enigma-bbs/core/oputil/oputil_user.js

/* jslint node: true */
/* eslint-disable no-console */
'use strict';

const {
    printUsageAndSetExitCode,
    getAnswers,
    ExitCodes,
    argv,
    initConfigAndDatabases
}                               = require('./oputil_common.js');
const getHelpFor				= require('./oputil_help.js').getHelpFor;
const Errors					= require('../enig_error.js').Errors;
const UserProps                 = require('../user_property.js');

const async						= require('async');
const _							= require('lodash');
const moment                    = require('moment');
const fs                        = require('fs-extra');

exports.handleUserCommand		= handleUserCommand;

function initAndGetUser(userName, cb) {
    async.waterfall(
        [
            function init(callback) {
                initConfigAndDatabases(callback);
            },
            function getUserObject(callback) {
                const User = require('../../core/user.js');
                User.getUserIdAndName(userName, (err, userId) => {
                    if(err) {
                        return callback(err);
                    }
                    return User.getUser(userId, callback);
                });
            }
        ],
        (err, user) => {
            return cb(err, user);
        }
    );
}

function setAccountStatus(user, status) {
    if(argv._.length < 3) {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    const AccountStatus = require('../../core/user.js').AccountStatus;

    status = {
        activate    : AccountStatus.active,
        deactivate  : AccountStatus.inactive,
        disable     : AccountStatus.disabled,
        lock        : AccountStatus.locked,
    }[status];

    const statusDesc = _.invert(AccountStatus)[status];

    async.series(
        [
            (callback) => {
                return user.persistProperty(UserProps.AccountStatus, status, callback);
            },
            (callback) => {
                if(AccountStatus.active !== status) {
                    return callback(null);
                }

                return user.unlockAccount(callback);
            }
        ],
        err => {
            if(err) {
                process.exitCode = ExitCodes.ERROR;
                console.error(err.message);
            } else {
                console.info(`User status set to ${statusDesc}`);
            }
        }
    );
}

function setUserPassword(user) {
    if(argv._.length < 4) {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    async.waterfall(
        [
            function validate(callback) {
                //	:TODO: prompt if no password provided (more secure, no history, etc.)
                const password = argv._[argv._.length - 1];
                if(0 === password.length) {
                    return callback(Errors.Invalid('Invalid password'));
                }
                return callback(null, password);
            },
            function set(password, callback) {
                user.setNewAuthCredentials(password, err => {
                    if(err) {
                        process.exitCode = ExitCodes.BAD_ARGS;
                    }
                    return callback(err);
                });
            }
        ],
        err => {
            if(err) {
                console.error(err.message);
            } else {
                console.info('New password set');
            }
        }
    );
}

function removeUserRecordsFromDbAndTable(dbName, tableName, userId, col, cb) {
    const db = require('../../core/database.js').dbs[dbName];
    db.run(
        `DELETE FROM ${tableName}
        WHERE ${col} = ?;`,
        [ userId ],
        err => {
            return cb(err);
        }
    );
}

function removeUser(user) {
    async.series(
        [
            (callback) => {
                if(user.isRoot()) {
                    return callback(Errors.Invalid('Cannot delete root/SysOp user!'));
                }

                return callback(null);
            },
            (callback) => {
                if(false === argv.prompt) {
                    return callback(null);
                }

                console.info('About to permanently delete the following user:');
                console.info(`Username : ${user.username}`);
                console.info(`Real name: ${user.properties[UserProps.RealName] || 'N/A'}`);
                console.info(`User ID  : ${user.userId}`);
                console.info('WARNING: This cannot be undone!');
                getAnswers([
                    {
                        name    : 'proceed',
                        message : `Proceed in deleting ${user.username}?`,
                        type    : 'confirm',
                    }
                ],
                answers => {
                    if(answers.proceed) {
                        return callback(null);
                    }
                    return callback(Errors.General('User canceled'));
                });
            },
            (callback) => {
                //  op has confirmed they are wanting ready to proceed (or passed --no-prompt)
                const DeleteFrom = {
                    message : [ 'user_message_area_last_read' ],
                    system  : [ 'user_event_log', ],
                    user    : [ 'user_group_member', 'user' ],
                };

                async.eachSeries(Object.keys(DeleteFrom), (dbName, nextDbName) => {
                    const tables = DeleteFrom[dbName];
                    async.eachSeries(tables, (tableName, nextTableName) => {
                        const col = ('user' === dbName && 'user' === tableName) ? 'id' : 'user_id';
                        removeUserRecordsFromDbAndTable(dbName, tableName, user.userId, col, err => {
                            return nextTableName(err);
                        });
                    },
                    err => {
                        return nextDbName(err);
                    });
                },
                err => {
                    return callback(err);
                });
            },
            (callback) => {
                //
                //  Clean up *private* messages *to* this user
                //
                const Message   = require('../../core/message.js');
                const MsgDb     = require('../../core/database.js').dbs.message;

                const filter = {
                    resultType          : 'id',
                    privateTagUserId    : user.userId,
                };
                Message.findMessages(filter, (err, ids) => {
                    if(err) {
                        return callback(err);
                    }

