public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Local auth seems to work

Browse source
This commit is contained in:
Tomas Bures 2017-07-08 18:57:41 +02:00
parent d79bbad575
commit 9758b4b104
34 changed files with 199 additions and 141 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
app.js
View file

@ -239,7 +239,6 @@ app.use('/account', accountLegacyIntegration);
app.all('/rest/*', (req, res, next) => { app.all('/rest/*', (req, res, next) => {
console.log('njr');
req.needsJSONResponse = true; req.needsJSONResponse = true;
next(); next();
}); });
@ -264,9 +263,9 @@ app.use((req, res, next) => {
// error handlers // error handlers
// development error handler
// will print stacktrace
if (app.get('env') === 'development') { if (app.get('env') === 'development') {
// development error handler
// will print stacktrace
app.use((err, req, res, next) => { app.use((err, req, res, next) => {
if (!err) { if (!err) {
return next(); return next();
@ -278,12 +277,13 @@ if (app.get('env') === 'development') {
error: err error: err
}; };
if (err instanceof InteroperableError) { if (err instanceof interoperableErrors.InteroperableError) {
resp.type = err.type; resp.type = err.type;
resp.data = err.data; resp.data = err.data;
} }
res.status(err.status || 500).json(resp); res.status(err.status || 500).json(resp);
} else { } else {
res.status(err.status || 500); res.status(err.status || 500);
res.render('error', { res.render('error', {
@ -293,34 +293,36 @@ if (app.get('env') === 'development') {
} }
}); });
} } else {
// production error handler
// production error handler // no stacktraces leaked to user
// no stacktraces leaked to user app.use((err, req, res, next) => {
app.use((err, req, res, next) => { if (!err) {
if (!err) { return next();
return next();
}
if (req.needsJSONResponse) {
const resp = {
message: err.message,
error: {}
};
if (err instanceof interoperableErrors.InteroperableError) {
resp.type = err.type;
resp.data = err.data;
} }
res.status(err.status || 500).json(resp); if (req.needsJSONResponse) {
} else { const resp = {
res.status(err.status || 500); message: err.message,
res.render('error', { error: {}
message: err.message, };
error: {}
}); if (err instanceof interoperableErrors.InteroperableError) {
} resp.type = err.type;
}); resp.data = err.data;
}
res.status(err.status || 500).json(resp);
} else {
res.status(err.status || 500);
res.render('error', {
message: err.message,
error: {}
});
}
});
}
module.exports = app; module.exports = app;

20
client/package.json
View file

@ -16,34 +16,34 @@
"license": "GPL-3.0", "license": "GPL-3.0",
"homepage": "https://mailtrain.org/", "homepage": "https://mailtrain.org/",
"dependencies": { "dependencies": {
"axios": "^0.16.1", "axios": "^0.16.2",
"datatables.net": "^1.10.15", "datatables.net": "^1.10.15",
"datatables.net-bs": "^1.10.15", "datatables.net-bs": "^1.10.15",
"datatables.net-select": "^1.2.2", "datatables.net-select": "^1.2.2",
"datatables.net-select-bs": "^1.2.2", "datatables.net-select-bs": "^1.2.2",
"i18next": "^8.3.0", "i18next": "^8.4.3",
"i18next-xhr-backend": "^1.4.1", "i18next-xhr-backend": "^1.4.2",
"immutable": "^3.8.1", "immutable": "^3.8.1",
"owasp-password-strength-test": "github:bures/owasp-password-strength-test", "owasp-password-strength-test": "github:bures/owasp-password-strength-test",
"prop-types": "^15.5.10", "prop-types": "^15.5.10",
"react": "^15.5.4", "react": "^15.6.1",
"react-dom": "^15.5.4", "react-dom": "^15.6.1",
"react-i18next": "^4.1.0", "react-i18next": "^4.6.1",
"react-router-dom": "^4.1.1", "react-router-dom": "^4.1.1",
"url-parse": "^1.1.9" "url-parse": "^1.1.9"
}, },
"devDependencies": { "devDependencies": {
"babel-cli": "^6.24.1", "babel-cli": "^6.24.1",
"babel-loader": "^7.0.0", "babel-loader": "^7.1.1",
"babel-plugin-transform-decorators-legacy": "^1.3.4", "babel-plugin-transform-decorators-legacy": "^1.3.4",
"babel-plugin-transform-function-bind": "^6.22.0", "babel-plugin-transform-function-bind": "^6.22.0",
"babel-preset-es2015": "^6.24.1", "babel-preset-es2015": "^6.24.1",
"babel-preset-react": "^6.24.1", "babel-preset-react": "^6.24.1",
"babel-preset-stage-1": "^6.24.1", "babel-preset-stage-1": "^6.24.1",
"css-loader": "^0.28.3", "css-loader": "^0.28.4",
"i18next-conv": "^3.0.3", "i18next-conv": "^3.0.3",
"style-loader": "^0.18.1", "style-loader": "^0.18.2",
"url-loader": "^0.5.8", "url-loader": "^0.5.9",
"webpack": "^2.6.1" "webpack": "^2.6.1"
} }
} }

