kuzzle 2.19.2 → 2.19.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/api/controllers/adminController.js +94 -80
- package/lib/api/controllers/authController.js +239 -212
- package/lib/api/controllers/baseController.js +89 -51
- package/lib/api/controllers/bulkController.js +62 -49
- package/lib/api/controllers/clusterController.js +6 -8
- package/lib/api/controllers/collectionController.js +140 -129
- package/lib/api/controllers/debugController.d.ts +2 -2
- package/lib/api/controllers/debugController.js +33 -31
- package/lib/api/controllers/documentController.js +365 -274
- package/lib/api/controllers/index.js +13 -13
- package/lib/api/controllers/indexController.js +46 -50
- package/lib/api/controllers/memoryStorageController.js +410 -360
- package/lib/api/controllers/realtimeController.js +37 -36
- package/lib/api/controllers/securityController.js +553 -412
- package/lib/api/controllers/serverController.js +111 -104
- package/lib/api/documentExtractor.js +75 -68
- package/lib/api/funnel.js +411 -312
- package/lib/api/httpRoutes.js +1493 -324
- package/lib/api/openapi/OpenApiManager.d.ts +1 -1
- package/lib/api/openapi/OpenApiManager.js +22 -22
- package/lib/api/openapi/components/document/count.yaml +1 -1
- package/lib/api/openapi/components/document/create.yaml +2 -2
- package/lib/api/openapi/components/document/delete.yaml +1 -1
- package/lib/api/openapi/components/document/deleteByQuery.yaml +1 -1
- package/lib/api/openapi/components/document/exists.yaml +1 -1
- package/lib/api/openapi/components/document/get.yaml +2 -2
- package/lib/api/openapi/components/document/index.js +12 -12
- package/lib/api/openapi/components/document/replace.yaml +1 -1
- package/lib/api/openapi/components/document/scroll.yaml +1 -1
- package/lib/api/openapi/components/document/validate.yaml +1 -1
- package/lib/api/openapi/components/index.d.ts +2 -2
- package/lib/api/openapi/components/index.js +1 -1
- package/lib/api/openapi/components/security/index.js +1 -1
- package/lib/api/openapi/components/security/upsertUser.yaml +2 -3
- package/lib/api/openapi/index.d.ts +1 -1
- package/lib/api/openapi/openApiGenerator.d.ts +1 -1
- package/lib/api/openapi/openApiGenerator.js +7 -7
- package/lib/api/rateLimiter.js +12 -13
- package/lib/api/request/index.d.ts +4 -4
- package/lib/api/request/kuzzleRequest.d.ts +9 -9
- package/lib/api/request/kuzzleRequest.js +89 -87
- package/lib/api/request/requestContext.d.ts +2 -2
- package/lib/api/request/requestContext.js +17 -17
- package/lib/api/request/requestInput.d.ts +1 -1
- package/lib/api/request/requestInput.js +19 -19
- package/lib/api/request/requestResponse.d.ts +4 -4
- package/lib/api/request/requestResponse.js +31 -33
- package/lib/cluster/command.js +48 -44
- package/lib/cluster/idCardHandler.d.ts +1 -1
- package/lib/cluster/idCardHandler.js +15 -15
- package/lib/cluster/index.js +2 -2
- package/lib/cluster/node.js +301 -269
- package/lib/cluster/publisher.js +45 -46
- package/lib/cluster/state.d.ts +5 -5
- package/lib/cluster/state.js +8 -8
- package/lib/cluster/subscriber.js +163 -113
- package/lib/cluster/workers/IDCardRenewer.js +33 -32
- package/lib/config/default.config.d.ts +1 -1
- package/lib/config/default.config.js +212 -171
- package/lib/config/documentEventAliases.js +6 -6
- package/lib/config/index.js +161 -98
- package/lib/config/sdkCompatibility.json +8 -8
- package/lib/core/auth/formatProcessing.js +7 -7
- package/lib/core/auth/passportResponse.js +7 -7
- package/lib/core/auth/passportWrapper.js +34 -30
- package/lib/core/auth/tokenManager.d.ts +2 -2
- package/lib/core/auth/tokenManager.js +11 -10
- package/lib/core/backend/applicationManager.d.ts +1 -1
- package/lib/core/backend/applicationManager.js +2 -2
- package/lib/core/backend/backend.d.ts +3 -3
- package/lib/core/backend/backend.js +34 -31
- package/lib/core/backend/backendCluster.d.ts +2 -2
- package/lib/core/backend/backendCluster.js +5 -5
- package/lib/core/backend/backendConfig.d.ts +2 -2
- package/lib/core/backend/backendConfig.js +3 -3
- package/lib/core/backend/backendController.d.ts +2 -2
- package/lib/core/backend/backendController.js +9 -10
- package/lib/core/backend/backendErrors.d.ts +3 -3
- package/lib/core/backend/backendErrors.js +2 -1
- package/lib/core/backend/backendHook.d.ts +2 -2
- package/lib/core/backend/backendHook.js +5 -5
- package/lib/core/backend/backendImport.d.ts +3 -3
- package/lib/core/backend/backendImport.js +23 -23
- package/lib/core/backend/backendOpenApi.d.ts +2 -2
- package/lib/core/backend/backendOpenApi.js +16 -16
- package/lib/core/backend/backendPipe.d.ts +2 -2
- package/lib/core/backend/backendPipe.js +6 -6
- package/lib/core/backend/backendPlugin.d.ts +4 -4
- package/lib/core/backend/backendPlugin.js +14 -14
- package/lib/core/backend/backendStorage.d.ts +2 -2
- package/lib/core/backend/backendStorage.js +1 -2
- package/lib/core/backend/backendVault.d.ts +2 -2
- package/lib/core/backend/backendVault.js +3 -3
- package/lib/core/backend/index.d.ts +14 -14
- package/lib/core/backend/internalLogger.d.ts +1 -1
- package/lib/core/backend/internalLogger.js +5 -5
- package/lib/core/cache/cacheDbEnum.js +4 -4
- package/lib/core/cache/cacheEngine.js +79 -85
- package/lib/core/network/accessLogger.js +126 -120
- package/lib/core/network/clientConnection.js +5 -5
- package/lib/core/network/context.js +8 -8
- package/lib/core/network/entryPoint.js +100 -85
- package/lib/core/network/httpRouter/index.js +63 -60
- package/lib/core/network/httpRouter/routeHandler.js +18 -19
- package/lib/core/network/httpRouter/routePart.js +23 -19
- package/lib/core/network/protocolManifest.js +3 -3
- package/lib/core/network/protocols/httpMessage.js +8 -10
- package/lib/core/network/protocols/httpwsProtocol.js +305 -250
- package/lib/core/network/protocols/internalProtocol.js +27 -24
- package/lib/core/network/protocols/mqttProtocol.js +106 -96
- package/lib/core/network/protocols/protocol.js +20 -17
- package/lib/core/network/router.js +56 -46
- package/lib/core/plugin/plugin.js +151 -120
- package/lib/core/plugin/pluginContext.d.ts +7 -7
- package/lib/core/plugin/pluginContext.js +48 -44
- package/lib/core/plugin/pluginManifest.js +13 -12
- package/lib/core/plugin/pluginRepository.js +26 -27
- package/lib/core/plugin/pluginsManager.js +425 -304
- package/lib/core/plugin/privilegedContext.js +3 -3
- package/lib/core/realtime/actionEnum.js +1 -1
- package/lib/core/realtime/channel.d.ts +1 -1
- package/lib/core/realtime/channel.js +22 -22
- package/lib/core/realtime/connectionRooms.d.ts +1 -1
- package/lib/core/realtime/hotelClerk.d.ts +2 -2
- package/lib/core/realtime/hotelClerk.js +53 -50
- package/lib/core/realtime/index.js +5 -5
- package/lib/core/realtime/notification/document.js +25 -25
- package/lib/core/realtime/notification/index.js +4 -4
- package/lib/core/realtime/notification/server.js +3 -3
- package/lib/core/realtime/notification/user.js +4 -4
- package/lib/core/realtime/notifier.js +113 -75
- package/lib/core/realtime/room.d.ts +1 -1
- package/lib/core/realtime/subscription.d.ts +1 -1
- package/lib/core/realtime/subscription.js +1 -1
- package/lib/core/security/index.js +8 -8
- package/lib/core/security/profileRepository.d.ts +6 -6
- package/lib/core/security/profileRepository.js +48 -45
- package/lib/core/security/roleRepository.js +127 -115
- package/lib/core/security/securityLoader.js +70 -63
- package/lib/core/security/tokenRepository.js +132 -118
- package/lib/core/security/userRepository.js +104 -88
- package/lib/core/shared/KoncordeWrapper.d.ts +1 -1
- package/lib/core/shared/KoncordeWrapper.js +3 -1
- package/lib/core/shared/abstractManifest.js +22 -23
- package/lib/core/shared/repository.js +69 -67
- package/lib/core/shared/sdk/embeddedSdk.d.ts +2 -2
- package/lib/core/shared/sdk/embeddedSdk.js +36 -32
- package/lib/core/shared/sdk/funnelProtocol.d.ts +1 -1
- package/lib/core/shared/sdk/funnelProtocol.js +11 -11
- package/lib/core/shared/sdk/impersonatedSdk.js +19 -18
- package/lib/core/shared/store.js +127 -32
- package/lib/core/statistics/index.js +2 -2
- package/lib/core/statistics/statistics.js +99 -85
- package/lib/core/storage/clientAdapter.js +219 -136
- package/lib/core/storage/indexCache.js +3 -3
- package/lib/core/storage/storageEngine.js +10 -13
- package/lib/core/storage/storeScopeEnum.js +3 -3
- package/lib/core/validation/baseType.js +12 -10
- package/lib/core/validation/index.js +2 -2
- package/lib/core/validation/types/anything.js +4 -4
- package/lib/core/validation/types/boolean.js +7 -7
- package/lib/core/validation/types/date.js +165 -131
- package/lib/core/validation/types/email.js +18 -21
- package/lib/core/validation/types/enum.js +34 -21
- package/lib/core/validation/types/geoPoint.js +7 -7
- package/lib/core/validation/types/geoShape.js +148 -125
- package/lib/core/validation/types/integer.js +9 -9
- package/lib/core/validation/types/ipAddress.js +17 -19
- package/lib/core/validation/types/numeric.js +36 -29
- package/lib/core/validation/types/object.js +19 -19
- package/lib/core/validation/types/string.js +36 -29
- package/lib/core/validation/types/url.js +17 -19
- package/lib/core/validation/validation.js +422 -378
- package/lib/kerror/codes/1-services.json +7 -1
- package/lib/kerror/codes/4-plugin.json +2 -2
- package/lib/kerror/codes/index.js +85 -63
- package/lib/kerror/errors/badRequestError.d.ts +1 -1
- package/lib/kerror/errors/externalServiceError.d.ts +1 -1
- package/lib/kerror/errors/forbiddenError.d.ts +1 -1
- package/lib/kerror/errors/gatewayTimeoutError.d.ts +1 -1
- package/lib/kerror/errors/index.d.ts +15 -15
- package/lib/kerror/errors/internalError.d.ts +1 -1
- package/lib/kerror/errors/kuzzleError.d.ts +1 -1
- package/lib/kerror/errors/multipleErrorsError.d.ts +1 -1
