refactor(vnUser): refs #7792 use twoFactorFk and add foreignKey #2937
|
@ -33,7 +33,7 @@ module.exports = Self => {
|
|||
|
||||
const where = Self.userUses(user);
|
||||
const vnUser = await Self.findOne({
|
||||
fields: ['id', 'name', 'password', 'active', 'email', 'passExpired', 'twoFactorFk'],
|
||||
fields: ['id', 'name', 'password', 'active', 'email', 'passExpired', 'twoFactor'],
|
||||
where
|
||||
}, myOptions);
|
||||
|
||||
|
@ -46,7 +46,7 @@ module.exports = Self => {
|
|||
await Self.sendTwoFactor(ctx, vnUser, myOptions);
|
||||
await Self.passExpired(vnUser, myOptions);
|
||||
|
||||
if (vnUser.twoFactorFk)
|
||||
if (vnUser.twoFactor)
|
||||
throw new ForbiddenError(null, 'REQUIRES_2FA');
|
||||
}
|
||||
return Self.validateLogin(user, password, ctx);
|
||||
|
@ -58,13 +58,13 @@ module.exports = Self => {
|
|||
|
||||
if (vnUser.passExpired && vnUser.passExpired.getTime() <= today.getTime()) {
|
||||
const err = new UserError('Pass expired', 'passExpired');
|
||||
err.details = {userId: vnUser.id, twoFactorFk: vnUser.twoFactorFk ? true : false};
|
||||
err.details = {userId: vnUser.id, twoFactor: vnUser.twoFactor ? true : false};
|
||||
throw err;
|
||||
}
|
||||
};
|
||||
|
||||
Self.sendTwoFactor = async(ctx, vnUser, myOptions) => {
|
||||
if (vnUser.twoFactorFk === 'email') {
|
||||
if (vnUser.twoFactor === 'email') {
|
||||
const $ = Self.app.models;
|
||||
|
||||
const min = 100000;
|
||||
|
|
|
@ -70,7 +70,7 @@ describe('VnUser Sign-in()', () => {
|
|||
let error;
|
||||
try {
|
||||
const options = {transaction: tx};
|
||||
await employee.updateAttribute('twoFactorFk', 'email', options);
|
||||
await employee.updateAttribute('twoFactor', 'email', options);
|
||||
|
||||
await VnUser.signIn(unAuthCtx, 'employee', 'nightmare', options);
|
||||
await tx.rollback();
|
||||
|
|
|
@ -25,8 +25,8 @@ module.exports = Self => {
|
|||
type: 'string',
|
||||
description: 'The user lang'
|
||||
}, {
|
||||
arg: 'twoFactorFk',
|
||||
type: 'any',
|
||||
arg: 'twoFactor',
|
||||
type: 'string',
|
||||
description: 'The user twoFactor'
|
||||
}
|
||||
],
|
||||
|
@ -36,8 +36,8 @@ module.exports = Self => {
|
|||
}
|
||||
});
|
||||
|
||||
Self.updateUser = async(ctx, id, name, nickname, email, lang, twoFactorFk) => {
|
||||
Self.updateUser = async(ctx, id, name, nickname, email, lang, twoFactor) => {
|
||||
await Self.userSecurity(ctx, id);
|
||||
await Self.upsertWithWhere({id}, {name, nickname, email, lang, twoFactorFk});
|
||||
await Self.upsertWithWhere({id}, {name, nickname, email, lang, twoFactor});
|
||||
};
|
||||
};
|
||||
|
|
|
@ -55,7 +55,7 @@ module.exports = Self => {
|
|||
throw new UserError('Invalid or expired verification code');
|
||||
|
||||
const user = await Self.findById(authCode.userFk, {
|
||||
fields: ['name', 'twoFactorFk']
|
||||
fields: ['name', 'twoFactor']
|
||||
}, myOptions);
|
||||
|
||||
if (user.name.toLowerCase() !== username.toLowerCase())
|
||||
|
|
|
@ -58,6 +58,9 @@
|
|||
},
|
||||
"passExpired": {
|
||||
"type": "date"
|
||||
},
|
||||
"twoFactor": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"relations": {
|
||||
|
@ -86,11 +89,6 @@
|
|||
"type": "hasOne",
|
||||
"model": "UserConfig",
|
||||
"foreignKey": "userFk"
|
||||
},
|
||||
"twoFactor": {
|
||||
"type": "belongsTo",
|
||||
"model": "TwoFactorType",
|
||||
"foreignKey": "twoFactorFk"
|
||||
}
|
||||
},
|
||||
"acls": [
|
||||
|
@ -168,7 +166,7 @@
|
|||
"realm",
|
||||
"email",
|
||||
"emailVerified",
|
||||
"twoFactorFk"
|
||||
"twoFactor"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,10 +7,10 @@ BEGIN
|
|||
UPDATE vn.department_recalc SET isChanged = TRUE;
|
||||
END IF;
|
||||
|
||||
IF !(OLD.twoFactorFk <=> NEW.twoFactorFk) THEN
|
||||
IF !(OLD.twoFactor <=> NEW.twoFactor) THEN
|
||||
UPDATE account.user u
|
||||
JOIN vn.workerDepartment wd ON wd.workerFk = u.id
|
||||
SET u.twoFactorFk = NEW.twoFactorFk
|
||||
SET u.twoFactor = NEW.twoFactor
|
||||
WHERE wd.departmentFk = NEW.id;
|
||||
END IF;
|
||||
END$$
|
||||
|
|
|
@ -4,23 +4,23 @@ CREATE OR REPLACE TABLE account.twoFactorType (
