Merge pull request '5472-user_passExpired' (!1594) from 5472-user_passExpired into dev
gitea/salix/pipeline/head This commit looks good Details

Reviewed-on: #1594
Reviewed-by: Juan Ferrer <juan@verdnatura.es>
This commit is contained in:
Alex Moreno 2023-06-12 10:38:24 +00:00
commit 80f6c72fee
34 changed files with 470 additions and 172 deletions

View File

@ -24,6 +24,7 @@ module.exports = Self => {
fields: ['email'], fields: ['email'],
where: {name: user} where: {name: user}
}); });
if (!account) return;
user = account.email; user = account.email;
} }

View File

@ -27,33 +27,47 @@ module.exports = Self => {
}); });
Self.signIn = async function(user, password) { Self.signIn = async function(user, password) {
let models = Self.app.models; const models = Self.app.models;
const usesEmail = user.indexOf('@') !== -1;
let token; let token;
let usesEmail = user.indexOf('@') !== -1;
let userInfo = usesEmail const userInfo = usesEmail
? {email: user} ? {email: user}
: {username: user}; : {username: user};
let instance = await Self.findOne({ const instance = await Self.findOne({
fields: ['username', 'password'], fields: ['username', 'password'],
where: userInfo where: userInfo
}); });
let where = usesEmail const where = usesEmail
? {email: user} ? {email: user}
: {name: user}; : {name: user};
let vnUser = await Self.findOne({ const vnUser = await Self.findOne({
fields: ['active'], fields: ['id', 'active', 'passExpired'],
where where
}); });
let validCredentials = instance const today = Date.vnNew();
today.setHours(0, 0, 0, 0);
const validCredentials = instance
&& await instance.hasPassword(password); && await instance.hasPassword(password);
if (validCredentials) { if (validCredentials) {
if (!vnUser.active) if (!vnUser.active)
throw new UserError('User disabled'); throw new UserError('User disabled');
if (vnUser.passExpired && vnUser.passExpired.getTime() <= today.getTime()) {
const changePasswordToken = await models.AccessToken.create({
scopes: ['change-password'],
userId: vnUser.id
});
throw new UserError('Pass expired', 'passExpired', {
id: vnUser.id,
token: changePasswordToken.id
});
}
try { try {
await models.Account.sync(instance.username, password); await models.Account.sync(instance.username, password);
} catch (err) { } catch (err) {

View File

@ -107,4 +107,81 @@ module.exports = function(Self) {
return email.send(); return email.send();
}); });
const _setPassword = Self.prototype.setPassword;
Self.prototype.setPassword = async function(newPassword, options, cb) {
if (cb === undefined && typeof options === 'function') {
cb = options;
options = undefined;
}
const myOptions = {};
let tx;
if (typeof options == 'object')
Object.assign(myOptions, options);
if (!myOptions.transaction) {
tx = await Self.beginTransaction({});
myOptions.transaction = tx;
}
options = myOptions;
try {
await Self.rawSql(`CALL account.user_checkPassword(?)`, [newPassword], options);
await _setPassword.call(this, newPassword, options);
await this.updateAttribute('passExpired', null, options);
await Self.app.models.Account.sync(this.name, newPassword, null, options);
tx && await tx.commit();
cb && cb();
} catch (err) {
tx && await tx.rollback();
if (cb) cb(err); else throw err;
}
};
Self.sharedClass._methods.find(method => method.name == 'changePassword')
.accessScopes = ['change-password'];
// FIXME: https://redmine.verdnatura.es/issues/5761
// Self.afterRemote('prototype.patchAttributes', async(ctx, instance) => {
// if (!ctx.args || !ctx.args.data.email) return;
// const loopBackContext = LoopBackContext.getCurrentContext();
// const httpCtx = {req: loopBackContext.active};
// const httpRequest = httpCtx.req.http.req;
// const headers = httpRequest.headers;
// const origin = headers.origin;
// const url = origin.split(':');
// class Mailer {
// async send(verifyOptions, cb) {
// const params = {
// url: verifyOptions.verifyHref,
// recipient: verifyOptions.to,
// lang: ctx.req.getLocale()
// };
// const email = new Email('email-verify', params);
// email.send();
// cb(null, verifyOptions.to);
// }
// }
// const options = {
// type: 'email',
// to: instance.email,
// from: {},
// redirect: `${origin}/#!/account/${instance.id}/basic-data?emailConfirmed`,
// template: false,
// mailer: new Mailer,
// host: url[1].split('/')[2],
// port: url[2],
// protocol: url[0],
// user: Self
// };
// await instance.verify(options);
// });
}; };