- package/lib/kerror/errors/multipleErrorsError.js +1 -1
- package/lib/kerror/errors/notFoundError.d.ts +1 -1
- package/lib/kerror/errors/partialError.d.ts +1 -1
- package/lib/kerror/errors/partialError.js +1 -1
- package/lib/kerror/errors/pluginImplementationError.d.ts +1 -1
- package/lib/kerror/errors/pluginImplementationError.js +2 -1
- package/lib/kerror/errors/preconditionError.d.ts +1 -1
- package/lib/kerror/errors/serviceUnavailableError.d.ts +1 -1
- package/lib/kerror/errors/sizeLimitError.d.ts +1 -1
- package/lib/kerror/errors/tooManyRequestsError.d.ts +1 -1
- package/lib/kerror/errors/unauthorizedError.d.ts +1 -1
- package/lib/kerror/index.d.ts +3 -3
- package/lib/kerror/index.js +17 -16
- package/lib/kuzzle/dumpGenerator.js +130 -114
- package/lib/kuzzle/event/kuzzleEventEmitter.js +96 -70
- package/lib/kuzzle/event/pipeRunner.js +25 -24
- package/lib/kuzzle/event/waterfall.js +13 -15
- package/lib/kuzzle/index.js +2 -2
- package/lib/kuzzle/internalIndexHandler.js +80 -59
- package/lib/kuzzle/kuzzle.js +99 -99
- package/lib/kuzzle/kuzzleStateEnum.js +1 -1
- package/lib/kuzzle/log.js +23 -18
- package/lib/kuzzle/vault.js +34 -19
- package/lib/model/security/profile.d.ts +3 -3
- package/lib/model/security/profile.js +38 -37
- package/lib/model/security/rights.js +5 -5
- package/lib/model/security/role.d.ts +3 -3
- package/lib/model/security/role.js +25 -26
- package/lib/model/security/token.d.ts +1 -1
- package/lib/model/security/token.js +4 -4
- package/lib/model/security/user.d.ts +2 -2
- package/lib/model/security/user.js +9 -9
- package/lib/model/storage/apiKey.js +43 -33
- package/lib/model/storage/baseModel.js +49 -45
- package/lib/service/cache/redis.js +60 -55
- package/lib/service/service.js +17 -17
- package/lib/service/storage/elasticsearch.js +839 -755
- package/lib/service/storage/esWrapper.js +103 -86
- package/lib/service/storage/queryTranslator.js +52 -59
- package/lib/types/Controller.d.ts +3 -3
- package/lib/types/ControllerDefinition.d.ts +3 -3
- package/lib/types/DebugModule.d.ts +2 -2
- package/lib/types/DebugModule.js +1 -1
- package/lib/types/Global.d.ts +1 -1
- package/lib/types/HttpStream.d.ts +2 -1
- package/lib/types/HttpStream.js +7 -5
- package/lib/types/Kuzzle.d.ts +1 -1
- package/lib/types/KuzzleDocument.d.ts +1 -1
- package/lib/types/OpenApiDefinition.d.ts +1 -1
- package/lib/types/PasswordPolicy.d.ts +1 -1
- package/lib/types/Plugin.d.ts +6 -6
- package/lib/types/Plugin.js +2 -2
- package/lib/types/Policy.d.ts +1 -1
- package/lib/types/RequestPayload.d.ts +1 -1
- package/lib/types/ResponsePayload.d.ts +1 -1
- package/lib/types/Token.d.ts +1 -1
- package/lib/types/User.d.ts +1 -1
- package/lib/types/config/DumpConfiguration.d.ts +8 -8
- package/lib/types/config/HttpConfiguration.d.ts +1 -1
- package/lib/types/config/KuzzleConfiguration.d.ts +1 -1
- package/lib/types/config/LimitsConfiguration.d.ts +8 -8
- package/lib/types/config/PluginsConfiguration.d.ts +4 -4
- package/lib/types/config/SecurityConfiguration.d.ts +62 -62
- package/lib/types/config/ServerConfiguration.d.ts +55 -55
- package/lib/types/config/ServicesConfiguration.d.ts +2 -2
- package/lib/types/config/internalCache/InternalCacheRedisConfiguration.d.ts +10 -10
- package/lib/types/config/publicCache/PublicCacheRedisConfiguration.d.ts +3 -3
- package/lib/types/config/storageEngine/StorageEngineElasticsearchConfiguration.d.ts +194 -110
- package/lib/types/errors/ErrorDefinition.d.ts +1 -1
- package/lib/types/errors/ErrorDomains.d.ts +1 -1
- package/lib/types/index.d.ts +38 -38
- package/lib/types/realtime/RealtimeScope.d.ts +1 -1
- package/lib/types/realtime/RealtimeUsers.d.ts +1 -1
- package/lib/util/assertType.js +13 -11
- package/lib/util/async.d.ts +1 -0
- package/lib/util/async.js +61 -0
- package/lib/util/asyncStore.js +19 -21
- package/lib/util/bufferedPassThrough.d.ts +2 -2
- package/lib/util/bufferedPassThrough.js +4 -4
- package/lib/util/bytes.js +9 -13
- package/lib/util/crypto.js +1 -1
- package/lib/util/debug.js +5 -5
- package/lib/util/deprecate.js +24 -21
- package/lib/util/didYouMean.js +7 -7
- package/lib/util/dump-collection.d.ts +2 -2
- package/lib/util/dump-collection.js +26 -26
- package/lib/util/esRequest.d.ts +1 -0
- package/lib/util/esRequest.js +62 -0
- package/lib/util/extractFields.js +24 -25
- package/lib/util/inflector.js +5 -5
- package/lib/util/koncordeCompat.d.ts +2 -2
- package/lib/util/koncordeCompat.js +5 -5
- package/lib/util/memoize.js +3 -5
- package/lib/util/mutex.d.ts +19 -1
- package/lib/util/mutex.js +39 -12
- package/lib/util/name-generator.js +1331 -1331
- package/lib/util/promback.js +8 -10
- package/lib/util/readYamlFile.d.ts +1 -1
- package/lib/util/readYamlFile.js +1 -1
- package/lib/util/requestAssertions.js +34 -34
- package/lib/util/safeObject.js +5 -5
- package/lib/util/stackTrace.js +20 -22
- package/lib/util/wildcard.js +15 -15
- package/package.json +6 -6
- package/npm-shrinkwrap.json +0 -19422
|
@@ -19,133 +19,132 @@
|
|
|
19
19
|
* limitations under the License.
|
|
20
20
|
*/
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
"use strict";
|
|
23
23
|
|
|
24
|
-
const { isEmpty, isNil } = require(
|
|
25
|
-
const Bluebird = require(
|
|
26
|
-
const { v4: uuidv4 } = require(
|
|
24
|
+
const { isEmpty, isNil } = require("lodash");
|
|
25
|
+
const Bluebird = require("bluebird");
|
|
26
|
+
const { v4: uuidv4 } = require("uuid");
|
|
27
27
|
|
|
28
|
-
const { KuzzleError, BadRequestError } = require(
|
|
29
|
-
const { Request } = require(
|
|
30
|
-
const { NativeController } = require(
|
|
31
|
-
const formatProcessing = require(
|
|
32
|
-
const ApiKey = require(
|
|
33
|
-
const kerror = require(
|
|
34
|
-
const { has } = require(
|
|
35
|
-
const { NameGenerator } = require(
|
|
28
|
+
const { KuzzleError, BadRequestError } = require("../../kerror/errors");
|
|
29
|
+
const { Request } = require("../request");
|
|
30
|
+
const { NativeController } = require("./baseController");
|
|
31
|
+
const formatProcessing = require("../../core/auth/formatProcessing");
|
|
32
|
+
const ApiKey = require("../../model/storage/apiKey");
|
|
33
|
+
const kerror = require("../../kerror");
|
|
34
|
+
const { has } = require("../../util/safeObject");
|
|
35
|
+
const { NameGenerator } = require("../../util/name-generator");
|
|
36
36
|
|
|
37
37
|
/**
|
|
38
38
|
* @class SecurityController
|
|
39
39
|
*/
|
|
40
40
|
class SecurityController extends NativeController {
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
return userId === null ? 'EmbeddedSDK' : `User "${userId}"`;
|
|
41
|
+
static userOrSdk(userId) {
|
|
42
|
+
return userId === null ? "EmbeddedSDK" : `User "${userId}"`;
|
|
44
43
|
}
|
|
45
44
|
|
|
46
|
-
constructor
|
|
45
|
+
constructor() {
|
|
47
46
|
super([
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
47
|
+
"checkRights",
|
|
48
|
+
"createApiKey",
|
|
49
|
+
"createCredentials",
|
|
50
|
+
"createFirstAdmin",
|
|
51
|
+
"createOrReplaceProfile",
|
|
52
|
+
"createOrReplaceRole",
|
|
53
|
+
"createProfile",
|
|
54
|
+
"createRestrictedUser",
|
|
55
|
+
"createRole",
|
|
56
|
+
"createUser",
|
|
57
|
+
"deleteApiKey",
|
|
58
|
+
"deleteCredentials",
|
|
59
|
+
"deleteProfile",
|
|
60
|
+
"deleteRole",
|
|
61
|
+
"deleteUser",
|
|
62
|
+
"getAllCredentialFields",
|
|
63
|
+
"getCredentialFields",
|
|
64
|
+
"getCredentials",
|
|
65
|
+
"getCredentialsById",
|
|
66
|
+
"getProfile",
|
|
67
|
+
"getProfileMapping",
|
|
68
|
+
"getProfileRights",
|
|
69
|
+
"getRole",
|
|
70
|
+
"getRoleMapping",
|
|
71
|
+
"getUser",
|
|
72
|
+
"getUserMapping",
|
|
73
|
+
"getUserRights",
|
|
74
|
+
"getUserStrategies",
|
|
75
|
+
"hasCredentials",
|
|
76
|
+
"mDeleteProfiles",
|
|
77
|
+
"mDeleteRoles",
|
|
78
|
+
"mDeleteUsers",
|
|
79
|
+
"mGetProfiles",
|
|
80
|
+
"mGetRoles",
|
|
81
|
+
"mGetUsers",
|
|
82
|
+
"refresh",
|
|
83
|
+
"replaceUser",
|
|
84
|
+
"revokeTokens",
|
|
85
|
+
"scrollProfiles",
|
|
86
|
+
"scrollUsers",
|
|
87
|
+
"searchApiKeys",
|
|
88
|
+
"searchProfiles",
|
|
89
|
+
"searchRoles",
|
|
90
|
+
"searchUsers",
|
|
91
|
+
"searchUsersByCredentials",
|
|
92
|
+
"updateCredentials",
|
|
93
|
+
"updateProfile",
|
|
94
|
+
"updateProfileMapping",
|
|
95
|
+
"updateRole",
|
|
96
|
+
"updateRoleMapping",
|
|
97
|
+
"updateUser",
|
|
98
|
+
"updateUserMapping",
|
|
99
|
+
"upsertUser",
|
|
100
|
+
"validateCredentials",
|
|
102
101
|
]);
|
|
103
102
|
|
|
104
|
-
this.subdomain =
|
|
103
|
+
this.subdomain = "security";
|
|
105
104
|
|
|
106
|
-
this.securityCollections = [
|
|
105
|
+
this.securityCollections = ["users", "profiles", "roles"];
|
|
107
106
|
|
|
108
107
|
// @deprecated - helper, will be loosely coupled in the near future
|
|
109
|
-
this.getStrategyMethod =
|
|
110
|
-
|
|
108
|
+
this.getStrategyMethod =
|
|
109
|
+
global.kuzzle.pluginsManager.getStrategyMethod.bind(
|
|
110
|
+
global.kuzzle.pluginsManager
|
|
111
|
+
);
|
|
111
112
|
}
|
|
112
113
|
|
|
113
114
|
/**
|
|
114
115
|
* Checks if an API action can be executed by a user
|
|
115
116
|
*/
|
|
116
|
-
async checkRights
|
|
117
|
-
const userId = request.getString(
|
|
117
|
+
async checkRights(request) {
|
|
118
|
+
const userId = request.getString("userId");
|
|
118
119
|
const requestPayload = request.getBody();
|
|
119
120
|
|
|
120
|
-
if (typeof requestPayload.controller !==
|
|
121
|
-
throw kerror.get(
|
|
121
|
+
if (typeof requestPayload.controller !== "string") {
|
|
122
|
+
throw kerror.get("api", "assert", "missing_argument", "body.controller");
|
|
122
123
|
}
|
|
123
124
|
|
|
124
|
-
if (typeof requestPayload.action !==
|
|
125
|
-
throw kerror.get(
|
|
125
|
+
if (typeof requestPayload.action !== "string") {
|
|
126
|
+
