jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

lint

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-05-25 13:42:29 +02:00
parent 36887abf88
commit 9054f30aef
2 changed files with 30 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
src/users.js
View File

@@ -205,7 +205,8 @@ async function add(email, data, auditSource) {
assert.strictEqual(typeof data.displayName, 'string');
if ('fallbackEmail' in data) assert.strictEqual(typeof data.fallbackEmail, 'string');
let { username, password, displayName } = data;
const { displayName } = data;
let { username, password } = data;
let fallbackEmail = data.fallbackEmail || '';
const source = data.source || ''; // empty is local user
const role = data.role || exports.ROLE_USER;
@@ -241,26 +242,24 @@ async function add(email, data, auditSource) {
error = validateRole(role);
if (error) throw error;
let salt, derivedKey;
const [randomBytesError, salt] = await safe(randomBytesAsync(CRYPTO_SALT_SIZE));
if (randomBytesError) throw new BoxError(BoxError.CRYPTO_ERROR, randomBytesError);
[error, salt] = await safe(randomBytesAsync(CRYPTO_SALT_SIZE));
if (error) throw new BoxError(BoxError.CRYPTO_ERROR, error);
[error, derivedKey] = await safe(pbkdf2Async(password, salt, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
if (error) throw new BoxError(BoxError.CRYPTO_ERROR, error);
const [pbkdf2Error, derivedKey] = await safe(pbkdf2Async(password, salt, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
if (pbkdf2Error) throw new BoxError(BoxError.CRYPTO_ERROR, pbkdf2Error);
const user = {
id: 'uid-' + uuid.v4(),
username: username,
email: email,
fallbackEmail: fallbackEmail,
username,
email,
fallbackEmail,
password: Buffer.from(derivedKey, 'binary').toString('hex'),
salt: salt.toString('hex'),
resetToken: '',
inviteToken: hat(256), // new users start out with invite tokens
displayName: displayName,
source: source,
role: role,
displayName,
source,
role,
avatar: constants.AVATAR_NONE,
language: ''
};
@@ -591,8 +590,6 @@ async function update(user, data, auditSource) {
if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
let error, result;
if (_.isEmpty(data)) return;
if (data.username) {
@@ -600,34 +597,33 @@ async function update(user, data, auditSource) {
// already know about it
if (user.username) throw new BoxError(BoxError.CONFLICT, 'Username cannot be changed');
data.username = data.username.toLowerCase();
error = validateUsername(data.username);
const error = validateUsername(data.username);
if (error) throw error;
}
if (data.email) {
data.email = data.email.toLowerCase();
error = validateEmail(data.email);
const error = validateEmail(data.email);
if (error) throw error;
}
if (data.fallbackEmail) {
data.fallbackEmail = data.fallbackEmail.toLowerCase();
error = validateEmail(data.fallbackEmail);
const error = validateEmail(data.fallbackEmail);
if (error) throw error;
}
if (data.role) {
error = validateRole(data.role);
const error = validateRole(data.role);
if (error) throw error;
}
if (data.language) {
error = await validateLanguage(data.language);
const error = await validateLanguage(data.language);
if (error) throw error;
}
let args = [];
let fields = [];
const args = [], fields = [];
for (const k in data) {
if (k === 'twoFactorAuthenticationEnabled' || k === 'active') {
fields.push(k + ' = ?');
@@ -642,7 +638,7 @@ async function update(user, data, auditSource) {
}
args.push(user.id);
[error, result] = await safe(database.query('UPDATE users SET ' + fields.join(', ') + ' WHERE id = ?', args));
const [error, result] = await safe(database.query('UPDATE users SET ' + fields.join(', ') + ' WHERE id = ?', args));
if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'email already exists');
if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_username') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'username already exists');
if (error) throw new BoxError(BoxError.DATABASE_ERROR, error);
@@ -785,17 +781,17 @@ async function setPassword(user, newPassword, auditSource) {
assert.strictEqual(typeof newPassword, 'string');
assert.strictEqual(typeof auditSource, 'object');
let error = validatePassword(newPassword);
const error = validatePassword(newPassword);
if (error) throw error;
if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
if (user.source) throw new BoxError(BoxError.CONFLICT, 'User is from an external directory');
let salt, derivedKey;
[error, salt] = await safe(randomBytesAsync(CRYPTO_SALT_SIZE));
const [randomBytesError, salt] = await safe(randomBytesAsync(CRYPTO_SALT_SIZE));
if (randomBytesError) throw new BoxError(BoxError.CRYPTO_ERROR, randomBytesError);
[error, derivedKey] = await safe(pbkdf2Async(newPassword, salt, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
if (error) throw new BoxError(BoxError.CRYPTO_ERROR, error);
const [pbkdf2Error, derivedKey] = await safe(pbkdf2Async(newPassword, salt, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
if (pbkdf2Error) throw new BoxError(BoxError.CRYPTO_ERROR, pbkdf2Error);
const data = {
salt: salt.toString('hex'),