View File

@ -25,10 +25,7 @@
}, },
"password": { "password": {
"type": "string", "type": "string",
"required": true, "required": true
"mysql": {
"columnName": "bcryptPassword"
}
}, },
"roleFk": { "roleFk": {
"type": "number", "type": "number",
@ -42,9 +39,6 @@
"lang": { "lang": {
"type": "string" "type": "string"
}, },
"bcryptPassword": {
"type": "string"
},
"active": { "active": {
"type": "boolean" "type": "boolean"
}, },
@ -62,6 +56,9 @@
}, },
"hasGrant": { "hasGrant": {
"type": "boolean" "type": "boolean"
},
"passExpired": {
"type": "date"
} }
}, },
"relations": { "relations": {

View File

@ -0,0 +1,76 @@
ALTER TABLE `account`.`user` ADD passExpired DATE DEFAULT NULL;
DROP PROCEDURE `account`.`myUser_changePassword`;
DROP PROCEDURE `account`.`myUser_restorePassword`;
DROP PROCEDURE `account`.`user_changePassword`;
DROP PROCEDURE `account`.`user_restorePassword`;
DROP PROCEDURE `account`.`user_setPassword`;
ALTER TABLE account.`user` CHANGE password password__ char(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL COMMENT 'Deprecated';
ALTER TABLE account.`user` CHANGE bcryptPassword password varchar(512) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci DEFAULT NULL NULL;
DELIMITER $$
$$
CREATE OR REPLACE DEFINER=`root`@`localhost` TRIGGER `account`.`user_beforeUpdate`
BEFORE UPDATE ON `user`
FOR EACH ROW
BEGIN
SET NEW.editorFk = account.myUser_getId();
IF !(NEW.`name` <=> OLD.`name`) THEN
CALL user_checkName (NEW.`name`);
END IF;
IF !(NEW.`password` <=> OLD.`password`) THEN
SET NEW.lastPassChange = util.VN_NOW();
END IF;
END$$
DELIMITER ;
CREATE OR REPLACE DEFINER=`root`@`localhost`
SQL SECURITY DEFINER
VIEW `account`.`accountDovecot` AS
select
`u`.`name` AS `name`,
`u`.`password` AS `password`
from
(`account`.`user` `u`
join `account`.`account` `a` on
(`a`.`id` = `u`.`id`))
where
`u`.`active` <> 0;
CREATE OR REPLACE DEFINER=`root`@`localhost`
SQL SECURITY DEFINER
VIEW `salix`.`User` AS
select
`account`.`user`.`id` AS `id`,
`account`.`user`.`realm` AS `realm`,
`account`.`user`.`name` AS `username`,
`account`.`user`.`password` AS `password`,
`account`.`user`.`email` AS `email`,
`account`.`user`.`emailVerified` AS `emailVerified`,
`account`.`user`.`verificationToken` AS `verificationToken`
from
`account`.`user`;
CREATE OR REPLACE DEFINER=`root`@`localhost`
SQL SECURITY DEFINER
VIEW `vn`.`workerTimeControlUserInfo` AS
select
`u`.`id` AS `userFk`,
`w`.`firstName` AS `name`,
`w`.`lastName` AS `surname`,
`u`.`name` AS `user`,
`u`.`password` AS `password`,
`wd`.`departmentFk` AS `departmentFk`,
left(`c`.`fi`,
8) AS `dni`
from
(((`account`.`user` `u`
join `vn`.`worker` `w` on
(`w`.`userFk` = `u`.`id`))
join `vn`.`client` `c` on
(`c`.`id` = `u`.`id`))
left join `vn`.`workerDepartment` `wd` on
(`wd`.`workerFk` = `w`.`id`));