37
client/src/account/API.js
View file

@ -1,7 +1,7 @@
'use strict'; 'use strict';
import React, { Component } from 'react'; import React, { Component } from 'react';
import { translate } from 'react-i18next'; import { translate, Trans } from 'react-i18next';
import { withPageHelpers, Title } from '../lib/page' import { withPageHelpers, Title } from '../lib/page'
import { withErrorHandling, withAsyncErrorHandler } from '../lib/error-handling'; import { withErrorHandling, withAsyncErrorHandler } from '../lib/error-handling';
import URL from 'url-parse'; import URL from 'url-parse';
@ -23,7 +23,9 @@ export default class API extends Component {
@withAsyncErrorHandler @withAsyncErrorHandler
async loadAccessToken() { async loadAccessToken() {
const response = await axios.get('/rest/access-token'); const response = await axios.get('/rest/access-token');
this.setState('accessToken', response.data); this.setState({
accessToken: response.data
});
} }
componentDidMount() { componentDidMount() {
@ -32,7 +34,9 @@ export default class API extends Component {
async resetAccessToken() { async resetAccessToken() {
const response = await axios.post('/rest/access-token-reset'); const response = await axios.post('/rest/access-token-reset');
this.setState('accessToken', response.data); this.setState({
accessToken: response.data
});
} }
render() { render() {
@ -42,33 +46,36 @@ export default class API extends Component {
const serviceUrl = thisUrl.origin + '/'; const serviceUrl = thisUrl.origin + '/';
const accessToken = this.state.accessToken || 'ACCESS_TOKEN'; const accessToken = this.state.accessToken || 'ACCESS_TOKEN';
let accessTokenMsg;
if (this.state.accessToken) {
accessTokenMsg = <div>{t('Personal access token') + ': '}<code>{accessToken}</code></div>;
} else {
accessTokenMsg = <div>{t('Access token not yet generated')}</div>;
}
return ( return (
<div> <div>
<Title>{t('Sign in')}</Title> <Title>{t('Sign in')}</Title>
<div class="panel panel-default"> <div className="panel panel-default">
<div class="panel-body"> <div className="panel-body">
<div class="pull-right"> <div className="pull-right">
<Button label={this.state.accessToken ? t('Reset Access Token') : t('Generate Access Token')} icon="retweet" className="btn-info" onClickAsync={::this.resetAccessToken} /> <Button label={this.state.accessToken ? t('Reset Access Token') : t('Generate Access Token')} icon="retweet" className="btn-info" onClickAsync={::this.resetAccessToken} />
</div> </div>
{ this.state.accessToken ? {accessTokenMsg}
<div>{t('Personal access token:')} <code>{accessToken}</code></div>
:
<div>{t('Access token not yet generated')}</div>
}
</div> </div>
</div> </div>
<div class="well"> <div className="well">
<h3>{t('Notes about the API')}</h3> <h3>{t('Notes about the API')}</h3>
<ul> <ul>
<li> <li>
{t('API response is a JSON structure with <code>error</code> and <code>data</code> properties. If the response <code>error</code> has a value set then the request failed.')} <Trans>API response is a JSON structure with <code>error</code> and <code>data</code> properties. If the response <code>error</code> has a value set then the request failed.</Trans>
</li> </li>
<li> <li>
{t('You need to define proper <code>Content-Type</code> when making a request. You can either use <code>application/x-www-form-urlencoded</code> for normal form data or <code>application/json</code> for a JSON payload. Using <code>multipart/form-data</code> is not supported.')} <Trans>You need to define proper <code>Content-Type</code> when making a request. You can either use <code>application/x-www-form-urlencoded</code> for normal form data or <code>application/json</code> for a JSON payload. Using <code>multipart/form-data</code> is not supported.</Trans>
</li> </li>
</ul> </ul>
</div> </div>
@ -183,9 +190,11 @@ export default class API extends Component {
</p> </p>
<ul> <ul>
<li><strong>access_token</strong> {t('your personal access token')} <li><strong>access_token</strong> {t('your personal access token')}
<ul>
<li><strong>start</strong> {t('Start position')} (<em>{t('optional, default 0')}</em>)</li> <li><strong>start</strong> {t('Start position')} (<em>{t('optional, default 0')}</em>)</li>
<li><strong>limit</strong> {t('limit emails count in response')} (<em>{t('optional, default 10000')}</em>)</li> <li><strong>limit</strong> {t('limit emails count in response')} (<em>{t('optional, default 10000')}</em>)</li>
<li><strong>search</strong> {t('filter by part of email')} (<em>{t('optional, default ""')}</em>)</li> <li><strong>search</strong> {t('filter by part of email')} (<em>{t('optional, default ""')}</em>)</li>
</ul>
</li> </li>
</ul> </ul>

2
client/src/account/Account.js
View file

@ -8,6 +8,7 @@ import {
} from '../lib/form'; } from '../lib/form';
import { withErrorHandling, withAsyncErrorHandler } from '../lib/error-handling'; import { withErrorHandling, withAsyncErrorHandler } from '../lib/error-handling';
import passwordValidator from '../../../shared/password-validator'; import passwordValidator from '../../../shared/password-validator';
import interoperableErrors from '../../../shared/interoperable-errors';
import mailtrainConfig from 'mailtrainConfig'; import mailtrainConfig from 'mailtrainConfig';
@translate() @translate()
@ -120,6 +121,7 @@ export default class Account extends Component {
this.clearFormStatusMessage(); this.clearFormStatusMessage();
} else { } else {
this.enableForm();
this.setFormStatusMessage('warning', t('There are errors in the form. Please fix them and submit again.')); this.setFormStatusMessage('warning', t('There are errors in the form. Please fix them and submit again.'));
} }
} catch (error) { } catch (error) {

2
client/src/account/Forgot.js
View file

@ -47,7 +47,7 @@ export default class Forget extends Component {
const submitSuccessful = await this.validateAndSendFormValuesToURL(FormSendMethod.POST, '/rest/password-reset-send'); const submitSuccessful = await this.validateAndSendFormValuesToURL(FormSendMethod.POST, '/rest/password-reset-send');
if (submitSuccessful) { if (submitSuccessful) {
this.navigateToWithFlashMessage('/login', 'success', t('If the username / email exists in the system, password reset link will be sent to the registered email.')); this.navigateToWithFlashMessage('/account/login', 'success', t('If the username / email exists in the system, password reset link will be sent to the registered email.'));
} else { } else {
this.enableForm(); this.enableForm();
this.setFormStatusMessage('warning', t('Please enter your username / email and try again.')); this.setFormStatusMessage('warning', t('Please enter your username / email and try again.'));

4
client/src/account/Login.js
View file

@ -9,6 +9,7 @@ import {
} from '../lib/form'; } from '../lib/form';
import { withErrorHandling } from '../lib/error-handling'; import { withErrorHandling } from '../lib/error-handling';
import URL from 'url-parse'; import URL from 'url-parse';
import interoperableErrors from '../../../shared/interoperable-errors';
import mailtrainConfig from 'mailtrainConfig'; import mailtrainConfig from 'mailtrainConfig';
@translate() @translate()
@ -61,9 +62,10 @@ export default class Login extends Component {
if (submitSuccessful) { if (submitSuccessful) {
const query = new URL(this.props.location.search, true).query; const query = new URL(this.props.location.search, true).query;
const nextUrl = query.next || '/';
/* FIXME, once we turn Mailtrain to single-page application, this should become navigateTo */ /* FIXME, once we turn Mailtrain to single-page application, this should become navigateTo */
window.location = query.next; window.location = nextUrl;
} else { } else {
this.setFormStatusMessage('warning', t('Please enter your credentials and try again.')); this.setFormStatusMessage('warning', t('Please enter your credentials and try again.'));
} }

27
client/src/account/Reset.js
View file

@ -3,12 +3,14 @@
import React, { Component } from 'react'; import React, { Component } from 'react';
import { translate } from 'react-i18next'; import { translate } from 'react-i18next';
import { withPageHelpers, Title } from '../lib/page' import { withPageHelpers, Title } from '../lib/page'
import { Link } from 'react-router-dom'
import { import {
withForm, Form, Fieldset, FormSendMethod, InputField, ButtonRow, Button withForm, Form, Fieldset, FormSendMethod, InputField, ButtonRow, Button
} from '../lib/form'; } from '../lib/form';
import { withErrorHandling, withAsyncErrorHandler } from '../lib/error-handling'; import { withErrorHandling, withAsyncErrorHandler } from '../lib/error-handling';
import passwordValidator from '../../../shared/password-validator'; import passwordValidator from '../../../shared/password-validator';
import axios from '../lib/axios'; import axios from '../lib/axios';
import interoperableErrors from '../../../shared/interoperable-errors';
const ResetTokenValidationState = { const ResetTokenValidationState = {
PENDING: 0, PENDING: 0,
@ -34,7 +36,7 @@ export default class Account extends Component {
} }
@withAsyncErrorHandler @withAsyncErrorHandler
async loadAccessToken() { async validateResetToken() {
const params = this.props.match.params; const params = this.props.match.params;
const response = await axios.post('/rest/password-reset-validate', { const response = await axios.post('/rest/password-reset-validate', {
@ -42,7 +44,9 @@ export default class Account extends Component {
resetToken: params.resetToken resetToken: params.resetToken
}); });
this.setState('resetTokenValidationState', response.data ? ResetTokenValidationState.VALID : ResetTokenValidationState.INVALID); this.setState({
resetTokenValidationState: response.data ? ResetTokenValidationState.VALID : ResetTokenValidationState.INVALID
});
} }
componentDidMount() { componentDidMount() {
@ -54,6 +58,8 @@ export default class Account extends Component {
password: '', password: '',
password2: '' password2: ''
}); });
this.validateResetToken();
} }
localValidateFormValues(state) { localValidateFormValues(state) {
@ -64,7 +70,7 @@ export default class Account extends Component {
let passwordMsgs = []; let passwordMsgs = [];
if (password || currentPassword) { if (password) {
const passwordResults = this.passwordValidator.test(password); const passwordResults = this.passwordValidator.test(password);
passwordMsgs.push(...passwordResults.errors); passwordMsgs.push(...passwordResults.errors);
} }
@ -91,6 +97,7 @@ export default class Account extends Component {
if (submitSuccessful) { if (submitSuccessful) {
this.navigateToWithFlashMessage('/account/login', 'success', t('Password reset')); this.navigateToWithFlashMessage('/account/login', 'success', t('Password reset'));
} else { } else {
this.enableForm();
this.setFormStatusMessage('warning', t('There are errors in the form. Please fix them and submit again.')); this.setFormStatusMessage('warning', t('There are errors in the form. Please fix them and submit again.'));
} }
} catch (error) { } catch (error) {
@ -98,7 +105,7 @@ export default class Account extends Component {
this.setFormStatusMessage('danger', this.setFormStatusMessage('danger',
<span> <span>
<strong>{t('Your password cannot be reset.')}</strong>{' '} <strong>{t('Your password cannot be reset.')}</strong>{' '}
{t('The reset token has expired.')}{' '}<Link to={`/account/forgot/${this.getFormValue('username')}`}>{t('Click here to request a new password reset link.')}</Link> {t('The password reset token has expired.')}{' '}<Link to={`/account/forgot/${this.getFormValue('username')}`}>{t('Click here to request a new password reset link.')}</Link>
</span> </span>
); );
return; return;
@ -113,9 +120,17 @@ export default class Account extends Component {
if (this.state.resetTokenValidationState === ResetTokenValidationState.PENDING) { if (this.state.resetTokenValidationState === ResetTokenValidationState.PENDING) {
return ( return (
<div>{t('Validating password reset token ...')}</div> <p>{t('Validating password reset token ...')}</p>
) );
} else if (this.state.resetTokenValidationState === ResetTokenValidationState.INVALID) { } else if (this.state.resetTokenValidationState === ResetTokenValidationState.INVALID) {
return (
<div>
<Title>{t('The password cannot be reset')}</Title>
<p>{t('The password reset token has expired.')}{' '}<Link to={`/account/forgot/${this.getFormValue('username')}`}>{t('Click here to request a new password reset link.')}</Link></p>
</div>
);
} else { } else {
return ( return (

2
client/src/account/root.js
View file

@ -64,7 +64,7 @@ const getStructure = t => {
export default function() { export default function() {
ReactDOM.render( ReactDOM.render(
<I18nextProvider i18n={ i18n }><Section root='/account' structure={getStructure}/></I18nextProvider>, <I18nextProvider i18n={ i18n }><Section root='/account/login' structure={getStructure}/></I18nextProvider>,
document.getElementById('root') document.getElementById('root')
); );
}; };

2
client/src/lib/form.js
View file

@ -194,7 +194,7 @@ class CheckBox extends Component {
const htmlId = 'form_' + id; const htmlId = 'form_' + id;
return wrapInputInline(id, htmlId, owner, 'checkbox', props.label, props.help, return wrapInputInline(id, htmlId, owner, 'checkbox', props.label, props.help,
<input type="checkbox" checked={owner.getFormValue(id)} id={htmlId} aria-describedby={htmlId + '_help'} onChange={evt => {console.log(evt); /* FIXME owner.updateFormValue(id, evt.target.value)*/ }}/> <input type="checkbox" checked={owner.getFormValue(id)} id={htmlId} aria-describedby={htmlId + '_help'} onClick={evt => owner.updateFormValue(id, !owner.getFormValue(id))}/>
); );
} }
} }

2
client/src/users/root.js
View file

@ -20,7 +20,7 @@ const getStructure = t => {
render: props => (<CUD edit {...props} />) render: props => (<CUD edit {...props} />)
}; };
subPahts.create = { subPaths.create = {
title: t('Create User'), title: t('Create User'),
render: props => (<CUD {...props} />) render: props => (<CUD {...props} />)
}; };

6
index.js
View file

@ -17,7 +17,7 @@ const postfixBounceServer = require('./services/postfix-bounce-server');
const tzupdate = require('./services/tzupdate'); const tzupdate = require('./services/tzupdate');
const feedcheck = require('./services/feedcheck'); const feedcheck = require('./services/feedcheck');
const dbcheck = require('./lib/dbcheck'); const dbcheck = require('./lib/dbcheck');
const tools = require('./lib/tools'); const senders = require('./lib/senders');
const reportProcessor = require('./lib/report-processor'); const reportProcessor = require('./lib/report-processor');
const executor = require('./lib/executor'); const executor = require('./lib/executor');
const privilegeHelpers = require('./lib/privilege-helpers'); const privilegeHelpers = require('./lib/privilege-helpers');
@ -92,11 +92,11 @@ function spawnSenders(callback) {
let child = fork(__dirname + '/services/sender.js', []); let child = fork(__dirname + '/services/sender.js', []);
let pid = child.pid; let pid = child.pid;
tools.workers.add(child); senders.workers.add(child);
child.on('close', (code, signal) => { child.on('close', (code, signal) => {
spawned--; spawned--;
tools.workers.delete(child); senders.workers.delete(child);
log.error('Child', 'Sender process %s exited with %s', pid, code || signal); log.error('Child', 'Sender process %s exited with %s', pid, code || signal);
// Respawn after 5 seconds // Respawn after 5 seconds
setTimeout(() => spawnSender(), 5 * 1000).unref(); setTimeout(() => spawnSender(), 5 * 1000).unref();

4
lib/db.js
View file

@ -5,7 +5,7 @@ let mysql = require('mysql');
let redis = require('redis'); let redis = require('redis');
let Lock = require('redfour'); let Lock = require('redfour');
let stringifyDate = require('json-stringify-date'); let stringifyDate = require('json-stringify-date');
let tools = require('./tools'); let senders = require('./senders');
module.exports = mysql.createPool(config.mysql); module.exports = mysql.createPool(config.mysql);
if (config.redis && config.redis.enabled) { if (config.redis && config.redis.enabled) {
@ -78,7 +78,7 @@ if (config.redis && config.redis.enabled) {
module.exports.clearCache = (key, callback) => { module.exports.clearCache = (key, callback) => {
caches.delete(key); caches.delete(key);
tools.workers.forEach(child => { senders.workers.forEach(child => {
child.send({ child.send({
cmd: 'db.clearCache', cmd: 'db.clearCache',
key key

7
lib/passport.js
View file

@ -53,11 +53,14 @@ module.exports.restLogout = (req, res) => {
module.exports.restLogin = (req, res, next) => { module.exports.restLogin = (req, res, next) => {
passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => { passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {
return next(err); if (err) {
return next(err);
}
if (!user) { if (!user) {
return next(new interoperableErrors.IncorrectPasswordError()); return next(new interoperableErrors.IncorrectPasswordError());
} }
req.logIn(user, err => { req.logIn(user, err => {
if (err) { if (err) {
return next(err); return next(err);
@ -79,7 +82,7 @@ module.exports.restLogin = (req, res, next) => {
if (config.ldap.enabled && LdapStrategy) { if (config.ldap.enabled && LdapStrategy) {
log.info('Using LDAP auth'); log.info('Using LDAP auth');
module.exports.authMethod = 'ldap'; module.exports.authMethod = 'ldap';
module.exports.isAuthMethodLocal = false; module.exports.isAuthMethodLocal = true;
let opts = { let opts = {
server: { server: {

5
lib/senders.js Normal file
View file

@ -0,0 +1,5 @@
'use strict';
module.exports = {
workers: new Set()
};

8
models/settings.js
View file

@ -1,7 +1,5 @@
'use strict'; 'use strict';
'use strict';
const knex = require('../lib/knex'); const knex = require('../lib/knex');
const tools = require('../lib/tools'); const tools = require('../lib/tools');
@ -15,11 +13,11 @@ async function get(keyOrKeys) {
keys = keys.map(key => tools.toDbKey(key)); keys = keys.map(key => tools.toDbKey(key));
const result = await knex('settings').whereIn('key', keys); const rows = await knex('settings').select(['key', 'value']).whereIn('key', keys);
const settings = {}; const settings = {};
for (const key of keys) { for (const row of rows) {
settings[tools.fromDbKey(key)] = result[key]; settings[tools.fromDbKey(row.key)] = row.value;
} }
if (!Array.isArray(keyOrKeys)) { if (!Array.isArray(keyOrKeys)) {

32
models/users.js
View file

@ -10,6 +10,8 @@ const dtHelpers = require('../lib/dt-helpers');
const tools = require('../lib/tools-async'); const tools = require('../lib/tools-async');
let crypto = require('crypto'); let crypto = require('crypto');
const settings = require('./settings'); const settings = require('./settings');
const urllib = require('url');
const _ = require('../lib/translate')._;
const bluebird = require('bluebird'); const bluebird = require('bluebird');
@ -23,12 +25,13 @@ const mailerSendMail = bluebird.promisify(mailer.sendMail);
const allowedKeys = new Set(['username', 'name', 'email', 'password']); const allowedKeys = new Set(['username', 'name', 'email', 'password']);
const allowedKeysExternal = new Set(['username']); const allowedKeysExternal = new Set(['username']);
const ownAccountAllowedKeys = new Set(['name', 'email', 'password']); const ownAccountAllowedKeys = new Set(['name', 'email', 'password']);
const hashKeys = new Set(['username', 'name', 'email']);
const passport = require('../../lib/passport'); const passport = require('../lib/passport');
function hash(user) { function hash(user) {
return hasher.hash(filterObject(user, allowedKeys)); return hasher.hash(filterObject(user, hashKeys));
} }
async function _getBy(key, value, extraColumns) { async function _getBy(key, value, extraColumns) {
@ -170,7 +173,7 @@ async function updateWithConsistencyCheck(user, isOwnAccount) {
} }
const existingUserHash = hash(existingUser); const existingUserHash = hash(existingUser);
if (existingUserHash != user.originalHash) { if (existingUserHash !== user.originalHash) {
throw new interoperableErrors.ChangedError(); throw new interoperableErrors.ChangedError();
} }
@ -201,13 +204,22 @@ async function getByUsername(username) {
} }
async function getByUsernameIfPasswordMatch(username, password) { async function getByUsernameIfPasswordMatch(username, password) {
const user = await _getBy('username', username, ['password']); try {
const user = await _getBy('username', username, ['password']);
if (!await bcryptCompare(password, user.password)) { if (!await bcryptCompare(password, user.password)) {
throw new interoperableErrors.IncorrectPasswordError(); throw new interoperableErrors.IncorrectPasswordError();
}
return user;
} catch (err) {
if (err instanceof interoperableErrors.NotFoundError) {
throw new interoperableErrors.IncorrectPasswordError();
}
throw err;
} }
return user;
} }
async function getAccessToken(userId) { async function getAccessToken(userId) {
@ -258,7 +270,7 @@ async function sendPasswordReset(usernameOrEmail) {
title: 'Mailtrain', title: 'Mailtrain',
username: user.username, username: user.username,
name: user.name, name: user.name,
confirmUrl: urllib.resolve(serviceUrl, `/account/reset-link/${encodeURIComponent(user.username)}/${encodeURIComponent(resetToken)}`) confirmUrl: urllib.resolve(serviceUrl, `/account/reset/${encodeURIComponent(user.username)}/${encodeURIComponent(resetToken)}`)
} }
}); });
} }
@ -273,7 +285,7 @@ async function isPasswordResetTokenValid(username, resetToken) {
return !!user; return !!user;
} }
async function resetPassword(username, resetToken, password) {R async function resetPassword(username, resetToken, password) {
enforce(passport.isAuthMethodLocal, 'Local user management is required'); enforce(passport.isAuthMethodLocal, 'Local user management is required');
await knex.transaction(async tx => { await knex.transaction(async tx => {

2
routes/blacklist.js
View file

@ -11,7 +11,7 @@ let _ = require('../lib/translate')._;
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('blacklist'); res.setSelectedMenu('blacklist');
next(); next();

2
routes/campaigns.js
View file

@ -24,7 +24,7 @@ let uploads = multer({
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('campaigns'); res.setSelectedMenu('campaigns');
next(); next();

2
routes/fields.js
View file

@ -11,7 +11,7 @@ let _ = require('../lib/translate')._;
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('lists'); res.setSelectedMenu('lists');
next(); next();

2
routes/forms.js
View file

@ -14,7 +14,7 @@ let subscriptions = require('../lib/models/subscriptions');
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('lists'); res.setSelectedMenu('lists');
next(); next();

2
routes/grapejs.js
View file

@ -13,7 +13,7 @@ const editorHelpers = require('../lib/editor-helpers')
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
next(); next();
}); });

2
routes/lists.js
View file

@ -48,7 +48,7 @@ let moment = require('moment-timezone');
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('lists'); res.setSelectedMenu('lists');
next(); next();

2
routes/mosaico.js
View file

@ -12,7 +12,7 @@ let editorHelpers = require('../lib/editor-helpers');
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
next(); next();
}); });

