638 lines
20 KiB
JavaScript
638 lines
20 KiB
JavaScript
/* jslint node: true */
|
|
/* eslint-disable no-console */
|
|
'use strict';
|
|
|
|
const {
|
|
printUsageAndSetExitCode,
|
|
getAnswers,
|
|
ExitCodes,
|
|
argv,
|
|
initConfigAndDatabases,
|
|
} = require('./oputil_common.js');
|
|
const getHelpFor = require('./oputil_help.js').getHelpFor;
|
|
const Errors = require('../enig_error.js').Errors;
|
|
const UserProps = require('../user_property.js');
|
|
|
|
const async = require('async');
|
|
const _ = require('lodash');
|
|
const moment = require('moment');
|
|
const fs = require('fs-extra');
|
|
|
|
exports.handleUserCommand = handleUserCommand;
|
|
|
|
function initAndGetUser(userName, cb) {
|
|
async.waterfall(
|
|
[
|
|
function init(callback) {
|
|
initConfigAndDatabases(callback);
|
|
},
|
|
function getUserObject(callback) {
|
|
const User = require('../../core/user.js');
|
|
User.getUserIdAndName(userName, (err, userId) => {
|
|
if (err) {
|
|
// try user ID if number was supplied
|
|
if (_.isNumber(userName)) {
|
|
return User.getUser(parseInt(userName), callback);
|
|
}
|
|
return callback(err);
|
|
}
|
|
return User.getUser(userId, callback);
|
|
});
|
|
},
|
|
],
|
|
(err, user) => {
|
|
return cb(err, user);
|
|
}
|
|
);
|
|
}
|
|
|
|
function setAccountStatus(user, status) {
|
|
if (argv._.length < 3) {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
const AccountStatus = require('../../core/user.js').AccountStatus;
|
|
|
|
status = {
|
|
activate: AccountStatus.active,
|
|
deactivate: AccountStatus.inactive,
|
|
disable: AccountStatus.disabled,
|
|
lock: AccountStatus.locked,
|
|
}[status];
|
|
|
|
const statusDesc = _.invert(AccountStatus)[status];
|
|
|
|
async.series(
|
|
[
|
|
callback => {
|
|
return user.persistProperty(UserProps.AccountStatus, status, callback);
|
|
},
|
|
callback => {
|
|
if (AccountStatus.active !== status) {
|
|
return callback(null);
|
|
}
|
|
|
|
return user.unlockAccount(callback);
|
|
},
|
|
],
|
|
err => {
|
|
if (err) {
|
|
process.exitCode = ExitCodes.ERROR;
|
|
console.error(err.message);
|
|
} else {
|
|
console.info(`User status set to ${statusDesc}`);
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
function setUserPassword(user) {
|
|
if (argv._.length < 4) {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
async.waterfall(
|
|
[
|
|
function validate(callback) {
|
|
// :TODO: prompt if no password provided (more secure, no history, etc.)
