1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00

feat: Improve security of access tokens (#279)

Closes #275
This commit is contained in:
SimonTagne 2022-08-09 18:03:21 +02:00 committed by GitHub
parent 77ac2cf1b1
commit 2b4c2b0f49
40 changed files with 273 additions and 133 deletions

View file

@ -1,6 +1,7 @@
const path = require('path');
const bcrypt = require('bcrypt');
const rimraf = require('rimraf');
const { v4: uuid } = require('uuid');
module.exports = {
inputs: {
@ -35,6 +36,10 @@ module.exports = {
},
required: true,
},
user: {
type: 'ref',
required: true,
},
request: {
type: 'ref',
},
@ -54,8 +59,10 @@ module.exports = {
let isOnlyPasswordChange = false;
if (!_.isUndefined(inputs.values.password)) {
// eslint-disable-next-line no-param-reassign
inputs.values.password = bcrypt.hashSync(inputs.values.password, 10);
Object.assign(inputs.values, {
password: bcrypt.hashSync(inputs.values.password, 10),
passwordChangedAt: new Date().toUTCString(),
});
if (Object.keys(inputs.values).length === 1) {
isOnlyPasswordChange = true;
@ -103,6 +110,29 @@ module.exports = {
}
}
if (!_.isUndefined(inputs.values.password)) {
sails.sockets.broadcast(
`user:${user.id}`,
'userDelete', // TODO: introduce separate event
{
item: user,
},
inputs.request,
);
if (user.id === inputs.user.id && inputs.request && inputs.request.isSocket) {
const tempRoom = uuid();
sails.sockets.addRoomMembersToRooms(`user:${user.id}`, tempRoom, () => {
sails.sockets.leave(inputs.request, tempRoom, () => {
sails.sockets.leaveAll(tempRoom);
});
});
} else {
sails.sockets.leaveAll(`user:${user.id}`);
}
}
if (!isOnlyPasswordChange) {
/* const projectIds = await sails.helpers.users.getManagerProjectIds(user.id);