public
/
manageable-users
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

Compare commits

base: public:main
Branches Tags
public:main
public:1.3.1
public:1.3.0
public:1.2.0
public:1.1.1
public:1.1.0
public:1.0.1
public:1.0.0
..
compare: public:1.0.1
Branches Tags
public:main
public:1.3.1
public:1.3.0
public:1.2.0
public:1.1.1
public:1.1.0
public:1.0.1
public:1.0.0

No commits in common. "main" and "1.0.1" have entirely different histories.
main ... 1.0.1

14 changed files with 36 additions and 83 deletions
Show Stats Expand all files Collapse all files

15
Public/scripts/manage.js
View File

@ -5,7 +5,6 @@ async function loadData (block) {
const response = await fetch (source);
if (response.ok) {
const items = await response.json();
var itemLoaders = [];
if (Array.isArray (items)) {
const template = block.querySelector ("template");
@ -13,25 +12,15 @@ async function loadData (block) {
tableBody.innerHTML = "";
items.forEach (item => {
const clone = template.content.cloneNode (true);
const loader = window["populate" + block.dataset.item] (clone, item);
if (loader != null) {
itemLoaders.push (loader);
}
window["populate" + block.dataset.item] (clone, item);
tableBody.appendChild (clone);
tableBody.lastElementChild.dataset.itemid = item.id;
});
} else {
const loader = window["populate" + block.dataset.item] (block, items);
if (loader != null) {
itemLoaders.push (loader);
}
window["populate" + block.dataset.item] (block, items);
}
block.classList.add ("loaded");
for (const loader of itemLoaders) {
await loader();
}
} else {
if ((response.status == 401) || (response.status == 403)) {
document.location.href = document.body.dataset.baseurl;

1
Resources/Database/Create.sql
View File

@ -20,7 +20,6 @@ CREATE TABLE "user_tokens" (
"id" UUID PRIMARY KEY DEFAULT gen_random_uuid(),
"user_id" UUID NOT NULL,
"token" CHARACTER VARYING (1000) NOT NULL,
"realm" CHARACTER VARYING (10) NOT NULL CHECK ("realm" IN ('invite', 'forgot')),
"insert_time" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
CONSTRAINT "user_tokens_user_fk" FOREIGN KEY ("user_id") REFERENCES "users" ("id") ON DELETE CASCADE
);

8
Resources/Database/InitialUser.sql
View File

@ -13,11 +13,9 @@ WITH "created" AS (
SELECT "id", 'admin'
FROM "created"
)
INSERT INTO "user_tokens" ("user_id", "token", "realm")
SELECT "id",
(SELECT string_agg (substr (c, (random() * length (c) + 1)::integer, 1), '') AS "token"
INSERT INTO "user_tokens" ("user_id", "token")
SELECT "id", (SELECT string_agg (substr (c, (random() * length (c) + 1)::integer, 1), '') AS "token"
FROM (VALUES ('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')) AS x(c),
generate_series (1, 32)),
'invite'
generate_series (1, 32))
FROM "created"
RETURNING 'https://example.com/auth/password/' || "token" AS "Password URL"

6
Resources/Views/email/invite.leaf
View File

@ -1,5 +1,3 @@
Welcome to #(host).
Välkommen till #(host).
To activate your account, go to #baseURL/auth/password/#(token) and enter a password.
The link is valid until #date(expiration, "yyyy-MM-dd HH:mm (z)").
För att aktivera ditt konto, gå till #baseURL/auth/password/#(token) och skriv in ett lösenord.

6
Resources/Views/email/reset.leaf
View File

@ -1,5 +1,3 @@
You have requested a new password on #(host).
Du har begärt ett nytt lösenord på #(host).
To change your password, go to #baseURL/auth/password/#(token) and enter a password.
The link is valid until #date(expiration, "yyyy-MM-dd HH:mm (z)").
För att ändra ditt lösenord, gå till #baseURL/auth/password/#(token) och skriv in ett lösenord.

4
Sources/ManageableUsers/Authentication/UserAuthenticator.swift
View File

@ -3,9 +3,9 @@ import Vapor
struct UserAuthenticator<User: ManagedUser>: AsyncBasicAuthenticator where User.SessionID == ExpiringUserId {
func authenticate (basic: BasicAuthorization, for request: Request) async throws {
if let user = try await request.db.withSQLConnection ({ connection in
if let user = try await request.db.withSQLConnection { connection in
return try await User.find (email: basic.username, password: basic.password, on: connection)
}) {
} {
request.auth.login (user)
}
}

4
Sources/ManageableUsers/Authentication/UserSessionAuthenticator.swift
View File

@ -4,9 +4,9 @@ public struct UserSessionAuthenticator<SessionUser: ManagedUser>: AsyncSessionAu
public typealias User = SessionUser
public func authenticate (sessionID: SessionUser.SessionID, for request: Request) async throws {
if let user = try await request.db.withSQLConnection ({ connection in
if let user = try await request.db.withSQLConnection { connection in
return try await SessionUser.authenticate (sessionID: sessionID, on: connection)
}) {
} {
request.logger.info ("Seeing user \(user)")
request.auth.login (user)
request.logger.info ("Saw user \(user)")

6
Sources/ManageableUsers/Controllers/AdminController.swift
View File

@ -88,7 +88,7 @@ public struct AdminController<User: ManagedUser>: Sendable where User.SessionID
let token = try await UserToken.create (connection: connection).token
try await User.create (email: invitation.email, fullname: invitation.fullname, roles: invitation.roles, token: token, on: connection)
let host = try Environment.baseURL.host() ?? ""
let body = try await request.view.render ("email/invite", AuthenticationController<User>.TokenEmailContext (token: token, host: host, expiration: Calendar.current.date (byAdding: .day, value: 1, to: Date()) ?? Date()))
let body = try await request.view.render ("email/invite", ["token": token, "host": host])
.data
let message = Email (sender: Email.Contact (emailAddress: try Environment.emailSender),
recipients: [Email.Contact(emailAddress: invitation.email)],
@ -116,8 +116,8 @@ public struct AdminController<User: ManagedUser>: Sendable where User.SessionID
}
let save = try request.content.decode(Save.self)
return try await request.db.withSQLConnection (user: try request.auth.require (BasicUser.self)) { connection in
guard (try await User.fetch (userId, on: connection)) != nil else {
return try await request.db.withSQLConnection { connection in
guard (try await User.find (userId, on: connection)) != nil else {
throw Abort (.notFound)
}
guard !save.email.isEmpty && !save.fullname.isEmpty else {

8
Sources/ManageableUsers/Controllers/AuthenticationController.swift
View File

@ -91,12 +91,6 @@ public struct AuthenticationController<User: ManagedUser>: Sendable where User.S
let email: String
}
struct TokenEmailContext: Encodable {
let token: String
let host: String
let expiration: Date
}
func forgotPassword (request: Request) async throws -> Response {
let input = try request.content.decode (Input.self)
@ -107,7 +101,7 @@ public struct AuthenticationController<User: ManagedUser>: Sendable where User.S
let token = try await UserToken.create (connection: connection).token
try await User.store (token: token, userId: user.id, on: connection)
let host = try Environment.baseURL.host() ?? ""
let body = try await request.view.render ("email/reset", TokenEmailContext (token: token, host: host, expiration: Calendar.current.date (byAdding: .hour, value: 1, to: Date()) ?? Date()))
let body = try await request.view.render ("email/reset", ["token": token, "host": host, "section": "login"])
.data
let message = Email (sender: Email.Contact (emailAddress: try Environment.emailSender),
recipients: [Email.Contact(emailAddress: input.email)],

16
Sources/ManageableUsers/ManageableUsers.swift
View File

@ -4,22 +4,14 @@ import FluentPostgresDriver
import SwiftSMTPVapor
public struct ManageableUsers {
public static func configure (_ app: Application,
mainMenu: [MenuItem] = [],
homePageName: String = "Home",
userAdminPageName: String = "User Administration",
maxConnectionsPerEventLoop: Int = 1,
connectionPoolTimeout: TimeAmount = .seconds(10),
sqlLogLevel: Logger.Level = .debug) async throws {
app.databases.use(DatabaseConfigurationFactory.postgres(configuration: .init (hostname: Environment.get("DATABASE_HOST") ?? "localhost",
public static func configure (_ app: Application, mainMenu: [MenuItem] = [], homePageName: String = "Home", userAdminPageName: String = "User Administration") async throws {
app.databases.use(DatabaseConfigurationFactory.postgres(configuration: .init(
hostname: Environment.get("DATABASE_HOST") ?? "localhost",
port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? SQLPostgresConfiguration.ianaPortNumber,
username: Environment.get("DATABASE_USERNAME") ?? "sampleapp",
password: Environment.get("DATABASE_PASSWORD") ?? "sampleapp_password",
database: Environment.get("DATABASE_NAME") ?? "sampleapp",
tls: .prefer(try .init(configuration: .clientDefault))),
maxConnectionsPerEventLoop: maxConnectionsPerEventLoop,
connectionPoolTimeout: connectionPoolTimeout,
sqlLogLevel: sqlLogLevel
tls: .prefer(try .init(configuration: .clientDefault)))
), as: .psql)
_ = try Environment.baseURL

