Skip to content

Commit d5f03c6

Browse files
skadefroskadefro
authored
Merge pull request openiap#232 from skadefro/master
Close 1.4.14
2 parents a90f439 + 4fd0be7 commit d5f03c6

49 files changed

Lines changed: 1704 additions & 1254 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

OpenFlow/src/Audit.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ export class Audit {
2626
Base.addRight(log, user._id, user.name, [Rights.read]);
2727
Base.addRight(log, impostor._id, impostor.name, [Rights.read]);
2828
log.success = true;
29+
log._type = "impersonate";
2930
log.type = "impersonate";
3031
log.userid = user._id;
3132
log.name = user.name;
@@ -42,6 +43,7 @@ export class Audit {
4243
Base.addRight(log, user._id, user.name, [Rights.read]);
4344
Base.addRight(log, impostor._id, impostor.name, [Rights.read]);
4445
log.success = false;
46+
log._type = "impersonate";
4547
log.type = "impersonate";
4648
log.userid = user._id;
4749
log.name = user.name;

OpenFlow/src/Config.ts

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ export class Config {
4848
Config.amqp_prefetch = parseInt(Config.getEnv("amqp_prefetch", "50"));
4949
Config.enable_entity_restriction = Config.parseBoolean(Config.getEnv("enable_entity_restriction", "false"));
5050
Config.enable_web_tours = Config.parseBoolean(Config.getEnv("enable_web_tours", "true"));
51+
Config.enable_nodered_tours = Config.parseBoolean(Config.getEnv("enable_nodered_tours", "true"));
5152
Config.auto_hourly_housekeeping = Config.parseBoolean(Config.getEnv("auto_hourly_housekeeping", "false"));
5253
Config.housekeeping_update_usage_hourly = Config.parseBoolean(Config.getEnv("housekeeping_update_usage_hourly", "false"));
5354
Config.housekeeping_update_usersize_hourly = Config.parseBoolean(Config.getEnv("housekeeping_update_usersize_hourly", "true"));
@@ -127,6 +128,9 @@ export class Config {
127128
Config.decorate_roles_fetching_all_roles = Config.parseBoolean(Config.getEnv("decorate_roles_fetching_all_roles", "true"));
128129
Config.update_acl_based_on_groups = Config.parseBoolean(Config.getEnv("update_acl_based_on_groups", "false"));
129130
Config.multi_tenant = Config.parseBoolean(Config.getEnv("multi_tenant", "false"));
131+
Config.cleanup_on_delete_customer = Config.parseBoolean(Config.getEnv("cleanup_on_delete_customer", "false"));
132+
Config.cleanup_on_delete_user = Config.parseBoolean(Config.getEnv("cleanup_on_delete_user", "false"));
133+
130134
Config.api_bypass_perm_check = Config.parseBoolean(Config.getEnv("api_bypass_perm_check", "false"));
131135
Config.websocket_package_size = parseInt(Config.getEnv("websocket_package_size", "4096"), 10);
132136
Config.websocket_max_package_count = parseInt(Config.getEnv("websocket_max_package_count", "1024"), 10);
@@ -238,6 +242,7 @@ export class Config {
238242
public static amqp_prefetch: number = parseInt(Config.getEnv("amqp_prefetch", "50"));
239243
public static enable_entity_restriction: boolean = Config.parseBoolean(Config.getEnv("enable_entity_restriction", "false"));
240244
public static enable_web_tours: boolean = Config.parseBoolean(Config.getEnv("enable_web_tours", "true"));
245+
public static enable_nodered_tours: boolean = Config.parseBoolean(Config.getEnv("enable_nodered_tours", "true"));
241246
public static auto_hourly_housekeeping: boolean = Config.parseBoolean(Config.getEnv("auto_hourly_housekeeping", "true"));
242247
public static housekeeping_update_usage_hourly: boolean = Config.parseBoolean(Config.getEnv("housekeeping_update_usage_hourly", "false"));
243248
public static housekeeping_update_usersize_hourly: boolean = Config.parseBoolean(Config.getEnv("housekeeping_update_usersize_hourly", "true"));
@@ -319,6 +324,8 @@ export class Config {
319324
public static max_recursive_group_depth: number = parseInt(Config.getEnv("max_recursive_group_depth", "2"));
320325
public static update_acl_based_on_groups: boolean = Config.parseBoolean(Config.getEnv("update_acl_based_on_groups", "false"));
321326
public static multi_tenant: boolean = Config.parseBoolean(Config.getEnv("multi_tenant", "false"));
327+
public static cleanup_on_delete_customer: boolean = Config.parseBoolean(Config.getEnv("cleanup_on_delete_customer", "false"));
328+
public static cleanup_on_delete_user: boolean = Config.parseBoolean(Config.getEnv("cleanup_on_delete_user", "false"));
322329
public static api_bypass_perm_check: boolean = Config.parseBoolean(Config.getEnv("api_bypass_perm_check", "false"));
323330
public static websocket_package_size: number = parseInt(Config.getEnv("websocket_package_size", "4096"), 10);
324331
public static websocket_max_package_count: number = parseInt(Config.getEnv("websocket_max_package_count", "1024"), 10);
@@ -439,7 +446,7 @@ export class Config {
439446
// if anything throws, we retry
440447
return promiseRetry(async () => {
441448
const reader: any = await fetch({ url });
442-
if (NoderedUtil.IsNullUndefinded(reader)) { throw new Error("Failed getting result"); return; }
449+
if (NoderedUtil.IsNullUndefinded(reader)) { throw new Error("Failed getting result"); }
443450
const config: any = toPassportConfig(reader);
444451
// we need this, for Office 365 :-/
445452
if (reader.signingCerts && reader.signingCerts.length > 1) {

OpenFlow/src/DBHelper.ts

Lines changed: 28 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -134,9 +134,11 @@ export class DBHelper {
134134
return Config.db.query<Provider>({ query: { _type: "provider" }, top: 10, collectionname: "config", jwt: Crypt.rootToken() }, span);;
135135
});
136136
// const result: Provider[] = [];
137+
// https://www.w3schools.com/icons/fontawesome5_icons_brands.asp
137138
items.forEach(provider => {
138139
// const item: any = { name: provider.name, id: provider.id, provider: provider.provider, logo: "fa-question-circle" };
139-
provider.logo = "fa-question-circle";
140+
provider.logo = "fa-microsoft";
141+
if (provider.provider === "oidc") { provider.logo = "fa-openid"; }
140142
if (provider.provider === "google") { provider.logo = "fa-google"; }
141143
if (provider.provider === "saml") { provider.logo = "fa-windows"; }
142144
//result.push(item);
@@ -454,7 +456,11 @@ export class DBHelper {
454456
});
455457

456458
if (results.length > 0) {
457-
user.roles = results[0].roles;
459+
user.roles = [];
460+
results[0].roles.forEach(r => {
461+
const exists = user.roles.filter(x => x._id == r._id);
462+
if (exists.length == 0) user.roles.push(r);
463+
});
458464
results[0].roles2.forEach(r => {
459465
const exists = user.roles.filter(x => x._id == r._id);
460466
if (exists.length == 0) user.roles.push(r);
@@ -511,15 +517,14 @@ export class DBHelper {
511517
}
512518
return user as any;
513519
}
514-
public async FindRoleByName(name: string, parent: Span): Promise<Role> {
520+
public async FindRoleByName(name: string, jwt: string, parent: Span): Promise<Role> {
515521
await this.init();
516522
const span: Span = Logger.otel.startSubSpan("dbhelper.FindByUsername", parent);
517523
try {
518524
let item = await this.memoryCache.wrap("rolename_" + name, async () => {
519-
const items: Role[] = await Config.db.query<Role>({ query: { name: name, "_type": "role" }, top: 1, collectionname: "users", jwt: Crypt.rootToken() }, parent);
520-
if (items === null || items === undefined || items.length === 0) { return null; }
525+
if (jwt === null || jwt == undefined || jwt == "") { jwt = Crypt.rootToken(); }
521526
Logger.instanse.debug("DBHelper", "FindRoleByName", "Add role to cache : " + name);
522-
return items[0];
527+
return Config.db.GetOne<Role>({ query: { name: name, "_type": "role" }, collectionname: "users", jwt }, parent)
523528
});
524529
if (NoderedUtil.IsNullUndefinded(item)) return null;
525530
return Role.assign(item);
@@ -537,15 +542,15 @@ export class DBHelper {
537542
const span: Span = Logger.otel.startSubSpan("dbhelper.EnsureRole", parent);
538543
try {
539544
Logger.instanse.verbose("DBHelper", "EnsureRole", `FindRoleByName ${name}`);
540-
let role: Role = await this.FindRoleByName(name, span);
545+
let role: Role = await this.FindRoleByName(name, jwt, span);
541546
if (role == null) {
542547
Logger.instanse.verbose("DBHelper", "EnsureRole", `EnsureRole FindRoleById ${name}`);
543-
role = await this.FindRoleById(name, null, span);
548+
role = await this.FindRoleById(id, null, span);
544549
}
545550
if (role !== null && (role._id === id || NoderedUtil.IsNullEmpty(id))) { return role; }
546551
if (role !== null && !NoderedUtil.IsNullEmpty(role._id)) {
547552
Logger.instanse.warn("DBHelper", "EnsureRole", `Deleting ${name} with ${role._id} not matcing expected id ${id}`);
548-
