feat: ask for updated password on first login

2025-12-10 19:34:34 +00:00 · 2022-11-22 19:58:17 +05:00
parent 68758aa616
commit 1d48f8856b
16 changed files with 185 additions and 11 deletions
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -534,6 +534,27 @@ components:
                - setting
            type: object
            additionalProperties: false
+        SessionResponse:
+            properties:
+                id:
+                    type: number
+                    format: double
+                username:
+                    type: string
+                displayName:
+                    type: string
+                isAdmin:
+                    type: boolean
+                needsToUpdatePassword:
+                    type: boolean
+            required:
+                - id
+                - username
+                - displayName
+                - isAdmin
+                - needsToUpdatePassword
+            type: object
+            additionalProperties: false
        ExecutePostRequestPayload:
            properties:
                _program:
@@ -1724,7 +1745,7 @@ paths:
                    content:
                        application/json:
                            schema:
-                                $ref: '#/components/schemas/UserResponse'
+                                $ref: '#/components/schemas/SessionResponse'
                            examples:
                                'Example 1':
                                    value: {id: 123, username: johnusername, displayName: John, isAdmin: false}
@@ -1821,7 +1842,7 @@ paths:
                        application/json:
                            schema:
                                properties:
-                                    user: {properties: {isAdmin: {type: boolean}, displayName: {type: string}, username: {type: string}, id: {type: number, format: double}}, required: [isAdmin, displayName, username, id], type: object}
+                                    user: {properties: {needsToUpdatePassword: {type: boolean}, isAdmin: {type: boolean}, displayName: {type: string}, username: {type: string}, id: {type: number, format: double}}, required: [needsToUpdatePassword, isAdmin, displayName, username, id], type: object}
                                    loggedIn: {type: boolean}
                                required:
                                    - user
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -183,6 +183,7 @@ const updatePassword = async (
    }

  dbUser.password = User.hashPassword(newPassword)
+  dbUser.needsToUpdatePassword = false
  await dbUser.save()
 }

--- a/api/src/controllers/authConfig.ts
+++ b/api/src/controllers/authConfig.ts
@@ -74,7 +74,8 @@ const synchroniseWithLDAP = async () => {
      displayName: user.displayName,
      username: user.username,
      password: hashPassword,
-      authProvider: AuthProviderType.LDAP
+      authProvider: AuthProviderType.LDAP,
+      needsToUpdatePassword: false
    })

    importedUsers.push(user)
--- a/api/src/controllers/session.ts
+++ b/api/src/controllers/session.ts
@@ -2,6 +2,10 @@ import express from 'express'
 import { Request, Security, Route, Tags, Example, Get } from 'tsoa'
 import { UserResponse } from './user'

+interface SessionResponse extends UserResponse {
+  needsToUpdatePassword: boolean
+}
+
@Security('bearerAuth')
@Route('SASjsApi/session')
@Tags('Session')
@@ -19,7 +23,7 @@ export class SessionController {
  @Get('/')
  public async session(
    @Request() request: express.Request
-  ): Promise<UserResponse> {
+  ): Promise<SessionResponse> {
    return session(request)
  }
 }
@@ -28,5 +32,6 @@ const session = (req: express.Request) => ({
  id: req.user!.userId,
  username: req.user!.username,
  displayName: req.user!.displayName,
-  isAdmin: req.user!.isAdmin
+  isAdmin: req.user!.isAdmin,
+  needsToUpdatePassword: req.user!.needsToUpdatePassword
 })
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -104,7 +104,8 @@ const login = async (
    displayName: user.displayName,
    isAdmin: user.isAdmin,
    isActive: user.isActive,
-    autoExec: user.autoExec
+    autoExec: user.autoExec,
+    needsToUpdatePassword: user.needsToUpdatePassword
  }

  return {
@@ -113,7 +114,8 @@ const login = async (
      id: user.id,
      username: user.username,
      displayName: user.displayName,
-      isAdmin: user.isAdmin
+      isAdmin: user.isAdmin,
+      needsToUpdatePassword: user.needsToUpdatePassword
    }
  }
 }
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -81,7 +81,8 @@ const authenticateToken = async (
      username: 'desktopModeUsername',
      displayName: 'desktopModeDisplayName',
      isAdmin: true,
-      isActive: true
+      isActive: true,
+      needsToUpdatePassword: false
    }
    req.accessToken = 'desktopModeAccessToken'
    return next()
--- a/api/src/middlewares/desktop.ts
+++ b/api/src/middlewares/desktop.ts
@@ -33,5 +33,6 @@ export const desktopUser: RequestUser = {
  username: userInfo().username,
  displayName: userInfo().username,
  isAdmin: true,
-  isActive: true
+  isActive: true,
+  needsToUpdatePassword: false
 }
--- a/api/src/model/User.ts
+++ b/api/src/model/User.ts
@@ -40,6 +40,7 @@ interface IUserDocument extends UserPayload, Document {
  id: number
  isAdmin: boolean
  isActive: boolean
+  needsToUpdatePassword: boolean
  autoExec: string
  groups: Schema.Types.ObjectId[]
  tokens: [{ [key: string]: string }]
@@ -81,6 +82,10 @@ const userSchema = new Schema<IUserDocument>({
    type: Boolean,
    default: true
  },
+  needsToUpdatePassword: {
+    type: Boolean,
+    default: true
+  },
  autoExec: {
    type: String
  },
--- a/api/src/types/RequestUser.ts
+++ b/api/src/types/RequestUser.ts
@@ -5,5 +5,6 @@ export interface RequestUser {
  displayName: string
  isAdmin: boolean
  isActive: boolean
+  needsToUpdatePassword: boolean
  autoExec?: string
 }
--- a/api/src/utils/isPublicRoute.ts
+++ b/api/src/utils/isPublicRoute.ts
@@ -27,5 +27,6 @@ export const publicUser: RequestUser = {
  username: 'publicUser',
  displayName: 'Public User',
  isAdmin: false,
-  isActive: true
+  isActive: true,
+  needsToUpdatePassword: false
 }
--- a/api/src/utils/verifyTokenInDB.ts
+++ b/api/src/utils/verifyTokenInDB.ts
@@ -15,6 +15,7 @@ export const fetchLatestAutoExec = async (
    displayName: dbUser.displayName,
    isAdmin: dbUser.isAdmin,
    isActive: dbUser.isActive,
+    needsToUpdatePassword: dbUser.needsToUpdatePassword,
    autoExec: dbUser.autoExec
  }
 }
@@ -41,6 +42,7 @@ export const verifyTokenInDB = async (
        displayName: dbUser.displayName,
        isAdmin: dbUser.isAdmin,
        isActive: dbUser.isActive,
+        needsToUpdatePassword: dbUser.needsToUpdatePassword,
        autoExec: dbUser.autoExec
      }
    : undefined