Reset password and users table on settings page

2025-08-04 02:05:06 +02:00 · 2021-08-22 10:46:04 -05:00 · 2021-08-22 10:46:04 -05:00 · 5ecfaa88c2
commit 5ecfaa88c2
parent e7898377ed
9 changed files with 221 additions and 58 deletions
--- a/server/ApiController.js
+++ b/server/ApiController.js
@ -28,7 +28,9 @@ class ApiController {
    this.router.get('/metadata/:id/:trackIndex', this.getMetadata.bind(this))
    this.router.patch('/match/:id', this.match.bind(this))

+    this.router.get('/users', this.getUsers.bind(this))
    this.router.delete('/user/audiobook/:id', this.resetUserAudiobookProgress.bind(this))
+    this.router.patch('/user/password', this.userChangePassword.bind(this))

    this.router.post('/authorize', this.authorize.bind(this))

@ -156,6 +158,11 @@ class ApiController {
    res.sendStatus(200)
  }

+  getUsers(req, res) {
+    if (req.user.type !== 'root') return res.sendStatus(403)
+    return res.json(this.db.users.map(u => u.toJSONForBrowser()))
+  }
+
  async resetUserAudiobookProgress(req, res) {
    req.user.resetAudiobookProgress(req.params.id)
    await this.db.updateEntity('user', req.user)
@ -163,6 +170,10 @@ class ApiController {
    res.sendStatus(200)
  }

+  userChangePassword(req, res) {
+    this.auth.userChangePassword(req, res)
+  }
+
  getGenres(req, res) {
    res.json({
      genres: this.db.getGenres()
--- a/server/Auth.js
+++ b/server/Auth.js
@ -114,65 +114,50 @@ class Auth {
    }
  }

-  async checkAuth(req, res) {
-    var username = req.body.username
-    Logger.debug('Check Auth', username, !!req.body.password)
+  comparePassword(password, user) {
+    if (user.type === 'root' && !password && !user.pash) return true
+    if (!password || !user.pash) return false
+    return bcrypt.compare(password, user.pash)
+  }

-    var matchingUser = this.users.find(u => u.username === username)
-    if (!matchingUser) {
+  async userChangePassword(req, res) {
+    var { password, newPassword } = req.body
+    newPassword = newPassword || ''
+    var matchingUser = this.users.find(u => u.id === req.user.id)
+
+    // Only root can have an empty password
+    if (matchingUser.type !== 'root' && !newPassword) {
      return res.json({
-        error: 'User not found'
+        error: 'Invalid new password - Only root can have an empty password'
      })
    }

-    var cleanedUser = { ...matchingUser }
-    delete cleanedUser.pash
-
-    // check for empty password (default)
-    if (!req.body.password) {
-      if (!matchingUser.pash) {
-        res.cookie('user', username, { signed: true })
-        return res.json({
-          user: cleanedUser
-        })
-      } else {
-        return res.json({
-          error: 'Invalid Password'
-        })
-      }
+    var compare = await this.comparePassword(password, matchingUser)
+    if (!compare) {
+      return res.json({
+        error: 'Invalid password'
+      })
    }

-    // Set root password first time
-    if (matchingUser.type === 'root' && !matchingUser.pash && req.body.password && req.body.password.length > 1) {
-      console.log('Set root pash')
-      var pw = await this.hashPass(req.body.password)
+    var pw = ''
+    if (newPassword) {
+      pw = await this.hashPass(newPassword)
      if (!pw) {
        return res.json({
          error: 'Hash failed'
        })
      }
-      this.users = this.users.map(u => {
-        if (u.username === matchingUser.username) {
-          u.pash = pw
-        }
-        return u
-      })
-      await this.saveAuthDb()
-      return res.json({
-        setroot: true,
-        user: cleanedUser
-      })
    }

-    var compare = await bcrypt.compare(req.body.password, matchingUser.pash)
-    if (compare) {
-      res.cookie('user', username, { signed: true })
+    matchingUser.pash = pw
+    var success = await this.db.updateEntity('user', matchingUser)
+    if (success) {
      res.json({
-        user: cleanedUser
+        success: true
      })
    } else {
      res.json({
-        error: 'Invalid Password'
+        error: 'Unknown error'
      })
    }
  }
--- a/server/Db.js
+++ b/server/Db.js
@ -143,8 +143,10 @@ class Db {
      this[arrayKey] = this[arrayKey].map(e => {
        return e.id === entity.id ? entity : e
      })
+      return true
    }).catch((error) => {
      Logger.error(`[DB] Update entity ${entityName} Failed: ${error}`)
+      return false
    })
  }

--- a/server/Server.js
+++ b/server/Server.js
@ -3,7 +3,6 @@ const express = require('express')
 const http = require('http')
 const SocketIO = require('socket.io')
 const fs = require('fs-extra')
-const cookieparser = require('cookie-parser')

 const Auth = require('./Auth')
 const Watcher = require('./Watcher')
@ -101,7 +100,6 @@ class Server {

    this.server = http.createServer(app)

-    app.use(cookieparser('secret_family_recipe'))
    app.use(this.auth.cors)

    // Static path to generated nuxt