Skip to content

feat: remove resetPasswordToken field #1462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 24, 2025

Conversation

chilingling
Copy link
Member

@chilingling chilingling commented Jun 4, 2025

English | 简体中文

#breaking

PR

PR Checklist

Please check if your PR fulfills the following requirements:

  • The commit message follows our Commit Message Guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Built its own designer, fully self-validated

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

Background and solution

变更点:

  1. 移除 resetPasswordToken 字段
  2. 移除 isDemo 页面状态的判断。
  • 后续 TODO : 删除 PAGE_STATUS: GUEST 字段。将页面状态判断抽取成一个元服务
  1. 删除 globalService: isAdmin 的方法。
  2. 将 demo 默认页面 ID 改为 1

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

Summary by CodeRabbit

Summary by CodeRabbit

  • Bug Fixes

    • Removed the display of reset password tokens from user-facing messages and notifications.
    • Updated lock and error messages to show only usernames, improving privacy.
  • Refactor

    • Simplified internal identifiers by replacing complex string IDs with "1" in user-visible references.
    • Removed unused or unnecessary user fields from various mock data and configurations.
  • Chores

    • Cleaned up test and mock data to exclude reset password tokens and align with updated ID conventions.

@chilingling chilingling added enhancement New feature or request breaking-change labels Jun 4, 2025
Copy link
Contributor

coderabbitai bot commented Jun 4, 2025

Walkthrough

This change removes all occurrences of the resetPasswordToken property from user-related objects across JSON data, TypeScript interfaces, and service logic. It also replaces the page identifier string "NTJ4MjvqoVj8OVsc" with "1" in various configurations, metadata, and routing files. No other logic or structural changes are introduced.

Changes

Files/Groups Change Summary
mockServer/src/assets/json/appinfo.json, mockServer/src/mock/get/app-center/apps/detail/1.json, mockServer/src/mock/get/app-center/v1/apps/schema/1.json, mockServer/src/mock/get/platform-center/courses.json, mockServer/src/mock/get/platform-center/user/me.json, mockServer/src/services/blocks.json, mockServer/src/services/block.js, mockServer/src/services/pages.js, packages/vue-generator/test/testcases/element-plus-case/mockData.js, packages/vue-generator/test/testcases/generator/mockData.js Removed all resetPasswordToken fields from user and related objects in JSON and mock data.
packages/common/composable/defaultGlobalService.ts Changed apis from a function with state param to parameterless; removed isAdmin API method.
packages/common/js/canvas.js Removed demo logic and all code paths depending on resetPasswordToken.
packages/plugins/block/src/composable/types.ts, packages/plugins/materials/src/composable/types.ts Removed resetPasswordToken property from TypeScript interfaces.
packages/canvas/DesignCanvas/src/DesignCanvas.vue, packages/toolbars/lock/src/Main.vue, packages/toolbars/save/src/js/index.ts Removed resetPasswordToken from lock/warning notification messages; only username is shown.
packages/vue-generator/test/testcases/generator/expected/appdemo01/src/router/index.js Changed route names and redirect targets from "NTJ4MjvqoVj8OVsc" to "1".

Sequence Diagram(s)

Loading
sequenceDiagram
    participant User
    participant App
    participant Server

    User->>App: Request page or block info
    App->>Server: Fetch user/page/block data
    Server-->>App: Responds (without resetPasswordToken)
    App->>User: Show lock/notification (username only)

Poem

A hop, a skip, a token gone,
No more secrets lingering on.
Usernames now stand alone,
With simpler IDs clearly shown.
The meadow's code is neat and bright—
The rabbits cheer, "It works just right!"
🐇✨


📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4323d26 and 71ab895.

📒 Files selected for processing (1)
  • packages/common/js/canvas.js (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/common/js/canvas.js
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: push-check
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4828607 and 4323d26.

⛔ Files ignored due to path filters (5)
  • mockServer/src/database/blockCategories.db is excluded by !**/*.db
  • mockServer/src/database/blockGroups.db is excluded by !**/*.db
  • mockServer/src/database/blocks.db is excluded by !**/*.db
  • mockServer/src/database/defaultData/default.db is excluded by !**/*.db
  • mockServer/src/database/pages.db is excluded by !**/*.db
📒 Files selected for processing (18)
  • mockServer/src/assets/json/appinfo.json (5 hunks)
  • mockServer/src/mock/get/app-center/apps/detail/1.json (1 hunks)
  • mockServer/src/mock/get/app-center/v1/apps/schema/1.json (1 hunks)
  • mockServer/src/mock/get/platform-center/courses.json (0 hunks)
  • mockServer/src/mock/get/platform-center/user/me.json (0 hunks)
  • mockServer/src/services/block.js (1 hunks)
  • mockServer/src/services/blocks.json (2 hunks)
  • mockServer/src/services/pages.js (0 hunks)
  • packages/canvas/DesignCanvas/src/DesignCanvas.vue (1 hunks)
  • packages/common/composable/defaultGlobalService.ts (1 hunks)
  • packages/common/js/canvas.js (1 hunks)
  • packages/plugins/block/src/composable/types.ts (0 hunks)
  • packages/plugins/materials/src/composable/types.ts (0 hunks)
  • packages/toolbars/lock/src/Main.vue (1 hunks)
  • packages/toolbars/save/src/js/index.ts (1 hunks)
  • packages/vue-generator/test/testcases/element-plus-case/mockData.js (0 hunks)
  • packages/vue-generator/test/testcases/generator/expected/appdemo01/src/router/index.js (2 hunks)
  • packages/vue-generator/test/testcases/generator/mockData.js (2 hunks)
💤 Files with no reviewable changes (6)
  • mockServer/src/services/pages.js
  • packages/vue-generator/test/testcases/element-plus-case/mockData.js
  • mockServer/src/mock/get/platform-center/user/me.json
  • packages/plugins/block/src/composable/types.ts
  • packages/plugins/materials/src/composable/types.ts
  • mockServer/src/mock/get/platform-center/courses.json
🧰 Additional context used
🧬 Code Graph Analysis (1)
packages/common/js/canvas.js (2)
packages/register/src/common.ts (1)
  • getMetaApi (54-64)
packages/register/src/constants.ts (1)
  • META_SERVICE (1-22)
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: push-check
🔇 Additional comments (18)
mockServer/src/mock/get/app-center/apps/detail/1.json (1)

20-20: Use simplified home_page ID for consistency.

The home_page value has been updated from a complex string to "1", aligning with other mock data changes for unified page identifiers.

mockServer/src/services/block.js (2)

27-33: Remove resetPasswordToken from userInfo mock.

The userInfo object no longer includes the resetPasswordToken field, which matches the PR goal of removing unnecessary token properties.
Confirm that no mock consumers or front-end code rely on this field.


47-50: Strip resetPasswordToken from occupier in blockModel.

The nested occupier object no longer carries a resetPasswordToken, ensuring consistency across mock entities.
Verify downstream services or test mocks expecting this field are updated accordingly.

mockServer/src/services/blocks.json (1)

418-421: Approve removal of resetPasswordToken from occupier
The mock occupier object correctly excludes resetPasswordToken, matching the refactoring in other mock files and service layers. No further action needed.

mockServer/src/mock/get/app-center/v1/apps/schema/1.json (1)

1693-1693: ID replacement is consistent
The page identifier has been simplified from the complex string to "1", matching the updated default demo page ID across mocks and routing configs.

packages/toolbars/save/src/js/index.ts (1)

139-142: Remove sensitive token from lock message
Excluding resetPasswordToken from the lock notification avoids leaking sensitive data in the UI. The updated message now only surfaces the username.

packages/vue-generator/test/testcases/generator/expected/appdemo01/src/router/index.js (2)

6-7: Update root redirect to new route name
Redirect now points to '1', aligning with the createVm route’s updated name.


16-17: Align createVm route name with page ID
The route name is updated to '1' to match the simplified page identifier.

packages/toolbars/lock/src/Main.vue (1)

90-91: Simplify lock warning message
Removing the token from the warning ensures only the username is shown, preventing unnecessary exposure of credentials.

mockServer/src/assets/json/appinfo.json (4)

4012-4012: Validate createdBy object schema
Only resetPasswordToken should be removed from user sub-objects. Ensure that essential fields (e.g., email, confirmationToken) aren’t inadvertently dropped and that this payload matches the API contract.


4021-4021: Validate occupier object schema
Similar to createdBy, confirm that occupier contains all required properties and that only resetPasswordToken was removed—no other user fields were lost.


29698-29698: Ensure home_page matches an existing page ID
The new value "1" must correspond to a defined page in this file, and the string type must align with downstream consumers’ expectations.


1755-1755:

✅ Verification successful

Verify all old page ID references removed
Confirm that the old identifier "NTJ4MjvqoVj8OVsc" has been fully replaced across the mock data to prevent stale or inconsistent mocks.

Please run:


🏁 Script executed:

#!/bin/bash
# Ensure no references to the old page ID remain
rg -n "NTJ4MjvqoVj8OVsc" mockServer/src/assets/json/appinfo.json

Length of output: 64


No remaining references to old page ID
Verified that NTJ4MjvqoVj8OVsc no longer appears in mockServer/src/assets/json/appinfo.json. All stale mock data has been cleaned up.

packages/vue-generator/test/testcases/generator/mockData.js (1)

1856-1856: LGTM! Simplified demo page identifiers.

The change from complex string IDs to simple "1" improves readability of test mock data and aligns with the PR objective of standardizing demo page references.

Also applies to: 1874-1874

packages/canvas/DesignCanvas/src/DesignCanvas.vue (1)

111-113: LGTM! Properly removes resetPasswordToken from lock message.

The change successfully removes the resetPasswordToken interpolation while adding a fallback for username to prevent undefined values in the lock notification message. This aligns with the PR objective of removing sensitive token data.

packages/common/js/canvas.js (2)

14-14: LGTM! Removed unused import.

The useResource import is no longer needed after removing the demo-related logic.


21-25: LGTM! Simplified canvas status logic.

The removal of demo-related conditions that depended on resetPasswordToken simplifies the function while maintaining correct behavior:

  • No data → Release status
  • Data exists → Compare user IDs for Occupy vs Lock status

This change aligns with the PR objective of removing resetPasswordToken dependencies.

packages/common/composable/defaultGlobalService.ts (1)

215-222:

✅ Verification successful

Verify removal of isAdmin API method.

The isAdmin method that depended on state.userInfo.resetPasswordToken has been removed from the API. While this aligns with the PR objective of removing resetPasswordToken dependencies, it represents a breaking change to the public API.


🏁 Script executed:

#!/bin/bash
# Description: Check if any code still references the removed isAdmin method
# Expected: No references should be found, confirming safe removal

echo "Searching for isAdmin method usage..."
rg -A 3 "\.isAdmin\(" --type js --type ts --type vue
echo ""
echo "Searching for isAdmin property access..."
rg -A 3 "\.isAdmin\b" --type js --type ts --type vue

Length of output: 352


I’ll expand the search to all file types, removing the --type filters:


🏁 Script executed:

#!/bin/bash
# Re-run search for any remaining isAdmin references across all files

echo "Searching for isAdmin method calls..."
rg -A 3 '\.isAdmin\(' || true

echo ""
echo "Searching for isAdmin property access..."
rg -A 3 '\.isAdmin\b' || true

Length of output: 248


isAdmin Removal Confirmed Safe

No remaining references to the removed isAdmin API method were found across the codebase. This breaking change aligns with the PR’s cleanup goal and can be considered safe to merge.

@chilingling chilingling added this to the v2.7.0 milestone Jun 18, 2025
@hexqi hexqi merged commit 0c4662b into opentiny:develop Jun 24, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking-change enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants