Browse Source

Merge pull request #2413 from nocodb/fix/token-version-on-signup

fix: add missing token_version
pull/2423/head
Raju Udava 2 years ago committed by GitHub
parent
commit
473325daa0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      packages/nocodb/src/lib/meta/api/projectUserApis.ts
  2. 5
      packages/nocodb/src/lib/meta/api/userApi/helpers.ts
  3. 16
      packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
  4. 6
      packages/nocodb/src/lib/meta/api/userApi/userApis.ts
  5. 5
      packages/nocodb/src/lib/meta/helpers/stringHelpers.ts

4
packages/nocodb/src/lib/meta/api/projectUserApis.ts

@ -15,6 +15,7 @@ import NcPluginMgrv2 from '../helpers/NcPluginMgrv2';
import Noco from '../../Noco';
import { PluginCategory } from 'nocodb-sdk';
import { metaApiMetrics } from '../helpers/apiMetrics';
import { randomTokenString } from '../helpers/stringHelpers';
async function userList(req, res) {
res.json({
@ -101,7 +102,8 @@ async function userInvite(req, res, next): Promise<any> {
invite_token,
invite_token_expires: new Date(Date.now() + 24 * 60 * 60 * 1000),
email,
roles: 'user'
roles: 'user',
token_version: randomTokenString()
});
// add user to project

5
packages/nocodb/src/lib/meta/api/userApi/helpers.ts

@ -1,4 +1,5 @@
import * as jwt from 'jsonwebtoken';
import crypto from 'crypto';
import User from '../../../models/User';
import { NcConfig } from '../../../../interface/config';
@ -16,3 +17,7 @@ export function genJwt(user: User, config: NcConfig) {
config.auth.jwt.options
);
}
export function randomTokenString(): string {
return crypto.randomBytes(40).toString('hex');
}

16
packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts

@ -8,6 +8,7 @@ import passport from 'passport';
import { ExtractJwt } from 'passport-jwt';
import { Strategy as AuthTokenStrategy } from 'passport-auth-token';
import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
import { randomTokenString } from '../../helpers/stringHelpers';
const PassportLocalStrategy = require('passport-local').Strategy;
@ -102,7 +103,11 @@ export function initStrategies(router): void {
);
if (cachedVal) {
if (cachedVal.token_version !== jwtPayload.token_version) {
if (
cachedVal.token_version &&
jwtPayload.token_version &&
cachedVal.token_version !== jwtPayload.token_version
) {
return done(new Error('Token Expired. Please login again.'));
}
return done(null, cachedVal);
@ -110,7 +115,11 @@ export function initStrategies(router): void {
User.getByEmail(jwtPayload?.email)
.then(async user => {
if (user.token_version !== jwtPayload.token_version) {
if (
user.token_version &&
jwtPayload.token_version &&
user.token_version !== jwtPayload.token_version
) {
return done(new Error('Token Expired. Please login again.'));
}
if (req.ncProjectId) {
@ -266,7 +275,8 @@ export function initStrategies(router): void {
password: '',
salt,
roles,
email_verified: true
email_verified: true,
token_version: randomTokenString()
});
return done(null, user);
}

6
packages/nocodb/src/lib/meta/api/userApi/userApis.ts

@ -11,7 +11,6 @@ import { Tele } from 'nc-help';
const { v4: uuidv4 } = require('uuid');
import Audit from '../../../models/Audit';
import crypto from 'crypto';
import NcPluginMgrv2 from '../../helpers/NcPluginMgrv2';
import passport from 'passport';
@ -20,6 +19,7 @@ import ncMetaAclMw from '../../helpers/ncMetaAclMw';
import { MetaTable } from '../../../utils/globals';
import Noco from '../../../Noco';
import { genJwt } from './helpers';
import { randomTokenString } from '../../helpers/stringHelpers';
export async function signup(req: Request, res: Response<TableType>) {
const {
@ -243,10 +243,6 @@ async function googleSignin(req, res, next) {
)(req, res, next);
}
function randomTokenString(): string {
return crypto.randomBytes(40).toString('hex');
}
function setTokenCookie(res, token): void {
// create http only cookie with refresh token that expires in 7 days
const cookieOptions = {

5
packages/nocodb/src/lib/meta/helpers/stringHelpers.ts

@ -0,0 +1,5 @@
import crypto from 'crypto';
export function randomTokenString(): string {
return crypto.randomBytes(40).toString('hex');
}
Loading…
Cancel
Save