From 6396eb82474981bea66afd22d80c288effbff77a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20Salgado?= Date: Wed, 27 Jan 2021 17:24:35 +0000 Subject: [PATCH] fix: sql casing --- lib/new-admin/admin-server.js | 2 +- lib/new-admin/services/login.js | 6 +- lib/session-manager.js | 28 ++-- lib/users.js | 58 +++---- migrations/1605181184453-users.js | 144 +++++++++--------- new-lamassu-admin/src/lamassu/App.js | 6 +- .../src/pages/Authentication/Login.js | 22 ++- .../src/pages/Authentication/LoginState.js | 128 ++++++++-------- 8 files changed, 193 insertions(+), 201 deletions(-) diff --git a/lib/new-admin/admin-server.js b/lib/new-admin/admin-server.js index 42c3c89f..decfe7aa 100644 --- a/lib/new-admin/admin-server.js +++ b/lib/new-admin/admin-server.js @@ -44,7 +44,7 @@ app.use(bodyParser.json()) app.use(bodyParser.urlencoded({ extended: true })) // support encoded bodies app.use(express.static(path.resolve(__dirname, '..', '..', 'public'))) -app.use(['*'], session({ +app.use('*', session({ store: new pgSession({ pgPromise: db, tableName: 'user_sessions' diff --git a/lib/new-admin/services/login.js b/lib/new-admin/services/login.js index 6e2ea41e..41ac8561 100644 --- a/lib/new-admin/services/login.js +++ b/lib/new-admin/services/login.js @@ -1,13 +1,13 @@ const db = require('../../db') function checkUser (username) { - const sql = 'select * from users where username=$1' + const sql = 'SELECT * FROM users WHERE username=$1' return db.oneOrNone(sql, [username]).then(value => { return value.password }).catch(() => false) } function validateUser (username, password) { - const sql = 'select id, username from users where username=$1 and password=$2' - const sqlUpdateLastAccessed = 'update users set last_accessed = now() where username=$1' + const sql = 'SELECT id, username FROM users WHERE username=$1 AND password=$2' + const sqlUpdateLastAccessed = 'UPDATE users SET last_accessed = now() WHERE username=$1' return db.oneOrNone(sql, [username, password]) .then(user => { db.none(sqlUpdateLastAccessed, [user.username]); return user }) diff --git a/lib/session-manager.js b/lib/session-manager.js index 804c9705..1938239d 100644 --- a/lib/session-manager.js +++ b/lib/session-manager.js @@ -1,41 +1,41 @@ const db = require('./db') function getSessionList () { - const sql = `select * from user_sessions order by sess -> 'user' ->> 'username'` + const sql = `SELECT * FROM user_sessions ORDER BY sess -> 'user' ->> 'username'` return db.any(sql) } function getLastSessionByUser () { - const sql = `select b.username, a.user_agent, a.ip_address, a.last_used, b.role from ( - select sess -> 'user' ->> 'username' as username, - sess ->> 'ua' as user_agent, - sess ->> 'ipAddress' as ip_address, - sess ->> 'lastUsed' as last_used - from user_sessions - ) a right join ( - select distinct on (username) + const sql = `SELECT b.username, a.user_agent, a.ip_address, a.last_used, b.role FROM ( + SELECT sess -> 'user' ->> 'username' AS username, + sess ->> 'ua' AS user_agent, + sess ->> 'ipAddress' AS ip_address, + sess ->> 'lastUsed' AS last_used + FROM user_sessions + ) a RIGHT JOIN ( + SELECT DISTINCT ON (username) username, role - from users) b on a.username = b.username` + FROM users) b ON a.username = b.username` return db.any(sql) } function getUserSessions (username) { - const sql = `select * from user_sessions where sess -> 'user' ->> 'username'=$1` + const sql = `SELECT * FROM user_sessions WHERE sess -> 'user' ->> 'username'=$1` return db.any(sql, [username]) } function getSession (sessionID) { - const sql = `select * from user_sessions where sid=$1` + const sql = `SELECT * FROM user_sessions