feat(2fa): email 2fa

Refs #5475

@@ -0,0 +1,24 @@
+alter table `vn`.`department`
+    add `twoFactor` ENUM ('email') null comment 'Default user tow-factor auth type';

@@ -278,1 +276,3 @@
-}
+	"Added observation": "{{user}} añadió esta observacion: {{text}}",
+	"Comment added to client": "Observación añadida al cliente {{clientFk}}",
+	"Invalid auth code": "Invalid auth code",

@@ -0,0 +38,4 @@
+            where
+        });
+
+        if (vnUser && vnUser.twoFactor === 'email') {

@@ -0,0 +1,73 @@
+const UserError = require('vn-loopback/util/user-error');
+
+module.exports = Self => {
+    Self.remoteMethodCtx('validateAuth', {

@@ -0,0 +1,63 @@
+const ForbiddenError = require('vn-loopback/util/forbiddenError');
+
+module.exports = Self => {
+    Self.remoteMethodCtx('signin', {

@@ -0,0 +1,24 @@
+alter table `vn`.`department`

@@ -16,6 +16,7 @@ describe('ChangePassword path', async() => {
         await browser.close();
     });
 
+    const badPassword = 'badpass';

@@ -2,3 +2,3 @@
 import getBrowser from '../../helpers/puppeteer';
 
-describe('Account Alias create and basic data path', () => {
+fdescribe('Account Alias create and basic data path', () => {

@@ -38,2 +38,4 @@
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
+		},
+		{

@@ -10,16 +10,17 @@ module.exports = {
 
     async send(options) {
         options.from = `${config.app.senderName} <${config.app.senderEmail}>`;
+        if (!process.env.NODE_ENV)

@@ -0,0 +2,4 @@
+const UserError = require('vn-loopback/util/user-error');
+
+module.exports = Self => {
+    Self.remoteMethodCtx('signin', {

@@ -0,0 +29,4 @@
+    Self.signin = async function(ctx, user, password, options) {
+        const usesEmail = user.indexOf('@') !== -1;
+
+        const myOptions = {...(options || {})};

@@ -0,0 +33,4 @@
+
+        const where = usesEmail
+            ? {email: user}
+            : {name: user};

@@ -0,0 +50,4 @@
+            await Self.passExpired(vnUser, myOptions);
+
+            if (vnUser.twoFactor)
+                throw new ForbiddenError('REQUIRES_2FA');

@@ -0,0 +87,4 @@
+
+            const headers = ctx.req.headers;
+            let platform = headers['sec-ch-ua-platform']?.replace(/['"=]+/g, '');
+            let browser = headers['sec-ch-ua']?.replace(/['"=]+/g, '');

@@ -0,0 +33,4 @@
+
+    Self.validateAuth = async(username, password, code, options) => {
+        const myOptions = {...(options || {})};
+

@@ -80,1 +80,3 @@
-    SELECT id FROM `account`.`user`;
+    SELECT id
+        FROM `account`.`user`
+            WHERE role <> 2;

@@ -34,2 +36,4 @@
         if (newPassword != this.repeatPassword)
             throw new UserError(`Passwords don't match`);
+        if (newPassword == oldPassword)
+            throw new UserError(`You can not use the same password`);

@@ -27,3 +27,1 @@
-                this.loading = false;
-                this.password = '';
-                this.focusUser();
+                if (req.message === 'Forbidden') {

@@ -32,0 +31,4 @@
+    Self.changePassword = async function(ctx, oldPassword, newPassword, code, options) {
+        const userId = ctx.req.accessToken.userId;
+
+        const myOptions = {...(options || {})};

@@ -32,0 +35,4 @@
+
+        const {VnUser} = Self.app.models;
+        if (oldPassword == newPassword)
+            throw new UserError(`You can not use the same password`);

@@ -24,3 +24,3 @@
     });
 
-    Self.login = async(user, password) => Self.app.models.VnUser.signIn(user, password);
+    Self.login = async(ctx, user, password, options) => Self.app.models.VnUser.signin(ctx, user, password, options);

@@ -25,1 +24,3 @@
-        await Self.app.models.VnUser.setPassword(id, newPassword);
+    Self.setPassword = async function(id, newPassword, options) {
+        options = typeof options == 'object' ? options : {};
+        await Self.app.models.VnUser.setPassword(id, newPassword, options);

@@ -0,0 +4,4 @@
+            <h1>{{ $t('title') }}</h1>
+            <p v-html="$t('description')"></p>
+            <p v-html="$t('device', [device])"></p>
+            <p v-html="$t('ip', [ip])"></p>

@@ -0,0 +47,4 @@
+            await Self.passExpired(vnUser, myOptions);
+
+            if (vnUser.twoFactor)
+                throw new ForbiddenError(null, 'REQUIRES_2FA');

@@ -0,0 +37,4 @@
+            Object.assign(myOptions, options);
+
+        const token = Self.validateLogin(username, password);
+        await Self.validateCode(username, code, myOptions);

@@ -32,0 +45,4 @@
+        if (user.twoFactor)
+            await VnUser.validateCode(user.name, code, myOptions);
+
+        await VnUser.changePassword(userId, oldPassword, newPassword, myOptions);