@saltcorn/server 0.7.0-beta.2 → 0.7.0-beta.5

package/auth/routes.js

@@ -41,6 +41,8 @@ const {
   code,
   pre,
   p,
+  script,
+  domReady,
 } = require("@saltcorn/markup/tags");
 const {
   available_languages,
@@ -416,6 +418,7 @@ router.get(
       const form = loginForm(req, true);
       form.action = "/auth/create_first_user";
       form.submitLabel = req.__("Create user");
+      form.class = "create-first-user";
       form.blurb = req.__(
         "Please create your first user account, which will have administrative privileges. You can add other users and give them administrative privileges later."
       );
@@ -424,7 +427,17 @@ router.get(
         [i({ class: "fas fa-upload me-2 mt-2" }), req.__("Restore a backup")],
         `/auth/create_from_restore`
       );
-      res.sendAuthWrap(req.__(`Create first user`), form, {}, restore);
+      res.sendAuthWrap(
+        req.__(`Create first user`),
+        form,
+        {},
+        restore +
+          script(
+            domReady(
+              `$('form.create-first-user button[type=submit]').click(function(){press_store_button(this)})`
+            )
+          )
+      );
     } else {
       req.flash("danger", req.__("Users already present"));
       res.redirect("/auth/login");
@@ -1194,14 +1207,12 @@ const userSettings = async ({ req, res, pwform, user }) => {
                 ),
                 div(
                   user._attributes.totp_enabled
-                    ? post_btn(
-                        "/auth/twofa/disable/totp",
-                        "Disable",
-                        req.csrfToken(),
+                    ? a(
                         {
-                          btnClass: "btn-danger mt-2",
-                          req,
-                        }
+                          href: "/auth/twofa/disable/totp",
+                          class: "btn btn-danger mt-2",
+                        },
+                        "Disable"
                       )
                     : a(
                         {
@@ -1552,6 +1563,7 @@ router.post(
     if (!user._attributes.totp_key) {
       //key not set
       req.flash("danger", req.__("2FA TOTP Key not set"));
+      console.log("2FA TOTP Key not set");
       res.redirect("/auth/twofa/setup/totp");
       return;
     }
@@ -1560,6 +1572,8 @@ router.post(
     form.validate(req.body);
     if (form.hasErrors) {
       req.flash("danger", req.__("Error processing form"));
+      console.log("Error processing form");
+
       res.redirect("/auth/twofa/setup/totp");
       return;
     }
@@ -1569,6 +1583,7 @@ router.post(
     });
     if (!rv) {
       req.flash("danger", req.__("Could not verify code"));
+      console.log("Could not verify code");
       res.redirect("/auth/twofa/setup/totp");
       return;
     }
@@ -1585,11 +1600,42 @@ router.post(
   })
 );
 
+router.get(
+  "/twofa/disable/totp",
+  loggedIn,
+  error_catcher(async (req, res) => {
+    res.sendWrap(req.__("Disable two-factor authentication"), {
+      type: "card",
+      title: req.__("Disable two-factor authentication"),
+      contents: [
+        h4(req.__("Enter your two-factor code in order to disable it")),
+        renderForm(totpForm(req, "/auth/twofa/disable/totp"), req.csrfToken()),
+      ],
+    });
+  })
+);
+
 router.post(
   "/twofa/disable/totp",
   loggedIn,
   error_catcher(async (req, res) => {
     const user = await User.findOne({ id: req.user.id });
+    const form = totpForm(req, "/auth/twofa/disable/totp");
+    form.validate(req.body);
+    if (form.hasErrors) {
+      req.flash("danger", req.__("Error processing form"));
+      res.redirect("/auth/twofa/disable/totp");
+      return;
+    }
+    const code = `${form.values.totpCode}`;
+    const rv = totp.verify(code, user._attributes.totp_key, {
+      time: 30,
+    });
+    if (!rv) {
+      req.flash("danger", req.__("Could not verify code"));
+      res.redirect("/auth/twofa/disable/totp");
+      return;
+    }
     user._attributes.totp_enabled = false;
     delete user._attributes.totp_key;
     await user.update({ _attributes: user._attributes });
@@ -1602,9 +1648,9 @@ router.post(
     res.redirect("/auth/settings");
   })
 );
-const totpForm = (req) =>
+const totpForm = (req, action) =>
   new Form({
-    action: "/auth/twofa/setup/totp",
+    action: action || "/auth/twofa/setup/totp",
     fields: [
       {
         name: "totpCode",

package/locales/en.json

@@ -870,5 +870,13 @@
 	"Steps to go back": "Steps to go back",
 	"Place in dropdown": "Place in dropdown",
 	"Hide null columns": "Hide null columns",
-	"Do not display a column if it contains entirely missing values": "Do not display a column if it contains entirely missing values"
+	"Do not display a column if it contains entirely missing values": "Do not display a column if it contains entirely missing values",
+	"Show a warning to users creating a tenant disclaiming warrenty of availability or security": "Show a warning to users creating a tenant disclaiming warrenty of availability or security",
+	"Set to 0 for expration at the end of browser session": "Set to 0 for expration at the end of browser session",
+	"Could not verify code": "Could not verify code",
+	"Disable two-factor authentication": "Disable two-factor authentication",
+	"Enter your two-factor code in order to disable it": "Enter your two-factor code in order to disable it",
+	"Allow the user to enter a new key that is not in the schema": "Allow the user to enter a new key that is not in the schema",
+	"Check for updates": "Check for updates",
+	"Versions refreshed": "Versions refreshed"
 }

package/locales/it.json

@@ -475,5 +475,7 @@
 	"Events": "Events",
 	"Verified": "Verified",
 	"SSL": "SSL",
-	"Generate": "Generate"
+	"Generate": "Generate",
+	"Two-factor authentication": "Two-factor authentication",
+	"Two-factor authentication is disabled": "Two-factor authentication is disabled"
 }

package/markup/admin.js

@@ -46,14 +46,21 @@ const restore_backup = (csrf, inner, action = `/admin/restore`) =>
       encType: "multipart/form-data",
     },
     input({ type: "hidden", name: "_csrf", value: csrf }),
-    label({ class: "btn-link", for: "upload_to_restore" }, inner),
+    label(
+      {
+        class: "btn-link",
+        for: "upload_to_restore",
+        style: { cursor: "pointer" },
+      },
+      inner
+    ),
     input({
       id: "upload_to_restore",
       class: "d-none",
       name: "file",
       type: "file",
       accept: "application/zip,.zip",
-      onchange: "this.form.submit();",
+      onchange: "notifyAlert('Restoring backup...', true);this.form.submit();",
     })
   );
 

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.7.0-beta.2",
+  "version": "0.7.0-beta.5",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.7.0-beta.2",
-    "@saltcorn/builder": "0.7.0-beta.2",
-    "@saltcorn/data": "0.7.0-beta.2",
-    "@saltcorn/admin-models": "0.7.0-beta.2",
-    "@saltcorn/markup": "0.7.0-beta.2",
-    "@saltcorn/sbadmin2": "0.7.0-beta.2",
+    "@saltcorn/base-plugin": "0.7.0-beta.5",
+    "@saltcorn/builder": "0.7.0-beta.5",
+    "@saltcorn/data": "0.7.0-beta.5",
+    "@saltcorn/admin-models": "0.7.0-beta.5",
+    "@saltcorn/markup": "0.7.0-beta.5",
+    "@saltcorn/sbadmin2": "0.7.0-beta.5",
     "@socket.io/cluster-adapter": "^0.1.0",
     "@socket.io/sticky": "^1.0.1",
     "aws-sdk": "^2.1037.0",

package/public/gridedit.js

@@ -8,6 +8,10 @@ function lookupIntToString(cell, formatterParams, onRendered) {
   const res = formatterParams.values[val];
   return res;
 }
+function deleteIcon() {
+  //plain text value
+  return '<i class="far fa-trash-alt"></i>';
+}
 