await Config.db.DeleteOne(role._id, "users", jwt, span);
553+
await Config.db.DeleteOne(role._id, "users", false, jwt, span);
549554
}
550555
role = new Role(); role.name = name; role._id = id;
551556
Logger.instanse.verbose("DBHelper", "EnsureRole", `Adding new role ${name}`);
@@ -564,7 +569,7 @@ export class DBHelper {
564569
Logger.otel.endSpan(span);
565570
}
566571
}
567-
public async EnsureUser(jwt: string, name: string, username: string, id: string, password: string, parent: Span): Promise<User> {
572+
public async EnsureUser(jwt: string, name: string, username: string, id: string, password: string, extraoptions: any, parent: Span): Promise<User> {
568573
const span: Span = Logger.otel.startSubSpan("dbhelper.ensureUser", parent);
569574
try {
570575
span?.addEvent("FindByUsernameOrId");
@@ -578,9 +583,11 @@ export class DBHelper {
578583
if (user !== null && id !== null) {
579584
span?.addEvent("Deleting");
580585
Logger.instanse.warn("DBHelper", "EnsureUser", `Deleting ${name} with ${user._id} not matcing expected id ${id}`);
581-
await Config.db.DeleteOne(user._id, "users", jwt, span);
586+
await Config.db.DeleteOne(user._id, "users", false, jwt, span);
582587
}
583-
user = new User(); user._id = id; user.name = name; user.username = username;
588+
user = new User();
589+
if (!NoderedUtil.IsNullUndefinded(extraoptions)) user = Object.assign(user, extraoptions);
590+
user._id = id; user.name = name; user.username = username;
584591
if (password !== null && password !== undefined && password !== "") {
585592
span?.addEvent("SetPassword");
586593
await Crypt.SetPassword(user, password, span);
@@ -607,10 +614,13 @@ export class DBHelper {
607614
public async EnsureNoderedRoles(user: TokenUser | User, jwt: string, force: boolean, parent: Span): Promise<void> {
608615
if (Config.auto_create_personal_nodered_group || force) {
609616
let name = user.username;
610-
name = name.split("@").join("").split(".").join("");
617+
// name = name.split("@").join("").split(".").join("");
618+
// name = name.toLowerCase();
611619
name = name.toLowerCase();
620+
name = name.replace(/([^a-z0-9]+){1,63}/gi, "");
621+
612622

613-
let noderedadmins = await this.FindRoleById(name + "noderedadmins", jwt, parent);
623+
let noderedadmins = await this.FindRoleByName(name + "noderedadmins", jwt, parent);
614624
if (noderedadmins == null) {
615625
noderedadmins = await this.EnsureRole(jwt, name + "noderedadmins", null, parent);
616626
Base.addRight(noderedadmins, user._id, user.username, [Rights.full_control]);
@@ -621,10 +631,12 @@ export class DBHelper {
621631
}
622632
if (Config.auto_create_personal_noderedapi_group || force) {
623633
let name = user.username;
624-
name = name.split("@").join("").split(".").join("");
634+
// name = name.split("@").join("").split(".").join("");
635+
// name = name.toLowerCase();
625636
name = name.toLowerCase();
637+
name = name.replace(/([^a-z0-9]+){1,63}/gi, "");
626638

627-
let noderedadmins = await this.FindRoleById(name + "nodered api users", jwt, parent);
639+
let noderedadmins = await this.FindRoleByName(name + "nodered api users", jwt, parent);
628640
if (noderedadmins == null) {
629641
noderedadmins = await this.EnsureRole(jwt, name + "nodered api users", null, parent);
630642
Base.addRight(noderedadmins, user._id, user.username, [Rights.full_control]);

0 commit comments

Comments
 (0)