#6744 fix worker setPassword #2027

Merged
jorgep merged 18 commits from 6744-fixWorkerSetPassword into dev 2024-03-15 09:48:14 +00:00
3 changed files with 33 additions and 23 deletions
Showing only changes of commit 7b862c5c30 - Show all commits

View File

@ -2,42 +2,49 @@ const UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('setPassword', { Self.remoteMethodCtx('setPassword', {
description: 'Set a new password', description: 'Set a new password',
accepts: [ accepts: [{
{
arg: 'workerFk', arg: 'workerFk',
type: 'number', type: 'number',
required: true, required: true,
description: 'The worker id', description: 'The worker id',
}, }, {
{
arg: 'newPass', arg: 'newPass',
type: 'String', type: 'String',
required: true, required: true,
description: 'The new worker password' description: 'The new worker password'
} }, {
arg: 'emailVerified',
type: 'Boolean',
required: true,
},
], ],
http: { http: {
path: `/:id/setPassword`, path: `/:id/setPassword`,
verb: 'PATCH' verb: 'PATCH'
} }
}); });
Self.setPassword = async(ctx, options) => { Self.setPassword = async(ctx, workerFk, newPass, emailVerified, options) => {
const userId = ctx.req.accessToken.userId;
const models = Self.app.models; const models = Self.app.models;
const myOptions = {}; const myOptions = {};
const {args} = ctx;
let tx; let tx;
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
if (!myOptions.transaction) { if (!myOptions.transaction) {
tx = await Self.beginTransaction({}); tx = await Self.beginTransaction({});
jorgep marked this conversation as resolved Outdated
Outdated
Review

Lanzar ForbiddenError indicando en el mensaje que no es subordinado.

Lanzar ForbiddenError indicando en el mensaje que no es subordinado.
myOptions.transaction = tx; myOptions.transaction = tx;
jorgep marked this conversation as resolved Outdated

isHimself

isHimself
Outdated
Review

No pondría aquí isHimself, para cambiarse la contraseña uno mismo que se utilice el método tradicional que yahace las comprobaciones de seguridad correspondientes

No pondría aquí `isHimself`, para cambiarse la contraseña uno mismo que se utilice el método tradicional que yahace las comprobaciones de seguridad correspondientes
} }
jorgep marked this conversation as resolved
Review

no podemos poner aquí el contenido de setUnverifiedPassword?
es necesario crear ese método?

no podemos poner aquí el contenido de setUnverifiedPassword? es necesario crear ese método?
Review

me lo pidio exprasemente @juan

me lo pidio exprasemente @juan
try {
const isSubordinate = await models.Worker.isSubordinate(ctx, args.workerFk, myOptions);
if (!isSubordinate) throw new UserError('You don\'t have enough privileges.');
await models.VnUser.setPassword(args.workerFk, args.newPass, myOptions); try {
await models.VnUser.updateAll({id: args.workerFk}, {emailVerified: true}, myOptions); const ishimself = userId === workerFk;
const isSubordinate = await models.Worker.isSubordinate(ctx, workerFk, myOptions);
if (ishimself || (isSubordinate && !emailVerified)) {
await models.VnUser.setPassword(workerFk, newPass, myOptions);
await models.VnUser.updateAll({id: workerFk}, {emailVerified: true}, myOptions);
} else
throw new UserError('You don\'t have enough privileges.');
if (tx) await tx.commit(); if (tx) await tx.commit();
} catch (e) { } catch (e) {

View File

@ -11,7 +11,7 @@
? 'Click to allow the user to be disabled' ? 'Click to allow the user to be disabled'
: 'Click to exclude the user from getting disabled'}} : 'Click to exclude the user from getting disabled'}}
</vn-item> </vn-item>
<vn-item ng-if="!$ctrl.worker.user.emailVerified" ng-click="setPassword.show()" translate> <vn-item ng-if="!$ctrl.worker.user.emailVerified || $ctrl.id == $ctrl.userFk" ng-click="setPassword.show()" translate>
Review

creo que esta mal esta comprobación, en que casos quieres que se muestre?

creo que esta mal esta comprobación, en que casos quieres que se muestre?
Review

Solo si el email no está verificado y no es el mismo. Tras lo hablado con Juan, si eres tú mismo, te cambiarás la contraseña desde otro lado. @jgallego

Solo si el email no está verificado y no es el mismo. Tras lo hablado con Juan, si eres tú mismo, te cambiarás la contraseña desde otro lado. @jgallego
Change password Change password
</vn-item> </vn-item>
</slot-menu> </slot-menu>

View File

@ -15,6 +15,8 @@ class Controller extends Descriptor {
this.entity = value; this.entity = value;
if (value) if (value)
this.getIsExcluded(); this.getIsExcluded();
this.$http.get(`UserConfigs/getUserConfig`)
.then(res => this.userFk = res.data.userFk);
if (this.entity && !this.entity.user.emailVerified) if (this.entity && !this.entity.user.emailVerified)
this.getPassRequirements(); this.getPassRequirements();
@ -69,6 +71,7 @@ class Controller extends Descriptor {
} }
] ]
}; };
return this.getData(`Workers/${this.id}`, {filter}) return this.getData(`Workers/${this.id}`, {filter})
.then(res => this.entity = res.data); .then(res => this.entity = res.data);
} }
@ -87,7 +90,7 @@ class Controller extends Descriptor {
throw new UserError(`Passwords don't match`); throw new UserError(`Passwords don't match`);
this.$http.patch( this.$http.patch(
`Workers/${this.entity.id}/setPassword`, `Workers/${this.entity.id}/setPassword`,
{workerFk: this.entity.id, newPass: this.newPassword} {workerFk: this.entity.id, newPass: this.newPassword, emailVerified: !!this.entity.user.emailVerified}
) .then(() => { ) .then(() => {
this.vnApp.showSuccess(this.$translate.instant('Password changed!')); this.vnApp.showSuccess(this.$translate.instant('Password changed!'));
}); });