2017-10-01 03:47:14 +00:00
|
|
|
const _ = require('lodash')
|
|
|
|
const fs = require('fs-extra')
|
|
|
|
const path = require('path')
|
2018-03-09 05:33:43 +00:00
|
|
|
const graphHelper = require('../../helpers/graph')
|
|
|
|
|
2018-03-05 20:49:36 +00:00
|
|
|
/* global WIKI */
|
2017-10-01 03:47:14 +00:00
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
Query: {
|
2019-08-25 02:19:35 +00:00
|
|
|
async authentication () { return {} }
|
2018-03-05 20:49:36 +00:00
|
|
|
},
|
|
|
|
Mutation: {
|
2019-08-25 02:19:35 +00:00
|
|
|
async authentication () { return {} }
|
2018-03-05 20:49:36 +00:00
|
|
|
},
|
|
|
|
AuthenticationQuery: {
|
2020-02-22 22:38:06 +00:00
|
|
|
/**
|
|
|
|
* List of API Keys
|
|
|
|
*/
|
|
|
|
async apiKeys (obj, args, context) {
|
|
|
|
const keys = await WIKI.models.apiKeys.query().orderBy(['isRevoked', 'name'])
|
|
|
|
return keys.map(k => ({
|
|
|
|
id: k.id,
|
|
|
|
name: k.name,
|
|
|
|
keyShort: '...' + k.key.substring(k.key.length - 20),
|
|
|
|
isRevoked: k.isRevoked,
|
|
|
|
expiration: k.expiration,
|
|
|
|
createdAt: k.createdAt,
|
|
|
|
updatedAt: k.updatedAt
|
|
|
|
}))
|
|
|
|
},
|
|
|
|
/**
|
|
|
|
* Current API State
|
|
|
|
*/
|
|
|
|
apiState () {
|
|
|
|
return WIKI.config.api.isEnabled
|
|
|
|
},
|
2020-07-03 23:36:33 +00:00
|
|
|
async strategies () {
|
|
|
|
return WIKI.data.authentication.map(stg => ({
|
|
|
|
...stg,
|
|
|
|
isAvailable: stg.isAvailable === true,
|
|
|
|
props: _.sortBy(_.transform(stg.props, (res, value, key) => {
|
|
|
|
res.push({
|
|
|
|
key,
|
|
|
|
value: JSON.stringify(value)
|
|
|
|
})
|
|
|
|
}, []), 'key')
|
|
|
|
}))
|
|
|
|
},
|
2019-06-30 19:18:26 +00:00
|
|
|
/**
|
|
|
|
* Fetch active authentication strategies
|
|
|
|
*/
|
2020-07-03 23:36:33 +00:00
|
|
|
async activeStrategies (obj, args, context, info) {
|
|
|
|
let strategies = await WIKI.models.authentication.getStrategies()
|
2018-08-04 21:27:55 +00:00
|
|
|
strategies = strategies.map(stg => {
|
2020-07-03 23:36:33 +00:00
|
|
|
const strategyInfo = _.find(WIKI.data.authentication, ['key', stg.strategyKey]) || {}
|
2018-08-04 21:27:55 +00:00
|
|
|
return {
|
|
|
|
...stg,
|
2020-07-03 23:36:33 +00:00
|
|
|
strategy: strategyInfo,
|
2018-08-04 21:27:55 +00:00
|
|
|
config: _.sortBy(_.transform(stg.config, (res, value, key) => {
|
2019-06-25 02:13:41 +00:00
|
|
|
const configData = _.get(strategyInfo.props, key, false)
|
|
|
|
if (configData) {
|
|
|
|
res.push({
|
|
|
|
key,
|
|
|
|
value: JSON.stringify({
|
|
|
|
...configData,
|
|
|
|
value
|
|
|
|
})
|
2018-08-04 21:27:55 +00:00
|
|
|
})
|
2019-06-25 02:13:41 +00:00
|
|
|
}
|
2018-08-04 21:27:55 +00:00
|
|
|
}, []), 'key')
|
|
|
|
}
|
|
|
|
})
|
2020-09-05 22:33:15 +00:00
|
|
|
return args.enabledOnly ? _.filter(strategies, 'isEnabled') : strategies
|
2017-10-01 03:47:14 +00:00
|
|
|
}
|
|
|
|
},
|
2018-03-10 05:58:04 +00:00
|
|
|
AuthenticationMutation: {
|
2020-02-22 22:38:06 +00:00
|
|
|
/**
|
|
|
|
* Create New API Key
|
|
|
|
*/
|
|
|
|
async createApiKey (obj, args, context) {
|
|
|
|
try {
|
2020-04-20 00:26:26 +00:00
|
|
|
const key = await WIKI.models.apiKeys.createNewKey(args)
|
|
|
|
await WIKI.auth.reloadApiKeys()
|
|
|
|
WIKI.events.outbound.emit('reloadApiKeys')
|
2020-02-22 22:38:06 +00:00
|
|
|
return {
|
2020-04-20 00:26:26 +00:00
|
|
|
key,
|
2020-02-22 22:38:06 +00:00
|
|
|
responseResult: graphHelper.generateSuccess('API Key created successfully')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
2019-06-30 19:18:26 +00:00
|
|
|
/**
|
|
|
|
* Perform Login
|
|
|
|
*/
|
2019-08-25 02:19:35 +00:00
|
|