                    async.eachSeries(ids, (messageId, nextMessageId) => {
                        MsgDb.run(
                            `DELETE FROM message
                            WHERE message_id = ?;`,
                            [ messageId ],
                            err => {
                                return nextMessageId(err);
                            }
                        );
                    },
                    err => {
                        return callback(err);
                    });
                });
            }
        ],
        err => {
            if(err) {
                return console.error(err.reason ? err.reason : err.message);
            }

            console.info('User has been deleted.');
        }
    );
}

function renameUser(user) {
    if(argv._.length < 3) {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    const newUserName = argv._[argv._.length - 1];

    async.series(
        [
            (callback) => {
                const { validateUserNameAvail } = require('../../core/system_view_validate.js');
                return validateUserNameAvail(newUserName, callback);
            },
            (callback) => {
                const userDb = require('../../core/database.js').dbs.user;
                userDb.run(
                    `UPDATE user
                    SET user_name = ?
                    WHERE id = ?;`,
                    [ newUserName, user.userId, ],
                    err => {
                        return callback(err);
                    }
                );
            }
        ],
        err => {
            if(err) {
                return console.error(err.reason ? err.reason : err.message);
            }
            return console.info(`User "${user.username}" renamed to "${newUserName}"`);
        }
    );
}

function modUserGroups(user) {
    if(argv._.length < 3) {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    let groupName = argv._[argv._.length - 1].toString().replace(/["']/g, '');	//	remove any quotes - necessary to allow "-foo"
    let action = groupName[0];	//	+ or -

    if('-' === action || '+' === action) {
        groupName = groupName.substr(1);
    }

    action = action || '+';

    if(0 === groupName.length) {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    //
    //	Groups are currently arbritary, so do a slight validation
    //
    if(!/[A-Za-z0-9]+/.test(groupName)) {
        process.exitCode = ExitCodes.BAD_ARGS;
        return console.error('Bad group name');
    }

    function done(err) {
        if(err) {
            process.exitCode = ExitCodes.BAD_ARGS;
            console.error(err.message);
        } else {
            console.info('User groups modified');
        }
    }

    const UserGroup = require('../../core/user_group.js');
    if('-' === action) {
        UserGroup.removeUserFromGroup(user.userId, groupName, done);
    } else {
        UserGroup.addUserToGroup(user.userId, groupName, done);
    }
}

function showUserInfo(user) {

    const User = require('../../core/user.js');

    const statusDesc = () => {
        const status = user.properties[UserProps.AccountStatus];
        return _.invert(User.AccountStatus)[status] || 'unknown';
    };

    const created = () => {
        const ac = user.properties[UserProps.AccountCreated];
        return ac ? moment(ac).format() : 'N/A';
    };

    const lastLogin = () => {
        const ll = user.properties[UserProps.LastLoginTs];
        return ll ? moment(ll).format() : 'N/A';
    };

    const propOrNA = p => {
        return user.properties[p] || 'N/A';
    };

    const stdInfo = `User information:
Username     : ${user.username}${user.isRoot() ? ' (root/SysOp)' : ''}
Real name    : ${propOrNA(UserProps.RealName)}
ID           : ${user.userId}
Status       : ${statusDesc()}
Groups       : ${user.groups.join(', ')}
Created      : ${created()}
Last login   : ${lastLogin()}
Login count  : ${propOrNA(UserProps.LoginCount)}
Email        : ${propOrNA(UserProps.EmailAddress)}
Location     : ${propOrNA(UserProps.Location)}
Affiliations : ${propOrNA(UserProps.Affiliations)}`;
    let secInfo = '';
    if(argv.security) {
        const otp = user.getProperty(UserProps.AuthFactor2OTP);
        if(otp) {
            const backupCodesOrNa = () => {
                try
                {
                    return JSON.parse(user.getProperty(UserProps.AuthFactor2OTPBackupCodes)).join(', ');
                } catch(e) {
                    return 'N/A';
                }
            };
            secInfo = `\n2FA OTP      : ${otp}
OTP secret   : ${user.getProperty(UserProps.AuthFactor2OTPSecret) || 'N/A'}
OTP Backup   : ${backupCodesOrNa()}`;
        }
    }

    console.info(`${stdInfo}${secInfo}`);
}

function twoFactorAuthOTP(user) {
    if(argv._.length < 4) {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    const {
        OTPTypes,
        prepareOTP,
        createBackupCodes,
    } = require('../../core/user_2fa_otp.js');

    let otpType = argv._[argv._.length - 1];

