verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 66 Releases Wiki Activity

#6434 - SignIn issue_improve-signInLogMethod #1848

Closed
jsegarra wants to merge 65 commits from 6434-improve-signInLog into test
pull from: 6434-improve-signInLog
merge into: verdnatura:test
Conversation 0 Commits 65 Files Changed 83 +31 -31
2 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit d71e7a4b41 - Show all commits

16
back/methods/vn-user/specs/sign-in.spec.js
View File

@ -1,8 +1,8 @@
const {models} = require('vn-loopback/server/server'); const {models} = require('vn-loopback/server/server');
fdescribe('VnUser Sign-in()', () => { describe('VnUser Sign-in()', () => {
const employeeId = 1; const employeeId = 1;
const unauthCtx = { const unAuthCtx = {
req: { req: {
headers: {}, headers: {},
connection: { connection: {
@ -15,7 +15,7 @@ fdescribe('VnUser Sign-in()', () => {
const {VnUser, AccessToken, SignInLog} = models; const {VnUser, AccessToken, SignInLog} = models;
describe('when credentials are correct', () => { describe('when credentials are correct', () => {
it('should return the token if user uses email', async() => { it('should return the token if user uses email', async() => {
let login = await VnUser.signIn(unauthCtx, 'salesAssistant@mydomain.com', 'nightmare'); let login = await VnUser.signIn(unAuthCtx, 'salesAssistant@mydomain.com', 'nightmare');
let accessToken = await AccessToken.findById(login.token); let accessToken = await AccessToken.findById(login.token);
let ctx = {req: {accessToken: accessToken}}; let ctx = {req: {accessToken: accessToken}};
let signInLog = await SignInLog.find({where: {token: accessToken.id}}); let signInLog = await SignInLog.find({where: {token: accessToken.id}});
@ -29,7 +29,7 @@ fdescribe('VnUser Sign-in()', () => {
}); });
it('should return the token', async() => { it('should return the token', async() => {
let login = await VnUser.signIn(unauthCtx, 'salesAssistant', 'nightmare'); let login = await VnUser.signIn(unAuthCtx, 'salesAssistant', 'nightmare');
let accessToken = await AccessToken.findById(login.token); let accessToken = await AccessToken.findById(login.token);
let ctx = {req: {accessToken: accessToken}}; let ctx = {req: {accessToken: accessToken}};
@ -39,7 +39,7 @@ fdescribe('VnUser Sign-in()', () => {
}); });
it('should return the token if the user doesnt exist but the client does', async() => { it('should return the token if the user doesnt exist but the client does', async() => {
let login = await VnUser.signIn(unauthCtx, 'PetterParker', 'nightmare'); let login = await VnUser.signIn(unAuthCtx, 'PetterParker', 'nightmare');
let accessToken = await AccessToken.findById(login.token); let accessToken = await AccessToken.findById(login.token);
let ctx = {req: {accessToken: accessToken}}; let ctx = {req: {accessToken: accessToken}};
@ -54,7 +54,7 @@ fdescribe('VnUser Sign-in()', () => {
let error; let error;
try { try {
await VnUser.signIn(unauthCtx, 'IDontExist', 'TotallyWrongPassword'); await VnUser.signIn(unAuthCtx, 'IDontExist', 'TotallyWrongPassword');
} catch (e) { } catch (e) {
error = e; error = e;
} }
@ -75,7 +75,7 @@ fdescribe('VnUser Sign-in()', () => {
const options = {transaction: tx}; const options = {transaction: tx};
await employee.updateAttribute('twoFactor', 'email', options); await employee.updateAttribute('twoFactor', 'email', options);
await VnUser.signIn(unauthCtx, 'employee', 'nightmare', options); await VnUser.signIn(unAuthCtx, 'employee', 'nightmare', options);
await tx.rollback(); await tx.rollback();
} catch (e) { } catch (e) {
await tx.rollback(); await tx.rollback();
@ -100,7 +100,7 @@ fdescribe('VnUser Sign-in()', () => {
const options = {transaction: tx}; const options = {transaction: tx};
await employee.updateAttribute('passExpired', yesterday, options); await employee.updateAttribute('passExpired', yesterday, options);
await VnUser.signIn(unauthCtx, 'employee', 'nightmare', options); await VnUser.signIn(unAuthCtx, 'employee', 'nightmare', options);
await tx.rollback(); await tx.rollback();
} catch (e) { } catch (e) {
await tx.rollback(); await tx.rollback();

