From 25aeef24480c65262e48470ef81757b4ca4df870 Mon Sep 17 00:00:00 2001 From: Bright Date: Mon, 24 Feb 2025 09:29:24 +0700 Subject: [PATCH] reset password (test) --- .../OrganizationUnauthorizeController.ts | 16 +++++++++- src/keycloak/index.ts | 29 +++++++++++++++++-- 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/src/controllers/OrganizationUnauthorizeController.ts b/src/controllers/OrganizationUnauthorizeController.ts index 871b6ec4..764b3b30 100644 --- a/src/controllers/OrganizationUnauthorizeController.ts +++ b/src/controllers/OrganizationUnauthorizeController.ts @@ -18,7 +18,7 @@ import { format } from "path"; import { viewProfileEvaluation } from "../entities/view/viewProfileEvaluation"; import { viewProfileEmployeeEvaluation } from "../entities/view/viewProfileEmployeeEvaluation"; import Extension from "../interfaces/extension"; - +import { resetPassword } from "../keycloak"; @Route("api/v1/org/unauthorize") @Tags("OrganizationUnauthorize") @Response( @@ -36,6 +36,20 @@ export class OrganizationUnauthorizeController extends Controller { viewProfileEmployeeEvaluation, ); + @Post("user/reset-password") + async forgetPassword( + @Body() + body: { + username: string; + }, + ) { + const result = await resetPassword(body.username); + if (!result) { + throw new Error("Failed. Cannot change password."); + } + return result; + } + /** * API รายชื่อราชการที่เลื่อนเงินเดือน (unauthorize) * diff --git a/src/keycloak/index.ts b/src/keycloak/index.ts index 26701940..fa82332c 100644 --- a/src/keycloak/index.ts +++ b/src/keycloak/index.ts @@ -4,6 +4,8 @@ const KC_URL = process.env.KC_URL; const KC_REALMS = process.env.KC_REALMS; const KC_CLIENT_ID = process.env.KC_SERVICE_ACCOUNT_CLIENT_ID; const KC_SECRET = process.env.KC_SERVICE_ACCOUNT_SECRET; +const AUTH_ACCOUNT_SECRET = process.env.AUTH_ACCOUNT_SECRET +const API_KEY = process.env.API_KEY let token: string | null = null; let decoded: DecodedJwt | null = null; @@ -765,9 +767,31 @@ export async function changeUserPassword(userId: string, newPassword: string) { // Function to reset password export async function resetPassword(username: string) { try { + if (!API_KEY || !AUTH_ACCOUNT_SECRET) { + throw new Error("KC_CLIENT_ID and KC_SECRET are required to used this feature."); + } + const body = new URLSearchParams(); + body.append("client_id", "gettoken"); + body.append("client_secret", AUTH_ACCOUNT_SECRET?.toString()); + body.append("grant_type", "client_credentials"); + const tokenResponse = await fetch(`${process.env.KC_URL}/realms/${process.env.KC_REALMS}/protocol/openid-connect/token`, { + method: "POST", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + api_key: API_KEY, + }, + body: body + }); + if (!tokenResponse.ok) { + throw new Error("Failed to get admin token"); + } + const tokenData = await tokenResponse.json(); + const adminToken = tokenData.access_token; + const users = await fetch(`${KC_URL}/admin/realms/${KC_REALMS}/users?email=${encodeURIComponent(username)}`, { headers: { - "authorization": `Bearer ${await getToken()}`, + // "authorization": `Bearer ${await getToken()}`, + "authorization": `Bearer ${adminToken}`, "content-type": `application/json`, }, }); @@ -779,7 +803,8 @@ export async function resetPassword(username: string) { const resetResponse = await fetch(`${KC_URL}/admin/realms/${KC_REALMS}/users/${userId}/execute-actions-email`, { method: "PUT", headers: { - "Authorization": `Bearer ${await getToken()}`, + // "Authorization": `Bearer ${await getToken()}`, + "Authorization": `Bearer ${adminToken}`, "Content-Type": "application/json" }, body: JSON.stringify(["UPDATE_PASSWORD"])