Merge pull request '4185-secure_client_pass_changes' (#1004) from 4185-secure_client_pass_changes into dev
gitea/salix/pipeline/head This commit looks good
Details
gitea/salix/pipeline/head This commit looks good
Details
Reviewed-on: #1004 Reviewed-by: Joan Sanchez <joan@verdnatura.es>
This commit is contained in:
commit
4374fc6f0f
|
@ -1,16 +1,15 @@
|
||||||
|
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
Self.remoteMethod('setPassword', {
|
Self.remoteMethod('setPassword', {
|
||||||
description: 'Sets the user password',
|
description: 'Sets the user password',
|
||||||
accepts: [
|
accepts: [
|
||||||
{
|
{
|
||||||
arg: 'id',
|
arg: 'id',
|
||||||
type: 'Number',
|
type: 'number',
|
||||||
description: 'The user id',
|
description: 'The user id',
|
||||||
http: {source: 'path'}
|
http: {source: 'path'}
|
||||||
}, {
|
}, {
|
||||||
arg: 'newPassword',
|
arg: 'newPassword',
|
||||||
type: 'String',
|
type: 'string',
|
||||||
description: 'The new password',
|
description: 'The new password',
|
||||||
required: true
|
required: true
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
INSERT INTO `salix`.`ACL` (model,property,accessType,permission,principalType,principalId)
|
||||||
|
VALUES
|
||||||
|
('Client','setPassword','WRITE','ALLOW','ROLE','salesPerson'),
|
||||||
|
('Client','updateUser','WRITE','ALLOW','ROLE','salesPerson');
|
|
@ -2,6 +2,7 @@ import selectors from '../../helpers/selectors';
|
||||||
import getBrowser from '../../helpers/puppeteer';
|
import getBrowser from '../../helpers/puppeteer';
|
||||||
|
|
||||||
describe('Client Edit web access path', () => {
|
describe('Client Edit web access path', () => {
|
||||||
|
pending('#4170 e2e account descriptor');
|
||||||
let browser;
|
let browser;
|
||||||
let page;
|
let page;
|
||||||
beforeAll(async() => {
|
beforeAll(async() => {
|
||||||
|
|
|
@ -123,5 +123,6 @@
|
||||||
"The worker has hours recorded that day": "The worker has hours recorded that day",
|
"The worker has hours recorded that day": "The worker has hours recorded that day",
|
||||||
"isWithoutNegatives": "isWithoutNegatives",
|
"isWithoutNegatives": "isWithoutNegatives",
|
||||||
"routeFk": "routeFk",
|
"routeFk": "routeFk",
|
||||||
"Not enough privileges to edit a client with verified data": "Not enough privileges to edit a client with verified data"
|
"Not enough privileges to edit a client with verified data": "Not enough privileges to edit a client with verified data",
|
||||||
|
"Can't change the password of another worker": "Can't change the password of another worker"
|
||||||
}
|
}
|
|
@ -226,5 +226,6 @@
|
||||||
"reference duplicated": "Referencia duplicada",
|
"reference duplicated": "Referencia duplicada",
|
||||||
"This ticket is already a refund": "Este ticket ya es un abono",
|
"This ticket is already a refund": "Este ticket ya es un abono",
|
||||||
"isWithoutNegatives": "isWithoutNegatives",
|
"isWithoutNegatives": "isWithoutNegatives",
|
||||||
"routeFk": "routeFk"
|
"routeFk": "routeFk",
|
||||||
|
"Can't change the password of another worker": "No se puede cambiar la contraseña de otro trabajador"
|
||||||
}
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
module.exports = Self => {
|
||||||
|
Self.remoteMethod('setPassword', {
|
||||||
|
description: 'Sets the password of a non-worker client',
|
||||||
|
accepts: [
|
||||||
|
{
|
||||||
|
arg: 'id',
|
||||||
|
type: 'number',
|
||||||
|
description: 'The user id',
|
||||||
|
http: {source: 'path'}
|
||||||
|
}, {
|
||||||
|
arg: 'newPassword',
|
||||||
|
type: 'string',
|
||||||
|
description: 'The new password',
|
||||||
|
required: true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
http: {
|
||||||
|
path: `/:id/setPassword`,
|
||||||
|
verb: 'PATCH'
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
Self.setPassword = async function(id, newPassword) {
|
||||||
|
const models = Self.app.models;
|
||||||
|
|
||||||
|
const isWorker = await models.Worker.findById(id);
|
||||||
|
if (isWorker)
|
||||||
|
throw new Error(`Can't change the password of another worker`);
|
||||||
|
|
||||||
|
await models.Account.setPassword(id, newPassword);
|
||||||
|
};
|
||||||
|
};
|
|
@ -0,0 +1,27 @@
|
||||||
|
const models = require('vn-loopback/server/server').models;
|
||||||
|
|
||||||
|
describe('Client setPassword', () => {
|
||||||
|
it('should throw an error the setPassword target is not just a client but a worker', async() => {
|
||||||
|
let error;
|
||||||
|
|
||||||
|
try {
|
||||||
|
await models.Client.setPassword(1106, 'newPass?');
|
||||||
|
} catch (e) {
|
||||||
|
error = e;
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(error.message).toEqual(`Can't change the password of another worker`);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should change the password of the client', async() => {
|
||||||
|
let error;
|
||||||
|
|
||||||
|
try {
|
||||||
|
await models.Client.setPassword(1101, 't0pl3v3l.p455w0rd!');
|
||||||
|
} catch (e) {
|
||||||
|
error = e;
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(error).toBeUndefined();
|
||||||
|
});
|
||||||
|
});
|
|
@ -0,0 +1,58 @@
|
||||||
|
const models = require('vn-loopback/server/server').models;
|
||||||
|
const LoopBackContext = require('loopback-context');
|
||||||
|
describe('Client updateUser', () => {
|
||||||
|
const employeeId = 1;
|
||||||
|
const activeCtx = {
|
||||||
|
accessToken: {userId: employeeId},
|
||||||
|
http: {
|
||||||
|
req: {
|
||||||
|
headers: {origin: 'http://localhost'}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
const ctx = {
|
||||||
|
req: {accessToken: {userId: employeeId}},
|
||||||
|
args: {name: 'test', active: true}
|
||||||
|
};
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
spyOn(LoopBackContext, 'getCurrentContext').and.returnValue({
|
||||||
|
active: activeCtx
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should throw an error the target user is not just a client but a worker', async() => {
|
||||||
|
let error;
|
||||||
|
try {
|
||||||
|
const clientID = 1106;
|
||||||
|
await models.Client.updateUser(ctx, clientID);
|
||||||
|
} catch (e) {
|
||||||
|
error = e;
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(error.message).toEqual(`Can't update the user details of another worker`);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should update the user data', async() => {
|
||||||
|
let error;
|
||||||
|
|
||||||
|
const tx = await models.Client.beginTransaction({});
|
||||||
|
|
||||||
|
try {
|
||||||
|
const options = {transaction: tx};
|
||||||
|
|
||||||
|
const clientID = 1105;
|
||||||
|
await models.Client.updateUser(ctx, clientID, options);
|
||||||
|
const client = await models.Account.findById(clientID, null, options);
|
||||||
|
|
||||||
|
expect(client.name).toEqual('test');
|
||||||
|
|
||||||
|
await tx.rollback();
|
||||||
|
} catch (e) {
|
||||||
|
await tx.rollback();
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(error).toBeUndefined();
|
||||||
|
});
|
||||||
|
});
|
|
@ -0,0 +1,56 @@
|
||||||
|
module.exports = Self => {
|
||||||
|
Self.remoteMethodCtx('updateUser', {
|
||||||
|
description: 'Updates the user information',
|
||||||
|
accepts: [
|
||||||
|
{
|
||||||
|
arg: 'id',
|
||||||
|
type: 'number',
|
||||||
|
description: 'The user id',
|
||||||
|
http: {source: 'path'}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
arg: 'name',
|
||||||
|
type: 'string',
|
||||||
|
description: 'the user name'
|
||||||
|
},
|
||||||
|
{
|
||||||
|
arg: 'active',
|
||||||
|
type: 'boolean',
|
||||||
|
description: 'whether the user is active or not'
|
||||||
|
},
|
||||||
|
],
|
||||||
|
http: {
|
||||||
|
path: '/:id/updateUser',
|
||||||
|
verb: 'PATCH'
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
Self.updateUser = async function(ctx, id, options) {
|
||||||
|
const models = Self.app.models;
|
||||||
|
let tx;
|
||||||
|
const myOptions = {};
|
||||||
|
|
||||||
|
if (typeof options == 'object')
|
||||||
|
Object.assign(myOptions, options);
|
||||||
|
|
||||||
|
if (!myOptions.transaction) {
|
||||||
|
tx = await models.Account.beginTransaction({});
|
||||||
|
myOptions.transaction = tx;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
const isWorker = await models.Worker.findById(id, null, myOptions);
|
||||||
|
if (isWorker)
|
||||||
|
throw new Error(`Can't update the user details of another worker`);
|
||||||
|
|
||||||
|
const user = await models.Account.findById(id, null, myOptions);
|
||||||
|
|
||||||
|
await user.updateAttributes(ctx.args, myOptions);
|
||||||
|
|
||||||
|
if (tx) await tx.commit();
|
||||||
|
} catch (e) {
|
||||||
|
if (tx) await tx.rollback();
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
