bug fixes for useradmin
parent
7a86cef5a5
commit
21daab109f
|
@ -158,7 +158,7 @@ async function getAllDevicesFiltered() {
|
||||||
async function updateLastPing(deviceId) {
|
async function updateLastPing(deviceId) {
|
||||||
return Devices.update(
|
return Devices.update(
|
||||||
{ last_ping: Date.now() },
|
{ last_ping: Date.now() },
|
||||||
{ where: { [Op.or]: [{ id: deviceId }, { dongle_id: deviceId }] } },
|
{ where: { dongle_id: deviceId } },
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -197,7 +197,7 @@ async function getOwnersFromDongle(dongleId) {
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getDrives(dongleId, includeDeleted, includeMeta) {
|
async function getDrives(dongleId, includeDeleted, includeMeta) {
|
||||||
let query = { where: { dongle_id: dongleId } };
|
let query = { where: { dongle_id: dongleId }, order: [['created', 'DESC']] };
|
||||||
|
|
||||||
if (!includeDeleted) {
|
if (!includeDeleted) {
|
||||||
query = { ...query, where: { ...query.where, is_deleted: false } };
|
query = { ...query, where: { ...query.where, is_deleted: false } };
|
||||||
|
|
|
@ -214,7 +214,8 @@ async function upload(req, res) {
|
||||||
}
|
}
|
||||||
|
|
||||||
const decoded = device.public_key
|
const decoded = device.public_key
|
||||||
? await validateJWT(req.headers.authorization, device.public_key).catch(logger.error)
|
? await validateJWT(req.headers.authorization, device.public_key)
|
||||||
|
.catch((err) => logger.error(err))
|
||||||
: null;
|
: null;
|
||||||
|
|
||||||
if ((!decoded || decoded.identity !== dongleId)) {
|
if ((!decoded || decoded.identity !== dongleId)) {
|
||||||
|
@ -222,7 +223,9 @@ async function upload(req, res) {
|
||||||
return res.status(401).send('Unauthorized.');
|
return res.status(401).send('Unauthorized.');
|
||||||
}
|
}
|
||||||
|
|
||||||
await deviceController.updateLastPing(dongleId).catch(logger.error);
|
await deviceController
|
||||||
|
.updateLastPing(dongleId)
|
||||||
|
.catch((err) => logger.error(err));
|
||||||
|
|
||||||
let responseUrl = null;
|
let responseUrl = null;
|
||||||
const ts = Date.now(); // we use this to make sure old URLs cannot be reused (timeout after 60min)
|
const ts = Date.now(); // we use this to make sure old URLs cannot be reused (timeout after 60min)
|
||||||
|
|
|
@ -117,7 +117,7 @@ router.post('/register/token', bodyParser.urlencoded({ extended: true }), runAsy
|
||||||
|
|
||||||
let infoText = '';
|
let infoText = '';
|
||||||
|
|
||||||
if (req.body.token === undefined) { // email entered, token request
|
if (!req.body.token) { // email entered, token request
|
||||||
infoText = 'Please check your inbox (<b>SPAM</b>) for an email with the registration token.<br>If the token was not delivered, please ask the administrator to check the <i>server.log</i> for the token generated for your email.<br><br>';
|
infoText = 'Please check your inbox (<b>SPAM</b>) for an email with the registration token.<br>If the token was not delivered, please ask the administrator to check the <i>server.log</i> for the token generated for your email.<br><br>';
|
||||||
|
|
||||||
await mailingController.sendEmailVerification(token, email);
|
await mailingController.sendEmailVerification(token, email);
|
||||||
|
@ -259,7 +259,7 @@ router.post('/pair_device', [getAccount, bodyParser.urlencoded({ extended: true
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const pairDevice = await deviceController.pairDevice(account, req.body.qrString);
|
const pairDevice = await deviceController.pairDevice(account, qrString);
|
||||||
if (pairDevice.success === true) {
|
if (pairDevice.success === true) {
|
||||||
res.redirect('/useradmin/overview');
|
res.redirect('/useradmin/overview');
|
||||||
} else if (pairDevice.registered === true) {
|
} else if (pairDevice.registered === true) {
|
||||||
|
@ -283,9 +283,11 @@ router.get('/device/:dongleId', runAsyncWrapper(async (req, res) => {
|
||||||
return res.redirect(`/useradmin?status=${encodeURIComponent('Invalid or expired session')}`);
|
return res.redirect(`/useradmin?status=${encodeURIComponent('Invalid or expired session')}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
const device = await deviceController.getDeviceFromDongleId(req.params.dongleId);
|
const device = await deviceController.getDeviceFromDongleId(dongleId);
|
||||||
if (device == null || device.account_id !== account.id) {
|
if (!device) {
|
||||||
return res.status(400).send('Unauthorized.');
|
return res.status(404).send('Not Found.');
|
||||||
|
} else if (device.account_id !== account.id) {
|
||||||
|
return res.status(401).send('Unauthorized.');
|
||||||
}
|
}
|
||||||
|
|
||||||
const drives = await deviceController.getDrives(device.dongle_id, false, true);
|
const drives = await deviceController.getDrives(device.dongle_id, false, true);
|
||||||
|
@ -399,6 +401,7 @@ router.get('/device/:dongleId', runAsyncWrapper(async (req, res) => {
|
||||||
return res.status(200).send(response);
|
return res.status(200).send(response);
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
// TODO: move to user admin api?
|
||||||
router.get('/drive/:dongleId/:driveIdentifier/:action', runAsyncWrapper(async (req, res) => {
|
router.get('/drive/:dongleId/:driveIdentifier/:action', runAsyncWrapper(async (req, res) => {
|
||||||
const account = await authenticationController.getAuthenticatedAccount(req);
|
const account = await authenticationController.getAuthenticatedAccount(req);
|
||||||
if (account == null) {
|
if (account == null) {
|
||||||
|
@ -407,7 +410,7 @@ router.get('/drive/:dongleId/:driveIdentifier/:action', runAsyncWrapper(async (r
|
||||||
|
|
||||||
const drive = await deviceController.getDrive(req.params.dongleId, req.params.driveIdentifier);
|
const drive = await deviceController.getDrive(req.params.dongleId, req.params.driveIdentifier);
|
||||||
if (drive == null) {
|
if (drive == null) {
|
||||||
return res.status(400).send('Unauthorized.');
|
return res.status(404).send('Not Found.');
|
||||||
}
|
}
|
||||||
|
|
||||||
const { action } = req.params;
|
const { action } = req.params;
|
||||||
|
@ -431,12 +434,15 @@ router.get('/drive/:dongleId/:driveIdentifier', runAsyncWrapper(async (req, res)
|
||||||
}
|
}
|
||||||
|
|
||||||
const device = await deviceController.getDeviceFromDongleId(req.params.dongleId);
|
const device = await deviceController.getDeviceFromDongleId(req.params.dongleId);
|
||||||
if (device == null || device.account_id !== account.id) {
|
if (!device) {
|
||||||
return res.status(400).send('Unauthorized.');
|
return res.status(404).send('Not Found.');
|
||||||
|
} else if (device.account_id !== account.id) {
|
||||||
|
return res.status(401).send('Unauthorized.');
|
||||||
}
|
}
|
||||||
|
|
||||||
const drive = await deviceController.getDrive(req.params.dongleId, req.params.driveIdentifier);
|
const drive = await deviceController.getDrive(req.params.dongleId, req.params.driveIdentifier);
|
||||||
if (drive == null) {
|
if (drive == null) {
|
||||||
return res.status(400).send('Unauthorized.');
|
return res.status(404).send('Not Found.');
|
||||||
}
|
}
|
||||||
|
|
||||||
const dongleIdHash = crypto.createHmac('sha256', process.env.APP_SALT).update(device.dongle_id).digest('hex');
|
const dongleIdHash = crypto.createHmac('sha256', process.env.APP_SALT).update(device.dongle_id).digest('hex');
|
||||||
|
|
Loading…
Reference in New Issue