46
back/models/vn-user.js
View File

@ -1,10 +1,10 @@
const vnModel = require('vn-loopback/common/models/vn-model'); const vnModel = require('vn-loopback/common/models/vn-model');
const { Email } = require('vn-print'); const {Email} = require('vn-print');
const ForbiddenError = require('vn-loopback/util/forbiddenError'); const ForbiddenError = require('vn-loopback/util/forbiddenError');
const LoopBackContext = require('loopback-context'); const LoopBackContext = require('loopback-context');
const UserError = require('vn-loopback/util/user-error'); const UserError = require('vn-loopback/util/user-error');
module.exports = function (Self) { module.exports = function(Self) {
vnModel(Self); vnModel(Self);
require('../methods/vn-user/sign-in')(Self); require('../methods/vn-user/sign-in')(Self);
@ -37,7 +37,7 @@ module.exports = function (Self) {
{ {
arg: 'ctx', arg: 'ctx',
type: 'Object', type: 'Object',
http: { source: 'context' } http: {source: 'context'}
} }
], ],
returns: { returns: {
@ -50,7 +50,7 @@ module.exports = function (Self) {
} }
}); });
Self.getCurrentUserData = async function (ctx) { Self.getCurrentUserData = async function(ctx) {
let userId = ctx.req.accessToken.userId; let userId = ctx.req.accessToken.userId;
return await Self.findById(userId, { return await Self.findById(userId, {
fields: ['id', 'name', 'nickname'] fields: ['id', 'name', 'nickname']
@ -65,7 +65,7 @@ module.exports = function (Self) {
* @param {Object} options Options * @param {Object} options Options
* @return {Boolean} %true if user has the role, %false otherwise * @return {Boolean} %true if user has the role, %false otherwise
*/ */
Self.hasRole = async function (userId, name, options) { Self.hasRole = async function(userId, name, options) {
const roles = await Self.getRoles(userId, options); const roles = await Self.getRoles(userId, options);
return roles.some(role => role == name); return roles.some(role => role == name);
}; };
@ -77,7 +77,7 @@ module.exports = function (Self) {
* @param {Object} options Options * @param {Object} options Options
* @return {Object} User role list * @return {Object} User role list
*/ */
Self.getRoles = async (userId, options) => { Self.getRoles = async(userId, options) => {
const result = await Self.rawSql( const result = await Self.rawSql(
`SELECT r.name `SELECT r.name
FROM account.user u FROM account.user u
@ -92,9 +92,9 @@ module.exports = function (Self) {
return roles; return roles;
}; };
Self.on('resetPasswordRequest', async function (info) { Self.on('resetPasswordRequest', async function(info) {
const loopBackContext = LoopBackContext.getCurrentContext(); const loopBackContext = LoopBackContext.getCurrentContext();
const httpCtx = { req: loopBackContext.active }; const httpCtx = {req: loopBackContext.active};
const httpRequest = httpCtx.req.http.req; const httpRequest = httpCtx.req.http.req;
const headers = httpRequest.headers; const headers = httpRequest.headers;
const origin = headers.origin; const origin = headers.origin;
@ -124,7 +124,7 @@ module.exports = function (Self) {
return email.send(); return email.send();
}); });
Self.signInValidate = async (user, userToken, token, ctx) => { Self.signInValidate = async(user, userToken, token, ctx) => {
const [[key, value]] = Object.entries(Self.userUses(user)); const [[key, value]] = Object.entries(Self.userUses(user));
const isOwner = Self.rawSql(`SELECT ? = ? `, [userToken[key], value]); const isOwner = Self.rawSql(`SELECT ? = ? `, [userToken[key], value]);
await Self.app.models.SignInLog.create({ await Self.app.models.SignInLog.create({
@ -134,13 +134,13 @@ module.exports = function (Self) {
owner: isOwner owner: isOwner
}); });
if (!isOwner) { if (!isOwner) {
console.error('ERROR!!! - Signin with other user', userToken, user); console.error('ERROR!!! - SignIn with other user', userToken, user);
throw new UserError('Try again'); throw new UserError('Try again');
} }
}; };
Self.validateLogin = async function (user, password, ctx = null) { Self.validateLogin = async function(user, password, ctx = null) {
jsegarra marked this conversation as resolved Outdated
alexm commented 2023-11-21 08:59:11 +00:00
Outdated
Review
Copy Link

Pq el = null? sino el pases seria undefined que tame te val no?