12
Sources/ManageableUsers/Models/AdministeredUser.swift
View File

@ -49,8 +49,8 @@ extension ManagedUser {
TRUE)
RETURNING "id"
)
INSERT INTO "user_tokens" ("user_id", "token", "realm")
SELECT "id", \(bind: token), 'invite'
INSERT INTO "user_tokens" ("user_id", "token")
SELECT "id", \(bind: token)
FROM created
""")
.run()
@ -72,8 +72,8 @@ extension ManagedUser {
FROM "created"
CROSS JOIN unnest (\(bind: roles)) AS "role_name"
)
INSERT INTO "user_tokens" ("user_id", "token", "realm")
SELECT "id", \(bind: token), 'invite'
INSERT INTO "user_tokens" ("user_id", "token")
SELECT "id", \(bind: token)
FROM "created"
""")
.run()
@ -121,8 +121,8 @@ extension ManagedUser {
public static func store (token: String, userId: UUID, on connection: any SQLDatabase) async throws {
try await connection.raw("""
INSERT INTO "user_tokens" ("user_id", "token", "realm")
VALUES (\(bind: userId), \(bind: token), 'forgot')
INSERT INTO "user_tokens" ("user_id", "token")
VALUES (\(bind: userId), \(bind: token))
""")
.run()
}

4
Sources/ManageableUsers/Models/UserToken.swift
View File

@ -30,9 +30,7 @@ struct UserToken: Decodable {
JOIN "users"
ON "users"."id" = "user_tokens"."user_id"
WHERE "token" = \(bind: token)
AND "insert_time" >= CURRENT_TIMESTAMP - CASE WHEN "realm" = 'invite'
THEN INTERVAL '1 DAY'
ELSE INTERVAL '1 HOUR' END
AND "insert_time" >= CURRENT_TIMESTAMP - INTERVAL '1 HOUR'
""")
.first (decoding: Token.self)
}

17
Sources/ManageableUsers/Utilities/Request+SQLDatabase.swift
View File

@ -2,24 +2,13 @@ import Fluent
import SQLKit
extension Database {
public func withSQLConnection<T: Sendable>(user: BasicUser? = nil, _ closure: @escaping @Sendable (any SQLDatabase) async throws -> T) async throws -> T {
public func withSQLConnection<T: Sendable>(_ closure: @escaping @Sendable (SQLDatabase) async throws -> T) async throws -> T {
return try await self.withConnection { database in
guard let connection = database as? (any SQLDatabase) else {
guard let connection = database as? SQLDatabase else {
throw NoSQLDatabaseError (database: database)
}
try await connection.raw ("""
SELECT pg_catalog.set_config ('manageable_users.active_user', \(bind: user?.fullName), FALSE)
""")
.run()
let result = try await closure (connection)
try await connection.raw ("""
SELECT pg_catalog.set_config ('manageable_users.active_user', NULL, FALSE)
""")
.run()
return result
return try await closure (connection)
}
}
}

2
Tests/SampleAppTests/AuthorizationTests.swift
View File

@ -9,8 +9,6 @@ struct AuthorizationTests {
private func withApp(_ test: (Application) async throws -> ()) async throws {
let app = try await Application.make (.testing)
do {
setenv ("BASE_URL", "http://localhost", 0)
setenv ("EMAIL_SENDER", "nobody@example.com", 0)
try await SampleApp.configure (app)
let mockDatabase = MockDatabase (eventLoop: app.eventLoopGroup.next())
app.storage[Application.MockDatabaseKey.self] = mockDatabase