|
|||
PRIMARY KEY (`code`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci;
|
||||
|
||||
ALTER TABLE account.user ADD twoFactorFk varchar(20) NULL;
|
||||
ALTER TABLE account.user ADD CONSTRAINT user_twoFactor_fk FOREIGN KEY (twoFactorFk) REFERENCES account.twoFactorType(code) ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
ALTER TABLE account.user ADD twoFactor varchar(20) NULL;
|
||||
ALTER TABLE account.user ADD CONSTRAINT user_twoFactor_fk FOREIGN KEY (twoFactor) REFERENCES account.twoFactorType(code) ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
|
||||
ALTER TABLE vn.department ADD twoFactorFk varchar(20) NULL;
|
||||
ALTER TABLE vn.department ADD CONSTRAINT department_twoFactor_fk FOREIGN KEY (twoFactorFk) REFERENCES account.twoFactorType(code) ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
ALTER TABLE vn.department ADD twoFactor varchar(20) NULL;
|
||||
ALTER TABLE vn.department ADD CONSTRAINT department_twoFactor_fk FOREIGN KEY (twoFactor) REFERENCES account.twoFactorType(code) ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
|
||||
INSERT INTO account.twoFactorType (code, description)
|
||||
VALUES('email', 'Envia un código por email');
|
||||
|
||||
UPDATE account.`user` u
|
||||
JOIN account.`user` u2 ON u.id = u2.id
|
||||
SET u.twoFactorFk = u.twoFactor
|
||||
SET u.twoFactor = u.twoFactor
|
||||
WHERE u2.twoFactor IS NOT NULL;
|
||||
|
||||
UPDATE vn.`department` d
|
||||
JOIN vn.`department` d2 ON d.id = d2.id
|
||||
SET d.twoFactorFk = d.twoFactor
|
||||
SET d.twoFactor = d.twoFactor
|
||||
WHERE d2.twoFactor IS NOT NULL;
|
||||
|
||||
ALTER TABLE account.user CHANGE twoFactor twoFactor__ enum('email') CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci DEFAULT NULL NULL COMMENT 'Deprecated 2024-09-09';
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
autocomplete="false">
|
||||
</vn-textfield>
|
||||
<vn-textfield
|
||||
ng-if="$ctrl.$state.params.twoFactorFk == 'true'"
|
||||
ng-if="$ctrl.$state.params.twoFactor == 'true'"
|
||||
label="Verification code"
|
||||
ng-model="$ctrl.code"
|
||||
vn-name="code"
|
||||
|
|
|
@ -37,13 +37,13 @@ module.exports = Self => {
|
|||
Object.assign(myOptions, options);
|
||||
|
||||
const {VnUser} = Self.app.models;
|
||||
const user = await VnUser.findById(userId, {fields: ['name', 'twoFactorFk']}, myOptions);
|
||||
const user = await VnUser.findById(userId, {fields: ['name', 'twoFactor']}, myOptions);
|
||||
await user.hasPassword(oldPassword);
|
||||
|
||||
if (oldPassword == newPassword)
|
||||
throw new UserError(`You can not use the same password`);
|
||||
|
||||
if (user.twoFactorFk)
|
||||
if (user.twoFactor)
|
||||
await VnUser.validateCode(user.name, code, myOptions);
|
||||
|
||||
await VnUser.changePassword(userId, oldPassword, newPassword, myOptions);
|
||||
|
|
|
@ -75,7 +75,7 @@ describe('account changePassword()', () => {
|
|||
await models.VnUser.updateAll(
|
||||
{id: 70},
|
||||
{
|
||||
twoFactorFk: 'email',
|
||||
twoFactor: 'email',
|
||||
passExpired: yesterday
|
||||
}
|
||||
, options);
|
||||
|
|
|
@ -50,9 +50,6 @@
|
|||
"SipConfig": {
|
||||
"dataSource": "vn"
|
||||
},
|
||||
"TwoFactorType": {
|
||||
"dataSource": "vn"
|
||||
},
|
||||
"UserLog": {
|
||||
"dataSource": "vn"
|
||||
},
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
{
|
||||
"name": "TwoFactorType",
|
||||
"base": "VnModel",
|
||||
"options": {
|
||||
"mysql": {
|
||||
"table": "account.twoFactorType"
|
||||
}
|
||||
},
|
||||
"properties": {
|
||||
"code": {
|
||||
"type": "string",
|
||||
"id": true
|
||||
},
|
||||
"description": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"acls": [
|
||||
{
|
||||
"accessType": "READ",
|
||||
"principalType": "ROLE",
|
||||
"principalId": "$everyone",
|
||||
"permission": "ALLOW"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -38,7 +38,6 @@ fixtures:
|
|||
- userPassword
|
||||
- accountConfig
|
||||
- mailConfig
|
||||
- twoFactorType
|
||||
salix:
|
||||
- ACL
|
||||
- fieldAcl
|
||||
|
|
Loading…
Reference in New Issue