};
|
|
@ -8,30 +8,32 @@ const LoopBackContext = require('loopback-context');
|
||||||
|
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
// Methods
|
// Methods
|
||||||
require('../methods/client/getCard')(Self);
|
|
||||||
require('../methods/client/createWithUser')(Self);
|
|
||||||
require('../methods/client/hasCustomerRole')(Self);
|
|
||||||
require('../methods/client/canCreateTicket')(Self);
|
|
||||||
require('../methods/client/isValidClient')(Self);
|
|
||||||
require('../methods/client/addressesPropagateRe')(Self);
|
require('../methods/client/addressesPropagateRe')(Self);
|
||||||
|
require('../methods/client/canBeInvoiced')(Self);
|
||||||
|
require('../methods/client/canCreateTicket')(Self);
|
||||||
|
require('../methods/client/checkDuplicated')(Self);
|
||||||
|
require('../methods/client/confirmTransaction')(Self);
|
||||||
|
require('../methods/client/consumption')(Self);
|
||||||
|
require('../methods/client/createAddress')(Self);
|
||||||
|
require('../methods/client/createReceipt')(Self);
|
||||||
|
require('../methods/client/createWithUser')(Self);
|
||||||
|
require('../methods/client/extendedListFilter')(Self);
|
||||||
|
require('../methods/client/getAverageInvoiced')(Self);
|
||||||
|
require('../methods/client/getCard')(Self);
|
||||||
require('../methods/client/getDebt')(Self);
|
require('../methods/client/getDebt')(Self);
|
||||||
require('../methods/client/getMana')(Self);
|
require('../methods/client/getMana')(Self);
|
||||||
require('../methods/client/getAverageInvoiced')(Self);
|
|
||||||
require('../methods/client/summary')(Self);
|
|
||||||
require('../methods/client/updateFiscalData')(Self);
|
|
||||||
require('../methods/client/getTransactions')(Self);
|
require('../methods/client/getTransactions')(Self);
|
||||||
require('../methods/client/confirmTransaction')(Self);
|
require('../methods/client/hasCustomerRole')(Self);
|
||||||
require('../methods/client/canBeInvoiced')(Self);
|
require('../methods/client/isValidClient')(Self);
|
||||||
require('../methods/client/uploadFile')(Self);
|
|
||||||
require('../methods/client/lastActiveTickets')(Self);
|
require('../methods/client/lastActiveTickets')(Self);
|
||||||
require('../methods/client/sendSms')(Self);
|
require('../methods/client/sendSms')(Self);
|
||||||
require('../methods/client/createAddress')(Self);
|
require('../methods/client/setPassword')(Self);
|
||||||
|
require('../methods/client/summary')(Self);
|
||||||
require('../methods/client/updateAddress')(Self);
|
require('../methods/client/updateAddress')(Self);
|
||||||
require('../methods/client/consumption')(Self);
|
require('../methods/client/updateFiscalData')(Self);
|
||||||
require('../methods/client/createReceipt')(Self);
|
|
||||||
require('../methods/client/updatePortfolio')(Self);
|
require('../methods/client/updatePortfolio')(Self);
|
||||||
require('../methods/client/checkDuplicated')(Self);
|
require('../methods/client/updateUser')(Self);
|
||||||
require('../methods/client/extendedListFilter')(Self);
|
require('../methods/client/uploadFile')(Self);
|
||||||
|
|
||||||
// Validations
|
// Validations
|
||||||
|
|
||||||
|
@ -446,7 +448,7 @@ module.exports = Self => {
|
||||||
|
|
||||||
const app = require('vn-loopback/server/server');
|
const app = require('vn-loopback/server/server');
|
||||||
app.on('started', function() {
|
app.on('started', function() {
|
||||||
let account = app.models.Account;
|
const account = app.models.Account;
|
||||||
|
|
||||||
account.observe('before save', async ctx => {
|
account.observe('before save', async ctx => {
|
||||||
if (ctx.isNewInstance) return;
|
if (ctx.isNewInstance) return;
|
||||||
|
@ -456,20 +458,24 @@ module.exports = Self => {
|
||||||
account.observe('after save', async ctx => {
|
account.observe('after save', async ctx => {
|
||||||
let changes = ctx.data || ctx.instance;
|
let changes = ctx.data || ctx.instance;
|
||||||
if (!ctx.isNewInstance && changes) {
|
if (!ctx.isNewInstance && changes) {
|
||||||
let oldData = ctx.hookState.oldInstance;
|
const oldData = ctx.hookState.oldInstance;
|
||||||
let hasChanges = oldData.name != changes.name || oldData.active != changes.active;
|
const hasChanges = oldData.name != changes.name || oldData.active != changes.active;
|
||||||
if (!hasChanges) return;
|
if (!hasChanges) return;
|
||||||
|
|
||||||
