IlyaSobolev/DocSpace-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:ONLYOFFICE/CommunityServer-AspNetCore

Browse Source
This commit is contained in:
Alexey Safronov 2019-10-04 09:22:56 +03:00
commit ea71ac3f3c
5 changed files with 63 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
common/ASC.Core.Common/Security/EmailValidationKeyProvider.cs
View File

@ -173,6 +173,17 @@ namespace ASC.Security.Cryptography
checkKeyResult = ValidateEmailKey(Email + Type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)) + UiD, Key, ValidInterval);
break;
case ConfirmType.Activation:
checkKeyResult = ValidateEmailKey(Email + Type + UiD, Key, ValidInterval);
break;
case ConfirmType.ProfileRemove:
// validate UiD
if (P == 1)
{
var user = CoreContext.UserManager.GetUsers(UiD.GetValueOrDefault());
if (user == null || user.Status == EmployeeStatus.Terminated || SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != UiD)
return ValidationResult.Invalid;
}
checkKeyResult = ValidateEmailKey(Email + Type + UiD, Key, ValidInterval);
break;
default:

44
products/ASC.People/Server/Controllers/PeopleController.cs
View File

@ -575,6 +575,50 @@ namespace ASC.Employee.Core.Controllers
return new EmployeeWraperFull(user, ApiContext);
}
[Delete("@self")]
[Authorize(AuthenticationSchemes = "confirm", Roles = "ProfileRemove")]
public EmployeeWraperFull DeleteProfile()
{
ApiContext.AuthByClaim();
if (CoreContext.UserManager.IsSystemUser(SecurityContext.CurrentAccount.ID))
throw new SecurityException();
var user = GetUserInfo(SecurityContext.CurrentAccount.ID.ToString());
if (!CoreContext.UserManager.UserExists(user))
throw new Exception(Resource.ErrorUserNotFound);
if(user.IsLDAP())
throw new SecurityException();
_ = SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
user.Status = EmployeeStatus.Terminated;
CoreContext.UserManager.SaveUserInfo(Tenant, user);
var userName = user.DisplayUserName(false);
MessageService.Send(MessageAction.UsersUpdatedStatus, MessageTarget.Create(user.ID), userName);
HttpContext.ResetUserCookie(Tenant.TenantId, user.ID);
MessageService.Send(MessageAction.CookieSettingsUpdated);
if (CoreContext.Configuration.Personal)
{
UserPhotoManager.RemovePhoto(Tenant, user.ID);
CoreContext.UserManager.DeleteUser(Tenant, user.ID);
MessageService.Send(MessageAction.UserDeleted, MessageTarget.Create(user.ID), userName);
}
else
{
//StudioNotifyService.Instance.SendMsgProfileHasDeletedItself(user);
//StudioNotifyService.SendMsgProfileDeletion(Tenant.TenantId, user);
}
return new EmployeeWraperFull(user, ApiContext);
}
[Update("{userid}/contacts")]
public EmployeeWraperFull UpdateMemberContacts(string userid, UpdateMemberModel memberModel)
{

12
web/ASC.Web.Client/src/components/pages/Confirm/sub-components/profileRemove.js
View File

@ -5,8 +5,8 @@ import styled from 'styled-components';
import { welcomePageTitle } from './../../../../helpers/customNames';
import PropTypes from 'prop-types';
import { withTranslation } from 'react-i18next';
import { deleteUser, updateUserStatus } from './../../../../store/services/api'
import { EmployeeStatus } from './../../../../helpers/constants';
import { deleteSelf } from './../../../../store/services/api';
import setAuthorizationToken from './../../../../store/services/setAuthorizationToken';
const ProfileRemoveContainer = styled.div`
display: flex;
@ -40,17 +40,13 @@ class ProfileRemove extends React.PureComponent {
onDeleteProfile = (e) => {
this.setState({ isLoading: true }, function () {
const { linkData } = this.props;
updateUserStatus(EmployeeStatus.Disabled, [linkData.uid], linkData.confirmHeader)
.then((res) => {
console.log('success update status', res)
return deleteUser(linkData.uid);
})
deleteSelf(linkData.confirmHeader)
.then((res) => {
this.setState({
isLoading: false,
isProfileDeleted: true
});
setAuthorizationToken();
console.log('success delete', res)
})
.catch((e) => {

13
web/ASC.Web.Client/src/store/services/api.js
View File

@ -85,20 +85,13 @@ export function checkConfirmLink(data) {
: axios.post(`${API_URL}/authentication/confirm.json`, data);
}
export function deleteUser(userId) {
export function deleteSelf(key) {
return IS_FAKE
? fakeApi.deleteUser(userId)
: axios.delete(`${API_URL}/people/${userId}.json`);
}
export function updateUserStatus(status, userIds, key) {
return IS_FAKE
? fakeApi.updateUserStatus(status, userIds)
: axios.put(`${API_URL}/people/status/${status}`, { userIds }, {
? fakeApi.deleteUser(key)
: axios.delete(`${API_URL}/people/@self`, {
headers: { confirm: key }
});
}
export function sendInstructionsToChangePassword(email) {
return IS_FAKE
? fakeApi.sendInstructionsToChangePassword()

2
web/ASC.Web.Core/Notify/StudioNotifyService.cs
View File

@ -447,7 +447,7 @@ namespace ASC.Web.Studio.Core.Notify
public void SendMsgProfileDeletion(int tenantId, UserInfo user)
{
var confirmationUrl = CommonLinkUtility.GetConfirmationUrl(tenantId, user.Email, ConfirmType.ProfileRemove, null, SecurityContext.CurrentAccount.ID);
var confirmationUrl = CommonLinkUtility.GetConfirmationUrl(tenantId, user.Email, ConfirmType.ProfileRemove, SecurityContext.CurrentAccount.ID, SecurityContext.CurrentAccount.ID);
static string greenButtonText() => CoreContext.Configuration.Personal ? WebstudioNotifyPatternResource.ButtonConfirmTermination : WebstudioNotifyPatternResource.ButtonRemoveProfile;