WHERE sid=$1` return db.any(sql, [sessionID]) } function deleteUserSessions (username) { - const sql = `delete from user_sessions where sess -> 'user' ->> 'username'=$1` + const sql = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'username'=$1` return db.none(sql, [username]) } function deleteSession (sessionID) { - const sql = `delete from user_sessions where sid=$1` + const sql = `DELETE FROM user_sessions WHERE sid=$1` return db.none(sql, [sessionID]) } diff --git a/lib/users.js b/lib/users.js index eda10926..2f3d4838 100644 --- a/lib/users.js +++ b/lib/users.js @@ -17,7 +17,7 @@ const db = require('./db') * @returns {user object} User object (containing name) */ function get (token) { - const sql = 'select * from user_tokens where token=$1' + const sql = 'SELECT * FROM user_tokens WHERE token=$1' return db.oneOrNone(sql, [token]) } @@ -32,27 +32,27 @@ function get (token) { * @returns {array} Array of users found */ function getByIds (tokens) { - const sql = 'select * from user_tokens where token in ($1^)' + const sql = 'SELECT * FROM user_tokens WHERE token IN ($1^)' const tokensClause = _.map(pgp.as.text, tokens).join(',') return db.any(sql, [tokensClause]) } function getUsers () { - const sql = `select id, username, role, enabled, last_accessed, last_accessed_from, last_accessed_address from users order by username` + const sql = `SELECT id, username, role, enabled, last_accessed, last_accessed_from, last_accessed_address FROM users ORDER BY username` return db.any(sql) } function getByName (username) { - const sql = `select id, username, role, last_accessed from users where username=$1 limit 1` + const sql = `SELECT id, username, role, last_accessed FROM users WHERE username=$1 limit 1` return db.oneOrNone(sql, [username]) } function verifyAndUpdateUser (id, ua, ip) { - const sql = `select id, username, role, enabled from users where id=$1 limit 1` + const sql = `SELECT id, username, role, enabled FROM users WHERE id=$1 limit 1` return db.oneOrNone(sql, [id]).then(user => { if (!user) return null - const sql2 = `update users set last_accessed=now(), last_accessed_from=$1, last_accessed_address=$2 where id=$3 returning id, role, enabled` + const sql2 = `UPDATE users SET last_accessed=now(), last_accessed_from=$1, last_accessed_address=$2 WHERE id=$3 RETURNING id, role, enabled` return db.one(sql2, [ua, ip, id]).then(user => { return user }) @@ -60,39 +60,39 @@ function verifyAndUpdateUser (id, ua, ip) { } function createUser (username, password, role) { - const sql = `insert into users (id, username, password, role) values ($1, $2, $3, $4)` + const sql = `INSERT INTO users (id, username, password, role) VALUES ($1, $2, $3, $4)` bcrypt.hash(password, 12).then(function (hash) { return db.none(sql, [uuid.v4(), username, hash, role]) }) } function deleteUser (id) { - const sql = `delete from users where id=$1` - const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1` + const sql = `DELETE FROM users WHERE id=$1` + const sql2 = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1` return db.none(sql, [id]).then(() => db.none(sql2, [id])) } function findById (id) { - const sql = 'select id, username from users where id=$1' + const sql = 'SELECT id, username FROM users WHERE id=$1' return db.oneOrNone(sql, [id]) } function get2FASecret (id) { - const sql = 'select id, username, twofa_code, role from users where id=$1' + const sql = 'SELECT id, username, twofa_code, role FROM users WHERE id=$1' return db.oneOrNone(sql, [id]) } function save2FASecret (id, secret) { - const sql = 'update users set twofa_code=$1 where id=$2' - const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1` + const