MWS authentication (#8596)

* mws authentication * add more tests and permission checkers * add logic to ensure that only authenticated users' requests are handled * add custom login page * Implement user authentication as well as session handling * work on user operations authorization * add middleware to route handlers for bags & tiddlers routes * add feature that only returns the tiddlers and bags which the user has permission to access on index page * refactor auth routes & added user management page * fix Ci Test failure issue * fix users list page, add manage roles page * add commands and scripts to create new user & assign roles and permissions * resolved ci-test failure * add ACL permissions to bags & tiddlers on creation * fix comments and access control list bug * fix indentation issues * working on user profile edit * remove list users command & added support for database in server options * implement user profile update and password change feature * update plugin readme * implement command which triggers protected mode on the server * revert server-wide auth flag. Implement selective authorization * ACL management feature * Complete Access control list implementation * Added support to manage users' assigned role by admin * fix comments * fix comment
2026-05-02 10:06:55 +00:00 · 2024-10-30 18:59:44 +01:00
parent 5d6ddaee7e
commit 6a7612ddf8
64 changed files with 3966 additions and 307 deletions
--- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/update-user-profile.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/update-user-profile.js
@@ -0,0 +1,47 @@
+/*\
+title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/update-profile.js
+type: application/javascript
+module-type: mws-route
+
+POST /update-user-profile
+
+\*/
+(function () {
+
+/*jslint node: true, browser: true */
+/*global $tw: false */
+"use strict";
+
+exports.method = "POST";
+
+exports.path = /^\/update-user-profile\/?$/;
+
+exports.bodyFormat = "www-form-urlencoded";
+
+exports.csrfDisable = true;
+
+exports.handler = function (request,response,state) {
+  if(!state.authenticatedUser) {
+    response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
+    response.end("Unauthorized");
+    return;
+  }
+
+  var userId = state.authenticatedUser.user_id;
+  var username = state.data.username;
+  var email = state.data.email;
+  var roleId = state.data.role;
+
+  var result = state.server.sqlTiddlerDatabase.updateUser(userId, username, email, roleId);
+
+  if(result.success) {
+    response.setHeader("Set-Cookie", "flashMessage="+result.message+"; Path=/; HttpOnly; Max-Age=5");
+    response.writeHead(302, { "Location": "/admin/users/" + userId });
+  } else {
+    response.setHeader("Set-Cookie", "flashMessage="+result.message+"; Path=/; HttpOnly; Max-Age=5");
+    response.writeHead(302, { "Location": "/admin/users/" + userId });
+  }
+  response.end();
+};
+
+}());