diff --git a/packages/nocodb-nest/src/modules/auth/auth.service.ts b/packages/nocodb-nest/src/modules/auth/auth.service.ts index c9f300ec2a..7b9e626f54 100644 --- a/packages/nocodb-nest/src/modules/auth/auth.service.ts +++ b/packages/nocodb-nest/src/modules/auth/auth.service.ts @@ -2,7 +2,6 @@ import { promisify } from 'util'; import { OrgUserRoles } from 'nocodb-sdk'; import { Injectable } from '@nestjs/common'; import * as bcrypt from 'bcryptjs'; -import { JwtService } from '@nestjs/jwt'; import { v4 as uuidv4 } from 'uuid'; import Noco from '../../Noco' @@ -22,11 +21,11 @@ export class AuthService { async validateUser(email: string, pass: string): Promise { const user = await this.usersService.findOne(email); if (user) { - const { password, ...result } = user; + const { password, salt, ...result } = user; const hashedPassword = await promisify(bcrypt.hash)(password, user.salt); - if (user.password !== hashedPassword) { - return user; + if (user.password === hashedPassword) { + return result; } } return null; diff --git a/packages/nocodb-nest/src/strategies/local.strategy.ts b/packages/nocodb-nest/src/strategies/local.strategy.ts index 69489cd460..2b61aadcb4 100644 --- a/packages/nocodb-nest/src/strategies/local.strategy.ts +++ b/packages/nocodb-nest/src/strategies/local.strategy.ts @@ -1,8 +1,9 @@ import { Strategy } from 'passport-local'; import { PassportStrategy } from '@nestjs/passport'; -import { Injectable, UnauthorizedException } from '@nestjs/common'; +import { Injectable } from '@nestjs/common'; import { AuthService } from '../modules/auth/auth.service'; import extractRolesObj from '../utils/extractRolesObj'; +import { NcError } from '../../../nocodb/src/lib/meta/helpers/catchError'; @Injectable() export class LocalStrategy extends PassportStrategy(Strategy) { @@ -15,9 +16,11 @@ export class LocalStrategy extends PassportStrategy(Strategy) { async validate(username: string, password: string): Promise { const user = await this.authService.validateUser(username, password); + if (!user) { - throw new UnauthorizedException(); + NcError.badRequest('Invalid credentials') } + user.roles = extractRolesObj(user.roles); return user; diff --git a/packages/nocodb-nest/tests/unit/init/index.ts b/packages/nocodb-nest/tests/unit/init/index.ts index 5006736485..5081543ed7 100644 --- a/packages/nocodb-nest/tests/unit/init/index.ts +++ b/packages/nocodb-nest/tests/unit/init/index.ts @@ -1,10 +1,9 @@ - import express from 'express'; -import nocobuild from '../../../src/nocobuild' +import nocobuild from '../../../src/nocobuild'; // import { Noco } from '../../../src/lib'; -import cleanupMeta from './cleanupMeta'; -import {cleanUpSakila, resetAndSeedSakila} from './cleanupSakila'; import { createUser } from '../factory/user'; +import cleanupMeta from './cleanupMeta'; +import { cleanUpSakila, resetAndSeedSakila } from './cleanupSakila'; let server; @@ -12,22 +11,22 @@ const serverInit = async () => { const serverInstance = express(); serverInstance.enable('trust proxy'); // serverInstance.use(await Noco.init()); - await nocobuild(serverInstance) - serverInstance.use(function(req, res, next){ + await nocobuild(serverInstance); + serverInstance.use(function (req, res, next) { // 50 sec timeout - req.setTimeout(500000, function(){ - console.log('Request has timed out.'); - res.send(408); + req.setTimeout(500000, function () { + console.log('Request has timed out.'); + res.send(408); }); next(); -}); + }); return serverInstance; }; -const isFirstTimeRun = () => !server +const isFirstTimeRun = () => !server; export default async function () { - const {default: TestDbMngr} = await import('../TestDbMngr'); + const { default: TestDbMngr } = await import('../TestDbMngr'); if (isFirstTimeRun()) { await resetAndSeedSakila(); @@ -39,5 +38,10 @@ export default async function () { const { token } = await createUser({ app: server }, { roles: 'editor' }); - return { app: server, token, dbConfig: TestDbMngr.dbConfig, sakilaDbConfig: TestDbMngr.getSakilaDbConfig() }; + return { + app: server, + token, + dbConfig: TestDbMngr.dbConfig, + sakilaDbConfig: TestDbMngr.getSakilaDbConfig(), + }; } diff --git a/packages/nocodb-nest/tests/unit/rest/tests/auth.test.ts b/packages/nocodb-nest/tests/unit/rest/tests/auth.test.ts index eb0deae67e..ecc26b2ecc 100644 --- a/packages/nocodb-nest/tests/unit/rest/tests/auth.test.ts +++ b/packages/nocodb-nest/tests/unit/rest/tests/auth.test.ts @@ -56,7 +56,7 @@ function authTests() { .expect(400); }); - it('Signin with valid credentials', async () => { + it.only('Signin with valid credentials', async () => { const response = await request(context.app) .post('/api/v1/auth/user/signin') .send({ @@ -68,19 +68,19 @@ function authTests() { expect(token).to.be.a('string'); }); - it('Signup without email and password', async () => { + it('Signin without email and password', async () => { await request(context.app) .post('/api/v1/auth/user/signin') // pass empty data in await request .send({}) - .expect(400); + .expect(400) }); it('Signin with invalid credentials', async () => { await request(context.app) .post('/api/v1/auth/user/signin') .send({ email: 'abc@abc.com', password: defaultUserArgs.password }) - .expect(400); + .expect(400) }); it('Signin with invalid password', async () => {