|
|
const password = argv._[argv._.length - 1];
|
|
if (0 === password.length) {
|
|
return callback(Errors.Invalid('Invalid password'));
|
|
}
|
|
return callback(null, password);
|
|
},
|
|
function set(password, callback) {
|
|
user.setNewAuthCredentials(password, err => {
|
|
if (err) {
|
|
process.exitCode = ExitCodes.BAD_ARGS;
|
|
}
|
|
return callback(err);
|
|
});
|
|
},
|
|
],
|
|
err => {
|
|
if (err) {
|
|
console.error(err.message);
|
|
} else {
|
|
console.info('New password set');
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
function removeUserRecordsFromDbAndTable(dbName, tableName, userId, col, cb) {
|
|
const db = require('../../core/database.js').dbs[dbName];
|
|
db.run(
|
|
`DELETE FROM ${tableName}
|
|
WHERE ${col} = ?;`,
|
|
[userId],
|
|
err => {
|
|
return cb(err);
|
|
}
|
|
);
|
|
}
|
|
|
|
function removeUser(user) {
|
|
async.series(
|
|
[
|
|
callback => {
|
|
if (user.isRoot()) {
|
|
return callback(Errors.Invalid('Cannot delete root/SysOp user!'));
|
|
}
|
|
|
|
return callback(null);
|
|
},
|
|
callback => {
|
|
if (false === argv.prompt) {
|
|
return callback(null);
|
|
}
|
|
|
|
console.info('About to permanently delete the following user:');
|
|
console.info(`Username : ${user.username}`);
|
|
console.info(
|
|
`Real name: ${user.properties[UserProps.RealName] || 'N/A'}`
|
|
);
|
|
console.info(`User ID : ${user.userId}`);
|
|
console.info('WARNING: This cannot be undone!');
|
|
getAnswers(
|
|
[
|
|
{
|
|
name: 'proceed',
|
|
message: `Proceed in deleting ${user.username}?`,
|
|
type: 'confirm',
|
|
},
|
|
],
|
|
answers => {
|
|
if (answers.proceed) {
|
|
return callback(null);
|
|
}
|
|
return callback(Errors.General('User canceled'));
|
|
}
|
|
);
|
|
},
|
|
callback => {
|
|
// op has confirmed they are wanting ready to proceed (or passed --no-prompt)
|
|
const DeleteFrom = {
|
|
message: ['user_message_area_last_read'],
|
|
system: ['user_event_log'],
|
|
user: ['user_group_member', 'user'],
|
|
file: ['file_user_rating'],
|
|
};
|
|
|
|
async.eachSeries(
|
|
Object.keys(DeleteFrom),
|
|
(dbName, nextDbName) => {
|
|
const tables = DeleteFrom[dbName];
|
|
async.eachSeries(
|
|
tables,
|
|
(tableName, nextTableName) => {
|
|
const col =
|
|
'user' === dbName && 'user' === tableName
|
|
? 'id'
|
|
: 'user_id';
|
|
removeUserRecordsFromDbAndTable(
|
|
dbName,
|
|
tableName,
|
|
user.userId,
|
|
col,
|
|
err => {
|
|
return nextTableName(err);
|
|
}
|
|
);
|
|
},
|
|
err => {
|
|
return nextDbName(err);
|
|
}
|
|
);
|
|
},
|
|
err => {
|
|
return callback(err);
|
|
}
|
|
);
|
|
},
|
|
callback => {
|
|
//
|
|
// Clean up *private* messages *to* this user
|
|
//
|
|
const Message = require('../../core/message.js');
|
|
const MsgDb = require('../../core/database.js').dbs.message;
|
|
|
|
const filter = {
|
|
resultType: 'id',
|
|
privateTagUserId: user.userId,
|
|
};
|
|
Message.findMessages(filter, (err, ids) => {
|
|
if (err) {
|
|
return callback(err);
|
|
}
|
|
|
|
async.eachSeries(
|
|
ids,
|
|
(messageId, nextMessageId) => {
|
|
MsgDb.run(
|
|
`DELETE FROM message
|
|
WHERE message_id = ?;`,
|
|
[messageId],
|
|
err => {
|
|
return nextMessageId(err);
|
|
}
|
|
);
|
|
},
|
|
err => {
|
|
return callback(err);
|
|
}
|
|
);
|
|
});
|
|
},
|
|
],
|
|
err => {
|
|
if (err) {
|
|
return console.error(err.reason ? err.reason : err.message);
|
|
}
|
|
|
|
console.info('User has been deleted.');
|
|
}
|
|
);
|
|
}
|
|
|
|
function renameUser(user) {
|
|
if (argv._.length < 3) {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
const newUserName = argv._[argv._.length - 1];
|
|
|
|
async.series(
|
|
[
|
|
callback => {
|
|
const {
|
|
validateUserNameAvail,
|
|
} = require('../../core/system_view_validate.js');
|
|
return validateUserNameAvail(newUserName, callback);
|
|
},
|
|
callback => {
|
|
const userDb = require('../../core/database.js').dbs.user;
|
|
userDb.run(
|
|
`UPDATE user
|
|
SET user_name = ?
