jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Set inviteToken on user creation

Browse Source
This commit is contained in:
Johannes Zellner
2021-10-01 14:45:26 +02:00
parent 4ce21f643e
commit 885ea259d7
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/users.js
View File

@@ -226,15 +226,15 @@ async function add(email, data, auditSource) {
password: Buffer.from(derivedKey, 'binary').toString('hex'),
salt: salt.toString('hex'),
resetToken: '',
inviteToken: '',
inviteToken: hat(256), // new users start out with invite tokens
displayName: displayName,
source: source,
role: role,
avatar: constants.AVATAR_NONE
};
const query = 'INSERT INTO users (id, username, password, email, fallbackEmail, salt, resetToken, displayName, source, role, avatar) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
const args = [ user.id, user.username, user.password, user.email, user.fallbackEmail, user.salt, user.resetToken, user.displayName, user.source, user.role, user.avatar ];
const query = 'INSERT INTO users (id, username, password, email, fallbackEmail, salt, resetToken, inviteToken, displayName, source, role, avatar) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
const args = [ user.id, user.username, user.password, user.email, user.fallbackEmail, user.salt, user.resetToken, user.inviteToken, user.displayName, user.source, user.role, user.avatar ];
[error] = await safe(database.query(query, args));
if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'email already exists');
@@ -710,10 +710,12 @@ async function sendInvite(user, options, auditSource) {
if (user.source) throw new BoxError(BoxError.CONFLICT, 'User is from an external directory');
const inviteToken = hat(256);
user.inviteToken = inviteToken;
await update(user, { inviteToken }, auditSource);
// not sure if this can ever be the case
if (!user.inviteToken) {
const inviteToken = hat(256);
user.inviteToken = inviteToken;
await update(user, { inviteToken }, auditSource);
}
const directoryConfig = await settings.getDirectoryConfig();
let inviteLink = `${settings.dashboardOrigin()}/setupaccount.html?inviteToken=${user.inviteToken}&email=${encodeURIComponent(user.email)}`;