jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

user: load the resource with middleware

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-02-13 20:45:00 -08:00
parent 938ca6402c
commit d1911be28c
9 changed files with 120 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
src/users.js
View File

@@ -301,21 +301,17 @@ function verifyWithEmail(email, password, identifier, callback) {
});
}
function removeUser(userId, auditSource, callback) {
assert.strictEqual(typeof userId, 'string');
function removeUser(user, auditSource, callback) {
assert.strictEqual(typeof user, 'object');
assert(auditSource && typeof auditSource === 'object');
assert.strictEqual(typeof callback, 'function');
get(userId, function (error, user) {
if (settings.isDemo() && user.username === constants.DEMO_USERNAME) return callback(new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode'));
userdb.del(user.id, function (error) {
if (error) return callback(error);
if (settings.isDemo() && user.username === constants.DEMO_USERNAME) return callback(new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode'));
userdb.del(userId, function (error) {
if (error) return callback(error);
eventlog.add(eventlog.ACTION_USER_REMOVE, auditSource, { userId: userId, user: removePrivateFields(user) }, callback);
});
eventlog.add(eventlog.ACTION_USER_REMOVE, auditSource, { userId: user.id, user: removePrivateFields(user) }, callback);
});
}
@@ -404,8 +400,8 @@ function getByUsername(username, callback) {
});
}
function updateUser(userId, data, auditSource, callback) {
assert.strictEqual(typeof userId, 'string');
function updateUser(user, data, auditSource, callback) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof data, 'object');
assert(auditSource && typeof auditSource === 'object');
assert.strictEqual(typeof callback, 'function');
@@ -433,34 +429,30 @@ function updateUser(userId, data, auditSource, callback) {
if (error) return callback(error);
}
userdb.get(userId, function (error, oldUser) {
userdb.update(user.id, data, function (error) {
if (error) return callback(error);
userdb.update(userId, data, function (error) {
get(user.id, function (error, result) {
if (error) return callback(error);
callback(null);
get(userId, function (error, result) {
if (error) return callback(error);
eventlog.add(eventlog.ACTION_USER_UPDATE, auditSource, {
userId: userId,
user: removePrivateFields(result),
adminStatusChanged: ((result.admin && !oldUser.admin) || (!result.admin && oldUser.admin)),
activeStatusChanged: ((result.active && !oldUser.active) || (!result.active && oldUser.active))
});
eventlog.add(eventlog.ACTION_USER_UPDATE, auditSource, {
userId: user.id,
user: removePrivateFields(result),
adminStatusChanged: ((result.admin && !user.admin) || (!result.admin && user.admin)),
activeStatusChanged: ((result.active && !user.active) || (!result.active && user.active))
});
callback(null);
});
});
}
function setMembership(userId, groupIds, callback) {
assert.strictEqual(typeof userId, 'string');
function setMembership(user, groupIds, callback) {
assert.strictEqual(typeof user, 'object');
assert(Array.isArray(groupIds));
assert.strictEqual(typeof callback, 'function');
groups.setMembership(userId, groupIds, function (error) {
groups.setMembership(user.id, groupIds, function (error) {
if (error) return callback(error);
callback(null);
@@ -500,33 +492,31 @@ function resetPasswordByIdentifier(identifier, callback) {
});
}
function setPassword(userId, newPassword, callback) {
assert.strictEqual(typeof userId, 'string');
function setPassword(user, newPassword, callback) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof newPassword, 'string');
assert.strictEqual(typeof callback, 'function');
var error = validatePassword(newPassword);
if (error) return callback(error);
userdb.get(userId, function (error, user) {
if (error) return callback(error);
if (settings.isDemo() && user.username === constants.DEMO_USERNAME) return callback(new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode'));
if (user.source) return callback(new BoxError(BoxError.CONFLICT, 'User is from an external directory'));
if (settings.isDemo() && user.username === constants.DEMO_USERNAME) return callback(new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode'));
if (user.source) return callback(new BoxError(BoxError.CONFLICT, 'User is from an external directory'));
var saltBuffer = Buffer.from(user.salt, 'hex');
crypto.pbkdf2(newPassword, saltBuffer, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST, function (error, derivedKey) {
if (error) return callback(new BoxError(BoxError.CRYPTO_ERROR, error));
var saltBuffer = Buffer.from(user.salt, 'hex');
crypto.pbkdf2(newPassword, saltBuffer, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST, function (error, derivedKey) {
if (error) return callback(new BoxError(BoxError.CRYPTO_ERROR, error));
let data = {
modifiedAt: (new Date()).toISOString(),
password: Buffer.from(derivedKey, 'binary').toString('hex'),
resetToken: ''
};
user.modifiedAt = (new Date()).toISOString();
user.password = Buffer.from(derivedKey, 'binary').toString('hex');
user.resetToken = '';
userdb.update(user.id, data, function (error) {
if (error) return callback(error);
userdb.update(userId, user, function (error) {
if (error) return callback(error);
callback();
});
callback();
});
});
}
@@ -571,40 +561,33 @@ function inviteLink(user) {
return link;
}
function createInvite(userId, callback) {
assert.strictEqual(typeof userId, 'string');
function createInvite(user, callback) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof callback, 'function');
userdb.get(userId, function (error, userObject) {
if (user.source) return callback(new BoxError(BoxError.CONFLICT, 'User is from an external directory'));
let resetToken = hat(256);
user.resetToken = resetToken;
userdb.update(user.id, { resetToken }, function (error) {
if (error) return callback(error);
if (userObject.source) return callback(new BoxError(BoxError.CONFLICT, 'User is from an external directory'));
userObject.resetToken = hat(256);
userdb.update(userId, userObject, function (error) {
if (error) return callback(error);
callback(null, { resetToken: userObject.resetToken, inviteLink: inviteLink(userObject) });
});
callback(null, { resetToken: user.resetToken, inviteLink: inviteLink(user) });
});
}
function sendInvite(userId, options, callback) {
assert.strictEqual(typeof userId, 'string');
function sendInvite(user, options, callback) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof options, 'object');
assert.strictEqual(typeof callback, 'function');
userdb.get(userId, function (error, userObject) {
if (error) return callback(error);
if (user.source) return callback(new BoxError(BoxError.CONFLICT, 'User is from an external directory'));
if (!user.resetToken) return callback(new BoxError(BoxError.CONFLICT, 'Must generate resetToken to send invitation'));
if (userObject.source) return callback(new BoxError(BoxError.CONFLICT, 'User is from an external directory'));
if (!userObject.resetToken) return callback(new BoxError(BoxError.CONFLICT, 'Must generate resetToken to send invitation'));
mailer.sendInvite(user, options.invitor || null, inviteLink(user));
mailer.sendInvite(userObject, options.invitor || null, inviteLink(userObject));
callback(null);
});
callback(null);
}
function setTwoFactorAuthenticationSecret(userId, callback) {