|
|
WHERE id = ?;`,
|
|
[newUserName, user.userId],
|
|
err => {
|
|
return callback(err);
|
|
}
|
|
);
|
|
},
|
|
],
|
|
err => {
|
|
if (err) {
|
|
return console.error(err.reason ? err.reason : err.message);
|
|
}
|
|
return console.info(`User "${user.username}" renamed to "${newUserName}"`);
|
|
}
|
|
);
|
|
}
|
|
|
|
function modUserGroups(user) {
|
|
if (argv._.length < 3) {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
let groupName = argv._[argv._.length - 1].toString().replace(/["']/g, ''); // remove any quotes - necessary to allow "-foo"
|
|
let action = groupName[0]; // + or -
|
|
|
|
if ('-' === action || '+' === action || '~' === action) {
|
|
groupName = groupName.substr(1);
|
|
}
|
|
|
|
action = action || '+';
|
|
|
|
if (0 === groupName.length) {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
//
|
|
// Groups are currently arbitrary, so do a slight validation
|
|
//
|
|
if (!/[A-Za-z0-9]+/.test(groupName)) {
|
|
process.exitCode = ExitCodes.BAD_ARGS;
|
|
return console.error('Bad group name');
|
|
}
|
|
|
|
function done(err) {
|
|
if (err) {
|
|
process.exitCode = ExitCodes.BAD_ARGS;
|
|
console.error(err.message);
|
|
} else {
|
|
console.info('User groups modified');
|
|
}
|
|
}
|
|
|
|
const UserGroup = require('../../core/user_group.js');
|
|
if ('-' === action || '~' === action) {
|
|
UserGroup.removeUserFromGroup(user.userId, groupName, done);
|
|
} else {
|
|
UserGroup.addUserToGroup(user.userId, groupName, done);
|
|
}
|
|
}
|
|
|
|
function showUserInfo(user) {
|
|
const User = require('../../core/user.js');
|
|
|
|
const statusDesc = () => {
|
|
const status = user.properties[UserProps.AccountStatus];
|
|
return _.invert(User.AccountStatus)[status] || 'unknown';
|
|
};
|
|
|
|
const created = () => {
|
|
const ac = user.properties[UserProps.AccountCreated];
|
|
return ac ? moment(ac).format() : 'N/A';
|
|
};
|
|
|
|
const lastLogin = () => {
|
|
const ll = user.properties[UserProps.LastLoginTs];
|
|
return ll ? moment(ll).format() : 'N/A';
|
|
};
|
|
|
|
const propOrNA = p => {
|
|
return user.properties[p] || 'N/A';
|
|
};
|
|
|
|
const currentTheme = () => {
|
|
return user.properties[UserProps.ThemeId];
|
|
};
|
|
|
|
const stdInfo = `User information:
|
|
Username : ${user.username}${user.isRoot() ? ' (root/SysOp)' : ''}
|
|
Real name : ${propOrNA(UserProps.RealName)}
|
|
ID : ${user.userId}
|
|
Status : ${statusDesc()}
|
|
Groups : ${user.groups.join(', ')}
|
|
Theme ID : ${currentTheme()}
|
|
Created : ${created()}
|
|
Last login : ${lastLogin()}
|
|
Login count : ${propOrNA(UserProps.LoginCount)}
|
|
Email : ${propOrNA(UserProps.EmailAddress)}
|
|
Location : ${propOrNA(UserProps.Location)}
|
|
Affiliations : ${propOrNA(UserProps.Affiliations)}`;
|
|
let secInfo = '';
|
|
if (argv.security) {
|
|
const otp = user.getProperty(UserProps.AuthFactor2OTP);
|
|
if (otp) {
|
|
const backupCodesOrNa = () => {
|
|
try {
|
|
return JSON.parse(
|
|
