Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-02 03:55:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow local login,closes #6800 (#6803)

Browse Source 
* WIP

* reset groups cache after every suite
This commit is contained in:
Barış Soner Uşaklı
2018-09-29 06:49:41 -04:00
committed by GitHub
parent bf7523b8e4
commit 77beaf2e15
14 changed files with 84 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
install/data/defaults.json
View File

@@ -13,7 +13,6 @@
"maximumTagLength": 15, "maximumTagLength": 15,
"allowTopicsThumbnail": 0, "allowTopicsThumbnail": 0,
"registrationType": "normal", "registrationType": "normal",
"allowLocalLogin": 1,
"allowAccountDelete": 1, "allowAccountDelete": 1,
"allowFileUploads": 0, "allowFileUploads": 0,
"allowedFileExtensions": "png,jpg,bmp", "allowedFileExtensions": "png,jpg,bmp",

1
public/language/en-GB/admin/manage/privileges.json
View File

@@ -10,6 +10,7 @@
"search-content": "Search Content", "search-content": "Search Content",
"search-users": "Search Users", "search-users": "Search Users",
"search-tags": "Search Tags", "search-tags": "Search Tags",
"allow-local-login": "Local Login",
"find-category": "Find Category", "find-category": "Find Category",
"access-category": "Access Category", "access-category": "Access Category",

1
public/language/en-GB/admin/settings/user.json
View File

@@ -1,6 +1,5 @@
{ {
"authentication": "Authentication", "authentication": "Authentication",
"allow-local-login": "Allow local login",
"require-email-confirmation": "Require Email Confirmation", "require-email-confirmation": "Require Email Confirmation",
"email-confirm-interval": "User may not resend a confirmation email until", "email-confirm-interval": "User may not resend a confirmation email until",
"email-confirm-email2": "minutes have elapsed", "email-confirm-email2": "minutes have elapsed",

9
src/cli/reset.js
View File

@@ -11,6 +11,7 @@ var events = require('../events');
var meta = require('../meta'); var meta = require('../meta');
var plugins = require('../plugins'); var plugins = require('../plugins');
var widgets = require('../widgets'); var widgets = require('../widgets');
var privileges = require('../privileges');
var dirname = require('./paths').baseDir; var dirname = require('./paths').baseDir;
@@ -86,9 +87,13 @@ exports.reset = function (options, callback) {
}; };
function resetSettings(callback) { function resetSettings(callback) {
meta.configs.set('allowLocalLogin', 1, function (err) { privileges.global.give(['local:login'], 'registered-users', function (err) {
if (err) {
return callback(err);
}
winston.info('[reset] registered-users given login privilege');
winston.info('[reset] Settings reset to default'); winston.info('[reset] Settings reset to default');
callback(err); callback();
}); });
} }

7
src/controllers/authentication.js
View File

@@ -14,7 +14,7 @@ var plugins = require('../plugins');
var utils = require('../utils'); var utils = require('../utils');
var translator = require('../translator'); var translator = require('../translator');
var helpers = require('./helpers'); var helpers = require('./helpers');
var privileges = require('../privileges');
var sockets = require('../socket.io'); var sockets = require('../socket.io');
var authenticationController = module.exports; var authenticationController = module.exports;
@@ -404,6 +404,9 @@ authenticationController.localLogin = function (req, username, password, next) {
banned: function (next) { banned: function (next) {
user.isBanned(uid, next); user.isBanned(uid, next);
}, },
hasLoginPrivilege: function (next) {
privileges.global.can('local:login', uid, next);
},
}, next); }, next);
}, },
function (result, next) { function (result, next) {
@@ -412,7 +415,7 @@ authenticationController.localLogin = function (req, username, password, next) {
isAdminOrGlobalMod: result.isAdminOrGlobalMod, isAdminOrGlobalMod: result.isAdminOrGlobalMod,
}); });
if (!result.isAdminOrGlobalMod && parseInt(meta.config.allowLocalLogin, 10) === 0) { if (parseInt(uid, 10) && !result.hasLoginPrivilege) {
return next(new Error('[[error:local-login-disabled]]')); return next(new Error('[[error:local-login-disabled]]'));
} }

