refs #5472 feat(user): add passExpired
gitea/salix/pipeline/head There was a failure building this commit
Details
gitea/salix/pipeline/head There was a failure building this commit
Details
This commit is contained in:
parent
099ed2578c
commit
42fc0b62d8
|
@ -27,33 +27,38 @@ module.exports = Self => {
|
||||||
});
|
});
|
||||||
|
|
||||||
Self.signIn = async function(user, password) {
|
Self.signIn = async function(user, password) {
|
||||||
let models = Self.app.models;
|
const models = Self.app.models;
|
||||||
|
const usesEmail = user.indexOf('@') !== -1;
|
||||||
let token;
|
let token;
|
||||||
let usesEmail = user.indexOf('@') !== -1;
|
|
||||||
|
|
||||||
let userInfo = usesEmail
|
const userInfo = usesEmail
|
||||||
? {email: user}
|
? {email: user}
|
||||||
: {username: user};
|
: {username: user};
|
||||||
let instance = await Self.findOne({
|
const instance = await Self.findOne({
|
||||||
fields: ['username', 'password'],
|
fields: ['username', 'password'],
|
||||||
where: userInfo
|
where: userInfo
|
||||||
});
|
});
|
||||||
|
|
||||||
let where = usesEmail
|
const where = usesEmail
|
||||||
? {email: user}
|
? {email: user}
|
||||||
: {name: user};
|
: {name: user};
|
||||||
let vnUser = await Self.findOne({
|
const vnUser = await Self.findOne({
|
||||||
fields: ['active'],
|
fields: ['active', 'passExpired'],
|
||||||
where
|
where
|
||||||
});
|
});
|
||||||
|
|
||||||
let validCredentials = instance
|
const validCredentials = instance
|
||||||
&& await instance.hasPassword(password);
|
&& await instance.hasPassword(password);
|
||||||
|
const today = Date.vnNew();
|
||||||
|
today.setHours(0, 0, 0, 0);
|
||||||
|
|
||||||
if (validCredentials) {
|
if (validCredentials) {
|
||||||
if (!vnUser.active)
|
if (!vnUser.active)
|
||||||
throw new UserError('User disabled');
|
throw new UserError('User disabled');
|
||||||
|
|
||||||
|
if (vnUser.passExpired && vnUser.passExpired.getTime() <= today.getTime())
|
||||||
|
throw new UserError('Pass expired');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
await models.Account.sync(instance.username, password);
|
await models.Account.sync(instance.username, password);
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
|
|
|
@ -107,4 +107,33 @@ module.exports = function(Self) {
|
||||||
|
|
||||||
return email.send();
|
return email.send();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
Self.remoteMethod('setPassword', {
|
||||||
|
description: 'Reset user\'s password via a password-reset token.',
|
||||||
|
accepts: [
|
||||||
|
{arg: 'id', type: 'any', http: getUserIdFromRequestContext},
|
||||||
|
{arg: 'newPassword', type: 'string', required: true, http: {source: 'form'}},
|
||||||
|
{arg: 'options', type: 'object', http: 'optionsFromRequest'},
|
||||||
|
],
|
||||||
|
accessScopes: setPasswordScopes,
|
||||||
|
http: {verb: 'POST', path: '/reset-password'},
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
|
function getUserIdFromRequestContext(ctx) {
|
||||||
|
const token = ctx.req.accessToken;
|
||||||
|
if (!token) return;
|
||||||
|
|
||||||
|
const hasPrincipalType = 'principalType' in token;
|
||||||
|
if (hasPrincipalType && token.principalType !== UserModel.modelName) {
|
||||||
|
// We have multiple user models related to the same access token model
|
||||||
|
// and the token used to authorize reset-password request was created
|
||||||
|
// for a different user model.
|
||||||
|
const err = new Error(g.f('Access Denied'));
|
||||||
|
err.statusCode = 403;
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
|
|
||||||
|
return token.userId;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
|
@ -62,6 +62,9 @@
|
||||||
},
|
},
|
||||||
"hasGrant": {
|
"hasGrant": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
"passExpired": {
|
||||||
|
"type": "date"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"relations": {
|
"relations": {
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
ALTER TABLE `account`.`user` ADD passExpired DATE DEFAULT NULL;
|
|
@ -33,7 +33,7 @@ export default class Controller {
|
||||||
|
|
||||||
const newPassword = this.newPassword;
|
const newPassword = this.newPassword;
|
||||||
|
|
||||||
this.$http.post('users/reset-password', {newPassword}, {headers})
|
this.$http.post('VnUsers/reset-password', {newPassword}, {headers})
|
||||||
.then(() => {
|
.then(() => {
|
||||||
this.vnApp.showSuccess(this.$translate.instant('Password changed!'));
|
this.vnApp.showSuccess(this.$translate.instant('Password changed!'));
|
||||||
this.$state.go('login');
|
this.$state.go('login');
|
||||||
|
|
|
@ -170,5 +170,6 @@
|
||||||
"comercialName": "Comercial",
|
"comercialName": "Comercial",
|
||||||
"Added observation": "Added observation",
|
"Added observation": "Added observation",
|
||||||
"Comment added to client": "Comment added to client",
|
"Comment added to client": "Comment added to client",
|
||||||
"This ticket is already a refund": "This ticket is already a refund"
|
"This ticket is already a refund": "This ticket is already a refund",
|
||||||
|
"Pass expired": "The password has expired, change it from Salix"
|
||||||
}
|
}
|
|
@ -289,5 +289,6 @@
|
||||||
"hasToInvoice": "Facturar",
|
"hasToInvoice": "Facturar",
|
||||||
"isTaxDataChecked": "Datos comprobados",
|
"isTaxDataChecked": "Datos comprobados",
|
||||||
"comercialId": "Id comercial",
|
"comercialId": "Id comercial",
|
||||||
"comercialName": "Comercial"
|
"comercialName": "Comercial",
|
||||||
|
"Pass expired": "La contraseña ha caducado, cambiela desde Salix"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue