Skip to content

Commit

Permalink
Merge pull request #232 from skadefro/master
Browse files Browse the repository at this point in the history 
Close 1.4.14
  • Loading branch information
@skadefro
skadefro authored Jun 23, 2022
2 parents a90f439 + 4fd0be7 commit d5f03c6
Show file tree
Hide file tree
Showing 49 changed files with 1,704 additions and 1,254 deletions.
2 changes: 2 additions & 0 deletions OpenFlow/src/Audit.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ export class Audit {
Base.addRight(log, user._id, user.name, [Rights.read]);
Base.addRight(log, impostor._id, impostor.name, [Rights.read]);
log.success = true;
log._type = "impersonate";
log.type = "impersonate";
log.userid = user._id;
log.name = user.name;
Expand All @@ -42,6 +43,7 @@ export class Audit {
Base.addRight(log, user._id, user.name, [Rights.read]);
Base.addRight(log, impostor._id, impostor.name, [Rights.read]);
log.success = false;
log._type = "impersonate";
log.type = "impersonate";
log.userid = user._id;
log.name = user.name;
Expand Down
9 changes: 8 additions & 1 deletion OpenFlow/src/Config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ export class Config {
Config.amqp_prefetch = parseInt(Config.getEnv("amqp_prefetch", "50"));
Config.enable_entity_restriction = Config.parseBoolean(Config.getEnv("enable_entity_restriction", "false"));
Config.enable_web_tours = Config.parseBoolean(Config.getEnv("enable_web_tours", "true"));
Config.enable_nodered_tours = Config.parseBoolean(Config.getEnv("enable_nodered_tours", "true"));
Config.auto_hourly_housekeeping = Config.parseBoolean(Config.getEnv("auto_hourly_housekeeping", "false"));
Config.housekeeping_update_usage_hourly = Config.parseBoolean(Config.getEnv("housekeeping_update_usage_hourly", "false"));
Config.housekeeping_update_usersize_hourly = Config.parseBoolean(Config.getEnv("housekeeping_update_usersize_hourly", "true"));
Expand Down Expand Up @@ -127,6 +128,9 @@ export class Config {
Config.decorate_roles_fetching_all_roles = Config.parseBoolean(Config.getEnv("decorate_roles_fetching_all_roles", "true"));
Config.update_acl_based_on_groups = Config.parseBoolean(Config.getEnv("update_acl_based_on_groups", "false"));
Config.multi_tenant = Config.parseBoolean(Config.getEnv("multi_tenant", "false"));
Config.cleanup_on_delete_customer = Config.parseBoolean(Config.getEnv("cleanup_on_delete_customer", "false"));
Config.cleanup_on_delete_user = Config.parseBoolean(Config.getEnv("cleanup_on_delete_user", "false"));

