@saltcorn/server 0.8.3-beta.0 → 0.8.3-beta.2

package/app.js

@@ -42,6 +42,8 @@ const TotpStrategy = require("passport-totp").Strategy;
 const JwtStrategy = require("passport-jwt").Strategy;
 const ExtractJwt = require("passport-jwt").ExtractJwt;
 const cors = require("cors");
+const api = require("./routes/api");
+const scapi = require("./routes/scapi");
 
 const locales = Object.keys(available_languages);
 // i18n configuration
@@ -294,6 +296,9 @@ const getApp = async (opts = {}) => {
 
   app.use(wrapper(version_tag));
 
+  app.use("/api", api);
+  app.use("/scapi", scapi);
+
   const csurf = csrf();
   if (!opts.disableCsrf)
     app.use(function (req, res, next) {

package/auth/admin.js

@@ -200,6 +200,12 @@ const user_dropdown = (user, req, can_reset) =>
         '<i class="fas fa-pause"></i>&nbsp;' + req.__("Disable"),
         req
       ),
+    !user.disabled &&
+      post_dropdown_item(
+        `/useradmin/force-logout/${user.id}`,
+        '<i class="fas fa-sign-out-alt"></i>&nbsp;' + req.__("Force logout"),
+        req
+      ),
     div({ class: "dropdown-divider" }),
     post_dropdown_item(
       `/useradmin/delete/${user.id}`,
@@ -335,7 +341,7 @@ const http_settings_form = async (req) =>
       "timeout",
       "cookie_duration",
       "cookie_duration_remember",
-      "cookie_sessions",
+      //"cookie_sessions",
       "public_cache_maxage",
       "custom_http_headers",
     ],
@@ -972,7 +978,8 @@ router.post(
 
         req.flash("success", req.__(`User %s created`, email) + pwflash);
 
-        if (rnd_password && send_pwreset_email) await send_reset_email(u, req);
+        if (rnd_password && send_pwreset_email)
+          await send_reset_email(u, req, { creating: true });
       }
     }
     res.redirect(`/useradmin`);
@@ -991,7 +998,7 @@ router.post(
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const u = await User.findOne({ id });
-    await send_reset_email(u, req);
+    await send_reset_email(u, req, { from_admin: true });
     req.flash("success", req.__(`Reset password link sent to %s`, u.email));
 
     res.redirect(`/useradmin`);
@@ -1136,6 +1143,23 @@ router.post(
   })
 );
 
+/**
+ * @name post/force-logout/:id
+ * @function
+ * @memberof module:auth/admin~auth/adminRouter
+ */
+router.post(
+  "/force-logout/:id",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const { id } = req.params;
+    const u = await User.findOne({ id });
+    await u.destroy_sessions();
+    req.flash("success", req.__(`Logged out user %s`, u.email));
+    res.redirect(`/useradmin`);
+  })
+);
+
 /**
  * @name post/enable/:id
  * @function

package/auth/resetpw.js

@@ -13,49 +13,88 @@ const { get_base_url } = require("../routes/utils");
  * @param {object} req
  * @returns {void}
  */
-const generate_email = (link, user, req) => ({
-  from: getState().getConfig("email_from"),
-  to: user.email,
-  subject: req.__("Reset password instructions"),
-  text: `${req.__("Hi %s", user.email)},
+const generate_email = (link, user, req, options) => {
+  const subject = options?.creating
+    ? req.__(`Welcome to %s`, getState().getConfig("site_name", "Saltcorn"))
+    : req.__("Reset password instructions");
+  const initial = options?.creating
+    ? req.__(
+        "We have created an account for you on %s. You can set your new password through this link: ",
+        getState().getConfig("site_name", "Saltcorn")
+      )
+    : options?.from_admin
+    ? req.__(
+        "We request that you change your password on %s. You can set your new password through this link: ",
+        getState().getConfig("site_name", "Saltcorn")
+      )
+    : req.__(
+        "You have requested a link to change your password. You can do this through this link:"
+      );
+  const base_url = getState().getConfig("base_url", "");
+  const final =
+    options?.creating && base_url
+      ? req.__(
+          "Use this link to access the application once you have set your password: %s",
+          `<a href="${base_url}">${base_url}</a>`
+        )
+      : "";
+  const finalTxt =
+    options?.creating && base_url
+      ? req.__(
+          "Use this link to access the application once you have set your password: %s",
+          base_url
+        )
+      : "";
+  return {
+    from: getState().getConfig("email_from"),
+    to: user.email,
+    subject,
+    text: `${req.__("Hi %s", user.email)},
 
