planka/server/api/helpers/users/update-one.js

/*!
 * Copyright (c) 2024 PLANKA Software GmbH
 * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
 */

const bcrypt = require('bcrypt');
const { v4: uuid } = require('uuid');

module.exports = {
  inputs: {
    record: {
      type: 'ref',
      required: true,
    },
    values: {
      type: 'json',
      required: true,
    },
    actorUser: {
      type: 'ref',
      required: true,
    },
    request: {
      type: 'ref',
    },
  },

  exits: {
    emailAlreadyInUse: {},
    usernameAlreadyInUse: {},
    activeLimitReached: {},
  },

  async fn(inputs) {
    const { values } = inputs;

    if (!_.isUndefined(values.email)) {
      values.email = values.email.toLowerCase();
    }

    let isOnlyEmailChange = false;
    let isOnlyPasswordChange = false;
    let isOnlyPersonalFieldsChange = false;
    let isDeactivatedChangeToTrue = false;

    if (!_.isUndefined(values.email) && Object.keys(values).length === 1) {
      isOnlyEmailChange = true;
    }

    if (_.difference(Object.keys(values), User.PERSONAL_FIELD_NAMES).length === 0) {
      isOnlyPersonalFieldsChange = true;
    }

    if (!_.isUndefined(values.password)) {
      if (Object.keys(values).length === 1) {
        isOnlyPasswordChange = true;
      }

      values.password = await bcrypt.hash(values.password, 10);
      values.passwordChangedAt = new Date().toUTCString(); // FIXME: hack
    }

    if (values.username) {
      values.username = values.username.toLowerCase();
    }

    if (values.isDeactivated && values.isDeactivated !== inputs.record.isDeactivated) {
      isDeactivatedChangeToTrue = true;
    }

    let user;
    try {
      user = await User.qm.updateOne(inputs.record.id, values);
    } catch (error) {
      if (error.code === 'E_UNIQUE') {
        throw 'emailAlreadyInUse';
      }

      if (
        error.name === 'AdapterError' &&
        error.raw.constraint === 'user_account_username_unique'
      ) {
        throw 'usernameAlreadyInUse';
      }

      if (error.message === 'activeLimitReached') {
        throw 'activeLimitReached';
      }

      throw error;
    }

    if (user) {
      if (inputs.record.avatar) {
        if (!user.avatar || user.avatar.dirname !== inputs.record.avatar.dirname) {
          sails.helpers.users.removeRelatedFiles(inputs.record);
        }
      }

      if (!_.isUndefined(values.password) || isDeactivatedChangeToTrue) {
        sails.sockets.broadcast(
          `user:${user.id}`,
          'userDelete', // TODO: introduce separate event
          {
            item: sails.helpers.users.presentOne(user, user),
          },
          inputs.request,
        );

        if (
          !isDeactivatedChangeToTrue &&
          user.id === inputs.actorUser.id &&
          inputs.request &&
          inputs.request.isSocket
        ) {
          const tempRoom = uuid();

          sails.sockets.addRoomMembersToRooms(`@user:${user.id}`, tempRoom, () => {
            sails.sockets.leave(inputs.request, tempRoom, () => {
              sails.sockets.leaveAll(tempRoom);
            });
          });
        } else {
          sails.sockets.leaveAll(`@user:${user.id}`);
        }
      }

      if (!isOnlyPasswordChange) {
        if (isOnlyPersonalFieldsChange) {
          sails.sockets.broadcast(
            `user:${user.id}`,
            'userUpdate',
            {
              item: sails.helpers.users.presentOne(user, user),
            },
            inputs.request,
          );
        } else {
          const scoper = sails.helpers.users.makeScoper(user);
          const privateUserRelatedUserIds = await scoper.getPrivateUserRelatedUserIds();

          privateUserRelatedUserIds.forEach((userId) => {
            sails.sockets.broadcast(
              `user:${userId}`,
              'userUpdate',
              {
                // FIXME: hack
                item: sails.helpers.users.presentOne(user, {
                  id: userId,
                  role: User.Roles.ADMIN,
                }),
              },
              inputs.request,
            );
          });

          if (!isOnlyEmailChange) {
            if (inputs.record.role === User.Roles.ADMIN && user.role !== User.Roles.ADMIN) {
              const managerProjectIds = await sails.helpers.users.getManagerProjectIds(user.id);

              const sharedProjects = await Project.qm.getShared({
                exceptIdOrIds: managerProjectIds,
              });

              const projectIds = sails.helpers.utils.mapRecords(sharedProjects);