View File

@ -71,8 +71,8 @@ INSERT INTO `account`.`roleConfig`(`id`, `mysqlPassword`, `rolePrefix`, `userPre
CALL `account`.`role_sync`; CALL `account`.`role_sync`;
INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `password`,`role`,`active`,`email`, `lang`, `image`, `bcryptPassword`) INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `role`,`active`,`email`, `lang`, `image`, `password`)
SELECT id, name, CONCAT(name, 'Nick'),MD5('nightmare'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2' SELECT id, name, CONCAT(name, 'Nick'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2'
FROM `account`.`role` WHERE id <> 20 FROM `account`.`role` WHERE id <> 20
ORDER BY id; ORDER BY id;
@ -98,20 +98,24 @@ INSERT INTO `hedera`.`tpvConfig`(`id`, `currency`, `terminal`, `transactionType`
VALUES VALUES
(1, 978, 1, 0, 2000, 9, 0); (1, 978, 1, 0, 2000, 9, 0);
INSERT INTO `account`.`user`(`id`,`name`,`nickname`, `bcryptPassword`, `password`,`role`,`active`,`email`,`lang`, `image`) INSERT INTO `account`.`user`(`id`,`name`,`nickname`, `password`,`role`,`active`,`email`,`lang`, `image`)
VALUES VALUES
(1101, 'BruceWayne', 'Bruce Wayne', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 1, 'BruceWayne@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'), (1101, 'BruceWayne', 'Bruce Wayne', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'BruceWayne@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1102, 'PetterParker', 'Petter Parker', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 1, 'PetterParker@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), (1102, 'PetterParker', 'Petter Parker', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'PetterParker@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1103, 'ClarkKent', 'Clark Kent', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 1, 'ClarkKent@mydomain.com', 'fr', 'e7723f0b24ff05b32ed09d95196f2f29'), (1103, 'ClarkKent', 'Clark Kent', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'ClarkKent@mydomain.com', 'fr', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1104, 'TonyStark', 'Tony Stark', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 1, 'TonyStark@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'), (1104, 'TonyStark', 'Tony Stark', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'TonyStark@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1105, 'MaxEisenhardt', 'Max Eisenhardt', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 1, 'MaxEisenhardt@mydomain.com', 'pt', 'e7723f0b24ff05b32ed09d95196f2f29'), (1105, 'MaxEisenhardt', 'Max Eisenhardt', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'MaxEisenhardt@mydomain.com', 'pt', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1106, 'DavidCharlesHaller', 'David Charles Haller', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 1, 1, 'DavidCharlesHaller@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), (1106, 'DavidCharlesHaller', 'David Charles Haller', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'DavidCharlesHaller@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1107, 'HankPym', 'Hank Pym', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 1, 1, 'HankPym@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), (1107, 'HankPym', 'Hank Pym', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'HankPym@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1108, 'CharlesXavier', 'Charles Xavier', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 1, 1, 'CharlesXavier@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), (1108, 'CharlesXavier', 'Charles Xavier', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'CharlesXavier@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1109, 'BruceBanner', 'Bruce Banner', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 1, 1, 'BruceBanner@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), (1109, 'BruceBanner', 'Bruce Banner', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'BruceBanner@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'),
(1110, 'JessicaJones', 'Jessica Jones', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 1, 1, 'JessicaJones@mydomain.com', 'en', NULL), (1110, 'JessicaJones', 'Jessica Jones', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'JessicaJones@mydomain.com', 'en', NULL),
(1111, 'Missing', 'Missing', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 0, NULL, 'en', NULL), (1111, 'Missing', 'Missing', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 0, NULL, 'en', NULL),
(1112, 'Trash', 'Trash', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 0, NULL, 'en', NULL); (1112, 'Trash', 'Trash', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 0, NULL, 'en', NULL);
UPDATE account.`user`
SET passExpired = DATE_SUB(util.VN_CURDATE(), INTERVAL 1 YEAR)
WHERE name = 'maintenance';
INSERT INTO `account`.`mailAlias`(`id`, `alias`, `description`, `isPublic`) INSERT INTO `account`.`mailAlias`(`id`, `alias`, `description`, `isPublic`)
VALUES VALUES

View File

@ -1,30 +1,19 @@
DROP FUNCTION IF EXISTS `util`.`mockTime`;
DELIMITER $$ DELIMITER $$
$$
CREATE DEFINER=`root`@`localhost` FUNCTION `util`.`mockTime`() RETURNS datetime CREATE OR REPLACE DEFINER=`root`@`localhost` FUNCTION `util`.`mockTime`() RETURNS datetime
DETERMINISTIC DETERMINISTIC
BEGIN BEGIN
RETURN CONVERT_TZ('@mockDate', 'utc', 'Europe/Madrid'); RETURN CONVERT_TZ('@mockDate', 'utc', 'Europe/Madrid');
END$$ END$$
DELIMITER ;
CREATE OR REPLACE DEFINER=`root`@`localhost` FUNCTION `util`.`mockUtcTime`() RETURNS datetime
DROP FUNCTION IF EXISTS `util`.`mockUtcTime`; DETERMINISTIC
BEGIN
DELIMITER $$ RETURN CONVERT_TZ('@mockDate', 'utc', 'Europe/Madrid');
$$ END$$
CREATE DEFINER=`root`@`localhost` FUNCTION `util`.`mockUtcTime`() RETURNS datetime
DETERMINISTIC CREATE OR REPLACE DEFINER=`root`@`localhost` FUNCTION `util`.`mockTimeBase`(vIsUtc BOOL) RETURNS datetime
BEGIN
RETURN CONVERT_TZ('@mockDate', 'utc', 'Europe/Madrid');
END$$
DELIMITER ;
DROP FUNCTION IF EXISTS `util`.`mockTimeBase`;
DELIMITER $$
$$
CREATE DEFINER=`root`@`localhost` FUNCTION `util`.`mockTimeBase`(vIsUtc BOOL) RETURNS datetime
DETERMINISTIC DETERMINISTIC
BEGIN BEGIN
RETURN CONVERT_TZ('@mockDate', 'utc', 'Europe/Madrid'); RETURN CONVERT_TZ('@mockDate', 'utc', 'Europe/Madrid');

