Skip to content

Commit

Permalink
fix: fix domain privilege management per <Automattic/mongoose#11522>,…
Browse files Browse the repository at this point in the history
… added ansible verbosity, bump deps
  • Loading branch information
titanism committed Apr 8, 2022
1 parent 4573238 commit 9e3ec85
Show file tree
Hide file tree
Showing 9 changed files with 400 additions and 373 deletions.
3 changes: 3 additions & 0 deletions ansible/playbooks/mongo.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@
mongodb_net_bindip: "127.0.0.1,{{ lookup('env', 'MONGO_HOST') }}"
mongodb_security_javascript_enabled: true
mongodb_manage_service: true
mongodb_config:
systemLog:
- "verbosity: 0"
# this was already defined in the mongo role
# https://github.com/UnderGreen/ansible-role-mongodb/blob/master/handlers/main.yml
handlers:
Expand Down
4 changes: 4 additions & 0 deletions app/controllers/web/my-account/create-invite.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@ async function createInvite(ctx, next) {

// create the invite
ctx.state.domain = await Domains.findById(ctx.state.domain._id);
if (!ctx.state.domain)
return ctx.throw(
Boom.notFound(ctx.translateError('DOMAIN_DOES_NOT_EXIST'))
);
ctx.state.domain.invites.push({
email: email.toLowerCase(),
group: ctx.request.body.group
Expand Down
4 changes: 4 additions & 0 deletions app/controllers/web/my-account/remove-invite.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ async function removeInvite(ctx, next) {
if (!isSANB(email) || !isEmail(email))
return ctx.throw(Boom.badRequest(ctx.translateError('INVALID_EMAIL')));
ctx.state.domain = await Domains.findById(ctx.state.domain._id);
if (!ctx.state.domain)
return ctx.throw(
Boom.notFound(ctx.translateError('DOMAIN_DOES_NOT_EXIST'))
);
// remove invite
ctx.state.domain.invites = ctx.state.domain.invites.filter(
(invite) => invite.email.toLowerCase() !== email.toLowerCase()
Expand Down
4 changes: 4 additions & 0 deletions app/controllers/web/my-account/remove-member.js
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ async function removeMember(ctx, next) {
);

ctx.state.domain = await Domains.findById(ctx.state.domain._id);
if (!ctx.state.domain)
return ctx.throw(
Boom.notFound(ctx.translateError('DOMAIN_DOES_NOT_EXIST'))
);
ctx.state.domain.members = ctx.state.domain.members.filter(
(member) => member.user.toString() !== ctx.params.member_id
);
Expand Down
54 changes: 33 additions & 21 deletions app/controllers/web/my-account/retrieve-invite.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,16 @@ async function retrieveInvite(ctx) {
);

const domain = await Domains.findOne({
id: ctx.params.domain_id,
'invites.email': ctx.state.user.email
$or: [
{
id: ctx.params.domain_id,
'invites.email': ctx.state.user.email
},
{
id: ctx.params.domain_id,
'members.user': ctx.state.user._id
}
]
});

if (!domain)
Expand All @@ -24,26 +32,30 @@ async function retrieveInvite(ctx) {
(invite) => invite.email === ctx.state.user.email
);

if (!invite)
return ctx.throw(
Boom.notFound(ctx.translateError('INVITE_DOES_NOT_EXIST'))
);
let group = 'user';

const { group } = invite;
domain.members.push({
user: ctx.state.user._id,
group
});
if (invite) {
({ group } = invite);
domain.members.push({
user: ctx.state.user._id,
group
});

// remove invitee from invites list
domain.invites = domain.invites.filter(
(invite) => invite.email !== ctx.state.user.email
);
// remove invitee from invites list
domain.invites = domain.invites.filter(
(invite) => invite.email !== ctx.state.user.email
);

// save domain
domain.locale = ctx.locale;
domain.skip_verification = true;
ctx.state.domain = await domain.save();
// save domain
domain.locale = ctx.locale;
domain.skip_verification = true;
ctx.state.domain = await domain.save();
} else {
const match = domain.members.find(
(member) => member._id.toString() === ctx.state.user.id
);
group = match && match.group === 'admin' ? 'admin' : 'user';
}

// flash a message to the user telling them they've successfully accepted
const message =
Expand All @@ -62,8 +74,8 @@ async function retrieveInvite(ctx) {
// redirect user to either alias page (if user) or admin page (if admin)
const redirectTo =
group === 'admin'
? ctx.state.l(`/my-account/domains/${ctx.state.domain.name}`)
: ctx.state.l(`/my-account/domains/${ctx.state.domain.name}/aliases`);
? ctx.state.l(`/my-account/domains/${domain.name}`)
: ctx.state.l(`/my-account/domains/${domain.name}/aliases`);

if (ctx.accepts('html')) ctx.redirect(redirectTo);
else ctx.body = { redirectTo };
Expand Down
4 changes: 4 additions & 0 deletions app/controllers/web/my-account/update-domain.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ const { Domains } = require('#models');
// eslint-disable-next-line complexity
async function updateDomain(ctx, next) {
ctx.state.domain = await Domains.findById(ctx.state.domain._id);
if (!ctx.state.domain)
return ctx.throw(
Boom.notFound(ctx.translateError('DOMAIN_DOES_NOT_EXIST'))
);

// Custom SMTP Port Forwarding
if (isSANB(ctx.request.body.smtp_port)) {
Expand Down
41 changes: 23 additions & 18 deletions app/controllers/web/my-account/update-member.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,29 +15,34 @@ async function updateMember(ctx, next) {
)
return ctx.throw(Boom.badRequest(ctx.translateError('INVALID_GROUP')));

const member = ctx.state.domain.members.find(
(member) => member.user.id === ctx.params.member_id
);

if (!member)
return ctx.throw(Boom.notFound(ctx.translateError('INVALID_USER')));

const domain = await Domains.findById(ctx.state.domain._id);

if (!domain)
ctx.state.domain = await Domains.findById(ctx.state.domain._id);
if (!ctx.state.domain)
return ctx.throw(
Boom.notFound(ctx.translateError('DOMAIN_DOES_NOT_EXIST'))
);

const match = ctx.state.domain.members.find(
(member) => member.user.toString() === ctx.params.member_id
);

if (!match)
return ctx.throw(Boom.notFound(ctx.translateError('INVALID_USER')));

// swap the user group based off ctx.request.body.group
for (const member of domain.members) {
if (member.user.toString() === ctx.params.member_id)
member.group = ctx.request.body.group;
}

domain.locale = ctx.locale;
domain.client = ctx.client;
ctx.state.domain = await domain.save();
// <https://github.com/Automattic/mongoose/issues/11522>
ctx.state.domain.members = ctx.state.domain.members.map((member) => {
return {
user: member.user,
group:
member.user.toString() === ctx.params.member_id
? ctx.request.body.group
: member.group
};
});

ctx.state.domain.locale = ctx.locale;
ctx.state.domain.client = ctx.client;
ctx.state.domain = await ctx.state.domain.save();

if (ctx.api) return next();

Expand Down
28 changes: 14 additions & 14 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"@ladjs/api": "7.1.1",
"@ladjs/assets": "1.4.2",
"@ladjs/env": "3.0.0",
"@ladjs/graceful": "2.0.0",
"@ladjs/graceful": "2.0.1",
"@ladjs/i18n": "7.2.6",
"@ladjs/mongoose": "3.0.0",
"@ladjs/mongoose-error-messages": "1.0.0",
Expand All @@ -49,20 +49,20 @@
"@sidoshi/random-string": "1.0.0",
"@tkrotoff/bootstrap-floating-label": "0.8",
"accounting": "0.4.1",
"apexcharts": "3.34.0",
"apexcharts": "3.35.0",
"array-join-conjunction": "1.0.0",
"aws-sdk": "2.1104.0",
"aws-sdk": "2.1110.0",
"axe": "8.1.2",
"basic-auth": "2.0.1",
"boolean": "3.2.0",
"bootstrap": "4.6.0",
"bree": "8.0.2",
"bree": "8.0.3",
"bson-objectid": "2.0.3",
"cabin": "9.1.2",
"capitalize": "2.0.4",
"captain-hook": "0.0.3",
"clipboard": "2.0.10",
"codemirror": "^5.65.2",
"codemirror": "5.65.2",
"consolidate": "0.16.0",
"country-list": "2.2.0",
"crypto-random-string": "3",
Expand All @@ -80,8 +80,8 @@
"github-markdown-css": "5.1.0",
"hcaptcha": "0.1.0",
"highlight.js": "11.5.0",
"html-to-text": "8.1.0",
"htmlhint": "^1.1.3",
"html-to-text": "8.2.0",
"htmlhint": "1.1.3",
"humanize-string": "2",
"ip": "1.1.5",
"is-fqdn": "2.0.1",
Expand All @@ -106,7 +106,7 @@
"memoizee": "0.4.15",
"mongodb-memory-server": "8.4.2",
"mongodb-short-id": "0.3.3",
"mongoose": "6.2.9",
"mongoose": "6.2.10",
"mongoose-common-plugin": "2.0.3",
"mongoose-omit-common-fields": "0.0.6",
"mongoose-unique-validator": "2.0.3",
Expand Down Expand Up @@ -138,7 +138,7 @@
"speakingurl": "14.0.1",
"split-lines": "2",
"stacktrace-js": "2.0.2",
"stripe": "8.214.0",
"stripe": "8.215.0",
"striptags": "3.2.0",
"superagent": "7.1.1",
"sweetalert2": "8",
Expand All @@ -152,21 +152,21 @@
},
"devDependencies": {
"@babel/cli": "7.17.6",
"@babel/core": "7.17.8",
"@babel/core": "7.17.9",
"@babel/polyfill": "7.12.1",
"@babel/preset-env": "7.16.11",
"@commitlint/cli": "16.2.3",
"@commitlint/config-conventional": "16.2.1",
"@ladjs/browserslist-config": "0.0.1",
"@ladjs/gulp-envify": "2.0.1",
"@ladjs/pug-lint-config-lad": "0.1.1",
"@prettier/plugin-pug": "1.20.0",
"@prettier/plugin-pug": "1.20.1",
"ava": "4.1.0",
"babel-eslint": "10.1.0",
"browserify": "17.0.0",
"bundle-collapser": "1.4.0",
"codecov": "3.8.3",
"cssnano": "5.1.5",
"cssnano": "5.1.7",
"del": "6.0.0",
"eslint": "8.12.0",
"eslint-config-xo-lass": "1.0.6",
Expand Down Expand Up @@ -214,12 +214,12 @@
"postcss-preset-env": "7.4.3",
"postcss-reporter": "7.0.5",
"postcss-scss": "4.0.3",
"prettier": "2.6.1",
"prettier": "2.6.2",
"pug-lint": "2.6.0",
"rc": "1.2.8",
"remark-cli": "10.0.1",
"remark-preset-github": "4.0.1",
"sass": "1.49.9",
"sass": "1.50.0",
"sinon": "13.0.1",
"stylelint": "14.6.1",
"stylelint-config-recommended-scss": "6.0.0",
Expand Down
Loading

0 comments on commit 9e3ec85

Please sign in to comment.