torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
530e5445422d92081f663e917c509a3407d1a389
harheimertc/server/api/cms/password-reset-diagnostics.get.js
Torsten Schulz (local) 530e544542
Some checks failed
Code Analysis and Production Deploy / analyze (push) Failing after 5m40s
Details
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Details
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
Details
Implemented the possibility ofa hidden user for playstore tests
2026-06-09 11:32:00 +02:00

98 lines
3.0 KiB
JavaScript
Raw Blame History

import { getUserFromToken, hasRole, readUsers, isHiddenUser } from '../../utils/auth.js'
import {
fingerprintResetEmail,
normalizeResetEmail,
PASSWORD_RESET_LOG_RETENTION_HOURS,
readPasswordResetLogs
} from '../../utils/password-reset-log.js'
function summarizeAttempts(entries) {
const attemptsById = new Map()
for (const entry of [...entries].reverse()) {
const attempt = attemptsById.get(entry.requestId) || {
requestId: entry.requestId,
startedAt: entry.ts,
emailMasked: entry.emailMasked,
ip: entry.ip,
userId: entry.userId || null,
steps: [],
failed: false
}
attempt.startedAt = attempt.startedAt || entry.ts
attempt.userId = attempt.userId || entry.userId || null
attempt.steps.push({
ts: entry.ts,
step: entry.step,
status: entry.status,
reason: entry.reason || null,
errorCode: entry.errorCode || entry.error || null,
errorMessage: entry.errorMessage || null
})
if (
entry.status === 'failed' ||
entry.status === 'not_found' ||
entry.status === 'no_account' ||
entry.reason === 'smtp_credentials_missing'
) {
attempt.failed = true
}
attemptsById.set(entry.requestId, attempt)
}
return [...attemptsById.values()]
.sort((a, b) => String(b.startedAt).localeCompare(String(a.startedAt)))
}
export default defineEventHandler(async (event) => {
const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
const currentUser = token ? await getUserFromToken(token) : null
if (!currentUser || !hasRole(currentUser, 'admin')) {
throw createError({ statusCode: 403, message: 'Zugriff verweigert' })
}
const query = getQuery(event)
const email = normalizeResetEmail(query.email)
const failedOnly = query.failedOnly !== 'false'
const users = await readUsers()
const visibleUsers = users.filter(user => !isHiddenUser(user))
const hiddenEmailFingerprints = new Set(users.filter(isHiddenUser).map(user => fingerprintResetEmail(user.email)).filter(Boolean))
const logs = await readPasswordResetLogs()
const filteredLogs = (email
? logs.filter(entry => entry.emailFingerprint === fingerprintResetEmail(email))
: logs)
.filter(entry => !hiddenEmailFingerprints.has(entry.emailFingerprint))
const attempts = summarizeAttempts(filteredLogs)
.filter(attempt => !failedOnly || attempt.failed)
let matchingUsers = []
if (email) {
const term = email.toLowerCase()
matchingUsers = visibleUsers
.filter(user => {
const userEmail = normalizeResetEmail(user.email)
const name = String(user.name || '').toLowerCase()
return userEmail.includes(term) || name.includes(term)
})
.slice(0, 20)
.map(user => ({
id: user.id,
name: user.name,
email: user.email,
active: user.active !== false,
lastLogin: user.lastLogin || null
}))
}
return {
retentionHours: PASSWORD_RESET_LOG_RETENTION_HOURS,
searchedEmail: email,
matchingUsers,
attempts
}
})
Reference in New Issue View Git Blame Copy Permalink