Pq el = null? sino el pases seria undefined que tame te val no?
const loginInfo = Object.assign({ password }, Self.userUses(user)); const loginInfo = Object.assign({password}, Self.userUses(user));
const token = await Self.login(loginInfo, 'user'); const token = await Self.login(loginInfo, 'user');
const userToken = await token.user.get(); const userToken = await token.user.get();
@ -154,17 +154,17 @@ module.exports = function (Self) {
console.warn(err); console.warn(err);
} }
return { token: token.id, ttl: token.ttl }; return {token: token.id, ttl: token.ttl};
}; };
Self.userUses = function (user) { Self.userUses = function(user) {
return user.indexOf('@') !== -1 return user.indexOf('@') !== -1
? { email: user } ? {email: user}
: { username: user }; : {username: user};
}; };
const _setPassword = Self.prototype.setPassword; const _setPassword = Self.prototype.setPassword;
Self.prototype.setPassword = async function (newPassword, options, cb) { Self.prototype.setPassword = async function(newPassword, options, cb) {
if (cb === undefined && typeof options === 'function') { if (cb === undefined && typeof options === 'function') {
cb = options; cb = options;
options = undefined; options = undefined;
@ -199,10 +199,10 @@ module.exports = function (Self) {
Self.sharedClass._methods.find(method => method.name == 'changePassword').ctor.settings.acls Self.sharedClass._methods.find(method => method.name == 'changePassword').ctor.settings.acls
.filter(acl => acl.property != 'changePassword'); .filter(acl => acl.property != 'changePassword');
Self.userSecurity = async (ctx, userId, options) => { Self.userSecurity = async(ctx, userId, options) => {
const models = Self.app.models; const models = Self.app.models;
const accessToken = ctx?.options?.accessToken || LoopBackContext.getCurrentContext().active.accessToken; const accessToken = ctx?.options?.accessToken || LoopBackContext.getCurrentContext().active.accessToken;
const ctxToken = { req: { accessToken } }; const ctxToken = {req: {accessToken}};
if (userId === accessToken.userId) return; if (userId === accessToken.userId) return;
@ -214,7 +214,7 @@ module.exports = function (Self) {
if (hasHigherPrivileges) return; if (hasHigherPrivileges) return;
const hasMediumPrivileges = await models.ACL.checkAccessAcl(ctxToken, 'VnUser', 'mediumPrivileges', myOptions); const hasMediumPrivileges = await models.ACL.checkAccessAcl(ctxToken, 'VnUser', 'mediumPrivileges', myOptions);
const user = await models.VnUser.findById(userId, { fields: ['id', 'emailVerified'] }, myOptions); const user = await models.VnUser.findById(userId, {fields: ['id', 'emailVerified']}, myOptions);
if (!user.emailVerified && hasMediumPrivileges) return; if (!user.emailVerified && hasMediumPrivileges) return;
throw new ForbiddenError(); throw new ForbiddenError();
@ -227,7 +227,7 @@ module.exports = function (Self) {
if (!ctx.isNewInstance && (!newEmail || !oldEmail || newEmail == oldEmail)) return; if (!ctx.isNewInstance && (!newEmail || !oldEmail || newEmail == oldEmail)) return;
const loopBackContext = LoopBackContext.getCurrentContext(); const loopBackContext = LoopBackContext.getCurrentContext();
const httpCtx = { req: loopBackContext.active }; const httpCtx = {req: loopBackContext.active};
const httpRequest = httpCtx.req.http.req; const httpRequest = httpCtx.req.http.req;
const headers = httpRequest.headers; const headers = httpRequest.headers;
const origin = headers.origin; const origin = headers.origin;
@ -237,8 +237,8 @@ module.exports = function (Self) {
const liliumUrl = await Self.app.models.Url.findOne({ const liliumUrl = await Self.app.models.Url.findOne({
where: { where: {
and: [ and: [
{ appName: 'lilium' }, {appName: 'lilium'},
{ environment: env } {environment: env}
] ]
} }
}); });