-${req.__(
-  "You have requested a link to change your password. You can do this through this link:"
-)}
+${initial}
 
 ${link}
 
-${req.__("If you did not request this, please ignore this email.")}
-
+${
+  !options?.creating && !options?.from_admin
+    ? req.__("If you did not request this, please ignore this email.") + "\n"
+    : ""
+}
 ${req.__(
   "Your password will not change until you access the link above and set a new one."
 )}
+
+${finalTxt}
 `,
-  html: `${req.__("Hi %s", user.email)},<br />
-    
-  ${req.__(
-    "You have requested a link to change your password. You can do this through this link:"
-  )}<br />
+    html: `${req.__("Hi %s", user.email)},<br /><br />    
+  ${initial}<br />
 <br />
 <a href="${link}">${req.__("Change my password")}</a><br />
 <br />
-${req.__("If you did not request this, please ignore this email.")}<br />
+${
+  !options?.creating && !options?.from_admin
+    ? req.__("If you did not request this, please ignore this email.") +
+      "<br />"
+    : ""
+}
 <br />
 ${req.__(
   "Your password will not change until you access the link above and set a new one."
 )}<br />
+${final ? `<br />${final}<br />` : ""}
 `,
-});
+  };
+};
 
 /**
  * @param {object} user
  * @param {object} req
  * @returns {Promise<void>}
  */
-const send_reset_email = async (user, req) => {
+const send_reset_email = async (user, req, options = {}) => {
   const link = await get_reset_link(user, req);
   const transporter = getMailTransport();
-  await transporter.sendMail(generate_email(link, user, req));
+  await transporter.sendMail(generate_email(link, user, req, options));
 };
 
 /**

package/auth/routes.js

@@ -112,6 +112,9 @@ const loginForm = (req, isCreating) => {
         label: req.__("Password"),
         name: "password",
         input_type: "password",
+        attributes: {
+          autocomplete: "current-password",
+        },
         validator: isCreating
           ? (pw) => User.unacceptable_password_reason(pw)
           : undefined,
@@ -1203,11 +1206,17 @@ const changPwForm = (req) =>
         label: req.__("Old password"),
         name: "password",
         input_type: "password",
+        attributes: {
+          autocomplete: "current-password",
+        },
       },
       {
         label: req.__("New password"),
         name: "new_password",
         input_type: "password",
+        attributes: {
+          autocomplete: "new-password",
+        },
         validator: (pw) => User.unacceptable_password_reason(pw),
       },
     ],
@@ -1353,14 +1362,14 @@ const userSettings = async ({ req, res, pwform, user }) => {
                           href: "/auth/twofa/disable/totp",
                           class: "btn btn-danger mt-2",
                         },
-                        req.__("Disable TWA")
+                        req.__("Disable 2FA")
                       )
                     : a(
                         {
                           href: "/auth/twofa/setup/totp",
                           class: "btn btn-primary mt-2",
                         },
-                        req.__("Enable TWA")
+                        req.__("Enable 2FA")
                       )
                 ),
               ],
@@ -1791,6 +1800,12 @@ const totpForm = (req, action) =>
         name: "totpCode",
         label: req.__("Code"),
         type: "Integer",
+        attributes: {
+          type: "text",
+          inputmode: "numeric",
+          pattern: "[0-9]*",
+          autocomplete: "one-time-code",
+        },
         required: true,
       },
     ],
@@ -1828,6 +1843,12 @@ router.get(
           name: "code",
           label: req.__("Code"),
           type: "Integer",
+          attributes: {
+            type: "text",
+            inputmode: "numeric",
+            pattern: "[0-9]*",
+            autocomplete: "one-time-code",
+          },
           required: true,
         },
       ],

package/auth/testhelp.js

@@ -163,6 +163,18 @@ const itShouldRedirectUnauthToLogin = (path, dest) => {
   });
 };
 