sql = 'UPDATE users SET twofa_code=$1 WHERE id=$2' + const sql2 = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1` return db.none(sql, [secret, id]).then(() => db.none(sql2, [id])) } function validate2FAResetToken (token) { - const sql = `delete from reset_twofa - where token=$1 - returning user_id, now() < expire as success` + const sql = `DELETE FROM reset_twofa + WHERE token=$1 + RETURNING user_id, now() < expire AS success` return db.one(sql, [token]) .then(res => ({ userID: res.user_id, success: res.success })) @@ -100,23 +100,23 @@ function validate2FAResetToken (token) { function createReset2FAToken (userID) { const token = crypto.randomBytes(32).toString('hex') - const sql = `insert into reset_twofa (token, user_id) values ($1, $2) on conflict (user_id) do update set token=$1, expire=now() + interval '30 minutes' returning *` + const sql = `INSERT INTO reset_twofa (token, user_id) VALUES ($1, $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *` return db.one(sql, [token, userID]) } function updatePassword (id, password) { bcrypt.hash(password, 12).then(function (hash) { - const sql = `update users set password=$1 where id=$2` - const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1` + const sql = `UPDATE users SET password=$1 WHERE id=$2` + const sql2 = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1` return db.none(sql, [hash, id]).then(() => db.none(sql2, [id])) }) } function validatePasswordResetToken (token) { - const sql = `delete from reset_password - where token=$1 - returning user_id, now() < expire as success` + const sql = `DELETE FROM reset_password + WHERE token=$1 + RETURNING user_id, now() < expire AS success` return db.one(sql, [token]) .then(res => ({ userID: res.user_id, success: res.success })) @@ -124,34 +124,34 @@ function validatePasswordResetToken (token) { function createResetPasswordToken (userID) { const token = crypto.randomBytes(32).toString('hex') - const sql = `insert into reset_password (token, user_id) values ($1, $2) on conflict (user_id) do update set token=$1, expire=now() + interval '30 minutes' returning *` + const sql = `INSERT INTO reset_password (token, user_id) VALUES ($1, $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *` return db.one(sql, [token, userID]) } function createUserRegistrationToken (username, role) { const token = crypto.randomBytes(32).toString('hex') - const sql = `insert into user_register_tokens (token, username, role) values ($1, $2, $3) on conflict (username) - do update set token=$1, expire=now() + interval '30 minutes' returning *` + const sql = `INSERT INTO user_register_tokens (token, username, role) VALUES ($1, $2, $3) ON CONFLICT (username) + DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *` return db.one(sql, [token, username, role]) } function validateUserRegistrationToken (token) { - const sql = `delete from user_register_tokens where token=$1 - returning username, role, now() < expire as success` + const sql = `DELETE FROM user_register_tokens WHERE token=$1 + RETURNING username, role, now() < expire AS success` return db.one(sql, [token]) .then(res => ({ username: res.username, role: res.role, success: res.success })) } function changeUserRole (id, newRole) { - const sql = `update users set role=$1 where id=$2` + const sql = `UPDATE users SET role=$1 WHERE id=$2` return db.none(sql, [newRole, id]) } function toggleUserEnable (id) { - const sql = `update users set enabled=not enabled where id=$1` + const sql = `UPDATE users SET enabled=not enabled WHERE id=$1` return db.none(sql, [id]) } diff --git a/migrations/1605181184453-users.js