View File

@ -0,0 +1,71 @@
import getBrowser from '../../helpers/puppeteer';
const $ = {
form: 'vn-out-layout form'
};
describe('ChangePassword path', async() => {
let browser;
let page;
beforeAll(async() => {
browser = await getBrowser();
page = browser.page;
});
afterAll(async() => {
await browser.close();
});
const oldPassword = 'nightmare';
const newPassword = 'newPass.1234';
describe('Bad login', async() => {
it('should receive an error when the password is expired', async() => {
// Expired login
await page.doLogin('Maintenance', oldPassword);
let message = await page.waitForSnackbar();
expect(message.text).toContain('The password has expired, change it from Salix');
expect(await page.getState()).toContain('change-password');
// Bad attempt: incorrect current password
message = await page.sendForm($.form, {
oldPassword: newPassword,
newPassword: oldPassword,
repeatPassword: oldPassword
});
expect(message.text).toContain('Invalid current password');
// Bad attempt: password not meet requirements
message = await page.sendForm($.form, {
oldPassword: oldPassword,
newPassword: oldPassword,
repeatPassword: oldPassword
});
expect(message.text).toContain('Password does not meet requirements');
// Correct attempt: change password
message = await page.sendForm($.form, {
oldPassword: oldPassword,
newPassword: newPassword,
repeatPassword: newPassword
});
expect(message.text).toContain('Password updated!');
expect(await page.getState()).toContain('login');
// Bad login, old password
await page.doLogin('Maintenance', oldPassword);
message = await page.waitForSnackbar();
expect(message.text).toContain('Invalid login');
// Correct login, new password
await page.doLogin('Maintenance', newPassword);
await page.waitForSelector('vn-home');
expect(await page.getState()).toBe('home');
});
});
});

View File

@ -24,7 +24,7 @@ export default class Auth {
initialize() { initialize() {
let criteria = { let criteria = {
to: state => { to: state => {
const outLayout = ['login', 'recover-password', 'reset-password']; const outLayout = ['login', 'recover-password', 'reset-password', 'change-password'];
return !outLayout.some(ol => ol == state.name); return !outLayout.some(ol => ol == state.name);
} }
}; };
@ -59,8 +59,8 @@ export default class Auth {
password: password || undefined password: password || undefined
}; };
return this.$http.post('VnUsers/signIn', params).then( return this.$http.post('VnUsers/signIn', params)
json => this.onLoginOk(json, remember)); .then(json => this.onLoginOk(json, remember));
} }
onLoginOk(json, remember) { onLoginOk(json, remember) {

View File

@ -0,0 +1,29 @@
<h5 class="vn-mb-md vn-mt-lg" translate>Change password</h5>
<vn-textfield
label="Old password"
ng-model="$ctrl.oldPassword"
vn-name="oldPassword"
type="password"
vn-focus>
</vn-textfield>
<vn-textfield
label="New password"
ng-model="$ctrl.newPassword"
vn-name="newPassword"
type="password"
info="{{'Password requirements' | translate:$ctrl.passRequirements}}"
autocomplete="false">
</vn-textfield>
<vn-textfield
label="Repeat password"
ng-model="$ctrl.repeatPassword"
vn-name="repeatPassword"
type="password"
autocomplete="false">
</vn-textfield>
<div class="footer">
<vn-submit label="Change password" ng-click="$ctrl.submit()"></vn-submit>
<div class="spinner-wrapper">
<vn-spinner enable="$ctrl.loading"></vn-spinner>
</div>
</div>

View File

@ -0,0 +1,63 @@
import ngModule from '../../module';
const UserError = require('vn-loopback/util/user-error');
export default class Controller {
constructor($scope, $element, $http, vnApp, $translate, $state, $location) {
Object.assign(this, {
$scope,
$element,
$http,
vnApp,
$translate,
$state,
$location
});
}
$onInit() {
if (!this.$state.params || !this.$state.params.id || !this.$state.params.token)
this.$state.go('login');
this.$http.get('UserPasswords/findOne')
.then(res => {
this.passRequirements = res.data;
});
}
submit() {
const id = this.$state.params.id;
const newPassword = this.newPassword;
const oldPassword = this.oldPassword;
if (!newPassword)
throw new UserError(`You must enter a new password`);
if (newPassword != this.repeatPassword)
throw new UserError(`Passwords don't match`);
const headers = {
Authorization: this.$state.params.token
};
this.$http.post('VnUsers/change-password',
{
id,
oldPassword,
newPassword
},
{headers}
).then(() => {
this.vnApp.showSuccess(this.$translate.instant('Password updated!'));
this.$state.go('login');
});
}
}
Controller.$inject = ['$scope', '$element', '$http', 'vnApp', '$translate', '$state', '$location'];
ngModule.vnComponent('vnChangePassword', {
template: require('./index.html'),
controller: Controller,
bindings: {
id: '<'
}
});

View File

@ -0,0 +1,4 @@
Password requirements: >
The password must have at least {{ length }} length characters,
{{nAlpha}} alphabetic characters, {{nUpper}} capital letters, {{nDigits}}
digits and {{nPunct}} symbols (Ex: $%&.)

View File

@ -0,0 +1,9 @@
Change password: Cambiar contraseña
Old password: Antigua contraseña
New password: Nueva contraseña
Repeat password: Repetir contraseña
Password updated!: ¡Contraseña actualizada!
Password requirements: >
La contraseña debe tener al menos {{ length }} caracteres de longitud,
{{nAlpha}} caracteres alfabéticos, {{nUpper}} letras mayúsculas, {{nDigits}}
dígitos y {{nPunct}} símbolos (Ej: $%&.)

View File

@ -9,6 +9,7 @@ import './login';
import './outLayout'; import './outLayout';
import './recover-password'; import './recover-password';
import './reset-password'; import './reset-password';
import './change-password';
import './module-card'; import './module-card';
import './module-main'; import './module-main';
import './side-menu/side-menu'; import './side-menu/side-menu';

View File

@ -5,10 +5,11 @@ import './style.scss';
* A simple login form. * A simple login form.
*/ */
export default class Controller { export default class Controller {
constructor($, $element, vnAuth) { constructor($, $element, $state, vnAuth) {
Object.assign(this, { Object.assign(this, {
$, $,
$element, $element,
$state,
vnAuth, vnAuth,
user: localStorage.getItem('lastUser'), user: localStorage.getItem('lastUser'),
remember: true remember: true
@ -22,11 +23,16 @@ export default class Controller {
localStorage.setItem('lastUser', this.user); localStorage.setItem('lastUser', this.user);
this.loading = false; this.loading = false;
}) })
.catch(err => { .catch(req => {
this.loading = false; this.loading = false;
this.password = ''; this.password = '';
this.focusUser(); this.focusUser();
throw err; if (req?.data?.error?.code == 'passExpired') {
const [args] = req.data.error.translateArgs;
this.$state.go('change-password', args);
}
throw req;
}); });
} }
@ -35,7 +41,7 @@ export default class Controller {
this.$.userField.focus(); this.$.userField.focus();
} }
} }
Controller.$inject = ['$scope', '$element', 'vnAuth']; Controller.$inject = ['$scope', '$element', '$state', 'vnAuth'];
ngModule.vnComponent('vnLogin', { ngModule.vnComponent('vnLogin', {
template: require('./index.html'), template: require('./index.html'),

View File

@ -64,4 +64,25 @@ vn-out-layout{
a{ a{
color: $color-primary; color: $color-primary;
} }
.footer {
margin-top: 32px;
text-align: center;
position: relative;
& > .vn-submit {
display: block;
& > input {
display: block;
width: 100%;
}
}
& > .spinner-wrapper {
position: absolute;
width: 0;
top: 3px;
right: -8px;
overflow: visible;
}
}
} }

View File

@ -1,5 +1,4 @@
import ngModule from '../../module'; import ngModule from '../../module';
import './style.scss';
export default class Controller { export default class Controller {
constructor($scope, $element, $http, vnApp, $translate, $state) { constructor($scope, $element, $http, vnApp, $translate, $state) {

View File

@ -1,24 +0,0 @@
@import "variables";
vn-recover-password{
.footer {
margin-top: 32px;
text-align: center;
position: relative;
& > .vn-submit {
display: block;
& > input {
display: block;
width: 100%;
}
}
& > .spinner-wrapper {
position: absolute;
width: 0;
top: 3px;
right: -8px;
overflow: visible;
}
}
}

View File

@ -1,5 +1,5 @@
import ngModule from '../../module'; import ngModule from '../../module';
import './style.scss'; const UserError = require('vn-loopback/util/user-error');
export default class Controller { export default class Controller {
constructor($scope, $element, $http, vnApp, $translate, $state, $location) { constructor($scope, $element, $http, vnApp, $translate, $state, $location) {

View File

@ -1,24 +0,0 @@
@import "variables";
vn-reset-password{
.footer {
margin-top: 32px;
text-align: center;
position: relative;
& > .vn-submit {
display: block;
& > input {
display: block;
width: 100%;
}
}
& > .spinner-wrapper {
position: absolute;
width: 0;
top: 3px;
right: -8px;
overflow: visible;
}
}
}

View File

@ -36,6 +36,12 @@ function config($stateProvider, $urlRouterProvider) {
description: 'Reset password', description: 'Reset password',
template: '<vn-reset-password></vn-reset-password>' template: '<vn-reset-password></vn-reset-password>'
}) })
.state('change-password', {
parent: 'outLayout',
url: '/change-password?id&token',
description: 'Change password',
template: '<vn-change-password></vn-change-password>'
})
.state('home', { .state('home', {
parent: 'layout', parent: 'layout',
url: '/', url: '/',

View File

@ -2,7 +2,6 @@
const ParameterizedSQL = require('loopback-connector').ParameterizedSQL; const ParameterizedSQL = require('loopback-connector').ParameterizedSQL;
const UserError = require('vn-loopback/util/user-error'); const UserError = require('vn-loopback/util/user-error');
const utils = require('loopback/lib/utils'); const utils = require('loopback/lib/utils');
const {util} = require('webpack');
module.exports = function(Self) { module.exports = function(Self) {
Self.ParameterizedSQL = ParameterizedSQL; Self.ParameterizedSQL = ParameterizedSQL;

View File

@ -172,6 +172,7 @@
"Comment added to client": "Comment added to client", "Comment added to client": "Comment added to client",
"This ticket is already a refund": "This ticket is already a refund", "This ticket is already a refund": "This ticket is already a refund",
"A claim with that sale already exists": "A claim with that sale already exists", "A claim with that sale already exists": "A claim with that sale already exists",
"Pass expired": "The password has expired, change it from Salix",
"Can't transfer claimed sales": "Can't transfer claimed sales", "Can't transfer claimed sales": "Can't transfer claimed sales",
"Invalid quantity": "Invalid quantity" "Invalid quantity": "Invalid quantity"
} }

View File

@ -77,7 +77,6 @@
"This ticket can not be modified": "Este ticket no puede ser modificado", "This ticket can not be modified": "Este ticket no puede ser modificado",
"The introduced hour already exists": "Esta hora ya ha sido introducida", "The introduced hour already exists": "Esta hora ya ha sido introducida",
"INFINITE_LOOP": "Existe una dependencia entre dos Jefes", "INFINITE_LOOP": "Existe una dependencia entre dos Jefes",
"The sales of the current ticket can't be modified": "Las lineas de este ticket no pueden ser modificadas",
"The sales of the receiver ticket can't be modified": "Las lineas del ticket al que envias no pueden ser modificadas", "The sales of the receiver ticket can't be modified": "Las lineas del ticket al que envias no pueden ser modificadas",
"NO_AGENCY_AVAILABLE": "No hay una zona de reparto disponible con estos parámetros", "NO_AGENCY_AVAILABLE": "No hay una zona de reparto disponible con estos parámetros",
"ERROR_PAST_SHIPMENT": "No puedes seleccionar una fecha de envío en pasado", "ERROR_PAST_SHIPMENT": "No puedes seleccionar una fecha de envío en pasado",
@ -291,6 +290,7 @@
"isTaxDataChecked": "Datos comprobados", "isTaxDataChecked": "Datos comprobados",
"comercialId": "Id comercial", "comercialId": "Id comercial",
"comercialName": "Comercial", "comercialName": "Comercial",
"Pass expired": "La contraseña ha caducado, cambiela desde Salix",
"Invalid NIF for VIES": "Invalid NIF for VIES", "Invalid NIF for VIES": "Invalid NIF for VIES",
"Ticket does not exist": "Este ticket no existe", "Ticket does not exist": "Este ticket no existe",
"Ticket is already signed": "Este ticket ya ha sido firmado" "Ticket is already signed": "Este ticket ya ha sido firmado"

View File

@ -1,6 +1,6 @@
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('changePassword', { Self.remoteMethod('changePassword', {
description: 'Changes the user password', description: 'Changes the user password',
accessType: 'WRITE', accessType: 'WRITE',
accepts: [ accepts: [
@ -27,9 +27,7 @@ module.exports = Self => {
} }
}); });
Self.changePassword = async function(ctx, id, oldPassword, newPassword) { Self.changePassword = async function(id, oldPassword, newPassword) {
await Self.rawSql(`CALL account.user_changePassword(?, ?, ?)`, await Self.app.models.VnUser.changePassword(id, oldPassword, newPassword);
[id, oldPassword, newPassword], {userId: ctx.req.accessToken.userId});
await Self.app.models.Account.syncById(id, newPassword);
}; };
}; };

