Merge pull request #1018 from hpcc-systems/yadhap/reset-pw-for-usr

yadhap/reset-pw-for-usr

Author: FancMa01

Tombolo/client-reactjs/src/components/admin/userManagement/Table.jsx

@@ -1,8 +1,8 @@
 import React from 'react';
-import { Table, Tooltip, Popconfirm, message, Tag } from 'antd';
-import { EyeOutlined, EditOutlined, DeleteOutlined } from '@ant-design/icons';
+import { Table, Tooltip, Popconfirm, message, Tag, Popover } from 'antd';
+import { EyeOutlined, EditOutlined, DeleteOutlined, LockOutlined, DownOutlined } from '@ant-design/icons';
 
-import { deleteUser } from './Utils.js';
+import { deleteUser, resetUserPassword } from './Utils.js';
 
 const UserManagementTable = ({
   users,
@@ -15,6 +15,16 @@ const UserManagementTable = ({
   setFilteredUsers,
   roles,
 }) => {
+  // Rest password
+  const handlePasswordReset = async ({ id }) => {
+    try {
+      await resetUserPassword({ id });
+      message.success('Password reset successfully');
+    } catch (err) {
+      message.error('Failed to reset password');
+    }
+  };
+
   // Const handle user deletion - display message and setUsers and filteredUsers
   const handleDeleteUser = async ({ id }) => {
     try {
@@ -26,6 +36,7 @@ const UserManagementTable = ({
       message.error('Failed to delete user');
     }
   };
+
   // Columns for the table
   const columns = [
     {
@@ -94,6 +105,43 @@ const UserManagementTable = ({
               <DeleteOutlined style={{ color: 'var(--primary)', marginRight: 15 }} />
             </Tooltip>
           </Popconfirm>
+
+          <Popover
+            placement="bottom"
+            content={
+              <div
+                style={{ display: 'flex', flexDirection: 'column', color: 'var(--primary)', cursor: 'pointer' }}
+                className="jobMonitoringTable__hidden_actions">
+                <div style={{ color: 'var(--primary)' }}>
+                  <Popconfirm
+                    title={
+                      <>
+                        <div style={{ fontWeight: 'bold' }}>{`Reset Password`} </div>
+                        <div style={{ maxWidth: 460 }}>
+                          {`Clicking "Yes" will send a password reset link to `}
+                          <Tooltip title={`${record.firstName} ${record.lastName}`}>
+                            <span style={{ color: 'var(--primary)' }}>{record.email}</span>
+                          </Tooltip>{' '}
+                          via email. Do you want to continue?`
+                        </div>
+                      </>
+                    }
+                    onConfirm={() => handlePasswordReset({ id: record.id })}
+                    okText="Yes"
+                    okButtonProps={{ danger: true }}
+                    cancelText="No"
+                    cancelButtonProps={{ type: 'primary', ghost: true }}
+                    style={{ width: '500px !important' }}>
+                    <LockOutlined style={{ marginRight: 15 }} />
+                    Reset Password
+                  </Popconfirm>
+                </div>
+              </div>
+            }>
+            <span style={{ color: 'var(--secondary)' }}>
+              More <DownOutlined style={{ fontSize: '10px' }} />
+            </span>
+          </Popover>
         </>
       ),
     },

Tombolo/client-reactjs/src/components/admin/userManagement/Utils.js

@@ -163,6 +163,21 @@ const bulkDeleteUsers = async ({ ids }) => {
   }
 };
 
+// Reset user password
+const resetUserPassword = async ({ id }) => {
+  const payload = {
+    method: 'POST',
+    body: JSON.stringify({ id }),
+    headers: authHeader(),
+  };
+
+  const response = await fetch(`/api/user/reset-password-for-user`, payload);
+
+  if (!response.ok) {
+    throw new Error('Failed to reset password');
+  }
+};
+
 export {
   createUser,
   getAllUsers,
@@ -173,4 +188,5 @@ export {
   updateUserRoles,
   updateUserApplications,
   bulkDeleteUsers,
+  resetUserPassword,
 };

