Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00
Code Issues Releases Activity

Add email and password change functionality for a current user, remove deep compare hooks

Browse source
This commit is contained in:
Maksim Eltyshev 2019-10-18 08:06:34 +05:00
parent b53e5bf94c
commit 680d664279
67 changed files with 1232 additions and 267 deletions
Download patch file Download diff file Expand all files Collapse all files

83
server/api/controllers/users/update-email.js Normal file
View file

@ -0,0 +1,83 @@
const bcrypt = require('bcrypt');
const Errors = {
USER_NOT_FOUND: {
notFound: 'User is not found'
},
CURRENT_PASSWORD_NOT_VALID: {
forbidden: 'Current password is not valid'
},
USER_EXIST: {
conflict: 'User is already exist'
}
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
required: true
},
email: {
type: 'string',
isEmail: true,
required: true
},
currentPassword: {
type: 'string',
isNotEmptyString: true
}
},
exits: {
notFound: {
responseType: 'notFound'
},
forbidden: {
responseType: 'forbidden'
},
conflict: {
responseType: 'conflict'
}
},
fn: async function(inputs, exits) {
const { currentUser } = this.req;
if (inputs.id === currentUser.id) {
if (!inputs.currentPassword) {
throw Errors.CURRENT_PASSWORD_NOT_VALID;
}
} else if (!currentUser.isAdmin) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.getUser(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
if (
inputs.id === currentUser.id &&
!bcrypt.compareSync(inputs.currentPassword, user.password)
) {
throw Errors.CURRENT_PASSWORD_NOT_VALID;
}
const values = _.pick(inputs, ['email']);
user = await sails.helpers
.updateUser(user, values, this.req)
.intercept('conflict', () => Errors.USER_EXIST);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
return exits.success({
item: user.email
});
}
};

74
server/api/controllers/users/update-password.js Normal file
View file

@ -0,0 +1,74 @@
const bcrypt = require('bcrypt');
const Errors = {
USER_NOT_FOUND: {
notFound: 'User is not found'
},
CURRENT_PASSWORD_NOT_VALID: {
forbidden: 'Current password is not valid'
}
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
required: true
},
password: {
type: 'string',
required: true
},
currentPassword: {
type: 'string',
isNotEmptyString: true
}
},
exits: {
notFound: {
responseType: 'notFound'
},
forbidden: {
responseType: 'forbidden'
}
},
fn: async function(inputs, exits) {
const { currentUser } = this.req;
if (inputs.id === currentUser.id) {
if (!inputs.currentPassword) {
throw Errors.CURRENT_PASSWORD_NOT_VALID;
}
} else if (!currentUser.isAdmin) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.getUser(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
if (
inputs.id === currentUser.id &&
!bcrypt.compareSync(inputs.currentPassword, user.password)
) {
throw Errors.CURRENT_PASSWORD_NOT_VALID;
}
const values = _.pick(inputs, ['password']);
user = await sails.helpers.updateUser(user, values, this.req);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
return exits.success({
item: null
});
}
};

2
server/api/controllers/users/upload-avatar.js
View file

@ -118,7 +118,7 @@ module.exports = {
}
return this.res.json({
item: user
item: user.avatar
});
});
}

56
server/api/helpers/update-user.js
View file

@ -21,19 +21,31 @@ module.exports = {
}
},
exits: {
conflict: {}
},
fn: async function(inputs, exits) {
if (!_.isUndefined(inputs.values.email)) {
inputs.values.email = inputs.values.email.toLowerCase();
}
let isOnlyPasswordChange = false;
if (!_.isUndefined(inputs.values.password)) {
inputs.values.password = bcrypt.hashSync(inputs.values.password, 10);
if (Object.keys(inputs.values).length === 1) {
isOnlyPasswordChange = true;
}
}
const user = await User.updateOne({
id: inputs.record.id,
deletedAt: null
}).set(inputs.values);
})
.set(inputs.values)
.intercept(undefined, 'conflict');
if (user) {
if (inputs.record.avatar && user.avatar !== inputs.record.avatar) {
@ -44,28 +56,30 @@ module.exports = {
} catch (unusedError) {}
}
const adminUserIds = await sails.helpers.getAdminUserIds();
if (!isOnlyPasswordChange) {
const adminUserIds = await sails.helpers.getAdminUserIds();
const projectIds = await sails.helpers.getMembershipProjectIdsForUser(
user.id
);
const userIdsForProject = await sails.helpers.getMembershipUserIdsForProject(
projectIds
);
const userIds = _.union([user.id], adminUserIds, userIdsForProject);
userIds.forEach(userId => {
sails.sockets.broadcast(
`user:${userId}`,
'userUpdate',
{
item: user
},
inputs.request
const projectIds = await sails.helpers.getMembershipProjectIdsForUser(
user.id
);
});
const userIdsForProject = await sails.helpers.getMembershipUserIdsForProject(
projectIds
);
const userIds = _.union([user.id], adminUserIds, userIdsForProject);
userIds.forEach(userId => {
sails.sockets.broadcast(
`user:${userId}`,
'userUpdate',
{
item: user
},
inputs.request
);
});
}
}
return exits.success(user);

36
server/api/responses/forbidden.js Normal file
View file

@ -0,0 +1,36 @@
/**
* forbidden.js
*
* A custom response.
*
* Example usage:
* ```
* return res.forbidden();
* // -or-
* return res.forbidden(optionalData);
* ```
*
* Or with actions2:
* ```
* exits: {
* somethingHappened: {
* responseType: 'forbidden'
* }
* }
* ```
*
* ```
* throw 'somethingHappened';
* // -or-
* throw { somethingHappened: optionalData }
* ```
*/
module.exports = function forbidden(message) {
const { res } = this;
return res.status(403).json({
code: 'E_FORBIDDEN',
message
});
};

2
server/config/routes.js
View file

@ -15,6 +15,8 @@ module.exports.routes = {
'POST /api/users': 'users/create',
'GET /api/users/me': 'users/show',
'PATCH /api/users/:id': 'users/update',
'PATCH /api/users/:id/email': 'users/update-email',
'PATCH /api/users/:id/password': 'users/update-password',
'POST /api/users/:id/upload-avatar': 'users/upload-avatar',
'DELETE /api/users/:id': 'users/delete',