Compare commits
6 Commits
| Author | SHA1 | Date |
|---|---|---|
Johan Carlberg
|
c74474241a | |
|
Johan Carlberg
|
f574764867 | |
|
Johan Carlberg
|
6712b3b2dd | |
|
Johan Carlberg
|
878a28c89f | |
|
Johan Carlberg
|
228a710f1e | |
|
Johan Carlberg
|
cfb6ac8e5f |
|
|
@ -5,6 +5,7 @@ async function loadData (block) {
|
||||||
const response = await fetch (source);
|
const response = await fetch (source);
|
||||||
if (response.ok) {
|
if (response.ok) {
|
||||||
const items = await response.json();
|
const items = await response.json();
|
||||||
|
var itemLoaders = [];
|
||||||
|
|
||||||
if (Array.isArray (items)) {
|
if (Array.isArray (items)) {
|
||||||
const template = block.querySelector ("template");
|
const template = block.querySelector ("template");
|
||||||
|
|
@ -12,15 +13,25 @@ async function loadData (block) {
|
||||||
tableBody.innerHTML = "";
|
tableBody.innerHTML = "";
|
||||||
items.forEach (item => {
|
items.forEach (item => {
|
||||||
const clone = template.content.cloneNode (true);
|
const clone = template.content.cloneNode (true);
|
||||||
window["populate" + block.dataset.item] (clone, item);
|
const loader = window["populate" + block.dataset.item] (clone, item);
|
||||||
|
if (loader != null) {
|
||||||
|
itemLoaders.push (loader);
|
||||||
|
}
|
||||||
tableBody.appendChild (clone);
|
tableBody.appendChild (clone);
|
||||||
tableBody.lastElementChild.dataset.itemid = item.id;
|
tableBody.lastElementChild.dataset.itemid = item.id;
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
window["populate" + block.dataset.item] (block, items);
|
const loader = window["populate" + block.dataset.item] (block, items);
|
||||||
|
if (loader != null) {
|
||||||
|
itemLoaders.push (loader);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
block.classList.add ("loaded");
|
block.classList.add ("loaded");
|
||||||
|
|
||||||
|
for (const loader of itemLoaders) {
|
||||||
|
await loader();
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
if ((response.status == 401) || (response.status == 403)) {
|
if ((response.status == 401) || (response.status == 403)) {
|
||||||
document.location.href = document.body.dataset.baseurl;
|
document.location.href = document.body.dataset.baseurl;
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ CREATE TABLE "user_tokens" (
|
||||||
"id" UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
"id" UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||||
"user_id" UUID NOT NULL,
|
"user_id" UUID NOT NULL,
|
||||||
"token" CHARACTER VARYING (1000) NOT NULL,
|
"token" CHARACTER VARYING (1000) NOT NULL,
|
||||||
|
"realm" CHARACTER VARYING (10) NOT NULL CHECK ("realm" IN ('invite', 'forgot')),
|
||||||
"insert_time" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
"insert_time" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||||
CONSTRAINT "user_tokens_user_fk" FOREIGN KEY ("user_id") REFERENCES "users" ("id") ON DELETE CASCADE
|
CONSTRAINT "user_tokens_user_fk" FOREIGN KEY ("user_id") REFERENCES "users" ("id") ON DELETE CASCADE
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -13,9 +13,11 @@ WITH "created" AS (
|
||||||
SELECT "id", 'admin'
|
SELECT "id", 'admin'
|
||||||
FROM "created"
|
FROM "created"
|
||||||
)
|
)
|
||||||
INSERT INTO "user_tokens" ("user_id", "token")
|
INSERT INTO "user_tokens" ("user_id", "token", "realm")
|
||||||
SELECT "id", (SELECT string_agg (substr (c, (random() * length (c) + 1)::integer, 1), '') AS "token"
|
SELECT "id",
|
||||||
FROM (VALUES ('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')) AS x(c),
|
(SELECT string_agg (substr (c, (random() * length (c) + 1)::integer, 1), '') AS "token"
|
||||||
generate_series (1, 32))
|
FROM (VALUES ('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')) AS x(c),
|
||||||
|
generate_series (1, 32)),
|
||||||
|
'invite'
|
||||||
FROM "created"
|
FROM "created"
|
||||||
RETURNING 'https://example.com/auth/password/' || "token" AS "Password URL"
|
RETURNING 'https://example.com/auth/password/' || "token" AS "Password URL"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
Välkommen till #(host).
|
Welcome to #(host).
|
||||||
|
|
||||||
För att aktivera ditt konto, gå till #baseURL/auth/password/#(token) och skriv in ett lösenord.
|
To activate your account, go to #baseURL/auth/password/#(token) and enter a password.
|
||||||
|
|
||||||
|
The link is valid until #date(expiration, "yyyy-MM-dd HH:mm (z)").
