Reset password and users table on settings page

This commit is contained in:
advplyr 2021-08-22 10:46:04 -05:00
parent e7898377ed
commit 5ecfaa88c2
9 changed files with 221 additions and 58 deletions

View File

@ -61,4 +61,8 @@
border-left: 6px solid transparent; border-left: 6px solid transparent;
border-right: 6px solid transparent; border-right: 6px solid transparent;
border-top: 6px solid white; border-top: 6px solid white;
}
.icon-text {
font-size: 1.1rem;
} }

View File

@ -26,10 +26,11 @@ export default {
data() { data() {
return { return {
menuItems: [ menuItems: [
// { {
// value: 'settings', value: 'account',
// text: 'Settings' text: 'Account',
// }, to: '/account'
},
{ {
value: 'logout', value: 'logout',
text: 'Logout' text: 'Logout'
@ -72,8 +73,6 @@ export default {
menuAction(action) { menuAction(action) {
if (action === 'logout') { if (action === 'logout') {
this.logout() this.logout()
} else if (action === 'settings') {
// Show settings modal
} }
} }
}, },
@ -83,7 +82,6 @@ export default {
<style> <style>
#appbar { #appbar {
/* box-shadow: 0px 8px 8px #111111aa; */
box-shadow: 0px 5px 5px #11111155; box-shadow: 0px 5px 5px #11111155;
} }
</style> </style>

View File

@ -12,7 +12,14 @@
<transition name="menu"> <transition name="menu">
<ul v-show="showMenu" class="absolute z-10 -mt-px w-full bg-primary border border-black-200 shadow-lg max-h-56 rounded-b-md py-1 text-base ring-1 ring-black ring-opacity-5 overflow-auto focus:outline-none sm:text-sm" tabindex="-1" role="listbox" aria-activedescendant="listbox-option-3"> <ul v-show="showMenu" class="absolute z-10 -mt-px w-full bg-primary border border-black-200 shadow-lg max-h-56 rounded-b-md py-1 text-base ring-1 ring-black ring-opacity-5 overflow-auto focus:outline-none sm:text-sm" tabindex="-1" role="listbox" aria-activedescendant="listbox-option-3">
<template v-for="item in items"> <template v-for="item in items">
<li :key="item.value" class="text-gray-100 select-none relative py-2 cursor-pointer hover:bg-black-400" id="listbox-option-0" role="option" @click="clickedOption(item.value)"> <nuxt-link :key="item.value" v-if="item.to" :to="item.to">
<li :key="item.value" class="text-gray-100 select-none relative py-2 cursor-pointer hover:bg-black-400" id="listbox-option-0" role="option" @click="clickedOption(item.value)">
<div class="flex items-center">
<span class="font-normal ml-3 block truncate font-sans">{{ item.text }}</span>
</div>
</li>
</nuxt-link>
<li v-else :key="item.value" class="text-gray-100 select-none relative py-2 cursor-pointer hover:bg-black-400" id="listbox-option-0" role="option" @click="clickedOption(item.value)">
<div class="flex items-center"> <div class="flex items-center">
<span class="font-normal ml-3 block truncate font-sans">{{ item.text }}</span> <span class="font-normal ml-3 block truncate font-sans">{{ item.text }}</span>
</div> </div>

92
client/pages/account.vue Normal file
View File

@ -0,0 +1,92 @@
<template>
<div class="w-full h-full p-8">
<div class="w-full max-w-2xl mx-auto">
<h1 class="text-2xl">Account</h1>
<div class="my-4">
<div class="flex -mx-2">
<div class="w-2/3 px-2">
<ui-text-input-with-label disabled :value="username" label="Username" />
</div>
<div class="w-1/3 px-2">
<ui-text-input-with-label disabled :value="usertype" label="Account Type" />
</div>
</div>
<div class="w-full h-px bg-primary my-4" />
<p class="mb-4 text-lg">Change Password</p>
<form @submit.prevent="submitChangePassword">
<ui-text-input-with-label v-model="password" :disabled="changingPassword" type="password" label="Password" class="my-2" />
<ui-text-input-with-label v-model="newPassword" :disabled="changingPassword" type="password" label="New Password" class="my-2" />
<ui-text-input-with-label v-model="confirmPassword" :disabled="changingPassword" type="password" label="Confirm Password" class="my-2" />
<div class="flex items-center py-2">
<p v-if="isRoot" class="text-error py-2 text-xs">* Root user is the only user that can have an empty password</p>
<div class="flex-grow" />
<ui-btn type="submit" :loading="changingPassword" color="success">Submit</ui-btn>
</div>
</form>
</div>
</div>
</div>
</template>
<script>
export default {
data() {
return {
password: null,
newPassword: null,
confirmPassword: null,
changingPassword: false
}
},
computed: {
user() {
return this.$store.state.user || null
},
username() {
return this.user.username
},
usertype() {
return this.user.type
},
isRoot() {
return this.usertype === 'root'
}
},
methods: {
resetForm() {
this.password = null
this.newPassword = null
this.confirmPassword = null
},
submitChangePassword() {
if (this.newPassword !== this.confirmPassword) {
return this.$toast.error('New password and confirm password do not match')
}
this.changingPassword = true
this.$axios
.$patch('/api/user/password', {
password: this.password,
newPassword: this.newPassword
})
.then((res) => {
if (res.success) {
this.$toast.success('Password Changed Successfully')
this.resetForm()
} else {
this.$toast.error(res.error || 'Unknown Error')
}
this.changingPassword = false
})
.catch((error) => {
console.error(error)
this.$toast.error('Api call failed')
this.changingPassword = false
})
}
},
mounted() {}
}
</script>

View File

@ -1,10 +1,29 @@
<template> <template>
<div class="page p-6" :class="streamAudiobook ? 'streaming' : ''"> <div class="page p-6" :class="streamAudiobook ? 'streaming' : ''">
<div class="w-full max-w-4xl mx-auto"> <div class="w-full max-w-4xl mx-auto">
<h1 class="text-2xl mb-2">Config</h1> <div class="flex items-center mb-2">
<h1 class="text-2xl">Users</h1>
<div class="mx-2 w-7 h-7 flex items-center justify-center rounded-full cursor-pointer hover:bg-white hover:bg-opacity-10 text-center" @click="clickAddUser">
<span class="material-icons" style="font-size: 1.4rem">add</span>
</div>
<!-- <ui-btn small :padding-x="4" class="h-8">Create User</ui-btn> -->
</div>
<div class="h-0.5 bg-primary bg-opacity-50 w-full" /> <div class="h-0.5 bg-primary bg-opacity-50 w-full" />
<div class="p-4 text-center h-20"> <div class="p-4 text-center">
<p>Nothing much here yet...</p> <table id="accounts" class="mb-8">
<tr>
<th>Username</th>
<th>Account Type</th>
<th style="width: 200px">Created At</th>
</tr>
<tr v-for="user in users" :key="user.id">
<td>{{ user.username }}</td>
<td>{{ user.type }}</td>
<td class="text-sm font-mono">
{{ new Date(user.createdAt).toISOString() }}
</td>
</tr>
</table>
</div> </div>
<div class="h-0.5 bg-primary bg-opacity-50 w-full" /> <div class="h-0.5 bg-primary bg-opacity-50 w-full" />
<div class="flex items-center py-4 mb-8"> <div class="flex items-center py-4 mb-8">
@ -16,7 +35,7 @@
<div class="h-0.5 bg-primary bg-opacity-50 w-full" /> <div class="h-0.5 bg-primary bg-opacity-50 w-full" />
<div class="flex items-center py-4"> <div class="flex items-center py-4">
<ui-btn color="error" small :padding-x="4" :loading="isResettingAudiobooks" @click="resetAudiobooks">Reset All Audiobooks</ui-btn> <ui-btn color="bg" small :padding-x="4" :loading="isResettingAudiobooks" @click="resetAudiobooks">Reset All Audiobooks</ui-btn>
</div> </div>
<div class="h-0.5 bg-primary bg-opacity-50 w-full" /> <div class="h-0.5 bg-primary bg-opacity-50 w-full" />
@ -41,7 +60,8 @@
export default { export default {
data() { data() {
return { return {
isResettingAudiobooks: false isResettingAudiobooks: false,
users: null
} }
}, },
computed: { computed: {
@ -53,6 +73,19 @@ export default {
scan() { scan() {
this.$root.socket.emit('scan') this.$root.socket.emit('scan')
}, },
clickAddUser() {
this.$toast.info('Under Construction: User management coming soon.')
},
loadUsers() {
this.$axios
.$get('/api/users')
.then((users) => {
this.users = users
})
.catch((error) => {
console.error('Failed', error)
})
},
resetAudiobooks() { resetAudiobooks() {
if (confirm('WARNING! This action will remove all audiobooks from the database including any updates or matches you have made. This does not do anything to your actual files. Shall we continue?')) { if (confirm('WARNING! This action will remove all audiobooks from the database including any updates or matches you have made. This does not do anything to your actual files. Shall we continue?')) {
this.isResettingAudiobooks = true this.isResettingAudiobooks = true
@ -70,6 +103,39 @@ export default {
} }
} }
}, },
mounted() {} mounted() {
this.loadUsers()
}
} }
</script> </script>
<style>
#accounts {
table-layout: fixed;
border-collapse: collapse;
width: 100%;
}
#accounts td,
#accounts th {
border: 1px solid #2e2e2e;
padding: 8px 8px;
text-align: left;
}
#accounts tr:nth-child(even) {
background-color: #3a3a3a;
}
#accounts tr:hover {
background-color: #444;
}
#accounts th {
font-size: 0.8rem;
font-weight: 600;
padding-top: 5px;
padding-bottom: 5px;
background-color: #333;
}
</style>