 function flatpickerEditor(cell, onRendered, success, cancel, editorParams) {
   var input = $("<input type='text'/>");

package/public/saltcorn.css

@@ -223,4 +223,8 @@ footer.bs-mobile-nav-footer {
 
 .form-group {
   margin-bottom: 1rem;
-}
+}
+
+.table-responsive {
+  overflow: visible;
+}

package/public/saltcorn.js

@@ -423,7 +423,7 @@ function tristateClick(nm) {
   }
 }
 
-function notifyAlert(note) {
+function notifyAlert(note, spin) {
   if (Array.isArray(note)) {
     note.forEach(notifyAlert);
     return;
@@ -438,10 +438,16 @@ function notifyAlert(note) {
   }
 
   $("#alerts-area")
-    .append(`<div class="alert alert-${type} alert-dismissible fade show" role="alert">
+    .append(`<div class="alert alert-${type} alert-dismissible fade show ${
+    spin ? "d-flex align-items-center" : ""
+  }" role="alert">
   ${txt}
-  <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
-  </button>
+  ${
+    spin
+      ? `<div class="spinner-border ms-auto" role="status" aria-hidden="true"></div>`
+      : `<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
+  </button>`
+  }
 </div>`);
 }
 

package/routes/admin.js

@@ -71,6 +71,7 @@ const {
 } = require("../markup/admin");
 const moment = require("moment");
 const View = require("@saltcorn/data/models/view");
+const { getConfigFile } = require("@saltcorn/data/db/connect");
 
 /**
  * @type {object}
@@ -99,7 +100,7 @@ const site_id_form = (req) =>
       "page_custom_html",
       "development_mode",
       "log_sql",
-      "multitenancy_enabled",
+      ...(getConfigFile() ? ["multitenancy_enabled"] : []),
     ],
     action: "/admin",
     submitLabel: req.__("Save"),
@@ -398,6 +399,15 @@ router.get(
                           ? span(
                               { class: "badge bg-primary ms-2" },
                               req.__("Latest")
+                            ) +
+                            post_btn(
+                              "/admin/check-for-upgrade",
+                              req.__("Check for updates"),
+                              req.csrfToken(),
+                              {
+                                btnClass: "btn-primary btn-sm px-1 py-0",
+                                formClass: "d-inline",
+                              }
                             )
                           : "")
                     )
@@ -498,7 +508,15 @@ router.post(
     }
   })
 );
-
+router.post(
+  "/check-for-upgrade",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    await getState().deleteConfig("latest_npm_version");
+    req.flash("success", req.__(`Versions refreshed`));
+    res.redirect(`/admin/system`);
+  })
+);
 /**
  * @name post/backup
  * @function

package/routes/api.js

@@ -111,6 +111,51 @@ function accessAllowed(req, user, trigger) {
   return role <= trigger.min_role;
 }
 
+router.get(
+  "/:tableName/distinct/:fieldName",
+  //passport.authenticate("api-bearer", { session: false }),
+  error_catcher(async (req, res, next) => {
+    let { tableName, fieldName } = req.params;
+    const table = await Table.findOne(
+      strictParseInt(tableName)
+        ? { id: strictParseInt(tableName) }
+        : { name: tableName }
+    );
+    if (!table) {
+      res.status(404).json({ error: req.__("Not found") });
+      return;
+    }
+
+    await passport.authenticate(
+      "api-bearer",
+      { session: false },
+      async function (err, user, info) {
+        if (accessAllowedRead(req, user, table)) {
+          const field = (await table.getFields()).find(
+            (f) => f.name === fieldName
+          );
+          if (!field) {
+            res.status(404).json({ error: req.__("Not found") });
+            return;
+          }
+          let dvs;
+          if (
+            field.is_fkey ||
+            (field.type.name === "String" && field.attributes?.options)
+          ) {
+            dvs = await field.distinct_values();
+          } else {
+            dvs = await table.distinctValues(fieldName);
+          }
+          res.json({ success: dvs });
+        } else {
+          res.status(401).json({ error: req.__("Not authorized") });
+        }
+      }
+    )(req, res, next);
+  })
+);
+
 /**
  * Select Table rows using GET
  * @name get/:tableName/