|
async login (obj, args, context) {
|
2018-03-10 05:58:04 +00:00
|
|
|
try {
|
2018-12-17 05:51:52 +00:00
|
|
|
const authResult = await WIKI.models.users.login(args, context)
|
2018-03-10 05:58:04 +00:00
|
|
|
return {
|
|
|
|
...authResult,
|
2018-03-25 02:35:47 +00:00
|
|
|
responseResult: graphHelper.generateSuccess('Login success')
|
2018-03-10 05:58:04 +00:00
|
|
|
}
|
|
|
|
} catch (err) {
|
2019-06-05 02:23:32 +00:00
|
|
|
// LDAP Debug Flag
|
|
|
|
if (args.strategy === 'ldap' && WIKI.config.flags.ldapdebug) {
|
|
|
|
WIKI.logger.warn('LDAP LOGIN ERROR (c1): ', err)
|
|
|
|
}
|
|
|
|
|
2018-03-10 05:58:04 +00:00
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
2019-06-30 19:18:26 +00:00
|
|
|
/**
|
|
|
|
* Perform 2FA Login
|
|
|
|
*/
|
2019-08-25 02:19:35 +00:00
|
|
|
async loginTFA (obj, args, context) {
|
2018-03-10 05:58:04 +00:00
|
|
|
try {
|
2018-12-17 05:51:52 +00:00
|
|
|
const authResult = await WIKI.models.users.loginTFA(args, context)
|
2018-03-10 05:58:04 +00:00
|
|
|
return {
|
|
|
|
...authResult,
|
2018-03-25 02:35:47 +00:00
|
|
|
responseResult: graphHelper.generateSuccess('TFA success')
|
2018-03-10 05:58:04 +00:00
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
2018-06-26 00:55:00 +00:00
|
|
|
},
|
2019-08-25 02:19:35 +00:00
|
|
|
/**
|
|
|
|
* Perform Mandatory Password Change after Login
|
|
|
|
*/
|
|
|
|
async loginChangePassword (obj, args, context) {
|
|
|
|
try {
|
|
|
|
const authResult = await WIKI.models.users.loginChangePassword(args, context)
|
|
|
|
return {
|
|
|
|
...authResult,
|
|
|
|
responseResult: graphHelper.generateSuccess('Password changed successfully')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
2020-08-31 01:46:55 +00:00
|
|
|
/**
|
|
|
|
* Perform Mandatory Password Change after Login
|
|
|
|
*/
|
|
|
|
async forgotPassword (obj, args, context) {
|
|
|
|
try {
|
|
|
|
await WIKI.models.users.loginForgotPassword(args, context)
|
|
|
|
return {
|
|
|
|
responseResult: graphHelper.generateSuccess('Password reset request processed.')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
2019-06-30 19:18:26 +00:00
|
|
|
/**
|
|
|
|
* Register a new account
|
|
|
|
*/
|
2019-08-25 02:19:35 +00:00
|
|
|
async register (obj, args, context) {
|
2018-12-17 05:51:52 +00:00
|
|
|
try {
|
2019-03-17 02:41:48 +00:00
|
|
|
await WIKI.models.users.register({ ...args, verify: true }, context)
|
2018-12-17 05:51:52 +00:00
|
|
|
return {
|
|
|
|
responseResult: graphHelper.generateSuccess('Registration success')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
2020-02-22 22:38:06 +00:00
|
|
|
/**
|
|
|
|
* Set API state
|
|
|
|
*/
|
|
|
|
async setApiState (obj, args, context) {
|
|
|
|
try {
|
|
|
|
WIKI.config.api.isEnabled = args.enabled
|
|
|
|
await WIKI.configSvc.saveToDb(['api'])
|
|
|
|
return {
|
|
|
|
responseResult: graphHelper.generateSuccess('API State changed successfully')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
|
|
|
/**
|
|
|
|
* Revoke an API key
|
|
|
|
*/
|
|
|
|
async revokeApiKey (obj, args, context) {
|
|
|
|
try {
|
|
|
|
await WIKI.models.apiKeys.query().findById(args.id).patch({
|
|
|
|
isRevoked: true
|
|
|
|
})
|
|
|
|
await WIKI.auth.reloadApiKeys()
|
2020-04-20 00:26:26 +00:00
|
|
|
WIKI.events.outbound.emit('reloadApiKeys')
|
2020-02-22 22:38:06 +00:00
|
|
|
return {
|
|
|
|
responseResult: graphHelper.generateSuccess('API Key revoked successfully')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
2019-06-30 19:18:26 +00:00
|
|
|
/**
|
|
|
|
* Update Authentication Strategies
|
|
|
|
*/
|
2019-08-25 02:19:35 +00:00
|
|
|
async updateStrategies (obj, args, context) {
|
2018-06-26 00:55:00 +00:00
|
|
|
try {
|
2020-07-03 23:36:33 +00:00
|
|
|
const previousStrategies = await WIKI.models.authentication.getStrategies()
|
|
|
|
for (const str of args.strategies) {
|
|
|
|
const newStr = {
|
|
|
|
displayName: str.displayName,
|
|
|
|
order: str.order,
|
2020-09-05 22:33:15 +00:00
|
|
|
isEnabled: str.isEnabled,
|
2018-06-26 00:55:00 +00:00
|
|
|
config: _.reduce(str.config, (result, value, key) => {
|
2018-09-30 18:20:26 +00:00
|
|
|
_.set(result, `${value.key}`, _.get(JSON.parse(value.value), 'v', null))
|
2018-06-26 00:55:00 +00:00
|
|
|
return result
|
|
|
|
}, {}),
|
|
|
|
selfRegistration: str.selfRegistration,
|
|
|
|
domainWhitelist: { v: str.domainWhitelist },
|
|
|
|
autoEnrollGroups: { v: str.autoEnrollGroups }
|
2020-07-03 23:36:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (_.some(previousStrategies, ['key', str.key])) {
|
|
|
|
await WIKI.models.authentication.query().patch({
|
|
|
|
key: str.key,
|
|
|
|
strategyKey: str.strategyKey,
|
|
|
|
...newStr
|
|
|
|
}).where('key', str.key)
|
|
|
|
} else {
|
|
|
|
await WIKI.models.authentication.query().insert({
|
|
|
|
key: str.key,
|
|
|
|
strategyKey: str.strategyKey,
|
|
|
|
...newStr
|
|
|
|
})
|
|
|
|
}
|
2018-06-26 00:55:00 +00:00
|
|
|
}
|
2020-07-03 23:36:33 +00:00
|
|
|
|
|
|
|
for (const str of _.differenceBy(previousStrategies, args.strategies, 'key')) {
|
|
|
|
const hasUsers = await WIKI.models.users.query().count('* as total').where({ providerKey: str.key }).first()
|
|
|
|
if (_.toSafeInteger(hasUsers.total) > 0) {
|
|
|
|
throw new Error(`Cannot delete ${str.displayName} as 1 or more users are still using it.`)
|
|
|
|
} else {
|
|
|
|
await WIKI.models.authentication.query().delete().where('key', str.key)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-13 03:14:11 +00:00
|
|
|
await WIKI.auth.activateStrategies()
|
2020-04-20 00:26:26 +00:00
|
|
|
WIKI.events.outbound.emit('reloadAuthStrategies')
|
2018-06-26 00:55:00 +00:00
|
|
|
return {
|
|
|
|
responseResult: graphHelper.generateSuccess('Strategies updated successfully')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
2019-06-30 19:18:26 +00:00
|
|
|
},
|
|
|
|
/**
|
|
|
|
* Generate New Authentication Public / Private Key Certificates
|
|
|
|
*/
|
2019-08-25 02:19:35 +00:00
|
|
|
async regenerateCertificates (obj, args, context) {
|
2019-06-30 19:18:26 +00:00
|
|
|
try {
|
|
|
|
await WIKI.auth.regenerateCertificates()
|
|
|
|
return {
|
|
|
|
responseResult: graphHelper.generateSuccess('Certificates have been regenerated successfully.')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
|
|
|
},
|
|
|
|
/**
|
|
|
|
* Reset Guest User
|
|
|
|
*/
|
2019-08-25 02:19:35 +00:00
|
|
|
async resetGuestUser (obj, args, context) {
|
2019-06-30 19:18:26 +00:00
|
|
|
try {
|
|
|
|
await WIKI.auth.resetGuestUser()
|
|
|
|
return {
|
|
|
|
responseResult: graphHelper.generateSuccess('Guest user has been reset successfully.')
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
return graphHelper.generateError(err)
|
|
|
|
}
|
2018-03-10 05:58:04 +00:00
|
|
|
}
|
|
|
|
},
|
2018-06-04 04:41:29 +00:00
|
|
|
AuthenticationStrategy: {
|
2017-10-01 03:47:14 +00:00
|
|
|
icon (ap, args) {
|
2018-03-06 01:53:24 +00:00
|
|
|
return fs.readFile(path.join(WIKI.ROOTPATH, `assets/svg/auth-icon-${ap.key}.svg`), 'utf8').catch(err => {
|
2017-10-01 03:47:14 +00:00
|
|
|
if (err.code === 'ENOENT') {
|
|
|
|
return null
|
|
|
|
}
|
|
|
|
throw err
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|