throw kerror.get("api", "assert", "missing_argument", "body.action");
|
|
126
127
|
}
|
|
127
128
|
|
|
128
|
-
const user = await global.kuzzle.ask(
|
|
129
|
-
'core:security:user:get',
|
|
130
|
-
userId);
|
|
129
|
+
const user = await global.kuzzle.ask("core:security:user:get", userId);
|
|
131
130
|
|
|
132
131
|
const allowed = await user.isActionAllowed(new Request(requestPayload));
|
|
133
132
|
|
|
134
133
|
return {
|
|
135
|
-
allowed
|
|
134
|
+
allowed,
|
|
136
135
|
};
|
|
137
136
|
}
|
|
138
137
|
/**
|
|
139
138
|
* Creates a new API key for a user
|
|
140
139
|
*/
|
|
141
|
-
async createApiKey
|
|
140
|
+
async createApiKey(request) {
|
|
142
141
|
const expiresIn = request.input.args.expiresIn || -1;
|
|
143
|
-
const refresh = request.getRefresh(
|
|
144
|
-
const userId = request.getString(
|
|
145
|
-
const apiKeyId = request.getId({ ifMissing:
|
|
146
|
-
const description = request.getBodyString(
|
|
142
|
+
const refresh = request.getRefresh("wait_for");
|
|
143
|
+
const userId = request.getString("userId");
|
|
144
|
+
const apiKeyId = request.getId({ ifMissing: "generate" });
|
|
145
|
+
const description = request.getBodyString("description");
|
|
147
146
|
|
|
148
|
-
const user = await this.ask(
|
|
147
|
+
const user = await this.ask("core:security:user:get", userId);
|
|
149
148
|
const creatorId = request.getKuid();
|
|
150
149
|
|
|
151
150
|
const apiKey = await ApiKey.create(user, expiresIn, description, {
|
|
@@ -155,20 +154,24 @@ class SecurityController extends NativeController {
|
|
|
155
154
|
refresh,
|
|
156
155
|
});
|
|
157
156
|
|
|
158
|
-
global.kuzzle.log.info(
|
|
157
|
+
global.kuzzle.log.info(
|
|
158
|
+
`[SECURITY] ${SecurityController.userOrSdk(creatorId)} applied action "${
|
|
159
|
+
request.input.action
|
|
160
|
+
}" on user "${userId}."`
|
|
161
|
+
);
|
|
159
162
|
return apiKey.serialize({ includeToken: true });
|
|
160
163
|
}
|
|
161
164
|
|
|
162
165
|
/**
|
|
163
166
|
* Search in an user API keys
|
|
164
167
|
*/
|
|
165
|
-
async searchApiKeys
|
|
166
|
-
const userId = request.getString(
|
|
168
|
+
async searchApiKeys(request) {
|
|
169
|
+
const userId = request.getString("userId");
|
|
167
170
|
let query = request.getBody({});
|
|
168
171
|
const { from, size, scrollTTL } = request.getSearchParams();
|
|
169
172
|
const lang = request.getLangParam();
|
|
170
173
|
|
|
171
|
-
if (lang ===
|
|
174
|
+
if (lang === "koncorde") {
|
|
172
175
|
query = await this.translateKoncorde(query);
|
|
173
176
|
}
|
|
174
177
|
|
|
@@ -176,44 +179,49 @@ class SecurityController extends NativeController {
|
|
|
176
179
|
query: {
|
|
177
180
|
bool: {
|
|
178
181
|
filter: { bool: { must: { term: { userId } } } },
|
|
179
|
-
must: isEmpty(query) ? { match_all: {} } : query
|
|
180
|
-
}
|
|
181
|
-
}
|
|
182
|
+
must: isEmpty(query) ? { match_all: {} } : query,
|
|
183
|
+
},
|
|
184
|
+
},
|
|
182
185
|
};
|
|
183
186
|
|
|
184
|
-
const apiKeys = await ApiKey.search(searchBody, {
|
|
187
|
+
const apiKeys = await ApiKey.search(searchBody, {
|
|
188
|
+
from,
|
|
189
|
+
scroll: scrollTTL,
|
|
190
|
+
size,
|
|
191
|
+
});
|
|
185
192
|
|
|
186
193
|
return {
|
|
187
|
-
hits: apiKeys.map(apiKey => apiKey.serialize()),
|
|
188
|
-
total: apiKeys.length
|
|
194
|
+
hits: apiKeys.map((apiKey) => apiKey.serialize()),
|
|
195
|
+
total: apiKeys.length,
|
|
189
196
|
};
|
|
190
197
|
}
|
|
191
198
|
|
|
192
199
|
/**
|
|
193
200
|
* Deletes an user API key
|
|
194
201
|
*/
|
|
195
|
-
async deleteApiKey
|
|
196
|
-
const userId = request.getString(
|
|
202
|
+
async deleteApiKey(request) {
|
|
203
|
+
const userId = request.getString("userId");
|
|
197
204
|
const apiKeyId = request.getId();
|
|
198
|
-
const refresh = request.getRefresh(
|
|
205
|
+
const refresh = request.getRefresh("wait_for");
|
|
199
206
|
|
|
200
207
|
const apiKey = await ApiKey.load(userId, apiKeyId);
|
|
201
208
|
|
|
202
209
|
await apiKey.delete({ refresh });
|
|
203
210
|
|
|
204
211
|
return {
|
|
205
|
-
_id: apiKeyId
|
|
212
|
+
_id: apiKeyId,
|
|
206
213
|
};
|
|
207
214
|
}
|
|
208
215
|
|
|
209
|
-
|
|
210
216
|
/**
|
|
211
217
|
* Get the role mapping
|
|
212
218
|
*
|
|
213
219
|
* @returns {Promise}
|
|
214
220
|
*/
|
|
215
|
-
async getRoleMapping
|
|
216
|
-
const { properties } = await global.kuzzle.internalIndex.getMapping(
|
|
221
|
+
async getRoleMapping() {
|
|
222
|
+
const { properties } = await global.kuzzle.internalIndex.getMapping(
|
|
223
|
+
"roles"
|
|
224
|
+
);
|
|
217
225
|
|
|
218
226
|
return { mapping: properties };
|
|
219
227
|
}
|
|
@@ -223,10 +231,10 @@ class SecurityController extends NativeController {
|
|
|
223
231
|
* @param {Request} request
|
|
224
232
|
* @returns {Promise}
|
|
225
233
|
*/
|
|
226
|
-
async updateRoleMapping
|
|
234
|
+
async updateRoleMapping(request) {
|
|
227
235
|
const mappings = request.getBody();
|
|
228
236
|
|
|
229
|
-
return global.kuzzle.internalIndex.updateMapping(
|
|
237
|
+
return global.kuzzle.internalIndex.updateMapping("roles", mappings);
|
|
230
238
|
}
|
|
231
239
|
|
|
232
240
|
/**
|
|
@@ -234,8 +242,10 @@ class SecurityController extends NativeController {
|
|
|
234
242
|
*
|
|
235
243
|
* @returns {Promise}
|
|
236
244
|
*/
|
|
237
|
-
async getProfileMapping
|
|
238
|
-
const { properties } = await global.kuzzle.internalIndex.getMapping(
|
|
245
|
+
async getProfileMapping() {
|
|
246
|
+
const { properties } = await global.kuzzle.internalIndex.getMapping(
|
|
247
|
+
"profiles"
|
|
248
|
+
);
|
|
239
249
|
|
|
240
250
|
return { mapping: properties };
|
|
241
251
|
}
|
|
@@ -246,10 +256,10 @@ class SecurityController extends NativeController {
|
|
|
246
256
|
* @param {Request} request
|
|
247
257
|
* @returns {Promise}
|
|
248
258
|
*/
|
|
249
|
-
updateProfileMapping
|
|
259
|
+
updateProfileMapping(request) {
|
|
250
260
|
const mappings = request.getBody();
|
|
251
261
|
|
|
252
|
-
return global.kuzzle.internalIndex.updateMapping(
|
|
262
|
+
return global.kuzzle.internalIndex.updateMapping("profiles", mappings);
|
|
253
263
|
}
|
|
254
264
|
|
|
255
265
|
/**
|
|
@@ -257,8 +267,10 @@ class SecurityController extends NativeController {
|
|
|
257
267
|
*
|
|
258
268
|
* @returns {Promise}
|
|
259
269
|
*/
|
|
260
|
-
async getUserMapping
|
|
261
|
-
const { properties } = await global.kuzzle.internalIndex.getMapping(
|
|
270
|
+
async getUserMapping() {
|
|
271
|
+
const { properties } = await global.kuzzle.internalIndex.getMapping(
|
|
272
|
+
"users"
|
|
273
|
+
);
|
|
262
274
|
|
|
263
275
|
return { mapping: properties };
|
|
264
276
|
}
|
|
@@ -269,10 +281,10 @@ class SecurityController extends NativeController {
|
|
|
269
281
|
* @param {Request} request
|
|
270
282
|
* @returns {Promise}
|
|
271
283
|
*/
|
|
272
|
-
async updateUserMapping
|
|
284
|
+
async updateUserMapping(request) {
|
|
273
285
|
const mappings = request.getBody();
|
|
274
286
|
|
|
275
|
-
return global.kuzzle.internalIndex.updateMapping(
|
|
287
|
+
return global.kuzzle.internalIndex.updateMapping("users", mappings);
|
|
276
288
|
}
|
|
277
289
|
|
|
278
290
|
/**
|
|
@@ -281,10 +293,10 @@ class SecurityController extends NativeController {
|
|
|
281
293
|
* @param {Request} request
|
|
282
294
|
* @returns {Promise<Object>}
|
|
283
295
|
*/
|
|
284
|
-
async getRole
|
|
296
|
+
async getRole(request) {
|
|
285
297
|
const id = request.getId();
|
|
286
298
|
|
|
287
|
-
const role = await this.ask(
|
|
299
|
+
const role = await this.ask("core:security:role:get", id);
|
|
288
300
|
|
|
289
301
|
return formatProcessing.serializeRole(role);
|
|
290
302
|
}
|
|
@@ -295,9 +307,9 @@ class SecurityController extends NativeController {
|
|
|
295
307
|
* @param {Request} request
|
|
296
308
|
* @returns {Promise<Object>}
|
|
297
309
|
*/
|
|
298
|
-
async mGetRoles
|
|
299
|
-
const ids = request.getBodyArray(
|
|
300
|
-
const roles = await this.ask(
|
|
310
|
+
async mGetRoles(request) {
|
|
311
|
+
const ids = request.getBodyArray("ids");
|
|
312
|
+
const roles = await this.ask("core:security:role:mGet", ids);
|
|
301
313
|
|
|
302
314
|
return { hits: roles.map(formatProcessing.serializeRole) };
|
|
303
315
|
}
|
|
@@ -308,16 +320,17 @@ class SecurityController extends NativeController {
|
|
|
308
320
|
* @param {Request} request
|
|
309
321
|
* @returns {Promise}
|
|
310
322
|
*/
|
|
311
|
-
async refresh
|
|
323
|
+
async refresh(request) {
|
|
312
324
|
const collection = request.getCollection();
|
|
313
325
|
|
|
314
|
-
if (!
|
|
326
|
+
if (!this.securityCollections.includes(collection)) {
|
|
315
327
|
throw kerror.get(
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
328
|
+
"api",
|
|
329
|
+
"assert",
|
|
330
|
+
"unexpected_argument",
|
|
319
331
|
collection,
|
|
320
|
-
this.securityCollections
|
|
332
|
+
this.securityCollections
|
|
333
|
+
);
|
|
321
334
|
}
|
|
322
335
|
|
|
323
336
|
await global.kuzzle.internalIndex.refreshCollection(collection);
|
|
@@ -331,29 +344,31 @@ class SecurityController extends NativeController {
|
|
|
331
344
|
* @param {Request} request
|
|
332
345
|
* @returns {Promise<Object>}
|
|
333
346
|
*/
|
|
334
|
-
async searchRoles
|
|
335
|
-
const from = request.getInteger(
|
|
347
|
+
async searchRoles(request) {
|
|
348
|
+
const from = request.getInteger("from", 0);
|
|
336
349
|
const size = this._getSearchPageSize(request);
|
|
337
350
|
const lang = request.getLangParam();
|
|
338
351
|
const body = request.getBody({});
|
|
339
352
|
|
|
340
353
|
if (body.controllers && body.query) {
|
|
341
|
-
throw new BadRequestError(
|
|
354
|
+
throw new BadRequestError(
|
|
355
|
+
'You cannot specifify both "controllers" and "query". Prefer the usage of "query" property with a search query.'
|
|
356
|
+
);
|
|
342
357
|
}
|
|
343
358
|
|
|
344
359
|
if (body.controllers) {
|
|
345
360
|
// Type checking
|
|
346
|
-
request.getBodyArray(
|
|
361
|
+
request.getBodyArray("controllers");
|
|
347
362
|
}
|
|
348
363
|
|
|
349
|
-
if (lang ===
|
|
364
|
+
if (lang === "koncorde") {
|
|
350
365
|
body.query = await this.translateKoncorde(body.query || {});
|
|
351
366
|
}
|
|
352
367
|
|
|
353
|
-
const response = await this.ask(
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
368
|
+
const response = await this.ask("core:security:role:search", body, {
|
|
369
|
+
from,
|
|
370
|
+
size,
|
|
371
|
+
});
|
|
357
372
|
|
|
358
373
|
response.hits = response.hits.map(formatProcessing.serializeRole);
|
|
359
374
|
|
|
@@ -366,18 +381,27 @@ class SecurityController extends NativeController {
|
|
|
366
381
|
* @param {Request} request
|
|
367
382
|
* @returns {Promise<Object>}
|
|
368
383
|
*/
|
|
369
|
-
async createOrReplaceRole
|
|
384
|
+
async createOrReplaceRole(request) {
|
|
370
385
|
const id = request.getId();
|
|
371
386
|
const body = request.getBody();
|
|
372
387
|
const userId = request.getKuid();
|
|
373
388
|
|
|
374
|
-
const role = await this.ask(
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
389
|
+
const role = await this.ask(
|
|
390
|
+
"core:security:role:createOrReplace",
|
|
391
|
+
id,
|
|
392
|
+
body,
|
|
393
|
+
{
|
|
394
|
+
force: request.getBoolean("force"),
|
|
395
|
+
refresh: request.getRefresh("wait_for"),
|
|
396
|
+
userId,
|
|
397
|
+
}
|
|
398
|
+
);
|
|
379
399
|
|
|
380
|
-
global.kuzzle.log.info(
|
|
400
|
+
global.kuzzle.log.info(
|
|
401
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
402
|
+
request.input.action
|
|
403
|
+
}" on role "${role._id}."`
|
|
404
|
+
);
|
|
381
405
|
return formatProcessing.serializeRole(role);
|
|
382
406
|
}
|
|
383
407
|
|
|
@@ -387,18 +411,22 @@ class SecurityController extends NativeController {
|
|
|
387
411
|
* @param {Request} request
|
|
388
412
|
* @returns {Promise<Object>}
|
|
389
413
|
*/
|
|
390
|
-
async createRole
|
|
414
|
+
async createRole(request) {
|
|
391
415
|
const id = request.getId();
|
|
392
416
|
const body = request.getBody();
|
|
393
417
|
const userId = request.getKuid();
|
|
394
418
|
|
|
395
|
-
const role = await this.ask(
|
|
396
|
-
force: request.getBoolean(
|
|
397
|
-
refresh: request.getRefresh(
|
|
419
|
+
const role = await this.ask("core:security:role:create", id, body, {
|
|
420
|
+
force: request.getBoolean("force"),
|
|
421
|
+
refresh: request.getRefresh("wait_for"),
|
|
398
422
|
userId,
|
|
399
423
|
});
|
|
400
424
|
|
|
401
|
-
global.kuzzle.log.info(
|
|
425
|
+
global.kuzzle.log.info(
|
|
426
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
427
|
+
request.input.action
|
|
428
|
+
}" on role "${role._id}."`
|
|
429
|
+
);
|
|
402
430
|
return formatProcessing.serializeRole(role);
|
|
403
431
|
}
|
|
404
432
|
|
|
@@ -408,14 +436,18 @@ class SecurityController extends NativeController {
|
|
|
408
436
|
* @param {Request} request
|
|
409
437
|
* @returns {Promise<Object>}
|
|
410
438
|
*/
|
|
411
|
-
async deleteRole
|
|
439
|
+
async deleteRole(request) {
|
|
412
440
|
const id = request.getId();
|
|
413
441
|
|
|
414
|
-
await this.ask(
|
|
415
|
-
refresh: request.getRefresh(
|
|
442
|
+
await this.ask("core:security:role:delete", id, {
|
|
443
|
+
refresh: request.getRefresh("wait_for"),
|
|
416
444
|
});
|
|
417
445
|
|
|
418
|
-
global.kuzzle.log.info(
|
|
446
|
+
global.kuzzle.log.info(
|
|
447
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
448
|
+
request.getKuid()
|
|
449
|
+
)} applied action "${request.input.action} on role "${id}."`
|
|
450
|
+
);
|
|
419
451
|
|
|
420
452
|
// @todo This avoids a breaking change... but we should really return
|
|
421
453
|
// an acknowledgment.
|
|
@@ -428,10 +460,10 @@ class SecurityController extends NativeController {
|
|
|
428
460
|
* @param {Request} request
|
|
429
461
|
* @returns {Promise<Object>}
|
|
430
462
|
*/
|
|
431
|
-
async getProfile
|
|
463
|
+
async getProfile(request) {
|
|
432
464
|
const id = request.getId();
|
|
433
465
|
|
|
434
|
-
const profile = await this.ask(
|
|
466
|
+
const profile = await this.ask("core:security:profile:get", id);
|
|
435
467
|
|
|
436
468
|
return formatProcessing.serializeProfile(profile);
|
|
437
469
|
}
|
|
@@ -442,15 +474,17 @@ class SecurityController extends NativeController {
|
|
|
442
474
|
* @param {Request} request
|
|
443
475
|
* @returns {Promise<Object>}
|
|
444
476
|
*/
|
|
445
|
-
async mGetProfiles
|
|
446
|
-
const ids = request.getBodyArray(
|
|
477
|
+
async mGetProfiles(request) {
|
|
478
|
+
const ids = request.getBodyArray("ids");
|
|
447
479
|
|
|
448
|
-
const profiles = await this.ask(
|
|
480
|
+
const profiles = await this.ask("core:security:profile:mGet", ids);
|
|
449
481
|
|
|
450
482
|
// @todo - should return an array of profiles directly, this is not a
|
|
451
483
|
// search route...
|
|
452
484
|
return {
|
|
453
|
-
hits: profiles.map(profile =>
|
|
485
|
+
hits: profiles.map((profile) =>
|
|
486
|
+
formatProcessing.serializeProfile(profile)
|
|
487
|
+
),
|
|
454
488
|
};
|
|
455
489
|
}
|
|
456
490
|
|
|
@@ -460,25 +494,30 @@ class SecurityController extends NativeController {
|
|
|
460
494
|
* @param {Request} request
|
|
461
495
|
* @returns {Promise<Object>}
|
|
462
496
|
*/
|
|
463
|
-
async createOrReplaceProfile
|
|
497
|
+
async createOrReplaceProfile(request) {
|
|
464
498
|
const id = request.getId();
|
|
465
499
|
const content = request.getBody();
|
|
466
500
|
const userId = request.getKuid();
|
|
467
501
|
|
|
468
502
|
// Assert: must have a "policies" array
|
|
469
|
-
request.getBodyArray(
|
|
503
|
+
request.getBodyArray("policies");
|
|
470
504
|
|
|
471
505
|
const profile = await this.ask(
|
|
472
|
-
|
|
506
|
+
"core:security:profile:createOrReplace",
|
|
473
507
|
id,
|
|
474
508
|
content,
|
|
475
509
|
{
|
|
476
|
-
refresh: request.getRefresh(
|
|
477
|
-
strict: request.getBoolean(
|
|
510
|
+
refresh: request.getRefresh("wait_for"),
|
|
511
|
+
strict: request.getBoolean("strict"),
|
|
478
512
|
userId,
|
|
479
|
-
}
|
|
513
|
+
}
|
|
514
|
+
);
|
|
480
515
|
|
|
481
|
-
global.kuzzle.log.info(
|
|
516
|
+
global.kuzzle.log.info(
|
|
517
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
518
|
+
request.input.action
|
|
519
|
+
}" on profile "${profile._id}."`
|
|
520
|
+
);
|
|
482
521
|
|
|
483
522
|
return formatProcessing.serializeProfile(profile);
|
|
484
523
|
}
|
|
@@ -489,25 +528,30 @@ class SecurityController extends NativeController {
|
|
|
489
528
|
* @param {Request} request
|
|
490
529
|
* @returns {Promise<Object>}
|
|
491
530
|
*/
|
|
492
|
-
async createProfile
|
|
531
|
+
async createProfile(request) {
|
|
493
532
|
const id = request.getId();
|
|
494
533
|
const content = request.getBody();
|
|
495
534
|
const userId = request.getKuid();
|
|
496
535
|
|
|
497
536
|
// Assert: must have a "policies" array
|
|
498
|
-
request.getBodyArray(
|
|
537
|
+
request.getBodyArray("policies");
|
|
499
538
|
|
|
500
539
|
const profile = await this.ask(
|
|
501
|
-
|
|
540
|
+
"core:security:profile:create",
|
|
502
541
|
id,
|
|
503
542
|
content,
|
|
504
543
|
{
|
|
505
|
-
refresh: request.getRefresh(
|
|
506
|
-
strict: request.getBoolean(
|
|
544
|
+
refresh: request.getRefresh("wait_for"),
|
|
545
|
+
strict: request.getBoolean("strict"),
|
|
507
546
|
userId,
|
|
508
|
-
}
|
|
547
|
+
}
|
|
548
|
+
);
|
|
509
549
|
|
|
510
|
-
global.kuzzle.log.info(
|
|
550
|
+
global.kuzzle.log.info(
|
|
551
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
552
|
+
request.input.action
|
|
553
|
+
}" on profile "${profile._id}."`
|
|
554
|
+
);
|
|
511
555
|
|
|
512
556
|
return formatProcessing.serializeProfile(profile);
|
|
513
557
|
}
|
|
@@ -518,17 +562,22 @@ class SecurityController extends NativeController {
|
|
|
518
562
|
* @param {Request} request
|
|
519
563
|
* @returns {Promise<Object>}
|
|
520
564
|
*/
|
|
521
|
-
async deleteProfile
|
|
565
|
+
async deleteProfile(request) {
|
|
522
566
|
const id = request.getId();
|
|
523
567
|
const userId = request.getKuid();
|
|
524
568
|
const options = {
|
|
525
|
-
onAssignedUsers: request.getString(
|
|
526
|
-
refresh: request.getRefresh(
|
|
527
|
-
userId
|
|
569
|
+
onAssignedUsers: request.getString("onAssignedUsers", "fail"),
|
|
570
|
+
refresh: request.getRefresh("wait_for"),
|
|
571
|
+
userId,
|
|
572
|
+
};
|
|
528
573
|
|
|
529
|
-
await this.ask(
|
|
574
|
+
await this.ask("core:security:profile:delete", id, options);
|
|
530
575
|
|
|
531
|
-
global.kuzzle.log.info(
|
|
576
|
+
global.kuzzle.log.info(
|
|
577
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
578
|
+
request.input.action
|
|
579
|
+
}" on profile "${id}."`
|
|
580
|
+
);
|
|
532
581
|
|
|
533
582
|
// @todo - replace by an acknowledgement
|
|
534
583
|
return { _id: id };
|
|
@@ -540,39 +589,47 @@ class SecurityController extends NativeController {
|
|
|
540
589
|
* @param {Request} request
|
|
541
590
|
* @returns {Promise<Object>}
|
|
542
591
|
*/
|
|
543
|
-
async searchProfiles
|
|
592
|
+
async searchProfiles(request) {
|
|
544
593
|
const size = this._getSearchPageSize(request);
|
|
545
594
|
const { from, scrollTTL, searchBody } = request.getSearchParams();
|
|
546
595
|
const lang = request.getLangParam();
|
|
547
596
|
const body = request.getBody({});
|
|
548
597
|
|
|
549
598
|
if (body.roles && body.query) {
|
|
550
|
-
throw new BadRequestError(
|
|
599
|
+
throw new BadRequestError(
|
|
600
|
+
'You cannot specifify both "roles" and "query". Prefer the usage of "query" property with a search query.'
|
|
601
|
+
);
|
|
551
602
|
}
|
|
552
603
|
|
|
553
604
|
if (body.roles) {
|
|
554
|
-
const roles = request.getBodyArray(
|
|
605
|
+
const roles = request.getBodyArray("roles");
|
|
555
606
|
|
|
556
|
-
request.addDeprecation(
|
|
607
|
+
request.addDeprecation(
|
|
608
|
+
"auto-version",
|
|
609
|
+
'Usage of the "roles" property is deprecated. Prefer the usage of "query" property with a search query.'
|
|
610
|
+
);
|
|
557
611
|
|
|
558
612
|
if (roles.length > 0) {
|
|
559
|
-
searchBody.query = { terms: {
|
|
560
|
-
}
|
|
561
|
-
else {
|
|
613
|
+
searchBody.query = { terms: { "policies.roleId": roles } };
|
|
614
|
+
} else {
|
|
562
615
|
searchBody.query = { match_all: {} };
|
|
563
616
|
}
|
|
564
617
|
delete body.roles;
|
|
565
618
|
}
|
|
566
619
|
|
|
567
|
-
if (lang ===
|
|
620
|
+
if (lang === "koncorde") {
|
|
568
621
|
searchBody.query = await this.translateKoncorde(searchBody.query || {});
|
|
569
622
|
}
|
|
570
623
|
|
|
571
|
-
const response = await this.ask(
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
624
|
+
const response = await this.ask(
|
|
625
|
+
"core:security:profile:search",
|
|
626
|
+
searchBody,
|
|
627
|
+
{
|
|
628
|
+
from,
|
|
629
|
+
scroll: scrollTTL,
|
|
630
|
+
size,
|
|
631
|
+
}
|
|
632
|
+
);
|
|
576
633
|
|
|
577
634
|
response.hits = response.hits.map(formatProcessing.serializeProfile);
|
|
578
635
|
|
|
@@ -585,9 +642,9 @@ class SecurityController extends NativeController {
|
|
|
585
642
|
* @param {Request} request
|
|
586
643
|
* @returns {Promise<Object>}
|
|
587
644
|
*/
|
|
588
|
-
async getUser
|
|
645
|
+
async getUser(request) {
|
|
589
646
|
const id = request.getId();
|
|
590
|
-
const user = await this.ask(
|
|
647
|
+
const user = await this.ask("core:security:user:get", id);
|
|
591
648
|
|
|
592
649
|
return formatProcessing.serializeUser(user);
|
|
593
650
|
}
|
|
@@ -598,23 +655,23 @@ class SecurityController extends NativeController {
|
|
|
598
655
|
* @param {Request} request
|
|
599
656
|
* @returns {Promise.<Object>}
|
|
600
657
|
*/
|
|
601
|
-
async mGetUsers
|
|
658
|
+
async mGetUsers(request) {
|
|
602
659
|
let ids;
|
|
603
660
|
|
|
604
|
-
if (
|
|
605
|
-
|
|
606
|
-
|
|
661
|
+
if (
|
|
662
|
+
request.input.body &&
|
|
663
|
+
request.input.body.ids &&
|
|
664
|
+
Object.keys(request.input.body.ids).length
|
|
607
665
|
) {
|
|
608
|
-
ids = request.getBodyArray(
|
|
609
|
-
}
|
|
610
|
-
else {
|
|
666
|
+
ids = request.getBodyArray("ids");
|
|
667
|
+
} else {
|
|
611
668
|
// @deprecated Should be replaced with request.getArray('ids')
|
|
612
|
-
ids = request.getArrayLegacy(
|
|
669
|
+
ids = request.getArrayLegacy("ids");
|
|
613
670
|
}
|
|
614
671
|
|
|
615
|
-
const users = await this.ask(
|
|
672
|
+
const users = await this.ask("core:security:user:mGet", ids);
|
|
616
673
|
|
|
617
|
-
return { hits: users.map(user => formatProcessing.serializeUser(user)) };
|
|
674
|
+
return { hits: users.map((user) => formatProcessing.serializeUser(user)) };
|
|
618
675
|
}
|
|
619
676
|
|
|
620
677
|
/**
|
|
@@ -623,18 +680,19 @@ class SecurityController extends NativeController {
|
|
|
623
680
|
* @param {Request} request
|
|
624
681
|
* @returns {Promise<Object>}
|
|
625
682
|
*/
|
|
626
|
-
async getProfileRights
|
|
683
|
+
async getProfileRights(request) {
|
|
627
684
|
const id = request.getId();
|
|
628
685
|
|
|
629
|
-
const profile = await this.ask(
|
|
686
|
+
const profile = await this.ask("core:security:profile:get", id);
|
|
630
687
|
const rights = await profile.getRights();
|
|
631
|
-
const hits = Object
|
|
632
|
-
.
|
|
633
|
-
|
|
688
|
+
const hits = Object.keys(rights).reduce(
|
|
689
|
+
(array, item) => array.concat(rights[item]),
|
|
690
|
+
[]
|
|
691
|
+
);
|
|
634
692
|
|
|
635
693
|
return {
|
|
636
694
|
hits,
|
|
637
|
-
total: hits.length
|
|
695
|
+
total: hits.length,
|
|
638
696
|
};
|
|
639
697
|
}
|
|
640
698
|
|
|
@@ -644,18 +702,19 @@ class SecurityController extends NativeController {
|
|
|
644
702
|
* @param {Request} request
|
|
645
703
|
* @returns {Promise<Object>}
|
|
646
704
|
*/
|
|
647
|
-
async getUserRights
|
|
705
|
+
async getUserRights(request) {
|
|
648
706
|
const id = request.getId();
|
|
649
707
|
|
|
650
|
-
const user = await this.ask(
|
|
708
|
+
const user = await this.ask("core:security:user:get", id);
|
|
651
709
|
const rights = await user.getRights();
|
|
652
|
-
const hits = Object
|
|
653
|
-
.
|
|
654
|
-
|
|
710
|
+
const hits = Object.keys(rights).reduce(
|
|
711
|
+
(array, item) => array.concat(rights[item]),
|
|
712
|
+
[]
|
|
713
|
+
);
|
|
655
714
|
|
|
656
715
|
return {
|
|
657
716
|
hits,
|
|
658
|
-
total: hits.length
|
|
717
|
+
total: hits.length,
|
|
659
718
|
};
|
|
660
719
|
}
|
|
661
720
|
|
|
@@ -665,34 +724,36 @@ class SecurityController extends NativeController {
|
|
|
665
724
|
* @param {Request} request
|
|
666
725
|
* @returns {Promise<Object>}
|
|
667
726
|
*/
|
|
668
|
-
async getUserStrategies
|
|
727
|
+
async getUserStrategies(request) {
|
|
669
728
|
const userId = request.getId();
|
|
670
729
|
const checkPromises = [];
|
|
671
730
|
|
|
672
731
|
// Throws if the user doesn't exist
|
|
673
|
-
await this.ask(
|
|
732
|
+
await this.ask("core:security:user:get", userId);
|
|
674
733
|
|
|
675
734
|
if (this.anonymousId === userId) {
|
|
676
735
|
checkPromises.push(Bluebird.resolve(null));
|
|
677
|
-
}
|
|
678
|
-
else {
|
|
736
|
+
} else {
|
|
679
737
|
const availableStrategies = global.kuzzle.pluginsManager.listStrategies();
|
|
680
738
|
|
|
681
739
|
for (const strategy of availableStrategies) {
|
|
682
|
-
const existMethod = this.getStrategyMethod(strategy,
|
|
740
|
+
const existMethod = this.getStrategyMethod(strategy, "exists");
|
|
683
741
|
|
|
684
742
|
checkPromises.push(
|
|
685
|
-
existMethod(request, userId, strategy)
|
|
686
|
-
|
|
743
|
+
existMethod(request, userId, strategy).then((exists) =>
|
|
744
|
+
exists ? strategy : null
|
|
745
|
+
)
|
|
746
|
+
);
|
|
687
747
|
}
|
|
688
748
|
}
|
|
689
749
|
|
|
690
|
-
const strategies = await Bluebird.all(checkPromises)
|
|
691
|
-
|
|
750
|
+
const strategies = await Bluebird.all(checkPromises).filter(
|
|
751
|
+
(item) => item !== null
|
|
752
|
+
);
|
|
692
753
|
|
|
693
754
|
return {
|
|
694
755
|
strategies,
|
|
695
|
-
total: strategies.length
|
|
756
|
+
total: strategies.length,
|
|
696
757
|
};
|
|
697
758
|
}
|
|
698
759
|
|
|
@@ -702,16 +763,16 @@ class SecurityController extends NativeController {
|
|
|
702
763
|
* @param {Request} request
|
|
703
764
|
* @returns {Promise<Object>}
|
|
704
765
|
*/
|
|
705
|
-
async searchUsers
|
|
766
|
+
async searchUsers(request) {
|
|
706
767
|
const size = this._getSearchPageSize(request);
|
|
707
768
|
const { from, scrollTTL, searchBody } = request.getSearchParams();
|
|
708
769
|
const lang = request.getLangParam();
|
|
709
770
|
|
|
710
|
-
if (lang ===
|
|
771
|
+
if (lang === "koncorde") {
|
|
711
772
|
searchBody.query = await this.translateKoncorde(searchBody.query);
|
|
712
773
|
}
|
|
713
774
|
|
|
714
|
-
const response = await this.ask(
|
|
775
|
+
const response = await this.ask("core:security:user:search", searchBody, {
|
|
715
776
|
from,
|
|
716
777
|
scroll: scrollTTL,
|
|
717
778
|
size,
|
|
@@ -730,20 +791,26 @@ class SecurityController extends NativeController {
|
|
|
730
791
|
* @param {Request} request
|
|
731
792
|
* @returns {Promise<Object>}
|
|
732
793
|
*/
|
|
733
|
-
async searchUsersByCredentials
|
|
734
|
-
const strategy = request.getString(
|
|
794
|
+
async searchUsersByCredentials(request) {
|
|
795
|
+
const strategy = request.getString("strategy");
|
|
735
796
|
const lang = request.getLangParam();
|
|
736
797
|
const { from, size, searchBody } = request.getSearchParams();
|
|
737
798
|
|
|
738
799
|
this.assertIsStrategyRegistered(strategy);
|
|
739
800
|
|
|
740
|
-
const searchMethod = this.getStrategyMethod(strategy,
|
|
801
|
+
const searchMethod = this.getStrategyMethod(strategy, "search");
|
|
741
802
|
|
|
742
|
-
if (!
|
|
743
|
-
throw kerror.get(
|
|
803
|
+
if (!searchMethod) {
|
|
804
|
+
throw kerror.get(
|
|
805
|
+
"plugin",
|
|
806
|
+
"strategy",
|
|
807
|
+
"missing_optional_method",
|
|
808
|
+
"search",
|
|
809
|
+
strategy
|
|
810
|
+
);
|
|
744
811
|
}
|
|
745
812
|
|
|
746
|
-
if (lang ===
|
|
813
|
+
if (lang === "koncorde") {
|
|
747
814
|
searchBody.query = await this.translateKoncorde(searchBody.query || {});
|
|
748
815
|
}
|
|
749
816
|
|
|
@@ -758,13 +825,17 @@ class SecurityController extends NativeController {
|
|
|
758
825
|
* @param {Request} request
|
|
759
826
|
* @returns {Promise<Object>}
|
|
760
827
|
*/
|
|
761
|
-
async deleteUser
|
|
828
|
+
async deleteUser(request) {
|
|
762
829
|
const id = request.getId();
|
|
763
|
-
const options = { refresh: request.getRefresh(
|
|
830
|
+
const options = { refresh: request.getRefresh("wait_for") };
|
|
764
831
|
|
|
765
|
-
await this.ask(
|
|
832
|
+
await this.ask("core:security:user:delete", id, options);
|
|
766
833
|
|
|
767
|
-
global.kuzzle.log.info(
|
|
834
|
+
global.kuzzle.log.info(
|
|
835
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
836
|
+
request.getKuid()
|
|
837
|
+
)} applied action "${request.input.action}" on user "${id}."`
|
|
838
|
+
);
|
|
768
839
|
|
|
769
840
|
return { _id: id };
|
|
770
841
|
}
|
|
@@ -775,10 +846,10 @@ class SecurityController extends NativeController {
|
|
|
775
846
|
* @param {Request} request
|
|
776
847
|
* @returns {Promise<Object>}
|
|
777
848
|
*/
|
|
778
|
-
async createUser
|
|
779
|
-
const content = request.getBodyObject(
|
|
780
|
-
const profileIds = request.getBodyArray(
|
|
781
|
-
const humanReadableId = request.getString(
|
|
849
|
+
async createUser(request) {
|
|
850
|
+
const content = request.getBodyObject("content");
|
|
851
|
+
const profileIds = request.getBodyArray("content.profileIds");
|
|
852
|
+
const humanReadableId = request.getString("kuid", "human") !== "uuid";
|
|
782
853
|
|
|
783
854
|
return this._persistUser(request, profileIds, content, { humanReadableId });
|
|
784
855
|
}
|
|
@@ -789,19 +860,25 @@ class SecurityController extends NativeController {
|
|
|
789
860
|
* @param {Request} request
|
|
790
861
|
* @returns {Promise<Object>}
|
|
791
862
|
*/
|
|
792
|
-
async createRestrictedUser
|
|
793
|
-
const content = request.getBodyObject(
|
|
794
|
-
const humanReadableId = request.getString(
|
|
863
|
+
async createRestrictedUser(request) {
|
|
864
|
+
const content = request.getBodyObject("content", {});
|
|
865
|
+
const humanReadableId = request.getString("kuid", "human") !== "uuid";
|
|
795
866
|
|
|
796
|
-
if (has(content,
|
|
797
|
-
throw kerror.get(
|
|
867
|
+
if (has(content, "profileIds")) {
|
|
868
|
+
throw kerror.get(
|
|
869
|
+
"api",
|
|
870
|
+
"assert",
|
|
871
|
+
"forbidden_argument",
|
|
872
|
+
"body.content.profileIds"
|
|
873
|
+
);
|
|
798
874
|
}
|
|
799
875
|
|
|
800
876
|
return this._persistUser(
|
|
801
877
|
request,
|
|
802
878
|
global.kuzzle.config.security.restrictedProfileIds,
|
|
803
879
|
content,
|
|
804
|
-
{ humanReadableId }
|
|
880
|
+
{ humanReadableId }
|
|
881
|
+
);
|
|
805
882
|
}
|
|
806
883
|
|
|
807
884
|
/**
|
|
@@ -810,13 +887,13 @@ class SecurityController extends NativeController {
|
|
|
810
887
|
* @param {Request} request
|
|
811
888
|
* @returns {Promise<Object>}
|
|
812
889
|
*/
|
|
813
|
-
async updateUser
|
|
890
|
+
async updateUser(request) {
|
|
814
891
|
const id = request.getId();
|
|
815
892
|
const content = request.getBody();
|
|
816
893
|
const userId = request.getKuid();
|
|
817
894
|
const profileIds = isNil(content.profileIds)
|
|
818
895
|
? null
|
|
819
|
-
: request.getBodyArray(
|
|
896
|
+
: request.getBodyArray("profileIds");
|
|
820
897
|
|
|
821
898
|
return this._changeUser(request, id, content, userId, profileIds);
|
|
822
899
|
}
|
|
@@ -828,18 +905,17 @@ class SecurityController extends NativeController {
|
|
|
828
905
|
* @param {Request} request
|
|
829
906
|
* @returns {Promise}
|
|
830
907
|
*/
|
|
831
|
-
async upsertUser
|
|
908
|
+
async upsertUser(request) {
|
|
832
909
|
const id = request.getId();
|
|
833
|
-
const content = request.getBodyObject(
|
|
910
|
+
const content = request.getBodyObject("content");
|
|
834
911
|
const userId = request.getKuid();
|
|
835
|
-
const profileIds = request.getBodyArray(
|
|
836
|
-
const defaultValues = request.getBodyObject(
|
|
912
|
+
const profileIds = request.getBodyArray("content.profileIds");
|
|
913
|
+
const defaultValues = request.getBodyObject("default", {});
|
|
837
914
|
|
|
838
915
|
try {
|
|
839
916
|
return await this._changeUser(request, id, content, userId, profileIds);
|
|
840
|
-
}
|
|
841
|
-
|
|
842
|
-
if (error.id && error.id === 'security.user.not_found') {
|
|
917
|
+
} catch (error) {
|
|
918
|
+
if (error.id && error.id === "security.user.not_found") {
|
|
843
919
|
const creatingContent = {
|
|
844
920
|
...defaultValues,
|
|
845
921
|
...content, // Order important, content erase default duplicates
|
|
@@ -858,20 +934,25 @@ class SecurityController extends NativeController {
|
|
|
858
934
|
* @param {Request} request
|
|
859
935
|
* @returns {Promise<Object>}
|
|
860
936
|
*/
|
|
861
|
-
async replaceUser
|
|
937
|
+
async replaceUser(request) {
|
|
862
938
|
const id = request.getId();
|
|
863
939
|
const content = request.getBody();
|
|
864
|
-
const profileIds = request.getBodyArray(
|
|
940
|
+
const profileIds = request.getBodyArray("profileIds");
|
|
865
941
|
const userId = request.getKuid();
|
|
866
942
|
|
|
867
943
|
const user = await this.ask(
|
|
868
|
-
|
|
944
|
+
"core:security:user:replace",
|
|
869
945
|
id,
|
|
870
946
|
profileIds,
|
|
871
947
|
content,
|
|
872
|
-
{ refresh: request.getRefresh(
|
|
948
|
+
{ refresh: request.getRefresh("wait_for"), userId }
|
|
949
|
+
);
|
|
873
950
|
|
|
874
|
-
global.kuzzle.log.info(
|
|
951
|
+
global.kuzzle.log.info(
|
|
952
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
953
|
+
request.input.action
|
|
954
|
+
}" on user "${id}."`
|
|
955
|
+
);
|
|
875
956
|
|
|
876
957
|
return formatProcessing.serializeUser(user);
|
|
877
958
|
}
|
|
@@ -882,19 +963,23 @@ class SecurityController extends NativeController {
|
|
|
882
963
|
* @param {Request} request
|
|
883
964
|
* @returns {Promise<Object>}
|
|
884
965
|
*/
|
|
885
|
-
async updateProfile
|
|
966
|
+
async updateProfile(request) {
|
|
886
967
|
const id = request.getId();
|
|
887
968
|
const body = request.getBody();
|
|
888
969
|
const userId = request.getKuid();
|
|
889
970
|
|
|
890
|
-
const updated = await this.ask(
|
|
891
|
-
refresh: request.getRefresh(
|
|
892
|
-
retryOnConflict: request.getInteger(
|
|
893
|
-
strict: request.getBoolean(
|
|
971
|
+
const updated = await this.ask("core:security:profile:update", id, body, {
|
|
972
|
+
refresh: request.getRefresh("wait_for"),
|
|
973
|
+
retryOnConflict: request.getInteger("retryOnConflict", 10),
|
|
974
|
+
strict: request.getBoolean("strict"),
|
|
894
975
|
userId,
|
|
895
976
|
});
|
|
896
977
|
|
|
897
|
-
global.kuzzle.log.info(
|
|
978
|
+
global.kuzzle.log.info(
|
|
979
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
980
|
+
request.input.action
|
|
981
|
+
}" on profile "${id}."`
|
|
982
|
+
);
|
|
898
983
|
return formatProcessing.serializeProfile(updated);
|
|
899
984
|
}
|
|
900
985
|
|
|
@@ -904,19 +989,23 @@ class SecurityController extends NativeController {
|
|
|
904
989
|
* @param {Request} request
|
|
905
990
|
* @returns {Promise<Object>}
|
|
906
991
|
*/
|
|
907
|
-
async updateRole
|
|
992
|
+
async updateRole(request) {
|
|
908
993
|
const id = request.getId();
|
|
909
994
|
const body = request.getBody();
|
|
910
995
|
const userId = request.getKuid();
|
|
911
996
|
|
|
912
|
-
const updated = await this.ask(
|
|
913
|
-
force: request.getBoolean(
|
|
914
|
-
refresh: request.getRefresh(
|
|
915
|
-
retryOnConflict: request.getInteger(
|
|
997
|
+
const updated = await this.ask("core:security:role:update", id, body, {
|
|
998
|
+
force: request.getBoolean("force"),
|
|
999
|
+
refresh: request.getRefresh("wait_for"),
|
|
1000
|
+
retryOnConflict: request.getInteger("retryOnConflict", 10),
|
|
916
1001
|
userId,
|
|
917
1002
|
});
|
|
918
1003
|
|
|
919
|
-
global.kuzzle.log.info(
|
|
1004
|
+
global.kuzzle.log.info(
|
|
1005
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
1006
|
+
request.input.action
|
|
1007
|
+
}" on role "${id}."`
|
|
1008
|
+
);
|
|
920
1009
|
|
|
921
1010
|
return formatProcessing.serializeRole(updated);
|
|
922
1011
|
}
|
|
@@ -927,37 +1016,51 @@ class SecurityController extends NativeController {
|
|
|
927
1016
|
* @param {Request} request
|
|
928
1017
|
* @returns {Promise<Object>}
|
|
929
1018
|
*/
|
|
930
|
-
async createFirstAdmin
|
|
931
|
-
const adminExists = await global.kuzzle.ask(
|
|
1019
|
+
async createFirstAdmin(request) {
|
|
1020
|
+
const adminExists = await global.kuzzle.ask(
|
|
1021
|
+
"core:security:user:admin:exist"
|
|
1022
|
+
);
|
|
932
1023
|
|
|
933
1024
|
if (adminExists) {
|
|
934
|
-
throw kerror.get(
|
|
1025
|
+
throw kerror.get("api", "process", "admin_exists");
|
|
935
1026
|
}
|
|
936
1027
|
|
|
937
1028
|
const userId = request.getKuid();
|
|
938
|
-
const content = request.getBodyObject(
|
|
939
|
-
const reset = request.getBoolean(
|
|
940
|
-
const humanReadableId = request.getString(
|
|
1029
|
+
const content = request.getBodyObject("content", {});
|
|
1030
|
+
const reset = request.getBoolean("reset");
|
|
1031
|
+
const humanReadableId = request.getString("kuid", "human") !== "uuid";
|
|
941
1032
|
|
|
942
|
-
if (has(content,
|
|
943
|
-
throw kerror.get(
|
|
1033
|
+
if (has(content, "profileIds")) {
|
|
1034
|
+
throw kerror.get(
|
|
1035
|
+
"api",
|
|
1036
|
+
"assert",
|
|
1037
|
+
"forbidden_argument",
|
|
1038
|
+
"body.content.profileIds"
|
|
1039
|
+
);
|
|
944
1040
|
}
|
|
945
1041
|
|
|
946
|
-
const user = await this._persistUser(request, [
|
|
1042
|
+
const user = await this._persistUser(request, ["admin"], content, {
|
|
1043
|
+
humanReadableId,
|
|
1044
|
+
});
|
|
947
1045
|
|
|
948
1046
|
if (reset) {
|
|
949
|
-
for (const type of [
|
|
1047
|
+
for (const type of ["role", "profile"]) {
|
|
950
1048
|
await Bluebird.map(
|
|
951
1049
|
Object.entries(global.kuzzle.config.security.standard[`${type}s`]),
|
|
952
|
-
([name, value]) =>
|
|
953
|
-
`core:security:${type}:createOrReplace`,
|
|
954
|
-
|
|
955
|
-
|
|
956
|
-
|
|
1050
|
+
([name, value]) =>
|
|
1051
|
+
this.ask(`core:security:${type}:createOrReplace`, name, value, {
|
|
1052
|
+
refresh: "wait_for",
|
|
1053
|
+
userId,
|
|
1054
|
+
})
|
|
1055
|
+
);
|
|
957
1056
|
}
|
|
958
1057
|
}
|
|
959
1058
|
|
|
960
|
-
global.kuzzle.log.info(
|
|
1059
|
+
global.kuzzle.log.info(
|
|
1060
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
1061
|
+
request.input.action
|
|
1062
|
+
}".`
|
|
1063
|
+
);
|
|
961
1064
|
|
|
962
1065
|
return user;
|
|
963
1066
|
}
|
|
@@ -968,8 +1071,8 @@ class SecurityController extends NativeController {
|
|
|
968
1071
|
* @param {Request} request
|
|
969
1072
|
* @returns {Promise<Object>}
|
|
970
1073
|
*/
|
|
971
|
-
mDeleteProfiles
|
|
972
|
-
return this._mDelete(
|
|
1074
|
+
mDeleteProfiles(request) {
|
|
1075
|
+
return this._mDelete("profile", request);
|
|
973
1076
|
}
|
|
974
1077
|
|
|
975
1078
|
/**
|
|
@@ -978,8 +1081,8 @@ class SecurityController extends NativeController {
|
|
|
978
1081
|
* @param {Request} request
|
|
979
1082
|
* @returns {Promise<Object>}
|
|
980
1083
|
*/
|
|
981
|
-
mDeleteRoles
|
|
982
|
-
return this._mDelete(
|
|
1084
|
+
mDeleteRoles(request) {
|
|
1085
|
+
return this._mDelete("role", request);
|
|
983
1086
|
}
|
|
984
1087
|
|
|
985
1088
|
/**
|
|
@@ -988,8 +1091,8 @@ class SecurityController extends NativeController {
|
|
|
988
1091
|
* @param {Request} request
|
|
989
1092
|
* @returns {Promise<Object>}
|
|
990
1093
|
*/
|
|
991
|
-
mDeleteUsers
|
|
992
|
-
return this._mDelete(
|
|
1094
|
+
mDeleteUsers(request) {
|
|
1095
|
+
return this._mDelete("user", request);
|
|
993
1096
|
}
|
|
994
1097
|
|
|
995
1098
|
/**
|
|
@@ -998,11 +1101,11 @@ class SecurityController extends NativeController {
|
|
|
998
1101
|
* @param {Request} request
|
|
999
1102
|
* @returns {Promise<Object>}
|
|
1000
1103
|
*/
|
|
1001
|
-
async scrollUsers
|
|
1002
|
-
const id = request.getString(
|
|
1104
|
+
async scrollUsers(request) {
|
|
1105
|
+
const id = request.getString("scrollId");
|
|
1003
1106
|
const ttl = request.getScrollTTLParam();
|
|
1004
1107
|
|
|
1005
|
-
const response = await this.ask(
|
|
1108
|
+
const response = await this.ask("core:security:user:scroll", id, ttl);
|
|
1006
1109
|
|
|
1007
1110
|
response.hits = response.hits.map(formatProcessing.serializeUser);
|
|
1008
1111
|
|
|
@@ -1015,11 +1118,11 @@ class SecurityController extends NativeController {
|
|
|
1015
1118
|
* @param {Request} request
|
|
1016
1119
|
* @returns {Promise<Object>}
|
|
1017
1120
|
*/
|
|
1018
|
-
async scrollProfiles
|
|
1019
|
-
const id = request.getString(
|
|
1121
|
+
async scrollProfiles(request) {
|
|
1122
|
+
const id = request.getString("scrollId");
|
|
1020
1123
|
const ttl = request.getScrollTTLParam();
|
|
1021
1124
|
|
|
1022
|
-
const response = await this.ask(
|
|
1125
|
+
const response = await this.ask("core:security:profile:scroll", id, ttl);
|
|
1023
1126
|
|
|
1024
1127
|
response.hits = response.hits.map(formatProcessing.serializeProfile);
|
|
1025
1128
|
|
|
@@ -1030,23 +1133,27 @@ class SecurityController extends NativeController {
|
|
|
1030
1133
|
* @param {Request} request
|
|
1031
1134
|
* @returns {Promise<Object>}
|
|
1032
1135
|
*/
|
|
1033
|
-
async createCredentials
|
|
1136
|
+
async createCredentials(request) {
|
|
1034
1137
|
const id = request.getId();
|
|
1035
1138
|
const body = request.getBody();
|
|
1036
|
-
const strategy = request.getString(
|
|
1139
|
+
const strategy = request.getString("strategy");
|
|
1037
1140
|
|
|
1038
1141
|
this.assertIsStrategyRegistered(strategy);
|
|
1039
1142
|
|
|
1040
1143
|
// Throws if the user doesn't exist
|
|
1041
|
-
await this.ask(
|
|
1144
|
+
await this.ask("core:security:user:get", id);
|
|
1042
1145
|
|
|
1043
|
-
const validateMethod = this.getStrategyMethod(strategy,
|
|
1146
|
+
const validateMethod = this.getStrategyMethod(strategy, "validate");
|
|
