free-be-account 0.0.14 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +59 -11
- package/package.json +1 -1
- package/routers/org/route.js +2 -1
- package/routers/uc/info/route.js +16 -4
- package/routers/uc/phone/route.js +1 -1
- package/routers/uc/pwd/route.js +1 -1
- package/sms/index.js +7 -1
- package/utils.js +8 -2
package/index.js
CHANGED
|
@@ -51,12 +51,13 @@ const __getServiceList = async (res, filter = { Enabled: true }) => {
|
|
|
51
51
|
filter ? {} : {
|
|
52
52
|
Scope: filter ? undefined: doc.Scope.map(sc => {
|
|
53
53
|
const dso = res.app.getContainerContent('DataScope').find(ds => ds.Name === sc.Name);
|
|
54
|
-
return {
|
|
55
|
-
Label: dso
|
|
54
|
+
return dso ? {
|
|
55
|
+
Label: dso.Label || '',
|
|
56
56
|
Field: `${sc.Name}`,
|
|
57
|
-
Type: 'Select',
|
|
58
|
-
Options: dso
|
|
59
|
-
|
|
57
|
+
Type: dso.Component || 'Select',
|
|
58
|
+
Options: dso.Options || [],
|
|
59
|
+
Multiple: dso.Multiple || false,
|
|
60
|
+
} : {};
|
|
60
61
|
})
|
|
61
62
|
})
|
|
62
63
|
}
|
|
@@ -366,6 +367,7 @@ module.exports = (app) => ({
|
|
|
366
367
|
Description: { type: 'String' },
|
|
367
368
|
Index: { type: 'Number', required: true },
|
|
368
369
|
IsVirtual: { type: 'Boolean', default: false },
|
|
370
|
+
Profile: { type: 'Object', default: {} },
|
|
369
371
|
|
|
370
372
|
Permission: { type: 'Object', default: {} },
|
|
371
373
|
},
|
|
@@ -895,9 +897,43 @@ module.exports = (app) => ({
|
|
|
895
897
|
// Password: password,
|
|
896
898
|
Enabled: true,
|
|
897
899
|
Deleted: false,
|
|
898
|
-
}).then((user) => {
|
|
900
|
+
}).then(async (user) => {
|
|
899
901
|
if (!user) {
|
|
900
|
-
|
|
902
|
+
// auto create new user
|
|
903
|
+
if (m.config.autoCreateNewUser) {
|
|
904
|
+
const valid_phone = (d) => {
|
|
905
|
+
return /^(0|86|17951)?(13[0-9]|14[0-9]|15[0-9]|16[0-9]|17[0-9]|18[0-9]|19[0-9])[0-9]{8}$/.test(d);
|
|
906
|
+
};
|
|
907
|
+
const valid_email = (d) => {
|
|
908
|
+
// eslint-disable-next-line no-useless-escape
|
|
909
|
+
return /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(d);
|
|
910
|
+
}
|
|
911
|
+
|
|
912
|
+
const userPhoneEmail = {};
|
|
913
|
+
if (valid_phone(username)) {
|
|
914
|
+
userPhoneEmail.PhoneNumber = username;
|
|
915
|
+
} else if (valid_email(username)) {
|
|
916
|
+
userPhoneEmail['Profile'] = {
|
|
917
|
+
Email: username
|
|
918
|
+
};
|
|
919
|
+
}
|
|
920
|
+
|
|
921
|
+
const permission = Object.assign({}, m.config.accountDefaultPermissions);
|
|
922
|
+
clearPermission(permission);
|
|
923
|
+
const newU = await app.models['account'].create({
|
|
924
|
+
Saved: true,
|
|
925
|
+
UserName: username,
|
|
926
|
+
Password: '',
|
|
927
|
+
Status: m.config.accountRequireAudit ? AccountAuditStatus.Auditing : AccountAuditStatus.Passed,
|
|
928
|
+
Permission: permission,
|
|
929
|
+
|
|
930
|
+
// set phone number or email
|
|
931
|
+
...userPhoneEmail,
|
|
932
|
+
});
|
|
933
|
+
return done(null, newU);
|
|
934
|
+
} else {
|
|
935
|
+
return done(null, false);
|
|
936
|
+
}
|
|
901
937
|
}
|
|
902
938
|
|
|
903
939
|
const pwdVerified = verifyPassword(password, user.Password, m.config.pwdEncryptMethod || 'md5');
|
|
@@ -985,12 +1021,19 @@ module.exports = (app) => ({
|
|
|
985
1021
|
await res.endWithErr(400, 401);
|
|
986
1022
|
}
|
|
987
1023
|
else {
|
|
1024
|
+
res.clearCookie('token');
|
|
988
1025
|
await res.endWithErr(401);
|
|
989
1026
|
}
|
|
990
1027
|
|
|
991
1028
|
return;
|
|
992
1029
|
}
|
|
993
1030
|
|
|
1031
