feat: ask for updated password on first login

api/src/controllers/auth.ts

@@ -183,6 +183,7 @@ const updatePassword = async (
     }
 
   dbUser.password = User.hashPassword(newPassword)
+  dbUser.needsToUpdatePassword = false
   await dbUser.save()
 }
 

api/src/controllers/authConfig.ts

@@ -74,7 +74,8 @@ const synchroniseWithLDAP = async () => {
       displayName: user.displayName,
       username: user.username,
       password: hashPassword,
-      authProvider: AuthProviderType.LDAP
+      authProvider: AuthProviderType.LDAP,
+      needsToUpdatePassword: false
     })
 
     importedUsers.push(user)

api/src/controllers/session.ts

@@ -2,6 +2,10 @@ import express from 'express'
 import { Request, Security, Route, Tags, Example, Get } from 'tsoa'
 import { UserResponse } from './user'
 
+interface SessionResponse extends UserResponse {
+  needsToUpdatePassword: boolean
+}
+
 @Security('bearerAuth')
 @Route('SASjsApi/session')
 @Tags('Session')
@@ -19,7 +23,7 @@ export class SessionController {
   @Get('/')
   public async session(
     @Request() request: express.Request
-  ): Promise<UserResponse> {
+  ): Promise<SessionResponse> {
     return session(request)
   }
 }
@@ -28,5 +32,6 @@ const session = (req: express.Request) => ({
   id: req.user!.userId,
   username: req.user!.username,
   displayName: req.user!.displayName,
-  isAdmin: req.user!.isAdmin
+  isAdmin: req.user!.isAdmin,
+  needsToUpdatePassword: req.user!.needsToUpdatePassword
 })

api/src/controllers/web.ts

@@ -104,7 +104,8 @@ const login = async (
     displayName: user.displayName,
     isAdmin: user.isAdmin,
     isActive: user.isActive,
-    autoExec: user.autoExec
+    autoExec: user.autoExec,
+    needsToUpdatePassword: user.needsToUpdatePassword
   }
 
   return {
@@ -113,7 +114,8 @@ const login = async (
       id: user.id,
       username: user.username,
       displayName: user.displayName,
-      isAdmin: user.isAdmin
+      isAdmin: user.isAdmin,
+      needsToUpdatePassword: user.needsToUpdatePassword
     }
   }
 }

api/src/middlewares/authenticateToken.ts

@@ -81,7 +81,8 @@ const authenticateToken = async (
       username: 'desktopModeUsername',
       displayName: 'desktopModeDisplayName',
       isAdmin: true,
-      isActive: true
+      isActive: true,
+      needsToUpdatePassword: false
     }
     req.accessToken = 'desktopModeAccessToken'
     return next()

api/src/middlewares/desktop.ts

@@ -33,5 +33,6 @@ export const desktopUser: RequestUser = {
   username: userInfo().username,
   displayName: userInfo().username,
   isAdmin: true,
-  isActive: true
+  isActive: true,
+  needsToUpdatePassword: false
 }

api/src/model/User.ts

@@ -40,6 +40,7 @@ interface IUserDocument extends UserPayload, Document {
   id: number
   isAdmin: boolean
   isActive: boolean
+  needsToUpdatePassword: boolean
   autoExec: string
   groups: Schema.Types.ObjectId[]
   tokens: [{ [key: string]: string }]
@@ -81,6 +82,10 @@ const userSchema = new Schema<IUserDocument>({
     type: Boolean,
     default: true
   },
+  needsToUpdatePassword: {
+    type: Boolean,
+    default: true
+  },
   autoExec: {
     type: String
   },

api/src/types/RequestUser.ts

@@ -5,5 +5,6 @@ export interface RequestUser {
   displayName: string
   isAdmin: boolean
   isActive: boolean
+  needsToUpdatePassword: boolean
   autoExec?: string
 }

api/src/utils/isPublicRoute.ts

@@ -27,5 +27,6 @@ export const publicUser: RequestUser = {
   username: 'publicUser',
   displayName: 'Public User',
   isAdmin: false,
-  isActive: true
+  isActive: true,
+  needsToUpdatePassword: false
 }

api/src/utils/verifyTokenInDB.ts

@@ -15,6 +15,7 @@ export const fetchLatestAutoExec = async (
     displayName: dbUser.displayName,
     isAdmin: dbUser.isAdmin,
     isActive: dbUser.isActive,
+    needsToUpdatePassword: dbUser.needsToUpdatePassword,
     autoExec: dbUser.autoExec
   }
 }
@@ -41,6 +42,7 @@ export const verifyTokenInDB = async (
         displayName: dbUser.displayName,
         isAdmin: dbUser.isAdmin,
         isActive: dbUser.isActive,
+        needsToUpdatePassword: dbUser.needsToUpdatePassword,
         autoExec: dbUser.autoExec
       }
     : undefined