fix(backend): update security rules

SocialGouv · Sep 17, 2024 · 13eb884 · 13eb884
1 parent 4eced63
commit 13eb884
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 30 deletions.
diff --git a/packages/backend/package.json b/packages/backend/package.json
@@ -7,13 +7,11 @@
   "license": "MIT",
   "scripts": {
     "build": "tsc -p tsconfig.build.json",
-    "db:dev:data-anonymize": "npx ts-node -r tsconfig-paths/register --transpile-only src/run-data-anonymization.ts | pino-pretty --singleLine",
     "db:dev:generate": "typeorm-ts-node-commonjs migration:generate ./src/_migrations/auto-migration -d ./src/database/services/_postgres/PG_MIGRATION_CONFIG.const.ts",
     "db:dev:migrate-down:last": "npx ts-node -r tsconfig-paths/register --transpile-only src/run-migrate-down-last.ts",
     "db:dev:migrate-redo": "npx ts-node -r tsconfig-paths/register --transpile-only src/run-migrate-up-redo.ts",
     "db:dev:migrate-up": "npx ts-node -r tsconfig-paths/register --transpile-only src/run-migrate-up.ts",
     "db:dev:create": "typeorm-ts-node-commonjs migration:create ./src/_migrations/manual-migration",
-    "db:prod:data-anonymize": "node dist/run-data-anonymization.js ",
     "db:prod:migrate-down:last": "node dist/run-migrate-down-last.js",
     "db:test:migrate-down:last": "ENV_FILE=tests-local npx ts-node -r tsconfig-paths/register --transpile-only src/run-migrate-down-last.ts",
     "db:test:migrate-redo": "ENV_FILE=tests-local npx ts-node -r tsconfig-paths/register --transpile-only src/run-migrate-up-redo.ts",

diff --git a/packages/backend/src/_common/model/jwt/user-base-jwt-payload.type.ts b/packages/backend/src/_common/model/jwt/user-base-jwt-payload.type.ts
@@ -5,7 +5,7 @@ export interface UseBaseJwtPayload<T extends UserProfile = UserProfile> {
   _userProfile: T;
   _userId: number;
   _jwtPayloadVersion: number;
-  isSuperAdminDomifa: boolean;
-  userRightStatus: UserRightStatus;
+  isSuperAdminDomifa?: boolean;
+  userRightStatus?: UserRightStatus;
   territories?: string[];
 }
diff --git a/packages/backend/src/auth/auth.module.ts b/packages/backend/src/auth/auth.module.ts
@@ -26,7 +26,7 @@ import { StructuresAuthController } from "./structures-auth.controller";
       JwtModule.register({
         secret: domifaConfig().security.jwtSecret,
         signOptions: {
-          expiresIn: "12h",
+          expiresIn: "24h",
         },
       })
     ),

diff --git a/packages/backend/src/config/domifaConfig.service.ts b/packages/backend/src/config/domifaConfig.service.ts
@@ -170,11 +170,6 @@ export function loadConfig(x: Partial<DomifaEnv>): DomifaConfig {
         ),
         sentryDsn,
       },
-      anonymizer: {
-        password: configParser.parseString(x, "DOMIFA_ANONYMIZER_PASSWORD", {
-          required: false,
-        }),
-      },
     },
     logger: {
       logHttpRequests: configParser.parseBoolean(

diff --git a/packages/backend/src/config/model/DomifaConfig.type.ts b/packages/backend/src/config/model/DomifaConfig.type.ts
@@ -37,9 +37,6 @@ export type DomifaConfig = {
       sentryDsn: string; // DOMIFA_SENTRY_DSN_BACKEND
       debugModeEnabled: boolean; // DOMIFA_SENTRY_DEBUG_MODE_ENABLED
     };
-    anonymizer: {
-      password: string; // DOMIFA_ANONYMIZER_PASSWORD
-    };
   };
   logger: {
     logHttpRequests: boolean; // DOMIFA_LOG_HTTP_REQUESTS

diff --git a/...vices/app-log/user-structure-security/userStructureSecurityEventHistoryManager.service.ts b/...vices/app-log/user-structure-security/userStructureSecurityEventHistoryManager.service.ts
@@ -1,4 +1,4 @@
-import { subDays, subWeeks } from "date-fns";
+import { subHours, subWeeks } from "date-fns";
 
 import { domifaConfig } from "../../../../config";
 import { appLogger } from "../../../../util";
@@ -52,9 +52,9 @@ function isAccountLockedForOperation({
   eventsHistory: UserStructureSecurityEvent[];
   userId: number;
 }) {
-  const oneDayAgo = subDays(new Date(), 1);
+  const oneHourAgo = subHours(new Date(), 1);
   const eventsRecentHistory = eventsHistory.filter(
-    (x) => new Date(x.date) > oneDayAgo
+    (x) => new Date(x.date) > oneHourAgo
   );
 
   if (eventsHistory.length) {

diff --git a/...ervices/user-usager/user-usager-security/userUsagerSecurityEventHistoryManager.service.ts b/...ervices/user-usager/user-usager-security/userUsagerSecurityEventHistoryManager.service.ts
@@ -1,4 +1,4 @@
-import { subDays, subWeeks } from "date-fns";
+import { subHours, subWeeks } from "date-fns";
 
 import { domifaConfig } from "../../../../config";
 import { appLogger } from "../../../../util";
@@ -58,9 +58,9 @@ function isAccountLockedForOperation({
     }
   }
 
-  const oneDayAgo = subDays(new Date(), 1);
+  const oneHourAgo = subHours(new Date(), 1);
   const eventsRecentHistory = eventsHistory.filter(
-    (x) => new Date(x.date) > oneDayAgo
+    (x) => new Date(x.date) > oneHourAgo
   );
 
   if (

diff --git a/packages/backend/src/modules/portail-usagers/services/usagers-auth.service.ts b/packages/backend/src/modules/portail-usagers/services/usagers-auth.service.ts
@@ -4,7 +4,6 @@ import { structureRepository } from "../../../database";
 
 import { usagerRepository } from "../../../database/services/usager/usagerRepository.service";
 import { userUsagerRepository } from "../../../database/services/user-usager/userUsagerRepository.service";
-import { appLogger } from "../../../util";
 import {
   CURRENT_JWT_PAYLOAD_VERSION,
   UserUsagerAuthenticated,
@@ -25,8 +24,6 @@ export class UsagersAuthService {
       usagerUUID: user.usagerUUID,
       structureId: user.structureId,
       lastLogin: user.lastLogin,
-      isSuperAdminDomifa: false,
-      userRightStatus: "structure",
     };
     return {
       access_token: this.jwtService.sign(payload),
@@ -57,15 +54,15 @@ export class UsagersAuthService {
   public async findAuthUserUsager(
     payload: Pick<UserUsagerJwtPayload, "_userId">
   ): Promise<UserUsagerAuthenticated> {
-    const user = await userUsagerRepository.findOneBy({ id: payload._userId });
-
-    const usager = await usagerRepository.findOneBy({ uuid: user.usagerUUID });
+    const user = await userUsagerRepository.findOneByOrFail({
+      id: payload._userId,
+    });
 
-    if (typeof user.structureId === "undefined") {
-      appLogger.debug("[TRACK BUG] " + JSON.stringify(user));
-    }
+    const usager = await usagerRepository.findOneByOrFail({
+      uuid: user.usagerUUID,
+    });
 
-    const structure = await structureRepository.findOneBy({
+    const structure = await structureRepository.findOneByOrFail({
       id: user.structureId,
     });
 

diff --git a/packages/backend/src/structures/structures.creation-full.spec.ts b/packages/backend/src/structures/structures.creation-full.spec.ts
@@ -5,7 +5,7 @@ import { MailsModule } from "../mails/mails.module";
 import { StatsModule } from "../stats/stats.module";
 import { UsagersModule } from "../usagers/usagers.module";
 import { UserDto } from "../users/dto/user.dto";
-import { UsersController } from "../users/users.controller";
+import { UsersController } from "../users/controllers/users.controller";
 import { UsersModule } from "../users/users.module";
 import { ExpressResponse } from "../util/express";
 import { AppTestContext, AppTestHelper } from "../util/test";