/* * Provides functionality to work with login (trader, CAST user) password. * * Dependencies: * - CastDeclare.js * - DataScripts.js.asp * - forge.js */ (function() { var L = Cast.getNamespace("Cast.LoginPassword"); /** * Multi-step password setup by using of AuthServer. * Use it in case of setting login password (except temporary traders, it must be saved via Gateway). * The function can throw error during execution (e.g. during server request). * External code is responsible for proper error handling. * * @param loginId Login ID to setup password for. * @param password Raw login password string. * @param entityType Trader or CAST user. */ L.setupPassword = function(loginId, password, entityType) { var routine = initializePasswordSetup(loginId, entityType); var newPasswordResponse = { requestId: routine.newPasswordRequest.id, encodingType: routine.newPasswordRequest.encodingType, encodedPassword: this.encodePassword( password, routine.newPasswordRequest.encodingType, routine.newPasswordRequest.encodingParameters) }; finishPasswordSetup(routine.routineId, routine.sessionToken, loginId, newPasswordResponse); } L.encodePassword = function(password, encodingType, encodingParams) { switch (encodingType) { case "cqg_e2ee": return encodePasswordCqgE2ee(password, encodingParams); case "isprint_e2ee": return encodePasswordISprint(password, encodingParams); case "none": return encodePasswordNone(password); default: throw new Error("Unsupported encoding type was provided: " + encodingType); } } function initializePasswordSetup(loginId, entityType) { var data = { loginId: loginId, entityType: entityType }; var url = getControllerActionUrl("Common", "CmsClient", "InitializePasswordSetup"); var result = Cast.RequestManager.postPageDataSync(url, data); return { routineId: result.RoutineId, sessionToken: result.SessionToken, newPasswordRequest: { id: result.NewPasswordRequest.Id, encodingType: result.NewPasswordRequest.EncodingType, encodingParameters: result.NewPasswordRequest.EncodingParameters } }; } function finishPasswordSetup(routineId, sessionToken, loginId, newPasswordResponse) { var data = { routineId: routineId, sessionToken: sessionToken, loginId: loginId, newPasswordResponse: newPasswordResponse }; var url = getControllerActionUrl("Common", "CmsClient", "FinishPasswordSetup"); Cast.RequestManager.postPageDataSync(url, data); } /** * Multi-step login own password change by using of AuthServer. * Use it in case of changing own login password. * The function can throw error during execution (e.g. during server request). * External code is responsible for proper error handling. * * @param newPassword Raw login new password string. * @param currentPassword Raw login current password string. */ L.changePassword = function(newPassword, currentPassword) { var routine = initializePasswordChange(); var newPasswordResponse = { requestId: routine.newPasswordRequest.id, encodingType: routine.newPasswordRequest.encodingType, encodedPassword: this.encodePassword( newPassword, routine.newPasswordRequest.encodingType, routine.newPasswordRequest.encodingParameters) }; var currentPasswordResponse = { requestId: routine.currentPasswordRequest.id, encodingType: routine.currentPasswordRequest.encodingType, encodedPassword: this.encodePassword( currentPassword, routine.currentPasswordRequest.encodingType, routine.currentPasswordRequest.encodingParameters) }; finishPasswordChange(routine.routineId, newPasswordResponse, currentPasswordResponse); } function initializePasswordChange() { var url = getControllerActionUrl("Common", "CmsClient", "InitializePasswordChange"); var result = Cast.RequestManager.postPageDataSync(url); return { routineId: result.RoutineId, currentPasswordRequest: { id: result.CurrentPasswordRequest.Id, encodingType: result.CurrentPasswordRequest.EncodingType, encodingParameters: result.CurrentPasswordRequest.EncodingParameters }, newPasswordRequest: { id: result.NewPasswordRequest.Id, encodingType: result.NewPasswordRequest.EncodingType, encodingParameters: result.NewPasswordRequest.EncodingParameters } }; } function finishPasswordChange(routineId, newPasswordResponse, currentPasswordResponse) { var data = { routineId: routineId, newPasswordResponse: newPasswordResponse, currentPasswordResponse: currentPasswordResponse }; var url = getControllerActionUrl("Common", "CmsClient", "FinishPasswordChange"); Cast.RequestManager.postPageDataSync(url, data); } function encodePasswordCqgE2ee(password, encodingParams) { validateEncodingParams(encodingParams, ['PubKey', 'ServerRandom', 'ModulusLen']); var pem = forge.util.decode64(encodingParams.PubKey); var serverRandom = encodingParams.ServerRandom; // Do encoding. var asn = forge.asn1.fromDer(pem); var key = forge.pki.publicKeyFromAsn1(asn); var encodedPassword = key.encrypt(password + serverRandom, 'RSA-OAEP'); return forge.util.encode64(encodedPassword); // Return result in base64 string. } function encodePasswordISprint(password, encodingParams) { validateEncodingParams(encodingParams, ['E2EESid', 'PubKey', 'ServerRandom', 'HashAlgo']); var encodedPassword = ame2eea.encryptPinForAM( encodingParams.E2EESid, encodingParams.PubKey, encodingParams.ServerRandom, password, encodingParams.HashAlgo); return encodedPassword; } function encodePasswordNone(password) { return password; } /** * Validates that encoding params contain all required fields. * @param encodingParams Plain JS object with key-value encoding params. * @param requiredParams An array of required params keys. */ function validateEncodingParams(encodingParams, requiredParams) { for (var i = 0; i < requiredParams.length; i++) { var param = requiredParams[i]; if (!(param in encodingParams)) { throw new Error("Required encoding parameter was not provided: " + param); } var value = encodingParams[param]; if (value == null || value == '') { throw new Error("Invalid required encoding parameter value (parameter=" + param + ", value=" + value + ")"); } } } })();