+const itShouldIncludeTextForAdmin = (path, text) => {
+  it(`should show admin ${text} on ${path}`, async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .get(path)
+      .set("Cookie", loginCookie)
+      .expect(200)
+      .expect(toInclude(text));
+  });
+};
+
 /**
  * @returns {Promise<void>}
  */
@@ -234,4 +246,5 @@ module.exports = {
   respondJsonWith,
   toSucceedWithImage,
   resToLoginCookie,
+  itShouldIncludeTextForAdmin,
 };

package/locales/da.json

@@ -566,7 +566,7 @@
 	"Generate": "Generate",
 	"Two-factor authentication": "Two-factor authentication",
 	"Two-factor authentication is disabled": "Two-factor authentication is disabled",
-	"Enable TWA": "Enable TWA",
+	"Enable 2FA": "Enable 2FA",
 	"Pattern": "Pattern",
 	"You have views with a role to access lower than the table role to read, with no table ownership. This may cause a denial of access. Users need to have table read access to any data displayed.": "You have views with a role to access lower than the table role to read, with no table ownership. This may cause a denial of access. Users need to have table read access to any data displayed.",
 	"Views potentially affected": "Views potentially affected",

package/locales/de.json

@@ -892,9 +892,9 @@
 	"Strings": "Strings",
 	"In default language": "In Standardsprache",
 	"In %s": "In %s",
-	"Enable TWA": "TWA aktivieren",
+	"Enable 2FA": "2FA aktivieren",
 	"Or enter this code:": "Oder gebe diesen Code ein:",
-	"Disable TWA": "TWA deaktivieren",
+	"Disable TWA": "2FA deaktivieren",
 	"Cascade delete to file": "Kaskadierendes Löschen der Datei",
 	"Deleting a row will also delete the file referenced by this field": "Löschen einer Zeile löscht auch die in diesem Feld referenzierte Datei",
 	"Has channels?": "Has channels?",

package/locales/en.json

@@ -892,9 +892,9 @@
 	"Strings": "Strings",
 	"In default language": "In default language",
 	"In %s": "In %s",
-	"Enable TWA": "Enable TWA",
+	"Enable 2FA": "Enable 2FA",
 	"Or enter this code:": "Or enter this code:",
-	"Disable TWA": "Disable TWA",
+	"Disable 2FA": "Disable 2FA",
 	"Cascade delete to file": "Cascade delete to file",
 	"Deleting a row will also delete the file referenced by this field": "Deleting a row will also delete the file referenced by this field",
 	"Has channels?": "Has channels?",
@@ -1093,5 +1093,16 @@
 	"Min role to access search page": "Min role to access search page",
 	"Update": "Update",
 	"Add": "Add",
-	"Recalculate dynamic": "Recalculate dynamic"
+	"Recalculate dynamic": "Recalculate dynamic",
+	"Force logout": "Force logout",
+	"Logged out user %s": "Logged out user %s",
+	"Reset password link sent to %s": "Reset password link sent to %s",
+	"We request that you change your password on %s. You can set your new password through this link: ": "We request that you change your password on %s. You can set your new password through this link: ",
+	"Welcome to %s": "Welcome to %s",
+	"We have created an account for you on %s. You can set your new password through this link: ": "We have created an account for you on %s. You can set your new password through this link: ",
+	"Use this link to access the application once you have set your password: %s": "Use this link to access the application once you have set your password: %s",
+	"Tag: %s": "Tag: %s",
+	"Tag entry": "Tag entry",
+	"Clear": "Clear",
+	"Restore a snapshot": "Restore a snapshot"
 }

package/locales/it.json

@@ -478,12 +478,30 @@
 	"Generate": "Generate",
 	"Two-factor authentication": "Two-factor authentication",
 	"Two-factor authentication is disabled": "Two-factor authentication is disabled",
-	"Enable TWA": "Enable TWA",
+	"Enable 2FA": "Enable 2FA",
 	"Modules": "Modules",
 	"Login and Signup": "Login and Signup",
 	"Table access": "Table access",
 	"HTTP": "HTTP",
 	"Rights": "Rights",
 	"Permissions": "Permissions",
-	"Become user": "Become user"
+	"Become user": "Become user",
+	"Force logout": "Force logout",
+	"Subdomain": "Subdomain",
+	"Creator email": "Creator email",
+	"Created": "Created",
+	"Information": "Information",
+	"Found %s tenants": "Found %s tenants",
+	"Create new tenant": "Create new tenant",
+	"Library": "Library",
+	"Languages": "Languages",
+	"Multitenancy": "Multitenancy",
+	"Tags": "Tags",
+	"Diagram": "Diagram",
+	"%s tenant statistics": "%s tenant statistics",
+	"First user E-mail": "First user E-mail",
+	"Table columns": "Table columns",
+	"Configuration items": "Configuration items",
+	"Crashlogs": "Crashlogs",
+	"Logged out user %s": "Logged out user %s"
 }

package/locales/ru.json

@@ -780,8 +780,8 @@
 	"Or enter this code:": "Или введите этот код:",
 	"Two-factor authentication with Time-based One-Time Password enabled": "Двухфакторная аутентификаиця с использованием Time-based One-Time Password",
 	"Two-factor authentication is enabled": "Двухфакторная аутентификация включена",
-	"Disable TWA": "Отключить TWA",
-	"Enable TWA": "Включить TWA",
+	"Disable 2FA": "Отключить TWA",
+	"Enable 2FA": "Включить TWA",
 	"Deleted all rows": "Удалены все строки",
 	"Use this link: <a href=\"%s\">%s</a> to revisit your application at any time.": "В дальнейшем используйте ссылку: <a href=\"%s\">%s</a> для входа в созданное приложение.",
 	"To login to a previously created application, go to: ": "Чтобы авторизоваться в ранее созданном приложении, перейдите по ссылке: ",

package/package.json

@@ -1,20 +1,21 @@
 {
   "name": "@saltcorn/server",
-  "version": "0.8.3-beta.0",
+  "version": "0.8.3-beta.2",
   "description": "Server app for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "@saltcorn/base-plugin": "0.8.3-beta.0",
-    "@saltcorn/builder": "0.8.3-beta.0",
-    "@saltcorn/data": "0.8.3-beta.0",
-    "@saltcorn/admin-models": "0.8.3-beta.0",
-    "@saltcorn/filemanager": "0.8.3-beta.0",
-    "@saltcorn/markup": "0.8.3-beta.0",
-    "@saltcorn/sbadmin2": "0.8.3-beta.0",
-    "@socket.io/cluster-adapter": "^0.1.0",
+    "@saltcorn/base-plugin": "0.8.3-beta.2",
+    "@saltcorn/builder": "0.8.3-beta.2",
+    "@saltcorn/data": "0.8.3-beta.2",
+    "@saltcorn/admin-models": "0.8.3-beta.2",
+    "@saltcorn/filemanager": "0.8.3-beta.2",
+    "@saltcorn/markup": "0.8.3-beta.2",
+    "@saltcorn/sbadmin2": "0.8.3-beta.2",
+    "@socket.io/cluster-adapter": "^0.2.1",
     "@socket.io/sticky": "^1.0.1",
+    "adm-zip": "0.5.10",
     "aws-sdk": "^2.1037.0",
     "connect-flash": "^0.1.1",
     "connect-pg-simple": "^6.1.0",
@@ -32,7 +33,7 @@
     "greenlock": "^4.0.4",
     "greenlock-express": "^4.0.3",
     "helmet": "^3.23.3",
-    "i18n": "^0.14.0",
+    "i18n": "^0.15.1",
     "jsonwebtoken": "^9.0.0",
     "live-plugin-manager": "^0.16.0",
     "moment": "^2.29.4",

package/public/saltcorn-common.js

@@ -198,9 +198,13 @@ function apply_showif() {
           const $def = e
             .closest(".form-namespace")
             .find("input[name=_columndef]");
-          const def = JSON.parse($def.val());
-          def[k] = v;
-          $def.val(JSON.stringify(def));
+          try {
+            const def = JSON.parse($def.val());
+            def[k] = v;
+            $def.val(JSON.stringify(def));
+          } catch (e) {
+            console.error("Invalid json", e);
+          }
         });
     };
 

package/routes/admin.js

@@ -69,6 +69,7 @@ const {
   restore,
   auto_backup_now,
 } = require("@saltcorn/admin-models/models/backup");
+const { install_pack } = require("@saltcorn/admin-models/models/pack");
 const Snapshot = require("@saltcorn/admin-models/models/snapshot");
 const {
   runConfigurationCheck,
@@ -98,6 +99,7 @@ const { getConfigFile } = require("@saltcorn/data/db/connect");
 const os = require("os");
 const Page = require("@saltcorn/data/models/page");
 const { getSafeSaltcornCmd } = require("@saltcorn/data/utils");
+const stream = require("stream");
 
 const router = new Router();
 module.exports = router;
@@ -426,6 +428,36 @@ router.get(
               a(
                 { href: "/admin/snapshot-list" },
                 req.__("List/download snapshots »")
+              ),
+              form(
+                {
+                  method: "post",
+                  action: "/admin/snapshot-restore-full",
+                  encType: "multipart/form-data",
+                },
+                input({
+                  type: "hidden",
+                  name: "_csrf",
+                  value: req.csrfToken(),
+                }),
+                label(
+                  {
+                    class: "btn-link",
+                    for: "upload_to_snapshot",
+                    style: { cursor: "pointer" },
+                  },
+                  i({ class: "fas fa-upload me-2 mt-2" }),
+                  req.__("Restore a snapshot")
+                ),
+                input({
+                  id: "upload_to_snapshot",
+                  class: "d-none",
+                  name: "file",
+                  type: "file",
+                  accept: ".json,application/json",
+                  onchange:
+                    "notifyAlert('Restoring snapshot...', true);this.form.submit();",
+                })
               )
             ),
           },
@@ -555,6 +587,15 @@ router.get(
   error_catcher(async (req, res) => {
     const { id } = req.params;
     const snap = await Snapshot.findOne({ id });
+    const readStream = new stream.PassThrough();
+    readStream.end(JSON.stringify(snap.pack));
+    res.type("application/json");
+    res.attachment(
+      `${getState().getConfig("site_name", db.getTenantSchema())}-snapshot-${
+        snap.id
+      }.json`
+    );
+    readStream.pipe(res);
     res.send(snap.pack);
   })
 );
@@ -606,6 +647,33 @@ router.post(
     res.redirect(/^[a-z]+$/g.test(type) ? `/${type}edit` : "/");
   })
 );
+
+/**
+ * @name post/restore
+ * @function
+ * @memberof module:routes/admin~routes/adminRouter
+ */
+router.post(
+  "/snapshot-restore-full",
+  setTenant, // TODO why is this needed?????
+  isAdmin,
+  error_catcher(async (req, res) => {
+    if (req.files?.file?.tempFilePath) {
+      try {
+        const pack = JSON.parse(fs.readFileSync(req.files?.file?.tempFilePath));
+        await install_pack(pack, undefined, (p) =>
+          load_plugins.loadAndSaveNewPlugin(p)
+        );
+        req.flash("success", req.__("Snapshot restored"));
+      } catch (e) {
+        console.error(e);
+        req.flash("error", e.message);
+      }
+    }
+    res.redirect(`/admin/backup`);
+  })
+);
+
 router.get(
   "/auto-backup-download/:filename",
   isAdmin,

package/routes/crashlog.js

@@ -102,7 +102,6 @@ router.get(
  */
 router.post(
   "/",
-  isAdmin,
   error_catcher(async (req, res) => {
     const err = {
       stack: req.body.stack,

package/routes/files.js

@@ -25,7 +25,9 @@ const {
 } = require("../markup/admin");
 const fs = require("fs");
 const path = require("path");
-
+const Zip = require("adm-zip");
+const stream = require("stream");
+const { extract } = require("@saltcorn/admin-models/models/backup");
 /**
  * @type {object}
  * @const
@@ -143,6 +145,36 @@ router.get(
   })
 );
 
