From bcd3c9ee502c17feb03527b091a4e01da342dbbe Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 16 Jun 2022 17:14:18 +0530 Subject: [PATCH 1/7] fix: invalidate token if admin email or password changed - Invalidate old token if admin email changed in env - Invalidate token if password updated in env - Avoid unnecessary update if both email and passwords are same Signed-off-by: Pranav C --- .../lib/meta/api/userApi/initAdminFromEnv.ts | 33 ++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts index 81885ed12d..5f32fefcee 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts @@ -169,7 +169,8 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { salt, email, password, - email_verification_token + email_verification_token, + token_version: null }, ncMeta ); @@ -181,22 +182,32 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { salt, email, password, - email_verification_token + email_verification_token, + token_version: null }, ncMeta ); } } else { - // if email's are not different update the password and hash - await User.update( - superUser.id, - { - salt, - password, - email_verification_token - }, - ncMeta + const newPasswordHash = await promisify(bcrypt.hash)( + process.env.NC_ADMIN_PASSWORD, + superUser.hash ); + + if (newPasswordHash !== superUser.password) { + // if email's are same and passwords are different + // then update the password and token version + await User.update( + superUser.id, + { + salt, + password, + email_verification_token, + token_version: null + }, + ncMeta + ); + } } } await ncMeta.commit(); From 09ae21b799e2f605a008f341308150e4e0272ea0 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 16 Jun 2022 23:22:31 +0530 Subject: [PATCH 2/7] fix: property name correction Signed-off-by: Pranav C --- packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts index 5f32fefcee..cc173cb00d 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts @@ -191,7 +191,7 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { } else { const newPasswordHash = await promisify(bcrypt.hash)( process.env.NC_ADMIN_PASSWORD, - superUser.hash + superUser.salt ); if (newPasswordHash !== superUser.password) { From 5d4535d046a3e43cc4190310075acc0bf489ee5f Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 16 Jun 2022 23:28:16 +0530 Subject: [PATCH 3/7] fix: on adimn password/email update(env based) invalidate refresh token Signed-off-by: Pranav C --- .../nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts index cc173cb00d..fd77676a46 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts @@ -170,7 +170,8 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { email, password, email_verification_token, - token_version: null + token_version: null, + refresh_token: null }, ncMeta ); @@ -183,7 +184,8 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { email, password, email_verification_token, - token_version: null + token_version: null, + refresh_token: null }, ncMeta ); @@ -203,7 +205,8 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { salt, password, email_verification_token, - token_version: null + token_version: null, + refresh_token: null }, ncMeta ); From e76daa8f81e6821995e789430a05287feef36ec7 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Sat, 18 Jun 2022 11:46:33 +0530 Subject: [PATCH 4/7] fix: ensure user exist and add missing await Signed-off-by: Pranav C --- packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts index fd77676a46..3fca9a2afa 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts @@ -103,7 +103,7 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { // check user account already present with the new admin email const existingUserWithNewEmail = await User.getByEmail(email, ncMeta); - if (existingUserWithNewEmail) { + if (existingUserWithNewEmail?.id) { // get all project access belongs to the existing account // and migrate to the admin account const existingUserProjects = await ncMeta.metaList2( @@ -155,7 +155,7 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { } // delete existing user - ncMeta.metaDelete( + await ncMeta.metaDelete( null, null, MetaTable.USERS, From 20bba310a84c0477d83aac7eedbc52a9368ece07 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 23 Jun 2022 22:37:31 +0530 Subject: [PATCH 5/7] fix: clear user cache after removing user account Signed-off-by: Pranav C --- .../lib/meta/api/userApi/initAdminFromEnv.ts | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts index 3fca9a2afa..00ff47f196 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts @@ -5,10 +5,11 @@ import { Tele } from 'nc-help'; import bcrypt from 'bcryptjs'; import Noco from '../../../Noco'; -import { MetaTable } from '../../../utils/globals'; +import { CacheScope, MetaTable } from '../../../utils/globals'; import ProjectUser from '../../../models/ProjectUser'; import { validatePassword } from 'nocodb-sdk'; import boxen from 'boxen'; +import NocoCache from '../../../cache/NocoCache'; const { isEmail } = require('validator'); const rolesLevel = { owner: 0, creator: 1, editor: 2, commenter: 3, viewer: 4 }; @@ -162,6 +163,21 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { existingUserWithNewEmail.id ); + // clear cache + await NocoCache.delAll( + CacheScope.USER, + `${existingUserWithNewEmail.email}___*` + ); + await NocoCache.del( + `${CacheScope.USER}:${existingUserWithNewEmail.id}` + ); + await NocoCache.del( + `${CacheScope.USER}:${existingUserWithNewEmail.email}` + ); + await NocoCache.del( + `${CacheScope.USER}:${existingUserWithNewEmail.email}` + ); + // Update email and password of super admin account await User.update( superUser.id, From c9bf931dd954b18a10c20092e494450e0e9efa67 Mon Sep 17 00:00:00 2001 From: mertmit Date: Fri, 24 Jun 2022 19:46:04 +0300 Subject: [PATCH 6/7] fix: token_version null handling Signed-off-by: mertmit --- .../nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts | 5 +---- .../nocodb/src/lib/meta/api/userApi/initStrategies.ts | 8 ++++---- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts index 00ff47f196..86a1a30e9a 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts @@ -174,10 +174,7 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { await NocoCache.del( `${CacheScope.USER}:${existingUserWithNewEmail.email}` ); - await NocoCache.del( - `${CacheScope.USER}:${existingUserWithNewEmail.email}` - ); - + // Update email and password of super admin account await User.update( superUser.id, diff --git a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts index e6c99869ac..b7d8599f7a 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts @@ -103,8 +103,8 @@ export function initStrategies(router): void { if (cachedVal) { if ( - cachedVal.token_version && - jwtPayload.token_version && + !cachedVal.token_version || + !jwtPayload.token_version || cachedVal.token_version !== jwtPayload.token_version ) { return done(new Error('Token Expired. Please login again.')); @@ -115,8 +115,8 @@ export function initStrategies(router): void { User.getByEmail(jwtPayload?.email) .then(async user => { if ( - user.token_version && - jwtPayload.token_version && + !user.token_version || + !jwtPayload.token_version || user.token_version !== jwtPayload.token_version ) { return done(new Error('Token Expired. Please login again.')); From bf4e1e49cb4a61967d390caccf77bf736bf419cc Mon Sep 17 00:00:00 2001 From: Pranav C Date: Mon, 27 Jun 2022 16:45:58 +0530 Subject: [PATCH 7/7] fix: reset token_version in user object if null Signed-off-by: Pranav C --- packages/nocodb/src/lib/meta/api/userApi/userApis.ts | 7 +++---- packages/nocodb/src/lib/models/User.ts | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/userApis.ts b/packages/nocodb/src/lib/meta/api/userApi/userApis.ts index 320b4850e9..596de0cec4 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/userApis.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/userApis.ts @@ -179,15 +179,14 @@ async function successfulSignIn({ await promisify((req as any).login.bind(req))(user); const refreshToken = randomTokenString(); - let token_version = user.token_version; - if (!token_version) { - token_version = randomTokenString(); + if (!user.token_version) { + user.token_version = randomTokenString(); } await User.update(user.id, { refresh_token: refreshToken, email: user.email, - token_version + token_version: user.token_version }); setTokenCookie(res, refreshToken); diff --git a/packages/nocodb/src/lib/models/User.ts b/packages/nocodb/src/lib/models/User.ts index a1a91aada5..fe7743e1ca 100644 --- a/packages/nocodb/src/lib/models/User.ts +++ b/packages/nocodb/src/lib/models/User.ts @@ -84,6 +84,9 @@ export default class User implements UserType { if (updateObj.email) { updateObj.email = updateObj.email.toLowerCase(); + } else { + // set email prop to avoid generation of invalid cache key + updateObj.email = (await this.get(id, ncMeta))?.email?.toLowerCase(); } // get existing cache const keys = [