From ba5a03c980cb0a091080938a19a84e42f80da2cb Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Sat, 31 Oct 2020 01:56:19 +0100
Subject: [PATCH] User sync fixes

---
 .../back/methods/user-account/sync-all.js     |  2 +-
 .../account/back/methods/user-account/sync.js | 37 ++++++++++++-------
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/modules/account/back/methods/user-account/sync-all.js b/modules/account/back/methods/user-account/sync-all.js
index cbe0b24f7c..b4c687751d 100644
--- a/modules/account/back/methods/user-account/sync-all.js
+++ b/modules/account/back/methods/user-account/sync-all.js
@@ -99,7 +99,7 @@ module.exports = Self => {
             try {
                 await Self.doSync(sync, user);
             } catch (err) {
-                console.error(err);
+                console.error(`Cannot sync user '${user}':`, err);
             }
         }
         await Self.syncDeinit(sync);
diff --git a/modules/account/back/methods/user-account/sync.js b/modules/account/back/methods/user-account/sync.js
index 346c50b55d..a6d74693da 100644
--- a/modules/account/back/methods/user-account/sync.js
+++ b/modules/account/back/methods/user-account/sync.js
@@ -119,6 +119,10 @@ module.exports = Self => {
             sambaClient
         } = sync;
 
+        // Avoid to change adminitration users
+        if (['administrator', 'root'].indexOf(userName.toLowerCase()) >= 0)
+            return;
+
         let user = await $.Account.findOne({
             where: {name: userName},
             fields: [
@@ -169,14 +173,19 @@ module.exports = Self => {
             await $.Account.upsertWithWhere({id: user.id},
                 {bcryptPassword}
             );
-            await $.user.upsert({
+
+            let appUser = {
                 id: user.id,
                 username: userName,
-                password: bcryptPassword,
                 email: user.email,
                 created: user.created,
                 updated: user.updated
-            });
+            };
+
+            if (bcryptPassword)
+                appUser.password = bcryptPassword;
+
+            await $.user.upsert(appUser);
         }
 
         // SIP
@@ -240,7 +249,8 @@ module.exports = Self => {
             if (hasAccount) {
                 // Recreates user
 
-                let nameArgs = user.nickname.split(' ');
+                let nickname = user.nickname || userName;
+                let nameArgs = nickname.split(' ');
                 let sn = nameArgs.length > 1
                     ? nameArgs.splice(1).join(' ')
                     : '-';
@@ -253,8 +263,8 @@ module.exports = Self => {
                         'posixAccount',
                         'sambaSamAccount'
                     ],
-                    cn: user.nickname || userName,
-                    displayName: user.nickname,
+                    cn: nickname,
+                    displayName: nickname,
                     givenName: nameArgs[0],
                     sn,
                     mail: extraParams.corporateMail,
@@ -266,7 +276,6 @@ module.exports = Self => {
                     sambaSID: '-'
                 };
 
-                let passwords;
                 if (password) {
                     let salt = crypto
                         .randomBytes(8)
@@ -281,19 +290,21 @@ module.exports = Self => {
                         .from(digest + salt, 'binary')
                         .toString('base64');
 
-                    passwords = {
+                    Object.assign(newEntry, {
                         userPassword: `{SSHA}${ssha}`,
                         sambaNTPassword: nthash(password)
-                    };
+                    });
                 } else if (oldUser) {
-                    passwords = {
+                    Object.assign(newEntry, {
                         userPassword: oldUser.userPassword,
                         sambaNTPassword: oldUser.sambaNTPassword
-                    };
+                    });
                 }
 
-                if (passwords)
-                    Object.assign(newEntry, passwords);
+                for (let prop in newEntry) {
+                    if (newEntry[prop] == null)
+                        delete newEntry[prop];
+                }
 
                 await ldapClient.add(dn, newEntry);