From 803d94df4f48da8451b5504e352892bcab35133a Mon Sep 17 00:00:00 2001 From: "Brett R. Toomey" Date: Thu, 6 Jul 2017 13:48:12 +0200 Subject: [PATCH] Bugfixes to admin panel --- .../Controllers/BackendUsersController.swift | 25 +++++++++++-------- .../Controllers/LoginController.swift | 3 ++- .../Models/BackendUsers/BackendUser.swift | 3 +++ .../Middlewares/ProtectMiddleware.swift | 2 ++ Sources/AdminPanel/Support/Provider.swift | 13 +++++----- 5 files changed, 28 insertions(+), 18 deletions(-) diff --git a/Sources/AdminPanel/Controllers/BackendUsersController.swift b/Sources/AdminPanel/Controllers/BackendUsersController.swift index 3363969..43f714e 100644 --- a/Sources/AdminPanel/Controllers/BackendUsersController.swift +++ b/Sources/AdminPanel/Controllers/BackendUsersController.swift @@ -120,12 +120,16 @@ public final class BackendUsersController { let fieldset = try request.storage["_fieldset"] as? Node ?? BackendUserForm.emptyUser.makeNode(in: nil) - return try drop.view.make("BackendUsers/edit", [ - "fieldset": fieldset, - "backendUser": try user.makeNode(in: nil), - "roles": Configuration.shared?.getRoleOptions(request.authedBackendUser().role).makeNode(in: nil) ?? [:], - "defaultRole": (Configuration.shared?.defaultRole ?? "user").makeNode(in: nil) - ], for: request) + return try drop.view.make( + "BackendUsers/edit", + [ + "fieldset": fieldset, + "backendUser": try user.makeNode(in: nil), + "roles": Configuration.shared?.getRoleOptions(request.authedBackendUser().role).makeNode(in: nil) ?? [:], + "defaultRole": (Configuration.shared?.defaultRole ?? "user").makeNode(in: nil) + ], + for: request + ) } /** @@ -136,7 +140,8 @@ public final class BackendUsersController { * - return: View */ public func update(request: Request) throws -> ResponseRepresentable { - guard let id = request.data["id"]?.int, let backendUser = try BackendUser.makeQuery().filter("id", id).first() else { + let backendUser = try request.parameters.next(BackendUser.self) + guard let id = try backendUser.assertExists().string else { throw Abort.notFound } @@ -149,7 +154,7 @@ public final class BackendUsersController { // Validate let (backendUserForm, hasErrors) = BackendUserForm.validating(request.data) if hasErrors { - let response = Response(redirect: "/admin/backend_users/edit/" + String(id)).flash(.error, "Validation error") + let response = Response(redirect: "/admin/backend_users/edit/" + id).flash(.error, "Validation error") let fieldset = try backendUserForm.makeNode(in: nil) response.storage["_fieldset"] = fieldset return response @@ -162,11 +167,11 @@ public final class BackendUsersController { if Gate.allow(request, "admin") { return Response(redirect: "/admin/backend_users").flash(.success, "User updated") } else { - return Response(redirect: "/admin/backend_users/edit/" + String(id)).flash(.success, "User updated") + return Response(redirect: "/admin/backend_users/edit/" + id).flash(.success, "User updated") } } catch { - return Response(redirect: "/admin/backend_users/edit/" + String(id)).flash(.error, "Failed to update user") + return Response(redirect: "/admin/backend_users/edit/" + id).flash(.error, "Failed to update user") } } diff --git a/Sources/AdminPanel/Controllers/LoginController.swift b/Sources/AdminPanel/Controllers/LoginController.swift index 17ff001..82a479f 100644 --- a/Sources/AdminPanel/Controllers/LoginController.swift +++ b/Sources/AdminPanel/Controllers/LoginController.swift @@ -189,7 +189,8 @@ public final class LoginController { do { // TODO REMEMBER //let remember: Bool = request.data["remember"]?.bool ?? false - try request.auth.authenticate(BackendUser(credentials: Password(username: username, password: password))) + let user = try BackendUser.authenticate(Password(username: username, password: password)) + request.auth.authenticate(user) // Generate redirect path var redirect = "/admin/dashboard" diff --git a/Sources/AdminPanel/Models/BackendUsers/BackendUser.swift b/Sources/AdminPanel/Models/BackendUsers/BackendUser.swift index f6dd26e..64b6098 100644 --- a/Sources/AdminPanel/Models/BackendUsers/BackendUser.swift +++ b/Sources/AdminPanel/Models/BackendUsers/BackendUser.swift @@ -118,6 +118,7 @@ public final class BackendUser: Model, Timestampable, NodeConvertible, Preparati public func makeNode(in context: Context?) throws -> Node { return try Node(node: [ + "id": id, "name": name, "email": email, "password": password, @@ -202,3 +203,5 @@ extension BackendUser: PasswordAuthenticatable { } } + +extension BackendUser: SessionPersistable {} diff --git a/Sources/AdminPanel/Support/Middlewares/ProtectMiddleware.swift b/Sources/AdminPanel/Support/Middlewares/ProtectMiddleware.swift index ab17cde..d16a306 100644 --- a/Sources/AdminPanel/Support/Middlewares/ProtectMiddleware.swift +++ b/Sources/AdminPanel/Support/Middlewares/ProtectMiddleware.swift @@ -38,6 +38,8 @@ class ProtectMiddleware: Middleware { } try request.storage["authedBackendUser"] = backendUser.toBackendView() + } else { + return Response(redirect: "/admin/login?next=" + request.uri.path).flash(.error, "Session expired login again") } } catch { // If local & config is true & first backend user diff --git a/Sources/AdminPanel/Support/Provider.swift b/Sources/AdminPanel/Support/Provider.swift index b0aba0c..8005c60 100644 --- a/Sources/AdminPanel/Support/Provider.swift +++ b/Sources/AdminPanel/Support/Provider.swift @@ -5,11 +5,11 @@ import AuthProvider import HTTP import Sugar import LeafProvider +import Sessions public final class Provider: Vapor.Provider { public static var repositoryName: String = "AdminPanel" - var config: Configuration var ssoProvider: SSOProtocol? @@ -35,7 +35,7 @@ public final class Provider: Vapor.Provider { droplet.storage["adminPanelConfig"] = config Configuration.shared = config - + droplet.config.preparations.append(BackendUserResetPasswordTokens.self) droplet.config.preparations.append(BackendUser.self) @@ -43,13 +43,13 @@ public final class Provider: Vapor.Provider { // Init middlewares let middlewares: [Middleware] = [ - PasswordAuthenticationMiddleware(BackendUser.self), FlashMiddleware(), + PersistMiddleware(BackendUser.self), ConfigPublishMiddleware(config: config), FieldsetMiddleware() ] - var protectedMiddlewares: [Middleware] = middlewares + var protectedMiddlewares = middlewares protectedMiddlewares.append(ProtectMiddleware(droplet: droplet)) // Apply @@ -57,15 +57,14 @@ public final class Provider: Vapor.Provider { Middlewares.secured = protectedMiddlewares if(config.loadRoutes) { - let unsecured = droplet.grouped(Middlewares.unsecured) - try unsecured.grouped("/").collection(LoginRoutes(droplet: droplet, config: config)) + try unsecured.collection(LoginRoutes(droplet: droplet, config: config)) let secured = droplet.grouped(Middlewares.secured) if config.loadDashboardRoute { try secured.grouped("/admin/dashboard").collection(DashboardRoutes(droplet: droplet)) } - try secured.grouped("/admin/backend_users").collection(BackendUsersRoutes(droplet: droplet)) + try secured.grouped("/admin/backend_users/").collection(BackendUsersRoutes(droplet: droplet)) } }