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
Du har begärt ett nytt lösenord på #(host).
|
You have requested a new password on #(host).
|
||||||
|
|
||||||
För att ändra ditt lösenord, gå till #baseURL/auth/password/#(token) och skriv in ett lösenord.
|
To change your password, go to #baseURL/auth/password/#(token) and enter a password.
|
||||||
|
|
||||||
|
The link is valid until #date(expiration, "yyyy-MM-dd HH:mm (z)").
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@ import Vapor
|
||||||
struct UserAuthenticator<User: ManagedUser>: AsyncBasicAuthenticator where User.SessionID == ExpiringUserId {
|
struct UserAuthenticator<User: ManagedUser>: AsyncBasicAuthenticator where User.SessionID == ExpiringUserId {
|
||||||
|
|
||||||
func authenticate (basic: BasicAuthorization, for request: Request) async throws {
|
func authenticate (basic: BasicAuthorization, for request: Request) async throws {
|
||||||
if let user = try await request.db.withSQLConnection { connection in
|
if let user = try await request.db.withSQLConnection ({ connection in
|
||||||
return try await User.find (email: basic.username, password: basic.password, on: connection)
|
return try await User.find (email: basic.username, password: basic.password, on: connection)
|
||||||
} {
|
}) {
|
||||||
request.auth.login (user)
|
request.auth.login (user)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,9 +4,9 @@ public struct UserSessionAuthenticator<SessionUser: ManagedUser>: AsyncSessionAu
|
||||||
public typealias User = SessionUser
|
public typealias User = SessionUser
|
||||||
|
|
||||||
public func authenticate (sessionID: SessionUser.SessionID, for request: Request) async throws {
|
public func authenticate (sessionID: SessionUser.SessionID, for request: Request) async throws {
|
||||||
if let user = try await request.db.withSQLConnection { connection in
|
if let user = try await request.db.withSQLConnection ({ connection in
|
||||||
return try await SessionUser.authenticate (sessionID: sessionID, on: connection)
|
return try await SessionUser.authenticate (sessionID: sessionID, on: connection)
|
||||||
} {
|
}) {
|
||||||
request.logger.info ("Seeing user \(user)")
|
request.logger.info ("Seeing user \(user)")
|
||||||
request.auth.login (user)
|
request.auth.login (user)
|
||||||
request.logger.info ("Saw user \(user)")
|
request.logger.info ("Saw user \(user)")
|
||||||
|
|
|
||||||
|
|
@ -88,7 +88,7 @@ public struct AdminController<User: ManagedUser>: Sendable where User.SessionID
|
||||||
let token = try await UserToken.create (connection: connection).token
|
let token = try await UserToken.create (connection: connection).token
|
||||||
try await User.create (email: invitation.email, fullname: invitation.fullname, roles: invitation.roles, token: token, on: connection)
|
try await User.create (email: invitation.email, fullname: invitation.fullname, roles: invitation.roles, token: token, on: connection)
|
||||||
let host = try Environment.baseURL.host() ?? ""
|
let host = try Environment.baseURL.host() ?? ""
|
||||||
let body = try await request.view.render ("email/invite", ["token": token, "host": host])
|
let body = try await request.view.render ("email/invite", AuthenticationController<User>.TokenEmailContext (token: token, host: host, expiration: Calendar.current.date (byAdding: .day, value: 1, to: Date()) ?? Date()))
|
||||||
.data
|
.data
|
||||||
let message = Email (sender: Email.Contact (emailAddress: try Environment.emailSender),
|
let message = Email (sender: Email.Contact (emailAddress: try Environment.emailSender),
|
||||||
recipients: [Email.Contact(emailAddress: invitation.email)],
|
recipients: [Email.Contact(emailAddress: invitation.email)],
|
||||||
|
|
@ -116,8 +116,8 @@ public struct AdminController<User: ManagedUser>: Sendable where User.SessionID
|
||||||
}
|
}
|
||||||
let save = try request.content.decode(Save.self)
|
let save = try request.content.decode(Save.self)
|
||||||
|
|
||||||
return try await request.db.withSQLConnection { connection in
|
return try await request.db.withSQLConnection (user: try request.auth.require (BasicUser.self)) { connection in
|
||||||
guard (try await User.find (userId, on: connection)) != nil else {
|