Tombolo/server/controllers/userController.js

@@ -1,5 +1,9 @@
 // Imports from node modules
 const { v4: UUIDV4 } = require("uuid");
+const bcrypt = require("bcryptjs");
+const moment = require("moment");
+const { v4: uuidv4 } = require("uuid");
+const sequelize = require("../models").sequelize;
 
 // Local imports
 const logger = require("../config/logger");
@@ -18,7 +22,14 @@ const UserRoles = models.UserRoles;
 const user_application = models.user_application;
 const NotificationQueue = models.notification_queue;
 const AccountVerificationCodes = models.AccountVerificationCodes;
+const PasswordResetLinks = models.PasswordResetLinks;
 
+const {
+  checkPasswordSecurityViolations,
+  setPasswordExpiry,
+  setPreviousPasswords,
+  generatePassword,
+} = require("../utils/authUtil");
 
 // Delete user with ID
 const deleteUser = async (req, res) => {
@@ -407,12 +418,7 @@ const createUser = async (req, res) => {
     }
 
     // Generate random password - 12 characters - alpha numeric
-    const charset =
-      "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-    let password = "";
-    for (let i = 0; i < 12; i++) {
-      password += charset.charAt(Math.floor(Math.random() * charset.length));
-    }
+    const password = generatePassword();
 
     // Hash password
     const salt = bcrypt.genSaltSync(10);
@@ -467,7 +473,7 @@ const createUser = async (req, res) => {
     });
 
     // Searchable notification ID
-    const searchableNotificationId = UUIDV4();
+    const searchableNotificationId = `USR_REG__${moment().format('YYYYMMDD_HHmmss_SSS')}`;
     const verificationCode = UUIDV4();
 
     // Create account verification code
@@ -515,6 +521,90 @@ const createUser = async (req, res) => {
   }
 };
 
+// Reset password for user
+const resetPasswordForUser = async (req, res) => {
+  const transaction = await sequelize.transaction(); // Start a transaction
+
+  try {
+    const { id } = req.body;
+
+    // Get user by ID
+    const user = await User.findOne({ where: { id }, transaction });
+
+    // If user not found
+    if (!user) {
+      await transaction.rollback(); // Rollback if user is not found
+      return res
+        .status(404)
+        .json({ success: false, message: "User not found" });
+    }
+
+    // Generate a password reset token
+    const randomId = uuidv4();
+    const passwordRestLink = `${trimURL(process.env.WEB_URL)}/reset-password/${randomId}`;
+
+    // Searchable notification ID
+    const searchableNotificationId = `USR_PWD_RST__${moment().format("YYYYMMDD_HHmmss_SSS")}`;
+
+    // Queue notification
+    await NotificationQueue.create(
+      {
+        type: "email",
+        templateName: "resetPasswordLink",
+        notificationOrigin: "Reset Password",
+        deliveryType: "immediate",
+        createdBy: "System",
+        updatedBy: "System",
+        metaData: {
+          notificationId: searchableNotificationId,
+          recipientName: `${user.firstName}`,
+          notificationOrigin: "Reset Password",
+          subject: "Password Reset Link",
+          mainRecipients: [user.email],
+          notificationDescription: "Password Reset Link",
+          validForHours: 24,
+          passwordRestLink,
+        },
+      },
+      { transaction }
+    );
+
+    // Save the password reset token to the user object in the database
+    await PasswordResetLinks.create(
+      {
+        id: randomId,
+        userId: user.id,
+        resetLink: passwordRestLink,
+        issuedAt: new Date(),
+        expiresAt: new Date(new Date().getTime() + 24 * 60 * 60 * 1000),
+      },
+      { transaction }
+    );
+
+    // Create account verification code
+    await AccountVerificationCodes.create(
+      {
+        code: randomId,
+        userId: user.id,
+        expiresAt: new Date(new Date().getTime() + 24 * 60 * 60 * 1000),
+      },
+      { transaction }
+    );
+
+    // Commit transaction if everything is successful
+    await transaction.commit();
+
+    // Response
+    res.status(200).json({ success: true, message: "Password reset successfully" });
+  } catch (err) {
+    await transaction.rollback(); // Rollback transaction in case of error
+    logger.error(`Reset password for user: ${err.message}`);
+    res
+      .status(err.status || 500)
+      .json({ success: false, message: err.message });
+  }
+};
+
 //Exports
 module.exports = {
   createUser,
@@ -527,4 +617,5 @@ module.exports = {
   bulkUpdateUsers,
   updateUserRoles,
   updateUserApplications,
+  resetPasswordForUser,
 };

Tombolo/server/middlewares/userMiddleware.js

@@ -2,13 +2,28 @@
 const { body, param, validationResult } = require("express-validator");
 const logger = require("../config/logger");
 
-// Validate user ID
+// Validate user ID in params
 const validateUserId = [
   param("id").isUUID(4).withMessage("User ID must be a valid UUID"),
   (req, res, next) => {
     const errors = validationResult(req);
     if (!errors.isEmpty()) {
-      logger.error(`Delete user : ${errors.array()[0].msg}`);
+      logger.error(`User Management : ${errors.array()[0].msg}`);
+      return res
+        .status(400)
+        .json({ success: false, message: errors.array()[0].msg });
+    }
+    next();
+  },
+];
+
+// Validate user ID in body
+const validateUserIdInBody = [
+  body("id").isUUID(4).withMessage("User ID must be a valid UUID"),
+  (req, res, next) => {
+    const errors = validationResult(req);
+    if (!errors.isEmpty()) {
+      logger.error(`User Management : ${errors.array()[0].msg}`);
       return res
         .status(400)
         .json({ success: false, message: errors.array()[0].msg });
@@ -198,6 +213,7 @@ const validatePatchUserRolesPayload = [
 module.exports = {
   validateManuallyCreatedUserPayload,
   validateUserId,
+  validateUserIdInBody,
   validateUpdateUserPayload,
   validateChangePasswordPayload,
   validateBulkDeletePayload,

Tombolo/server/routes/userRoutes.js

@@ -12,6 +12,7 @@ const {
   validateBulkUpdatePayload,
   validatePatchUserRolesPayload,
   validateManuallyCreatedUserPayload,
+  validateUserIdInBody,
 } = require("../middlewares/userMiddleware");
 
 // Import user controller
@@ -25,7 +26,8 @@ const {
   bulkDeleteUsers,
   bulkUpdateUsers,
   updateUserRoles,
-  updateUserApplications
+  updateUserApplications,
+  resetPasswordForUser,
 } = require("../controllers/userController");
 
 const { validateUserRole } = require("../middlewares/rbacMiddleware");
@@ -59,5 +61,6 @@ router.patch(
   updateUserRoles
 ); // Update a user by id
 router.patch("/applications/:id",validateUserId, updateUserApplications); // Update a user's applications
+router.post("/reset-password-for-user", validateUserIdInBody, resetPasswordForUser); // Reset password for user
 //Export
 module.exports = router;

Tombolo/server/utils/authUtil.js

@@ -332,6 +332,29 @@ const setPreviousPasswords = async (user) => {
   return user;
 };
 
+// Generate a random password - 12 chars
+function generatePassword(length = 12) {
+  const lowercase = "abcdefghijklmnopqrstuvwxyz";
+  const uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+  const numbers = "0123456789";
+  const allChars = lowercase + uppercase + numbers;
+
+  let password = "";
+
+  // Ensure at least one of each category
+  password += lowercase.charAt(Math.floor(Math.random() * lowercase.length));
+  password += uppercase.charAt(Math.floor(Math.random() * uppercase.length));
+  password += numbers.charAt(Math.floor(Math.random() * numbers.length));
+
+  // Fill the rest randomly
+  for (let i = 3; i < length; i++) {
+    password += allChars.charAt(Math.floor(Math.random() * allChars.length));
+  }
+
+  // Shuffle password to mix guaranteed characters
+  return password.split("").sort(() => Math.random() - 0.5).join("");
+}
+
 //Exports
 module.exports = {
   generateAccessToken,
@@ -348,4 +371,5 @@ module.exports = {
   getSupportContactEmails,
   getAccessRequestContactEmails,
   setPreviousPasswords,
+  generatePassword,
 };