user.getProperty(UserProps.AuthFactor2OTPBackupCodes)
|
|
).join(', ');
|
|
} catch (e) {
|
|
return 'N/A';
|
|
}
|
|
};
|
|
secInfo = `\n2FA OTP : ${otp}
|
|
OTP secret : ${user.getProperty(UserProps.AuthFactor2OTPSecret) || 'N/A'}
|
|
OTP Backup : ${backupCodesOrNa()}`;
|
|
}
|
|
}
|
|
|
|
console.info(`${stdInfo}${secInfo}`);
|
|
}
|
|
|
|
function twoFactorAuthOTP(user) {
|
|
if (argv._.length < 4) {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
const {
|
|
OTPTypes,
|
|
prepareOTP,
|
|
createBackupCodes,
|
|
} = require('../../core/user_2fa_otp.js');
|
|
|
|
let otpType = argv._[argv._.length - 1];
|
|
|
|
// shortcut for removal
|
|
if ('disable' === otpType) {
|
|
const props = [
|
|
UserProps.AuthFactor2OTP,
|
|
UserProps.AuthFactor2OTPSecret,
|
|
UserProps.AuthFactor2OTPBackupCodes,
|
|
];
|
|
return user.removeProperties(props, err => {
|
|
if (err) {
|
|
console.error(err.message);
|
|
} else {
|
|
console.info(`2FA OTP disabled for ${user.username}`);
|
|
}
|
|
});
|
|
}
|
|
|
|
async.waterfall(
|
|
[
|
|
function validate(callback) {
|
|
// :TODO: Prompt for if not supplied
|
|
// allow aliases for OTP types
|
|
otpType =
|
|
{
|
|
google: OTPTypes.GoogleAuthenticator,
|
|
hotp: OTPTypes.RFC4266_HOTP,
|
|
totp: OTPTypes.RFC6238_TOTP,
|
|
}[otpType] || otpType;
|
|
otpType = _.find(OTPTypes, t => {
|
|
return t.toLowerCase() === otpType.toLowerCase();
|
|
});
|
|
if (!otpType) {
|
|
return callback(Errors.Invalid('Invalid OTP type'));
|
|
}
|
|
return callback(null, otpType);
|
|
},
|
|
function prepare(otpType, callback) {
|
|
const otpOpts = {
|
|
username: user.username,
|
|
qrType: argv['qr-type'] || 'ascii',
|
|
};
|
|
prepareOTP(otpType, otpOpts, (err, otpInfo) => {
|
|
return callback(
|
|
err,
|
|
Object.assign(otpInfo, {
|
|
otpType,
|
|
backupCodes: createBackupCodes(),
|
|
})
|
|
);
|
|
});
|
|
},
|
|
function storeOrDisplayQR(otpInfo, callback) {
|
|
if (!argv.out || !otpInfo.qr) {
|
|
return callback(null, otpInfo);
|
|
}
|
|
|
|
fs.writeFile(argv.out, otpInfo.qr, 'utf8', err => {
|
|
return callback(err, otpInfo);
|
|
});
|
|
},
|
|
function persist(otpInfo, callback) {
|
|
const props = {
|
|
[UserProps.AuthFactor2OTP]: otpInfo.otpType,
|
|
[UserProps.AuthFactor2OTPSecret]: otpInfo.secret,
|
|
[UserProps.AuthFactor2OTPBackupCodes]: JSON.stringify(
|
|
otpInfo.backupCodes
|
|
),
|
|
};
|
|
user.persistProperties(props, err => {
|
|
return callback(err, otpInfo);
|
|
});
|
|
},
|
|
],
|
|
(err, otpInfo) => {
|
|
if (err) {
|
|
console.error(err.message);
|
|
} else {
|
|
console.info(`OTP enabled for : ${user.username}`);
|
|
console.info(`Secret : ${otpInfo.secret}`);
|
|
console.info(`Backup codes : ${otpInfo.backupCodes.join(', ')}`);
|
|
|
|
if (otpInfo.qr) {
|
|
if (!argv.out) {
|
|
console.info('--- Begin QR ---');
|
|
console.info(otpInfo.qr);
|
|
console.info('--- End QR ---');
|
|
} else {
|
|
console.info(`QR code saved to ${argv.out}`);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
