Merge branch 'dev' of https://gitea.verdnatura.es/verdnatura/salix into 6264-renewToken

Reviewed-on: #1865
Reviewed-by: Javi Gallego <jgallego@verdnatura.es>

CHANGELOG.md

@@ -14,14 +14,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [2348.01] - 2023-11-30
 
-### Added
-- (Ticket -> Adelantar) Permite mover lineas sin generar negativos
-- (Ticket -> Adelantar) Permite modificar la fecha de los tickets
-- (Trabajadores -> Notificaciones) Nueva sección (lilium)
+### Características Añadidas 🆕
+- **Tickets → Adelantar:** Permite mover lineas sin generar negativos
+- **Tickets → Adelantar:** Permite modificar la fecha de los tickets
+- **Trabajadores → Notificaciones:** Nueva sección (lilium)
 
-### Changed
-### Fixed
-- (Ticket -> RocketChat) Arreglada detección de cambios
+### Correcciones 🛠️
+- **Tickets → RocketChat:** Arreglada detección de cambios
 
 
 ## [2346.01] - 2023-11-16

back/methods/vn-user/is-token-valid.js

@@ -1,9 +0,0 @@
-const tokenConfig = require('./token-config');
-
-module.exports = async token => {
-    const accessTokenConfig = await tokenConfig();
-    const now = Date.now();
-    const differenceMilliseconds = now - token.created;
-    const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
-    return differenceSeconds < accessTokenConfig.renewPeriod - accessTokenConfig.courtesyTime;
-};

back/methods/vn-user/renew-token.js

@@ -1,5 +1,6 @@
 const UserError = require('vn-loopback/util/user-error');
-const tokenConfig = require('./token-config');
+const {models} = require('vn-loopback/server/server');
+
 const DEFAULT_COURTESY_TIME = 60;
 const handlePromiseLogout = (Self, {id}, courtesyTime = DEFAULT_COURTESY_TIME) => {
     new Promise(res => {
@@ -31,7 +32,7 @@ module.exports = Self => {
         const isValid = await Self.validateToken(token);
         if (isValid) throw new UserError(`The renew period has not been exceeded`, 'periodNotExceeded');
 
-        const {courtesyTime} = await tokenConfig();
+        const {courtesyTime} = await models.AccessTokenConfig.findOne({fields: ['renewPeriod', 'courtesyTime']});
 
         // Schedule to remove current token
         handlePromiseLogout(Self, token, courtesyTime);

back/methods/vn-user/sign-in.js

@@ -49,13 +49,7 @@ module.exports = Self => {
             if (vnUser.twoFactor)
                 throw new ForbiddenError(null, 'REQUIRES_2FA');
         }
-        const validateLogin = await Self.validateLogin(user, password);
-        await Self.app.models.SignInLog.create({
-            token: validateLogin.token,
-            userFk: vnUser.id,
-            ip: ctx.req.ip
-        });
-        return validateLogin;
+        return Self.validateLogin(user, password, ctx);
     };
 
     Self.passExpired = async vnUser => {

back/methods/vn-user/specs/sign-in.spec.js

@@ -22,6 +22,7 @@ describe('VnUser Sign-in()', () => {
 
             expect(signInLog.length).toEqual(1);
             expect(signInLog[0].userFk).toEqual(accessToken.userId);
+            expect(signInLog[0].owner).toEqual(true);
             expect(login.token).toBeDefined();
 
             await VnUser.logout(ctx.req.accessToken.id);

back/methods/vn-user/token-config.js

@@ -1,9 +0,0 @@
-const DEFAULT_FIELDS = ['renewPeriod', 'courtesyTime'];
-const {models} = require('vn-loopback/server/server');
-let currentAccessTokenConfig = null;
-module.exports = async(fields = DEFAULT_FIELDS) => {
-    if (currentAccessTokenConfig) return currentAccessTokenConfig;
-    const accessTokenConfig = await models.AccessTokenConfig.findOne({fields});
-    if (!accessTokenConfig) currentAccessTokenConfig = accessTokenConfig;
-    return accessTokenConfig;
-};

back/methods/vn-user/validate-token.js

@@ -1,5 +1,4 @@
-const isTokenValid = require('./is-token-valid');
-
+const {models} = require('vn-loopback/server/server');
 module.exports = Self => {
     Self.remoteMethod('validateToken', {
         description: 'Validates the current logged user token',
@@ -14,7 +13,12 @@ module.exports = Self => {
     });
 
     Self.validateToken = async function(token) {
-        const isValid = await isTokenValid(token);
+        const accessTokenConfig = await models.AccessTokenConfig.findOne({fields: ['renewPeriod', 'courtesyTime']});
+        const now = Date.now();
+        const differenceMilliseconds = now - token.created;
+        const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
+        const isValid = differenceSeconds < accessTokenConfig.renewPeriod - accessTokenConfig.courtesyTime;
+
         return isValid;
     };
 };

back/models/vn-user.js

@@ -124,20 +124,42 @@ module.exports = function(Self) {
 
         return email.send();
     });
-    Self.signInValidate = (user, userToken) => {
+
+    /**
+     * Sign-in validate
+     * @param {String} user The user
+     * @param {Object} userToken Options
+     * @param {Object} token accessToken
+     * @param {Object} ctx context
+     */
+    Self.signInValidate = async(user, userToken, token, ctx) => {
         const [[key, value]] = Object.entries(Self.userUses(user));
-        if (userToken[key].toLowerCase().trim() !== value.toLowerCase().trim()) {
-            console.error('ERROR!!! - Signin with other user', userToken, user);
+        const isOwner = Self.rawSql(`SELECT ? = ? `, [userToken[key], value]);
+        await Self.app.models.SignInLog.create({
+            userName: user,
+            token: token.id,
+            userFk: userToken.id,
+            ip: ctx.req.ip,
+            owner: isOwner
+        });
+        if (!isOwner)
             throw new UserError('Try again');
-        }
     };
 
-    Self.validateLogin = async function(user, password) {
+    /**
+     * Validate login params
+     * @param {String} user The user
+     * @param {String} password
+      * @param {Object} ctx context
+     */
+    Self.validateLogin = async function(user, password, ctx) {
         const loginInfo = Object.assign({password}, Self.userUses(user));
         const token = await Self.login(loginInfo, 'user');
 
         const userToken = await token.user.get();
-        Self.signInValidate(user, userToken);
+
+        if (ctx)
+            await Self.signInValidate(user, userToken, token, ctx);
 
         try {
             await Self.app.models.Account.sync(userToken.name, password);
@@ -187,8 +209,8 @@ module.exports = function(Self) {
     };
 
     Self.sharedClass._methods.find(method => method.name == 'changePassword').ctor.settings.acls =
-    Self.sharedClass._methods.find(method => method.name == 'changePassword').ctor.settings.acls
-        .filter(acl => acl.property != 'changePassword');
+        Self.sharedClass._methods.find(method => method.name == 'changePassword').ctor.settings.acls
+            .filter(acl => acl.property != 'changePassword');
 
     Self.userSecurity = async(ctx, userId, options) => {
         const models = Self.app.models;
@@ -226,10 +248,12 @@ module.exports = function(Self) {
 
         const env = process.env.NODE_ENV;
         const liliumUrl = await Self.app.models.Url.findOne({
-            where: {and: [
-                {appName: 'lilium'},
-                {environment: env}
-            ]}
+            where: {
+                and: [
+                    {appName: 'lilium'},
+                    {environment: env}
+                ]
+            }
         });
 
         class Mailer {

db/changes/234802/00-createSignInLogTable.sql

@@ -1,5 +1,4 @@
 
-
 --
 -- Table structure for table `signInLog`
 -- Description: log to debug cross-login error
@@ -13,7 +12,9 @@ CREATE TABLE `account`.`signInLog` (
   `token` varchar(255) NOT NULL ,
   `userFk` int(10) unsigned DEFAULT NULL,
   `creationDate` timestamp NULL DEFAULT current_timestamp(),
+  `userName` varchar(30) NOT NULL,
   `ip` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NOT NULL,
+  `owner` tinyint(1) DEFAULT 1,
   KEY `userFk` (`userFk`),
   CONSTRAINT `signInLog_ibfk_1` FOREIGN KEY (`userFk`) REFERENCES `user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
 );

db/dump/fixtures.sql

@@ -5,6 +5,10 @@ SET DEFAULT ROLE 'salix' FOR 'root'@'%';
 CREATE SCHEMA IF NOT EXISTS `vn2008`;
 CREATE SCHEMA IF NOT EXISTS `tmp`;
 
+CREATE ROLE 'salix';
+GRANT 'salix' TO 'root'@'%';
+SET DEFAULT ROLE 'salix' FOR 'root'@'%';
+
 UPDATE `util`.`config`
     SET `environment`= 'development';
 
@@ -366,7 +370,7 @@ INSERT INTO `vn`.`contactChannel`(`id`, `name`)
 
 INSERT INTO `vn`.`client`(`id`,`name`,`fi`,`socialName`,`contact`,`street`,`city`,`postcode`,`phone`,`mobile`,`isRelevant`,`email`,`iban`,`dueDay`,`accountingAccount`,`isEqualizated`,`provinceFk`,`hasToInvoice`,`credit`,`countryFk`,`isActive`,`gestdocFk`,`quality`,`payMethodFk`,`created`,`isToBeMailed`,`contactChannelFk`,`hasSepaVnl`,`hasCoreVnl`,`hasCoreVnh`,`riskCalculated`,`clientTypeFk`, `hasToInvoiceByAddress`,`isTaxDataChecked`,`isFreezed`,`creditInsurance`,`isCreatedAsServed`,`hasInvoiceSimplified`,`salesPersonFk`,`isVies`,`eypbc`, `businessTypeFk`,`typeFk`)
     VALUES
-        (1101,     'Bruce Wayne',        '84612325V',  'BATMAN',         'Alfred',           '1007 MOUNTAIN DRIVE, GOTHAM',                  'Gotham', 46460, 1111111111, 222222222, 1, 'BruceWayne@mydomain.com',            NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 1, 0, NULL, 0, 0, 18,   0, 1, 'florist','loses'),
+        (1101,     'Bruce Wayne',        '84612325V',  'BATMAN',         'Alfred',           '1007 MOUNTAIN DRIVE, GOTHAM',                  'Gotham', 46460, 1111111111, 222222222, 1, 'BruceWayne@mydomain.com',            NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 1, 0, NULL, 0, 0, 18,   0, 1, 'florist','normal'),
         (1102,     'Petter Parker',      '87945234L',  'SPIDER MAN',     'Aunt May',         '20 INGRAM STREET, QUEENS, USA',                'Gotham', 46460, 1111111111, 222222222, 1, 'PetterParker@mydomain.com',          NULL, 0, 1234567890, 0, 2, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 1, 0, NULL, 0, 0, 18,   0, 1, 'florist','normal'),
         (1103,     'Clark Kent',         '06815934E',  'SUPER MAN',      'lois lane',        '344 CLINTON STREET, APARTAMENT 3-D',           'Gotham', 46460, 1111111111, 222222222, 1, 'ClarkKent@mydomain.com',             NULL, 0, 1234567890, 0, 3, 1, 0,    19, 1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 1, 0, NULL, 0, 0, 18,   0, 1, 'florist','normal'),
         (1104,     'Tony Stark',         '06089160W',  'IRON MAN',       'Pepper Potts',     '10880 MALIBU POINT, 90265',                    'Gotham', 46460, 1111111111, 222222222, 1, 'TonyStark@mydomain.com',             NULL, 0, 1234567890, 0, 2, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 1, 0, NULL, 0, 0, 18,   0, 1, 'florist','normal'),
@@ -376,8 +380,8 @@ INSERT INTO `vn`.`client`(`id`,`name`,`fi`,`socialName`,`contact`,`street`,`city
         (1108,     'Charles Xavier',     '22641921P',  'PROFESSOR X',    'Beast',            '3800 VICTORY PKWY, CINCINNATI, OH 45207, USA', 'Gotham', 46460, 1111111111, 222222222, 1, 'CharlesXavier@mydomain.com',         NULL, 0, 1234567890, 0, 5, 1, 300,  13, 1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 1, 1, NULL, 0, 0, 19,   0, 1, 'florist','normal'),
         (1109,     'Bruce Banner',       '16104829E',  'HULK',           'Black widow',      'SOMEWHERE IN NEW YORK',                        'Gotham', 46460, 1111111111, 222222222, 1, 'BruceBanner@mydomain.com',           NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 0, 0, NULL, 0, 0, 9,    0, 1, 'florist','normal'),
         (1110,     'Jessica Jones',      '58282869H',  'JESSICA JONES',  'Luke Cage',        'NYCC 2015 POSTER',                             'Gotham', 46460, 1111111111, 222222222, 1, 'JessicaJones@mydomain.com',          NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 1, 1, 0, 0, NULL, 0, 0, NULL, 0, 1, 'florist','normal'),
-        (1111,     'Missing',            NULL,         'MISSING MAN',    'Anton',            'THE SPACE, UNIVERSE FAR AWAY',                 'Gotham', 46460, 1111111111, 222222222, 1, NULL,                                 NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 4, 0, 1, 0, NULL, 1, 0, NULL, 0, 1, 'others','normal'),
-        (1112,     'Trash',              NULL,         'GARBAGE MAN',    'Unknown name',     'NEW YORK CITY, UNDERGROUND',                   'Gotham', 46460, 1111111111, 222222222, 1, NULL,                                 NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 4, 0, 1, 0, NULL, 1, 0, NULL, 0, 1, 'others','normal');
+        (1111,     'Missing',            NULL,         'MISSING MAN',    'Anton',            'THE SPACE, UNIVERSE FAR AWAY',                 'Gotham', 46460, 1111111111, 222222222, 1, NULL,                                 NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 4, 0, 1, 0, NULL, 1, 0, NULL, 0, 1, 'others','loses'),
+        (1112,     'Trash',              NULL,         'GARBAGE MAN',    'Unknown name',     'NEW YORK CITY, UNDERGROUND',                   'Gotham', 46460, 1111111111, 222222222, 1, NULL,                                 NULL, 0, 1234567890, 0, 1, 1, 300,  1,  1, NULL, 10, 5,    util.VN_CURDATE(), 1, 5, 1, 1, 1, '0000-00-00', 4, 0, 1, 0, NULL, 1, 0, NULL, 0, 1, 'others','loses');
 
 INSERT INTO `vn`.`client`(`id`, `name`, `fi`, `socialName`, `contact`, `street`, `city`, `postcode`, `isRelevant`, `email`, `iban`,`dueDay`,`accountingAccount`, `isEqualizated`, `provinceFk`, `hasToInvoice`, `credit`, `countryFk`, `isActive`, `gestdocFk`, `quality`, `payMethodFk`,`created`, `isTaxDataChecked`)
     SELECT id, name, CONCAT(RPAD(CONCAT(id,9),8,id),'A'), CONCAT(name, 'Social'), CONCAT(name, 'Contact'), CONCAT(name, 'Street'), 'GOTHAM', 46460, 1, CONCAT(name,'@mydomain.com'), NULL, 0, 1234567890, 0, 1, 1, 300, 1, 1,NULL, 10, 5, util.VN_CURDATE(), 1

modules/account/back/models/sign_in-log.json

@@ -25,7 +25,15 @@
 			"type": "number"
 		},
         "ip": {
-			"type": "string"
+            "type": "string"
+		},
+        "userName": {
+            "type": "string"
+		},
+        "owner": {
+            "type": "boolean",
+            "required": true,
+            "default": true
 		}
     },
     "relations": {

modules/invoiceIn/back/methods/invoice-in/summary.js

@@ -112,7 +112,7 @@ module.exports = Self => {
                         {
                             relation: 'taxTypeSage',
                             scope: {
-                                fields: ['vat']
+                                fields: ['vat', 'rate']
                             }
                         }]
                     }

modules/monitor/back/methods/sales-monitor/specs/salesFilter.spec.js

@@ -151,7 +151,7 @@ describe('SalesMonitor salesFilter()', () => {
             const result = await models.SalesMonitor.salesFilter(ctx, filter, options);
             const firstRow = result[0];
 
-            expect(result.length).toEqual(15);
+            expect(result.length).toEqual(12);
             expect(firstRow.alertLevel).not.toEqual(0);
 
             await tx.rollback();

modules/ticket/back/methods/ticket/specs/filter.spec.js

@@ -68,7 +68,7 @@ describe('ticket filter()', () => {
             const filter = {};
             const result = await models.Ticket.filter(ctx, filter, options);
 
-            expect(result.length).toEqual(9);
+            expect(result.length).toEqual(6);
 
             await tx.rollback();
         } catch (e) {

modules/ticket/back/methods/ticket/specs/getSalespersonMana.spec.js

@@ -9,7 +9,7 @@ describe('ticket getSalesPersonMana()', () => {
 
             const mana = await models.Ticket.getSalesPersonMana(1, options);
 
-            expect(mana).toEqual(73);
+            expect(mana).toEqual(124);
 
             await tx.rollback();
         } catch (e) {

modules/ticket/front/advance/index.js

@@ -202,9 +202,9 @@ export default class Controller extends Section {
         if (!ticket.landed) {
             const newLanded = await this.getLanded({
                 shipped: this.$.model.userParams.dateToAdvance,
-                addressFk: ticket.addressFk,
-                agencyModeFk: ticket.agencyModeFk,
-                warehouseFk: ticket.warehouseFk
+                addressFk: ticket.futureAddressFk,
+                agencyModeFk: ticket.agencyModeFk ?? ticket.futureAgencyModeFk,
+                warehouseFk: ticket.futureWarehouseFk
             });
             if (!newLanded)
                 throw new Error(this.$t(`No delivery zone available for this landing date`));
@@ -213,13 +213,13 @@ export default class Controller extends Section {
             ticket.zoneFk = newLanded.zoneFk;
         }
         const params = {
-            clientFk: ticket.clientFk,
+            clientFk: ticket.futureClientFk,
             nickname: ticket.nickname,
             agencyModeFk: ticket.agencyModeFk ?? ticket.futureAgencyModeFk,
-            addressFk: ticket.addressFk,
+            addressFk: ticket.futureAddressFk,
             zoneFk: ticket.zoneFk ?? ticket.futureZoneFk,
-            warehouseFk: ticket.warehouseFk,
-            companyFk: ticket.companyFk,
+            warehouseFk: ticket.futureWarehouseFk,
+            companyFk: ticket.futureCompanyFk,
             shipped: this.$.model.userParams.dateToAdvance,
             landed: ticket.landed,
             isDeleted: false,

modules/worker/front/time-control/index.js

@@ -111,8 +111,10 @@ class Controller extends Section {
             dayIndex.setDate(dayIndex.getDate() + 1);
         }
 
-        this.fetchHours();
-        this.getWeekData();
+        if (this.worker) {
+            this.fetchHours();
+            this.getWeekData();
+        }
     }
 
     set weekTotalHours(totalHours) {
@@ -171,8 +173,6 @@ class Controller extends Section {
             ]}
         };
         this.$.model.applyFilter(filter, params).then(() => {
-            if (!this.card.hasWorkCenter) return;
-
             this.getWorkedHours(this.started, this.ended);
             this.getAbsences();
         });