From cb50c617ee6fdb500efd8517abf5d3e023a86b94 Mon Sep 17 00:00:00 2001
From: alexm <alexm@verdnatura.es>
Date: Tue, 6 Jun 2023 15:09:01 +0200
Subject: [PATCH] refs #5489 deprecate account.user.password

---
 back/models/vn-user.json                      |  8 +-
 db/changes/232401/00-userPassExpired.sql      | 88 +++++++++++++++----
 db/dump/fixtures.sql                          |  6 +-
 e2e/paths/01-salix/05_changePassword.spec.js  | 37 ++++----
 modules/account/back/models/account-config.js |  2 +-
 5 files changed, 92 insertions(+), 49 deletions(-)

diff --git a/back/models/vn-user.json b/back/models/vn-user.json
index ce78b09a8..8486e29b8 100644
--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@@ -25,10 +25,7 @@
 		},
 		"password": {
 			"type": "string",
-			"required": true,
-			"mysql": {
-				"columnName": "bcryptPassword"
-			}
+			"required": true
 		},
 		"roleFk": {
 			"type": "number",
@@ -42,9 +39,6 @@
 		"lang": {
 			"type": "string"
 		},
-		"bcryptPassword": {
-			"type": "string"
-		},
 		"active": {
 			"type": "boolean"
 		},
diff --git a/db/changes/232401/00-userPassExpired.sql b/db/changes/232401/00-userPassExpired.sql
index 316496a50..2d4b45937 100644
--- a/db/changes/232401/00-userPassExpired.sql
+++ b/db/changes/232401/00-userPassExpired.sql
@@ -1,22 +1,76 @@
 ALTER TABLE `account`.`user` ADD passExpired DATE DEFAULT NULL;
 
--- DROP TRIGGER IF EXISTS `account`.`user_beforeUpdate`;
--- USE account;
+DROP PROCEDURE `account`.`myUser_changePassword`;
+DROP PROCEDURE `account`.`myUser_restorePassword`;
+DROP PROCEDURE `account`.`user_changePassword`;
+DROP PROCEDURE `account`.`user_restorePassword`;
+DROP PROCEDURE `account`.`user_setPassword`;
 
--- DELIMITER $$
--- $$
--- CREATE DEFINER=`root`@`localhost` TRIGGER `account`.`user_beforeUpdate`
--- 	BEFORE UPDATE ON `user`
--- 	FOR EACH ROW
--- BEGIN
---     SET NEW.editorFk = account.myUser_getId();
+ALTER TABLE account.`user` CHANGE password password__ char(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL COMMENT 'Deprecated';
+ALTER TABLE account.`user` CHANGE bcryptPassword password varchar(512) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci DEFAULT NULL NULL;
 
--- 	IF !(NEW.`name` <=> OLD.`name`) THEN
--- 		CALL user_checkName (NEW.`name`);
--- 	END IF;
+DELIMITER $$
+$$
+CREATE OR REPLACE DEFINER=`root`@`localhost` TRIGGER `account`.`user_beforeUpdate`
+	BEFORE UPDATE ON `user`
+	FOR EACH ROW
+BEGIN
+	SET NEW.editorFk = account.myUser_getId();
 
--- 	IF !(NEW.`password` <=> OLD.`password`) THEN
--- 		SET NEW.lastPassChange = util.VN_NOW();
--- 	END IF;
--- END$$
--- DELIMITER ;
+	IF !(NEW.`name` <=> OLD.`name`) THEN
+		CALL user_checkName (NEW.`name`);
+	END IF;
+
+	IF !(NEW.`password` <=> OLD.`password`) THEN
+		SET NEW.lastPassChange = util.VN_NOW();
+	END IF;
+END$$
+DELIMITER ;
+
+CREATE OR REPLACE DEFINER=`root`@`localhost`
+	SQL SECURITY DEFINER
+    VIEW `account`.`accountDovecot` AS
+select
+    `u`.`name` AS `name`,
+    `u`.`password` AS `password`
+from
+    (`account`.`user` `u`
+join `account`.`account` `a` on
+    (`a`.`id` = `u`.`id`))
+where
+    `u`.`active` <> 0;
+
+CREATE OR REPLACE DEFINER=`root`@`localhost`
+	SQL SECURITY DEFINER
+    VIEW `salix`.`User` AS
+select
+    `account`.`user`.`id` AS `id`,
+    `account`.`user`.`realm` AS `realm`,
+    `account`.`user`.`name` AS `username`,
+    `account`.`user`.`password` AS `password`,
+    `account`.`user`.`email` AS `email`,
+    `account`.`user`.`emailVerified` AS `emailVerified`,
+    `account`.`user`.`verificationToken` AS `verificationToken`
+from
+    `account`.`user`;
+
+CREATE OR REPLACE DEFINER=`root`@`localhost`
+	SQL SECURITY DEFINER
+    VIEW `vn`.`workerTimeControlUserInfo` AS
+select
+    `u`.`id` AS `userFk`,
+    `w`.`firstName` AS `name`,
+    `w`.`lastName` AS `surname`,
+    `u`.`name` AS `user`,
+    `u`.`password` AS `password`,
+    `wd`.`departmentFk` AS `departmentFk`,
+    left(`c`.`fi`,
+    8) AS `dni`
+from
+    (((`account`.`user` `u`
+join `vn`.`worker` `w` on
+    (`w`.`userFk` = `u`.`id`))
+join `vn`.`client` `c` on
+    (`c`.`id` = `u`.`id`))
+left join `vn`.`workerDepartment` `wd` on
+    (`wd`.`workerFk` = `w`.`id`));
diff --git a/db/dump/fixtures.sql b/db/dump/fixtures.sql
index 67b8b718a..a08ab3814 100644
--- a/db/dump/fixtures.sql
+++ b/db/dump/fixtures.sql
@@ -71,8 +71,8 @@ INSERT INTO `account`.`roleConfig`(`id`, `mysqlPassword`, `rolePrefix`, `userPre
 
 CALL `account`.`role_sync`;
 
-INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `password`,`role`,`active`,`email`, `lang`, `image`, `bcryptPassword`)
-    SELECT id, name, CONCAT(name, 'Nick'),MD5('nightmare'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2'
+INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `role`,`active`,`email`, `lang`, `image`, `password`)
+    SELECT id, name, CONCAT(name, 'Nick'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2'
         FROM `account`.`role` WHERE id <> 20
             ORDER BY id;
 
@@ -98,7 +98,7 @@ INSERT INTO `hedera`.`tpvConfig`(`id`, `currency`, `terminal`, `transactionType`
     VALUES
         (1,	978, 1, 0, 2000, 9, 0);
 
-INSERT INTO `account`.`user`(`id`,`name`,`nickname`, `bcryptPassword`, `password`,`role`,`active`,`email`,`lang`, `image`)
+INSERT INTO `account`.`user`(`id`,`name`,`nickname`, `password`, `password`,`role`,`active`,`email`,`lang`, `image`)
     VALUES
         (1101, 'BruceWayne',         'Bruce Wayne',          '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 1, 'BruceWayne@mydomain.com',         'es', 'e7723f0b24ff05b32ed09d95196f2f29'),
         (1102, 'PetterParker',       'Petter Parker',        '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 'ac754a330530832ba1bf7687f577da91', 2, 1, 'PetterParker@mydomain.com',       'en', 'e7723f0b24ff05b32ed09d95196f2f29'),
diff --git a/e2e/paths/01-salix/05_changePassword.spec.js b/e2e/paths/01-salix/05_changePassword.spec.js
index 969360cc4..f07b6e18b 100644
--- a/e2e/paths/01-salix/05_changePassword.spec.js
+++ b/e2e/paths/01-salix/05_changePassword.spec.js
@@ -18,63 +18,58 @@ fdescribe('ChangePassword path', async() => {
 
     const toExpects = [];
     async function saveExpets(message, expectMessage, expectState) {
-        console.log(message);
-        if (!message) message = await page.waitForSnackbar();
+        if (!message && expectMessage) message = await page.waitForSnackbar();
         if (expectState)
-            toExpects.push({value: await page.getState(), expected: toExpects.length + expectState});
+            toExpects.push({value: await page.getState(), expected: expectState});
         if (expectMessage)
-            toExpects.push({value: message.text, expected: toExpects.length + expectMessage});
-    }
-
-    function expects() {
-        for (let toExpect of toExpects)
-            expect(toExpect.expected).toContain(toExpect.value); // eslint-disable-line
+            toExpects.push({value: message.text, expected: expectMessage});
     }
 
     const oldPassword = 'nightmare';
     const newPassword = 'newPass.1234';
     describe('Bad login', async() => {
         it('should receive an error when the password is expired', async() => {
-            // 0 Expired login
+            // Expired login
             await saveExpets(await page.doLogin(
-                'maintenance',
+                'Maintenance',
                 oldPassword
             ), 'The password has expired, change it from Salix', 'change-password');
 
-            // 1 Bad attempt: incorrect current password
+            // Bad attempt: incorrect current password
             await saveExpets(await page.sendForm($.form, {
                 oldPassword: newPassword,
                 newPassword: oldPassword,
                 repeatPassword: oldPassword
             }), 'Invalid current password');
 
-            // 2 Bad attempt: password not meet requirements
+            // Bad attempt: password not meet requirements
             await saveExpets(await page.sendForm($.form, {
                 oldPassword: oldPassword,
                 newPassword: oldPassword,
                 repeatPassword: oldPassword
             }), 'Password does not meet requirements');
 
-            // 3 Correct attempt: change password
+            // Correct attempt: change password
             await saveExpets(await page.sendForm($.form, {
                 oldPassword: oldPassword,
                 newPassword: newPassword,
                 repeatPassword: newPassword
             }), 'Password updated!', 'login');
 
-            // 4 Bad login, old password
+            // Bad login, old password
             await saveExpets(await page.doLogin(
-                'maintenance',
+                'Maintenance',
                 oldPassword
-            ), 'The password has expired, change it from Salix');
+            ), 'Invalid login');
 
-            // 5 Correct login, new password
+            // Correct login, new password
             await saveExpets(await page.doLogin(
-                'maintenance',
+                'Maintenance',
                 newPassword
-            ), null, 'change-password');
+            ), null, 'login');
 
-            expects();
+            for (let toExpect of toExpects)
+                expect(toExpect.value).toContain(toExpect.expected); // eslint-disable-line
         });
     });
 });
diff --git a/modules/account/back/models/account-config.js b/modules/account/back/models/account-config.js
index 265f34275..db3a3de8a 100644
--- a/modules/account/back/models/account-config.js
+++ b/modules/account/back/models/account-config.js
@@ -111,7 +111,7 @@ module.exports = Self => {
                     'sync',
                     'active',
                     'created',
-                    'bcryptPassword',
+                    'password',
                     'updated'
                 ],
                 include: [