diff --git a/back/methods/dms/downloadFile.js b/back/methods/dms/downloadFile.js index 1b9150053..d64b15b70 100644 --- a/back/methods/dms/downloadFile.js +++ b/back/methods/dms/downloadFile.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: `/:id/downloadFile`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadFile = async function(ctx, id) { diff --git a/back/methods/docuware/download.js b/back/methods/docuware/download.js index a0d72ce01..a1776cde5 100644 --- a/back/methods/docuware/download.js +++ b/back/methods/docuware/download.js @@ -42,7 +42,8 @@ module.exports = Self => { http: { path: `/:id/download`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.download = async function(id, fileCabinet, filter) { diff --git a/back/methods/image/download.js b/back/methods/image/download.js index 2b1a4b546..201e16164 100644 --- a/back/methods/image/download.js +++ b/back/methods/image/download.js @@ -47,7 +47,8 @@ module.exports = Self => { http: { path: `/:collection/:size/:id/download`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.download = async function(ctx, collection, size, id) { diff --git a/back/methods/vn-user/share-token.js b/back/methods/vn-user/share-token.js new file mode 100644 index 000000000..8efa22db4 --- /dev/null +++ b/back/methods/vn-user/share-token.js @@ -0,0 +1,27 @@ + +module.exports = Self => { + Self.remoteMethodCtx('shareToken', { + description: 'Returns token to view files or images and share it', + accessType: 'WRITE', + accepts: [], + returns: { + type: 'Object', + root: true + }, + http: { + path: `/shareToken`, + verb: 'GET' + } + }); + + Self.shareToken = async function(ctx) { + const {accessToken: token} = ctx.req; + + const user = await Self.findById(token.userId); + const multimediaToken = await user.accessTokens.create({ + scopes: ['read:multimedia'] + }); + + return {multimediaToken}; + }; +}; diff --git a/back/methods/vn-user/specs/share-token.spec.js b/back/methods/vn-user/specs/share-token.spec.js new file mode 100644 index 000000000..aaa83817c --- /dev/null +++ b/back/methods/vn-user/specs/share-token.spec.js @@ -0,0 +1,27 @@ +const {models} = require('vn-loopback/server/server'); +describe('Share Token', () => { + let ctx = null; + beforeAll(async() => { + const unAuthCtx = { + req: { + headers: {}, + connection: { + remoteAddress: '127.0.0.1' + }, + getLocale: () => 'en' + }, + args: {} + }; + let login = await models.VnUser.signIn(unAuthCtx, 'salesAssistant', 'nightmare'); + let accessToken = await models.AccessToken.findById(login.token); + ctx = {req: {accessToken: accessToken}}; + }); + + it('should renew token', async() => { + const multimediaToken = await models.VnUser.shareToken(ctx); + + expect(Object.keys(multimediaToken).length).toEqual(1); + expect(multimediaToken.multimediaToken.userId).toEqual(ctx.req.accessToken.userId); + expect(multimediaToken.multimediaToken.scopes[0]).toEqual('read:multimedia'); + }); +}); diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 3a416d7e3..b59f13ffa 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -13,6 +13,7 @@ module.exports = function(Self) { require('../methods/vn-user/privileges')(Self); require('../methods/vn-user/validate-auth')(Self); require('../methods/vn-user/renew-token')(Self); + require('../methods/vn-user/share-token')(Self); require('../methods/vn-user/update-user')(Self); Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create'); diff --git a/back/models/vn-user.json b/back/models/vn-user.json index 639603643..5f6ac3f47 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -1,129 +1,140 @@ { - "name": "VnUser", - "base": "User", - "validateUpsert": true, - "options": { - "mysql": { - "table": "account.user" - } - }, + "name": "VnUser", + "base": "User", + "validateUpsert": true, + "options": { + "mysql": { + "table": "account.user" + } + }, "mixins": { "Loggable": true }, "resetPasswordTokenTTL": "604800", - "properties": { - "id": { - "type": "number", - "id": true - }, + "properties": { + "id": { + "type": "number", + "id": true + }, "name": { - "type": "string", - "required": true - }, - "username": { - "type": "string" - }, - "roleFk": { - "type": "number", - "mysql": { - "columnName": "role" - } - }, - "nickname": { - "type": "string" - }, - "lang": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "email": { - "type": "string" - }, - "emailVerified": { - "type": "boolean" - }, - "created": { - "type": "date" - }, - "updated": { - "type": "date" - }, - "image": { - "type": "string" - }, - "hasGrant": { - "type": "boolean" - }, + "type": "string", + "required": true + }, + "username": { + "type": "string" + }, + "roleFk": { + "type": "number", + "mysql": { + "columnName": "role" + } + }, + "nickname": { + "type": "string" + }, + "lang": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "email": { + "type": "string" + }, + "emailVerified": { + "type": "boolean" + }, + "created": { + "type": "date" + }, + "updated": { + "type": "date" + }, + "image": { + "type": "string" + }, + "hasGrant": { + "type": "boolean" + }, "passExpired": { "type": "date" }, - "twoFactor": { - "type": "string" - } - }, - "relations": { - "role": { - "type": "belongsTo", - "model": "VnRole", - "foreignKey": "roleFk" - }, - "roles": { - "type": "hasMany", - "model": "RoleRole", - "foreignKey": "role", - "primaryKey": "roleFk" - }, - "emailUser": { - "type": "hasOne", - "model": "EmailUser", - "foreignKey": "userFk" - }, - "worker": { - "type": "hasOne", - "model": "Worker", - "foreignKey": "id" - }, - "userConfig": { - "type": "hasOne", - "model": "UserConfig", - "foreignKey": "userFk" - } - }, - "acls": [ - { - "property": "signIn", - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW" - }, { - "property": "recoverPassword", - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW" - }, { - "property": "validateAuth", - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW" - }, { - "property": "privileges", - "accessType": "*", - "principalType": "ROLE", - "principalId": "$authenticated", - "permission": "ALLOW" - }, { - "property": "renewToken", - "accessType": "WRITE", - "principalType": "ROLE", - "principalId": "$authenticated", - "permission": "ALLOW" - } - ], + "twoFactor": { + "type": "string" + } + }, + "relations": { + "role": { + "type": "belongsTo", + "model": "VnRole", + "foreignKey": "roleFk" + }, + "roles": { + "type": "hasMany", + "model": "RoleRole", + "foreignKey": "role", + "primaryKey": "roleFk" + }, + "emailUser": { + "type": "hasOne", + "model": "EmailUser", + "foreignKey": "userFk" + }, + "worker": { + "type": "hasOne", + "model": "Worker", + "foreignKey": "id" + }, + "userConfig": { + "type": "hasOne", + "model": "UserConfig", + "foreignKey": "userFk" + } + }, + "acls": [ + { + "property": "signIn", + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "property": "recoverPassword", + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "property": "validateAuth", + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "property": "privileges", + "accessType": "*", + "principalType": "ROLE", + "principalId": "$authenticated", + "permission": "ALLOW" + }, + { + "property": "renewToken", + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "$authenticated", + "permission": "ALLOW" + }, + { + "property": "shareToken", + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "$authenticated", + "permission": "ALLOW" + } + ], "scopes": { "preview": { "fields": [ @@ -140,7 +151,7 @@ "hasGrant", "realm", "email", - "emailVerified" + "emailVerified" ] } } diff --git a/db/versions/10919-brownMoss/00-firstScript.sql