create user token via cli
This commit is contained in:
MaysWind
@@ -192,6 +192,19 @@ var UserData = &cli.Command{
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: "user-session-new",
|
||||
Usage: "Create new session for user",
|
||||
Action: bindAction(createNewUserToken),
|
||||
Flags: []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "username",
|
||||
Aliases: []string{"n"},
|
||||
Required: true,
|
||||
Usage: "Specific user name",
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: "user-session-clear",
|
||||
Usage: "Clear user all sessions",
|
||||
@@ -549,6 +562,27 @@ func listUserTokens(c *core.CliContext) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func createNewUserToken(c *core.CliContext) error {
|
||||
_, err := initializeSystem(c)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
username := c.String("username")
|
||||
token, tokenString, err := clis.UserData.CreateNewUserToken(c, username)
|
||||
|
||||
if err != nil {
|
||||
log.CliErrorf(c, "[user_data.createNewUserToken] error occurs when creating user token")
|
||||
return err
|
||||
}
|
||||
|
||||
printTokenInfo(token)
|
||||
fmt.Printf("[NewToken] %s\n", tokenString)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func clearUserTokens(c *core.CliContext) error {
|
||||
_, err := initializeSystem(c)
|
||||
|
||||
|
||||
@@ -352,6 +352,30 @@ func (l *UserDataCli) ListUserTokens(c *core.CliContext, username string) ([]*mo
|
||||
return tokens, nil
|
||||
}
|
||||
|
||||
// CreateNewUserToken returns a new token for the specified user
|
||||
func (l *UserDataCli) CreateNewUserToken(c *core.CliContext, username string) (*models.TokenRecord, string, error) {
|
||||
if username == "" {
|
||||
log.CliErrorf(c, "[user_data.CreateNewUserToken] user name is empty")
|
||||
return nil, "", errs.ErrUsernameIsEmpty
|
||||
}
|
||||
|
||||
user, err := l.GetUserByUsername(c, username)
|
||||
|
||||
if err != nil {
|
||||
log.CliErrorf(c, "[user_data.CreateNewUserToken] error occurs when getting user by user name")
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
token, tokenRecord, err := l.tokens.CreateTokenViaCli(c, user)
|
||||
|
||||
if err != nil {
|
||||
log.CliErrorf(c, "[user_data.CreateNewUserToken] failed to create token for user \"%s\", because %s", username, err.Error())
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
return tokenRecord, token, nil
|
||||
}
|
||||
|
||||
// ClearUserTokens clears all tokens of the specified user
|
||||
func (l *UserDataCli) ClearUserTokens(c *core.CliContext, username string) error {
|
||||
if username == "" {
|
||||
|
||||
+23
-11
@@ -78,34 +78,46 @@ func (s *TokenService) ParseTokenByCookie(c *core.WebContext, tokenCookieName st
|
||||
return s.parseToken(c, utils.CookieExtractor{tokenCookieName})
|
||||
}
|
||||
|
||||
// CreateTokenViaCli generates a new normal token and saves to database
|
||||
func (s *TokenService) CreateTokenViaCli(c *core.CliContext, user *models.User) (string, *models.TokenRecord, error) {
|
||||
token, _, tokenRecord, err := s.createToken(c, user, core.USER_TOKEN_TYPE_NORMAL, "ezbookkeeping Cli", s.CurrentConfig().TokenExpiredTimeDuration)
|
||||
return token, tokenRecord, err
|
||||
}
|
||||
|
||||
// CreateToken generates a new normal token and saves to database
|
||||
func (s *TokenService) CreateToken(c *core.WebContext, user *models.User) (string, *core.UserTokenClaims, error) {
|
||||
return s.createToken(c, user, core.USER_TOKEN_TYPE_NORMAL, s.getUserAgent(c), s.CurrentConfig().TokenExpiredTimeDuration)
|
||||
token, claims, _, err := s.createToken(c, user, core.USER_TOKEN_TYPE_NORMAL, s.getUserAgent(c), s.CurrentConfig().TokenExpiredTimeDuration)
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
// CreateRequire2FAToken generates a new token requiring user to verify 2fa passcode and saves to database
|
||||
func (s *TokenService) CreateRequire2FAToken(c *core.WebContext, user *models.User) (string, *core.UserTokenClaims, error) {
|
||||
return s.createToken(c, user, core.USER_TOKEN_TYPE_REQUIRE_2FA, s.getUserAgent(c), s.CurrentConfig().TemporaryTokenExpiredTimeDuration)
|
||||
token, claims, _, err := s.createToken(c, user, core.USER_TOKEN_TYPE_REQUIRE_2FA, s.getUserAgent(c), s.CurrentConfig().TemporaryTokenExpiredTimeDuration)
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
// CreateEmailVerifyToken generates a new email verify token and saves to database
|
||||
func (s *TokenService) CreateEmailVerifyToken(c *core.WebContext, user *models.User) (string, *core.UserTokenClaims, error) {
|
||||
return s.createToken(c, user, core.USER_TOKEN_TYPE_EMAIL_VERIFY, s.getUserAgent(c), s.CurrentConfig().EmailVerifyTokenExpiredTimeDuration)
|
||||
token, claims, _, err := s.createToken(c, user, core.USER_TOKEN_TYPE_EMAIL_VERIFY, s.getUserAgent(c), s.CurrentConfig().EmailVerifyTokenExpiredTimeDuration)
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
// CreateEmailVerifyTokenWithoutUserAgent generates a new email verify token and saves to database
|
||||
func (s *TokenService) CreateEmailVerifyTokenWithoutUserAgent(c core.Context, user *models.User) (string, *core.UserTokenClaims, error) {
|
||||
return s.createToken(c, user, core.USER_TOKEN_TYPE_EMAIL_VERIFY, "", s.CurrentConfig().EmailVerifyTokenExpiredTimeDuration)
|
||||
token, claims, _, err := s.createToken(c, user, core.USER_TOKEN_TYPE_EMAIL_VERIFY, "", s.CurrentConfig().EmailVerifyTokenExpiredTimeDuration)
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
// CreatePasswordResetToken generates a new password reset token and saves to database
|
||||
func (s *TokenService) CreatePasswordResetToken(c *core.WebContext, user *models.User) (string, *core.UserTokenClaims, error) {
|
||||
return s.createToken(c, user, core.USER_TOKEN_TYPE_PASSWORD_RESET, s.getUserAgent(c), s.CurrentConfig().PasswordResetTokenExpiredTimeDuration)
|
||||
token, claims, _, err := s.createToken(c, user, core.USER_TOKEN_TYPE_PASSWORD_RESET, s.getUserAgent(c), s.CurrentConfig().PasswordResetTokenExpiredTimeDuration)
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
// CreatePasswordResetTokenWithoutUserAgent generates a new password reset token and saves to database
|
||||
func (s *TokenService) CreatePasswordResetTokenWithoutUserAgent(c core.Context, user *models.User) (string, *core.UserTokenClaims, error) {
|
||||
return s.createToken(c, user, core.USER_TOKEN_TYPE_PASSWORD_RESET, "", s.CurrentConfig().PasswordResetTokenExpiredTimeDuration)
|
||||
token, claims, _, err := s.createToken(c, user, core.USER_TOKEN_TYPE_PASSWORD_RESET, "", s.CurrentConfig().PasswordResetTokenExpiredTimeDuration)
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
// UpdateTokenLastSeen updates the last seen time of specified token
|
||||
@@ -350,7 +362,7 @@ func (s *TokenService) parseToken(c *core.WebContext, extractor request.Extracto
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
func (s *TokenService) createToken(c core.Context, user *models.User, tokenType core.TokenType, userAgent string, expiryDate time.Duration) (string, *core.UserTokenClaims, error) {
|
||||
func (s *TokenService) createToken(c core.Context, user *models.User, tokenType core.TokenType, userAgent string, expiryDate time.Duration) (string, *core.UserTokenClaims, *models.TokenRecord, error) {
|
||||
var err error
|
||||
now := time.Now()
|
||||
|
||||
@@ -365,7 +377,7 @@ func (s *TokenService) createToken(c core.Context, user *models.User, tokenType
|
||||
}
|
||||
|
||||
if tokenRecord.Secret, err = utils.GetRandomString(10); err != nil {
|
||||
return "", nil, err
|
||||
return "", nil, nil, err
|
||||
}
|
||||
|
||||
claims := &core.UserTokenClaims{
|
||||
@@ -381,16 +393,16 @@ func (s *TokenService) createToken(c core.Context, user *models.User, tokenType
|
||||
tokenString, err := jwtToken.SignedString([]byte(tokenRecord.Secret))
|
||||
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
return "", nil, nil, err
|
||||
}
|
||||
|
||||
err = s.createTokenRecord(c, tokenRecord)
|
||||
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
return "", nil, nil, err
|
||||
}
|
||||
|
||||
return tokenString, claims, err
|
||||
return tokenString, claims, tokenRecord, err
|
||||
}
|
||||
|
||||
func (s *TokenService) getTokenRecord(c core.Context, uid int64, userTokenId int64, createUnixTime int64) (*models.TokenRecord, error) {
|
||||
|
||||
+47
-5
@@ -99,6 +99,10 @@ export function generateRandomUUID() {
|
||||
return uuid;
|
||||
}
|
||||
|
||||
export function isSessionUserAgentCreatedByCli(ua) {
|
||||
return ua === 'ezbookkeeping Cli';
|
||||
}
|
||||
|
||||
export function parseUserAgent(ua) {
|
||||
const uaParseRet = uaParser(ua);
|
||||
|
||||
@@ -119,13 +123,16 @@ export function parseUserAgent(ua) {
|
||||
};
|
||||
}
|
||||
|
||||
export function parseDeviceInfo(ua) {
|
||||
const uaInfo = parseUserAgent(ua);
|
||||
export function parseDeviceInfo(uaInfo) {
|
||||
if (!uaInfo) {
|
||||
return '';
|
||||
}
|
||||
|
||||
let result = '';
|
||||
|
||||
if (uaInfo.device.model) {
|
||||
if (uaInfo.device && uaInfo.device.model) {
|
||||
result = uaInfo.device.model;
|
||||
} else if (uaInfo.os.name) {
|
||||
} else if (uaInfo.os && uaInfo.os.name) {
|
||||
result = uaInfo.os.name;
|
||||
|
||||
if (uaInfo.os.version) {
|
||||
@@ -133,7 +140,7 @@ export function parseDeviceInfo(ua) {
|
||||
}
|
||||
}
|
||||
|
||||
if (uaInfo.browser.name) {
|
||||
if (uaInfo.browser && uaInfo.browser.name) {
|
||||
let browserInfo = uaInfo.browser.name;
|
||||
|
||||
if (uaInfo.browser.version) {
|
||||
@@ -154,6 +161,41 @@ export function parseDeviceInfo(ua) {
|
||||
return result;
|
||||
}
|
||||
|
||||
export function parseSessionInfo(token) {
|
||||
const isCreatedByCli = isSessionUserAgentCreatedByCli(token.userAgent);
|
||||
const uaInfo = parseUserAgent(token.userAgent);
|
||||
let deviceType = '';
|
||||
|
||||
if (isCreatedByCli) {
|
||||
deviceType = 'cli';
|
||||
} else {
|
||||
if (uaInfo && uaInfo.device) {
|
||||
if (uaInfo.device.type === 'mobile') {
|
||||
deviceType = 'phone';
|
||||
} else if (uaInfo.device.type === 'wearable') {
|
||||
deviceType = 'wearable';
|
||||
