mirrors/nocobase
1
0
Fork 0
mirror of https://github.com/nocobase/nocobase synced 2024-11-15 10:06:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(auth): issue where users can't change password when signing in with a non-password authenticator (#5609)

Browse Source 
* fix(auth): issue where users can't change pwd when signing in with a non-password authenticator

* chore: remove logic in basic auth
This commit is contained in:
YANG QIA 2024-11-07 14:48:41 +08:00 committed by GitHub
parent 7ff194e6ec
commit c4653cb784
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 202 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
packages/plugins/@nocobase/plugin-auth/src/server/actions/auth.ts
View File

@ -9,22 +9,52 @@
/* istanbul ignore file -- @preserve */ /* istanbul ignore file -- @preserve */
import { Context, Next } from '@nocobase/actions'; import { Context, Next } from '@nocobase/actions';
import { PasswordField } from '@nocobase/database';
import { namespace } from '../../preset';
export default { export default {
lostPassword: async (ctx: Context, next: Next) => { // lostPassword: async (ctx: Context, next: Next) => {
ctx.body = await ctx.auth.lostPassword(); // ctx.body = await ctx.auth.lostPassword();
await next(); // await next();
}, // },
resetPassword: async (ctx: Context, next: Next) => { // resetPassword: async (ctx: Context, next: Next) => {
ctx.body = await ctx.auth.resetPassword(); // ctx.body = await ctx.auth.resetPassword();
await next(); // await next();
}, // },
getUserByResetToken: async (ctx: Context, next: Next) => { // getUserByResetToken: async (ctx: Context, next: Next) => {
ctx.body = await ctx.auth.getUserByResetToken(); // ctx.body = await ctx.auth.getUserByResetToken();
await next(); // await next();
}, // },
changePassword: async (ctx: Context, next: Next) => { changePassword: async (ctx: Context, next: Next) => {
ctx.body = await ctx.auth.changePassword(); const {
values: { oldPassword, newPassword, confirmPassword },
} = ctx.action.params;
if (newPassword !== confirmPassword) {
ctx.throw(400, ctx.t('The password is inconsistent, please re-enter', { ns: namespace }));
}
const currentUser = ctx.auth.user;
if (!currentUser) {
ctx.throw(401);
}
let key: string;
if (currentUser.username) {
key = 'username';
} else {
key = 'email';
}
const user = await ctx.db.getRepository('users').findOne({
where: {
[key]: currentUser[key],
},
});
const pwd = ctx.db.getCollection('users').getField<PasswordField>('password');
const isValid = await pwd.verify(oldPassword, user.password);
if (!isValid) {
ctx.throw(401, ctx.t('The password is incorrect, please re-enter', { ns: namespace }));
}
user.password = newPassword;
await user.save();
ctx.body = currentUser;
await next(); await next();
}, },
}; };

33
packages/plugins/@nocobase/plugin-auth/src/server/basic-auth.ts
View File

@ -130,37 +130,4 @@ export class BasicAuth extends BaseAuth {
} }
return user; return user;
} }
async changePassword() {
const ctx = this.ctx;
const {
values: { oldPassword, newPassword, confirmPassword },
} = ctx.action.params;
if (newPassword !== confirmPassword) {
ctx.throw(400, ctx.t('The password is inconsistent, please re-enter', { ns: namespace }));
}
const currentUser = ctx.auth.user;
if (!currentUser) {
ctx.throw(401);
}
let key: string;
if (currentUser.username) {
key = 'username';
} else {
key = 'email';
}
const user = await this.userRepository.findOne({
where: {
[key]: currentUser[key],
},
});
const pwd = this.userCollection.getField<PasswordField>('password');
const isValid = await pwd.verify(oldPassword, user.password);
if (!isValid) {
ctx.throw(401, ctx.t('The password is incorrect, please re-enter', { ns: namespace }));
}
user.password = newPassword;
await user.save();
return currentUser;
}
} }

318
packages/plugins/@nocobase/plugin-auth/src/swagger/index.ts
View File

@ -168,165 +168,165 @@ export default {
}, },
}, },
}, },
'/auth:lostPassword': { // '/auth:lostPassword': {
post: { // post: {
description: 'Lost password', // description: 'Lost password',
tags: ['Basic auth'], // tags: ['Basic auth'],
security: [], // security: [],
requestBody: { // requestBody: {
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
type: 'object', // type: 'object',
properties: { // properties: {
email: { // email: {
type: 'string', // type: 'string',
description: '邮箱', // description: '邮箱',
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
responses: { // responses: {
200: { // 200: {
description: 'successful operation', // description: 'successful operation',
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
allOf: [ // allOf: [
{ // {
$ref: '#/components/schemas/user', // $ref: '#/components/schemas/user',
}, // },
{ // {
type: 'object', // type: 'object',
properties: { // properties: {
resetToken: { // resetToken: {
type: 'string', // type: 'string',
description: '重置密码的token', // description: '重置密码的token',
}, // },
}, // },
}, // },
], // ],
}, // },
}, // },
}, // },
}, // },
400: { // 400: {
description: 'Please fill in your email address', // description: 'Please fill in your email address',
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
$ref: '#/components/schemas/error', // $ref: '#/components/schemas/error',
}, // },
}, // },
}, // },
}, // },
401: { // 401: {
description: 'The email is incorrect, please re-enter', // description: 'The email is incorrect, please re-enter',
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
$ref: '#/components/schemas/error', // $ref: '#/components/schemas/error',
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
'/auth:resetPassword': { // '/auth:resetPassword': {
post: { // post: {
description: 'Reset password', // description: 'Reset password',
tags: ['Basic auth'], // tags: ['Basic auth'],
security: [], // security: [],
requestBody: { // requestBody: {
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
type: 'object', // type: 'object',
properties: { // properties: {
email: { // email: {
type: 'string', // type: 'string',
description: '邮箱', // description: '邮箱',
}, // },
password: { // password: {
type: 'string', // type: 'string',
description: '密码', // description: '密码',
}, // },
resetToken: { // resetToken: {
type: 'string', // type: 'string',
description: '重置密码的token', // description: '重置密码的token',
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
responses: { // responses: {
200: { // 200: {
description: 'successful operation', // description: 'successful operation',
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
$ref: '#/components/schemas/user', // $ref: '#/components/schemas/user',
}, // },
}, // },
}, // },
}, // },
404: { // 404: {
description: 'User not found', // description: 'User not found',
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
$ref: '#/components/schemas/error', // $ref: '#/components/schemas/error',
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
'/auth:getUserByResetToken': { // '/auth:getUserByResetToken': {
get: { // get: {
description: 'Get user by reset token', // description: 'Get user by reset token',
tags: ['Basic auth'], // tags: ['Basic auth'],
security: [], // security: [],
parameters: [ // parameters: [
{ // {
name: 'token', // name: 'token',
in: 'query', // in: 'query',
description: '重置密码的token', // description: '重置密码的token',
required: true, // required: true,
schema: { // schema: {
type: 'string', // type: 'string',
}, // },
}, // },
], // ],
responses: { // responses: {
200: { // 200: {
description: 'ok', // description: 'ok',
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
$ref: '#/components/schemas/user', // $ref: '#/components/schemas/user',
}, // },
}, // },
}, // },
}, // },
401: { // 401: {
description: 'Unauthorized', // description: 'Unauthorized',
content: { // content: {
'application/json': { // 'application/json': {
schema: { // schema: {
$ref: '#/components/schemas/error', // $ref: '#/components/schemas/error',
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
}, // },
'/auth:changePassword': { '/auth:changePassword': {
post: { post: {
description: 'Change password', description: 'Change password',