b/db/versions/10919-brownMoss/00-firstScript.sql new file mode 100644 index 000000000..640d2180a --- /dev/null +++ b/db/versions/10919-brownMoss/00-firstScript.sql @@ -0,0 +1,3 @@ +-- Place your SQL code here + + diff --git a/front/core/services/auth.js b/front/core/services/auth.js index 844a5145d..753bc3fba 100644 --- a/front/core/services/auth.js +++ b/front/core/services/auth.js @@ -83,22 +83,27 @@ export default class Auth { } onLoginOk(json, now, remember) { - this.vnToken.set(json.data.token, now, json.data.ttl, remember); - - return this.loadAcls().then(() => { - let continueHash = this.$state.params.continue; - if (continueHash) - this.$window.location = continueHash; - else - this.$state.go('home'); - }); + return this.$http.get('VnUsers/ShareToken', { + headers: {Authorization: json.data.token} + }).then(({data}) => { + this.vnToken.set(json.data.token, data.multimediaToken.id, now, json.data.ttl, remember); + this.loadAcls().then(() => { + let continueHash = this.$state.params.continue; + if (continueHash) + this.$window.location = continueHash; + else + this.$state.go('home'); + }); + }).catch(() => {}); } logout() { + this.$http.post('Accounts/logout', null, {headers: {'Authorization': this.vnToken.tokenMultimedia}, + }).catch(() => {}); + let promise = this.$http.post('VnUsers/logout', null, { headers: {Authorization: this.vnToken.token} }).catch(() => {}); - this.vnToken.unset(); this.loggedIn = false; this.vnModules.reset(); diff --git a/front/core/services/interceptor.js b/front/core/services/interceptor.js index 0c3253c69..90d813ed4 100644 --- a/front/core/services/interceptor.js +++ b/front/core/services/interceptor.js @@ -19,7 +19,7 @@ function interceptor($q, vnApp, $translate) { if (config.url.charAt(0) !== '/' && apiPath) config.url = `${apiPath}${config.url}`; - if (token) + if (token && !config.headers.Authorization) config.headers.Authorization = token; if ($translate.use()) config.headers['Accept-Language'] = $translate.use(); diff --git a/front/core/services/token.js b/front/core/services/token.js index c8cb4f6bb..125de6b9a 100644 --- a/front/core/services/token.js +++ b/front/core/services/token.js @@ -24,21 +24,22 @@ export default class Token { } catch (e) {} } - set(token, created, ttl, remember) { + set(token, tokenMultimedia, created, ttl, remember) { this.unset(); Object.assign(this, { token, + tokenMultimedia, created, ttl, remember }); - this.vnInterceptor.setToken(token); + this.vnInterceptor.setToken(token, tokenMultimedia); try { if (remember) - this.setStorage(localStorage, token, created, ttl); + this.setStorage(localStorage, token, tokenMultimedia, created, ttl); else - this.setStorage(sessionStorage, token, created, ttl); + this.setStorage(sessionStorage, token, tokenMultimedia, created, ttl); } catch (err) { console.error(err); } @@ -46,6 +47,7 @@ export default class Token { unset() { this.token = null; + this.tokenMultimedia = null; this.created = null; this.ttl = null; this.remember = null; @@ -57,13 +59,15 @@ export default class Token { getStorage(storage) { this.token = storage.getItem('vnToken'); + this.tokenMultimedia = storage.getItem('vnTokenMultimedia'); if (!this.token) return; const created = storage.getItem('vnTokenCreated'); this.created = created && new Date(created); this.ttl = storage.getItem('vnTokenTtl'); } - setStorage(storage, token, created, ttl) { + setStorage(storage, token, tokenMultimedia, created, ttl) { + storage.setItem('vnTokenMultimedia', tokenMultimedia); storage.setItem('vnToken', token); storage.setItem('vnTokenCreated', created.toJSON()); storage.setItem('vnTokenTtl', ttl); @@ -71,6 +75,7 @@ export default class Token { removeStorage(storage) { storage.removeItem('vnToken'); + storage.removeItem('vnTokenMultimedia'); storage.removeItem('vnTokenCreated'); storage.removeItem('vnTokenTtl'); } diff --git a/front/salix/components/layout/index.js b/front/salix/components/layout/index.js index 89912d4e3..e935c6d99 100644 --- a/front/salix/components/layout/index.js +++ b/front/salix/components/layout/index.js @@ -23,8 +23,7 @@ export class Layout extends Component { if (!this.