mirror of
https://github.com/Termix-SSH/Termix.git
synced 2026-07-17 05:43:36 +00:00
feat(auth): non-destructive password resets and admin reset endpoint
Password resets no longer destroy user data: the DEK is system-wrapped, so forgot-password and admin resets are just a hash update plus session revoke. The wipe branch survives only for accounts that never logged in since the encryption upgrade and now requires explicit confirmDataWipe (surfaced as a 409 DATA_WIPE_REQUIRED; the reset UI asks for confirmation). Adds POST /users/admin/reset-password and removes the dead re-encryption paths.
This commit is contained in:
@@ -0,0 +1,123 @@
|
||||
import { beforeEach, describe, expect, it, vi } from "vitest";
|
||||
import type { AuthManager } from "../../utils/auth-manager.js";
|
||||
|
||||
const calls = vi.hoisted(() => ({
|
||||
userUpdates: [] as Array<[string, Record<string, unknown>]>,
|
||||
deletedFor: [] as string[],
|
||||
rotatedFor: [] as string[],
|
||||
legacyWrapsDeletedFor: [] as string[],
|
||||
}));
|
||||
|
||||
function deletingRepo(label: string) {
|
||||
return () => ({
|
||||
deleteByUserId: async (userId: string) => {
|
||||
calls.deletedFor.push(`${label}:${userId}`);
|
||||
return 0;
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
vi.mock("../repositories/factory.js", () => ({
|
||||
createCurrentUserRepository: () => ({
|
||||
update: async (userId: string, update: Record<string, unknown>) => {
|
||||
calls.userUpdates.push([userId, update]);
|
||||
return { id: userId };
|
||||
},
|
||||
}),
|
||||
createCurrentSettingsRepository: () => ({}),
|
||||
createCurrentSshCredentialUsageRepository: deletingRepo("usage"),
|
||||
createCurrentFileManagerBookmarkRepository: deletingRepo("bookmarks"),
|
||||
createCurrentRecentActivityRepository: deletingRepo("activity"),
|
||||
createCurrentDismissedAlertRepository: deletingRepo("alerts"),
|
||||
createCurrentSnippetRepository: deletingRepo("snippets"),
|
||||
createCurrentHostRepository: deletingRepo("hosts"),
|
||||
createCurrentCredentialRepository: deletingRepo("credentials"),
|
||||
}));
|
||||
|
||||
vi.mock("../../utils/user-keys.js", () => ({
|
||||
UserKeyManager: {
|
||||
getInstance: () => ({
|
||||
rotateUserDEK: async (userId: string) => {
|
||||
calls.rotatedFor.push(userId);
|
||||
return Buffer.alloc(32);
|
||||
},
|
||||
}),
|
||||
},
|
||||
}));
|
||||
|
||||
vi.mock("../../utils/crypto-migration/dek-migration.js", () => ({
|
||||
deleteLegacyWraps: async (userId: string) => {
|
||||
calls.legacyWrapsDeletedFor.push(userId);
|
||||
},
|
||||
}));
|
||||
|
||||
import { resetUserPassword } from "./user-password-reset-routes.js";
|
||||
|
||||
function fakeAuthManager(unlocked: boolean): AuthManager {
|
||||
return {
|
||||
isUserUnlocked: () => unlocked,
|
||||
logoutUser: vi.fn(async () => {}),
|
||||
} as unknown as AuthManager;
|
||||
}
|
||||
|
||||
beforeEach(() => {
|
||||
calls.userUpdates = [];
|
||||
calls.deletedFor = [];
|
||||
calls.rotatedFor = [];
|
||||
calls.legacyWrapsDeletedFor = [];
|
||||
});
|
||||
|
||||
describe("resetUserPassword", () => {
|
||||
it("preserves data for users with a server-wrapped key", async () => {
|
||||
const outcome = await resetUserPassword(fakeAuthManager(true), {
|
||||
userId: "user-1",
|
||||
username: "alice",
|
||||
newPassword: "new-password",
|
||||
confirmDataWipe: false,
|
||||
});
|
||||
|
||||
expect(outcome).toEqual({ status: "reset", dataWiped: false });
|
||||
expect(calls.userUpdates).toHaveLength(1);
|
||||
expect(calls.userUpdates[0][1]).toHaveProperty("passwordHash");
|
||||
expect(calls.deletedFor).toEqual([]);
|
||||
expect(calls.rotatedFor).toEqual([]);
|
||||
});
|
||||
|
||||
it("requires explicit consent before wiping an unmigrated user", async () => {
|
||||
const outcome = await resetUserPassword(fakeAuthManager(false), {
|
||||
userId: "user-1",
|
||||
username: "alice",
|
||||
newPassword: "new-password",
|
||||
confirmDataWipe: false,
|
||||
});
|
||||
|
||||
expect(outcome).toEqual({ status: "wipe_confirmation_required" });
|
||||
expect(calls.userUpdates).toEqual([]);
|
||||
expect(calls.deletedFor).toEqual([]);
|
||||
});
|
||||
|
||||
it("wipes data and rotates the key when consent is given", async () => {
|
||||
const outcome = await resetUserPassword(fakeAuthManager(false), {
|
||||
userId: "user-1",
|
||||
username: "alice",
|
||||
newPassword: "new-password",
|
||||
confirmDataWipe: true,
|
||||
});
|
||||
|
||||
expect(outcome).toEqual({ status: "reset", dataWiped: true });
|
||||
expect(calls.deletedFor).toEqual([
|
||||
"usage:user-1",
|
||||
"bookmarks:user-1",
|
||||
"activity:user-1",
|
||||
"alerts:user-1",
|
||||
"snippets:user-1",
|
||||
"hosts:user-1",
|
||||
"credentials:user-1",
|
||||
]);
|
||||
expect(calls.rotatedFor).toEqual(["user-1"]);
|
||||
expect(calls.legacyWrapsDeletedFor).toEqual(["user-1"]);
|
||||
expect(
|
||||
calls.userUpdates.some(([, update]) => update.totpEnabled === false),
|
||||
).toBe(true);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user