From e0f6d08a1e1955f512588bbc2246194de3376e3d Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 15 Nov 2023 13:49:41 +0100 Subject: [PATCH 01/23] refs #6434 feat: create signInLog table --- db/changes/234202/00-createSignInLogTable.sql | 19 +++++++++++ modules/account/back/model-config.json | 3 ++ modules/account/back/models/sign_in-log.json | 34 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 db/changes/234202/00-createSignInLogTable.sql create mode 100644 modules/account/back/models/sign_in-log.json diff --git a/db/changes/234202/00-createSignInLogTable.sql b/db/changes/234202/00-createSignInLogTable.sql new file mode 100644 index 000000000..977de4646 --- /dev/null +++ b/db/changes/234202/00-createSignInLogTable.sql @@ -0,0 +1,19 @@ + + +-- +-- Table structure for table `signInLog` +-- + +DROP TABLE IF EXISTS `account`.`signInLog`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `account`.`signInLog` ( + `id` varchar(10) NOT NULL , + `userFk` int(10) unsigned DEFAULT NULL, + `creationDate` timestamp NULL DEFAULT current_timestamp(), + `ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL, + PRIMARY KEY (`id`), + KEY `userFk` (`userFk`), + CONSTRAINT `signInLog_ibfk_1` FOREIGN KEY (`userFk`) REFERENCES `user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE +); + diff --git a/modules/account/back/model-config.json b/modules/account/back/model-config.json index a4eb9fa57..b4bd6dbaf 100644 --- a/modules/account/back/model-config.json +++ b/modules/account/back/model-config.json @@ -35,6 +35,9 @@ "SambaConfig": { "dataSource": "vn" }, + "SignInLog": { + "dataSource": "vn" + }, "Sip": { "dataSource": "vn" }, diff --git a/modules/account/back/models/sign_in-log.json b/modules/account/back/models/sign_in-log.json new file mode 100644 index 000000000..44575b013 --- /dev/null +++ b/modules/account/back/models/sign_in-log.json @@ -0,0 +1,34 @@ +{ + "name": "SignInLog", + "base": "VnModel", + "options": { + "mysql": { + "table": "account.signInLog" + } + }, + "properties": { + "id": { + "id": true, + "type": "string" + }, + "creationDate": { + "type": "date" + }, + "userFk": { + "type": "number" + }, + "ip": { + "type": "string" + } + }, + "relations": { + "user": { + "type": "belongsTo", + "model": "VnUser", + "foreignKey": "userFk" + } + }, + "scope": { + "order": ["creationDate DESC", "id DESC"] + } +} From 0a31968cc7ad7b6883ec184dd5e3457760072807 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 15 Nov 2023 13:49:54 +0100 Subject: [PATCH 02/23] refs #6434 feat: show error for wrong login --- back/models/vn-user.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 712ed7d16..62bdfa2da 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -2,6 +2,7 @@ const vnModel = require('vn-loopback/common/models/vn-model'); const {Email} = require('vn-print'); const ForbiddenError = require('vn-loopback/util/forbiddenError'); const LoopBackContext = require('loopback-context'); +const UserError = require('vn-loopback/util/user-error'); module.exports = function(Self) { vnModel(Self); @@ -125,10 +126,16 @@ module.exports = function(Self) { }); Self.validateLogin = async function(user, password) { - let loginInfo = Object.assign({password}, Self.userUses(user)); - token = await Self.login(loginInfo, 'user'); + const loginInfo = Object.assign({password}, Self.userUses(user)); + const token = await Self.login(loginInfo, 'user'); const userToken = await token.user.get(); + + if (userToken.username !== user) { + console.error('ERROR!!! - Signin with other user', userToken, user); + throw new UserError('Try again'); + } + try { await Self.app.models.Account.sync(userToken.name, password); } catch (err) { From 58edcb9055c56b84f08384aa135119b608158518 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 15 Nov 2023 13:50:06 +0100 Subject: [PATCH 03/23] refs #6434 feat: save token in db for each login --- back/methods/vn-user/sign-in.js | 9 +++++++-- loopback/locale/es.json | 5 +++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/back/methods/vn-user/sign-in.js b/back/methods/vn-user/sign-in.js index b9e0d2f70..25f708b8e 100644 --- a/back/methods/vn-user/sign-in.js +++ b/back/methods/vn-user/sign-in.js @@ -49,8 +49,13 @@ module.exports = Self => { if (vnUser.twoFactor) throw new ForbiddenError(null, 'REQUIRES_2FA'); } - - return Self.validateLogin(user, password); + const validateLogin = await Self.validateLogin(user, password); + await Self.app.models.SignInLog.create({ + id: validateLogin.token, + userFk: vnUser.id, + ip: ctx.req.ip + }); + return validateLogin; }; Self.passExpired = async vnUser => { diff --git a/loopback/locale/es.json b/loopback/locale/es.json index 4b297144f..ce56a6729 100644 --- a/loopback/locale/es.json +++ b/loopback/locale/es.json @@ -318,9 +318,10 @@ "Social name should be uppercase": "La razón social debe ir en mayúscula", "Street should be uppercase": "La dirección fiscal debe ir en mayúscula", "The response is not a PDF": "La respuesta no es un PDF", - "Ticket without Route": "Ticket sin ruta", "Booking completed": "Reserva completada", "The ticket is in preparation": "El ticket [{{ticketId}}]({{{ticketUrl}}}) del comercial {{salesPersonId}} está en preparación", "The amount cannot be less than the minimum": "La cantidad no puede ser menor que la cantidad mímina", - "quantityLessThanMin": "La cantidad no puede ser menor que la cantidad mímina" + "quantityLessThanMin": "La cantidad no puede ser menor que la cantidad mímina", + "The notification subscription of this worker cant be modified": "La subscripción a la notificación de este trabajador no puede ser modificada", + "User disabled": "Usuario desactivado" } From 13720291b2802826ba55a06c2dc8ee0aa778e6d4 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 15 Nov 2023 15:18:02 +0100 Subject: [PATCH 04/23] refs #6434 perf: remove unique in token column --- modules/account/back/models/sign_in-log.json | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/account/back/models/sign_in-log.json b/modules/account/back/models/sign_in-log.json index 44575b013..3cd971cb8 100644 --- a/modules/account/back/models/sign_in-log.json +++ b/modules/account/back/models/sign_in-log.json @@ -8,7 +8,6 @@ }, "properties": { "id": { - "id": true, "type": "string" }, "creationDate": { From c6b5d7f5a4a291dbfbcdc4d6187fb92bb0052912 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 08:30:01 +0100 Subject: [PATCH 05/23] refs #6434 feat: rename id key by token --- back/methods/vn-user/sign-in.js | 2 +- db/changes/234202/00-createSignInLogTable.sql | 2 +- modules/account/back/models/sign_in-log.json | 9 ++++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/back/methods/vn-user/sign-in.js b/back/methods/vn-user/sign-in.js index 25f708b8e..9c2d568f4 100644 --- a/back/methods/vn-user/sign-in.js +++ b/back/methods/vn-user/sign-in.js @@ -51,7 +51,7 @@ module.exports = Self => { } const validateLogin = await Self.validateLogin(user, password); await Self.app.models.SignInLog.create({ - id: validateLogin.token, + token: validateLogin.token, userFk: vnUser.id, ip: ctx.req.ip }); diff --git a/db/changes/234202/00-createSignInLogTable.sql b/db/changes/234202/00-createSignInLogTable.sql index 977de4646..6a648bb51 100644 --- a/db/changes/234202/00-createSignInLogTable.sql +++ b/db/changes/234202/00-createSignInLogTable.sql @@ -8,7 +8,7 @@ DROP TABLE IF EXISTS `account`.`signInLog`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `account`.`signInLog` ( - `id` varchar(10) NOT NULL , + `token` varchar(255) NOT NULL , `userFk` int(10) unsigned DEFAULT NULL, `creationDate` timestamp NULL DEFAULT current_timestamp(), `ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL, diff --git a/modules/account/back/models/sign_in-log.json b/modules/account/back/models/sign_in-log.json index 3cd971cb8..9e6df2da5 100644 --- a/modules/account/back/models/sign_in-log.json +++ b/modules/account/back/models/sign_in-log.json @@ -7,13 +7,16 @@ } }, "properties": { - "id": { - "type": "string" + "token": { + "required": true, + "type": "string", + "description": "Token's user" }, "creationDate": { - "type": "date" + "type": "date" }, "userFk": { + "required": true, "type": "number" }, "ip": { From 3c8ed3ff51c7d80551cb068095f86d044fb3037d Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 08:30:27 +0100 Subject: [PATCH 06/23] refs #6434 feat: username.toLowerCase() --- back/models/vn-user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 62bdfa2da..5845c2192 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -131,7 +131,7 @@ module.exports = function(Self) { const userToken = await token.user.get(); - if (userToken.username !== user) { + if (userToken.username.toLowerCase() !== user.toLowerCase()) { console.error('ERROR!!! - Signin with other user', userToken, user); throw new UserError('Try again'); } From e73836cbdb551ee1f850955a7d99c768ede44d7c Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 08:31:01 +0100 Subject: [PATCH 07/23] refs #6434 feat: remove primary key constraint --- db/changes/234202/00-createSignInLogTable.sql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/db/changes/234202/00-createSignInLogTable.sql b/db/changes/234202/00-createSignInLogTable.sql index 6a648bb51..168c7b33f 100644 --- a/db/changes/234202/00-createSignInLogTable.sql +++ b/db/changes/234202/00-createSignInLogTable.sql @@ -12,8 +12,7 @@ CREATE TABLE `account`.`signInLog` ( `userFk` int(10) unsigned DEFAULT NULL, `creationDate` timestamp NULL DEFAULT current_timestamp(), `ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL, - PRIMARY KEY (`id`), - KEY `userFk` (`userFk`), + CONSTRAINT `signInLog_ibfk_1` FOREIGN KEY (`userFk`) REFERENCES `user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE ); From d032b3a527da098541818cde90cb600188ec4189 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 08:42:17 +0100 Subject: [PATCH 08/23] refs #6434 perf: add description to signInLog table --- db/changes/234202/00-createSignInLogTable.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/db/changes/234202/00-createSignInLogTable.sql b/db/changes/234202/00-createSignInLogTable.sql index 168c7b33f..918b87137 100644 --- a/db/changes/234202/00-createSignInLogTable.sql +++ b/db/changes/234202/00-createSignInLogTable.sql @@ -2,6 +2,7 @@ -- -- Table structure for table `signInLog` +-- Description: log to debug cross-login error -- DROP TABLE IF EXISTS `account`.`signInLog`; From 144b26cf4cd8f9fe17f5d4e435247930250c343c Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 08:47:08 +0100 Subject: [PATCH 09/23] refs #6434 perf: signInLog table id column AI --- db/changes/234202/00-createSignInLogTable.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/db/changes/234202/00-createSignInLogTable.sql b/db/changes/234202/00-createSignInLogTable.sql index 918b87137..525348135 100644 --- a/db/changes/234202/00-createSignInLogTable.sql +++ b/db/changes/234202/00-createSignInLogTable.sql @@ -9,11 +9,12 @@ DROP TABLE IF EXISTS `account`.`signInLog`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `account`.`signInLog` ( + id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, `token` varchar(255) NOT NULL , `userFk` int(10) unsigned DEFAULT NULL, `creationDate` timestamp NULL DEFAULT current_timestamp(), `ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL, - + KEY `userFk` (`userFk`), CONSTRAINT `signInLog_ibfk_1` FOREIGN KEY (`userFk`) REFERENCES `user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE ); From 67f5be474d44956fd3e7c2f7088cf7845d855559 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 09:21:22 +0100 Subject: [PATCH 10/23] refs #6434 perf: rename db/changes current folder --- db/changes/234603/00-createSignInLogTable.sql | 5 +++-- db/changes/{234202 => 234604}/00-createSignInLogTable.sql | 0 2 files changed, 3 insertions(+), 2 deletions(-) rename db/changes/{234202 => 234604}/00-createSignInLogTable.sql (100%) diff --git a/db/changes/234603/00-createSignInLogTable.sql b/db/changes/234603/00-createSignInLogTable.sql index 977de4646..525348135 100644 --- a/db/changes/234603/00-createSignInLogTable.sql +++ b/db/changes/234603/00-createSignInLogTable.sql @@ -2,17 +2,18 @@ -- -- Table structure for table `signInLog` +-- Description: log to debug cross-login error -- DROP TABLE IF EXISTS `account`.`signInLog`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `account`.`signInLog` ( - `id` varchar(10) NOT NULL , + id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, + `token` varchar(255) NOT NULL , `userFk` int(10) unsigned DEFAULT NULL, `creationDate` timestamp NULL DEFAULT current_timestamp(), `ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL, - PRIMARY KEY (`id`), KEY `userFk` (`userFk`), CONSTRAINT `signInLog_ibfk_1` FOREIGN KEY (`userFk`) REFERENCES `user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE ); diff --git a/db/changes/234202/00-createSignInLogTable.sql b/db/changes/234604/00-createSignInLogTable.sql similarity index 100% rename from db/changes/234202/00-createSignInLogTable.sql rename to db/changes/234604/00-createSignInLogTable.sql From 9c6b59442684085d6ab3a519de1afadcb4571fb3 Mon Sep 17 00:00:00 2001 From: alexm Date: Thu, 16 Nov 2023 10:04:34 +0100 Subject: [PATCH 11/23] hotFix: comment error logIn --- back/models/vn-user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 5845c2192..2ab97fce6 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -131,10 +131,10 @@ module.exports = function(Self) { const userToken = await token.user.get(); - if (userToken.username.toLowerCase() !== user.toLowerCase()) { - console.error('ERROR!!! - Signin with other user', userToken, user); - throw new UserError('Try again'); - } + // if (userToken.username.toLowerCase() !== user.toLowerCase()) { + // console.error('ERROR!!! - Signin with other user', userToken, user); + // throw new UserError('Try again'); + // } try { await Self.app.models.Account.sync(userToken.name, password); From 386b556216ec86e4c91a756b9f2c1e3f835c3c31 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 10:29:57 +0100 Subject: [PATCH 12/23] refs #6434 feat: new test user signIn with email --- back/methods/vn-user/specs/sign-in.spec.js | 10 ++++++++++ back/models/vn-user.js | 13 ++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/back/methods/vn-user/specs/sign-in.spec.js b/back/methods/vn-user/specs/sign-in.spec.js index f4cad88b9..26abe7eda 100644 --- a/back/methods/vn-user/specs/sign-in.spec.js +++ b/back/methods/vn-user/specs/sign-in.spec.js @@ -14,6 +14,16 @@ describe('VnUser Sign-in()', () => { }; const {VnUser, AccessToken} = models; describe('when credentials are correct', () => { + it('should return the token if user uses email', async() => { + let login = await VnUser.signIn(unauthCtx, 'salesAssistant@mydomain.com', 'nightmare'); + let accessToken = await AccessToken.findById(login.token); + let ctx = {req: {accessToken: accessToken}}; + + expect(login.token).toBeDefined(); + + await VnUser.logout(ctx.req.accessToken.id); + }); + it('should return the token', async() => { let login = await VnUser.signIn(unauthCtx, 'salesAssistant', 'nightmare'); let accessToken = await AccessToken.findById(login.token); diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 2ab97fce6..bbfee4c51 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -124,17 +124,20 @@ module.exports = function(Self) { return email.send(); }); + Self.signInValidate = (user, userToken) => { + const [[key, value]] = Object.entries(Self.userUses(user)); + if (userToken[key].toLowerCase() !== value.toLowerCase()) { + console.error('ERROR!!! - Signin with other user', _userToken, _user); + throw new UserError('Try again'); + } + }; Self.validateLogin = async function(user, password) { const loginInfo = Object.assign({password}, Self.userUses(user)); const token = await Self.login(loginInfo, 'user'); const userToken = await token.user.get(); - - // if (userToken.username.toLowerCase() !== user.toLowerCase()) { - // console.error('ERROR!!! - Signin with other user', userToken, user); - // throw new UserError('Try again'); - // } + Self.signInValidate(user, userToken); try { await Self.app.models.Account.sync(userToken.name, password); From abf772ae870e238a4df0b42bfb082724ebf76dd1 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 10:43:00 +0100 Subject: [PATCH 13/23] refs #6434 feat: check if signIn inserts signInLog --- back/methods/vn-user/specs/sign-in.spec.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/back/methods/vn-user/specs/sign-in.spec.js b/back/methods/vn-user/specs/sign-in.spec.js index 26abe7eda..ac2dfe2b2 100644 --- a/back/methods/vn-user/specs/sign-in.spec.js +++ b/back/methods/vn-user/specs/sign-in.spec.js @@ -12,13 +12,16 @@ describe('VnUser Sign-in()', () => { }, args: {} }; - const {VnUser, AccessToken} = models; + const {VnUser, AccessToken, SignInLog} = models; describe('when credentials are correct', () => { it('should return the token if user uses email', async() => { let login = await VnUser.signIn(unauthCtx, 'salesAssistant@mydomain.com', 'nightmare'); let accessToken = await AccessToken.findById(login.token); let ctx = {req: {accessToken: accessToken}}; + let signInLog = await SignInLog.find({where: {token: accessToken.id}}); + expect(signInLog.length).toEqual(1); + expect(signInLog[0].userFk).toEqual(accessToken.userId); expect(login.token).toBeDefined(); await VnUser.logout(ctx.req.accessToken.id); From 9e649398101ffff980ff7471fa375d885e8c5972 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 11:56:48 +0100 Subject: [PATCH 14/23] refs #6434 feat: add Id property in model --- modules/account/back/models/sign_in-log.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/account/back/models/sign_in-log.json b/modules/account/back/models/sign_in-log.json index 9e6df2da5..c5c014e60 100644 --- a/modules/account/back/models/sign_in-log.json +++ b/modules/account/back/models/sign_in-log.json @@ -7,6 +7,11 @@ } }, "properties": { + "id": { + "type": "number", + "id": true, + "description": "Identifier" + }, "token": { "required": true, "type": "string", From a73453e9ed29736cbb35fd370ad29ae38068d071 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 16 Nov 2023 11:56:59 +0100 Subject: [PATCH 15/23] refs #6434 feat: remove old sql file --- db/changes/234603/00-createSignInLogTable.sql | 20 ------------------- 1 file changed, 20 deletions(-) delete mode 100644 db/changes/234603/00-createSignInLogTable.sql diff --git a/db/changes/234603/00-createSignInLogTable.sql b/db/changes/234603/00-createSignInLogTable.sql deleted file mode 100644 index 525348135..000000000 --- a/db/changes/234603/00-createSignInLogTable.sql +++ /dev/null @@ -1,20 +0,0 @@ - - --- --- Table structure for table `signInLog` --- Description: log to debug cross-login error --- - -DROP TABLE IF EXISTS `account`.`signInLog`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `account`.`signInLog` ( - id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, - `token` varchar(255) NOT NULL , - `userFk` int(10) unsigned DEFAULT NULL, - `creationDate` timestamp NULL DEFAULT current_timestamp(), - `ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL, - KEY `userFk` (`userFk`), - CONSTRAINT `signInLog_ibfk_1` FOREIGN KEY (`userFk`) REFERENCES `user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE -); - From 83ae0379b5feeb7922075fbbba14c7c1406a09de Mon Sep 17 00:00:00 2001 From: alexm Date: Thu, 16 Nov 2023 12:28:35 +0100 Subject: [PATCH 16/23] refs #6434 fix: console.log --- back/models/vn-user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index bbfee4c51..e73c04bc0 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -127,7 +127,7 @@ module.exports = function(Self) { Self.signInValidate = (user, userToken) => { const [[key, value]] = Object.entries(Self.userUses(user)); if (userToken[key].toLowerCase() !== value.toLowerCase()) { - console.error('ERROR!!! - Signin with other user', _userToken, _user); + console.error('ERROR!!! - Signin with other user', userToken, user); throw new UserError('Try again'); } }; From aea3f7b2b9bbecaa6f16d0ff241c57a0c766ba32 Mon Sep 17 00:00:00 2001 From: alexm Date: Thu, 16 Nov 2023 15:10:47 +0100 Subject: [PATCH 17/23] refs #6434 fix: use trim --- back/models/vn-user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index e73c04bc0..719e96cbf 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -126,7 +126,7 @@ module.exports = function(Self) { }); Self.signInValidate = (user, userToken) => { const [[key, value]] = Object.entries(Self.userUses(user)); - if (userToken[key].toLowerCase() !== value.toLowerCase()) { + if (userToken[key].toLowerCase().trim() !== value.toLowerCase().trim()) { console.error('ERROR!!! - Signin with other user', userToken, user); throw new UserError('Try again'); } From 4f5242e3ae30d0e9b2ef35d7368ce0aab1052595 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 16 Nov 2023 23:07:26 +0100 Subject: [PATCH 18/23] fix: refs #6432 account sync fixes --- Dockerfile | 10 +- db/changes/234604/00-sambaConfigUserDn.sql | 2 + modules/account/back/methods/account/sync.js | 8 +- modules/account/back/models/ldap-config.js | 3 +- modules/account/back/models/role-config.js | 20 ++- modules/account/back/models/samba-config.js | 149 +++++++++++------- modules/account/back/models/samba-config.json | 4 + modules/account/front/accounts/index.html | 40 +---- modules/account/front/accounts/index.js | 18 --- modules/account/front/accounts/locale/es.yml | 2 - modules/account/front/descriptor/index.html | 35 ++++ modules/account/front/descriptor/index.js | 14 ++ .../account/front/descriptor/locale/es.yml | 4 + 13 files changed, 186 insertions(+), 123 deletions(-) create mode 100644 db/changes/234604/00-sambaConfigUserDn.sql diff --git a/Dockerfile b/Dockerfile index e1173ad73..814a5e1d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,15 +17,19 @@ RUN apt-get update \ # Puppeteer -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ +RUN apt-get install -y --no-install-recommends \ libfontconfig lftp xvfb gconf-service libasound2 libatk1.0-0 libc6 \ libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 \ libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 \ libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 \ libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 \ libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 \ - fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget \ + fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget + +# Extra dependencies + +RUN apt-get install -y --no-install-recommends \ + samba-common-bin \ && rm -rf /var/lib/apt/lists/* \ && npm -g install pm2 diff --git a/db/changes/234604/00-sambaConfigUserDn.sql b/db/changes/234604/00-sambaConfigUserDn.sql new file mode 100644 index 000000000..cacb30e97 --- /dev/null +++ b/db/changes/234604/00-sambaConfigUserDn.sql @@ -0,0 +1,2 @@ +ALTER TABLE account.sambaConfig + ADD userDn varchar(255) NOT NULL COMMENT 'Base DN for users without domain DN part'; diff --git a/modules/account/back/methods/account/sync.js b/modules/account/back/methods/account/sync.js index a5befc22c..0eab0ef63 100644 --- a/modules/account/back/methods/account/sync.js +++ b/modules/account/back/methods/account/sync.js @@ -1,3 +1,4 @@ +const ForbiddenError = require('vn-loopback/util/forbiddenError'); module.exports = Self => { Self.remoteMethod('sync', { @@ -32,9 +33,13 @@ module.exports = Self => { const models = Self.app.models; const user = await models.VnUser.findOne({ - fields: ['id'], + fields: ['id', 'password'], where: {name: userName} }, myOptions); + + if (user && password && !await user.hasPassword(password)) + throw new ForbiddenError('Wrong password'); + const isSync = !await models.UserSync.exists(userName, myOptions); if (!force && isSync && user) return; @@ -42,4 +47,3 @@ module.exports = Self => { await models.UserSync.destroyById(userName, myOptions); }; }; - diff --git a/modules/account/back/models/ldap-config.js b/modules/account/back/models/ldap-config.js index f9ae7562b..9dcc4136d 100644 --- a/modules/account/back/models/ldap-config.js +++ b/modules/account/back/models/ldap-config.js @@ -5,7 +5,7 @@ const crypto = require('crypto'); const nthash = require('smbhash').nthash; module.exports = Self => { - const shouldSync = process.env.NODE_ENV === 'production'; + const shouldSync = process.env.NODE_ENV !== 'test'; Self.getSynchronizer = async function() { return await Self.findOne({ @@ -140,6 +140,7 @@ module.exports = Self => { try { if (shouldSync) await client.del(dn); + // eslint-disable-next-line no-console console.log(` -> User '${userName}' removed from LDAP`); } catch (e) { if (e.name !== 'NoSuchObjectError') throw e; diff --git a/modules/account/back/models/role-config.js b/modules/account/back/models/role-config.js index ba7bf9d52..b90ef75fb 100644 --- a/modules/account/back/models/role-config.js +++ b/modules/account/back/models/role-config.js @@ -27,8 +27,7 @@ module.exports = Self => { const [row] = await Self.rawSql( `SELECT COUNT(*) AS nRows FROM mysql.user - WHERE User = ? - AND Host = ?`, + WHERE User = ? AND Host = ?`, [mysqlUser, this.userHost] ); let userExists = row.nRows > 0; @@ -38,8 +37,7 @@ module.exports = Self => { const [row] = await Self.rawSql( `SELECT Priv AS priv FROM mysql.global_priv - WHERE User = ? - AND Host = ?`, + WHERE User = ? AND Host = ?`, [mysqlUser, this.userHost] ); const priv = row && JSON.parse(row.priv); @@ -88,10 +86,18 @@ module.exports = Self => { else throw err; } - await Self.rawSql('GRANT ? TO ?@?', - [role, mysqlUser, this.userHost]); - if (role) { + const [row] = await Self.rawSql( + `SELECT COUNT(*) AS nRows + FROM mysql.user + WHERE User = ? AND Host = ''`, + [role] + ); + const roleExists = row.nRows > 0; + + if (roleExists) { + await Self.rawSql('GRANT ? TO ?@?', + [role, mysqlUser, this.userHost]); await Self.rawSql('SET DEFAULT ROLE ? FOR ?@?', [role, mysqlUser, this.userHost]); } else { diff --git a/modules/account/back/models/samba-config.js b/modules/account/back/models/samba-config.js index 168b5ffb4..1abac489c 100644 --- a/modules/account/back/models/samba-config.js +++ b/modules/account/back/models/samba-config.js @@ -1,6 +1,6 @@ const ldap = require('../util/ldapjs-extra'); -const ssh = require('node-ssh'); +const execFile = require('child_process').execFile; /** * Summary of userAccountControl flags: @@ -11,6 +11,8 @@ const UserAccountControlFlags = { }; module.exports = Self => { + const shouldSync = process.env.NODE_ENV !== 'test'; + Self.getSynchronizer = async function() { return await Self.findOne({ fields: [ @@ -19,6 +21,7 @@ module.exports = Self => { 'adController', 'adUser', 'adPassword', + 'userDn', 'verifyCert' ] }); @@ -26,88 +29,119 @@ module.exports = Self => { Object.assign(Self.prototype, { async init() { - let sshClient = new ssh.NodeSSH(); - await sshClient.connect({ - host: this.adController, - username: this.adUser, - password: this.adPassword - }); + const baseDn = this.adDomain + .split('.') + .map(part => `dc=${part}`) + .join(','); + const ldapUser = `cn=${this.adUser},cn=Users,${baseDn}`; - let adUser = `cn=${this.adUser},${this.usersDn()}`; - - let adClient = ldap.createClient({ + const adClient = ldap.createClient({ url: `ldaps://${this.adController}:636`, tlsOptions: {rejectUnauthorized: this.verifyCert} }); - await adClient.bind(adUser, this.adPassword); - + await adClient.bind(ldapUser, this.adPassword); Object.assign(this, { - sshClient, - adClient + adClient, + fullUsersDn: `${this.userDn},${baseDn}` }); }, async deinit() { - await this.sshClient.dispose(); await this.adClient.unbind(); }, - usersDn() { - let dnBase = this.adDomain - .split('.') - .map(part => `dc=${part}`) - .join(','); - return `cn=Users,${dnBase}`; + async sambaTool(command, args = []) { + const authArgs = [ + '--URL', `ldap://${this.adController}`, + '--username', this.adUser, + '--password', this.adPassword + ]; + const allArgs = [command].concat( + args, authArgs + ); + + if (!shouldSync) return; + return await new Promise((resolve, reject) => { + execFile('samba-tool', allArgs, (err, stdout, stderr) => { + if (err) + reject(err); + else + resolve({stdout, stderr}); + }); + }); }, - async syncUser(userName, info, password) { - let {sshClient} = this; - - let sambaUser = await this.adClient.searchOne(this.usersDn(), { + async getAdUser(userName) { + const sambaUser = await this.adClient.searchOne(this.fullUsersDn, { scope: 'sub', - attributes: ['userAccountControl'], + attributes: [ + 'dn', + 'userAccountControl', + 'uidNumber', + 'accountExpires', + 'mail' + ], filter: `(&(objectClass=user)(sAMAccountName=${userName}))` }); - let isEnabled = sambaUser - && !(sambaUser.userAccountControl & UserAccountControlFlags.ACCOUNTDISABLE); - - if (process.env.NODE_ENV === 'test') - return; + if (sambaUser) { + for (const intProp of ['uidNumber', 'userAccountControl']) { + if (sambaUser[intProp] != null) + sambaUser[intProp] = parseInt(sambaUser[intProp]); + } + } + return sambaUser; + }, + + async syncUser(userName, info, password) { + let sambaUser = await this.getAdUser(userName); + let entry; if (info.hasAccount) { if (!sambaUser) { - await sshClient.exec('samba-tool user create', [ - userName, - '--uid-number', `${info.uidNumber}`, - '--mail-address', info.corporateMail, + await this.sambaTool('user', [ + 'create', userName, + '--userou', this.userDn, '--random-password' ]); - await sshClient.exec('samba-tool user setexpiry', [ - userName, - '--noexpiry' - ]); - await sshClient.exec('mkhomedir_helper', [ - userName, - '0027' - ]); - } - if (!isEnabled) { - await sshClient.exec('samba-tool user enable', [ - userName - ]); + sambaUser = await this.getAdUser(userName); } if (password) { - await sshClient.exec('samba-tool user setpassword', [ - userName, + await this.sambaTool('user', [ + 'setpassword', userName, '--newpassword', password ]); } - } else if (isEnabled) { - await sshClient.exec('samba-tool user disable', [ - userName - ]); + + entry = { + userAccountControl: sambaUser.userAccountControl + & ~UserAccountControlFlags.ACCOUNTDISABLE, + uidNumber: info.uidNumber, + accountExpires: 0, + mail: info.corporateMail + }; + } else if (sambaUser) { + entry = { + userAccountControl: sambaUser.userAccountControl + | UserAccountControlFlags.ACCOUNTDISABLE + }; + // eslint-disable-next-line no-console console.log(` -> User '${userName}' disabled on Samba`); } + + if (sambaUser && entry) { + const changes = []; + for (const prop in entry) { + if (sambaUser[prop] == entry[prop]) continue; + changes.push(new ldap.Change({ + operation: 'replace', + modification: { + [prop]: entry[prop] + } + })); + } + if (changes.length) + await this.adClient.modify(sambaUser.dn, changes); + } }, /** @@ -117,14 +151,15 @@ module.exports = Self => { */ async getUsers(usersToSync) { const LDAP_MATCHING_RULE_BIT_AND = '1.2.840.113556.1.4.803'; - let filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}:=${UserAccountControlFlags.ACCOUNTDISABLE})`; + // eslint-disable-next-line max-len + const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}:=${UserAccountControlFlags.ACCOUNTDISABLE})`; - let opts = { + const opts = { scope: 'sub', attributes: ['sAMAccountName'], filter: `(&(objectClass=user)(${filter}))` }; - await this.adClient.searchForeach(this.usersDn(), opts, + await this.adClient.searchForeach(this.fullUsersDn, opts, o => usersToSync.add(o.sAMAccountName)); } }); diff --git a/modules/account/back/models/samba-config.json b/modules/account/back/models/samba-config.json index 732c9b071..28cbb2689 100644 --- a/modules/account/back/models/samba-config.json +++ b/modules/account/back/models/samba-config.json @@ -28,6 +28,10 @@ "adPassword": { "type": "string" }, + "userDn": { + "type": "string", + "required": true + }, "verifyCert": { "type": "boolean" } diff --git a/modules/account/front/accounts/index.html b/modules/account/front/accounts/index.html index 6941bb15b..6847e68d1 100644 --- a/modules/account/front/accounts/index.html +++ b/modules/account/front/accounts/index.html @@ -12,40 +12,40 @@ @@ -61,10 +61,6 @@ label="Synchronize all" ng-click="$ctrl.onSynchronizeAll()"> - - @@ -77,25 +73,3 @@ - - - - - - - - - - - - diff --git a/modules/account/front/accounts/index.js b/modules/account/front/accounts/index.js index 0e78ab8d6..ab19126a1 100644 --- a/modules/account/front/accounts/index.js +++ b/modules/account/front/accounts/index.js @@ -1,6 +1,5 @@ import ngModule from '../module'; import Section from 'salix/components/section'; -import UserError from 'core/lib/user-error'; export default class Controller extends Section { onSynchronizeAll() { @@ -8,27 +7,10 @@ export default class Controller extends Section { this.$http.patch(`Accounts/syncAll`); } - onUserSync() { - if (!this.syncUser) - throw new UserError('Please enter the username'); - - let params = { - password: this.syncPassword, - force: true - }; - return this.$http.patch(`Accounts/${this.syncUser}/sync`, params) - .then(() => this.vnApp.showSuccess(this.$t('User synchronized!'))); - } - onSynchronizeRoles() { this.$http.patch(`RoleInherits/sync`) .then(() => this.vnApp.showSuccess(this.$t('Roles synchronized!'))); } - - onSyncClose() { - this.syncUser = ''; - this.syncPassword = ''; - } } ngModule.component('vnAccountAccounts', { diff --git a/modules/account/front/accounts/locale/es.yml b/modules/account/front/accounts/locale/es.yml index 9a6bb5073..614ade3eb 100644 --- a/modules/account/front/accounts/locale/es.yml +++ b/modules/account/front/accounts/locale/es.yml @@ -3,7 +3,6 @@ Homedir base: Directorio base para carpetas de usuario Shell: Intérprete de línea de comandos User and role base id: Id base usuarios y roles Synchronize all: Sincronizar todo -Synchronize user: Sincronizar usuario Synchronize roles: Sincronizar roles If password is not specified, just user attributes are synchronized: >- Si la contraseña no se especifica solo se sincronizarán lo atributos del usuario @@ -12,5 +11,4 @@ Users synchronized!: ¡Usuarios sincronizados! Username: Nombre de usuario Synchronize: Sincronizar Please enter the username: Por favor introduce el nombre de usuario -User synchronized!: ¡Usuario sincronizado! Roles synchronized!: ¡Roles sincronizados! diff --git a/modules/account/front/descriptor/index.html b/modules/account/front/descriptor/index.html index 94497aaa9..b0a70edd1 100644 --- a/modules/account/front/descriptor/index.html +++ b/modules/account/front/descriptor/index.html @@ -67,6 +67,15 @@ translate> Deactivate user + + Synchronize +
@@ -153,6 +162,32 @@ + + + Do you want to synchronize user? + + + + + + + + + + + + diff --git a/modules/account/front/descriptor/index.js b/modules/account/front/descriptor/index.js index 786870d36..c327b0836 100644 --- a/modules/account/front/descriptor/index.js +++ b/modules/account/front/descriptor/index.js @@ -120,6 +120,20 @@ class Controller extends Descriptor { this.vnApp.showSuccess(this.$t(message)); }); } + + onSync() { + let params = { + password: this.syncPassword, + force: true + }; + return this.$http.patch(`Accounts/${this.user.name}/sync`, params) + .then(() => this.vnApp.showSuccess(this.$t('User synchronized!'))); + } + + onSyncClose() { + this.shouldSyncPassword = false; + this.syncPassword = undefined; + } } ngModule.component('vnUserDescriptor', { diff --git a/modules/account/front/descriptor/locale/es.yml b/modules/account/front/descriptor/locale/es.yml index 5e8242819..98ced7694 100644 --- a/modules/account/front/descriptor/locale/es.yml +++ b/modules/account/front/descriptor/locale/es.yml @@ -22,6 +22,10 @@ Old password: Contraseña antigua New password: Nueva contraseña Repeat password: Repetir contraseña Password changed succesfully!: ¡Contraseña modificada correctamente! +Synchronize: Sincronizar +Do you want to synchronize user?: ¿Quieres sincronizar el usuario? +Synchronize password: Sincronizar contraseña +User synchronized!: ¡Usuario sincronizado! Role changed succesfully!: ¡Rol modificado correctamente! Password requirements: > La contraseña debe tener al menos {{ length }} caracteres de longitud, From ea5a881d1f4f35473e3984d161908fd3029f9000 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 16 Nov 2023 23:10:30 +0100 Subject: [PATCH 19/23] fix: refs #6432 account sync fixes --- modules/account/back/models/samba-config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/account/back/models/samba-config.js b/modules/account/back/models/samba-config.js index 1abac489c..b6692be02 100644 --- a/modules/account/back/models/samba-config.js +++ b/modules/account/back/models/samba-config.js @@ -139,7 +139,7 @@ module.exports = Self => { } })); } - if (changes.length) + if (changes.length && shouldSync) await this.adClient.modify(sambaUser.dn, changes); } }, From 6930c2d52e1e068e1437ed89f511e9d1b8d616d1 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 16 Nov 2023 23:13:16 +0100 Subject: [PATCH 20/23] fix: #6432 account sync fixes --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 814a5e1d8..d46a1a84c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,8 @@ RUN apt-get update \ # Puppeteer -RUN apt-get install -y --no-install-recommends \ +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ libfontconfig lftp xvfb gconf-service libasound2 libatk1.0-0 libc6 \ libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 \ libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 \ @@ -28,7 +29,8 @@ RUN apt-get install -y --no-install-recommends \ # Extra dependencies -RUN apt-get install -y --no-install-recommends \ +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ samba-common-bin \ && rm -rf /var/lib/apt/lists/* \ && npm -g install pm2 From 14eb14ad3f2540fd89fc4172e85d90f3b34bf8ae Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 17 Nov 2023 00:00:36 +0100 Subject: [PATCH 21/23] fix: refs #6432 bookworm upgrade --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d46a1a84c..ce63da8ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim ENV TZ Europe/Madrid ARG DEBIAN_FRONTEND=noninteractive From c2e295f777026ae621864b1d31936a228997b2ce Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 17 Nov 2023 00:08:29 +0100 Subject: [PATCH 22/23] fix: refs #6432 account sync fixes --- modules/account/front/descriptor/index.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/account/front/descriptor/index.js b/modules/account/front/descriptor/index.js index c327b0836..18d93b924 100644 --- a/modules/account/front/descriptor/index.js +++ b/modules/account/front/descriptor/index.js @@ -122,10 +122,10 @@ class Controller extends Descriptor { } onSync() { - let params = { - password: this.syncPassword, - force: true - }; + const params = {force: true}; + if (this.shouldSyncPassword) + params.password = this.syncPassword; + return this.$http.patch(`Accounts/${this.user.name}/sync`, params) .then(() => this.vnApp.showSuccess(this.$t('User synchronized!'))); } From bb6f3b4cfde1f3bf7608384d8987371c39bcb9ee Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 17 Nov 2023 08:56:25 +0100 Subject: [PATCH 23/23] fix: refs #6432 account sync fixes --- Dockerfile | 2 +- modules/account/back/models/samba-config.js | 20 ++++++++++++-------- modules/account/front/samba/index.html | 19 ++++++++++++------- modules/account/front/samba/locale/es.yml | 1 + 4 files changed, 26 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index ce63da8ab..61dd758b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ RUN apt-get update \ RUN apt-get update \ && apt-get install -y --no-install-recommends \ - samba-common-bin \ + samba-common-bin samba-dsdb-modules\ && rm -rf /var/lib/apt/lists/* \ && npm -g install pm2 diff --git a/modules/account/back/models/samba-config.js b/modules/account/back/models/samba-config.js index b6692be02..7714fb01c 100644 --- a/modules/account/back/models/samba-config.js +++ b/modules/account/back/models/samba-config.js @@ -33,16 +33,17 @@ module.exports = Self => { .split('.') .map(part => `dc=${part}`) .join(','); - const ldapUser = `cn=${this.adUser},cn=Users,${baseDn}`; + const bindDn = `cn=${this.adUser},cn=Users,${baseDn}`; const adClient = ldap.createClient({ url: `ldaps://${this.adController}:636`, tlsOptions: {rejectUnauthorized: this.verifyCert} }); - await adClient.bind(ldapUser, this.adPassword); + await adClient.bind(bindDn, this.adPassword); Object.assign(this, { adClient, - fullUsersDn: `${this.userDn},${baseDn}` + fullUsersDn: `${this.userDn},${baseDn}`, + bindDn }); }, @@ -51,11 +52,14 @@ module.exports = Self => { }, async sambaTool(command, args = []) { - const authArgs = [ - '--URL', `ldap://${this.adController}`, - '--username', this.adUser, + let authArgs = [ + '--URL', `ldaps://${this.adController}`, + '--simple-bind-dn', this.bindDn, '--password', this.adPassword ]; + if (!this.verifyCert) + authArgs.push('--option', 'tls verify peer = no_check'); + const allArgs = [command].concat( args, authArgs ); @@ -151,8 +155,8 @@ module.exports = Self => { */ async getUsers(usersToSync) { const LDAP_MATCHING_RULE_BIT_AND = '1.2.840.113556.1.4.803'; - // eslint-disable-next-line max-len - const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}:=${UserAccountControlFlags.ACCOUNTDISABLE})`; + const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}` + + `:=${UserAccountControlFlags.ACCOUNTDISABLE})`; const opts = { scope: 'sub', diff --git a/modules/account/front/samba/index.html b/modules/account/front/samba/index.html index 4379f10a2..0186cac7c 100644 --- a/modules/account/front/samba/index.html +++ b/modules/account/front/samba/index.html @@ -12,7 +12,7 @@ @@ -20,28 +20,33 @@ ng-if="watcher.hasData" class="vn-mt-md"> + + @@ -63,4 +68,4 @@ ng-click="watcher.loadOriginalData()"> - \ No newline at end of file + diff --git a/modules/account/front/samba/locale/es.yml b/modules/account/front/samba/locale/es.yml index d098a4fbe..efa3b1597 100644 --- a/modules/account/front/samba/locale/es.yml +++ b/modules/account/front/samba/locale/es.yml @@ -3,6 +3,7 @@ Domain controller: Controlador de dominio AD domain: Dominio AD AD user: Usuario AD AD password: Contraseña AD +User DN (without domain part): DN usuarios (sin la parte del dominio) Verify certificate: Verificar certificado Test connection: Probar conexión Samba connection established!: ¡Conexión con Samba establecida!