1044
1147
|
|
|
1045
1148
|
await validateMethod(request, body, id, strategy, false);
|
|
1046
1149
|
|
|
1047
|
-
const createMethod = this.getStrategyMethod(strategy,
|
|
1150
|
+
const createMethod = this.getStrategyMethod(strategy, "create");
|
|
1048
1151
|
|
|
1049
|
-
global.kuzzle.log.info(
|
|
1152
|
+
global.kuzzle.log.info(
|
|
1153
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
1154
|
+
request.getKuid()
|
|
1155
|
+
)} applied action "${request.input.action}" on user "${id}."`
|
|
1156
|
+
);
|
|
1050
1157
|
return createMethod(request, body, id, strategy);
|
|
1051
1158
|
}
|
|
1052
1159
|
|
|
@@ -1054,23 +1161,27 @@ class SecurityController extends NativeController {
|
|
|
1054
1161
|
* @param {Request} request
|
|
1055
1162
|
* @returns {Promise<Object>}
|
|
1056
1163
|
*/
|
|
1057
|
-
async updateCredentials
|
|
1164
|
+
async updateCredentials(request) {
|
|
1058
1165
|
const id = request.getId();
|
|
1059
1166
|
const body = request.getBody();
|
|
1060
|
-
const strategy = request.getString(
|
|
1167
|
+
const strategy = request.getString("strategy");
|
|
1061
1168
|
|
|
1062
1169
|
this.assertIsStrategyRegistered(strategy);
|
|
1063
1170
|
|
|
1064
1171
|
// Throws if the user doesn't exist
|
|
1065
|
-
await this.ask(
|
|
1172
|
+
await this.ask("core:security:user:get", id);
|
|
1066
1173
|
|
|
1067
|
-
const validateMethod = this.getStrategyMethod(strategy,
|
|
1174
|
+
const validateMethod = this.getStrategyMethod(strategy, "validate");
|
|
1068
1175
|
|
|
1069
1176
|
await validateMethod(request, body, id, strategy, true);
|
|
1070
1177
|
|
|
1071
|
-
const updateMethod = this.getStrategyMethod(strategy,
|
|
1178
|
+
const updateMethod = this.getStrategyMethod(strategy, "update");
|
|
1072
1179
|
|
|
1073
|
-
global.kuzzle.log.info(
|
|
1180
|
+
global.kuzzle.log.info(
|
|
1181
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
1182
|
+
request.getKuid()
|
|
1183
|
+
)} applied action "${request.input.action}" on user "${id}."`
|
|
1184
|
+
);
|
|
1074
1185
|
|
|
1075
1186
|
return updateMethod(request, body, id, strategy);
|
|
1076
1187
|
}
|
|
@@ -1079,13 +1190,13 @@ class SecurityController extends NativeController {
|
|
|
1079
1190
|
* @param {Request} request
|
|
1080
1191
|
* @returns {Promise.<Object>}
|
|
1081
1192
|
*/
|
|
1082
|
-
async hasCredentials
|
|
1193
|
+
async hasCredentials(request) {
|
|
1083
1194
|
const id = request.getId();
|
|
1084
|
-
const strategy = request.getString(
|
|
1195
|
+
const strategy = request.getString("strategy");
|
|
1085
1196
|
|
|
1086
1197
|
this.assertIsStrategyRegistered(strategy);
|
|
1087
1198
|
|
|
1088
|
-
const existsMethod = this.getStrategyMethod(strategy,
|
|
1199
|
+
const existsMethod = this.getStrategyMethod(strategy, "exists");
|
|
1089
1200
|
|
|
1090
1201
|
return existsMethod(request, id, strategy);
|
|
1091
1202
|
}
|
|
@@ -1094,36 +1205,41 @@ class SecurityController extends NativeController {
|
|
|
1094
1205
|
* @param {Request} request
|
|
1095
1206
|
* @returns {Promise.<Object>}
|
|
1096
1207
|
*/
|
|
1097
|
-
async validateCredentials
|
|
1098
|
-
const strategy = request.getString(
|
|
1208
|
+
async validateCredentials(request) {
|
|
1209
|
+
const strategy = request.getString("strategy");
|
|
1099
1210
|
|
|
1100
1211
|
this.assertIsStrategyRegistered(strategy);
|
|
1101
1212
|
|
|
1102
|
-
const validateMethod = this.getStrategyMethod(strategy,
|
|
1213
|
+
const validateMethod = this.getStrategyMethod(strategy, "validate");
|
|
1103
1214
|
|
|
1104
1215
|
return validateMethod(
|
|
1105
1216
|
request,
|
|
1106
1217
|
request.getBody(),
|
|
1107
|
-
request.getId({ ifMissing:
|
|
1218
|
+
request.getId({ ifMissing: "ignore" }),
|
|
1108
1219
|
strategy,
|
|
1109
|
-
false
|
|
1220
|
+
false
|
|
1221
|
+
);
|
|
1110
1222
|
}
|
|
1111
1223
|
|
|
1112
1224
|
/**
|
|
1113
1225
|
* @param {Request} request
|
|
1114
1226
|
* @returns {Promise<Object>}
|
|
1115
1227
|
*/
|
|
1116
|
-
async deleteCredentials
|
|
1228
|
+
async deleteCredentials(request) {
|
|
1117
1229
|
const id = request.getId();
|
|
1118
|
-
const strategy = request.getString(
|
|
1230
|
+
const strategy = request.getString("strategy");
|
|
1119
1231
|
|
|
1120
1232
|
this.assertIsStrategyRegistered(strategy);
|
|
1121
1233
|
|
|
1122
|
-
const deleteMethod = this.getStrategyMethod(strategy,
|
|
1234
|
+
const deleteMethod = this.getStrategyMethod(strategy, "delete");
|
|
1123
1235
|
|
|
1124
1236
|
await deleteMethod(request, id, strategy);
|
|
1125
1237
|
|
|
1126
|
-
global.kuzzle.log.info(
|
|
1238
|
+
global.kuzzle.log.info(
|
|
1239
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
1240
|
+
request.getKuid()
|
|
1241
|
+
)} applied action "${request.input.action}" on user "${id}."`
|
|
1242
|
+
);
|
|
1127
1243
|
|
|
1128
1244
|
return { acknowledged: true };
|
|
1129
1245
|
}
|
|
@@ -1132,14 +1248,14 @@ class SecurityController extends NativeController {
|
|
|
1132
1248
|
* @param {Request} request
|
|
1133
1249
|
* @returns {Promise<Object>}
|
|
1134
1250
|
*/
|
|
1135
|
-
async getCredentials
|
|
1251
|
+
async getCredentials(request) {
|
|
1136
1252
|
const id = request.getId();
|
|
1137
|
-
const strategy = request.getString(
|
|
1253
|
+
const strategy = request.getString("strategy");
|
|
1138
1254
|
|
|
1139
1255
|
this.assertIsStrategyRegistered(strategy);
|
|
1140
1256
|
|
|
1141
|
-
if (global.kuzzle.pluginsManager.hasStrategyMethod(strategy,
|
|
1142
|
-
const getInfoMethod = this.getStrategyMethod(strategy,
|
|
1257
|
+
if (global.kuzzle.pluginsManager.hasStrategyMethod(strategy, "getInfo")) {
|
|
1258
|
+
const getInfoMethod = this.getStrategyMethod(strategy, "getInfo");
|
|
1143
1259
|
|
|
1144
1260
|
return getInfoMethod(request, id, strategy);
|
|
1145
1261
|
}
|
|
@@ -1151,14 +1267,14 @@ class SecurityController extends NativeController {
|
|
|
1151
1267
|
* @param {Request} request
|
|
1152
1268
|
* @returns {Promise<Object>}
|
|
1153
1269
|
*/
|
|
1154
|
-
async getCredentialsById
|
|
1270
|
+
async getCredentialsById(request) {
|
|
1155
1271
|
const id = request.getId();
|
|
1156
|
-
const strategy = request.getString(
|
|
1272
|
+
const strategy = request.getString("strategy");
|
|
1157
1273
|
|
|
1158
1274
|
this.assertIsStrategyRegistered(strategy);
|
|
1159
1275
|
|
|
1160
|
-
if (global.kuzzle.pluginsManager.hasStrategyMethod(strategy,
|
|
1161
|
-
const getByIdMethod = this.getStrategyMethod(strategy,
|
|
1276
|
+
if (global.kuzzle.pluginsManager.hasStrategyMethod(strategy, "getById")) {
|
|
1277
|
+
const getByIdMethod = this.getStrategyMethod(strategy, "getById");
|
|
1162
1278
|
|
|
1163
1279
|
return getByIdMethod(request, id, strategy);
|
|
1164
1280
|
}
|
|
@@ -1170,8 +1286,8 @@ class SecurityController extends NativeController {
|
|
|
1170
1286
|
* @param {Request} request
|
|
1171
1287
|
* @returns {Promise<Object>}
|
|
1172
1288
|
*/
|
|
1173
|
-
async getCredentialFields
|
|
1174
|
-
const strategy = request.getString(
|
|
1289
|
+
async getCredentialFields(request) {
|
|
1290
|
+
const strategy = request.getString("strategy");
|
|
1175
1291
|
|
|
1176
1292
|
this.assertIsStrategyRegistered(strategy);
|
|
1177
1293
|
|
|
@@ -1181,14 +1297,13 @@ class SecurityController extends NativeController {
|
|
|
1181
1297
|
/**
|
|
1182
1298
|
* @returns {Promise<Object>}
|
|
1183
1299
|
*/
|
|
1184
|
-
async getAllCredentialFields
|
|
1300
|
+
async getAllCredentialFields() {
|
|
1185
1301
|
const strategyFields = {};
|
|
1186
1302
|
|
|
1187
|
-
global.kuzzle.pluginsManager.listStrategies()
|
|
1188
|
-
|
|
1189
|
-
|
|
1190
|
-
|
|
1191
|
-
});
|
|
1303
|
+
global.kuzzle.pluginsManager.listStrategies().forEach((strategy) => {
|
|
1304
|
+
strategyFields[strategy] =
|
|
1305
|
+
global.kuzzle.pluginsManager.getStrategyFields(strategy);
|
|
1306
|
+
});
|
|
1192
1307
|
|
|
1193
1308
|
return strategyFields;
|
|
1194
1309
|
}
|
|
@@ -1197,10 +1312,10 @@ class SecurityController extends NativeController {
|
|
|
1197
1312
|
* @param {Request} request
|
|
1198
1313
|
* @returns {Promise.<null>}
|
|
1199
1314
|
*/
|
|
1200
|
-
async revokeTokens
|
|
1315
|
+
async revokeTokens(request) {
|
|
1201
1316
|
const id = request.getId();
|
|
1202
1317
|
|
|
1203
|
-
await this.ask(
|
|
1318
|
+
await this.ask("core:security:token:deleteByKuid", id);
|
|
1204
1319
|
|
|
1205
1320
|
return null;
|
|
1206
1321
|
}
|
|
@@ -1211,33 +1326,43 @@ class SecurityController extends NativeController {
|
|
|
1211
1326
|
* @returns {Promise.<Array.<string>>}
|
|
1212
1327
|
* @private
|
|
1213
1328
|
*/
|
|
1214
|
-
async _mDelete
|
|
1215
|
-
const ids = request.getBodyArray(
|
|
1216
|
-
const refresh = request.getRefresh(
|
|
1329
|
+
async _mDelete(type, request) {
|
|
1330
|
+
const ids = request.getBodyArray("ids");
|
|
1331
|
+
const refresh = request.getRefresh("wait_for");
|
|
1217
1332
|
|
|
1218
1333
|
if (ids.length > global.kuzzle.config.limits.documentsWriteCount) {
|
|
1219
|
-
throw kerror.get(
|
|
1334
|
+
throw kerror.get("services", "storage", "write_limit_exceeded");
|
|
1220
1335
|
}
|
|
1221
1336
|
|
|
1222
1337
|
const successes = [];
|
|
1223
1338
|
const errors = [];
|
|
1224
1339
|
|
|
1225
|
-
await Bluebird.map(
|
|
1226
|
-
|
|
1227
|
-
id => this.ask(`core:security:${type}:delete`, id, { refresh })
|
|
1340
|
+
await Bluebird.map(ids, (id) =>
|
|
1341
|
+
this.ask(`core:security:${type}:delete`, id, { refresh })