let userId = ctx.options.accessToken.userId;
|
const isClient = await Self.app.models.Client.count({id: oldData.id});
|
||||||
let logRecord = {
|
if (isClient) {
|
||||||
originFk: oldData.id,
|
const loopBackContext = LoopBackContext.getCurrentContext();
|
||||||
userFk: userId,
|
const userId = loopBackContext.active.accessToken.userId;
|
||||||
action: 'update',
|
const logRecord = {
|
||||||
changedModel: 'Account',
|
originFk: oldData.id,
|
||||||
oldInstance: {name: oldData.name, active: oldData.active},
|
userFk: userId,
|
||||||
newInstance: {name: changes.name, active: changes.active}
|
action: 'update',
|
||||||
};
|
changedModel: 'Account',
|
||||||
await Self.app.models.ClientLog.create(logRecord);
|
oldInstance: {name: oldData.name, active: oldData.active},
|
||||||
|
newInstance: {name: changes.name, active: changes.active}
|
||||||
|
};
|
||||||
|
await Self.app.models.ClientLog.create(logRecord);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
<vn-watcher
|
<vn-watcher
|
||||||
vn-id="watcher"
|
vn-id="watcher"
|
||||||
url="Accounts"
|
url="Accounts"
|
||||||
id-field="id"
|
id-field="id"
|
||||||
data="$ctrl.account"
|
data="$ctrl.account"
|
||||||
form="form">
|
form="form">
|
||||||
</vn-watcher>
|
</vn-watcher>
|
||||||
<form name="form" ng-submit="watcher.submit()" class="vn-w-md">
|
<form name="form" ng-submit="$ctrl.onSubmit()" class="vn-w-md">
|
||||||
<vn-card class="vn-pa-lg">
|
<vn-card class="vn-pa-lg">
|
||||||
<vn-horizontal>
|
<vn-horizontal>
|
||||||
<vn-check
|
<vn-check
|
||||||
|
|
|
@ -44,11 +44,11 @@ export default class Controller extends Section {
|
||||||
throw new Error(`You must enter a new password`);
|
throw new Error(`You must enter a new password`);
|
||||||
if (this.newPassword != this.repeatPassword)
|
if (this.newPassword != this.repeatPassword)
|
||||||
throw new Error(`Passwords don't match`);
|
throw new Error(`Passwords don't match`);
|
||||||
let account = {
|
const data = {
|
||||||
password: this.newPassword
|
newPassword: this.newPassword
|
||||||
};
|
};
|
||||||
|
|
||||||
this.$http.patch(`Accounts/${this.client.id}`, account).then(res => {
|
this.$http.patch(`Clients/${this.client.id}/setPassword`, data).then(() => {
|
||||||
this.vnApp.showSuccess(this.$t('Data saved!'));
|
this.vnApp.showSuccess(this.$t('Data saved!'));
|
||||||
});
|
});
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
@ -59,6 +59,17 @@ export default class Controller extends Section {
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
onSubmit() {
|
||||||
|
const data = {
|
||||||
|
name: this.account.name,
|
||||||
|
active: this.account.active
|
||||||
|
};
|
||||||
|
this.$http.patch(`Clients/${this.client.id}/updateUser`, data).then(() => {
|
||||||
|
this.$.watcher.notifySaved();
|
||||||
|
this.$.watcher.updateOriginalData();
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Controller.$inject = ['$element', '$scope'];
|
Controller.$inject = ['$element', '$scope'];
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ describe('Component VnClientWebAccess', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('checkConditions()', () => {
|
describe('checkConditions()', () => {
|
||||||
it(`should perform a query to check if the client is valid and then store a boolean into the controller`, () => {
|
it('should perform a query to check if the client is valid', () => {
|
||||||
controller.client = {id: '1234'};
|
controller.client = {id: '1234'};
|
||||||
|
|
||||||
expect(controller.canEnableCheckBox).toBeTruthy();
|
expect(controller.canEnableCheckBox).toBeTruthy();
|
||||||
|
@ -82,7 +82,9 @@ describe('Component VnClientWebAccess', () => {
|
||||||
controller.newPassword = 'm24x8';
|
controller.newPassword = 'm24x8';
|
||||||
controller.repeatPassword = 'm24x8';
|
controller.repeatPassword = 'm24x8';
|
||||||
controller.canChangePassword = true;
|
controller.canChangePassword = true;
|
||||||
$httpBackend.expectPATCH('Accounts/1234', {password: 'm24x8'}).respond('done');
|
|
||||||
|
const query = `Clients/${controller.client.id}/setPassword`;
|
||||||
|
$httpBackend.expectPATCH(query, {newPassword: controller.newPassword}).respond('done');
|
||||||
controller.onPassChange();
|
controller.onPassChange();
|
||||||
$httpBackend.flush();
|
$httpBackend.flush();
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue