refactor(core): Remove roleId indirection (no-changelog) (#8413)
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
committed by
GitHub
GitHub
parent
1affebd85e
commit
d6deceacde
@@ -5,7 +5,6 @@ import { Container } from 'typedi';
|
||||
import { validate } from 'jsonschema';
|
||||
import * as Db from '@/Db';
|
||||
import config from '@/config';
|
||||
import type { Role } from '@db/entities/Role';
|
||||
import { User } from '@db/entities/User';
|
||||
import { AuthIdentity } from '@db/entities/AuthIdentity';
|
||||
import type { AuthProviderSyncHistory } from '@db/entities/AuthProviderSyncHistory';
|
||||
@@ -18,7 +17,6 @@ import {
|
||||
} from './constants';
|
||||
import type { ConnectionSecurity, LdapConfig } from './types';
|
||||
import { License } from '@/License';
|
||||
import { RoleService } from '@/services/role.service';
|
||||
import { UserRepository } from '@db/repositories/user.repository';
|
||||
import { AuthProviderSyncHistoryRepository } from '@db/repositories/authProviderSyncHistory.repository';
|
||||
import { AuthIdentityRepository } from '@db/repositories/authIdentity.repository';
|
||||
@@ -47,13 +45,6 @@ export const randomPassword = (): string => {
|
||||
return Math.random().toString(36).slice(-8);
|
||||
};
|
||||
|
||||
/**
|
||||
* Return the user role to be assigned to LDAP users
|
||||
*/
|
||||
export const getLdapUserRole = async (): Promise<Role> => {
|
||||
return await Container.get(RoleService).findGlobalMemberRole();
|
||||
};
|
||||
|
||||
/**
|
||||
* Validate the structure of the LDAP configuration schema
|
||||
*/
|
||||
@@ -102,7 +93,7 @@ export const getAuthIdentityByLdapId = async (
|
||||
idAttributeValue: string,
|
||||
): Promise<AuthIdentity | null> => {
|
||||
return await Container.get(AuthIdentityRepository).findOne({
|
||||
relations: ['user', 'user.globalRole'],
|
||||
relations: ['user'],
|
||||
where: {
|
||||
providerId: idAttributeValue,
|
||||
providerType: 'ldap',
|
||||
@@ -113,7 +104,6 @@ export const getAuthIdentityByLdapId = async (
|
||||
export const getUserByEmail = async (email: string): Promise<User | null> => {
|
||||
return await Container.get(UserRepository).findOne({
|
||||
where: { email },
|
||||
relations: ['globalRole'],
|
||||
});
|
||||
};
|
||||
|
||||
@@ -164,13 +154,13 @@ export const getLdapUsers = async (): Promise<User[]> => {
|
||||
export const mapLdapUserToDbUser = (
|
||||
ldapUser: LdapUser,
|
||||
ldapConfig: LdapConfig,
|
||||
role?: Role,
|
||||
toCreate = false,
|
||||
): [string, User] => {
|
||||
const user = new User();
|
||||
const [ldapId, data] = mapLdapAttributesToUser(ldapUser, ldapConfig);
|
||||
Object.assign(user, data);
|
||||
if (role) {
|
||||
user.globalRole = role;
|
||||
if (toCreate) {
|
||||
user.role = 'global:member';
|
||||
user.password = randomPassword();
|
||||
user.disabled = false;
|
||||
} else {
|
||||
@@ -270,10 +260,10 @@ export const createLdapAuthIdentity = async (user: User, ldapId: string) => {
|
||||
return await Container.get(AuthIdentityRepository).save(AuthIdentity.create(user, ldapId));
|
||||
};
|
||||
|
||||
export const createLdapUserOnLocalDb = async (role: Role, data: Partial<User>, ldapId: string) => {
|
||||
export const createLdapUserOnLocalDb = async (data: Partial<User>, ldapId: string) => {
|
||||
const user = await Container.get(UserRepository).save({
|
||||
password: randomPassword(),
|
||||
globalRole: role,
|
||||
role: 'global:member',
|
||||
...data,
|
||||
});
|
||||
await createLdapAuthIdentity(user, ldapId);
|
||||
|
||||
@@ -7,7 +7,6 @@ import { ApplicationError, jsonParse } from 'n8n-workflow';
|
||||
import { Cipher } from 'n8n-core';
|
||||
|
||||
import config from '@/config';
|
||||
import type { Role } from '@db/entities/Role';
|
||||
import type { User } from '@db/entities/User';
|
||||
import type { RunningMode, SyncStatus } from '@db/entities/AuthProviderSyncHistory';
|
||||
import { SettingsRepository } from '@db/repositories/settings.repository';
|
||||
@@ -30,7 +29,6 @@ import {
|
||||
escapeFilter,
|
||||
formatUrl,
|
||||
getLdapIds,
|
||||
getLdapUserRole,
|
||||
getLdapUsers,
|
||||
getMappingAttributes,
|
||||
mapLdapUserToDbUser,
|
||||
@@ -346,12 +344,9 @@ export class LdapService {
|
||||
|
||||
const localAdUsers = await getLdapIds();
|
||||
|
||||
const role = await getLdapUserRole();
|
||||
|
||||
const { usersToCreate, usersToUpdate, usersToDisable } = this.getUsersToProcess(
|
||||
adUsers,
|
||||
localAdUsers,
|
||||
role,
|
||||
);
|
||||
|
||||
this.logger.debug('LDAP - Users processed', {
|
||||
@@ -407,14 +402,13 @@ export class LdapService {
|
||||
private getUsersToProcess(
|
||||
adUsers: LdapUser[],
|
||||
localAdUsers: string[],
|
||||
role: Role,
|
||||
): {
|
||||
usersToCreate: Array<[string, User]>;
|
||||
usersToUpdate: Array<[string, User]>;
|
||||
usersToDisable: string[];
|
||||
} {
|
||||
return {
|
||||
usersToCreate: this.getUsersToCreate(adUsers, localAdUsers, role),
|
||||
usersToCreate: this.getUsersToCreate(adUsers, localAdUsers),
|
||||
usersToUpdate: this.getUsersToUpdate(adUsers, localAdUsers),
|
||||
usersToDisable: this.getUsersToDisable(adUsers, localAdUsers),
|
||||
};
|
||||
@@ -424,11 +418,10 @@ export class LdapService {
|
||||
private getUsersToCreate(
|
||||
remoteAdUsers: LdapUser[],
|
||||
localLdapIds: string[],
|
||||
role: Role,
|
||||
): Array<[string, User]> {
|
||||
return remoteAdUsers
|
||||
.filter((adUser) => !localLdapIds.includes(adUser[this.config.ldapIdAttribute] as string))
|
||||
.map((adUser) => mapLdapUserToDbUser(adUser, this.config, role));
|
||||
.map((adUser) => mapLdapUserToDbUser(adUser, this.config, true));
|
||||
}
|
||||
|
||||
/** Get users in LDAP that are already in the database */
|
||||
|
||||
Reference in New Issue
Block a user