Config.api_bypass_perm_check = Config.parseBoolean(Config.getEnv("api_bypass_perm_check", "false"));
Config.websocket_package_size = parseInt(Config.getEnv("websocket_package_size", "4096"), 10);
Config.websocket_max_package_count = parseInt(Config.getEnv("websocket_max_package_count", "1024"), 10);
Expand Down Expand Up @@ -238,6 +242,7 @@ export class Config {
public static amqp_prefetch: number = parseInt(Config.getEnv("amqp_prefetch", "50"));
public static enable_entity_restriction: boolean = Config.parseBoolean(Config.getEnv("enable_entity_restriction", "false"));
public static enable_web_tours: boolean = Config.parseBoolean(Config.getEnv("enable_web_tours", "true"));
public static enable_nodered_tours: boolean = Config.parseBoolean(Config.getEnv("enable_nodered_tours", "true"));
public static auto_hourly_housekeeping: boolean = Config.parseBoolean(Config.getEnv("auto_hourly_housekeeping", "true"));
public static housekeeping_update_usage_hourly: boolean = Config.parseBoolean(Config.getEnv("housekeeping_update_usage_hourly", "false"));
public static housekeeping_update_usersize_hourly: boolean = Config.parseBoolean(Config.getEnv("housekeeping_update_usersize_hourly", "true"));
Expand Down Expand Up @@ -319,6 +324,8 @@ export class Config {
public static max_recursive_group_depth: number = parseInt(Config.getEnv("max_recursive_group_depth", "2"));
public static update_acl_based_on_groups: boolean = Config.parseBoolean(Config.getEnv("update_acl_based_on_groups", "false"));
public static multi_tenant: boolean = Config.parseBoolean(Config.getEnv("multi_tenant", "false"));
public static cleanup_on_delete_customer: boolean = Config.parseBoolean(Config.getEnv("cleanup_on_delete_customer", "false"));
public static cleanup_on_delete_user: boolean = Config.parseBoolean(Config.getEnv("cleanup_on_delete_user", "false"));
public static api_bypass_perm_check: boolean = Config.parseBoolean(Config.getEnv("api_bypass_perm_check", "false"));
public static websocket_package_size: number = parseInt(Config.getEnv("websocket_package_size", "4096"), 10);
public static websocket_max_package_count: number = parseInt(Config.getEnv("websocket_max_package_count", "1024"), 10);
Expand Down Expand Up @@ -439,7 +446,7 @@ export class Config {
// if anything throws, we retry
return promiseRetry(async () => {
const reader: any = await fetch({ url });
if (NoderedUtil.IsNullUndefinded(reader)) { throw new Error("Failed getting result"); return; }
if (NoderedUtil.IsNullUndefinded(reader)) { throw new Error("Failed getting result"); }
const config: any = toPassportConfig(reader);
// we need this, for Office 365 :-/
if (reader.signingCerts && reader.signingCerts.length > 1) {
Expand Down
44 changes: 28 additions & 16 deletions OpenFlow/src/DBHelper.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,11 @@ export class DBHelper {
return Config.db.query<Provider>({ query: { _type: "provider" }, top: 10, collectionname: "config", jwt: Crypt.rootToken() }, span);;
});
// const result: Provider[] = [];
// https://www.w3schools.com/icons/fontawesome5_icons_brands.asp
items.forEach(provider => {
// const item: any = { name: provider.name, id: provider.id, provider: provider.provider, logo: "fa-question-circle" };
provider.logo = "fa-question-circle";
provider.logo = "fa-microsoft";
if (provider.provider === "oidc") { provider.logo = "fa-openid"; }
if (provider.provider === "google") { provider.logo = "fa-google"; }
if (provider.provider === "saml") { provider.logo = "fa-windows"; }
//result.push(item);
Expand Down Expand Up @@ -454,7 +456,11 @@ export class DBHelper {
});

if (results.length > 0) {
user.roles = results[0].roles;
user.roles = [];
results[0].roles.forEach(r => {
const exists = user.roles.filter(x => x._id == r._id);
if (exists.length == 0) user.roles.push(r);
});
results[0].roles2.forEach(r => {
const exists = user.roles.filter(x => x._id == r._id);
if (exists.length == 0) user.roles.push(r);
Expand Down Expand Up @@ -511,15 +517,14 @@ export class DBHelper {
}
return user as any;
}
public async FindRoleByName(name: string, parent: Span): Promise<Role> {
public async FindRoleByName(name: string, jwt: string, parent: Span): Promise<Role> {
await this.init();
const span: Span = Logger.otel.startSubSpan("dbhelper.FindByUsername", parent);
try {
let item = await this.memoryCache.wrap("rolename_" + name, async () => {
const items: Role[] = await Config.db.query<Role>({ query: { name: name, "_type": "role" }, top: 1, collectionname: "users", jwt: Crypt.rootToken() }, parent);
if (items === null || items === undefined || items.length === 0) { return null; }
if (jwt === null || jwt == undefined || jwt == "") { jwt = Crypt.rootToken(); }
Logger.instanse.debug("DBHelper", "FindRoleByName", "Add role to cache : " + name);
return items[0];
return Config.db.GetOne<Role>({ query: { name: name, "_type": "role" }, collectionname: "users", jwt }, parent)
});
if (NoderedUtil.IsNullUndefinded(item)) return null;
return Role.assign(item);
Expand All @@ -537,15 +542,15 @@ export class DBHelper {
const span: Span = Logger.otel.startSubSpan("dbhelper.EnsureRole", parent);
try {
Logger.instanse.verbose("DBHelper", "EnsureRole", `FindRoleByName ${name}`);
let role: Role = await this.FindRoleByName(name, span);
let role: Role = await this.FindRoleByName(name, jwt, span);
if (role == null) {
Logger.instanse.verbose("DBHelper", "EnsureRole", `EnsureRole FindRoleById ${name}`);
role = await this.FindRoleById(name, null, span);
role = await this.FindRoleById(id, null, span);
}
if (role !== null && (role._id === id || NoderedUtil.IsNullEmpty(id))) { return role; }
if (role !== null && !NoderedUtil.IsNullEmpty(role._id)) {
Logger.instanse.warn("DBHelper", "EnsureRole", `Deleting ${name} with ${role._id} not matcing expected id ${id}`);
await Config.db.DeleteOne(role._id, "users", jwt, span);
await Config.db.DeleteOne(role._id, "users", false, jwt, span);
}
role = new Role(); role.name = name; role._id = id;
Logger.instanse.verbose("DBHelper", "EnsureRole", `Adding new role ${name}`);
Expand All @@ -564,7 +569,7 @@ export class DBHelper {
Logger.otel.endSpan(span);
}
}
public async EnsureUser(jwt: string, name: string, username: string, id: string, password: string, parent: Span): Promise<User> {
public async EnsureUser(jwt: string, name: string, username: string, id: string, password: string, extraoptions: any, parent: Span): Promise<User> {
const span: Span = Logger.otel.startSubSpan("dbhelper.ensureUser", parent);
try {
span?.addEvent("FindByUsernameOrId");
Expand All @@ -578,9 +583,11 @@ export class DBHelper {
if (user !== null && id !== null) {
span?.addEvent("Deleting");
Logger.instanse.warn("DBHelper", "EnsureUser", `Deleting ${name} with ${user._id} not matcing expected id ${id}`);
await Config.db.DeleteOne(user._id, "users", jwt, span);
await Config.db.DeleteOne(user._id, "users", false, jwt, span);
}
user = new User(); user._id = id; user.name = name; user.username = username;
user = new User();
if (!NoderedUtil.IsNullUndefinded(extraoptions)) user = Object.assign(user, extraoptions);
user._id = id; user.name = name; user.username = username;
if (password !== null && password !== undefined && password !== "") {
span?.addEvent("SetPassword");
await Crypt.SetPassword(user, password, span);
Expand All @@ -607,10 +614,13 @@ export class DBHelper {
public async EnsureNoderedRoles(user: TokenUser | User, jwt: string, force: boolean, parent: Span): Promise<void> {
if (Config.auto_create_personal_nodered_group || force) {
let name = user.username;
name = name.split("@").join("").split(".").join("");
// name = name.split("@").join("").split(".").join("");
// name = name.toLowerCase();
name = name.toLowerCase();
name = name.replace(/([^a-z0-9]+){1,63}/gi, "");


let noderedadmins = await this.FindRoleById(name + "noderedadmins", jwt, parent);
let noderedadmins = await this.FindRoleByName(name + "noderedadmins", jwt, parent);
if (noderedadmins == null) {
noderedadmins = await this.EnsureRole(jwt, name + "noderedadmins", null, parent);
Base.addRight(noderedadmins, user._id, user.username, [Rights.full_control]);
Expand All @@ -621,10 +631,12 @@ export class DBHelper {
}
if (Config.auto_create_personal_noderedapi_group || force) {
let name = user.username;
name = name.split("@").join("").split(".").join("");
// name = name.split("@").join("").split(".").join("");
// name = name.toLowerCase();
name = name.toLowerCase();
name = name.replace(/([^a-z0-9]+){1,63}/gi, "");

let noderedadmins = await this.FindRoleById(name + "nodered api users", jwt, parent);
let noderedadmins = await this.FindRoleByName(name + "nodered api users", jwt, parent);
if (noderedadmins == null) {
noderedadmins = await this.EnsureRole(jwt, name + "nodered api users", null, parent);
Base.addRight(noderedadmins, user._id, user.username, [Rights.full_control]);
Expand Down
Loading

0 comments on commit d5f03c6

Please sign in to comment.