              const boards = await Board.qm.getByProjectIds(projectIds);
              const boardIds = sails.helpers.utils.mapRecords(boards);

              const boardMemberships = await BoardMembership.qm.getByBoardIdsAndUserId(
                boardIds,
                user.id,
              );

              const missingBoardIds = _.difference(
                boardIds,
                sails.helpers.utils.mapRecords(boardMemberships, 'boardId'),
              );

              missingBoardIds.forEach((boardId) => {
                sails.sockets.removeRoomMembersFromRooms(`@user:${user.id}`, `board:${boardId}`);
              });
            }

            const publicUserRelatedUserIds = await scoper.getPublicUserRelatedUserIds();

            publicUserRelatedUserIds.forEach((userId) => {
              sails.sockets.broadcast(
                `user:${userId}`,
                'userUpdate',
                {
                  // FIXME: hack
                  item: sails.helpers.users.presentOne(user, {
                    id: userId,
                  }),
                },
                inputs.request,
              );
            });
          }
        }

        const webhooks = await Webhook.qm.getAll();

        sails.helpers.utils.sendWebhooks.with({
          webhooks,
          event: Webhook.Events.USER_UPDATE,
          buildData: () => ({
            item: sails.helpers.users.presentOne(user),
          }),
          buildPrevData: () => ({
            item: sails.helpers.users.presentOne(inputs.record),
          }),
          user: inputs.actorUser,
        });
      }
    }

    return user;
  },
};
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`/*!`
			`* Copyright (c) 2024 PLANKA Software GmbH`
			`* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md`
			`*/`

Initial commit 2019-08-31 04:07:25 +05:00			`const bcrypt = require('bcrypt');`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`const { v4: uuid } = require('uuid');`
Initial commit 2019-08-31 04:07:25 +05:00
			`module.exports = {`
			`inputs: {`
			`record: {`
			`type: 'ref',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
			`values: {`
			`type: 'json',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`actorUser: {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`type: 'ref',`
			`required: true,`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`request: {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`type: 'ref',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`exits: {`
Add username to user 2020-04-03 00:35:25 +05:00			`emailAlreadyInUse: {},`
			`usernameAlreadyInUse: {},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`activeLimitReached: {},`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`async fn(inputs) {`
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`const { values } = inputs;`

			`if (!_.isUndefined(values.email)) {`
			`values.email = values.email.toLowerCase();`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`let isOnlyEmailChange = false;`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`let isOnlyPasswordChange = false;`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`let isOnlyPersonalFieldsChange = false;`
			`let isDeactivatedChangeToTrue = false;`

			`if (!_.isUndefined(values.email) && Object.keys(values).length === 1) {`
			`isOnlyEmailChange = true;`
			`}`

			`if (_.difference(Object.keys(values), User.PERSONAL_FIELD_NAMES).length === 0) {`
			`isOnlyPersonalFieldsChange = true;`
			`}`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`if (!_.isUndefined(values.password)) {`
feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`if (Object.keys(values).length === 1) {`
			`isOnlyPasswordChange = true;`
			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`values.password = await bcrypt.hash(values.password, 10);`
			`values.passwordChangedAt = new Date().toUTCString(); // FIXME: hack`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`if (values.username) {`
			`values.username = values.username.toLowerCase();`
Add username to user 2020-04-03 00:35:25 +05:00			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (values.isDeactivated && values.isDeactivated !== inputs.record.isDeactivated) {`
			`isDeactivatedChangeToTrue = true;`
			`}`

			`let user;`
			`try {`
			`user = await User.qm.updateOne(inputs.record.id, values);`
			`} catch (error) {`
			`if (error.code === 'E_UNIQUE') {`
			`throw 'emailAlreadyInUse';`
			`}`
Initial commit 2019-08-31 04:07:25 +05:00
feat: Preserve original format of images, change interpolation kernel Closes #349 2022-12-24 00:47:59 +01:00			`if (`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`error.name === 'AdapterError' &&`
			`error.raw.constraint === 'user_account_username_unique'`
feat: Preserve original format of images, change interpolation kernel Closes #349 2022-12-24 00:47:59 +01:00			`) {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`throw 'usernameAlreadyInUse';`
			`}`
fix: Secure S3 attachments, bump SDK, refactoring Closes #673 2024-11-12 15:58:22 +01:00
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (error.message === 'activeLimitReached') {`
			`throw 'activeLimitReached';`
			`}`

			`throw error;`
			`}`

			`if (user) {`
			`if (inputs.record.avatar) {`
			`if (!user.avatar \|\| user.avatar.dirname !== inputs.record.avatar.dirname) {`
			`sails.helpers.users.removeRelatedFiles(inputs.record);`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`}`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (!_.isUndefined(values.password) \|\| isDeactivatedChangeToTrue) {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`sails.sockets.broadcast(`
			`user:${user.id}`,
			`'userDelete', // TODO: introduce separate event`
			`{`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`item: sails.helpers.users.presentOne(user, user),`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`},`
			`inputs.request,`
			`);`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (`
			`!isDeactivatedChangeToTrue &&`
			`user.id === inputs.actorUser.id &&`
			`inputs.request &&`
			`inputs.request.isSocket`
			`) {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`const tempRoom = uuid();`

fix: Socket bug fixes and improvements 2022-10-03 12:11:19 +02:00			sails.sockets.addRoomMembersToRooms(`@user:${user.id}`, tempRoom, () => {
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`sails.sockets.leave(inputs.request, tempRoom, () => {`
			`sails.sockets.leaveAll(tempRoom);`
			`});`
			`});`
			`} else {`
fix: Socket bug fixes and improvements 2022-10-03 12:11:19 +02:00			sails.sockets.leaveAll(`@user:${user.id}`);
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`}`
			`}`

Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`if (!isOnlyPasswordChange) {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (isOnlyPersonalFieldsChange) {`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`sails.sockets.broadcast(`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`user:${user.id}`,
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`'userUpdate',`
			`{`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`item: sails.helpers.users.presentOne(user, user),`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`inputs.request,`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`);`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`} else {`
			`const scoper = sails.helpers.users.makeScoper(user);`
			`const privateUserRelatedUserIds = await scoper.getPrivateUserRelatedUserIds();`

			`privateUserRelatedUserIds.forEach((userId) => {`
			`sails.sockets.broadcast(`
			`user:${userId}`,
			`'userUpdate',`
			`{`
			`// FIXME: hack`
			`item: sails.helpers.users.presentOne(user, {`
			`id: userId,`
			`role: User.Roles.ADMIN,`
			`}),`
			`},`
			`inputs.request,`
			`);`
			`});`

			`if (!isOnlyEmailChange) {`
			`if (inputs.record.role === User.Roles.ADMIN && user.role !== User.Roles.ADMIN) {`
			`const managerProjectIds = await sails.helpers.users.getManagerProjectIds(user.id);`

			`const sharedProjects = await Project.qm.getShared({`
			`exceptIdOrIds: managerProjectIds,`
			`});`

			`const projectIds = sails.helpers.utils.mapRecords(sharedProjects);`

			`const boards = await Board.qm.getByProjectIds(projectIds);`
			`const boardIds = sails.helpers.utils.mapRecords(boards);`

			`const boardMemberships = await BoardMembership.qm.getByBoardIdsAndUserId(`
			`boardIds,`
			`user.id,`
			`);`

			`const missingBoardIds = _.difference(`
			`boardIds,`
			`sails.helpers.utils.mapRecords(boardMemberships, 'boardId'),`
			`);`

			`missingBoardIds.forEach((boardId) => {`
			sails.sockets.removeRoomMembersFromRooms(`@user:${user.id}`, `board:${boardId}`);
			`});`
			`}`

			`const publicUserRelatedUserIds = await scoper.getPublicUserRelatedUserIds();`

			`publicUserRelatedUserIds.forEach((userId) => {`
			`sails.sockets.broadcast(`
			`user:${userId}`,
			`'userUpdate',`
			`{`
			`// FIXME: hack`
			`item: sails.helpers.users.presentOne(user, {`
			`id: userId,`
			`}),`
			`},`
			`inputs.request,`
			`);`
			`});`
			`}`
			`}`
feat: Events via webhook (#771) Closes #215, closes #656 2024-06-06 20:22:14 +02:00
feat: Move webhooks configuration from environment variable to UI 2025-07-04 22:04:11 +02:00			`const webhooks = await Webhook.qm.getAll();`

feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`sails.helpers.utils.sendWebhooks.with({`
feat: Move webhooks configuration from environment variable to UI 2025-07-04 22:04:11 +02:00			`webhooks,`
			`event: Webhook.Events.USER_UPDATE,`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`buildData: () => ({`
			`item: sails.helpers.users.presentOne(user),`
			`}),`
			`buildPrevData: () => ({`
			`item: sails.helpers.users.presentOne(inputs.record),`
			`}),`
feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`user: inputs.actorUser,`
			`});`
			`}`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`return user;`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`