refs #4480, #5484 Front & back tests passed, md5 password removed from code, some e2e missing

back/methods/vn-user/signIn.js

@@ -1,4 +1,3 @@
-const md5 = require('md5');
 const UserError = require('vn-loopback/util/user-error');
 
 module.exports = Self => {
@@ -44,14 +43,12 @@ module.exports = Self => {
             ? {email: user}
             : {name: user};
         let vnUser = await Self.findOne({
-            fields: ['active', 'oldPassword'],
+            fields: ['active'],
             where
         });
 
-        let validCredentials = instance && (
+        let validCredentials = instance
-            await instance.hasPassword(password) ||
+            && await instance.hasPassword(password);
-            vnUser.oldPassword == md5(password || '')
-        );
 
         if (validCredentials) {
             if (!vnUser.active)

back/models/vn-user.json

@@ -30,13 +30,6 @@
 				"columnName": "bcryptPassword"
 			}
 		},
-		"oldPassword": {
-			"type": "string",
-			"required": true,
-			"mysql": {
-				"columnName": "password"
-			}
-		},
 		"roleFk": {
 			"type": "number",
 			"mysql": {

db/changes/231601/00-userAcl.sql

@@ -0,0 +1,7 @@
+INSERT INTO salix.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES
+        ('VnUser','acl','READ','ALLOW','ROLE','account'),
+        ('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account');
+
+DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'acl');
+DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'getCurrentUserData');

loopback/locale/en.json

@@ -154,5 +154,6 @@
 	"Valid priorities: 1,2,3": "Valid priorities: 1,2,3",
 	"Warehouse inventory not set": "Almacén inventario no está establecido",
 	"Component cost not set": "Componente coste no está estabecido",
-	"Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2"
+	"Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2",
-}
+	"Description cannot be blank": "Description cannot be blank"
+}

loopback/server/connectors/vn-mysql.js

@@ -293,7 +293,7 @@ class VnMySQL extends MySQL {
         try {
             const userId = opts.httpCtx && opts.httpCtx.active.accessToken.userId;
             if (userId) {
-                const user = await Model.app.models.Account.findById(userId, {fields: ['name']}, opts);
+                const user = await Model.app.models.VnUser.findById(userId, {fields: ['name']}, opts);
                 await this.executeP(`CALL account.myUser_loginWithName(?)`, [user.name], opts);
             }
 

modules/account/front/descriptor/index.spec.js

@@ -50,7 +50,7 @@ describe('component vnUserDescriptor', () => {
             controller.newPassword = 'foo';
             controller.repeatPassword = 'foo';
 
-            $httpBackend.expectPATCH('VnUsers/1/setPassword').respond();
+            $httpBackend.expectPATCH('Accounts/1/setPassword').respond();
             controller.onPassChange();
             $httpBackend.flush();
 

modules/claim/back/methods/claim-state/isEditable.js

@@ -33,6 +33,6 @@ module.exports = Self => {
             }
         }, myOptions);
         const roleWithGrants = state && state.writeRole().name;
-        return await models.Account.hasRole(userId, roleWithGrants, myOptions);
+        return await models.VnUser.hasRole(userId, roleWithGrants, myOptions);
     };
 };

modules/client/back/methods/client/specs/setPassword.spec.js

@@ -1,6 +1,6 @@
 const models = require('vn-loopback/server/server').models;
 
-fdescribe('Client setPassword', () => {
+describe('Client setPassword', () => {
     it('should throw an error the setPassword target is not just a client but a worker', async() => {
         let error;