guard (try await User.fetch (userId, on: connection)) != nil else {
|
||||||
throw Abort (.notFound)
|
throw Abort (.notFound)
|
||||||
}
|
}
|
||||||
guard !save.email.isEmpty && !save.fullname.isEmpty else {
|
guard !save.email.isEmpty && !save.fullname.isEmpty else {
|
||||||
|
|
|
||||||
|
|
@ -91,6 +91,12 @@ public struct AuthenticationController<User: ManagedUser>: Sendable where User.S
|
||||||
let email: String
|
let email: String
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct TokenEmailContext: Encodable {
|
||||||
|
let token: String
|
||||||
|
let host: String
|
||||||
|
let expiration: Date
|
||||||
|
}
|
||||||
|
|
||||||
func forgotPassword (request: Request) async throws -> Response {
|
func forgotPassword (request: Request) async throws -> Response {
|
||||||
|
|
||||||
let input = try request.content.decode (Input.self)
|
let input = try request.content.decode (Input.self)
|
||||||
|
|
@ -101,7 +107,7 @@ public struct AuthenticationController<User: ManagedUser>: Sendable where User.S
|
||||||
let token = try await UserToken.create (connection: connection).token
|
let token = try await UserToken.create (connection: connection).token
|
||||||
try await User.store (token: token, userId: user.id, on: connection)
|
try await User.store (token: token, userId: user.id, on: connection)
|
||||||
let host = try Environment.baseURL.host() ?? ""
|
let host = try Environment.baseURL.host() ?? ""
|
||||||
let body = try await request.view.render ("email/reset", ["token": token, "host": host, "section": "login"])
|
let body = try await request.view.render ("email/reset", TokenEmailContext (token: token, host: host, expiration: Calendar.current.date (byAdding: .hour, value: 1, to: Date()) ?? Date()))
|
||||||
.data
|
.data
|
||||||
let message = Email (sender: Email.Contact (emailAddress: try Environment.emailSender),
|
let message = Email (sender: Email.Contact (emailAddress: try Environment.emailSender),
|
||||||
recipients: [Email.Contact(emailAddress: input.email)],
|
recipients: [Email.Contact(emailAddress: input.email)],
|
||||||
|
|
|
||||||
|
|
@ -4,14 +4,22 @@ import FluentPostgresDriver
|
||||||
import SwiftSMTPVapor
|
import SwiftSMTPVapor
|
||||||
|
|
||||||
public struct ManageableUsers {
|
public struct ManageableUsers {
|
||||||
public static func configure (_ app: Application, mainMenu: [MenuItem] = [], homePageName: String = "Home", userAdminPageName: String = "User Administration") async throws {
|
public static func configure (_ app: Application,
|
||||||
app.databases.use(DatabaseConfigurationFactory.postgres(configuration: .init(
|
mainMenu: [MenuItem] = [],
|
||||||
hostname: Environment.get("DATABASE_HOST") ?? "localhost",
|
homePageName: String = "Home",
|
||||||
port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? SQLPostgresConfiguration.ianaPortNumber,
|
userAdminPageName: String = "User Administration",
|
||||||
username: Environment.get("DATABASE_USERNAME") ?? "sampleapp",
|
maxConnectionsPerEventLoop: Int = 1,
|
||||||
password: Environment.get("DATABASE_PASSWORD") ?? "sampleapp_password",
|
connectionPoolTimeout: TimeAmount = .seconds(10),
|
||||||
database: Environment.get("DATABASE_NAME") ?? "sampleapp",
|
sqlLogLevel: Logger.Level = .debug) async throws {
|
||||||
tls: .prefer(try .init(configuration: .clientDefault)))
|
app.databases.use(DatabaseConfigurationFactory.postgres(configuration: .init (hostname: Environment.get("DATABASE_HOST") ?? "localhost",
|
||||||
|
port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? SQLPostgresConfiguration.ianaPortNumber,
|
||||||
|
username: Environment.get("DATABASE_USERNAME") ?? "sampleapp",
|
||||||
|
password: Environment.get("DATABASE_PASSWORD") ?? "sampleapp_password",
|
||||||
|
database: Environment.get("DATABASE_NAME") ?? "sampleapp",
|
||||||
|
tls: .prefer(try .init(configuration: .clientDefault))),
|
||||||
|
maxConnectionsPerEventLoop: maxConnectionsPerEventLoop,
|
||||||
|
connectionPoolTimeout: connectionPoolTimeout,
|
||||||
|
sqlLogLevel: sqlLogLevel
|
||||||
), as: .psql)
|
), as: .psql)
|
||||||
|
|
||||||
_ = try Environment.baseURL
|
_ = try Environment.baseURL
|
||||||
|
|
|
||||||
|
|
@ -49,8 +49,8 @@ extension ManagedUser {
|
||||||
TRUE)
|
TRUE)
|
||||||
RETURNING "id"
|
