From c2af40edb5309f37b2c46a6e4a260e40b9ac75de Mon Sep 17 00:00:00 2001 From: joan Date: Tue, 18 Apr 2023 13:15:04 +0200 Subject: [PATCH] changes --- back/methods/vn-user/sign-in.js | 14 +++--- back/methods/vn-user/signIn.js | 68 --------------------------- back/methods/vn-user/specs/signIn.js | 2 +- back/methods/vn-user/specs/signOut.js | 4 +- back/methods/vn-user/validate-auth.js | 2 +- back/models/vn-user.js | 44 ++++++++++++++++- db/changes/231601/00-userAcl.sql | 3 +- 7 files changed, 55 insertions(+), 82 deletions(-) delete mode 100644 back/methods/vn-user/signIn.js diff --git a/back/methods/vn-user/sign-in.js b/back/methods/vn-user/sign-in.js index 9a4f30cd4e..0a0133b826 100644 --- a/back/methods/vn-user/sign-in.js +++ b/back/methods/vn-user/sign-in.js @@ -33,23 +33,23 @@ module.exports = Self => { ? {email: user} : {name: user}; - const account = await Self.findOne({ + const vnUser = await Self.findOne({ fields: ['id', 'active', 'email', 'password', 'twoFactor'], where }); - if (account && account.twoFactor === 'email') { + if (vnUser && vnUser.twoFactor === 'email') { const code = String(Math.floor(Math.random() * 999999)); const maxTTL = ((60 * 1000) * 5); // 5 min - await $.AuthCode.upsertWithWhere({userFk: account.id}, { - userFk: account.id, + await $.AuthCode.upsertWithWhere({userFk: vnUser.id}, { + userFk: vnUser.id, code: code, expires: Date.now() + maxTTL }); const params = { - recipientId: account.id, - recipient: account.email, + recipientId: vnUser.id, + recipient: vnUser.email, code: code }; ctx.args = {...ctx.args, ...params}; @@ -58,6 +58,6 @@ module.exports = Self => { throw new ForbiddenError('REQUIRES_2FA'); } - return $.models.login(user, password); + return Self.validateLogin(user, password); }; }; diff --git a/back/methods/vn-user/signIn.js b/back/methods/vn-user/signIn.js deleted file mode 100644 index 5f6c7f6990..0000000000 --- a/back/methods/vn-user/signIn.js +++ /dev/null @@ -1,68 +0,0 @@ -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethod('signIn', { - description: 'Login a user with username/email and password', - accepts: [ - { - arg: 'user', - type: 'String', - description: 'The user name or email', - http: {source: 'form'}, - required: true - }, { - arg: 'password', - type: 'String', - description: 'The password' - } - ], - returns: { - type: 'object', - root: true - }, - http: { - path: `/signIn`, - verb: 'POST' - } - }); - - Self.signIn = async function(user, password) { - let models = Self.app.models; - let token; - let usesEmail = user.indexOf('@') !== -1; - - let userInfo = usesEmail - ? {email: user} - : {username: user}; - let instance = await Self.findOne({ - fields: ['username', 'password'], - where: userInfo - }); - - let where = usesEmail - ? {email: user} - : {name: user}; - const vnUser = await Self.findOne({ - fields: ['active'], - where - }); - - let validCredentials = instance - && await instance.hasPassword(password); - - if (validCredentials) { - if (!vnUser.active) - throw new UserError('User disabled'); - - try { - await models.Account.sync(instance.username, password); - } catch (err) { - console.warn(err); - } - } - - let loginInfo = Object.assign({password}, userInfo); - token = await Self.login(loginInfo, 'user'); - return {token: token.id}; - }; -}; diff --git a/back/methods/vn-user/specs/signIn.js b/back/methods/vn-user/specs/signIn.js index 64e4d55f56..b4d619ced8 100644 --- a/back/methods/vn-user/specs/signIn.js +++ b/back/methods/vn-user/specs/signIn.js @@ -1,6 +1,6 @@ const {models} = require('vn-loopback/server/server'); -fdescribe('account login()', () => { +describe('account login()', () => { const employeeId = 1; const unauthCtx = { req: { diff --git a/back/methods/vn-user/specs/signOut.js b/back/methods/vn-user/specs/signOut.js index 3f224b2ff7..e6ca1f1564 100644 --- a/back/methods/vn-user/specs/signOut.js +++ b/back/methods/vn-user/specs/signOut.js @@ -1,12 +1,12 @@ const {models} = require('vn-loopback/server/server'); -describe('VnUser signOut()', () => { +fdescribe('VnUser signOut()', () => { it('should logout and remove token after valid login', async() => { let loginResponse = await app.models.VnUser.validateLogin('buyer', 'nightmare'); let accessToken = await app.models.AccessToken.findById(loginResponse.token); let ctx = {req: {accessToken: accessToken}}; - let logoutResponse = await models.VnUser.signOut(ctx); + let logoutResponse = await models.VnUser.logout(ctx); let tokenAfterLogout = await models.AccessToken.findById(loginResponse.token); expect(logoutResponse).toBeTrue(); diff --git a/back/methods/vn-user/validate-auth.js b/back/methods/vn-user/validate-auth.js index 1f906f4a63..312f1347af 100644 --- a/back/methods/vn-user/validate-auth.js +++ b/back/methods/vn-user/validate-auth.js @@ -68,6 +68,6 @@ module.exports = Self => { await authCode.destroy(); - return Self.login(username, password); + return Self.validateLogin(username, password); }; }; diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 84ba117942..e59c99fd1a 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -5,11 +5,12 @@ const {Email} = require('vn-print'); module.exports = function(Self) { vnModel(Self); - require('../methods/vn-user/signIn')(Self); + require('../methods/vn-user/sign-in')(Self); require('../methods/vn-user/acl')(Self); require('../methods/vn-user/recover-password')(Self); require('../methods/vn-user/validate-token')(Self); require('../methods/vn-user/privileges')(Self); + require('../methods/vn-user/validate-auth')(Self); // Validations @@ -107,4 +108,45 @@ module.exports = function(Self) { return email.send(); }); + + Self.validateLogin = async function(user, password) { + let $ = Self.app.models; + let token; + let usesEmail = user.indexOf('@') !== -1; + + let userInfo = usesEmail + ? {email: user} + : {username: user}; + let instance = await $.VnUser.findOne({ + fields: ['username', 'password'], + where: userInfo + }); + + let where = usesEmail + ? {email: user} + : {name: user}; + let vnUser = await $.VnUser.findOne({ + fields: ['active'], + where + }); + + let validCredentials = instance && ( + await instance.hasPassword(password) + ); + + if (validCredentials) { + if (!vnUser.active) + throw new UserError('User disabled'); + + try { + await $.Account.sync(instance.username, password); + } catch (err) { + console.warn(err); + } + } + + let loginInfo = Object.assign({password}, userInfo); + token = await $.VnUser.login(loginInfo, 'user'); + return {token: token.id}; + }; }; diff --git a/db/changes/231601/00-userAcl.sql b/db/changes/231601/00-userAcl.sql index 64803bf18a..b75a22315c 100644 --- a/db/changes/231601/00-userAcl.sql +++ b/db/changes/231601/00-userAcl.sql @@ -3,8 +3,7 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'employee'), ('VnUser','acl','READ','ALLOW','ROLE','account'), ('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account'), - ('VnUser','changePassword', 'WRITE', 'ALLOW', 'ROLE', 'account'), - ('Account','exists','READ','ALLOW','ROLE','account'); + ('VnUser','changePassword', 'WRITE', 'ALLOW', 'ROLE', 'account'); INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) VALUES