Merge pull request '#6434 - Usuario accede como otro usuario' (!1843) from 6434-signInLog_issue_MASTER into master
gitea/salix/pipeline/head This commit looks good
Details
gitea/salix/pipeline/head This commit looks good
Details
Reviewed-on: #1843 Reviewed-by: Javi Gallego <jgallego@verdnatura.es> Reviewed-by: Alex Moreno <alexm@verdnatura.es>
This commit is contained in:
commit
adc1cd887b
|
@ -51,7 +51,7 @@ module.exports = Self => {
|
|||
}
|
||||
const validateLogin = await Self.validateLogin(user, password);
|
||||
await Self.app.models.SignInLog.create({
|
||||
id: validateLogin.token,
|
||||
token: validateLogin.token,
|
||||
userFk: vnUser.id,
|
||||
ip: ctx.req.ip
|
||||
});
|
||||
|
|
|
@ -12,8 +12,21 @@ describe('VnUser Sign-in()', () => {
|
|||
},
|
||||
args: {}
|
||||
};
|
||||
const {VnUser, AccessToken} = models;
|
||||
const {VnUser, AccessToken, SignInLog} = models;
|
||||
describe('when credentials are correct', () => {
|
||||
it('should return the token if user uses email', async() => {
|
||||
let login = await VnUser.signIn(unauthCtx, 'salesAssistant@mydomain.com', 'nightmare');
|
||||
let accessToken = await AccessToken.findById(login.token);
|
||||
let ctx = {req: {accessToken: accessToken}};
|
||||
let signInLog = await SignInLog.find({where: {token: accessToken.id}});
|
||||
|
||||
expect(signInLog.length).toEqual(1);
|
||||
expect(signInLog[0].userFk).toEqual(accessToken.userId);
|
||||
expect(login.token).toBeDefined();
|
||||
|
||||
await VnUser.logout(ctx.req.accessToken.id);
|
||||
});
|
||||
|
||||
it('should return the token', async() => {
|
||||
let login = await VnUser.signIn(unauthCtx, 'salesAssistant', 'nightmare');
|
||||
let accessToken = await AccessToken.findById(login.token);
|
||||
|
|
|
@ -124,17 +124,20 @@ module.exports = function(Self) {
|
|||
|
||||
return email.send();
|
||||
});
|
||||
Self.signInValidate = (user, userToken) => {
|
||||
const [[key, value]] = Object.entries(Self.userUses(user));
|
||||
if (userToken[key].toLowerCase() !== value.toLowerCase()) {
|
||||
console.error('ERROR!!! - Signin with other user', _userToken, _user);
|
||||
throw new UserError('Try again');
|
||||
}
|
||||
};
|
||||
|
||||
Self.validateLogin = async function(user, password) {
|
||||
const loginInfo = Object.assign({password}, Self.userUses(user));
|
||||
const token = await Self.login(loginInfo, 'user');
|
||||
|
||||
const userToken = await token.user.get();
|
||||
|
||||
// if (userToken.username.toLowerCase() !== user.toLowerCase()) {
|
||||
// console.error('ERROR!!! - Signin with other user', userToken, user);
|
||||
// throw new UserError('Try again');
|
||||
// }
|
||||
Self.signInValidate(user, userToken);
|
||||
|
||||
try {
|
||||
await Self.app.models.Account.sync(userToken.name, password);
|
||||
|
|
|
@ -2,17 +2,18 @@
|
|||
|
||||
--
|
||||
-- Table structure for table `signInLog`
|
||||
-- Description: log to debug cross-login error
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `account`.`signInLog`;
|
||||
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||
/*!40101 SET character_set_client = utf8 */;
|
||||
CREATE TABLE `account`.`signInLog` (
|
||||
`id` varchar(10) NOT NULL ,
|
||||
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
|
||||
`token` varchar(255) NOT NULL ,
|
||||
`userFk` int(10) unsigned DEFAULT NULL,
|
||||
`creationDate` timestamp NULL DEFAULT current_timestamp(),
|
||||
`ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `userFk` (`userFk`),
|
||||
CONSTRAINT `signInLog_ibfk_1` FOREIGN KEY (`userFk`) REFERENCES `user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
|
||||
);
|
|
@ -8,13 +8,20 @@
|
|||
},
|
||||
"properties": {
|
||||
"id": {
|
||||
"type": "number",
|
||||
"id": true,
|
||||
"type": "string"
|
||||
"description": "Identifier"
|
||||
},
|
||||
"token": {
|
||||
"required": true,
|
||||
"type": "string",
|
||||
"description": "Token's user"
|
||||
},
|
||||
"creationDate": {
|
||||
"type": "date"
|
||||
"type": "date"
|
||||
},
|
||||
"userFk": {
|
||||
"required": true,
|
||||
"type": "number"
|
||||
},
|
||||
"ip": {
|
||||
|
|
Loading…
Reference in New Issue