mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(core): All calls to plainToInstance should exclude extraneous values (no-changelog) (#9338)

Browse Source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2024-05-08 15:49:41 +02:00
committed by GitHub
parent 9003c15811
commit 5025d209ca
6 changed files with 28 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/cli/src/controllers/me.controller.ts
View File

@@ -41,7 +41,7 @@ export class MeController {
@Patch('/')
async updateCurrentUser(req: MeRequest.UserUpdate, res: Response): Promise<PublicUser> {
const { id: userId, email: currentEmail } = req.user;
const payload = plainToInstance(UserUpdatePayload, req.body);
const payload = plainToInstance(UserUpdatePayload, req.body, { excludeExtraneousValues: true });
const { email } = payload;
if (!email) {
@@ -227,7 +227,9 @@ export class MeController {
*/
@Patch('/settings')
async updateCurrentUserSettings(req: MeRequest.UserSettingsUpdate): Promise<User['settings']> {
const payload = plainToInstance(UserSettingsUpdatePayload, req.body);
const payload = plainToInstance(UserSettingsUpdatePayload, req.body, {
excludeExtraneousValues: true,
});
const { id } = req.user;
await this.userService.updateSettings(id, payload);

8
packages/cli/src/controllers/users.controller.ts
View File

@@ -117,7 +117,9 @@ export class UsersController {
@Patch('/:id/settings')
@GlobalScope('user:update')
async updateUserSettings(req: UserRequest.UserSettingsUpdate) {
const payload = plainToInstance(UserSettingsUpdatePayload, req.body);
const payload = plainToInstance(UserSettingsUpdatePayload, req.body, {
excludeExtraneousValues: true,
});
const id = req.params.id;
@@ -293,7 +295,9 @@ export class UsersController {
const { NO_ADMIN_ON_OWNER, NO_USER, NO_OWNER_ON_OWNER } =
UsersController.ERROR_MESSAGES.CHANGE_ROLE;
const payload = plainToInstance(UserRoleChangePayload, req.body);
const payload = plainToInstance(UserRoleChangePayload, req.body, {
excludeExtraneousValues: true,
});
await validateEntity(payload);
const targetUser = await this.userRepository.findOne({

2
packages/cli/src/databases/entities/User.ts
View File

@@ -115,7 +115,7 @@ export class User extends WithTimestamps implements IUser {
@AfterLoad()
@AfterUpdate()
computeIsPending(): void {
this.isPending = this.password === null;
this.isPending = this.password === null && this.role !== 'global:owner';
}
/**

7
packages/cli/src/requests.ts
View File

@@ -10,6 +10,7 @@ import type {
IUser,
} from 'n8n-workflow';
import { Expose } from 'class-transformer';
import { IsBoolean, IsEmail, IsIn, IsOptional, IsString, Length } from 'class-validator';
import { NoXss } from '@db/utils/customValidators';
import type { PublicUser, SecretsProvider, SecretsProviderState } from '@/Interfaces';
@@ -20,14 +21,17 @@ import type { CredentialsEntity } from '@db/entities/CredentialsEntity';
import type { WorkflowHistory } from '@db/entities/WorkflowHistory';
export class UserUpdatePayload implements Pick<User, 'email' | 'firstName' | 'lastName'> {
@Expose()
@IsEmail()
email: string;
@Expose()
@NoXss()
@IsString({ message: 'First name must be of type string.' })
@Length(1, 32, { message: 'First name must be $constraint1 to $constraint2 characters long.' })
firstName: string;
@Expose()
@NoXss()
@IsString({ message: 'Last name must be of type string.' })
@Length(1, 32, { message: 'Last name must be $constraint1 to $constraint2 characters long.' })
@@ -35,16 +39,19 @@ export class UserUpdatePayload implements Pick<User, 'email' | 'firstName' | 'la
}
export class UserSettingsUpdatePayload {
@Expose()
@IsBoolean({ message: 'userActivated should be a boolean' })
@IsOptional()
userActivated: boolean;
@Expose()
@IsBoolean({ message: 'allowSSOManualLogin should be a boolean' })
@IsOptional()
allowSSOManualLogin?: boolean;
}
export class UserRoleChangePayload {
@Expose()
@IsIn(['global:admin', 'global:member'])
newRoleName: AssignableRole;
}