43
src/controllers/index.js
View File

@@ -7,6 +7,7 @@ var validator = require('validator');
var meta = require('../meta'); var meta = require('../meta');
var user = require('../user'); var user = require('../user');
var plugins = require('../plugins'); var plugins = require('../plugins');
var privileges = require('../privileges');
var helpers = require('./helpers'); var helpers = require('./helpers');
var Controllers = module.exports; var Controllers = module.exports;
@@ -106,7 +107,6 @@ Controllers.login = function (req, res, next) {
data.alternate_logins = loginStrategies.length > 0; data.alternate_logins = loginStrategies.length > 0;
data.authentication = loginStrategies; data.authentication = loginStrategies;
data.allowLocalLogin = parseInt(meta.config.allowLocalLogin, 10) === 1 || parseInt(req.query.local, 10) === 1;
data.allowRegistration = registrationType === 'normal' || registrationType === 'admin-approval' || registrationType === 'admin-approval-ip'; data.allowRegistration = registrationType === 'normal' || registrationType === 'admin-approval' || registrationType === 'admin-approval-ip';
data.allowLoginWith = '[[login:' + allowLoginWith + ']]'; data.allowLoginWith = '[[login:' + allowLoginWith + ']]';
data.breadcrumbs = helpers.buildBreadcrumbs([{ data.breadcrumbs = helpers.buildBreadcrumbs([{
@@ -115,26 +115,33 @@ Controllers.login = function (req, res, next) {
data.error = req.flash('error')[0] || errorText; data.error = req.flash('error')[0] || errorText;
data.title = '[[pages:login]]'; data.title = '[[pages:login]]';
if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) { privileges.global.canGroup('local:login', 'registered-users', function (err, hasLoginPrivilege) {
if (res.locals.isAPI) { if (err) {
return helpers.redirect(res, { return next(err);
external: nconf.get('relative_path') + data.authentication[0].url,
});
} }
return res.redirect(nconf.get('relative_path') + data.authentication[0].url);
} data.allowLocalLogin = hasLoginPrivilege || parseInt(req.query.local, 10) === 1;
if (req.loggedIn) { if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) {
user.getUserFields(req.uid, ['username', 'email'], function (err, user) { if (res.locals.isAPI) {
if (err) { return helpers.redirect(res, {
return next(err); external: nconf.get('relative_path') + data.authentication[0].url,
});
} }
data.username = allowLoginWith === 'email' ? user.email : user.username; return res.redirect(nconf.get('relative_path') + data.authentication[0].url);
data.alternate_logins = false; }
if (req.loggedIn) {
user.getUserFields(req.uid, ['username', 'email'], function (err, user) {
if (err) {
return next(err);
}
data.username = allowLoginWith === 'email' ? user.email : user.username;
data.alternate_logins = false;
res.render('login', data);
});
} else {
res.render('login', data); res.render('login', data);
}); }
} else { });
res.render('login', data);
}
}; };
Controllers.register = function (req, res, next) { Controllers.register = function (req, res, next) {

5
src/install.js
View File

@@ -381,7 +381,10 @@ function createGlobalModeratorsGroup(next) {
function giveGlobalPrivileges(next) { function giveGlobalPrivileges(next) {
var privileges = require('./privileges'); var privileges = require('./privileges');
var defaultPrivileges = ['chat', 'upload:post:image', 'signature', 'search:content', 'search:users', 'search:tags']; var defaultPrivileges = [
'chat', 'upload:post:image', 'signature', 'search:content',
'search:users', 'search:tags', 'local:login',
];
privileges.global.give(defaultPrivileges, 'registered-users', next); privileges.global.give(defaultPrivileges, 'registered-users', next);
} }

6
src/privileges/global.js
View File

@@ -21,6 +21,7 @@ module.exports = function (privileges) {
{ name: '[[admin/manage/privileges:search-content]]' }, { name: '[[admin/manage/privileges:search-content]]' },
{ name: '[[admin/manage/privileges:search-users]]' }, { name: '[[admin/manage/privileges:search-users]]' },
{ name: '[[admin/manage/privileges:search-tags]]' }, { name: '[[admin/manage/privileges:search-tags]]' },
{ name: '[[admin/manage/privileges:allow-local-login]]' },
]; ];
privileges.global.userPrivilegeList = [ privileges.global.userPrivilegeList = [
@@ -32,6 +33,7 @@ module.exports = function (privileges) {
'search:content', 'search:content',
'search:users', 'search:users',
'search:tags', 'search:tags',
'local:login',
]; ];
privileges.global.groupPrivilegeList = privileges.global.userPrivilegeList.map(function (privilege) { privileges.global.groupPrivilegeList = privileges.global.userPrivilegeList.map(function (privilege) {
@@ -111,6 +113,10 @@ module.exports = function (privileges) {
], callback); ], callback);
}; };
privileges.global.canGroup = function (privilege, groupName, callback) {
groups.isMember(groupName, 'cid:0:privileges:groups:' + privilege, callback);
};
privileges.global.give = function (privileges, groupName, callback) { privileges.global.give = function (privileges, groupName, callback) {
helpers.giveOrRescind(groups.join, privileges, 0, groupName, callback); helpers.giveOrRescind(groups.join, privileges, 0, groupName, callback);
}; };

17
src/upgrades/1.10.2/local_login_privileges.js Normal file
View File

@@ -0,0 +1,17 @@
'use strict';
module.exports = {
name: 'Give global local login privileges',
timestamp: Date.UTC(2018, 8, 28),
method: function (callback) {
var meta = require('../../meta');
var privileges = require('../../privileges');
var allowLocalLogin = parseInt(meta.config.allowLocalLogin, 10) === 1;
if (allowLocalLogin) {
privileges.global.give(['local:login'], 'registered-users', callback);
} else {
callback();
}
},
};

7
src/views/admin/settings/user.tpl
View File

@@ -4,13 +4,6 @@
<div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/user:authentication]]</div> <div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/user:authentication]]</div>
<div class="col-sm-10 col-xs-12"> <div class="col-sm-10 col-xs-12">
<form role="form"> <form role="form">
<div class="checkbox">
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect">
<input class="mdl-switch__input" type="checkbox" data-field="allowLocalLogin" checked>
<span class="mdl-switch__label"><strong>[[admin/settings/user:allow-local-login]]</strong></span>
</label>
</div>
<div class="checkbox"> <div class="checkbox">
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect"> <label class="mdl-switch mdl-js-switch mdl-js-ripple-effect">
<input class="mdl-switch__input" type="checkbox" data-field="requireEmailConfirmation"> <input class="mdl-switch__input" type="checkbox" data-field="requireEmailConfirmation">

15
test/authentication.js
View File

@@ -9,6 +9,7 @@ var async = require('async');
var db = require('./mocks/databasemock'); var db = require('./mocks/databasemock');
var user = require('../src/user'); var user = require('../src/user');
var meta = require('../src/meta'); var meta = require('../src/meta');
var privileges = require('../src/privileges');
var helpers = require('./helpers'); var helpers = require('./helpers');
describe('authentication', function () { describe('authentication', function () {
@@ -328,15 +329,15 @@ describe('authentication', function () {
}); });
}); });
it('should fail to login if local login is disabled', function (done) { it('should fail to login if local login is disabled', function (done) {
meta.config.allowLocalLogin = 0; privileges.global.rescind(['local:login'], 'registered-users', function (err) {
loginUser('someuser', 'somepass', function (err, response, body) {
meta.config.allowLocalLogin = 1;
assert.ifError(err); assert.ifError(err);
assert.equal(response.statusCode, 403); loginUser('regular', 'regularpwd', function (err, response, body) {
assert.equal(body, '[[error:local-login-disabled]]'); assert.ifError(err);
done(); assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:local-login-disabled]]');
privileges.global.give(['local:login'], 'registered-users', done);
});
}); });
}); });

2
test/categories.js
View File

@@ -675,6 +675,7 @@ describe('Categories', function () {
'upload:post:image': false, 'upload:post:image': false,
'upload:post:file': false, 'upload:post:file': false,
signature: false, signature: false,
'local:login': false,
}); });
done(); done();
@@ -718,6 +719,7 @@ describe('Categories', function () {
'groups:upload:post:image': true, 'groups:upload:post:image': true,
'groups:upload:post:file': false, 'groups:upload:post:file': false,
'groups:signature': true, 'groups:signature': true,
'groups:local:login': true,
}); });
done(); done();

1
test/controllers-admin.js
View File

@@ -23,7 +23,6 @@ describe('Admin Controllers', function () {
var jar; var jar;
before(function (done) { before(function (done) {
groups.resetCache();
async.series({ async.series({
category: function (next) { category: function (next) {
categories.create({ categories.create({

10
test/mocks/databasemock.js
View File

@@ -161,6 +161,11 @@ function setupMockDefaults(callback) {
function (next) { function (next) {
db.emptydb(next); db.emptydb(next);
}, },
function (next) {
var groups = require('../../src/groups');
groups.resetCache();
next();
},
function (next) { function (next) {
winston.info('test_database flushed'); winston.info('test_database flushed');
setupDefaultConfigs(meta, next); setupDefaultConfigs(meta, next);
@@ -213,7 +218,10 @@ function setupDefaultConfigs(meta, next) {
function giveDefaultGlobalPrivileges(next) { function giveDefaultGlobalPrivileges(next) {
var privileges = require('../../src/privileges'); var privileges = require('../../src/privileges');
privileges.global.give(['chat', 'upload:post:image', 'signature', 'search:content', 'search:users', 'search:tags'], 'registered-users', next); privileges.global.give([
'chat', 'upload:post:image', 'signature', 'search:content',
'search:users', 'search:tags', 'local:login',
], 'registered-users', next);
} }
function enableDefaultPlugins(callback) { function enableDefaultPlugins(callback) {