b/migrations/1605181184453-users.js index 7c1158fb..45c24e70 100644 --- a/migrations/1605181184453-users.js +++ b/migrations/1605181184453-users.js @@ -2,87 +2,87 @@ var db = require('./db') exports.up = function (next) { var sql = [ - `create type role as ENUM('user', 'superuser')`, - `create table users ( - id uuid PRIMARY KEY, - username varchar(50) UNIQUE, - password varchar(100), - role role default 'user', - enabled boolean default true, - twofa_code varchar(100), - created timestamptz not null default now(), - last_accessed timestamptz not null default now(), - last_accessed_from text, - last_accessed_address inet )`, + `CREATE TYPE role AS ENUM('user', 'superuser')`, + `CREATE TABLE users ( + id UUID PRIMARY KEY, + username VARCHAR(50) UNIQUE, + password VARCHAR(100), + role role DEFAULT 'user', + enabled BOOLEAN DEFAULT true, + twofa_code VARCHAR(100), + created TIMESTAMPTZ NOT NULL DEFAULT now(), + last_accessed TIMESTAMPTZ NOT NULL DEFAULT now(), + last_accessed_from TEXT, + last_accessed_address INET )`, `CREATE TABLE "user_sessions" ( - "sid" varchar NOT NULL COLLATE "default", - "sess" json NOT NULL, - "expire" timestamp(6) NOT NULL ) + "sid" VARCHAR NOT NULL COLLATE "default", + "sess" JSON NOT NULL, + "expire" TIMESTAMP(6) NOT NULL ) WITH (OIDS=FALSE)`, `ALTER TABLE "user_sessions" ADD CONSTRAINT "session_pkey" PRIMARY KEY ("sid") NOT DEFERRABLE INITIALLY IMMEDIATE`, `CREATE INDEX "IDX_session_expire" ON "user_sessions" ("expire")`, - `create table reset_password ( - token text not null PRIMARY KEY, - user_id uuid references users(id) on delete cascade unique, - expire timestamptz not null default now() + interval '30 minutes' + `CREATE TABLE reset_password ( + token TEXT NOT NULL PRIMARY KEY, + user_id UUID REFERENCES users(id) ON DELETE CASCADE UNIQUE, + expire TIMESTAMPTZ NOT NULL DEFAULT now() + interval '30 minutes' )`, - `create index "idx_reset_pw_expire" on "reset_password" ("expire")`, - `create table reset_twofa ( - token text not null PRIMARY KEY, - user_id uuid references users(id) on delete cascade unique, - expire timestamptz not null default now() + interval '30 minutes' + `CREATE INDEX "idx_reset_pw_expire" ON "reset_password" ("expire")`, + `CREATE TABLE reset_twofa ( + token TEXT NOT NULL PRIMARY KEY, + user_id UUID REFERENCES users(id) ON DELETE CASCADE UNIQUE, + expire TIMESTAMPTZ NOT NULL DEFAULT now() + interval '30 minutes' )`, - `create index "idx_reset_twofa_expire" on "reset_twofa" ("expire")`, - `create table user_register_tokens ( - token text not null PRIMARY KEY, - username text not null unique, - role role default 'user', - expire timestamptz not null default now() + interval '30 minutes' + `CREATE INDEX "idx_reset_twofa_expire" ON "reset_twofa" ("expire")`, + `CREATE TABLE user_register_tokens ( + token TEXT NOT NULL PRIMARY KEY, + username TEXT NOT NULL UNIQUE, + role role DEFAULT 'user', + expire TIMESTAMPTZ NOT NULL DEFAULT now() + interval '30 minutes' )`, // migrate values from customers which reference user_tokens for data persistence - `alter table customers add column sms_override_by_old text`, - `alter table customers add column id_card_data_override_by_old text`, - `alter table customers add column id_card_photo_override_by_old text`, - `alter table customers add column front_camera_override_by_old text`, - `alter table customers add column sanctions_override_by_old text`, - `alter table customers add column authorized_override_by_old text`, - `alter table customers add column us_ssn_override_by_old text`, - `update customers set sms_override_by_old=ut.name from user_tokens ut - where customers.sms_override_by=ut.token`, - `update