+router.post(
+  "/download-zip",
+  isAdmin,
+
+  error_catcher(async (req, res) => {
+    const role = req.user && req.user.id ? req.user.role_id : 10;
+    const user_id = req.user && req.user.id;
+    const files = req.body.files;
+    const location = req.body.location;
+    const zip = new Zip();
+
+    for (const fileNm of files) {
+      const file = await File.findOne(path.join(location, fileNm));
+      if (
+        file &&
+        (role <= file.min_role_read || (user_id && user_id === file.user_id))
+      ) {
+        zip.addLocalFile(file.location);
+      }
+    }
+    const readStream = new stream.PassThrough();
+    readStream.end(zip.toBuffer());
+    res.type("application/zip");
+    res.attachment(
+      `${getState().getConfig("site_name", db.getTenantSchema())}-files.zip`
+    );
+    readStream.pipe(res);
+  })
+);
+
 /**
  * @name get/serve/:id
  * @function
@@ -299,6 +331,26 @@ router.post(
   })
 );
 
+/**
+ * @name post/unzip/:id
+ * @function
+ * @memberof module:routes/files~filesRouter
+ * @function
+ */
+router.post(
+  "/unzip/*",
+  isAdmin,
+  error_catcher(async (req, res) => {
+    const serve_path = req.params[0];
+    const filename = req.body.value;
+
+    const file = await File.findOne(serve_path);
+    const dir = path.dirname(file.location);
+    if (file) await extract(file.location, dir);
+    res.redirect(`/files?dir=${encodeURIComponent(file.current_folder)}`);
+  })
+);
+
 router.post(
   "/new-folder",
   isAdmin,

package/routes/index.js

@@ -58,7 +58,6 @@ const events = require("./events");
 const tenant = require("./tenant");
 const library = require("./library");
 const settings = require("./settings");
-const api = require("./api");
 const plugins = require("./plugins");
 const packs = require("./packs");
 const edit = require("./edit");
@@ -69,7 +68,6 @@ const del = require("./delete");
 const auth = require("../auth/routes");
 const useradmin = require("../auth/admin");
 const roleadmin = require("../auth/roleadmin");
-const scapi = require("./scapi");
 const tags = require("./tags");
 const tagentries = require("./tag_entries");
 const dataDiagram = require("./diagram");
@@ -102,13 +100,11 @@ module.exports =
     app.use("/search", search);
     app.use("/admin", admin);
     app.use("/tenant", tenant);
-    app.use("/api", api);
     app.use("/viewedit", viewedit);
     app.use("/delete", del);
     app.use("/auth", auth);
     app.use("/useradmin", useradmin);
     app.use("/roleadmin", roleadmin);
-    app.use("/scapi", scapi);
     app.use("/tag", tags);
     app.use("/tag-entries", tagentries);
     app.use("/diagram", dataDiagram);

package/routes/tables.js

@@ -430,7 +430,7 @@ router.get(
         label: `<b>${t.name}</b>\n${t.fields
           .map((f) => `${f.name} : ${f.pretty_type}`)
           .join("\n")}`,
-        title: t.description? t.description : t.name,
+        title: t.description ? t.description : t.name,
       })),
       edges,
     };
@@ -652,19 +652,21 @@ router.get(
       if (views.length > 0) {
         viewCardContents = mkTable(
           [
-            { label: req.__("Name"), key: "name" },
-            { label: req.__("Pattern"), key: "viewtemplate" },
             {
-              label: req.__("Run"),
-              key: (r) =>
-                link(`/view/${encodeURIComponent(r.name)}`, req.__("Run")),
+              label: req.__("Name"),
+              key: (r) => link(`/view/${encodeURIComponent(r.name)}`, r.name),
             },
+            { label: req.__("Pattern"), key: "viewtemplate" },
             {
-              label: req.__("Edit"),
+              label: req.__("Configure"),
               key: (r) =>
                 link(
-                  `/viewedit/edit/${encodeURIComponent(r.name)}`,
-                  req.__("Edit")
+                  `/viewedit/config/${encodeURIComponent(
+                    r.name
+                  )}?on_done_redirect=${encodeURIComponent(
+                    `table/${table.name}`
+                  )}`,
+                  req.__("Configure")
                 ),
             },
             {
@@ -692,7 +694,9 @@ router.get(
           viewCardContents +
           a(
             {
-              href: `/viewedit/new?table=${encodeURIComponent(table.name)}`,
+              href: `/viewedit/new?table=${encodeURIComponent(
+                table.name
+              )}&on_done_redirect=${encodeURIComponent(`table/${table.name}`)}`,
               class: "btn btn-primary",
             },
             req.__("Create view")

