From cdf6cb661fdede8563714ccef5704a5302b665c0 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 13 Nov 2020 10:33:34 +0100 Subject: [PATCH] Login sync fixes --- back/methods/account/login.js | 52 +++++++++---------- back/models/user.json | 2 +- db/changes/10240-allSaints/00-sambaConfig.sql | 18 ++++++- modules/account/back/models/account-config.js | 46 ++++------------ modules/worker/front/routes.json | 1 + 5 files changed, 53 insertions(+), 66 deletions(-) diff --git a/back/methods/account/login.js b/back/methods/account/login.js index 640f377e7..7393e8374 100644 --- a/back/methods/account/login.js +++ b/back/methods/account/login.js @@ -1,4 +1,5 @@ const md5 = require('md5'); +const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { Self.remoteMethod('login', { @@ -12,7 +13,7 @@ module.exports = Self => { }, { arg: 'password', type: 'String', - description: 'The user name or email' + description: 'The password' } ], returns: { @@ -29,44 +30,41 @@ module.exports = Self => { let $ = Self.app.models; let token; let usesEmail = user.indexOf('@') !== -1; + let userInfo = usesEmail ? {email: user} : {username: user}; + let instance = await $.User.findOne({ + fields: ['username', 'password'], + where: userInfo + }); - let loginInfo = Object.assign({password}, userInfo); + let where = usesEmail + ? {email: user} + : {name: user}; + let account = await Self.findOne({ + fields: ['active', 'password'], + where + }); + + let validCredentials = instance && ( + await instance.hasPassword(password) || + account.password == md5(password || '') + ); + + if (validCredentials) { + if (!account.active) + throw new UserError('User disabled'); - try { - token = await $.User.login(loginInfo, 'user'); try { - let instance = await $.User.findOne({ - fields: ['username'], - where: userInfo - }); await $.UserAccount.sync(instance.username, password); } catch (err) { console.warn(err); } - } catch (err) { - if (err.code != 'LOGIN_FAILED') - throw err; - - let where = usesEmail - ? {email: user} - : {name: user}; - Object.assign(where, { - password: md5(password || '') - }); - - let instance = await Self.findOne({ - fields: ['name'], - where - }); - if (!instance) throw err; - - await $.UserAccount.sync(instance.name, password); - token = await $.User.login(loginInfo, 'user'); } + let loginInfo = Object.assign({password}, userInfo); + token = await $.User.login(loginInfo, 'user'); return {token: token.id}; }; }; diff --git a/back/models/user.json b/back/models/user.json index 0756d2093..1d8f8f3a5 100644 --- a/back/models/user.json +++ b/back/models/user.json @@ -3,7 +3,7 @@ "base": "User", "options": { "mysql": { - "table": "salix.user" + "table": "salix.User" } }, "properties": { diff --git a/db/changes/10240-allSaints/00-sambaConfig.sql b/db/changes/10240-allSaints/00-sambaConfig.sql index effa5e841..c8a628dd7 100644 --- a/db/changes/10240-allSaints/00-sambaConfig.sql +++ b/db/changes/10240-allSaints/00-sambaConfig.sql @@ -13,10 +13,24 @@ ALTER TABLE account.ldapConfig MODIFY COLUMN password varchar(255) NOT NULL COMM ALTER TABLE account.sambaConfig DROP COLUMN sshUser; ALTER TABLE account.sambaConfig DROP COLUMN sshPassword; -ALTER TABLE account.sambaConfig CHANGE host adController varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL NULL COMMENT 'The hosname of domain controller'; -ALTER TABLE account.sambaConfig MODIFY COLUMN adController varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL NULL COMMENT 'The hosname of domain controller'; +ALTER TABLE account.sambaConfig CHANGE host adController varchar(255) DEFAULT NULL NULL COMMENT 'The hosname of domain controller'; +ALTER TABLE account.sambaConfig MODIFY COLUMN adController varchar(255) DEFAULT NULL NULL COMMENT 'The hosname of domain controller'; ALTER TABLE account.sambaConfig DROP COLUMN userDn; ALTER TABLE account.sambaConfig ADD adDomain varchar(255) NOT NULL AFTER id; ALTER TABLE account.sambaConfig ADD verifyCert TINYINT UNSIGNED NOT NULL DEFAULT TRUE AFTER adPassword; ALTER TABLE account.sambaConfig MODIFY COLUMN adController varchar(255) NOT NULL COMMENT 'The hosname of domain controller'; + +ALTER TABLE account.user + ADD COLUMN `realm` varchar(512) CHARACTER SET utf8 DEFAULT NULL AFTER id, + ADD COLUMN `emailVerified` tinyint(1) DEFAULT NULL AFTER email, + ADD COLUMN `verificationToken` varchar(512) DEFAULT NULL AFTER emailVerified; + +DROP TABLE salix.user; + +CREATE OR REPLACE VIEW salix.User + AS SELECT id, realm, name AS username, bcryptPassword AS password, email, emailVerified, verificationToken + FROM account.user; + +ALTER TABLE account.`user` + MODIFY COLUMN bcryptPassword varchar(512) DEFAULT NULL NULL; diff --git a/modules/account/back/models/account-config.js b/modules/account/back/models/account-config.js index b70b49f70..a9b14bb4a 100644 --- a/modules/account/back/models/account-config.js +++ b/modules/account/back/models/account-config.js @@ -9,6 +9,14 @@ module.exports = Self => { this.synchronizers.push(synchronizer); }, + async getInstance() { + let instance = await Self.findOne({ + fields: ['homedir', 'shell', 'idBase'] + }); + await instance.synchronizerInit(); + return instance; + }, + async syncUsers() { let instance = await Self.getInstance(); @@ -50,14 +58,6 @@ module.exports = Self => { async getSynchronizer() { return await Self.findOne(); - }, - - async getInstance() { - let instance = await Self.findOne({ - fields: ['homedir', 'shell', 'idBase'] - }); - await instance.synchronizerInit(); - return instance; } }); @@ -171,34 +171,8 @@ module.exports = Self => { }, async syncUser(userName, info, password) { - let $ = app.models; - let {user} = info; - - if (user && user.active) { - let bcryptPassword = password - ? $.User.hashPassword(password) - : user.bcryptPassword; - - await $.Account.upsertWithWhere({id: user.id}, - {bcryptPassword} - ); - - let dbUser = { - id: user.id, - username: userName, - email: user.email, - created: user.created, - updated: user.updated - }; - if (bcryptPassword) - dbUser.password = bcryptPassword; - - if (await $.user.exists(user.id)) - await $.user.replaceById(user.id, dbUser); - else - await $.user.create(dbUser); - } else - await $.user.destroyAll({username: userName}); + if (info.user) + await app.models.user.setPassword(info.user.id, password); }, async getUsers(usersToSync) { diff --git a/modules/worker/front/routes.json b/modules/worker/front/routes.json index 9ab2f597e..4bad33dd0 100644 --- a/modules/worker/front/routes.json +++ b/modules/worker/front/routes.json @@ -3,6 +3,7 @@ "name": "Workers", "icon" : "icon-worker", "validations" : true, + "dependencies": ["account"], "menus": { "main": [ {"state": "worker.index", "icon": "icon-worker"},