$.$root.user) return; const userId = this.$.$root.user.id; - const token = this.vnToken.token; - return `/api/Images/user/160x160/${userId}/download?access_token=${token}`; + return `/api/Images/user/160x160/${userId}/download?access_token=${this.vnToken.tokenMultimedia}`; } refresh() { diff --git a/front/salix/components/log/index.html b/front/salix/components/log/index.html index c75030100..a3aaf0011 100644 --- a/front/salix/components/log/index.html +++ b/front/salix/components/log/index.html @@ -31,7 +31,7 @@ ng-click="$ctrl.showDescriptor($event, userLog)"> + ng-src="/api/Images/user/160x160/{{::userLog.userFk}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}"> @@ -181,7 +181,7 @@ val="{{::nickname}}"> + ng-src="/api/Images/user/160x160/{{::id}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}">
diff --git a/front/salix/module.js b/front/salix/module.js index 0ce855308..53b718427 100644 --- a/front/salix/module.js +++ b/front/salix/module.js @@ -13,7 +13,7 @@ export function run($window, $rootScope, vnAuth, vnApp, vnToken, $state) { if (!collection || !size || !id) return; const basePath = `/api/Images/${collection}/${size}/${id}`; - return `${basePath}/download?access_token=${vnToken.token}`; + return `${basePath}/download?access_token=${vnToken.tokenMultimedia}`; }; $window.validations = {}; diff --git a/modules/account/back/methods/account/logout.js b/modules/account/back/methods/account/logout.js index 5db3efa33..7d2e8153e 100644 --- a/modules/account/back/methods/account/logout.js +++ b/modules/account/back/methods/account/logout.js @@ -15,7 +15,8 @@ module.exports = Self => { http: { path: `/logout`, verb: 'POST' - } + }, + accessScopes: ['DEFAULT', 'read:multimedia'] }); Self.logout = async ctx => Self.app.models.VnUser.logout(ctx.req.accessToken.id); diff --git a/modules/claim/back/methods/claim/downloadFile.js b/modules/claim/back/methods/claim/downloadFile.js index 750356b0b..61784f39e 100644 --- a/modules/claim/back/methods/claim/downloadFile.js +++ b/modules/claim/back/methods/claim/downloadFile.js @@ -32,7 +32,8 @@ module.exports = Self => { http: { path: `/:id/downloadFile`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadFile = async function(ctx, id) { diff --git a/modules/client/front/balance/index/index.html b/modules/client/front/balance/index/index.html index faf772c2d..34524d2f3 100644 --- a/modules/client/front/balance/index/index.html +++ b/modules/client/front/balance/index/index.html @@ -114,7 +114,7 @@ + href="api/InvoiceOuts/{{::balance.id}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}"> diff --git a/modules/invoiceOut/back/methods/invoiceOut/download.js b/modules/invoiceOut/back/methods/invoiceOut/download.js index 4c76f7c07..cb71121d5 100644 --- a/modules/invoiceOut/back/methods/invoiceOut/download.js +++ b/modules/invoiceOut/back/methods/invoiceOut/download.js @@ -31,7 +31,8 @@ module.exports = Self => { http: { path: '/:id/download', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.download = async function(ctx, id, options) { diff --git a/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js b/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js index fe005f1ab..4f2a8aab3 100644 --- a/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js +++ b/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js @@ -31,7 +31,8 @@ module.exports = Self => { http: { path: '/downloadZip', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadZip = async function(ctx, ids, options) { diff --git a/modules/invoiceOut/front/descriptor-menu/index.html b/modules/invoiceOut/front/descriptor-menu/index.html index face46293..1bf34831e 100644 --- a/modules/invoiceOut/front/descriptor-menu/index.html +++ b/modules/invoiceOut/front/descriptor-menu/index.html @@ -37,7 +37,7 @@ diff --git a/modules/invoiceOut/front/index/index.js b/modules/invoiceOut/front/index/index.js index 2cde3c940..403c51d58 100644 --- a/modules/invoiceOut/front/index/index.js +++ b/modules/invoiceOut/front/index/index.js @@ -25,7 +25,7 @@ export default class Controller extends Section { openPdf() { if (this.checked.length <= 1) { const [invoiceOutId] = this.checked; - const url = `api/InvoiceOuts/${invoiceOutId}/download?access_token=${this.vnToken.token}`; + const url = `api/InvoiceOuts/${invoiceOutId}/download?access_token=${this.vnToken.tokenMultimedia}`; window.open(url, '_blank'); } else { const invoiceOutIds = this.checked; diff --git a/modules/item/back/methods/item-image-queue/download.js b/modules/item/back/methods/item-image-queue/download.js index eb952daa4..e1bc248ae 100644 --- a/modules/item/back/methods/item-image-queue/download.js +++ b/modules/item/back/methods/item-image-queue/download.js @@ -11,6 +11,7 @@ module.exports = Self => { path: `/download`, verb: 'POST', }, + accessScopes: ['read:multimedia'] }); Self.download = async() => { diff --git a/modules/route/back/methods/route/downloadCmrsZip.js b/modules/route/back/methods/route/downloadCmrsZip.js index 58445f6f1..43f6e9648 100644 --- a/modules/route/back/methods/route/downloadCmrsZip.js +++ b/modules/route/back/methods/route/downloadCmrsZip.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: '/downloadCmrsZip', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadCmrsZip = async function(ctx, ids, options) { diff --git a/modules/route/back/methods/route/downloadZip.js b/modules/route/back/methods/route/downloadZip.js index 597f1d1f6..d7fc30aa3 100644 --- a/modules/route/back/methods/route/downloadZip.js +++ b/modules/route/back/methods/route/downloadZip.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: '/downloadZip', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadZip = async function(ctx, id, options) { diff --git a/modules/route/back/methods/route/driverRoutePdf.js b/modules/route/back/methods/route/driverRoutePdf.js index f0cd75f0e..e7b4dee17 100644 --- a/modules/route/back/methods/route/driverRoutePdf.js +++ b/modules/route/back/methods/route/driverRoutePdf.js @@ -34,7 +34,9 @@ module.exports = Self => { http: { path: '/:id/driver-route-pdf', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] + }); Self.driverRoutePdf = (ctx, id) => Self.printReport(ctx, id, 'driver-route'); diff --git a/modules/route/front/index/index.js b/modules/route/front/index/index.js index 7c19a26cd..0c5dfe7f3 100644 --- a/modules/route/front/index/index.js +++ b/modules/route/front/index/index.js @@ -40,7 +40,7 @@ export default class Controller extends Section { const stringRoutesIds = routesIds.join(','); if (this.checked.length <= 1) { - const url = `api/Routes/${stringRoutesIds}/driver-route-pdf?access_token=${this.vnToken.token}`; + const url = `api/Routes/${stringRoutesIds}/driver-route-pdf?access_token=${this.vnToken.tokenMultimedia}`; window.open(url, '_blank'); } else { const serializedParams = this.$httpParamSerializer({ diff --git a/modules/worker/back/methods/worker-dms/downloadFile.js b/modules/worker/back/methods/worker-dms/downloadFile.js index cc8653e0e..08fbcf924 100644 --- a/modules/worker/back/methods/worker-dms/downloadFile.js +++ b/modules/worker/back/methods/worker-dms/downloadFile.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: `/:id/downloadFile`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadFile = async function(ctx, id) {