Skip to content

Commit

Permalink
enhancement: merge abe users into core
Browse files Browse the repository at this point in the history
  • Loading branch information
nicolaslabbe committed Nov 23, 2016
1 parent 20c0d7d commit 38e5c73
Show file tree
Hide file tree
Showing 30 changed files with 525 additions and 285 deletions.
37 changes: 37 additions & 0 deletions docs/handlebars-helpers/isAuthorized.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Abe handlebars helpers

> Is user authorized for an action
### Example

if user authorized to call url `/abe/deleteAll` show button delete

{{#isAuthorized '/abe/deleteAll' @root.user.role.workflow}}
<div>
I can delete everything !
</div>
{{/isAuthorized}}

### Example of config into abe.json

```json
{
"users": {
"roles": [
{
"workflow":"CustomUser",
"name":"CustomUser"
}
{
"workflow":"admin",
"name":"Admin"
}
],
"routes": {
"admin": [],
"CustomUser": [
"\/abe\/deleteAll.*"
],
```

Because **CustomUser** has an entry with `\/abe\/deleteAll.*` he would not be allowed to call
35 changes: 18 additions & 17 deletions src/cli/cms/editor/handlebars/listPage.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import moment from 'moment'
import {
math
,abeExtend
,config
} from '../../../'

export default function listPage(file, index, text) {
Expand Down Expand Up @@ -38,27 +39,27 @@ export default function listPage(file, index, text) {

var workflow = ''

workflow += '<td align="center" class="draft">'
if(file.draft != null) {
if((file.publish == null)
|| (file.publish && file.publish.date < file.draft.date)) {
workflow += `<a href="/abe${file.draft.html}" class="label label-default label-draft" title="${file.draft.cleanDate}">draft</a>`
}else {
workflow += `<a href="/abe${file.draft.html}" class="hidden label label-default label-draft" title="${file.draft.cleanDate}">draft</a>`
var status = file.abe_meta.status
var workflowUser = config.users.workflow
Array.prototype.forEach.call(workflowUser, (flow) => {
var hidden = ''
if(status !== flow) {
hidden = 'hidden'
}
}else {
workflow += `<a href="/abe${file.abe_meta.link}" class="hidden label label-default label-draft" title="${file.cleanDate}">draft</a>`
}

workflow += '</td>'
workflow += '<td align="center" class="publish">'
workflow += `<td align="center" class="${flow}">`
if(file[flow]) {
if (flow === 'publish') {
workflow += `<a href="/abe${file[flow].html}" class="checkmark label-published" title="${file[flow].cleanDate}">&#10004;</a>`
}else {
workflow += `<a href="/abe${file[flow].html}" class="${hidden} label label-default label-draft" title="${file[flow].cleanDate}">${flow}</a>`
}
}else {

if (file.publish){
workflow += `<a href="/abe${file.publish.html}" class="checkmark label-published" title="${file.publish.cleanDate}">&#10004;</a>`
}
workflow += '</td>'
}
workflow += '</td>'
})

workflow = abeExtend.hooks.instance.trigger('afterListPageDraft', workflow, file, index, text)
res += workflow

res += `<td align="center">
Expand Down
18 changes: 16 additions & 2 deletions src/cli/cms/operations/post.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,17 +126,31 @@ export function unpublish(filePath) {
return p
}

export function reject(filePath, json) {
export function reject(filePath, json, workflow) {
abeExtend.hooks.instance.trigger('beforeReject', filePath)

var rejectToWorkflow
var found = false
Array.prototype.forEach.call(config.users.workflow, (flow) => {
if (workflow === flow) {
found = true
}
if (!found) {
rejectToWorkflow = flow
}
})
if (!found) {
rejectToWorkflow = "draft"
}

var p = new Promise((resolve) => {
if(json.abe_meta.publish != null) {
delete json.abe_meta.publish
}
var p2 = draft(
filePath,
json,
'draft'
rejectToWorkflow
)
p2.then((result) => {
abeExtend.hooks.instance.trigger('afterReject', result)
Expand Down
5 changes: 5 additions & 0 deletions src/cli/cms/templates/handlebars/concat.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
export default function concat() {
var arg = Array.prototype.slice.call(arguments,0)
arg.pop()
return arg.join('')
}
32 changes: 4 additions & 28 deletions src/cli/cms/templates/handlebars/role.js → ...emplates/handlebars/getCurrentuserRole.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,42 +9,18 @@ import {
/**
* Handlebars helper, to print className and escape it string
*/
export default function role(role, obj, ctx) {
export default function getCurrentuserRole(obj, ctx) {
if(typeof obj.express !== 'undefined' && obj.express !== null) {
var cookies = new Cookies(obj.express.req, obj.express.res, {
secure: config.cookie.secure
})
});
var token = cookies.get('x-access-token');