package/routes/fields.js

@@ -631,14 +631,19 @@ router.post(
     if (fieldName.includes(".")) {
       //join field
       const kpath = fieldName.split(".");
-
       if (kpath.length === 2 && row[kpath[0]]) {
         const field = fields.find((f) => f.name === kpath[0]);
         const reftable = await Table.findOne({ name: field.reftable_name });
         const targetField = (await reftable.getFields()).find(
           (f) => f.name === kpath[1]
         );
-        const fv = targetField.type.fieldviews[fieldview];
+        //console.log({ kpath, fieldview, targetField });
+        let fv = targetField.type.fieldviews[fieldview];
+        if (!fv) {
+          fv =
+            targetField.type.fieldviews.show ||
+            targetField.type.fieldviews.as_text;
+        }
         const q = { [reftable.pk_name]: row[kpath[0]] };
         const refRow = await reftable.getRow(q);
         const configuration = req.query;
@@ -648,6 +653,25 @@ router.post(
         readState(configuration, configFields);
         res.send(fv.run(refRow[kpath[1]], req, configuration));
         return;
+      } else if (row[kpath[0]]) {
+        let oldTable = table;
+        let oldRow = row;
+        for (const ref of kpath) {
+          const ofields = await oldTable.getFields();
+          const field = ofields.find((f) => f.name === ref);
+          if (field.is_fkey) {
+            const reftable = await Table.findOne({ name: field.reftable_name });
+            if (!oldRow[ref]) break;
+            const q = { [reftable.pk_name]: oldRow[ref] };
+            oldRow = await reftable.getRow(q);
+            oldTable = reftable;
+          }
+        }
+        if (oldRow) {
+          const value = oldRow[kpath[kpath.length - 1]];
+          res.send(value);
+          return;
+        }
       }
       res.send("");
       return;

package/routes/list.js

@@ -259,8 +259,8 @@ router.get(
       });
     }
     jsfields.push({
-      formatter: "buttonCross",
-      title: i({ class: "far fa-trash-alt" }),
+      formatter: "__deleteIcon",
+      title: "",
       width: 40,
       hozAlign: "center",
       headerSort: false,

package/routes/plugins.js

@@ -450,6 +450,7 @@ const store_actions_dropdown = (req) =>
           {
             class: "dropdown-item",
             href: `/plugins/upgrade`,
+            onClick: `notifyAlert('Upgrading plugins...', true)`,
           },
           '<i class="far fa-arrow-alt-circle-up"></i>&nbsp;' +
             req.__("Upgrade installed plugins")

package/tests/fields.test.js

@@ -100,8 +100,8 @@ describe("Field Endpoints", () => {
     await request(app)
       .post("/field/")
       .send("stepName=Basic properties")
-      .send("name=Publisher")
-      .send("label=Publisher")
+      .send("name=Editor")
+      .send("label=Editor")
       .send("type=String")
       .send("contextEnc=" + ctx)
       .set("Cookie", loginCookie)

package/tests/table.test.js

@@ -33,9 +33,9 @@ describe("Table Endpoints", () => {
       .post("/table/")
       .send("name=mypostedtable")
       .set("Cookie", loginCookie)
-      .expect(toRedirect("/table/6"));
+      .expect(toRedirect("/table/7"));
     await request(app)
-      .get("/table/6")
+      .get("/table/7")
       .set("Cookie", loginCookie)
       .expect(toInclude("mypostedtable"));
     await request(app)
@@ -149,7 +149,7 @@ Pencil, 0.5,2, t`;
       .set("Cookie", loginCookie)
       .field("name", "expenses")
       .attach("file", Buffer.from(csv, "utf-8"))
-      .expect(toRedirect("/table/7"));
+      .expect(toRedirect("/table/8"));
   });
   it("should upload csv to existing table", async () => {
     const csv = `author,Pages