2
routes/report-templates.js
View file

@ -18,7 +18,7 @@ const allowedMimeTypes = {
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('reports'); res.setSelectedMenu('reports');
next(); next();

2
routes/reports.js
View file

@ -20,7 +20,7 @@ const hbs = require('hbs');
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('reports'); res.setSelectedMenu('reports');
next(); next();

15
routes/rest/account.js
View file

@ -9,6 +9,7 @@ const router = require('../../lib/router-async').create();
router.getAsync('/account', passport.loggedIn, async (req, res) => { router.getAsync('/account', passport.loggedIn, async (req, res) => {
const user = await users.getById(req.user.id); const user = await users.getById(req.user.id);
user.hash = users.hash(user);
return res.json(user); return res.json(user);
}); });
@ -20,7 +21,7 @@ router.postAsync('/account', passport.loggedIn, passport.csrfProtection, async (
return res.json(); return res.json();
}); });
router.postAsync('/account-validate', passport.loggedIn, async (req, res) => { router.postAsync('/account-validate', passport.loggedIn, passport.csrfProtection, async (req, res) => {
const data = req.body; const data = req.body;
data.id = req.user.id; data.id = req.user.id;
@ -39,20 +40,20 @@ router.postAsync('/access-token-reset', passport.loggedIn, passport.csrfProtecti
}); });
router.post('/login', passport.restLogin); router.post('/login', passport.csrfProtection, passport.restLogin);
router.post('/logout', passport.restLogout); // TODO - this endpoint is currently not in use. It will become relevant once we switch to SPA router.post('/logout', passport.csrfProtection, passport.restLogout); // TODO - this endpoint is currently not in use. It will become relevant once we switch to SPA
router.postAsync('/password-reset-send', async (req, res) => { router.postAsync('/password-reset-send', passport.csrfProtection, async (req, res) => {
await users.sendPasswordReset(req.body.username); await users.sendPasswordReset(req.body.usernameOrEmail);
return res.json(); return res.json();
}); });
router.getAsync('/password-reset-validate', async (req, res) => { router.postAsync('/password-reset-validate', passport.csrfProtection, async (req, res) => {
const isValid = await users.isPasswordResetTokenValid(req.body.username, req.body.resetToken); const isValid = await users.isPasswordResetTokenValid(req.body.username, req.body.resetToken);
return res.json(isValid); return res.json(isValid);
}) })
router.getAsync('/password-reset', async (req, res) => { router.postAsync('/password-reset', passport.csrfProtection, async (req, res) => {
await users.resetPassword(req.body.username, req.body.resetToken, req.body.password); await users.resetPassword(req.body.username, req.body.resetToken, req.body.password);
return res.json(); return res.json();
}) })

1
routes/rest/namespaces.js
View file

@ -3,7 +3,6 @@
const passport = require('../../lib/passport'); const passport = require('../../lib/passport');
const _ = require('../../lib/translate')._; const _ = require('../../lib/translate')._;
const namespaces = require('../../models/namespaces'); const namespaces = require('../../models/namespaces');
const interoperableErrors = require('../../shared/interoperable-errors');
const router = require('../../lib/router-async').create(); const router = require('../../lib/router-async').create();

1
routes/rest/users.js
View file

@ -3,7 +3,6 @@
const passport = require('../../lib/passport'); const passport = require('../../lib/passport');
const _ = require('../../lib/translate')._; const _ = require('../../lib/translate')._;
const users = require('../../models/users'); const users = require('../../models/users');
const interoperableErrors = require('../../shared/interoperable-errors');
const router = require('../../lib/router-async').create(); const router = require('../../lib/router-async').create();

2
routes/segments.js
View file

@ -11,7 +11,7 @@ let _ = require('../lib/translate')._;
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('lists'); res.setSelectedMenu('lists');
next(); next();

5
routes/settings.js
View file

@ -13,6 +13,7 @@ let upload = multer();
let aws = require('aws-sdk'); let aws = require('aws-sdk');
let util = require('util'); let util = require('util');
let _ = require('../lib/translate')._; let _ = require('../lib/translate')._;
const senders = require('../lib/senders');
let settings = require('../lib/models/settings'); let settings = require('../lib/models/settings');
@ -21,7 +22,7 @@ let allowedKeys = ['service_url', 'smtp_hostname', 'smtp_port', 'smtp_encryption
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('/settings'); res.setSelectedMenu('/settings');
next(); next();
@ -107,7 +108,7 @@ router.post('/update', passport.parseForm, passport.csrfProtection, (req, res) =
let storeSettings = () => { let storeSettings = () => {
if (i >= keys.length) { if (i >= keys.length) {
mailer.update(); mailer.update();
tools.workers.forEach(worker => { senders.workers.forEach(worker => {
worker.send({ worker.send({
reload: true reload: true
}); });

