liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: enable/disable TFA per user

Browse Source
This commit is contained in:
NGPixel 2020-08-30 14:18:22 -04:00
parent 32d67adee1
commit e319355017
6 changed files with 144 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
client/components/admin/admin-theme.vue
View File

@ -70,33 +70,33 @@
) )
v-flex(lg6 xs12) v-flex(lg6 xs12)
v-card.animated.fadeInUp.wait-p2s //- v-card.animated.fadeInUp.wait-p2s
v-toolbar(color='teal', dark, dense, flat) //- v-toolbar(color='teal', dark, dense, flat)
v-toolbar-title.subtitle-1 {{$t('admin:theme.downloadThemes')}} //- v-toolbar-title.subtitle-1 {{$t('admin:theme.downloadThemes')}}
v-spacer //- v-spacer
v-chip(label, color='white', small).teal--text coming soon //- v-chip(label, color='white', small).teal--text coming soon
v-data-table( //- v-data-table(
:headers='headers', //- :headers='headers',
:items='themes', //- :items='themes',
hide-default-footer, //- hide-default-footer,
item-key='value', //- item-key='value',
:items-per-page='1000' //- :items-per-page='1000'
) //- )
template(v-slot:item='thm') //- template(v-slot:item='thm')
td //- td
strong {{thm.item.text}} //- strong {{thm.item.text}}
td //- td
span {{ thm.item.author }} //- span {{ thm.item.author }}
td.text-xs-center //- td.text-xs-center
v-progress-circular(v-if='thm.item.isDownloading', indeterminate, color='blue', size='20', :width='2') //- v-progress-circular(v-if='thm.item.isDownloading', indeterminate, color='blue', size='20', :width='2')
v-btn(v-else-if='thm.item.isInstalled && thm.item.installDate < thm.item.updatedAt', icon) //- v-btn(v-else-if='thm.item.isInstalled && thm.item.installDate < thm.item.updatedAt', icon)
v-icon.blue--text mdi-cached //- v-icon.blue--text mdi-cached
v-btn(v-else-if='thm.item.isInstalled', icon) //- v-btn(v-else-if='thm.item.isInstalled', icon)
v-icon.green--text mdi-check-bold //- v-icon.green--text mdi-check-bold
v-btn(v-else, icon) //- v-btn(v-else, icon)
v-icon.grey--text mdi-cloud-download //- v-icon.grey--text mdi-cloud-download
v-card.mt-3.animated.fadeInUp.wait-p2s v-card.animated.fadeInUp.wait-p2s
v-toolbar(color='primary', dark, dense, flat) v-toolbar(color='primary', dark, dense, flat)
v-toolbar-title.subtitle-1 {{$t(`admin:theme.codeInjection`)}} v-toolbar-title.subtitle-1 {{$t(`admin:theme.codeInjection`)}}
v-card-text v-card-text

82
client/components/admin/admin-users-edit.vue
View File

@ -126,8 +126,6 @@
v-list-item-content v-list-item-content
v-list-item-title {{$t('admin:users.authProvider')}} v-list-item-title {{$t('admin:users.authProvider')}}
v-list-item-subtitle {{ user.providerName }} #[em.caption ({{ user.providerKey }})] v-list-item-subtitle {{ user.providerName }} #[em.caption ({{ user.providerKey }})]
//- v-list-item-action
//- v-img(src='https://static.requarks.io/logo/wikijs.svg', alt='', contain, max-height='32', position='center right')
template(v-if='user.providerKey === `local`') template(v-if='user.providerKey === `local`')
v-divider v-divider
v-list-item v-list-item
@ -168,6 +166,7 @@
v-btn(icon, color='grey', x-small, v-on='on', disabled) v-btn(icon, color='grey', x-small, v-on='on', disabled)
v-icon mdi-email v-icon mdi-email
span Send Password Reset Email span Send Password Reset Email
template(v-if='user.providerIs2FACapable')
v-divider v-divider
v-list-item v-list-item
v-list-item-avatar(size='32') v-list-item-avatar(size='32')
@ -179,7 +178,7 @@
v-list-item-action v-list-item-action
v-tooltip(top) v-tooltip(top)
template(v-slot:activator='{ on }') template(v-slot:activator='{ on }')
v-btn(icon, color='grey', x-small, v-on='on', disabled) v-btn(icon, color='grey', x-small, v-on='on', @click='toggle2FA')
v-icon mdi-power v-icon mdi-power
span {{$t('admin:users.toggle2FA')}} span {{$t('admin:users.toggle2FA')}}
template(v-if='user.providerId') template(v-if='user.providerId')
@ -941,6 +940,82 @@ export default {
}) })
} }
this.$store.commit(`loadingStop`, 'admin-users-verify') this.$store.commit(`loadingStop`, 'admin-users-verify')
},
/**
* Toggle 2FA State
*/
async toggle2FA () {
this.$store.commit(`loadingStart`, 'admin-users-toggle2fa')
if (this.user.tfaIsActive) {
const resp = await this.$apollo.mutate({
mutation: gql`
mutation ($id: Int!) {
users {
disableTFA(id: $id) {
responseResult {
succeeded
errorCode
slug
message
}
}
}
}
`,
variables: {
id: this.user.id
}
})
if (_.get(resp, 'data.users.disableTFA.responseResult.succeeded', false)) {
this.$store.commit('showNotification', {
style: 'success',
message: this.$t('admin:users.userTFADisableSuccess'),
icon: 'check'
})
this.user.tfaIsActive = false
} else {
this.$store.commit('showNotification', {
style: 'red',
message: _.get(resp, 'data.users.disableTFA.responseResult.message', 'An unexpected error occurred.'),
icon: 'warning'
})
}
} else {
const resp = await this.$apollo.mutate({
mutation: gql`
mutation ($id: Int!) {
users {
enableTFA(id: $id) {
responseResult {
succeeded
errorCode
slug
message
}
}
}
}
`,
variables: {
id: this.user.id
}
})
if (_.get(resp, 'data.users.enableTFA.responseResult.succeeded', false)) {
this.$store.commit('showNotification', {
style: 'success',
message: this.$t('admin:users.userTFAEnableSuccess'),
icon: 'check'
})
this.user.tfaIsActive = true
} else {
this.$store.commit('showNotification', {
style: 'red',
message: _.get(resp, 'data.users.enableTFA.responseResult.message', 'An unexpected error occurred.'),
icon: 'warning'
})
}
}
this.$store.commit(`loadingStop`, 'admin-users-toggle2fa')
} }
}, },
apollo: { apollo: {
@ -955,6 +1030,7 @@ export default {
providerKey providerKey
providerName providerName
providerId providerId
providerIs2FACapable
location location
jobTitle jobTitle
timezone timezone

