diff --git a/loopback/locale/en.json b/loopback/locale/en.json index 2187371cd..39596467c 100644 --- a/loopback/locale/en.json +++ b/loopback/locale/en.json @@ -209,5 +209,6 @@ "You cannot update these fields": "You cannot update these fields", "CountryFK cannot be empty": "Country cannot be empty", "You are not allowed to modify the alias": "You are not allowed to modify the alias", - "You already have the mailAlias": "You already have the mailAlias" + "You already have the mailAlias": "You already have the mailAlias", + "The email has been already verified": "The email has been already verified" } diff --git a/loopback/locale/es.json b/loopback/locale/es.json index aea0c311c..d36348472 100644 --- a/loopback/locale/es.json +++ b/loopback/locale/es.json @@ -344,5 +344,6 @@ "CountryFK cannot be empty": "El país no puede estar vacío", "Cmr file does not exist": "El archivo del cmr no existe", "You are not allowed to modify the alias": "No estás autorizado a modificar el alias", - "No tickets to invoice": "No hay tickets para facturar" + "No tickets to invoice": "No hay tickets para facturar", + "The email has been already verified": "El correo ya ha sido verificado" } diff --git a/modules/account/back/models/account.js b/modules/account/back/models/account.js index 5021a5d94..7c97711d0 100644 --- a/modules/account/back/models/account.js +++ b/modules/account/back/models/account.js @@ -1,4 +1,7 @@ +const ForbiddenError = require('vn-loopback/util/forbiddenError'); +const {models} = require('vn-loopback/server/server'); + module.exports = Self => { require('../methods/account/sync')(Self); require('../methods/account/sync-by-id')(Self); @@ -7,4 +10,12 @@ module.exports = Self => { require('../methods/account/logout')(Self); require('../methods/account/change-password')(Self); require('../methods/account/set-password')(Self); + + Self.setUnverifiedPassword = async(id, pass, options) => { + const user = await models.VnUser.findById(id, null, options); + if (user.emailVerified) throw new ForbiddenError('The email has been already verified'); + + await models.VnUser.setPassword(id, pass, options); + await user.updateAttribute('emailVerified', true, options); + }; }; diff --git a/modules/worker/back/methods/worker/setPassword.js b/modules/worker/back/methods/worker/setPassword.js index 5571ea1d2..e6bdfb364 100644 --- a/modules/worker/back/methods/worker/setPassword.js +++ b/modules/worker/back/methods/worker/setPassword.js @@ -19,8 +19,7 @@ module.exports = Self => { verb: 'PATCH' } }); - Self.setPassword = async(ctx, workerId, newPass, options) => { - const userId = ctx.req.accessToken.userId; + Self.setPassword = async(ctx, id, newPass, options) => { const models = Self.app.models; const myOptions = {}; let tx; @@ -31,17 +30,11 @@ module.exports = Self => { tx = await Self.beginTransaction({}); myOptions.transaction = tx; } - try { - const isHimself = userId === workerId; - const isSubordinate = await Self.isSubordinate(ctx, workerId, myOptions); - const {emailVerified} = await models.VnUser.findById(workerId, {fields: ['emailVerified']}, myOptions); + const isSubordinate = await Self.isSubordinate(ctx, id, myOptions); + if (!isSubordinate) throw new UserError('You don\'t have enough privileges.'); - if (isHimself || (isSubordinate && !emailVerified)) { - await models.VnUser.setPassword(workerId, newPass, myOptions); - await models.VnUser.updateAll({id: workerId}, {emailVerified: true}, myOptions); - } else - throw new UserError('You don\'t have enough privileges.'); + await models.Account.setUnverifiedPassword(id, newPass, myOptions); if (tx) await tx.commit(); } catch (e) { diff --git a/modules/worker/back/methods/worker/specs/setPassword.spec.js b/modules/worker/back/methods/worker/specs/setPassword.spec.js index 0f0700561..d2daec103 100644 --- a/modules/worker/back/methods/worker/specs/setPassword.spec.js +++ b/modules/worker/back/methods/worker/specs/setPassword.spec.js @@ -42,23 +42,7 @@ describe('worker setPassword()', () => { await tx.rollback(); } catch (e) { - expect(e.message).toEqual(`You don't have enough privileges.`); - await tx.rollback(); - } - }); - - it('should change the password if it is himself', async() => { - const tx = await models.Worker.beginTransaction({}); - - try { - const options = {transaction: tx}; - await models.VnUser.updateAll({id: managerId}, {emailVerified: true}, options); - await models.Worker.setPassword(ctx, managerId, newPass, options); - const isNewPass = await passHasBeenChanged(managerId, newPass, options); - - expect(isNewPass).toBeTrue(); - await tx.rollback(); - } catch (e) { + expect(e.message).toEqual(`The email has been already verified`); await tx.rollback(); } }); diff --git a/modules/worker/front/descriptor/index.html b/modules/worker/front/descriptor/index.html index 67776ce47..73332efac 100644 --- a/modules/worker/front/descriptor/index.html +++ b/modules/worker/front/descriptor/index.html @@ -11,7 +11,7 @@ ? 'Click to allow the user to be disabled' : 'Click to exclude the user from getting disabled'}} - + Change password diff --git a/modules/worker/front/descriptor/index.js b/modules/worker/front/descriptor/index.js index 3cbeb2c55..d7962369c 100644 --- a/modules/worker/front/descriptor/index.js +++ b/modules/worker/front/descriptor/index.js @@ -5,9 +5,6 @@ class Controller extends Descriptor { constructor($element, $, $rootScope) { super($element, $); this.$rootScope = $rootScope; - - this.$http.get(`UserConfigs/getUserConfig`) - .then(res => this.userFk = res.data.userFk); } get worker() { @@ -93,11 +90,11 @@ class Controller extends Descriptor { `Workers/${this.entity.id}/setPassword`, {newPass: this.newPassword} ) .then(() => { this.vnApp.showSuccess(this.$translate.instant('Password changed!')); - }); + }).then(() => this.loadData()); } } -Controller.$inject = ['$element', '$scope', '$rootScope']; +Controller.$inject = ['$element', '$scope', '$rootScope', 'vnConfig']; ngModule.vnComponent('vnWorkerDescriptor', { template: require('./index.html'),