if(typeof token !== 'undefined' && token !== null && token !== '') {
var secret = config.users.secret
var decoded = jwt.decode(token, secret);

var user = User.findSync(decoded.iss)

var roles = config.users.roles
var cpt = 0;
var cptUser = 0;
var cptRole = 0;
Array.prototype.forEach.call(roles, (currentRole) => {
if(currentRole.workflow === user.role.workflow) {
cptUser = cpt
}
if(currentRole.workflow === role) {
cptRole = cpt
}
cpt++;
})

if(cptRole > cptUser) {
return '';
}
return user.role.workflow;
}

var content = ctx.fn(this)
return content

}else {
return '';
}
return '';
}
30 changes: 30 additions & 0 deletions src/cli/cms/templates/handlebars/isAuthorized.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
import Cookies from 'cookies'
import jwt from 'jwt-simple'

import {
config,
User
} from '../../../'

/**
* Handlebars helper, to print className and escape it string
*/
export default function isAuthorized(route, role, ctx) {
var isAuthorized = true

if (config.users.enable) {
var allowedRoutes = User.getUserRoutes(role)
Array.prototype.forEach.call(allowedRoutes, (allowedRoute) => {
var reg = new RegExp(allowedRoute)
if (reg.test(route)) {
isAuthorized = false
}
})
}

if (isAuthorized) {
return ctx.fn(this)
}else {
return ctx.inverse(this)
}
}
12 changes: 9 additions & 3 deletions src/cli/cms/templates/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ import truncate from './handlebars/truncate'
import lowercase from './handlebars/lowercase'
import uppercase from './handlebars/uppercase'
import setVariable from './handlebars/setVariable'
import role from './handlebars/role'
import isAuthorized from './handlebars/isAuthorized'
import concat from './handlebars/concat'
import getCurrentuserRole from './handlebars/getCurrentuserRole'

import * as template from './template'
import * as assets from './assets'
Expand All @@ -44,7 +46,9 @@ Handlebars.registerHelper('truncate', truncate)
Handlebars.registerHelper('lowercase', lowercase)
Handlebars.registerHelper('uppercase', uppercase)
Handlebars.registerHelper('setVariable', setVariable)
Handlebars.registerHelper('role', role)
Handlebars.registerHelper('isAuthorized', isAuthorized)
Handlebars.registerHelper('concat', concat)
Handlebars.registerHelper('getCurrentuserRole', getCurrentuserRole)

HandlebarsIntl.registerWith(Handlebars)

Expand All @@ -63,7 +67,9 @@ export {
lowercase,
uppercase,
setVariable,
role,
isAuthorized,
concat,
getCurrentuserRole,
math,
moduloIf,
notEmpty,
Expand Down
16 changes: 4 additions & 12 deletions src/cli/core/config/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@
"siteUrl": false,
"sitePort": false,
"users": {
"enable": false,
"secret": "GoNinjaGo",
"smtp": null,
"forgotExpire": 60,
Expand All @@ -104,7 +105,7 @@
"text": "Reset your password {{forgotUrl}}",
"html": "<b>Reset your password</b> <a href='{{forgotUrl}}'>{{forgotUrl}}</a>"
},
"mustCommonPassword": ["password", "123456", "12345678", "1234", "qwerty", "12345", "dragon", "pussy", "baseball", "football", "letmein", "monkey", "696969", "abc123", "mustang", "michael", "shadow", "master", "jennifer", "111111", "2000", "jordan", "superman", "harley", "1234567", "fuckme", "hunter", "fuckyou", "trustno1", "ranger", "buster", "thomas", "tigger", "robert", "soccer", "fuck", "batman", "test", "pass", "killer", "hockey", "george", "charlie", "andrew", "michelle", "love", "sunshine", "jessica", "asshole", "6969", "pepper", "daniel", "access", "123456789", "654321", "joshua", "maggie", "starwars", "silver", "william", "dallas", "yankees", "123123", "ashley", "666666", "hello", "amanda", "orange", "biteme", "freedom", "computer", "sexy", "thunder", "nicole", "ginger", "heather", "hammer", "summer", "corvette", "taylor", "fucker", "austin", "1111", "merlin", "matthew", "121212", "golfer", "cheese", "princess", "martin", "chelsea", "patrick", "richard", "diamond", "yellow", "bigdog", "secret", "asdfgh", "sparky", "cowboy"],
"mostCommonPassword": ["password", "123456", "12345678", "1234", "qwerty", "12345", "dragon", "pussy", "baseball", "football", "letmein", "monkey", "696969", "abc123", "mustang", "michael", "shadow", "master", "jennifer", "111111", "2000", "jordan", "superman", "harley", "1234567", "fuckme", "hunter", "fuckyou", "trustno1", "ranger", "buster", "thomas", "tigger", "robert", "soccer", "fuck", "batman", "test", "pass", "killer", "hockey", "george", "charlie", "andrew", "michelle", "love", "sunshine", "jessica", "asshole", "6969", "pepper", "daniel", "access", "123456789", "654321", "joshua", "maggie", "starwars", "silver", "william", "dallas", "yankees", "123123", "ashley", "666666", "hello", "amanda", "orange", "biteme", "freedom", "computer", "sexy", "thunder", "nicole", "ginger", "heather", "hammer", "summer", "corvette", "taylor", "fucker", "austin", "1111", "merlin", "matthew", "121212", "golfer", "cheese", "princess", "martin", "chelsea", "patrick", "richard", "diamond", "yellow", "bigdog", "secret", "asdfgh", "sparky", "cowboy"],
"owasp": {
"allowPassphrases": true,
"maxLength": 128,
Expand All @@ -120,23 +121,14 @@
},
"manage": ["admin"],
"roles": [
{
"workflow":"review",
"name":"Contributor"
},
{
"workflow":"admin",
"name":"Admin"
}
],
"workflow": ["draft", "review", "publish"],
"workflow": ["draft", "publish"],
"routes": {
"admin": [
".*?"
],
"review": [
".*?"
]
"admin": []
}
}
}
58 changes: 36 additions & 22 deletions src/cli/users/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,30 +13,44 @@ import {
} from '../../cli'

function getBdd() {
var bddFile = path.join(config.root, 'users', 'bdd.json')
var json = {}
if (coreUtils.file.exist(bddFile)) {
json = JSON.parse(fs.readFileSync(bddFile, 'utf8'))
}else {
mkdirp(path.dirname(bddFile))
fs.writeJsonSync(bddFile, [], { space: 2, encoding: 'utf-8' })
var admin = add({
"username": "admin",
"name": "admin",
"email": "admin@test.com",
"password": "Adm1n@test",
"role": {
"workflow":"admin",
"name":"Admin"
}
});
activate(admin.user.id)

json = JSON.parse(fs.readFileSync(bddFile, 'utf8'))
if (config.users.enable) {
var bddFile = path.join(config.root, 'users', 'bdd.json')
if (coreUtils.file.exist(bddFile)) {
json = JSON.parse(fs.readFileSync(bddFile, 'utf8'))
}else {
mkdirp(path.dirname(bddFile))
fs.writeJsonSync(bddFile, [], { space: 2, encoding: 'utf-8' })
var admin = add({
"username": "admin",
"name": "admin",
"email": "admin@test.com",
"password": "Adm1n@test",
"role": {
"workflow":"admin",
"name":"Admin"
}
});
activate(admin.user.id)

json = JSON.parse(fs.readFileSync(bddFile, 'utf8'))
}
}
return json;
}

export function getUserRoutes(workflow) {
var routes = config.users.routes;
var userRoles = []
Array.prototype.forEach.call(Object.keys(routes), (role) => {
if(role === workflow) {
userRoles = routes[role]
}
})

return userRoles
}

export function findSync(id) {
var bdd = getBdd()
for (var i = 0, len = bdd.length; i < len; i++) {
Expand Down Expand Up @@ -170,10 +184,10 @@ function contains(arr, obj) {

var sameAsUser = true;
var mostCommon = true;
var mustCommonPassword = [];
var mostCommonPassword = [];
owasp.tests.required.push(function(password) {
var shouldTest = mostCommon
if (shouldTest && contains(mustCommonPassword, password.toLowerCase())) {
if (shouldTest && contains(mostCommonPassword, password.toLowerCase())) {
return "the password used is too common.";
}
});
Expand Down Expand Up @@ -253,7 +267,7 @@ function commonPassword(data) {

currentUserName = data.username;

mustCommonPassword = config.users.mustCommonPassword
mostCommonPassword = config.users.mostCommonPassword
sameAsUser = (typeof owaspConfig.sameAsUser !== 'undefined' && owaspConfig.sameAsUser !== null) ? owaspConfig.sameAsUser : true;
mostCommon = (typeof owaspConfig.mostCommon !== 'undefined' && owaspConfig.mostCommon !== null) ? owaspConfig.mostCommon : true;

Expand Down
1 change: 0 additions & 1 deletion src/server/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,6 @@ Manager.instance.init()
app.set('config', config.getConfigByWebsite())

app.use(flash());
app.use(helmet());
app.use(cookieParser());
app.use(passport.initialize());
app.use(passport.session());
Expand Down
Loading

0 comments on commit 38e5c73

Please sign in to comment.