|
+
// update token in cookies
|
|
1032
|
+
const token = req.cookies.token;
|
|
1033
|
+
if (token) {
|
|
1034
|
+
res.cookie('token', token, { maxAge: app.config['cookieTimeout'] });
|
|
1035
|
+
}
|
|
1036
|
+
|
|
994
1037
|
return next();
|
|
995
1038
|
});
|
|
996
1039
|
|
|
@@ -1127,17 +1170,17 @@ module.exports = (app) => ({
|
|
|
1127
1170
|
{ 'Profile.Email': phone },
|
|
1128
1171
|
]});
|
|
1129
1172
|
|
|
1130
|
-
if (req.body.exists && existsCount <= 0) {
|
|
1173
|
+
if (req.body.exists === true && existsCount <= 0) {
|
|
1131
1174
|
res.makeError(409, 'User not exists!', m);
|
|
1132
1175
|
return next('route');
|
|
1133
1176
|
}
|
|
1134
|
-
if (
|
|
1177
|
+
if (req.body.exists === false && existsCount > 0) {
|
|
1135
1178
|
res.makeError(410, 'User aleady exists!', m);
|
|
1136
1179
|
return next('route');
|
|
1137
1180
|
}
|
|
1138
1181
|
}
|
|
1139
1182
|
|
|
1140
|
-
const result = await m.sms.sendRandom(phone, undefined, true, req.body.smsTemp || 'register');
|
|
1183
|
+
const result = await m.sms.sendRandom(phone, m.config.smsFormat || undefined, true, req.body.smsTemp || 'register');
|
|
1141
1184
|
|
|
1142
1185
|
if (!result) {
|
|
1143
1186
|
res.makeError(500, 'Failed to send sms!', m);
|
|
@@ -1280,8 +1323,13 @@ module.exports = (app) => ({
|
|
|
1280
1323
|
}
|
|
1281
1324
|
|
|
1282
1325
|
// only create with specified fields
|
|
1326
|
+
if (m.config.recoverNoSamePwd && verifyPassword(password, req.user.Password, m.config.pwdEncryptMethod || 'md5')) {
|
|
1327
|
+
res.makeError(406, 'New password cannot be the same as the old one!', m);
|
|
1328
|
+
return next('route');
|
|
1329
|
+
}
|
|
1330
|
+
|
|
1283
1331
|
res.locals.body = {
|
|
1284
|
-
Password: encryptPwd(password, m.config.pwdEncryptMethod || 'md5')
|
|
1332
|
+
Password: encryptPwd(password, m.config.pwdEncryptMethod || 'md5'),
|
|
1285
1333
|
}
|
|
1286
1334
|
|
|
1287
1335
|
res.locals.filter = {
|
package/package.json
CHANGED
package/routers/org/route.js
CHANGED
package/routers/uc/info/route.js
CHANGED
|
@@ -29,6 +29,8 @@ router.get('/', (req, res, next) => {
|
|
|
29
29
|
Status: user.Status,
|
|
30
30
|
|
|
31
31
|
StepsDefinition,
|
|
32
|
+
|
|
33
|
+
ar: router.mdl.config.accountRequireAudit,
|
|
32
34
|
});
|
|
33
35
|
|
|
34
36
|
return next();
|
|
@@ -61,7 +63,15 @@ router.post('/edit', async (req, res, next) => {
|
|
|
61
63
|
res.app.modules.account.utils.clearPermission(p);
|
|
62
64
|
|
|
63
65
|
// TODO: should not use mongoose directly
|
|
64
|
-
|
|
66
|
+
const setObj = {
|
|
67
|
+
$set: { Permission: p }
|
|
68
|
+
};
|
|
69
|
+
|
|
70
|
+
if (router.mdl.config.accountRequireAudit) {
|
|
71
|
+
Object.assign(setObj, { $unset: { Status: 0 } });
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
await res.app.models['account'].update({ id: req.user.id }, setObj);
|
|
65
75
|
|
|
66
76
|
res.addData({});
|
|
67
77
|
|
|
@@ -79,14 +89,16 @@ router.post('/submit',
|
|
|
79
89
|
res.locals.body.Profile = {...user.Profile, ...req.body.Profile};
|
|
80
90
|
}
|
|
81
91
|
|
|
82
|
-
|
|
92
|
+
if (router.mdl.config.accountRequireAudit) {
|
|
93
|
+
res.locals.body.Status = router.mdl.AccountAuditStatus.Auditing;
|
|
94
|
+
}
|
|
83
95
|
|
|
84
96
|
// set to default permission
|
|
85
|
-
const p =
|
|
97
|
+
const p = router.mdl.config.accountDefaultPermissions;
|
|
86
98
|
res.app.modules.account.utils.clearPermission(p);
|
|
87
99
|
res.locals.body.Permission = p;
|
|
88
100
|
|
|
89
|
-
res.locals.