} else if (uaInfo.device.type === 'tablet') {
|
||||
deviceType = 'tablet';
|
||||
} else if (uaInfo.device.type === 'smarttv') {
|
||||
deviceType = 'tv';
|
||||
} else {
|
||||
deviceType = 'default';
|
||||
}
|
||||
} else {
|
||||
deviceType = 'default';
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
tokenId: token.tokenId,
|
||||
isCurrent: token.isCurrent,
|
||||
deviceType: deviceType,
|
||||
deviceInfo: isCreatedByCli ? token.userAgent : parseDeviceInfo(uaInfo),
|
||||
createdByCli: isCreatedByCli,
|
||||
lastSeen: token.lastSeen
|
||||
}
|
||||
}
|
||||
|
||||
export function makeButtonCopyToClipboard({ text, el, successCallback, errorCallback }) {
|
||||
const clipboard = new Clipboard(el, {
|
||||
text: function () {
|
||||
|
||||
@@ -106,10 +106,10 @@
|
||||
v-for="session in sessions">
|
||||
<td class="text-sm">
|
||||
<v-icon start :icon="session.icon"/>
|
||||
{{ session.deviceType }}
|
||||
{{ $t(session.isCurrent ? 'Current' : 'Other Device') }}
|
||||
</td>
|
||||
<td class="text-sm">{{ session.deviceInfo }}</td>
|
||||
<td class="text-sm">{{ session.lastSeen }}</td>
|
||||
<td class="text-sm">{{ session.lastSeenDateTime }}</td>
|
||||
<td class="text-sm text-right">
|
||||
<v-btn density="comfortable" color="error" variant="tonal"
|
||||
:disabled="session.isCurrent || loadingSession"
|
||||
@@ -136,7 +136,7 @@ import { useUserStore } from '@/stores/user.js';
|
||||
import { useTokensStore } from '@/stores/token.js';
|
||||
|
||||
import { isEquals } from '@/lib/common.js';
|
||||
import { parseDeviceInfo, parseUserAgent } from '@/lib/misc.js';
|
||||
import { parseSessionInfo } from '@/lib/misc.js';
|
||||
|
||||
import {
|
||||
mdiRefresh,
|
||||
@@ -144,6 +144,7 @@ import {
|
||||
mdiTablet,
|
||||
mdiWatch,
|
||||
mdiTelevision,
|
||||
mdiConsole,
|
||||
mdiDevices
|
||||
} from '@mdi/js';
|
||||
|
||||
@@ -187,15 +188,10 @@ export default {
|
||||
|
||||
for (let i = 0; i < this.tokens.length; i++) {
|
||||
const token = this.tokens[i];
|
||||
|
||||
sessions.push({
|
||||
tokenId: token.tokenId,
|
||||
isCurrent: token.isCurrent,
|
||||
deviceType: this.$t(token.isCurrent ? 'Current' : 'Other Device'),
|
||||
deviceInfo: parseDeviceInfo(token.userAgent),
|
||||
icon: this.getTokenIcon(token),
|
||||
lastSeen: token.lastSeen ? this.$locale.formatUnixTimeToLongDateTime(this.userStore, token.lastSeen) : '-'
|
||||
});
|
||||
const sessionInfo = parseSessionInfo(token);
|
||||
sessionInfo.icon = this.getTokenIcon(sessionInfo.deviceType);
|
||||
sessionInfo.lastSeenDateTime = sessionInfo.lastSeen ? this.$locale.formatUnixTimeToLongDateTime(this.userStore, sessionInfo.lastSeen) : '-';
|
||||
sessions.push(sessionInfo);
|
||||
}
|
||||
|
||||
return sessions;
|
||||
@@ -335,21 +331,17 @@ export default {
|
||||
});
|
||||
});
|
||||
},
|
||||
getTokenIcon(token) {
|
||||
const ua = parseUserAgent(token.userAgent);
|
||||
|
||||
if (!ua || !ua.device) {
|
||||
return mdiDevices;
|
||||
}
|
||||
|
||||
if (ua.device.type === 'mobile') {
|
||||
getTokenIcon(deviceType) {
|
||||
if (deviceType === 'phone') {
|
||||
return mdiCellphone;
|
||||
} else if (ua.device.type === 'wearable') {
|
||||
} else if (deviceType === 'wearable') {
|
||||
return mdiWatch;
|
||||
} else if (ua.device.type === 'tablet') {
|
||||
} else if (deviceType === 'tablet') {
|
||||
return mdiTablet;
|
||||
} else if (ua.device.type === 'smarttv') {
