2024-03-28 08:26:34 +00:00
5 changed files with 197 additions and 132 deletions
--- a/back/methods/vn-user/share-token.js
+++ b/back/methods/vn-user/share-token.js
@ -0,0 +1,27 @@
+
+module.exports = Self => {
+    Self.remoteMethodCtx('shareToken', {
+        description: 'Returns token to view files or images and share it',
+        accessType: 'WRITE',
+        accepts: [],
+        returns: {
+            type: 'Object',
+            root: true
+        },
+        http: {
+            path: `/shareToken`,
+            verb: 'GET'
+        }
+    });
+
+    Self.shareToken = async function(ctx) {
+        const {accessToken: token} = ctx.req;
+
+        const user = await Self.findById(token.userId);
+        const multimediaToken = await user.accessTokens.create({
+            scopes: ['read:multimedia']
+        });
+
+        return {multimediaToken};
+    };
+};
--- a/back/methods/vn-user/specs/share-token.spec.js
+++ b/back/methods/vn-user/specs/share-token.spec.js
@ -0,0 +1,27 @@
+const {models} = require('vn-loopback/server/server');
+fdescribe('Share Token', () => {
+    let ctx = null;
+    beforeAll(async() => {
+        const unAuthCtx = {
+            req: {
+                headers: {},
+                connection: {
+                    remoteAddress: '127.0.0.1'
+                },
+                getLocale: () => 'en'
+            },
+            args: {}
+        };
+        let login = await models.VnUser.signIn(unAuthCtx, 'salesAssistant', 'nightmare');
+        let accessToken = await models.AccessToken.findById(login.token);
+        ctx = {req: {accessToken: accessToken}};
+    });
+
+    it('should renew token', async() => {
+        const multimediaToken = await models.VnUser.shareToken(ctx);
+
+        expect(Object.keys(multimediaToken).length).toEqual(1);
+        expect(multimediaToken.multimediaToken.userId).toEqual(ctx.req.accessToken.userId);
+        expect(multimediaToken.multimediaToken.scopes[0]).toEqual('read:multimedia');
+    });
+});
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -13,6 +13,7 @@ module.exports = function(Self) {
    require('../methods/vn-user/privileges')(Self);
    require('../methods/vn-user/validate-auth')(Self);
    require('../methods/vn-user/renew-token')(Self);
+    require('../methods/vn-user/share-token')(Self);
    require('../methods/vn-user/update-user')(Self);

    Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');
@ -167,11 +168,7 @@ module.exports = function(Self) {
            console.warn(err);
        }

-        const multimediaToken = await token.user().accessTokens.create({
-            scopes: ['read:multimedia']
-        });
-
-        return {token: token.id, ttl: token.ttl, multimediaToken};
+        return {token: token.id, ttl: token.ttl};
    };

    Self.userUses = function(user) {
--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@ -1,129 +1,140 @@
 {
-	"name": "VnUser",
-	"base": "User",
-	"validateUpsert": true,
-	"options": {
-		"mysql": {
-			"table": "account.user"
-		}
-	},
+    "name": "VnUser",
+    "base": "User",
+    "validateUpsert": true,
+    "options": {
+        "mysql": {
+            "table": "account.user"
+        }
+    },
    "mixins": {
        "Loggable": true
    },
    "resetPasswordTokenTTL": "604800",
-	"properties": {
-		"id": {
-			"type": "number",
-			"id": true
-		},
+    "properties": {
+        "id": {
+            "type": "number",
+            "id": true
+        },
        "name": {
-			"type": "string",
-			"required": true
-		},
-		"username": {
-			"type": "string"
-		},
-		"roleFk": {
-			"type": "number",
-			"mysql": {
-				"columnName": "role"
-			}
-		},
-		"nickname": {
-			"type": "string"
-		},
-		"lang": {
-			"type": "string"
-		},
-		"active": {
-			"type": "boolean"
-		},
-		"email": {
-			"type": "string"
-		},
-		"emailVerified": {
-			"type": "boolean"
-		},
-		"created": {
-			"type": "date"
-		},
-		"updated": {
-			"type": "date"
-		},
-		"image": {
-			"type": "string"
-		},
-		"hasGrant": {
-			"type": "boolean"
-		},
+            "type": "string",
+            "required": true
+        },
+        "username": {
+            "type": "string"
+        },
+        "roleFk": {
+            "type": "number",
+            "mysql": {
+                "columnName": "role"
+            }
+        },
+        "nickname": {
+            "type": "string"
+        },
+        "lang": {
+            "type": "string"
+        },
+        "active": {
+            "type": "boolean"
+        },
+        "email": {
+            "type": "string"
+        },
+        "emailVerified": {
+            "type": "boolean"
+        },
+        "created": {
+            "type": "date"
+        },
+        "updated": {
+            "type": "date"
+        },
+        "image": {
+            "type": "string"
+        },
+        "hasGrant": {
+            "type": "boolean"
+        },
        "passExpired": {
            "type": "date"
        },
-		"twoFactor": {
-			"type": "string"
-		}
-	},
-	"relations": {
-		"role": {
-			"type": "belongsTo",
-			"model": "VnRole",
-			"foreignKey": "roleFk"
-		},
-		"roles": {
-			"type": "hasMany",
-			"model": "RoleRole",
-			"foreignKey": "role",
-			"primaryKey": "roleFk"
-		},
-		"emailUser": {
-			"type": "hasOne",
-			"model": "EmailUser",
-			"foreignKey": "userFk"
-		},
-		"worker": {
-			"type": "hasOne",
-			"model": "Worker",
-			"foreignKey": "id"
-		},
-		"userConfig": {
-			"type": "hasOne",
-			"model": "UserConfig",
-			"foreignKey": "userFk"
-		}
-	},
-	"acls": [
-		{
-			"property": "signIn",
-			"accessType": "EXECUTE",
-			"principalType": "ROLE",
-			"principalId": "$everyone",
-			"permission": "ALLOW"
-		}, {
-			"property": "recoverPassword",
-			"accessType": "EXECUTE",
-			"principalType": "ROLE",
-			"principalId": "$everyone",
-			"permission": "ALLOW"
-		}, {
-			"property": "validateAuth",
-			"accessType": "EXECUTE",
-			"principalType": "ROLE",
-			"principalId": "$everyone",
-			"permission": "ALLOW"
-		}, {
-			"property": "privileges",
-			"accessType": "*",
-			"principalType": "ROLE",
-			"principalId": "$authenticated",
-			"permission": "ALLOW"
-		}, {
-			"property": "renewToken",
-			"accessType": "WRITE",
-			"principalType": "ROLE",
-			"principalId": "$authenticated",
-			"permission": "ALLOW"
-		}
-	],
+        "twoFactor": {
+            "type": "string"
+        }
+    },
+    "relations": {
+        "role": {
+            "type": "belongsTo",
+            "model": "VnRole",
+            "foreignKey": "roleFk"
+        },
+        "roles": {
+            "type": "hasMany",
+            "model": "RoleRole",
+            "foreignKey": "role",
+            "primaryKey": "roleFk"
+        },
+        "emailUser": {
+            "type": "hasOne",
+            "model": "EmailUser",
+            "foreignKey": "userFk"
+        },
+        "worker": {
+            "type": "hasOne",
+            "model": "Worker",
+            "foreignKey": "id"
+        },
+        "userConfig": {
+            "type": "hasOne",
+            "model": "UserConfig",
+            "foreignKey": "userFk"
+        }
+    },
+    "acls": [
+        {
+            "property": "signIn",
+            "accessType": "EXECUTE",
+            "principalType": "ROLE",
+            "principalId": "$everyone",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "recoverPassword",
+            "accessType": "EXECUTE",
+            "principalType": "ROLE",
+            "principalId": "$everyone",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "validateAuth",
+            "accessType": "EXECUTE",
+            "principalType": "ROLE",
+            "principalId": "$everyone",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "privileges",
+            "accessType": "*",
+            "principalType": "ROLE",
+            "principalId": "$authenticated",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "renewToken",
+            "accessType": "WRITE",
+            "principalType": "ROLE",
+            "principalId": "$authenticated",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "shareToken",
+            "accessType": "WRITE",
+            "principalType": "ROLE",
+            "principalId": "$authenticated",
+            "permission": "ALLOW"
+        }
+    ],
    "scopes": {
        "preview": {
            "fields": [
@ -140,7 +151,7 @@
                "hasGrant",
                "realm",
                "email",
-				"emailVerified"
+                "emailVerified"
            ]
        }
    }
--- a/front/core/services/auth.js
+++ b/front/core/services/auth.js
@ -83,15 +83,18 @@ export default class Auth {
    }

    onLoginOk(json, now, remember) {
-        this.vnToken.set(json.data.token, json.data.multimediaToken.id, now, json.data.ttl, remember);
-
-        return this.loadAcls().then(() => {
-            let continueHash = this.$state.params.continue;
-            if (continueHash)
-                this.$window.location = continueHash;
-            else
-                this.$state.go('home');
-        });
+        return this.$http.get('VnUsers/ShareToken', {
+            headers: {Authorization: json.data.token}
+        }).then(({data}) => {
+            this.vnToken.set(json.data.token, data.multimediaToken.id, now, json.data.ttl, remember);
+            this.loadAcls().then(() => {
+                let continueHash = this.$state.params.continue;
+                if (continueHash)
+                    this.$window.location = continueHash;
+                else
+                    this.$state.go('home');
+            });
+        }).catch(() => {});
    }

    logout() {