refs #4480, #5484 Front & back tests passed, md5 password removed from code, some e2e missing
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Juan Ferrer 2023-04-15 14:24:50 +02:00
parent ca3a1be20f
commit c5dcfd3cab
8 changed files with 17 additions and 19 deletions

View File

@ -1,4 +1,3 @@
const md5 = require('md5');
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
@ -44,14 +43,12 @@ module.exports = Self => {
? {email: user}
: {name: user};
let vnUser = await Self.findOne({
fields: ['active', 'oldPassword'],
fields: ['active'],
where
});
let validCredentials = instance && (
await instance.hasPassword(password) ||
vnUser.oldPassword == md5(password || '')
);
let validCredentials = instance
&& await instance.hasPassword(password);
if (validCredentials) {
if (!vnUser.active)

View File

@ -30,13 +30,6 @@
"columnName": "bcryptPassword"
}
},
"oldPassword": {
"type": "string",
"required": true,
"mysql": {
"columnName": "password"
}
},
"roleFk": {
"type": "number",
"mysql": {

View File

@ -0,0 +1,7 @@
INSERT INTO salix.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnUser','acl','READ','ALLOW','ROLE','account'),
('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account');
DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'acl');
DELETE FROM salix.`ACL` WHERE (model, property) = ('Account', 'getCurrentUserData');

View File

@ -154,5 +154,6 @@
"Valid priorities: 1,2,3": "Valid priorities: 1,2,3",
"Warehouse inventory not set": "Almacén inventario no está establecido",
"Component cost not set": "Componente coste no está estabecido",
"Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2"
"Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2": "Tickets with associated refunds can't be deleted. This ticket is associated with refund Nº 2",
"Description cannot be blank": "Description cannot be blank"
}

View File

@ -293,7 +293,7 @@ class VnMySQL extends MySQL {
try {
const userId = opts.httpCtx && opts.httpCtx.active.accessToken.userId;
if (userId) {
const user = await Model.app.models.Account.findById(userId, {fields: ['name']}, opts);
const user = await Model.app.models.VnUser.findById(userId, {fields: ['name']}, opts);
await this.executeP(`CALL account.myUser_loginWithName(?)`, [user.name], opts);
}

View File

@ -50,7 +50,7 @@ describe('component vnUserDescriptor', () => {
controller.newPassword = 'foo';
controller.repeatPassword = 'foo';
$httpBackend.expectPATCH('VnUsers/1/setPassword').respond();
$httpBackend.expectPATCH('Accounts/1/setPassword').respond();
controller.onPassChange();
$httpBackend.flush();

View File

@ -33,6 +33,6 @@ module.exports = Self => {
}
}, myOptions);
const roleWithGrants = state && state.writeRole().name;
return await models.Account.hasRole(userId, roleWithGrants, myOptions);
return await models.VnUser.hasRole(userId, roleWithGrants, myOptions);
};
};

View File

@ -1,6 +1,6 @@
const models = require('vn-loopback/server/server').models;
fdescribe('Client setPassword', () => {
describe('Client setPassword', () => {
it('should throw an error the setPassword target is not just a client but a worker', async() => {
let error;