|
||||
} else if (deviceType === 'tv') {
|
||||
return mdiTelevision;
|
||||
} else if (deviceType === 'cli') {
|
||||
return mdiConsole;
|
||||
} else {
|
||||
return mdiDevices;
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<f7-list strong inset dividers media-list class="margin-top" v-else-if="!loading">
|
||||
<f7-list-item class="list-item-media-valign-middle" swipeout
|
||||
:id="session.domId"
|
||||
:title="session.deviceType"
|
||||
:title="$t(session.isCurrent ? 'Current' : 'Other Device')"
|
||||
:text="session.deviceInfo"
|
||||
:key="session.tokenId"
|
||||
v-for="session in sessions">
|
||||
@@ -32,7 +32,7 @@
|
||||
<f7-icon :f7="session.icon"></f7-icon>
|
||||
</template>
|
||||
<template #after>
|
||||
<small>{{ session.lastSeen }}</small>
|
||||
<small>{{ session.lastSeenDateTime }}</small>
|
||||
</template>
|
||||
<f7-swipeout-actions right v-if="!session.isCurrent">
|
||||
<f7-swipeout-button color="red" :text="$t('Log Out')" @click="revoke(session)"></f7-swipeout-button>
|
||||
@@ -48,7 +48,7 @@ import { useUserStore } from '@/stores/user.js';
|
||||
import { useTokensStore } from '@/stores/token.js';
|
||||
|
||||
import { isEquals } from '@/lib/common.js';
|
||||
import { parseDeviceInfo, parseUserAgent } from '@/lib/misc.js';
|
||||
import { parseSessionInfo } from '@/lib/misc.js';
|
||||
|
||||
import { onSwipeoutDeleted } from '@/lib/ui.mobile.js';
|
||||
|
||||
@@ -74,16 +74,11 @@ export default {
|
||||
|
||||
for (let i = 0; i < this.tokens.length; i++) {
|
||||
const token = this.tokens[i];
|
||||
|
||||
sessions.push({
|
||||
tokenId: token.tokenId,
|
||||
domId: this.getTokenDomId(token.tokenId),
|
||||
isCurrent: token.isCurrent,
|
||||
deviceType: this.$t(token.isCurrent ? 'Current' : 'Other Device'),
|
||||
deviceInfo: parseDeviceInfo(token.userAgent),
|
||||
icon: this.getTokenIcon(token),
|
||||
lastSeen: token.lastSeen ? this.$locale.formatUnixTimeToLongDateTime(this.userStore, token.lastSeen) : '-'
|
||||
});
|
||||
const sessionInfo = parseSessionInfo(token);
|
||||
sessionInfo.domId = this.getTokenDomId(sessionInfo.tokenId);
|
||||
sessionInfo.icon = this.getTokenIcon(sessionInfo.deviceType);
|
||||
sessionInfo.lastSeenDateTime = sessionInfo.lastSeen ? this.$locale.formatUnixTimeToLongDateTime(this.userStore, sessionInfo.lastSeen) : '-';
|
||||
sessions.push(sessionInfo);
|
||||
}
|
||||
|
||||
return sessions;
|
||||
@@ -191,21 +186,17 @@ export default {
|
||||
});
|
||||
});
|
||||
},
|
||||
getTokenIcon(token) {
|
||||
const ua = parseUserAgent(token.userAgent);
|
||||
|
||||
if (!ua || !ua.device) {
|
||||
return 'device_desktop';
|
||||
}
|
||||
|
||||
if (ua.device.type === 'mobile') {
|
||||
getTokenIcon(deviceType) {
|
||||
if (deviceType === 'phone') {
|
||||
return 'device_phone_portrait';
|
||||
} else if (ua.device.type === 'wearable') {
|
||||
} else if (deviceType === 'wearable') {
|
||||
return 'device_phone_portrait';
|
||||
} else if (ua.device.type === 'tablet') {
|
||||
} else if (deviceType === 'tablet') {
|
||||
return 'device_tablet_portrait';
|
||||
} else if (ua.device.type === 'smarttv') {
|
||||
} else if (deviceType === 'tv') {
|
||||
return 'tv';
|
||||
} else if (deviceType === 'cli') {
|
||||
return 'chevron_left_slash_chevron_right';
|
||||
} else {
|
||||
return 'device_desktop';
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user