|
|
1228
1342
|
.then(() => successes.push(id))
|
|
1229
|
-
.catch(err => errors.push(err))
|
|
1343
|
+
.catch((err) => errors.push(err))
|
|
1344
|
+
);
|
|
1230
1345
|
|
|
1231
1346
|
if (errors.length) {
|
|
1232
1347
|
request.setError(
|
|
1233
|
-
kerror.get(
|
|
1348
|
+
kerror.get("services", "storage", "incomplete_delete", errors)
|
|
1349
|
+
);
|
|
1234
1350
|
}
|
|
1235
1351
|
|
|
1236
1352
|
if (successes.length > 1000) {
|
|
1237
|
-
global.kuzzle.log.info(
|
|
1238
|
-
|
|
1239
|
-
|
|
1240
|
-
|
|
1353
|
+
global.kuzzle.log.info(
|
|
1354
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
1355
|
+
request.getKuid()
|
|
1356
|
+
)} deleted the following ${type}s: ${successes
|
|
1357
|
+
.slice(0, 1000)
|
|
1358
|
+
.join(", ")}... (${successes.length - 1000} more users deleted)."`
|
|
1359
|
+
);
|
|
1360
|
+
} else {
|
|
1361
|
+
global.kuzzle.log.info(
|
|
1362
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
1363
|
+
request.getKuid()
|
|
1364
|
+
)} deleted the following ${type}s: ${successes.join(", ")}."`
|
|
1365
|
+
);
|
|
1241
1366
|
}
|
|
1242
1367
|
|
|
1243
1368
|
return successes;
|
|
@@ -1247,19 +1372,24 @@ class SecurityController extends NativeController {
|
|
|
1247
1372
|
* @returns {Promise}
|
|
1248
1373
|
* @private
|
|
1249
1374
|
*/
|
|
1250
|
-
async _changeUser
|
|
1375
|
+
async _changeUser(request, id, content, userId, profileIds) {
|
|
1251
1376
|
const updated = await this.ask(
|
|
1252
|
-
|
|
1377
|
+
"core:security:user:update",
|
|
1253
1378
|
id,
|
|
1254
1379
|
profileIds,
|
|
1255
1380
|
content,
|
|
1256
1381
|
{
|
|
1257
|
-
refresh: request.getRefresh(
|
|
1258
|
-
retryOnConflict: request.getInteger(
|
|
1382
|
+
refresh: request.getRefresh("wait_for"),
|
|
1383
|
+
retryOnConflict: request.getInteger("retryOnConflict", 10),
|
|
1259
1384
|
userId,
|
|
1260
|
-
}
|
|
1385
|
+
}
|
|
1386
|
+
);
|
|
1261
1387
|
|
|
1262
|
-
global.kuzzle.log.info(
|
|
1388
|
+
global.kuzzle.log.info(
|
|
1389
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
1390
|
+
request.input.action
|
|
1391
|
+
}" on user "${id}."`
|
|
1392
|
+
);
|
|
1263
1393
|
|
|
1264
1394
|
return formatProcessing.serializeUser(updated);
|
|
1265
1395
|
}
|
|
@@ -1269,14 +1399,19 @@ class SecurityController extends NativeController {
|
|
|
1269
1399
|
* @returns {Promise}
|
|
1270
1400
|
* @private
|
|
1271
1401
|
*/
|
|
1272
|
-
async _persistUser
|
|
1273
|
-
|
|
1402
|
+
async _persistUser(
|
|
1403
|
+
request,
|
|
1404
|
+
profileIds,
|
|
1405
|
+
content,
|
|
1406
|
+
{ humanReadableId = true } = {}
|
|
1407
|
+
) {
|
|
1408
|
+
const credentials = request.getBodyObject("credentials", {});
|
|
1274
1409
|
const strategies = Object.keys(credentials);
|
|
1275
1410
|
const generator = humanReadableId
|
|
1276
|
-
? () => NameGenerator.generateRandomName({ prefix:
|
|
1277
|
-
: () =>
|
|
1411
|
+
? () => NameGenerator.generateRandomName({ prefix: "kuid" })
|
|
1412
|
+
: () => "kuid-" + uuidv4();
|
|
1278
1413
|
|
|
1279
|
-
let id =
|
|
1414
|
+
let id = "";
|
|
1280
1415
|
let alreadyExists = false;
|
|
1281
1416
|
// Early checks before the user is created
|
|
1282
1417
|
do {
|
|
@@ -1287,19 +1422,20 @@ class SecurityController extends NativeController {
|
|
|
1287
1422
|
|
|
1288
1423
|
return generator();
|
|
1289
1424
|
},
|
|
1290
|
-
ifMissing:
|
|
1425
|
+
ifMissing: "generate",
|
|
1291
1426
|
});
|
|
1292
1427
|
|
|
1293
1428
|
for (const strategy of strategies) {
|
|
1294
|
-
if (!
|
|
1429
|
+
if (!global.kuzzle.pluginsManager.listStrategies().includes(strategy)) {
|
|
1295
1430
|
throw kerror.get(
|
|
1296
|
-
|
|
1297
|
-
|
|
1298
|
-
|
|
1299
|
-
strategy
|
|
1431
|
+
"security",
|
|
1432
|
+
"credentials",
|
|
1433
|
+
"unknown_strategy",
|
|
1434
|
+
strategy
|
|
1435
|
+
);
|
|
1300
1436
|
}
|
|
1301
1437
|
|
|
1302
|
-
const exists = this.getStrategyMethod(strategy,
|
|
1438
|
+
const exists = this.getStrategyMethod(strategy, "exists");
|
|
1303
1439
|
alreadyExists = await exists(request, id, strategy);
|
|
1304
1440
|
if (alreadyExists) {
|
|
1305
1441
|
if (generated) {
|
|
@@ -1307,21 +1443,22 @@ class SecurityController extends NativeController {
|
|
|
1307
1443
|
}
|
|
1308
1444
|
|
|
1309
1445
|
throw kerror.get(
|
|
1310
|
-
|
|
1311
|
-
|
|
1312
|
-
|
|
1313
|
-
id
|
|
1446
|
+
"security",
|
|
1447
|
+
"credentials",
|
|
1448
|
+
"database_inconsistency",
|
|
1449
|
+
id
|
|
1450
|
+
);
|
|
1314
1451
|
}
|
|
1315
1452
|
}
|
|
1316
|
-
|
|
1317
1453
|
} while (alreadyExists);
|
|
1318
1454
|
|
|
1319
1455
|
const user = await this.ask(
|
|
1320
|
-
|
|
1456
|
+
"core:security:user:create",
|
|
1321
1457
|
id,
|
|
1322
1458
|
profileIds,
|
|
1323
1459
|
content,
|
|
1324
|
-
{ refresh: request.getRefresh(
|
|
1460
|
+
{ refresh: request.getRefresh("wait_for") }
|
|
1461
|
+
);
|
|
1325
1462
|
|
|
1326
1463
|
const createdUser = formatProcessing.serializeUser(user);
|
|
1327
1464
|
|
|
@@ -1331,29 +1468,31 @@ class SecurityController extends NativeController {
|
|
|
1331
1468
|
|
|
1332
1469
|
for (const strategy of strategies) {
|
|
1333
1470
|
try {
|
|
1334
|
-
const validate = this.getStrategyMethod(strategy,
|
|
1471
|
+
const validate = this.getStrategyMethod(strategy, "validate");
|
|
1335
1472
|
|
|
1336
1473
|
await validate(request, credentials[strategy], id, strategy, false);
|
|
1337
|
-
}
|
|
1338
|
-
catch (error) {
|
|
1474
|
+
} catch (error) {
|
|
1339
1475
|
creationFailure = { error, validation: true };
|
|
1340
1476
|
break;
|
|
1341
1477
|
}
|
|
1342
1478
|
|
|
1343
1479
|
try {
|
|
1344
|
-
const create = this.getStrategyMethod(strategy,
|
|
1480
|
+
const create = this.getStrategyMethod(strategy, "create");
|
|
1345
1481
|
|
|
1346
1482
|
await create(request, credentials[strategy], id, strategy);
|
|
1347
1483
|
createdStrategies.push(strategy);
|
|
1348
|
-
}
|
|
1349
|
-
catch (error) {
|
|
1484
|
+
} catch (error) {
|
|
1350
1485
|
creationFailure = { error, validation: false };
|
|
1351
1486
|
break;
|
|
1352
1487
|
}
|
|
1353
1488
|
}
|
|
1354
1489
|
|
|
1355
1490
|
if (creationFailure === null) {
|
|
1356
|
-
global.kuzzle.log.info(
|
|
1491
|
+
global.kuzzle.log.info(
|
|
1492
|
+
`[SECURITY] ${SecurityController.userOrSdk(
|
|
1493
|
+
request.getKuid()
|
|
1494
|
+
)} applied action "${request.input.action}" on user "${id}."`
|
|
1495
|
+
);
|
|
1357
1496
|
return createdUser;
|
|
1358
1497
|
}
|
|
1359
1498
|
|
|
@@ -1361,10 +1500,9 @@ class SecurityController extends NativeController {
|
|
|
1361
1500
|
const deletionErrors = [];
|
|
1362
1501
|
for (const strategy of createdStrategies) {
|
|
1363
1502
|
try {
|
|
1364
|
-
const del = this.getStrategyMethod(strategy,
|
|
1503
|
+
const del = this.getStrategyMethod(strategy, "delete");
|
|
1365
1504
|
await del(request, id, strategy);
|
|
1366
|
-
}
|
|
1367
|
-
catch (e) {
|
|
1505
|
+
} catch (e) {
|
|
1368
1506
|
// We catch any error produced by delete as we want to make as much
|
|
1369
1507
|
// cleanup as possible
|
|
1370
1508
|
deletionErrors.push(e);
|
|
@@ -1372,22 +1510,22 @@ class SecurityController extends NativeController {
|
|
|
1372
1510
|
}
|
|
1373
1511
|
|
|
1374
1512
|
try {
|
|
1375
|
-
this.ask(
|
|
1376
|
-
}
|
|
1377
|
-
catch (e) {
|
|
1513
|
+
this.ask("core:security:user:delete", id, { refresh: "false" });
|
|
1514
|
+
} catch (e) {
|
|
1378
1515
|
global.kuzzle.log.error(`User rollback error: ${e}`);
|
|
1379
1516
|
}
|
|
1380
1517
|
|
|
1381
1518
|
if (deletionErrors.length > 0) {
|
|
1382
1519
|
// 2 errors > we
|
|
1383
1520
|
throw kerror.get(
|
|
1384
|
-
|
|
1385
|
-
|
|
1386
|
-
|
|
1521
|
+
"plugin",
|
|
1522
|
+
"runtime",
|
|
1523
|
+
"unexpected_error",
|
|
1387
1524
|
[
|
|
1388
1525
|
creationFailure.error.message,
|
|
1389
|
-
...deletionErrors.map(e => e.message)
|
|
1390
|
-
].join(
|
|
1526
|
+
...deletionErrors.map((e) => e.message),
|
|
1527
|
+
].join("\n")
|
|
1528
|
+
);
|
|
1391
1529
|
}
|
|
1392
1530
|
|
|
1393
1531
|
if (creationFailure.error instanceof KuzzleError) {
|
|
@@ -1397,18 +1535,20 @@ class SecurityController extends NativeController {
|
|
|
1397
1535
|
if (creationFailure.validation) {
|
|
1398
1536
|
throw kerror.getFrom(
|
|
1399
1537
|
creationFailure.error,
|
|
1400
|
-
|
|
1401
|
-
|
|
1402
|
-
|
|
1403
|
-
creationFailure.error.message
|
|
1538
|
+
"security",
|
|
1539
|
+
"credentials",
|
|
1540
|
+
"rejected",
|
|
1541
|
+
creationFailure.error.message
|
|
1542
|
+
);
|
|
1404
1543
|
}
|
|
1405
1544
|
|
|
1406
1545
|
throw kerror.getFrom(
|
|
1407
1546
|
creationFailure.error,
|
|
1408
|
-
|
|
1409
|
-
|
|
1410
|
-
|
|
1411
|
-
creationFailure.error.message
|
|
1547
|
+
"plugin",
|
|
1548
|
+
"runtime",
|
|
1549
|
+
"unexpected_error",
|
|
1550
|
+
creationFailure.error.message
|
|
1551
|
+
);
|
|
1412
1552
|
}
|
|
1413
1553
|
|
|
1414
1554
|
/**
|
|
@@ -1417,10 +1557,11 @@ class SecurityController extends NativeController {
|
|
|
1417
1557
|
* @param {number} limit
|
|
1418
1558
|
* @throws
|
|
1419
1559
|
*/
|
|
1420
|
-
_getSearchPageSize
|
|
1560
|
+
_getSearchPageSize(request) {
|
|
1421
1561
|
const size = request.getInteger(
|
|
1422
|
-
|
|
1423
|
-
global.kuzzle.config.limits.documentsFetchCount
|
|
1562
|
+
"size",
|
|
1563
|
+
global.kuzzle.config.limits.documentsFetchCount
|
|
1564
|
+
);
|
|
1424
1565
|
|
|
1425
1566
|
this.assertNotExceedMaxFetch(size);
|
|
1426
1567
|
|