    //  shortcut for removal
    if('disable' === otpType) {
        const props = [
            UserProps.AuthFactor2OTP,
            UserProps.AuthFactor2OTPSecret,
            UserProps.AuthFactor2OTPBackupCodes,
        ];
        return user.removeProperties(props, err => {
            if(err) {
                console.error(err.message);
            } else {
                console.info(`2FA OTP disabled for ${user.username}`);
            }
        });
    }

    async.waterfall(
        [
            function validate(callback) {
                //  :TODO: Prompt for if not supplied
                //  allow aliases for OTP types
                otpType = {
                    google  : OTPTypes.GoogleAuthenticator,
                    hotp    : OTPTypes.RFC4266_HOTP,
                    totp    : OTPTypes.RFC6238_TOTP,
                }[otpType] || otpType;
                otpType = _.find(OTPTypes, t => {
                    return t.toLowerCase() === otpType.toLowerCase();
                });
                if(!otpType) {
                    return callback(Errors.Invalid('Invalid OTP type'));
                }
                return callback(null, otpType);
            },
            function prepare(otpType, callback) {
                const otpOpts = {
                    username    : user.username,
                    qrType      : argv['qr-type'] || 'ascii',
                };
                prepareOTP(otpType, otpOpts, (err, otpInfo) => {
                    return callback(err, Object.assign(otpInfo, { otpType, backupCodes : createBackupCodes() }));
                });
            },
            function storeOrDisplayQR(otpInfo, callback) {
                if(!argv.out || !otpInfo.qr) {
                    return callback(null, otpInfo);
                }

                fs.writeFile(argv.out, otpInfo.qr, 'utf8', err => {
                    return callback(err, otpInfo);
                });
            },
            function persist(otpInfo, callback) {
                const props = {
                    [ UserProps.AuthFactor2OTP ]            : otpInfo.otpType,
                    [ UserProps.AuthFactor2OTPSecret ]      : otpInfo.secret,
                    [ UserProps.AuthFactor2OTPBackupCodes ] : JSON.stringify(otpInfo.backupCodes),
                };
                user.persistProperties(props, err => {
                    return callback(err, otpInfo);
                });
            }
        ],
        (err, otpInfo) => {
            if(err) {
                console.error(err.message);
            } else {
                console.info(`OTP enabled for  : ${user.username}`);
                console.info(`Secret           : ${otpInfo.secret}`);
                console.info(`Backup codes     : ${otpInfo.backupCodes.join(', ')}`);

                if(otpInfo.qr) {
                    if(!argv.out) {
                        console.info('--- Begin QR ---');
                        console.info(otpInfo.qr);
                        console.info('--- End QR ---');
                    } else {
                        console.info(`QR code saved to ${argv.out}`);
                    }
                }
            }
        }
    );
}

function listUsers() {
    //  oputil user list [disabled|inactive|active|locked|all]
    //  :TODO: --created-since SPEC and --last-called SPEC
    //  --created-since SPEC
    //  SPEC can be TIMESTAMP or e.g. "-1hour" or "-90days"
    //  :TODO: --sort name|id
    let listWhat;
    if (argv._.length > 2) {
        listWhat = argv._[argv._.length - 1];
    } else {
        listWhat = 'all';
    }

    const User = require('../../core/user');
    if (![ 'all' ].concat(Object.keys(User.AccountStatus)).includes(listWhat)) {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    async.waterfall(
        [
            (callback) => {
                const UserProps = require('../../core/user_property');

                const userListOpts = {
                    properties : [
                        UserProps.AccountStatus,
                    ],
                };

                User.getUserList(userListOpts, (err, userList) => {
                    if (err) {
                        return callback(err);
                    }

                    if ('all' === listWhat) {
                        return callback(null, userList);
                    }

                    const accountStatusFilter = User.AccountStatus[listWhat].toString();

                    return callback(null, userList.filter(user => {
                        return user[UserProps.AccountStatus] === accountStatusFilter;
                    }));
                });
            },
            (userList, callback) => {
                userList.forEach(user => {

                    console.info(`${user.userId}: ${user.userName}`);
                });
            },
        ],
        err => {
            if(err) {
                return console.error(err.reason ? err.reason : err.message);
            }
        }
    );
}

function handleUserCommand() {
    function errUsage()  {
        return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
    }

    if(true === argv.help) {
        return errUsage();
    }

    const action = argv._[1];
    const userRequired = ![ 'list' ].includes(action);

    let userName;
    if (userRequired) {
        const usernameIdx = [
            'pw', 'pass', 'passwd', 'password',
            'group',
            'mv', 'rename',
            '2fa-otp', 'otp'
        ].includes(action) ? argv._.length - 2 : argv._.length - 1;
        userName = argv._[usernameIdx];
    }

    if(!userName && userRequired) {
        return errUsage();
    }

    initAndGetUser(userName, (err, user) => {
        if(userName && err) {
            process.exitCode = ExitCodes.ERROR;
            return console.error(err.message);
        }

        return ({
            pw          : setUserPassword,
            passwd		: setUserPassword,
            password	: setUserPassword,

            rm			: removeUser,
            remove		: removeUser,
            del			: removeUser,
            delete		: removeUser,

            mv          : renameUser,
            rename      : renameUser,

            activate	: setAccountStatus,
            deactivate	: setAccountStatus,
            disable		: setAccountStatus,
            lock        : setAccountStatus,

            group		: modUserGroups,

            info        : showUserInfo,

            '2fa-otp'   : twoFactorAuthOTP,
            otp         : twoFactorAuthOTP,
            list        : listUsers,
        }[action] || errUsage)(user, action);
    });
}