retropilot
/
retropilot-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(useradmin): fix unpair_device endpoint

pull/4/head
Cameron Clough 2022-03-25 00:40:07 +00:00
parent 8e0293704e
commit ba7845891d
No known key found for this signature in database
GPG Key ID: BFB3B74B026ED43F
3 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/server/controllers/devices.js
View File

@ -73,7 +73,7 @@ async function pairDeviceToAccountId(dongleId, accountId) {
}
async function unpairDevice(dongleId, accountId) {
const device = await Devices.getOne(
const device = await Devices.findOne(
{ where: { account_id: accountId, dongle_id: dongleId } },
);
@ -89,7 +89,7 @@ async function unpairDevice(dongleId, accountId) {
}
async function setDeviceNickname(account, dongleId, nickname) {
const device = await Devices.getOne(
const device = await Devices.findOne(
{ where: { account_id: account.id, dongle_id: dongleId } },
);

10
src/server/router/api/useradmin.js
View File

@ -5,6 +5,7 @@ import cookieParser from 'cookie-parser';
import controllers from '../../controllers';
import deviceController from '../../controllers/devices';
import { requireAuthenticated } from '../../middlewares/authentication';
import { getDevice } from '../../middlewares/devices';
// TODO Remove this, pending on removing all auth logic from routes
@ -74,10 +75,13 @@ router.get('/overview', requireAuthenticated, runAsyncWrapper(async (req, res) =
});
}));
router.get('/unpair_device/:dongleId', requireAuthenticated, runAsyncWrapper(async (req, res) => {
const { account, params: { dongleId } } = req;
router.get('/unpair_device/:dongleId', [requireAuthenticated, getDevice], runAsyncWrapper(async (req, res) => {
const {
account,
device,
params: { dongleId },
} = req;
const device = await deviceController.getDeviceFromDongleId(dongleId);
if (!device) {
return res.status(404).json({ success: false, msg: 'NOT_FOUND' });
} else if (device.accountId !== account.id) {

23
src/server/router/useradmin.js
View File

@ -14,6 +14,7 @@ import mailingController from '../controllers/mailing';
import deviceController from '../controllers/devices';
import userController from '../controllers/users';
import { getAccount } from '../middlewares/authentication';
import { getDevice } from '../middlewares/devices';
const logger = log4js.getLogger('useradmin');
const router = express.Router();
@ -207,6 +208,7 @@ router.get('/overview', requireAuthenticated, runAsyncWrapper(async (req, res) =
let response = `<html style="font-family: monospace">
<h2>Welcome To The RetroPilot Server Dashboard!</h2>
${req.query.status ? `<dialog open>${htmlspecialchars(req.query.status)}</dialog>` : ''}
<br><br>
<h3>Account Overview</h3>
<b>Account:</b> #${account.id}<br>
@ -248,11 +250,26 @@ ${req.query.linkstatus !== undefined ? `<br><u>${htmlspecialchars(req.query.link
}));
// TODO: move to useradmin api
router.get('/api/useradmin/unpair_device/:dongleId', requireAuthenticated, runAsyncWrapper(async (req, res) => {
// TODO: implement unpair_device?
return res.redirect('/useradmin/overview');
router.get('/unpair_device/:dongleId', [requireAuthenticated, getDevice], runAsyncWrapper(async (req, res) => {
const { device } = req;
if (!device) {
return res.redirect(`/useradmin/overview?status=${encodeURIComponent('Device not found')}`);
}
if (device.account_id !== req.account.id) {
return res.redirect(`/useradmin/overview?status=${encodeURIComponent('Not authorized')}`);
}
const result = await deviceController.unpairDevice(device.dongle_id, req.account.id);
if (!result.success) {
logger.warn(`Failed to unpair device ${device.dongle_id} for account ${req.account.id}: ${result}`);
return res.redirect(`/useradmin/overview?status=${encodeURIComponent('An unknown error occurred')}`);
}
return res.redirect(`/useradmin/overview?status=${encodeURIComponent('Device unpaired successfully')}`);
}));
// TODO: move to useradmin api
router.post('/pair_device', [requireAuthenticated, bodyParser.urlencoded({ extended: true })], runAsyncWrapper(async (req, res) => {
const { account, body: { qrString } } = req;