package/routes/utils.js

@@ -250,13 +250,13 @@ const getGitRevision = () => db.connectObj.git_commit;
  * @returns {session|cookieSession}
  */
 const getSessionStore = () => {
-  if (getState().getConfig("cookie_sessions", false)) {
+  /*if (getState().getConfig("cookie_sessions", false)) {
     return cookieSession({
       keys: [db.connectObj.session_secret || is.str.generate()],
       maxAge: 30 * 24 * 60 * 60 * 1000,
       sameSite: "strict",
     });
-  } else if (db.isSQLite) {
+  } else*/ if (db.isSQLite) {
     var SQLiteStore = require("connect-sqlite3")(session);
     return session({
       store: new SQLiteStore({ db: "sessions.sqlite" }),

package/tests/admin.test.js

@@ -5,6 +5,7 @@ const {
   getAdminLoginCookie,
   toRedirect,
   itShouldRedirectUnauthToLogin,
+  itShouldIncludeTextForAdmin,
   toInclude,
   toSucceed,
   //toNotInclude,
@@ -73,6 +74,7 @@ describe("admin page", () => {
     ["/admin/email", "Email settings"],
     ["/admin/system", "Restart server"],
     ["/admin/dev", "Development"],
+    ["/admin/build-mobile-app", "Build mobile app"],
   ]);
   adminPageContains([
     ["/useradmin", "Create user"],
@@ -530,9 +532,80 @@ describe("localizer", () => {
       .expect(toRedirect("/site-structure/localizer/edit/da"));
   });
 });
+/**
+ * Diagram tests
+ */
+describe("diagram", () => {
+  itShouldRedirectUnauthToLogin("/diagram");
+  itShouldIncludeTextForAdmin("/diagram", ">All entities<");
+
+  it("get data diagram", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .get("/diagram/data")
+      .set("Cookie", loginCookie)
+      .expect(
+        respondJsonWith(
+          200,
+          ({ elements, style }) => elements && style.length > 3
+        )
+      );
+  });
+});
 
 /**
- * Pages tests
+ * Diagram tests
+ */
+describe("tags", () => {
+  itShouldRedirectUnauthToLogin("/tag");
+  itShouldIncludeTextForAdmin("/tag", ">Create tag<");
+  itShouldIncludeTextForAdmin("/tag/new", ">Create<");
+  it("creates new tag", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .post("/tag")
+      .set("Cookie", loginCookie)
+      .send("name=MyNewTestTag")
+      .expect(toRedirect("/tag/1?show_list=tables"));
+  });
+
+  itShouldIncludeTextForAdmin("/tag", "MyNewTestTag");
+  itShouldIncludeTextForAdmin("/tag/1", "MyNewTestTag");
+  itShouldIncludeTextForAdmin("/tag-entries/add/tables/1", "Add entries");
+  itShouldIncludeTextForAdmin("/tag-entries/add/pages/1", "Add entries");
+  itShouldIncludeTextForAdmin("/tag-entries/add/views/1", "Add entries");
+  itShouldIncludeTextForAdmin("/tag-entries/add/triggers/1", "Add entries");
+  it("adds view to tag ", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .post("/tag-entries/add/views/1")
+      .set("Cookie", loginCookie)
+      .send("ids=1")
+      .expect(toRedirect("/tag/1?show_list=views"));
+  });
+  itShouldIncludeTextForAdmin("/diagram", "MyNewTestTag");
+  it("removes view from tag ", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .post("/tag-entries/remove/views/1/1")
+      .set("Cookie", loginCookie)
+      .expect(toRedirect("/tag/1?show_list=views"));
+  });
+  it("deletes new tag", async () => {
+    const app = await getApp({ disableCsrf: true });
+    const loginCookie = await getAdminLoginCookie();
+    await request(app)
+      .post("/tag/delete/1")
+      .set("Cookie", loginCookie)
+      .expect(toRedirect("/tag"));
+  });
+});
+/**
+ * Clear all tests
  */
 describe("clear all page", () => {
   itShouldRedirectUnauthToLogin("/admin/clear-all");

package/tests/auth.test.js

@@ -63,9 +63,10 @@ describe("login process", () => {
 });
 