|
|
101
|
+
res.locals.filter = { id: req.user.id };
|
|
90
102
|
res.locals.fields = [
|
|
91
103
|
'Profile',
|
|
92
104
|
'Status',
|
package/routers/uc/pwd/route.js
CHANGED
|
@@ -34,7 +34,7 @@ router.put('/',
|
|
|
34
34
|
res.locals.body = {};
|
|
35
35
|
res.locals.body.Password = res.app.modules.account.utils.encryptPwd(password, res.app.modules.account.config.pwdEncryptMethod || 'md5');
|
|
36
36
|
|
|
37
|
-
res.locals.
|
|
37
|
+
res.locals.filter = { id: req.user.id };
|
|
38
38
|
res.locals.fields = [
|
|
39
39
|
'password',
|
|
40
40
|
];
|
package/sms/index.js
CHANGED
|
@@ -129,7 +129,13 @@ module.exports = (app) => ({
|
|
|
129
129
|
t = `${t}_mail`;
|
|
130
130
|
}
|
|
131
131
|
|
|
132
|
-
|
|
132
|
+
let keys = app.modules.account.config.sms.keys[t] || app.modules.account.config.sms.keys;
|
|
133
|
+
|
|
134
|
+
if (!keys.platform) {
|
|
135
|
+
keys = (global && global.sms && global.sms[t]);
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
// const keys = (global && global.sms && global.sms[t]) || app.modules.account.config.sms.keys[t] || app.modules.account.config.sms.keys;
|
|
133
139
|
|
|
134
140
|
if (keys.platform) {
|
|
135
141
|
// should not send too frequent!
|
package/utils.js
CHANGED
|
@@ -60,7 +60,7 @@ function clearPermission(perm) {
|
|
|
60
60
|
return clearP(perm);
|
|
61
61
|
}
|
|
62
62
|
|
|
63
|
-
function verifyPassword(pwd, storedPwd, method = 'md5') {
|
|
63
|
+
function verifyPassword(pwd, storedPwd = '', method = 'md5') {
|
|
64
64
|
let verified = false;
|
|
65
65
|
let methods = [];
|
|
66
66
|
|
|
@@ -77,7 +77,7 @@ function verifyPassword(pwd, storedPwd, method = 'md5') {
|
|
|
77
77
|
verified = verified || (crypto.MD5(pwd) === storedPwd);
|
|
78
78
|
break;
|
|
79
79
|
case 'sha1':
|
|
80
|
-
verified = verified || (crypto.sha1(pwd, storedPwd.
|
|
80
|
+
verified = verified || (crypto.sha1(pwd, storedPwd.substring(0, EncryptOptions.saltLength), EncryptOptions.sha1Iteration).toString() === storedPwd.substr(EncryptOptions.saltLength));
|
|
81
81
|
break;
|
|
82
82
|
case 'bcrypt':
|
|
83
83
|
verified = verified || crypto.bcryptVerify(pwd, storedPwd);
|
|
@@ -132,6 +132,12 @@ async function saveServiceList (app, clean=false) {
|
|
|
132
132
|
for (let i = 0; i < Object.keys(perm).length; i += 1) {
|
|
133
133
|
const p = Object.keys(perm)[i];
|
|
134
134
|
|
|
135
|
+
// in case the developer didn't provide title and description information
|
|
136
|
+
perm[p] = perm[p] || {
|
|
137
|
+
title: p,
|
|
138
|
+
description: p,
|
|
139
|
+
};
|
|
140
|
+
|
|
135
141
|
// TODO: notify user if they are creating permission with these names
|
|
136
142
|
if (['title', 'description', 'scope', 'label'].indexOf(p.toLowerCase()) >= 0) continue;
|
|
137
143
|
|