From c5dcfd3cab61d33c4ea071463eb5c3be083ecc49 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Sat, 15 Apr 2023 14:24:50 +0200 Subject: [PATCH] refs #4480, #5484 Front & back tests passed, md5 password removed from code, some e2e missing --- back/methods/vn-user/signIn.js | 9 +++------ back/models/vn-user.json | 7 ------- db/changes/231601/00-userAcl.sql | 7 +++++++ loopback/locale/en.json | 5 +++-- loopback/server/connectors/vn-mysql.js | 2 +- modules/account/front/descriptor/index.spec.js | 2 +- modules/claim/back/methods/claim-state/isEditable.js | 2 +- .../client/back/methods/client/specs/setPassword.spec.js | 2 +- 8 files changed, 17 insertions(+), 19 deletions(-) create mode 100644 db/changes/231601/00-userAcl.sql diff --git a/back/methods/vn-user/signIn.js b/back/methods/vn-user/signIn.js index 954b2cc2eb..da3172ae41 100644 --- a/back/methods/vn-user/signIn.js +++ b/back/methods/vn-user/signIn.js @@ -1,4 +1,3 @@ -const md5 = require('md5'); const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { @@ -44,14 +43,12 @@ module.exports = Self => { ? {email: user} : {name: user}; let vnUser = await Self.findOne({ - fields: ['active', 'oldPassword'], + fields: ['active'], where }); - let validCredentials = instance && ( - await instance.hasPassword(password) || - vnUser.oldPassword == md5(password || '') - ); + let validCredentials = instance + && await instance.hasPassword(password); if (validCredentials) { if (!vnUser.active) diff --git a/back/models/vn-user.json b/back/models/vn-user.json index bfe5d09cd7..17efc8ce6a 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -30,13 +30,6 @@ "columnName": "bcryptPassword" } }, - "oldPassword": { - "type": "string", - "required": true, - "mysql": { - "columnName": "password" - } - }, "roleFk": { "type": "number", "mysql": { diff --git a/db/changes/231601/00-userAcl.sql b/db/changes/231601/00-userAcl.sql new file mode 100644 index 0000000000..6db9850562 --- /dev/null +++ b/db/changes/231601/00-userAcl.sql @@ -0,0 +1,7 @@ +INSERT INTO salix.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('VnUser','acl','READ','ALLOW','ROLE','account'), + ('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account'); + +DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'acl'); +DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'getCurrentUserData'); diff --git a/loopback/locale/en.json b/loopback/locale/en.json index e9fd672091..c3c8d234da 100644 --- a/loopback/locale/en.json +++ b/loopback/locale/en.json @@ -154,5 +154,6 @@ "Valid priorities: 1,2,3": "Valid priorities: 1,2,3", "Warehouse inventory not set": "Almacén inventario no está establecido", "Component cost not set": "Componente coste no está estabecido", - "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2" -} + "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2", + "Description cannot be blank": "Description cannot be blank" +} \ No newline at end of file diff --git a/loopback/server/connectors/vn-mysql.js b/loopback/server/connectors/vn-mysql.js index b08f69cb16..40ad78bde0 100644 --- a/loopback/server/connectors/vn-mysql.js +++ b/loopback/server/connectors/vn-mysql.js @@ -293,7 +293,7 @@ class VnMySQL extends MySQL { try { const userId = opts.httpCtx && opts.httpCtx.active.accessToken.userId; if (userId) { - const user = await Model.app.models.Account.findById(userId, {fields: ['name']}, opts); + const user = await Model.app.models.VnUser.findById(userId, {fields: ['name']}, opts); await this.executeP(`CALL account.myUser_loginWithName(?)`, [user.name], opts); } diff --git a/modules/account/front/descriptor/index.spec.js b/modules/account/front/descriptor/index.spec.js index 9afa8677fd..46c7e376c8 100644 --- a/modules/account/front/descriptor/index.spec.js +++ b/modules/account/front/descriptor/index.spec.js @@ -50,7 +50,7 @@ describe('component vnUserDescriptor', () => { controller.newPassword = 'foo'; controller.repeatPassword = 'foo'; - $httpBackend.expectPATCH('VnUsers/1/setPassword').respond(); + $httpBackend.expectPATCH('Accounts/1/setPassword').respond(); controller.onPassChange(); $httpBackend.flush(); diff --git a/modules/claim/back/methods/claim-state/isEditable.js b/modules/claim/back/methods/claim-state/isEditable.js index ad51d543a6..641bc3b42d 100644 --- a/modules/claim/back/methods/claim-state/isEditable.js +++ b/modules/claim/back/methods/claim-state/isEditable.js @@ -33,6 +33,6 @@ module.exports = Self => { } }, myOptions); const roleWithGrants = state && state.writeRole().name; - return await models.Account.hasRole(userId, roleWithGrants, myOptions); + return await models.VnUser.hasRole(userId, roleWithGrants, myOptions); }; }; diff --git a/modules/client/back/methods/client/specs/setPassword.spec.js b/modules/client/back/methods/client/specs/setPassword.spec.js index 3f0885b2a2..590172a02b 100644 --- a/modules/client/back/methods/client/specs/setPassword.spec.js +++ b/modules/client/back/methods/client/specs/setPassword.spec.js @@ -1,6 +1,6 @@ const models = require('vn-loopback/server/server').models; -fdescribe('Client setPassword', () => { +describe('Client setPassword', () => { it('should throw an error the setPassword target is not just a client but a worker', async() => { let error;