 describe("user settings", () => {
+  let loginCookie;
   it("should show user settings", async () => {
     const app = await getApp({ disableCsrf: true });
-    const loginCookie = await getStaffLoginCookie();
+    loginCookie = await getStaffLoginCookie();
     await request(app)
       .get("/auth/settings")
       .set("Cookie", loginCookie)
@@ -74,7 +75,7 @@ describe("user settings", () => {
 
   it("should change password", async () => {
     const app = await getApp({ disableCsrf: true });
-    const loginCookie = await getStaffLoginCookie();
+    //const loginCookie = await getStaffLoginCookie();
     await request(app)
       .post("/auth/settings")
       .set("Cookie", loginCookie)
@@ -96,13 +97,20 @@ describe("user settings", () => {
       .send("email=staff@foo.com")
       .send("password=foHRrr46obar")
       .expect(toRedirect("/"));
+    //change back
+    await request(app)
+      .post("/auth/settings")
+      .set("Cookie", loginCookie)
+      .send("password=foHRrr46obar")
+      .send("new_password=ghrarhr54hg")
+      .expect(toRedirect("/auth/settings"));
   });
   it("should change language", async () => {
     const app = await getApp({ disableCsrf: true });
-    const loginCookie = await getAdminLoginCookie();
+    const adminLoginCookie = await getAdminLoginCookie();
     const res = await request(app)
       .post("/auth/setlanguage")
-      .set("Cookie", loginCookie)
+      .set("Cookie", adminLoginCookie)
       .send("locale=it")
       .expect(toRedirect("/auth/settings"));
     const newCookie = resToLoginCookie(res);
@@ -260,6 +268,64 @@ describe("user admin", () => {
     const delusers = await User.find({ email: "staff2@foo.com" });
     expect(delusers.length).toBe(0);
   });
+  if (!db.isSQLite)
+    it("can be disabled", async () => {
+      const staffLoginCookie = await getStaffLoginCookie();
+      const staffUser = await User.findOne({ email: "staff@foo.com" });
+      const adminLoginCookie = await getAdminLoginCookie();
+      const app = await getApp({ disableCsrf: true });
+      await request(app)
+        .post("/auth/login/")
+        .send("email=staff@foo.com")
+        .send("password=ghrarhr54hg")
+        .expect(toRedirect("/"));
+      await request(app)
+        .post(`/useradmin/disable/${staffUser.id}`)
+        .set("Cookie", adminLoginCookie)
+        .expect(toRedirect("/useradmin"));
+      await request(app)
+        .get("/auth/settings")
+        .set("Cookie", staffLoginCookie)
+        .expect(toRedirect("/auth/login"));
+      await request(app)
+        .post("/auth/login/")
+        .send("email=staff@foo.com")
+        .send("password=ghrarhr54hg")
+        .expect(toRedirect("/auth/login"));
+      await request(app)
+        .post(`/useradmin/enable/${staffUser.id}`)
+        .set("Cookie", adminLoginCookie)
+        .expect(toRedirect("/useradmin"));
+      await request(app)
+        .post("/auth/login/")
+        .send("email=staff@foo.com")
+        .send("password=ghrarhr54hg")
+        .expect(toRedirect("/"));
+    });
+  if (!db.isSQLite)
+    it("can be force logged out", async () => {
+      const staffLoginCookie = await getStaffLoginCookie();
+      const staffUser = await User.findOne({ email: "staff@foo.com" });
+      const adminLoginCookie = await getAdminLoginCookie();
+      const app = await getApp({ disableCsrf: true });
+      await request(app)
+        .get("/auth/settings")
+        .set("Cookie", staffLoginCookie)
+        .expect(toInclude(">staff@foo.com<"));
+      await request(app)
+        .post(`/useradmin/force-logout/${staffUser.id}`)
+        .set("Cookie", adminLoginCookie)
+        .expect(toRedirect("/useradmin"));
+      await request(app)
+        .get("/auth/settings")
+        .set("Cookie", staffLoginCookie)
+        .expect(toRedirect("/auth/login"));
+      await request(app)
+        .post("/auth/login/")
+        .send("email=staff@foo.com")
+        .send("password=ghrarhr54hg")
+        .expect(toRedirect("/"));
+    });
 });
 describe("User fields", () => {
   it("should add fields", async () => {