4077-login_recover-password & account_verifyEmail #1063

Merged
alexm merged 52 commits from 4077-login_recover-password into dev 2022-11-28 11:34:03 +00:00
6 changed files with 60 additions and 9 deletions
Showing only changes of commit 918863ee8e - Show all commits

View File

@ -0,0 +1,40 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
Self.remoteMethod('recoverPassword', {
description: 'Send email to the user',
accepts: [
{
arg: 'email',
type: 'string',
description: 'The email of user',
required: false
}
],
http: {
path: `/recoverPassword`,
verb: 'GET'
}
});
Self.recoverPassword = async function(email) {
console.log('ENTRY');
const models = Self.app.models;
alexm marked this conversation as resolved Outdated
Outdated
Review

He dejado esta ruta(recoverPassword) porque si se llama directamente resetPassword y el correo que se le pasa no pertenece a un usuario, devuelve un error al frontend.

Usando una ruta con try catch, hacemos que no devuelva nunca error y asi no pueden saber si ese correo es de un usuario nuestro o no.

He dejado esta ruta(recoverPassword) porque si se llama directamente resetPassword y el correo que se le pasa no pertenece a un usuario, devuelve un error al frontend. Usando una ruta con try catch, hacemos que no devuelva nunca error y asi no pueden saber si ese correo es de un usuario nuestro o no.
Outdated
Review

Nomes deuria de ignorar el error de tipo "usuario no existe", tots els demes deuria de rellançarlos

catch(err) {
	if (err.code === 'EMAIL_NOT_FOUND')
    	console.error(err);
    else
    	throw err;
}
	
Nomes deuria de ignorar el error de tipo "usuario no existe", tots els demes deuria de rellançarlos ``` catch(err) { if (err.code === 'EMAIL_NOT_FOUND') console.error(err); else throw err; } ```
const user = await models.User.findOne({
where: {
email: email
}
});
if (!user)
throw new UserError(`This email does not belong to a user`);
const token = await models.Account.login({
user: email,
password: user.password
alexm marked this conversation as resolved Outdated
Outdated
Review

Aixina dones pistes sobre si el correu existeix, si no trova el correu fes return de forma que el client es comporte de la mateixa manera. Aquest métode nomes deuria fallar en errors inesperats, que tornarien al client com a HTTP 500 Internal server error

Aixina dones pistes sobre si el correu existeix, si no trova el correu fes `return` de forma que el client es comporte de la mateixa manera. Aquest métode nomes deuria fallar en errors inesperats, que tornarien al client com a *HTTP 500 Internal server error*
});
await Self.rawSql(`CALL vn.mail_insert(?,?,?,?)`,
[email, null, 'Recovery Password', `?token=${token}`]);
};
};

View File

@ -6,6 +6,7 @@ module.exports = Self => {
require('../methods/account/acl')(Self); require('../methods/account/acl')(Self);
require('../methods/account/change-password')(Self); require('../methods/account/change-password')(Self);
require('../methods/account/set-password')(Self); require('../methods/account/set-password')(Self);
require('../methods/account/recover-password')(Self);
require('../methods/account/validate-token')(Self); require('../methods/account/validate-token')(Self);
// Validations // Validations

View File

@ -0,0 +1,3 @@
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES
('Account', 'recoverPassword', 'READ', 'ALLOW', 'ROLE', 'account');

View File

@ -30,9 +30,7 @@ export default class Auth {
return true; return true;
let redirectToLogin = () => { let redirectToLogin = () => {
return transition.router.stateService.target('login', { return transition.router.stateService.target('login');
continue: this.$window.location.hash
});
}; };
if (this.vnToken.token) { if (this.vnToken.token) {

View File

@ -5,16 +5,24 @@ import './style.scss';
* A simple login form. * A simple login form.
*/ */
export default class Controller { export default class Controller {
constructor($, $element) { constructor($, $element, $http) {
Object.assign(this, { Object.assign(this, {
$, $,
$element, $element,
user: localStorage.getItem('lastUser'), $http
remember: true
}); });
} }
submit() {
const params = {
email: this.email
};
this.$http.get('Accounts/recoverPassword', params)
.then(() => console.log('try')); // this.vnApp.showMessage(this.$t('Notification sent!')));
} }
Controller.$inject = ['$scope', '$element']; }
Controller.$inject = ['$scope', '$element', '$http'];
ngModule.vnComponent('vnRecoverPassword', { ngModule.vnComponent('vnRecoverPassword', {
template: require('./recover-password.html'), template: require('./recover-password.html'),

View File

@ -232,5 +232,6 @@
"Fichadas impares": "Fichadas impares", "Fichadas impares": "Fichadas impares",
"Descanso diario 12h.": "Descanso diario 12h.", "Descanso diario 12h.": "Descanso diario 12h.",
"Descanso semanal 36h. / 72h.": "Descanso semanal 36h. / 72h.", "Descanso semanal 36h. / 72h.": "Descanso semanal 36h. / 72h.",
"Dirección incorrecta": "Dirección incorrecta" "Dirección incorrecta": "Dirección incorrecta",
"This email does not belong to a user": "This email does not belong to a user"
} }