refs #5472 feat(user): add passExpired

2023-04-27 15:18:27 +02:00 · 2023-04-27 15:18:27 +02:00 · 42fc0b62d8
parent 099ed2578c
commit 42fc0b62d8
7 changed files with 63 additions and 23 deletions
--- a/back/methods/vn-user/signIn.js
+++ b/back/methods/vn-user/signIn.js
@ -27,33 +27,38 @@ module.exports = Self => {
    });

    Self.signIn = async function(user, password) {
-        let models = Self.app.models;
+        const models = Self.app.models;
+        const usesEmail = user.indexOf('@') !== -1;
        let token;
-        let usesEmail = user.indexOf('@') !== -1;

-        let userInfo = usesEmail
+        const userInfo = usesEmail
            ? {email: user}
            : {username: user};
-        let instance = await Self.findOne({
+        const instance = await Self.findOne({
            fields: ['username', 'password'],
            where: userInfo
        });

-        let where = usesEmail
+        const where = usesEmail
            ? {email: user}
            : {name: user};
-        let vnUser = await Self.findOne({
-            fields: ['active'],
+        const vnUser = await Self.findOne({
+            fields: ['active', 'passExpired'],
            where
        });

-        let validCredentials = instance
+        const validCredentials = instance
            && await instance.hasPassword(password);
+        const today = Date.vnNew();
+        today.setHours(0, 0, 0, 0);

        if (validCredentials) {
            if (!vnUser.active)
                throw new UserError('User disabled');

+            if (vnUser.passExpired && vnUser.passExpired.getTime() <= today.getTime())
+                throw new UserError('Pass expired');
+
            try {
                await models.Account.sync(instance.username, password);
            } catch (err) {
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -107,4 +107,33 @@ module.exports = function(Self) {

        return email.send();
    });
+
+    Self.remoteMethod('setPassword', {
+        description: 'Reset user\'s password via a password-reset token.',
+        accepts: [
+            {arg: 'id', type: 'any', http: getUserIdFromRequestContext},
+            {arg: 'newPassword', type: 'string', required: true, http: {source: 'form'}},
+            {arg: 'options', type: 'object', http: 'optionsFromRequest'},
+        ],
+        accessScopes: setPasswordScopes,
+        http: {verb: 'POST', path: '/reset-password'},
+    },
+    );
+
+    function getUserIdFromRequestContext(ctx) {
+        const token = ctx.req.accessToken;
+        if (!token) return;
+
+        const hasPrincipalType = 'principalType' in token;
+        if (hasPrincipalType && token.principalType !== UserModel.modelName) {
+            // We have multiple user models related to the same access token model
+            // and the token used to authorize reset-password request was created
+            // for a different user model.
+            const err = new Error(g.f('Access Denied'));
+            err.statusCode = 403;
+            throw err;
+        }
+
+        return token.userId;
+    }
 };
--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@ -62,7 +62,10 @@
 		},
 		"hasGrant": {
 			"type": "boolean"
-		}
+		},
+        "passExpired": {
+            "type": "date"
+        }
 	},
 	"relations": {
 		"role": {
--- a/db/changes/231601/00-userPassExpired.sql
+++ b/db/changes/231601/00-userPassExpired.sql
@ -0,0 +1 @@
+ALTER TABLE `account`.`user` ADD passExpired DATE DEFAULT NULL;
--- a/front/salix/components/reset-password/index.js
+++ b/front/salix/components/reset-password/index.js
@ -33,7 +33,7 @@ export default class Controller {

        const newPassword = this.newPassword;

-        this.$http.post('users/reset-password', {newPassword}, {headers})
+        this.$http.post('VnUsers/reset-password', {newPassword}, {headers})
            .then(() => {
                this.vnApp.showSuccess(this.$translate.instant('Password changed!'));
                this.$state.go('login');
--- a/loopback/locale/en.json
+++ b/loopback/locale/en.json
@ -170,5 +170,6 @@
 	"comercialName": "Comercial",
 	"Added observation": "Added observation",
 	"Comment added to client": "Comment added to client",
-	"This ticket is already a refund": "This ticket is already a refund"
-}
+	"This ticket is already a refund": "This ticket is already a refund",
+    "Pass expired": "The password has expired, change it from Salix"
+}
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@ -279,15 +279,16 @@
 	"Comment added to client": "Observación añadida al cliente {{clientFk}}",
 	"Cannot create a new claimBeginning from a different ticket": "No se puede crear una línea de reclamación de un ticket diferente al origen",
 	"company": "Compañía",
-    "country": "País",
-    "clientId": "Id cliente",
-    "clientSocialName": "Cliente",
-    "amount": "Importe",
-    "taxableBase": "Base",
-    "ticketFk": "Id ticket",
-    "isActive": "Activo",
-    "hasToInvoice": "Facturar",
-    "isTaxDataChecked": "Datos comprobados",
-    "comercialId": "Id comercial",
-    "comercialName": "Comercial"
+	"country": "País",
+	"clientId": "Id cliente",
+	"clientSocialName": "Cliente",
+	"amount": "Importe",
+	"taxableBase": "Base",
+	"ticketFk": "Id ticket",
+	"isActive": "Activo",
+	"hasToInvoice": "Facturar",
+	"isTaxDataChecked": "Datos comprobados",
+	"comercialId": "Id comercial",
+	"comercialName": "Comercial",
+	"Pass expired": "La contraseña ha caducado, cambiela desde Salix"
 }
				`@ -0,0 +1 @@`
				ALTER TABLE `account`.`user` ADD passExpired DATE DEFAULT NULL;