[trafficcontrol] branch master updated: User registration and password reset are broken due to the last_authenticated value being null (#6458)

Tue, 11 Jan 2022 15:40:21 -0800 

This is an automated email from the ASF dual-hosted git repository.

ocket8888 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git


The following commit(s) were added to refs/heads/master by this push:
     new 7fef9d6  User registration and password reset are broken due to the 
last_authenticated value being null (#6458)
7fef9d6 is described below

commit 7fef9d662e2e2ae3eddc0082391133e2be8c625e
Author: Srijeet Chatterjee <[email protected]>
AuthorDate: Tue Jan 11 16:40:04 2022 -0700

    User registration and password reset are broken due to the 
last_authenticated value being null (#6458)
    
    * Add migrations and other modifications
    
    * changelog entry
    
    * add new line at the end of migration
    
    * fix the way TP updates users
    
    * fix unit tests
    
    * revert:fix unit tests
    
    * code review
    
    * code review changes
---
 CHANGELOG.md                                       |  1 +
 ...5281600_remove_null_last_authenticated.down.sql | 16 ++++++++++++
 ...715281600_remove_null_last_authenticated.up.sql | 20 +++++++++++++++
 traffic_ops/traffic_ops_golang/login/login.go      | 13 ++++++++++
 traffic_portal/app/src/common/api/UserService.js   | 30 +++++++++++++++++-----
 .../app/src/modules/private/user/UserController.js |  3 +++
 6 files changed, 76 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0c18878..679deaa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -36,6 +36,7 @@ The format is based on [Keep a 
Changelog](http://keepachangelog.com/en/1.0.0/).
 - [#6175](https://github.com/apache/trafficcontrol/issues/6175) - POST request 
to /api/4.0/phys_locations accepts mismatch values for regionName.
 - Fixed Traffic Monitor parsing stats_over_http output so that multiple stats 
for the same underlying delivery service (when the delivery service has more 
than 1 regex) are properly summed together. This makes the resulting data more 
accurate in addition to fixing the "new stat is lower than last stat" warnings.
 - Traffic Ops: Sanitize username before executing LDAP query
+- [#6457](https://github.com/apache/trafficcontrol/issues/6457) - Fix broken 
user registration and password reset, due to the last_authenticated value being 
null.
 - [#6367](https://github.com/apache/trafficcontrol/issues/6367) - Fix PUT 
`user/current` to work with v4 User Roles and Permissions
 - [#6266](https://github.com/apache/trafficcontrol/issues/6266) - Removed 
postgresql13-devel requirement for traffic_ops
 - [#6446](https://github.com/apache/trafficcontrol/issues/6446) - Revert 
Traffic Router rollover file pattern to the one previously used in 
`log4j.properties` with Log4j 1.2
diff --git 
a/traffic_ops/app/db/migrations/2022010715281600_remove_null_last_authenticated.down.sql
 
b/traffic_ops/app/db/migrations/2022010715281600_remove_null_last_authenticated.down.sql
new file mode 100644
index 0000000..084106c
--- /dev/null
+++ 
b/traffic_ops/app/db/migrations/2022010715281600_remove_null_last_authenticated.down.sql
@@ -0,0 +1,16 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations 
under
+ * the License.
+ */
diff --git 
a/traffic_ops/app/db/migrations/2022010715281600_remove_null_last_authenticated.up.sql
 
b/traffic_ops/app/db/migrations/2022010715281600_remove_null_last_authenticated.up.sql
new file mode 100644
index 0000000..651c9f5
--- /dev/null
+++ 
b/traffic_ops/app/db/migrations/2022010715281600_remove_null_last_authenticated.up.sql
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations 
under
+ * the License.
+ */
+
+UPDATE public.tm_user
+SET last_authenticated = now()
+WHERE last_authenticated IS NULL;
diff --git a/traffic_ops/traffic_ops_golang/login/login.go 
b/traffic_ops/traffic_ops_golang/login/login.go
index 0f31a35..f4507d7 100644
--- a/traffic_ops/traffic_ops_golang/login/login.go
+++ b/traffic_ops/traffic_ops_golang/login/login.go
@@ -232,6 +232,13 @@ func TokenLoginHandler(db *sqlx.DB, cfg config.Config) 
http.HandlerFunc {
                        return
                }
 
+               _, dbErr := db.Exec(UpdateLoginTimeQuery, username)
+               if dbErr != nil {
+                       dbErr = fmt.Errorf("unable to update authentication 
time for user '%s': %w", username, dbErr)
+                       api.HandleErr(w, r, nil, 
http.StatusInternalServerError, nil, dbErr)
+                       return
+               }
+
                w.Header().Set(rfc.ContentType, rfc.ApplicationJSON)
                api.WriteAndLogErr(w, r, append(respBts, '\n'))
 
@@ -372,6 +379,12 @@ func OauthLoginHandler(db *sqlx.DB, cfg config.Config) 
http.HandlerFunc {
                }
 
                if userAllowed && authenticated {
+                       _, dbErr := db.Exec(UpdateLoginTimeQuery, form.Username)
+                       if dbErr != nil {
+                               dbErr = fmt.Errorf("unable to update 
authentication time for user '%s': %w", form.Username, dbErr)
+                               api.HandleErr(w, r, nil, 
http.StatusInternalServerError, nil, dbErr)
+                               return
+                       }
                        httpCookie := tocookie.GetCookie(userId, 
defaultCookieDuration, cfg.Secrets[0])
                        http.SetCookie(w, httpCookie)
                        resp = struct {
diff --git a/traffic_portal/app/src/common/api/UserService.js 
b/traffic_portal/app/src/common/api/UserService.js
index 11195af..4e7fe31 100644
--- a/traffic_portal/app/src/common/api/UserService.js
+++ b/traffic_portal/app/src/common/api/UserService.js
@@ -82,14 +82,12 @@ var UserService = function($http, locationUtils, userModel, 
messageModel, ENV) {
         );
     };
 
-    // todo: change to use query param when it is supported
-    this.updateUser = function(user) {
-        return $http.put(ENV.api.unstable + "users/" + user.id, user).then(
+    this.updateCurrentUser = function(user) {
+        // We should be using PUT 'user/current' to update the current user
+        const currUser = { user };
+        return $http.put(ENV.api.unstable + 'user/current', currUser).then(
             function(result) {
-                if (userModel.user.id === user.id) {
-                    // if you are updating the currently logged in user...
-                    userModel.setUser(user);
-                }
+                userModel.setUser(user);
                 messageModel.setMessages(result.data.alerts, false);
                 return result;
             },
@@ -100,6 +98,24 @@ var UserService = function($http, locationUtils, userModel, 
messageModel, ENV) {
         );
     };
 
+    // todo: change to use query param when it is supported
+    this.updateUser = function(user) {
+        if (userModel.user.id === user.id) {
+            return this.updateCurrentUser(user);
+        } else {
+            return $http.put(ENV.api.unstable + "users/" + user.id, user).then(
+                function(result) {
+                    messageModel.setMessages(result.data.alerts, false);
+                    return result;
+                },
+                function(err) {
+                    messageModel.setMessages(err.data.alerts, false);
+                    throw err;
+                }
+            );
+        }
+    };
+
     this.registerUser = function(registration) {
         return $http.post(ENV.api.unstable + "users/register", 
registration).then(
             function(result) {
diff --git a/traffic_portal/app/src/modules/private/user/UserController.js 
b/traffic_portal/app/src/modules/private/user/UserController.js
index e4d29d3..f8afd5d 100644
--- a/traffic_portal/app/src/modules/private/user/UserController.js
+++ b/traffic_portal/app/src/modules/private/user/UserController.js
@@ -51,6 +51,9 @@ var UserController = function($scope, $state, $location, 
$uibModal, formUtils, l
     $scope.user = userModel.user;
 
     $scope.confirmSave = function(user, usernameField) {
+        if (usernameField === undefined) {
+            usernameField = user.username;
+        }
         if (usernameField.$dirty) {
             var params = {
                 title: 'Reauthentication Required',

Reply via email to