2
routes/templates.js
View file

@ -16,7 +16,7 @@ let _ = require('../lib/translate')._;
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('templates'); res.setSelectedMenu('templates');
next(); next();

2
routes/triggers.js
View file

@ -16,7 +16,7 @@ let util = require('util');
router.all('/*', (req, res, next) => { router.all('/*', (req, res, next) => {
if (!req.user) { if (!req.user) {
req.flash('danger', _('Need to be logged in to access restricted content')); req.flash('danger', _('Need to be logged in to access restricted content'));
return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl)); return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
} }
res.setSelectedMenu('triggers'); res.setSelectedMenu('triggers');
next(); next();

6
test/e2e/page-objects/user.js
View file

@ -7,9 +7,9 @@ module.exports = {
url: '/users/login', url: '/users/login',
elementsToWaitFor: ['submitButton'], elementsToWaitFor: ['submitButton'],
elements: { elements: {
usernameInput: 'form[action="/users/login"] input[name="username"]', usernameInput: 'form[action="/account/login"] input[name="username"]',
passwordInput: 'form[action="/users/login"] input[name="password"]', passwordInput: 'form[action="/account/login"] input[name="password"]',
submitButton: 'form[action="/users/login"] [type=submit]' submitButton: 'form[action="/account/login"] [type=submit]'
} }
}), }),

64
views/layout.hbs
View file

@ -24,7 +24,7 @@
<script> <script>
window.csfrToken = '{{reactCsrfToken}}'; window.csfrToken = '{{reactCsrfToken}}';
window.mailtrainConfig = {{mailtrainConfig}}; window.mailtrainConfig = {{{mailtrainConfig}}};
</script> </script>
<script src="/mailtrain/{{reactEntryPoint}}.js"></script> <script src="/mailtrain/{{reactEntryPoint}}.js"></script>
@ -75,37 +75,47 @@
<li><a href="{{url}}">{{title}}</a></li> <li><a href="{{url}}">{{title}}</a></li>
{{/if}} {{/if}}
{{/each}} {{/each}}
{{#if admin }}
<ul class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Administration<span class="caret"></span></a>
<ul class="dropdown-menu">
<li>
<a href="/users">
<span class="glyphicon glyphicon-cog" aria-hidden="true"></span> {{#translate}}Users{{/translate}}
</a>
</li>
<li>
<a href="/namespaces">
<span class="glyphicon glyphicon-cog" aria-hidden="true"></span> {{#translate}}Namespaces{{/translate}}
</a>
</li>
<li>
<a href="/settings">
<span class="glyphicon glyphicon-cog" aria-hidden="true"></span> {{#translate}}Settings{{/translate}}
</a>
</li>
<li>
<a href="/blacklist">
<span class="glyphicon glyphicon-ban-circle" aria-hidden="true"></span> {{#translate}}Blacklist{{/translate}}
</a>
</li>
<li>
<a href="/account/api">
<span class="glyphicon glyphicon-retweet" aria-hidden="true"></span> {{#translate}}API{{/translate}}
</a>
</li>
</ul>
</li>
</ul>
{{/if}}
<li><a href="https://github.com/Mailtrain-org/mailtrain/wiki"><span class="glyphicon glyphicon-share-alt" aria-hidden="true"></span> {{#translate}}Wiki{{/translate}}</a></li> <li><a href="https://github.com/Mailtrain-org/mailtrain/wiki"><span class="glyphicon glyphicon-share-alt" aria-hidden="true"></span> {{#translate}}Wiki{{/translate}}</a></li>
<li><a href="https://mailtrain.wordpress.com/"><span class="glyphicon glyphicon-share-alt" aria-hidden="true"></span> {{#translate}}Blog{{/translate}}</a></li> <li><a href="https://mailtrain.wordpress.com/"><span class="glyphicon glyphicon-share-alt" aria-hidden="true"></span> {{#translate}}Blog{{/translate}}</a></li>
</ul> </ul>
{{#if admin }}
<ul class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Administration<span class="caret"></span></a>
<ul class="dropdown-menu">
<li>
<a href="/settings">
<span class="glyphicon glyphicon-cog" aria-hidden="true"></span> {{#translate}}Settings{{/translate}}
</a>
</li>
<li>
<a href="/blacklist">
<span class="glyphicon glyphicon-ban-circle" aria-hidden="true"></span> {{#translate}}Blacklist{{/translate}}
</a>
</li>
<li>
<a href="/account/api">
<span class="glyphicon glyphicon-retweet" aria-hidden="true"></span> {{#translate}}API{{/translate}}
</a>
</li>
</ul>
</li>
</ul>
{{/if}}
{{#if user }} {{#if user }}
<ul class="nav navbar-nav navbar-right"> <ul class="nav navbar-nav navbar-right">
<li class="dropdown"> <li class="dropdown">