jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

merge userdb.js into users.js

Browse Source
This commit is contained in:
Girish Ramakrishnan
2021-07-15 09:50:11 -07:00
parent 2840bba4bf
commit a1c61facdc
27 changed files with 1021 additions and 1456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
src/routes/users.js
View File

@@ -4,9 +4,9 @@ exports = module.exports = {
get,
update,
list,
create,
add,
del,
changePassword,
setPassword,
verifyPassword,
createInvite,
sendInvite,
@@ -21,24 +21,24 @@ exports = module.exports = {
const assert = require('assert'),
auditSource = require('../auditsource.js'),
BoxError = require('../boxerror.js'),
groups = require('../groups.js'),
HttpError = require('connect-lastmile').HttpError,
HttpSuccess = require('connect-lastmile').HttpSuccess,
safe = require('safetydance'),
users = require('../users.js');
function load(req, res, next) {
async function load(req, res, next) {
assert.strictEqual(typeof req.params.userId, 'string');
users.get(req.params.userId, function (error, result) {
if (error) return next(BoxError.toHttpError(error));
const [error, result] = await safe(users.get(req.params.userId));
if (error) return next(BoxError.toHttpError(error));
if (!result) return next(new HttpError(404, 'User not found'));
req.resource = result;
req.resource = result;
next();
});
next();
}
function create(req, res, next) {
async function add(req, res, next) {
assert.strictEqual(typeof req.body, 'object');
if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
@@ -50,19 +50,18 @@ function create(req, res, next) {
if (users.compareRoles(req.user.role, req.body.role) < 0) return next(new HttpError(403, `role '${req.body.role}' is required but you are only '${req.user.role}'`));
}
var password = req.body.password || null;
var email = req.body.email;
var username = 'username' in req.body ? req.body.username : null;
var displayName = req.body.displayName || '';
const password = req.body.password || null;
const email = req.body.email;
const username = 'username' in req.body ? req.body.username : null;
const displayName = req.body.displayName || '';
users.create(username, password, email, displayName, { invitor: req.user, role: req.body.role || users.ROLE_USER }, auditSource.fromRequest(req), function (error, user) {
if (error) return next(BoxError.toHttpError(error));
const [error, user] = await safe(users.add(email, { username, password, displayName, invitor: req.user, role: req.body.role || users.ROLE_USER }, auditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(201, users.removePrivateFields(user)));
});
next(new HttpSuccess(201, users.removePrivateFields(user)));
}
function update(req, res, next) {
async function update(req, res, next) {
assert.strictEqual(typeof req.resource, 'object');
assert.strictEqual(typeof req.user, 'object');
assert.strictEqual(typeof req.body, 'object');
@@ -86,29 +85,27 @@ function update(req, res, next) {
if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but you are only '${req.user.role}'`));
users.update(req.resource, req.body, auditSource.fromRequest(req), function (error) {
if (error) return next(BoxError.toHttpError(error));
const [error] = await safe(users.update(req.resource, req.body, auditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(204));
});
next(new HttpSuccess(204));
}
function list(req, res, next) {
var page = typeof req.query.page !== 'undefined' ? parseInt(req.query.page) : 1;
async function list(req, res, next) {
const page = typeof req.query.page !== 'undefined' ? parseInt(req.query.page) : 1;
if (!page || page < 0) return next(new HttpError(400, 'page query param has to be a postive number'));
var perPage = typeof req.query.per_page !== 'undefined'? parseInt(req.query.per_page) : 25;
const perPage = typeof req.query.per_page !== 'undefined'? parseInt(req.query.per_page) : 25;
if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
if (req.query.search && typeof req.query.search !== 'string') return next(new HttpError(400, 'search must be a string'));
users.getAllPaged(req.query.search || null, page, perPage, function (error, results) {
if (error) return next(BoxError.toHttpError(error));
let [error, results] = await safe(users.getAllPaged(req.query.search || null, page, perPage));
if (error) return next(BoxError.toHttpError(error));
results = results.map(users.removeRestrictedFields);
results = results.map(users.removeRestrictedFields);
next(new HttpSuccess(200, { users: results }));
});
next(new HttpSuccess(200, { users: results }));
}
function get(req, res, next) {
@@ -130,30 +127,28 @@ async function del(req, res, next) {
next(new HttpSuccess(204));
}
function verifyPassword(req, res, next) {
async function verifyPassword(req, res, next) {
assert.strictEqual(typeof req.body, 'object');
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));
users.verifyWithUsername(req.user.username, req.body.password, users.AP_WEBADMIN, function (error) {
if (error) return next(BoxError.toHttpError(error));
const [error] = await safe(users.verifyWithUsername(req.user.username, req.body.password, users.AP_WEBADMIN));
if (error) return next(BoxError.toHttpError(error));
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password
next();
});
next();
}
function createInvite(req, res, next) {
async function createInvite(req, res, next) {
assert.strictEqual(typeof req.resource, 'object');
if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`));
users.createInvite(req.resource, function (error, result) {
if (error) return next(BoxError.toHttpError(error));
const [error, result] = await safe(users.createInvite(req.resource, auditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(200, result));
});
next(new HttpSuccess(200, result));
}
function disableTwoFactorAuthentication(req, res, next) {
@@ -168,16 +163,15 @@ function disableTwoFactorAuthentication(req, res, next) {
});
}
function sendInvite(req, res, next) {
async function sendInvite(req, res, next) {
assert.strictEqual(typeof req.resource, 'object');
if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`));
users.sendInvite(req.resource, { invitor: req.user }, function (error) {
if (error) return next(BoxError.toHttpError(error));
const [error] = await safe(users.sendInvite(req.resource, { invitor: req.user }));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(200, { }));
});
next(new HttpSuccess(200, { }));
}
async function setGroups(req, res, next) {
@@ -187,38 +181,35 @@ async function setGroups(req, res, next) {
if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`));
const [error] = await safe(users.setMembership(req.resource, req.body.groupIds));
const [error] = await safe(groups.setMembership(req.resource.id, req.body.groupIds));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(204));
}
function changePassword(req, res, next) {
async function setPassword(req, res, next) {
assert.strictEqual(typeof req.body, 'object');
assert.strictEqual(typeof req.resource, 'object');
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string'));
if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`));
users.setPassword(req.resource, req.body.password, function (error) {
if (error) return next(BoxError.toHttpError(error));
const [error] = await safe(users.setPassword(req.resource, req.body.password, auditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(204));
});
next(new HttpSuccess(204));
}
// This route transfers ownership from token user to user specified in path param
function makeOwner(req, res, next) {
async function makeOwner(req, res, next) {
assert.strictEqual(typeof req.resource, 'object');
// first make new one owner, then devote current one
users.update(req.resource, { role: users.ROLE_OWNER }, auditSource.fromRequest(req), function (error) {
if (error) return next(BoxError.toHttpError(error));
// first make new one owner, then demote current one
let [error] = await safe(users.update(req.resource, { role: users.ROLE_OWNER }, auditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
users.update(req.user, { role: users.ROLE_USER }, auditSource.fromRequest(req), function (error) {
if (error) return next(BoxError.toHttpError(error));
[error] = await safe(users.update(req.user, { role: users.ROLE_USER }, auditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(204));
});
});
next(new HttpSuccess(204));
}