View File

@ -28,7 +28,9 @@ class ApiController {
this.router.get('/metadata/:id/:trackIndex', this.getMetadata.bind(this)) this.router.get('/metadata/:id/:trackIndex', this.getMetadata.bind(this))
this.router.patch('/match/:id', this.match.bind(this)) this.router.patch('/match/:id', this.match.bind(this))
this.router.get('/users', this.getUsers.bind(this))
this.router.delete('/user/audiobook/:id', this.resetUserAudiobookProgress.bind(this)) this.router.delete('/user/audiobook/:id', this.resetUserAudiobookProgress.bind(this))
this.router.patch('/user/password', this.userChangePassword.bind(this))
this.router.post('/authorize', this.authorize.bind(this)) this.router.post('/authorize', this.authorize.bind(this))
@ -156,6 +158,11 @@ class ApiController {
res.sendStatus(200) res.sendStatus(200)
} }
getUsers(req, res) {
if (req.user.type !== 'root') return res.sendStatus(403)
return res.json(this.db.users.map(u => u.toJSONForBrowser()))
}
async resetUserAudiobookProgress(req, res) { async resetUserAudiobookProgress(req, res) {
req.user.resetAudiobookProgress(req.params.id) req.user.resetAudiobookProgress(req.params.id)
await this.db.updateEntity('user', req.user) await this.db.updateEntity('user', req.user)
@ -163,6 +170,10 @@ class ApiController {
res.sendStatus(200) res.sendStatus(200)
} }
userChangePassword(req, res) {
this.auth.userChangePassword(req, res)
}
getGenres(req, res) { getGenres(req, res) {
res.json({ res.json({
genres: this.db.getGenres() genres: this.db.getGenres()

View File

@ -114,65 +114,50 @@ class Auth {
} }
} }
async checkAuth(req, res) { comparePassword(password, user) {
var username = req.body.username if (user.type === 'root' && !password && !user.pash) return true
Logger.debug('Check Auth', username, !!req.body.password) if (!password || !user.pash) return false
return bcrypt.compare(password, user.pash)
}
var matchingUser = this.users.find(u => u.username === username) async userChangePassword(req, res) {
if (!matchingUser) { var { password, newPassword } = req.body
newPassword = newPassword || ''
var matchingUser = this.users.find(u => u.id === req.user.id)
// Only root can have an empty password
if (matchingUser.type !== 'root' && !newPassword) {
return res.json({ return res.json({
error: 'User not found' error: 'Invalid new password - Only root can have an empty password'
}) })
} }
var cleanedUser = { ...matchingUser } var compare = await this.comparePassword(password, matchingUser)
delete cleanedUser.pash if (!compare) {
return res.json({
// check for empty password (default) error: 'Invalid password'
if (!req.body.password) { })
if (!matchingUser.pash) {
res.cookie('user', username, { signed: true })
return res.json({
user: cleanedUser
})
} else {
return res.json({
error: 'Invalid Password'
})
}
} }
// Set root password first time var pw = ''
if (matchingUser.type === 'root' && !matchingUser.pash && req.body.password && req.body.password.length > 1) { if (newPassword) {
console.log('Set root pash') pw = await this.hashPass(newPassword)
var pw = await this.hashPass(req.body.password)
if (!pw) { if (!pw) {
return res.json({ return res.json({
error: 'Hash failed' error: 'Hash failed'
}) })
} }
this.users = this.users.map(u => {
if (u.username === matchingUser.username) {
u.pash = pw
}
return u
})
await this.saveAuthDb()
return res.json({
setroot: true,
user: cleanedUser
})
} }
var compare = await bcrypt.compare(req.body.password, matchingUser.pash) matchingUser.pash = pw
if (compare) { var success = await this.db.updateEntity('user', matchingUser)
res.cookie('user', username, { signed: true }) if (success) {
res.json({ res.json({
user: cleanedUser success: true
}) })
} else { } else {
res.json({ res.json({
error: 'Invalid Password' error: 'Unknown error'
}) })
} }
} }

View File

@ -143,8 +143,10 @@ class Db {
this[arrayKey] = this[arrayKey].map(e => { this[arrayKey] = this[arrayKey].map(e => {
return e.id === entity.id ? entity : e return e.id === entity.id ? entity : e
}) })
return true
}).catch((error) => { }).catch((error) => {
Logger.error(`[DB] Update entity ${entityName} Failed: ${error}`) Logger.error(`[DB] Update entity ${entityName} Failed: ${error}`)
return false
}) })
} }

View File

@ -3,7 +3,6 @@ const express = require('express')
const http = require('http') const http = require('http')
const SocketIO = require('socket.io') const SocketIO = require('socket.io')
const fs = require('fs-extra') const fs = require('fs-extra')
const cookieparser = require('cookie-parser')
const Auth = require('./Auth') const Auth = require('./Auth')
const Watcher = require('./Watcher') const Watcher = require('./Watcher')
@ -101,7 +100,6 @@ class Server {
this.server = http.createServer(app) this.server = http.createServer(app)
app.use(cookieparser('secret_family_recipe'))
app.use(this.auth.cors) app.use(this.auth.cors)
// Static path to generated nuxt // Static path to generated nuxt