function listUsers() {
|
|
// oputil user list [disabled|inactive|active|locked|all]
|
|
// :TODO: --created-since SPEC and --last-called SPEC
|
|
// --created-since SPEC
|
|
// SPEC can be TIMESTAMP or e.g. "-1hour" or "-90days"
|
|
// :TODO: --sort name|id
|
|
let listWhat;
|
|
if (argv._.length > 2) {
|
|
listWhat = argv._[argv._.length - 1];
|
|
} else {
|
|
listWhat = 'all';
|
|
}
|
|
|
|
const User = require('../../core/user');
|
|
if (!['all'].concat(Object.keys(User.AccountStatus)).includes(listWhat)) {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
async.waterfall(
|
|
[
|
|
callback => {
|
|
const UserProps = require('../../core/user_property');
|
|
|
|
const userListOpts = {
|
|
properties: [UserProps.AccountStatus],
|
|
};
|
|
|
|
User.getUserList(userListOpts, (err, userList) => {
|
|
if (err) {
|
|
return callback(err);
|
|
}
|
|
|
|
if ('all' === listWhat) {
|
|
return callback(null, userList);
|
|
}
|
|
|
|
const accountStatusFilter = User.AccountStatus[listWhat].toString();
|
|
|
|
return callback(
|
|
null,
|
|
userList.filter(user => {
|
|
return user[UserProps.AccountStatus] === accountStatusFilter;
|
|
})
|
|
);
|
|
});
|
|
},
|
|
(userList, callback) => {
|
|
userList.forEach(user => {
|
|
console.info(`${user.userId}: ${user.userName}`);
|
|
});
|
|
|
|
return callback(null);
|
|
},
|
|
],
|
|
err => {
|
|
if (err) {
|
|
return console.error(err.reason ? err.reason : err.message);
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
function handleUserCommand() {
|
|
function errUsage() {
|
|
return printUsageAndSetExitCode(getHelpFor('User'), ExitCodes.ERROR);
|
|
}
|
|
|
|
if (true === argv.help) {
|
|
return errUsage();
|
|
}
|
|
|
|
const action = argv._[1];
|
|
const userRequired = !['list'].includes(action);
|
|
|
|
let userName;
|
|
if (userRequired) {
|
|
const usernameIdx = [
|
|
'pw',
|
|
'pass',
|
|
'passwd',
|
|
'password',
|
|
'group',
|
|
'mv',
|
|
'rename',
|
|
'2fa-otp',
|
|
'otp',
|
|
].includes(action)
|
|
? argv._.length - 2
|
|
: argv._.length - 1;
|
|
userName = argv._[usernameIdx];
|
|
}
|
|
|
|
if (!userName && userRequired) {
|
|
return errUsage();
|
|
}
|
|
|
|
initAndGetUser(userName, (err, user) => {
|
|
if (userName && err) {
|
|
process.exitCode = ExitCodes.ERROR;
|
|
return console.error(err.message);
|
|
}
|
|
|
|
return (
|
|
{
|
|
pw: setUserPassword,
|
|
passwd: setUserPassword,
|
|
password: setUserPassword,
|
|
|
|
rm: removeUser,
|
|
remove: removeUser,
|
|
del: removeUser,
|
|
delete: removeUser,
|
|
|
|
mv: renameUser,
|
|
rename: renameUser,
|
|
|
|
activate: setAccountStatus,
|
|
deactivate: setAccountStatus,
|
|
disable: setAccountStatus,
|
|
lock: setAccountStatus,
|
|
|
|
group: modUserGroups,
|
|
|
|
info: showUserInfo,
|
|
|
|
'2fa-otp': twoFactorAuthOTP,
|
|
otp: twoFactorAuthOTP,
|
|
list: listUsers,
|
|
}[action] || errUsage
|
|
)(user, action);
|
|
});
|
|
}
|