@saltcorn/server 0.7.3-beta.1 → 0.7.3-beta.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/app.js +5 -1
- package/auth/routes.js +37 -10
- package/locales/en.json +922 -916
- package/markup/admin.js +5 -1
- package/package.json +8 -8
- package/public/gridedit.js +6 -0
- package/public/jquery-menu-editor.min.js +5 -2
- package/public/saltcorn-common.js +78 -2
- package/public/saltcorn.css +5 -0
- package/public/saltcorn.js +19 -38
- package/routes/admin.js +386 -2
- package/routes/fields.js +3 -0
- package/routes/files.js +5 -3
- package/routes/homepage.js +7 -7
- package/routes/menu.js +13 -1
- package/routes/pageedit.js +1 -0
- package/routes/plugins.js +1 -0
- package/routes/tables.js +7 -6
- package/routes/viewedit.js +5 -0
- package/serve.js +1 -1
- package/tests/tenant.test.js +6 -0
package/app.js
CHANGED
|
@@ -227,7 +227,11 @@ const getApp = async (opts = {}) => {
|
|
|
227
227
|
passport.use(
|
|
228
228
|
new JwtStrategy(jwtOpts, (jwt_payload, done) => {
|
|
229
229
|
User.findOne({ email: jwt_payload.sub }).then((u) => {
|
|
230
|
-
if (
|
|
230
|
+
if (
|
|
231
|
+
u &&
|
|
232
|
+
u.last_mobile_login &&
|
|
233
|
+
u.last_mobile_login <= jwt_payload.iat
|
|
234
|
+
) {
|
|
231
235
|
return done(null, {
|
|
232
236
|
email: u.email,
|
|
233
237
|
id: u.id,
|
package/auth/routes.js
CHANGED
|
@@ -203,6 +203,7 @@ const loginWithJwt = async (req, res) => {
|
|
|
203
203
|
const { email, password } = req.query;
|
|
204
204
|
const user = await User.findOne({ email });
|
|
205
205
|
if (user && user.checkPassword(password)) {
|
|
206
|
+
const now = new Date().valueOf();
|
|
206
207
|
const jwt_secret = db.connectObj.jwt_secret;
|
|
207
208
|
const token = jwt.sign(
|
|
208
209
|
{
|
|
@@ -210,9 +211,11 @@ const loginWithJwt = async (req, res) => {
|
|
|
210
211
|
role_id: user.role_id,
|
|
211
212
|
iss: "saltcorn@saltcorn",
|
|
212
213
|
aud: "saltcorn-mobile-app",
|
|
214
|
+
iat: now,
|
|
213
215
|
},
|
|
214
216
|
jwt_secret
|
|
215
217
|
);
|
|
218
|
+
if (!user.last_mobile_login) user.updateLastMobileLogin(now);
|
|
216
219
|
res.json(token);
|
|
217
220
|
}
|
|
218
221
|
};
|
|
@@ -249,18 +252,24 @@ router.get(
|
|
|
249
252
|
* @function
|
|
250
253
|
* @memberof module:auth/routes~routesRouter
|
|
251
254
|
*/
|
|
252
|
-
router.get("/logout", (req, res, next) => {
|
|
253
|
-
req.
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
255
|
+
router.get("/logout", async (req, res, next) => {
|
|
256
|
+
if (req.smr && req.user?.id) {
|
|
257
|
+
const user = await User.findOne({ id: req.user.id });
|
|
258
|
+
await user.updateLastMobileLogin(null);
|
|
259
|
+
res.json({ success: true });
|
|
260
|
+
} else if (req.logout) {
|
|
261
|
+
req.logout();
|
|
262
|
+
if (req.session.destroy)
|
|
263
|
+
req.session.destroy((err) => {
|
|
264
|
+
if (err) return next(err);
|
|
265
|
+
req.logout();
|
|
266
|
+
res.redirect("/auth/login");
|
|
267
|
+
});
|
|
268
|
+
else {
|
|
257
269
|
req.logout();
|
|
270
|
+
req.session = null;
|
|
258
271
|
res.redirect("/auth/login");
|
|
259
|
-
}
|
|
260
|
-
else {
|
|
261
|
-
req.logout();
|
|
262
|
-
req.session = null;
|
|
263
|
-
res.redirect("/auth/login");
|
|
272
|
+
}
|
|
264
273
|
}
|
|
265
274
|
});
|
|
266
275
|
|
|
@@ -978,6 +987,11 @@ router.post(
|
|
|
978
987
|
}
|
|
979
988
|
Trigger.emitEvent("Login", null, req.user);
|
|
980
989
|
req.flash("success", req.__("Welcome, %s!", req.user.email));
|
|
990
|
+
if (req.smr) {
|
|
991
|
+
const dbUser = await User.findOne({ id: req.user.id });
|
|
992
|
+
if (!dbUser.last_mobile_login)
|
|
993
|
+
await dbUser.updateLastMobileLogin(new Date());
|
|
994
|
+
}
|
|
981
995
|
if (getState().get2FApolicy(req.user) === "Mandatory") {
|
|
982
996
|
res.redirect("/auth/twofa/setup/totp");
|
|
983
997
|
} else res.redirect("/");
|
|
@@ -1010,6 +1024,17 @@ router.get(
|
|
|
1010
1024
|
})
|
|
1011
1025
|
);
|
|
1012
1026
|
|
|
1027
|
+
/*
|
|
1028
|
+
returns if 'req.user' is an authenticated user
|
|
1029
|
+
*/
|
|
1030
|
+
router.get(
|
|
1031
|
+
"/authenticated",
|
|
1032
|
+
error_catcher((req, res, next) => {
|
|
1033
|
+
const isAuth = req.user && req.user.id ? true : false;
|
|
1034
|
+
res.json({ authenticated: isAuth });
|
|
1035
|
+
})
|
|
1036
|
+
);
|
|
1037
|
+
|
|
1013
1038
|
/**
|
|
1014
1039
|
* @name post/login-with/:method
|
|
1015
1040
|
* @function
|
|
@@ -1195,6 +1220,7 @@ const userSettings = async ({ req, res, pwform, user }) => {
|
|
|
1195
1220
|
? [
|
|
1196
1221
|
{
|
|
1197
1222
|
type: "card",
|
|
1223
|
+
class: "mt-0",
|
|
1198
1224
|
title: userSetsName,
|
|
1199
1225
|
contents: usersets,
|
|
1200
1226
|
},
|
|
@@ -1203,6 +1229,7 @@ const userSettings = async ({ req, res, pwform, user }) => {
|
|
|
1203
1229
|
{
|
|
1204
1230
|
type: "card",
|
|
1205
1231
|
title: req.__("User"),
|
|
1232
|
+
class: !usersets && "mt-0",
|
|
1206
1233
|
contents: table(
|
|
1207
1234
|
tbody(
|
|
1208
1235
|
tr(
|