steve
/
sunrise-cms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow test user access

deepsource-autofix-76c6eb20
Dan Gowans 2022-09-20 15:12:58 -04:00
parent e994e29bef
commit 866ca42338
5 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
helpers/functions.config.d.ts vendored
View File

@ -5,6 +5,7 @@ export declare function getProperty(propertyName: "application.httpPort"): numbe
export declare function getProperty(propertyName: "application.userDomain"): string; export declare function getProperty(propertyName: "application.userDomain"): string;
export declare function getProperty(propertyName: "application.useTestDatabases"): boolean; export declare function getProperty(propertyName: "application.useTestDatabases"): boolean;
export declare function getProperty(propertyName: "activeDirectory"): configTypes.ConfigActiveDirectory; export declare function getProperty(propertyName: "activeDirectory"): configTypes.ConfigActiveDirectory;
export declare function getProperty(propertyName: "users.testing"): string[];
export declare function getProperty(propertyName: "users.canLogin"): string[]; export declare function getProperty(propertyName: "users.canLogin"): string[];
export declare function getProperty(propertyName: "users.canUpdate"): string[]; export declare function getProperty(propertyName: "users.canUpdate"): string[];
export declare function getProperty(propertyName: "users.isAdmin"): string[]; export declare function getProperty(propertyName: "users.isAdmin"): string[];

1
helpers/functions.config.js
View File

@ -12,6 +12,7 @@ configFallbackValues.set("session.cookieName", "lot-occupancy-system-user-sid");
configFallbackValues.set("session.secret", "cityssm/lot-occupancy-system"); configFallbackValues.set("session.secret", "cityssm/lot-occupancy-system");
configFallbackValues.set("session.maxAgeMillis", 60 * 60 * 1000); configFallbackValues.set("session.maxAgeMillis", 60 * 60 * 1000);
configFallbackValues.set("session.doKeepAlive", false); configFallbackValues.set("session.doKeepAlive", false);
configFallbackValues.set("users.testing", []);
configFallbackValues.set("users.canLogin", ["administrator"]); configFallbackValues.set("users.canLogin", ["administrator"]);
configFallbackValues.set("users.canUpdate", []); configFallbackValues.set("users.canUpdate", []);
configFallbackValues.set("users.isAdmin", ["administrator"]); configFallbackValues.set("users.isAdmin", ["administrator"]);

2
helpers/functions.config.ts
View File

@ -25,6 +25,7 @@ configFallbackValues.set("session.secret", "cityssm/lot-occupancy-system");
configFallbackValues.set("session.maxAgeMillis", 60 * 60 * 1000); configFallbackValues.set("session.maxAgeMillis", 60 * 60 * 1000);
configFallbackValues.set("session.doKeepAlive", false); configFallbackValues.set("session.doKeepAlive", false);
configFallbackValues.set("users.testing", []);
configFallbackValues.set("users.canLogin", ["administrator"]); configFallbackValues.set("users.canLogin", ["administrator"]);
configFallbackValues.set("users.canUpdate", []); configFallbackValues.set("users.canUpdate", []);
configFallbackValues.set("users.isAdmin", ["administrator"]); configFallbackValues.set("users.isAdmin", ["administrator"]);
@ -70,6 +71,7 @@ export function getProperty(propertyName: "application.useTestDatabases"): boole
export function getProperty(propertyName: "activeDirectory"): configTypes.ConfigActiveDirectory; export function getProperty(propertyName: "activeDirectory"): configTypes.ConfigActiveDirectory;
export function getProperty(propertyName: "users.testing"): string[];
export function getProperty(propertyName: "users.canLogin"): string[]; export function getProperty(propertyName: "users.canLogin"): string[];
export function getProperty(propertyName: "users.canUpdate"): string[]; export function getProperty(propertyName: "users.canUpdate"): string[];
export function getProperty(propertyName: "users.isAdmin"): string[]; export function getProperty(propertyName: "users.isAdmin"): string[];

15
routes/login.js
View File

@ -3,6 +3,8 @@ import * as configFunctions from "../helpers/functions.config.js";
import * as authenticationFunctions from "../helpers/functions.authentication.js"; import * as authenticationFunctions from "../helpers/functions.authentication.js";
import { useTestDatabases } from "../data/databasePaths.js"; import { useTestDatabases } from "../data/databasePaths.js";
import { getApiKey } from "../helpers/functions.api.js"; import { getApiKey } from "../helpers/functions.api.js";
import Debug from "debug";
const debug = Debug("lot-occupancy-system:login");
export const router = Router(); export const router = Router();
const safeRedirects = new Set([ const safeRedirects = new Set([
"/admin/fees", "/admin/fees",
@ -56,7 +58,18 @@ router
const passwordPlain = request.body.password; const passwordPlain = request.body.password;
const unsafeRedirectURL = request.body.redirect; const unsafeRedirectURL = request.body.redirect;
const redirectURL = getSafeRedirectURL(typeof unsafeRedirectURL === "string" ? unsafeRedirectURL : ""); const redirectURL = getSafeRedirectURL(typeof unsafeRedirectURL === "string" ? unsafeRedirectURL : "");
const isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain); let isAuthenticated = false;
if (userName.charAt(0) === "*") {
if (useTestDatabases && userName === passwordPlain) {
isAuthenticated = configFunctions.getProperty("users.testing").includes(userName);
if (isAuthenticated) {
debug("Authenticated testing user: " + userName);
}
}
}
else {
isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain);
}
let userObject; let userObject;
if (isAuthenticated) { if (isAuthenticated) {
const userNameLowerCase = userName.toLowerCase(); const userNameLowerCase = userName.toLowerCase();

25
routes/login.ts
View File

@ -8,8 +8,12 @@ import { useTestDatabases } from "../data/databasePaths.js";
import { getApiKey } from "../helpers/functions.api.js"; import { getApiKey } from "../helpers/functions.api.js";
import Debug from "debug";
import type * as recordTypes from "../types/recordTypes"; import type * as recordTypes from "../types/recordTypes";
const debug = Debug("lot-occupancy-system:login");
export const router = Router(); export const router = Router();
const safeRedirects = new Set([ const safeRedirects = new Set([
@ -82,10 +86,23 @@ router
typeof unsafeRedirectURL === "string" ? unsafeRedirectURL : "" typeof unsafeRedirectURL === "string" ? unsafeRedirectURL : ""
); );
const isAuthenticated = await authenticationFunctions.authenticate( let isAuthenticated = false;
userName,
passwordPlain if (userName.charAt(0) === "*") {
); if (useTestDatabases && userName === passwordPlain) {
isAuthenticated = configFunctions.getProperty("users.testing").includes(userName);
if (isAuthenticated) {
debug("Authenticated testing user: " + userName);
}
}
} else {
isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain);
}
let userObject: recordTypes.User; let userObject: recordTypes.User;
if (isAuthenticated) { if (isAuthenticated) {