Returns ​
Promise<LocalAuthenticator>
setMemberAuthenticator() ​
setMemberAuthenticator(users, organ): Promise<void>;Gives the array of users membership to the organ. Used for shared accounts. Note that this replaces the existing memberships for this organ.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
users | User[] | The users that gain membership. |
organ | User | The organ account that the users become members of. |
Returns ​
Promise<void>
setUserAuthenticationHash() ​
setUserAuthenticationHash<T>(
user,
pass,
Type): Promise<T>;Generic function that sets a hash authentication of a user. If the user has no Authentication set it will create the authentication.
Type Parameters ​
| Type Parameter |
|---|
T extends HashBasedAuthenticationMethod |
Parameters ​
| Parameter | Type | Description |
|---|---|---|
user | User | The user for which to set the authentication |
pass | string | Code to set |
Type | () => T | - |
Returns ​
Promise<T>
setUserAuthenticationNfc() ​
setUserAuthenticationNfc<T>(
user,
nfcCode,
Type): Promise<T>;Type Parameters ​
| Type Parameter |
|---|
T extends NfcAuthenticator |
Parameters ​
| Parameter | Type |
|---|---|
user | User |
nfcCode | string |
Type | () => T |
Returns ​
Promise<T>
asAuthenticationResponse() ​
static asAuthenticationResponse(
user,
roles,
organs,
token): AuthenticationResponse;Converts the internal object representation to an authentication response, which can be returned in the API response.
Parameters ​
| Parameter | Type | Description |
|---|---|---|
user | User | The user that authenticated. |
roles | Role[] | The roles that the authenticated user has. |
organs | User[] | The organs that the user is part of. |
token | string | The JWT token that can be used to authenticate. |
Returns ​
The authentication response.
isTokenExpired() ​
static isTokenExpired(resetToken): boolean;Parameters ​
| Parameter | Type |
|---|---|
resetToken | ResetToken |
Returns ​
boolean