2
server/controllers/auth.js
View File

@ -71,7 +71,7 @@ router.all('/login/:strategy/callback', async (req, res, next) => {
strategy: req.params.strategy strategy: req.params.strategy
}, { req, res }) }, { req, res })
res.cookie('jwt', authResult.jwt, { expires: moment().add(1, 'y').toDate() }) res.cookie('jwt', authResult.jwt, { expires: moment().add(1, 'y').toDate() })
res.redirect('/') res.redirect(authResult.redirect)
} catch (err) { } catch (err) {
next(err) next(err)
} }

30
server/graph/resolvers/user.js
View File

@ -23,11 +23,15 @@ module.exports = {
.select('id', 'email', 'name', 'providerKey', 'createdAt') .select('id', 'email', 'name', 'providerKey', 'createdAt')
}, },
async single(obj, args, context, info) { async single(obj, args, context, info) {
console.info(WIKI.auth.strategies)
let usr = await WIKI.models.users.query().findById(args.id) let usr = await WIKI.models.users.query().findById(args.id)
usr.password = '' usr.password = ''
usr.tfaSecret = '' usr.tfaSecret = ''
usr.providerName = _.get(WIKI.auth.strategies, usr.providerKey).displayName
const str = _.get(WIKI.auth.strategies, usr.providerKey)
str.strategy = _.find(WIKI.data.authentication, ['key', str.strategyKey])
usr.providerName = str.displayName
usr.providerIs2FACapable = _.get(str, 'strategy.useForm', false)
return usr return usr
}, },
async profile (obj, args, context, info) { async profile (obj, args, context, info) {
@ -140,6 +144,28 @@ module.exports = {
return graphHelper.generateError(err) return graphHelper.generateError(err)
} }
}, },
async enableTFA (obj, args) {
try {
await WIKI.models.users.query().patch({ tfaIsActive: true, tfaSecret: null }).findById(args.id)
return {
responseResult: graphHelper.generateSuccess('User 2FA enabled successfully')
}
} catch (err) {
return graphHelper.generateError(err)
}
},
async disableTFA (obj, args) {
try {
await WIKI.models.users.query().patch({ tfaIsActive: false, tfaSecret: null }).findById(args.id)
return {
responseResult: graphHelper.generateSuccess('User 2FA disabled successfully')
}
} catch (err) {
return graphHelper.generateError(err)
}
},
resetPassword (obj, args) { resetPassword (obj, args) {
return false return false
}, },

9
server/graph/schemas/user.graphql
View File

@ -78,6 +78,14 @@ type UserMutation {
id: Int! id: Int!
): DefaultResponse @auth(requires: ["manage:users", "manage:system"]) ): DefaultResponse @auth(requires: ["manage:users", "manage:system"])
enableTFA(
id: Int!
): DefaultResponse @auth(requires: ["manage:users", "manage:system"])
disableTFA(
id: Int!
): DefaultResponse @auth(requires: ["manage:users", "manage:system"])
resetPassword( resetPassword(
id: Int! id: Int!
): DefaultResponse ): DefaultResponse
@ -130,6 +138,7 @@ type User {
providerKey: String! providerKey: String!
providerName: String providerName: String
providerId: String providerId: String
providerIs2FACapable: Boolean
isSystem: Boolean! isSystem: Boolean!
isActive: Boolean! isActive: Boolean!
isVerified: Boolean! isVerified: Boolean!

2
server/models/users.js
View File

@ -28,7 +28,7 @@ module.exports = class User extends Model {
providerId: {type: 'string'}, providerId: {type: 'string'},
password: {type: 'string'}, password: {type: 'string'},
tfaIsActive: {type: 'boolean', default: false}, tfaIsActive: {type: 'boolean', default: false},
tfaSecret: {type: 'string'}, tfaSecret: {type: ['string', null]},
jobTitle: {type: 'string'}, jobTitle: {type: 'string'},
location: {type: 'string'}, location: {type: 'string'},
pictureUrl: {type: 'string'}, pictureUrl: {type: 'string'},