View File

@ -1,5 +1,5 @@
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('setPassword', { Self.remoteMethod('setPassword', {
description: 'Sets the user password', description: 'Sets the user password',
accessType: 'WRITE', accessType: 'WRITE',
accepts: [ accepts: [
@ -21,9 +21,7 @@ module.exports = Self => {
} }
}); });
Self.setPassword = async function(ctx, id, newPassword) { Self.setPassword = async function(id, newPassword) {
await Self.rawSql(`CALL account.user_setPassword(?, ?)`, await Self.app.models.VnUser.setPassword(id, newPassword);
[id, newPassword], {userId: ctx.req.accessToken.userId});
await Self.app.models.Account.syncById(id, newPassword);
}; };
}; };

View File

@ -2,12 +2,21 @@ const {models} = require('vn-loopback/server/server');
describe('account changePassword()', () => { describe('account changePassword()', () => {
it('should throw an error when old password is wrong', async() => { it('should throw an error when old password is wrong', async() => {
const ctx = {req: {accessToken: {userId: 9}}}; let error;
let err; try {
await models.Account.changePassword(ctx, 1, 'wrongPassword', 'nightmare.9999') await models.Account.changePassword(1, 'wrongPassword', 'nightmare.9999');
.catch(error => err = error.sqlMessage); } catch (e) {
error = e.message;
}
expect(err).toBeDefined(); expect(error).toContain('Invalid current password');
expect(err).toEqual('Invalid password'); });
it('should change password', async() => {
try {
await models.Account.changePassword(70, 'nightmare', 'nightmare.9999');
} catch (e) {
expect(e).toBeUndefined();
}
}); });
}); });

View File

@ -1,15 +1,14 @@
const {models} = require('vn-loopback/server/server'); const {models} = require('vn-loopback/server/server');
describe('Account setPassword()', () => { describe('Account setPassword()', () => {
const ctx = {req: {accessToken: {userId: 9}}};
it('should throw an error when password does not meet requirements', async() => { it('should throw an error when password does not meet requirements', async() => {
let req = models.Account.setPassword(ctx, 1, 'insecurePass'); let req = models.Account.setPassword(1, 'insecurePass');
await expectAsync(req).toBeRejected(); await expectAsync(req).toBeRejected();
}); });
it('should update password when it passes requirements', async() => { it('should update password when it passes requirements', async() => {
let req = models.Account.setPassword(ctx, 1, 'Very$ecurePa22.'); let req = models.Account.setPassword(1, 'Very$ecurePa22.');
await expectAsync(req).toBeResolved(); await expectAsync(req).toBeResolved();
}); });

View File

@ -24,8 +24,8 @@ module.exports = Self => {
} }
}); });
Self.syncById = async function(id, password, force) { Self.syncById = async function(id, password, force, options) {
let user = await Self.app.models.VnUser.findById(id, {fields: ['name']}); let user = await Self.app.models.VnUser.findById(id, {fields: ['name']}, options);
await Self.sync(user.name, password, force); await Self.sync(user.name, password, force, options);
}; };
}; };

View File

@ -24,17 +24,22 @@ module.exports = Self => {
} }
}); });
Self.sync = async function(userName, password, force) { Self.sync = async function(userName, password, force, options) {
const myOptions = {};
if (typeof options == 'object')
Object.assign(myOptions, options);
const models = Self.app.models; const models = Self.app.models;
const user = await models.VnUser.findOne({ const user = await models.VnUser.findOne({
fields: ['id'], fields: ['id'],
where: {name: userName} where: {name: userName}
}); }, myOptions);
const isSync = !await models.UserSync.exists(userName); const isSync = !await models.UserSync.exists(userName, myOptions);
if (!force && isSync && user) return; if (!force && isSync && user) return;
await models.AccountConfig.syncUser(userName, password); await models.AccountConfig.syncUser(userName, password);
await models.UserSync.destroyById(userName); await models.UserSync.destroyById(userName, myOptions);
}; };
}; };

View File

@ -1,5 +1,5 @@
const app = require('vn-loopback/server/server'); const models = require('vn-loopback/server/server').models;
module.exports = Self => { module.exports = Self => {
Object.assign(Self, { Object.assign(Self, {
@ -63,7 +63,7 @@ module.exports = Self => {
Object.assign(Self.prototype, { Object.assign(Self.prototype, {
async synchronizerInit() { async synchronizerInit() {
let mailConfig = await app.models.MailConfig.findOne({ let mailConfig = await models.MailConfig.findOne({
fields: ['domain'] fields: ['domain']
}); });
@ -91,8 +91,6 @@ module.exports = Self => {
}, },
async synchronizerSyncUser(userName, password, syncGroups) { async synchronizerSyncUser(userName, password, syncGroups) {
let $ = app.models;
if (!userName) return; if (!userName) return;
userName = userName.toLowerCase(); userName = userName.toLowerCase();
@ -100,7 +98,7 @@ module.exports = Self => {
if (['administrator', 'root'].indexOf(userName) >= 0) if (['administrator', 'root'].indexOf(userName) >= 0)
return; return;
let user = await $.VnUser.findOne({ let user = await models.VnUser.findOne({
where: {name: userName}, where: {name: userName},
fields: [ fields: [
'id', 'id',
@ -111,7 +109,7 @@ module.exports = Self => {
'sync', 'sync',
'active', 'active',
'created', 'created',
'bcryptPassword', 'password',
'updated' 'updated'
], ],
include: [ include: [
@ -138,7 +136,7 @@ module.exports = Self => {
}; };
if (user) { if (user) {
let exists = await $.Account.exists(user.id); let exists = await models.Account.exists(user.id);
Object.assign(info, { Object.assign(info, {
hasAccount: user.active && exists, hasAccount: user.active && exists,
corporateMail: `${userName}@${this.domain}`, corporateMail: `${userName}@${this.domain}`,
@ -173,30 +171,6 @@ module.exports = Self => {
async synchronizerSyncRoles() { async synchronizerSyncRoles() {
for (let synchronizer of this.synchronizers) for (let synchronizer of this.synchronizers)
await synchronizer.syncRoles(); await synchronizer.syncRoles();
},
async syncUser(userName, info, password) {
if (info.user && password)
await app.models.VnUser.setPassword(info.user.id, password);
},
async getUsers(usersToSync) {
let accounts = await app.models.Account.find({
fields: ['id'],
include: {
relation: 'user',
scope: {
fields: ['name'],
where: {active: true}
}
}
});
for (let account of accounts) {
let user = account.user();
if (!user) continue;
usersToSync.add(user.name);
}
} }
}); });
}; };

View File

@ -6,9 +6,6 @@
"table": "account.accountConfig" "table": "account.accountConfig"
} }
}, },
"mixins": {
"AccountSynchronizer": {}
},
"properties": { "properties": {
"id": { "id": {
"type": "number", "type": "number",

View File

@ -1,6 +1,6 @@
const UserError = require('vn-loopback/util/user-error'); const UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('setPassword', { Self.remoteMethod('setPassword', {
description: 'Sets the password of a non-worker client', description: 'Sets the password of a non-worker client',
accepts: [ accepts: [
{ {
@ -21,14 +21,14 @@ module.exports = Self => {
} }
}); });
Self.setPassword = async function(ctx, id, newPassword) { Self.setPassword = async function(id, newPassword) {
const models = Self.app.models; const models = Self.app.models;
const isClient = await models.Client.findById(id); const isClient = await models.Client.findById(id);
const isAccount = await models.Account.findById(id); const isAccount = await models.Account.findById(id);
if (isClient && !isAccount) if (isClient && !isAccount)
await models.Account.setPassword(ctx, id, newPassword); await models.Account.setPassword(id, newPassword);
else else
throw new UserError(`Modifiable password only via recovery or by an administrator`); throw new UserError(`Modifiable password only via recovery or by an administrator`);
}; };

View File

@ -1,12 +1,11 @@
const models = require('vn-loopback/server/server').models; const models = require('vn-loopback/server/server').models;
describe('Client setPassword', () => { describe('Client setPassword', () => {
const ctx = {req: {accessToken: {userId: 9}}};
it('should throw an error the setPassword target is not just a client but a worker', async() => { it('should throw an error the setPassword target is not just a client but a worker', async() => {
let error; let error;
try { try {
await models.Client.setPassword(ctx, 1, 't0pl3v3l.p455w0rd!'); await models.Client.setPassword(1, 't0pl3v3l.p455w0rd!');
} catch (e) { } catch (e) {
error = e; error = e;
} }
@ -18,7 +17,7 @@ describe('Client setPassword', () => {
let error; let error;
try { try {
await models.Client.setPassword(ctx, 1101, 't0pl3v3l.p455w0rd!'); await models.Client.setPassword(1101, 't0pl3v3l.p455w0rd!');
} catch (e) { } catch (e) {
error = e; error = e;
} }