refs #4480, #5484 Front & back tests passed, md5 password removed from code, some e2e missing
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Juan Ferrer 2023-04-15 14:24:50 +02:00
parent ca3a1be20f
commit c5dcfd3cab
8 changed files with 17 additions and 19 deletions

View File

@ -1,4 +1,3 @@
const md5 = require('md5');
const UserError = require('vn-loopback/util/user-error'); const UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
@ -44,14 +43,12 @@ module.exports = Self => {
? {email: user} ? {email: user}
: {name: user}; : {name: user};
let vnUser = await Self.findOne({ let vnUser = await Self.findOne({
fields: ['active', 'oldPassword'], fields: ['active'],
where where
}); });
let validCredentials = instance && ( let validCredentials = instance
await instance.hasPassword(password) || && await instance.hasPassword(password);
vnUser.oldPassword == md5(password || '')
);
if (validCredentials) { if (validCredentials) {
if (!vnUser.active) if (!vnUser.active)

View File

@ -30,13 +30,6 @@
"columnName": "bcryptPassword" "columnName": "bcryptPassword"
} }
}, },
"oldPassword": {
"type": "string",
"required": true,
"mysql": {
"columnName": "password"
}
},
"roleFk": { "roleFk": {
"type": "number", "type": "number",
"mysql": { "mysql": {

View File

@ -0,0 +1,7 @@
INSERT INTO salix.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnUser','acl','READ','ALLOW','ROLE','account'),
('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account');
DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'acl');
DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'getCurrentUserData');

View File

@ -154,5 +154,6 @@
"Valid priorities: 1,2,3": "Valid priorities: 1,2,3", "Valid priorities: 1,2,3": "Valid priorities: 1,2,3",
"Warehouse inventory not set": "Almacén inventario no está establecido", "Warehouse inventory not set": "Almacén inventario no está establecido",
"Component cost not set": "Componente coste no está estabecido", "Component cost not set": "Componente coste no está estabecido",
"Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2" "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2",
"Description cannot be blank": "Description cannot be blank"
} }

View File

@ -293,7 +293,7 @@ class VnMySQL extends MySQL {
try { try {
const userId = opts.httpCtx && opts.httpCtx.active.accessToken.userId; const userId = opts.httpCtx && opts.httpCtx.active.accessToken.userId;
if (userId) { if (userId) {
const user = await Model.app.models.Account.findById(userId, {fields: ['name']}, opts); const user = await Model.app.models.VnUser.findById(userId, {fields: ['name']}, opts);
await this.executeP(`CALL account.myUser_loginWithName(?)`, [user.name], opts); await this.executeP(`CALL account.myUser_loginWithName(?)`, [user.name], opts);
} }

View File

@ -50,7 +50,7 @@ describe('component vnUserDescriptor', () => {
controller.newPassword = 'foo'; controller.newPassword = 'foo';
controller.repeatPassword = 'foo'; controller.repeatPassword = 'foo';
$httpBackend.expectPATCH('VnUsers/1/setPassword').respond(); $httpBackend.expectPATCH('Accounts/1/setPassword').respond();
controller.onPassChange(); controller.onPassChange();
$httpBackend.flush(); $httpBackend.flush();

View File

@ -33,6 +33,6 @@ module.exports = Self => {
} }
}, myOptions); }, myOptions);
const roleWithGrants = state && state.writeRole().name; const roleWithGrants = state && state.writeRole().name;
return await models.Account.hasRole(userId, roleWithGrants, myOptions); return await models.VnUser.hasRole(userId, roleWithGrants, myOptions);
}; };
}; };

View File

@ -1,6 +1,6 @@
const models = require('vn-loopback/server/server').models; const models = require('vn-loopback/server/server').models;
fdescribe('Client setPassword', () => { describe('Client setPassword', () => {
it('should throw an error the setPassword target is not just a client but a worker', async() => { it('should throw an error the setPassword target is not just a client but a worker', async() => {
let error; let error;