RETURNING "id"
|
||||||
)
|
)
|
||||||
INSERT INTO "user_tokens" ("user_id", "token")
|
INSERT INTO "user_tokens" ("user_id", "token", "realm")
|
||||||
SELECT "id", \(bind: token)
|
SELECT "id", \(bind: token), 'invite'
|
||||||
FROM created
|
FROM created
|
||||||
""")
|
""")
|
||||||
.run()
|
.run()
|
||||||
|
|
@ -72,8 +72,8 @@ extension ManagedUser {
|
||||||
FROM "created"
|
FROM "created"
|
||||||
CROSS JOIN unnest (\(bind: roles)) AS "role_name"
|
CROSS JOIN unnest (\(bind: roles)) AS "role_name"
|
||||||
)
|
)
|
||||||
INSERT INTO "user_tokens" ("user_id", "token")
|
INSERT INTO "user_tokens" ("user_id", "token", "realm")
|
||||||
SELECT "id", \(bind: token)
|
SELECT "id", \(bind: token), 'invite'
|
||||||
FROM "created"
|
FROM "created"
|
||||||
""")
|
""")
|
||||||
.run()
|
.run()
|
||||||
|
|
@ -121,8 +121,8 @@ extension ManagedUser {
|
||||||
|
|
||||||
public static func store (token: String, userId: UUID, on connection: any SQLDatabase) async throws {
|
public static func store (token: String, userId: UUID, on connection: any SQLDatabase) async throws {
|
||||||
try await connection.raw("""
|
try await connection.raw("""
|
||||||
INSERT INTO "user_tokens" ("user_id", "token")
|
INSERT INTO "user_tokens" ("user_id", "token", "realm")
|
||||||
VALUES (\(bind: userId), \(bind: token))
|
VALUES (\(bind: userId), \(bind: token), 'forgot')
|
||||||
""")
|
""")
|
||||||
.run()
|
.run()
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,9 @@ struct UserToken: Decodable {
|
||||||
JOIN "users"
|
JOIN "users"
|
||||||
ON "users"."id" = "user_tokens"."user_id"
|
ON "users"."id" = "user_tokens"."user_id"
|
||||||
WHERE "token" = \(bind: token)
|
WHERE "token" = \(bind: token)
|
||||||
AND "insert_time" >= CURRENT_TIMESTAMP - INTERVAL '1 HOUR'
|
AND "insert_time" >= CURRENT_TIMESTAMP - CASE WHEN "realm" = 'invite'
|
||||||
|
THEN INTERVAL '1 DAY'
|
||||||
|
ELSE INTERVAL '1 HOUR' END
|
||||||
""")
|
""")
|
||||||
.first (decoding: Token.self)
|
.first (decoding: Token.self)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,13 +2,24 @@ import Fluent
|
||||||
import SQLKit
|
import SQLKit
|
||||||
|
|
||||||
extension Database {
|
extension Database {
|
||||||
public func withSQLConnection<T: Sendable>(_ closure: @escaping @Sendable (SQLDatabase) async throws -> T) async throws -> T {
|
public func withSQLConnection<T: Sendable>(user: BasicUser? = nil, _ closure: @escaping @Sendable (any SQLDatabase) async throws -> T) async throws -> T {
|
||||||
return try await self.withConnection { database in
|
return try await self.withConnection { database in
|
||||||
guard let connection = database as? SQLDatabase else {
|
guard let connection = database as? (any SQLDatabase) else {
|
||||||
throw NoSQLDatabaseError (database: database)
|
throw NoSQLDatabaseError (database: database)
|
||||||
}
|
}
|
||||||
|
try await connection.raw ("""
|
||||||
|
SELECT pg_catalog.set_config ('manageable_users.active_user', \(bind: user?.fullName), FALSE)
|
||||||
|
""")
|
||||||
|
.run()
|
||||||
|
|
||||||
return try await closure (connection)
|
let result = try await closure (connection)
|
||||||
|
|
||||||
|
try await connection.raw ("""
|
||||||
|
SELECT pg_catalog.set_config ('manageable_users.active_user', NULL, FALSE)
|
||||||
|
""")
|
||||||
|
.run()
|
||||||
|
|
||||||
|
return result
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ struct AuthorizationTests {
|
||||||
private func withApp(_ test: (Application) async throws -> ()) async throws {
|
private func withApp(_ test: (Application) async throws -> ()) async throws {
|
||||||
let app = try await Application.make (.testing)
|
let app = try await Application.make (.testing)
|
||||||
do {
|
do {
|
||||||
|
setenv ("BASE_URL", "http://localhost", 0)
|
||||||
|
setenv ("EMAIL_SENDER", "nobody@example.com", 0)
|
||||||
try await SampleApp.configure (app)
|
try await SampleApp.configure (app)
|
||||||
let mockDatabase = MockDatabase (eventLoop: app.eventLoopGroup.next())
|
let mockDatabase = MockDatabase (eventLoop: app.eventLoopGroup.next())
|
||||||
app.storage[Application.MockDatabaseKey.self] = mockDatabase
|
app.storage[Application.MockDatabaseKey.self] = mockDatabase
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue