verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 63 Releases Wiki Activity

feat(salix): refs #6427 recoveryPhone security
gitea/salix/pipeline/pr-dev There was a failure building this commit Details

This commit is contained in:
Javier Segarra 2024-05-23 15:35:15 +02:00
parent 0f201c36de
commit 4d40d825a2
4 changed files with 9 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
back/methods/vn-user/update-user.js
View File

@ -20,6 +20,10 @@ module.exports = Self => {
arg: 'email', arg: 'email',
type: 'string', type: 'string',
description: 'The user email' description: 'The user email'
}, {
arg: 'recoveryPhone',
type: 'string',
description: 'The user email'
}, { }, {
arg: 'lang', arg: 'lang',
type: 'string', type: 'string',
@ -32,8 +36,8 @@ module.exports = Self => {
} }
}); });
Self.updateUser = async(ctx, id, name, nickname, email, lang) => { Self.updateUser = async(ctx, id, name, nickname, email, recoveryPhone, lang) => {
await Self.userSecurity(ctx, id); await Self.userSecurity(ctx, id);
await Self.upsertWithWhere({id}, {name, nickname, email, lang}); await Self.upsertWithWhere({id}, {name, nickname, email, recoveryPhone, lang});
}; };
}; };

2
back/models/vn-user.js
View File

@ -232,6 +232,8 @@ module.exports = function(Self) {
const user = await models.VnUser.findById(userId, {fields: ['id', 'emailVerified']}, myOptions); const user = await models.VnUser.findById(userId, {fields: ['id', 'emailVerified']}, myOptions);
if (!user.emailVerified && hasMediumPrivileges) return; if (!user.emailVerified && hasMediumPrivileges) return;
if (ctx.args.recoveryPhone) throw new ForbiddenError();
throw new ForbiddenError(); throw new ForbiddenError();
}; };

9
loopback/locale/es.json
View File

@ -359,12 +359,5 @@
"It was not able to create the invoice": "No se pudo crear la factura", "It was not able to create the invoice": "No se pudo crear la factura",
"ticketCommercial": "El ticket {{ ticket }} para el vendedor {{ salesMan }} está en preparación. (mensaje generado automáticamente)", "ticketCommercial": "El ticket {{ ticket }} para el vendedor {{ salesMan }} está en preparación. (mensaje generado automáticamente)",
"This PDA is already assigned to another user": "Este PDA ya está asignado a otro usuario", "This PDA is already assigned to another user": "Este PDA ya está asignado a otro usuario",
"You can only have one PDA": "Solo puedes tener un PDA", "You can only have one PDA": "Solo puedes tener un PDA"
"Phone not valid": "Teléfono no es válido",
"User not valid": "Usuario no válido",
"Credentials not valid": "Credenciales no válidas",
"This worker cant be modified": "This worker cant be modified",
"Phone can't be updated": "Phone can't be updated",
"ReferenceError: models is not defined": "ReferenceError: models is not defined"
} }

19
modules/worker/back/models/worker.js
View File

@ -1,4 +1,3 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
const validateTin = require('vn-loopback/util/validateTin'); const validateTin = require('vn-loopback/util/validateTin');
require('../methods/worker/filter')(Self); require('../methods/worker/filter')(Self);
@ -39,22 +38,4 @@ module.exports = Self => {
err(); err();
done(); done();
} }
Self.observe('before save', async function(ctx, next) {
if (ctx.isNewInstance) return;
const instanceId = ctx.currentInstance.id;
const userId = ctx.options.accessToken.userId;
const isOwner = instanceId === userId;
const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
if (!isOwner) {
if (phoneHasChanged) {
const {recoveryPhone} = ctx.data.user;
const {id} = ctx.currentInstance;
await Self.app.models.VnUser.updateAll({id}, {recoveryPhone});
ctx.data.code = ctx.currentInstance.code;
}
}
delete ctx.data.user;
});
}; };