customers set id_card_data_override_by_old=ut.name from user_tokens ut - where customers.id_card_data_override_by=ut.token`, - `update customers set id_card_photo_override_by_old=ut.name from user_tokens ut - where customers.id_card_photo_override_by=ut.token`, - `update customers set front_camera_override_by_old=ut.name from user_tokens ut - where customers.front_camera_override_by=ut.token`, - `update customers set sanctions_override_by_old=ut.name from user_tokens ut - where customers.sanctions_override_by=ut.token`, - `update customers set authorized_override_by_old=ut.name from user_tokens ut - where customers.authorized_override_by=ut.token`, - `update customers set us_ssn_override_by_old=ut.name from user_tokens ut - where customers.us_ssn_override_by=ut.token`, - `alter table customers drop column sms_override_by`, - `alter table customers drop column id_card_data_override_by`, - `alter table customers drop column id_card_photo_override_by`, - `alter table customers drop column front_camera_override_by`, - `alter table customers drop column sanctions_override_by`, - `alter table customers drop column authorized_override_by`, - `alter table customers drop column us_ssn_override_by`, - `alter table customers add column sms_override_by uuid references users(id)`, - `alter table customers add column id_card_data_override_by uuid references users(id)`, - `alter table customers add column id_card_photo_override_by uuid references users(id)`, - `alter table customers add column front_camera_override_by uuid references users(id)`, - `alter table customers add column sanctions_override_by uuid references users(id)`, - `alter table customers add column authorized_override_by uuid references users(id)`, - `alter table customers add column us_ssn_override_by uuid references users(id)`, + `ALTER TABLE customers ADD COLUMN sms_override_by_old TEXT`, + `ALTER TABLE customers ADD COLUMN id_card_data_override_by_old TEXT`, + `ALTER TABLE customers ADD COLUMN id_card_photo_override_by_old TEXT`, + `ALTER TABLE customers ADD COLUMN front_camera_override_by_old TEXT`, + `ALTER TABLE customers ADD COLUMN sanctions_override_by_old TEXT`, + `ALTER TABLE customers ADD COLUMN authorized_override_by_old TEXT`, + `ALTER TABLE customers ADD COLUMN us_ssn_override_by_old TEXT`, + `UPDATE customers SET sms_override_by_old=ut.name FROM user_tokens ut + WHERE customers.sms_override_by=ut.token`, + `UPDATE customers SET id_card_data_override_by_old=ut.name FROM user_tokens ut + WHERE customers.id_card_data_override_by=ut.token`, + `UPDATE customers SET id_card_photo_override_by_old=ut.name FROM user_tokens ut + WHERE customers.id_card_photo_override_by=ut.token`, + `UPDATE customers SET front_camera_override_by_old=ut.name FROM user_tokens ut + WHERE customers.front_camera_override_by=ut.token`, + `UPDATE customers SET sanctions_override_by_old=ut.name FROM user_tokens ut + WHERE customers.sanctions_override_by=ut.token`, + `UPDATE customers SET authorized_override_by_old=ut.name FROM user_tokens ut + WHERE customers.authorized_override_by=ut.token`, + `UPDATE customers SET us_ssn_override_by_old=ut.name FROM user_tokens ut + WHERE customers.us_ssn_override_by=ut.token`, + `ALTER TABLE customers DROP COLUMN sms_override_by`, + `ALTER TABLE customers DROP COLUMN id_card_data_override_by`, + `ALTER TABLE customers DROP COLUMN id_card_photo_override_by`, + `ALTER TABLE customers DROP COLUMN front_camera_override_by`, + `ALTER TABLE customers DROP COLUMN sanctions_override_by`, + `ALTER TABLE customers DROP COLUMN authorized_override_by`, + `ALTER TABLE customers DROP COLUMN us_ssn_override_by`, + `ALTER TABLE customers ADD COLUMN sms_override_by UUID REFERENCES users(id)`, + `ALTER TABLE customers ADD COLUMN id_card_data_override_by UUID REFERENCES users(id)`, + `ALTER TABLE customers ADD COLUMN id_card_photo_override_by UUID REFERENCES users(id)`, + `ALTER TABLE customers ADD COLUMN front_camera_override_by UUID REFERENCES users(id)`, + `ALTER TABLE customers ADD COLUMN sanctions_override_by UUID REFERENCES users(id)`, + `ALTER TABLE customers ADD COLUMN authorized_override_by UUID REFERENCES users(id)`, + `ALTER TABLE customers ADD COLUMN us_ssn_override_by UUID REFERENCES users(id)`, // migrate values from compliance_overrides which reference user_tokens for data persistence - `alter table compliance_overrides add column override_by_old text`, - `update compliance_overrides set override_by_old=ut.name from user_tokens ut - where compliance_overrides.override_by=ut.token`, - `alter table compliance_overrides drop column override_by`, - `alter table compliance_overrides add column override_by uuid references users(id)`, - `drop table if exists one_time_passes`, - `drop table if exists user_tokens` + `ALTER TABLE compliance_overrides ADD COLUMN override_by_old TEXT`, + `UPDATE compliance_overrides SET override_by_old=ut.name FROM user_tokens ut + WHERE compliance_overrides.override_by=ut.token`, + `ALTER TABLE compliance_overrides DROP COLUMN override_by`, + `ALTER TABLE compliance_overrides ADD COLUMN override_by UUID REFERENCES users(id)`, + `DROP TABLE IF EXISTS one_time_passes`, + `DROP TABLE IF EXISTS user_tokens` ] db.multi(sql, next) diff --git a/new-lamassu-admin/src/lamassu/App.js b/new-lamassu-admin/src/lamassu/App.js index 3baed658..95da796c 100644 --- a/new-lamassu-admin/src/lamassu/App.js +++ b/new-lamassu-admin/src/lamassu/App.js @@ -127,10 +127,6 @@ const App = () => { process.env.NODE_ENV === 'development' ? 'https://localhost:8070' : '' useEffect(() => { - getUserData() - }, []) - - const getUserData = () => { axios({ method: 'GET', url: `${url}/user-data`, @@ -144,7 +140,7 @@ const App = () => { setLoading(false) if (err.status === 403) setUserData(null) }) - } + }, [url]) return ( { const classes = useStyles() return ( - <> - - - - + + + - + ) } diff --git a/new-lamassu-admin/src/pages/Authentication/LoginState.js b/new-lamassu-admin/src/pages/Authentication/LoginState.js index f04b0a66..885cb53d 100644 --- a/new-lamassu-admin/src/pages/Authentication/LoginState.js +++ b/new-lamassu-admin/src/pages/Authentication/LoginState.js @@ -63,73 +63,71 @@ const LoginState = ({ } return ( - <> - { - setInvalidLogin(false) - onClientChange(values.client) - onPasswordChange(values.password) - onRememberMeChange(values.rememberMe) - login({ - variables: { - username: values.client, - password: values.password - } - }) - }}> - {({ errors, touched }) => ( -
+ { + setInvalidLogin(false) + onClientChange(values.client) + onPasswordChange(values.password) + onRememberMeChange(values.rememberMe) + login({ + variables: { + username: values.client, + password: values.password + } + }) + }}> + {({ errors, touched }) => ( + + { + if (invalidLogin) setInvalidLogin(false) + }} + /> + { + if (invalidLogin) setInvalidLogin(false) + }} + /> +
{ - if (invalidLogin) setInvalidLogin(false) - }} + name="rememberMe" + className={classes.checkbox} + component={Checkbox} /> - { - if (invalidLogin) setInvalidLogin(false) - }} - /> -
- - Keep me logged in -
-
- {getErrorMsg(errors, touched) && ( -

- {getErrorMsg(errors, touched)} -

- )} - -
- - )} - - + Keep me logged in +
+
+ {getErrorMsg(errors, touched) && ( +

+ {getErrorMsg(errors, touched)} +

+ )} + +
+ + )} +
) }