set password WIP

2025-03-01 14:22:32 +01:00 · 2021-12-29 23:19:05 +01:00 · 2021-12-29 23:19:05 +01:00 · 4e31af8c84
commit 4e31af8c84
parent 7e48d214ca
8 changed files with 101 additions and 17 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "trilium",
-  "version": "0.48.8",
+  "version": "0.49.1-beta",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "trilium",
-      "version": "0.48.8",
+      "version": "0.49.1-beta",
      "license": "AGPL-3.0-only",
      "dependencies": {
        "@electron/remote": "2.0.1",
--- a/src/public/app/dialogs/options/credentials.js
+++ b/src/public/app/dialogs/options/credentials.js
@ -3,10 +3,6 @@ import protectedSessionHolder from "../../services/protected_session_holder.js";
 import toastService from "../../services/toast.js";

 const TPL = `
-<h3>Username</h3>
-
-<p>Your username is <strong id="credentials-username"></strong>.</p>
-
 <h3>Change password</h3>

 <div class="alert alert-warning" role="alert" style="font-weight: bold; color: red !important;">
@ -36,7 +32,6 @@ export default class ChangePasswordOptions {
    constructor() {
        $("#options-credentials").html(TPL);

-        this.$username = $("#credentials-username");
        this.$form = $("#change-password-form");
        this.$oldPassword = $("#old-password");
        this.$newPassword1 = $("#new-password1");
@ -46,7 +41,6 @@ export default class ChangePasswordOptions {
    }

    optionsLoaded(options) {
-        this.$username.text(options.username);
    }

    save() {
--- a/src/routes/login.js
+++ b/src/routes/login.js
@ -9,6 +9,10 @@ function loginPage(req, res) {
    res.render('login', { failedAuth: false });
 }

+function setPasswordPage(req, res) {
+    res.render('set_password', { failed: false });
+}
+
 function login(req, res) {
    const userName = optionService.getOption('username');

@ -55,6 +59,7 @@ function logout(req, res) {

 module.exports = {
    loginPage,
+    setPasswordPage,
    login,
    logout
 };
--- a/src/routes/routes.js
+++ b/src/routes/routes.js
@ -182,7 +182,8 @@ const uploadMiddleware = multer.single('upload');

 function register(app) {
    route(GET, '/', [auth.checkAuth, csrfMiddleware], indexRoute.index);
-    route(GET, '/login', [auth.checkAppInitialized], loginRoute.loginPage);
+    route(GET, '/login', [auth.checkAppInitialized, auth.checkPasswordSet], loginRoute.loginPage);
+    route(GET, '/set_password', [auth.checkAppInitialized], loginRoute.setPasswordPage);

    const loginRateLimiter = rateLimit({
        windowMs: 15 * 60 * 1000, // 15 minutes
--- a/src/services/auth.js
+++ b/src/services/auth.js
@ -15,7 +15,11 @@ function checkAuth(req, res, next) {
        res.redirect("setup");
    }
    else if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
-        res.redirect("login");
+        if (sqlInit.isPasswordSet()) {
+            res.redirect("login");
+        } else {
+            res.redirect("set_password");
+        }
    }
    else {
        next();
@ -51,6 +55,14 @@ function checkAppInitialized(req, res, next) {
    }
 }

+function checkPasswordSet(req, res, next) {
+    if (!utils.isElectron() && !sqlInit.isPasswordSet()) {
+        res.redirect("set_password");
+    } else {
+        next();
+    }
+}
+
 function checkAppNotInitialized(req, res, next) {
    if (sqlInit.isDbInitialized()) {
        reject(req, res, "App already initialized.");
@ -101,6 +113,7 @@ module.exports = {
    checkAuth,
    checkApiAuth,
    checkAppInitialized,
+    checkPasswordSet,
    checkAppNotInitialized,
    checkApiAuthOrElectron,
    checkToken,
--- a/src/services/sql.js
+++ b/src/services/sql.js
@ -14,6 +14,8 @@ const cls = require('./cls');
 const dbConnection = new Database(dataDir.DOCUMENT_PATH);
 dbConnection.pragma('journal_mode = WAL');

+const LOG_ALL_QUERIES = false;
+
 [`exit`, `SIGINT`, `SIGUSR1`, `SIGUSR2`, `SIGTERM`].forEach(eventType => {
    process.on(eventType, () => {
        if (dbConnection) {
@ -135,6 +137,10 @@ function getRawRows(query, params = []) {
 }

 function iterateRows(query, params = []) {
+    if (LOG_ALL_QUERIES) {
+        console.log(query);
+    }
+
    return stmt(query).iterate(params);
 }

@ -157,11 +163,11 @@ function execute(query, params = []) {
    return wrap(query, s => s.run(params));
 }

-function executeWithoutTransaction(query, params = []) {
-    dbConnection.run(query, params);
-}
-
 function executeMany(query, params) {
+    if (LOG_ALL_QUERIES) {
+        console.log(query);
+    }
+
    while (params.length > 0) {
        const curParams = params.slice(0, Math.min(params.length, PARAM_LIMIT));
        params = params.slice(curParams.length);
@ -182,6 +188,10 @@ function executeMany(query, params) {
 }

 function executeScript(query) {
+    if (LOG_ALL_QUERIES) {
+        console.log(query);
+    }
+
    return dbConnection.exec(query);
 }

@ -189,6 +199,10 @@ function wrap(query, func) {
    const startTimestamp = Date.now();
    let result;

+    if (LOG_ALL_QUERIES) {
+        console.log(query);
+    }
+
    try {
        result = func(stmt(query));
    }
@ -331,7 +345,6 @@ module.exports = {
     * @param {object[]} [params] - array of params if needed
     */
    execute,
-    executeWithoutTransaction,
    executeMany,
    executeScript,
    transactional,
--- a/src/services/sql_init.js
+++ b/src/services/sql_init.js
@ -30,6 +30,14 @@ function isDbInitialized() {
    return initialized === 'true';
 }

+function isPasswordSet() {
+    const value = sql.getValue("SELECT value FROM options WHERE name = 'passwordVerificationHash'");
+
+    console.log("AAAAAAAAAAAAEEEEEEEEE", value);
+
+    return !!value;
+}
+
 async function initDbConnection() {
    if (!isDbInitialized()) {
        log.info(`DB not initialized, please visit setup page` +
@ -169,8 +177,8 @@ module.exports = {
    dbReady,
    schemaExists,
    isDbInitialized,
-    initDbConnection,
    createInitialDatabase,
    createDatabaseForSync,
-    setDbAsInitialized
+    setDbAsInitialized,
+    isPasswordSet
 };
--- a/src/views/set_password.ejs
+++ b/src/views/set_password.ejs
@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+    <title>Login</title>
+    <link rel="apple-touch-icon" sizes="180x180" href="images/app-icons/ios/apple-touch-icon.png">
+    <link rel="shortcut icon" href="favicon.ico">
+</head>
+<body>
+<div class="container">
+    <div class="col-xs-12 col-sm-10 col-md-6 col-lg-4 col-xl-4 mx-auto" style="padding-top: 25px;">
+        <h1>Set password</h1>
+
+        <% if (failed) { %>
+            <div class="alert alert-warning">
+                Err
+            </div>
+        <% } %>
+
+        <p>Before you can start using Trilium from web, you need to set a password first. You will then use this password to login.</p>
+
+        <form action="login" method="POST">
+            <div class="form-group">
+                <label for="password">Password</label>
+                <div class="controls">
+                    <input id="password" name="password1" placeholder="" class="form-control" type="password">
+                </div>
+            </div>
+            <div class="form-group">
+                <label for="password">Password confirmation</label>
+                <div class="controls">
+                    <input id="password" name="password2" placeholder="" class="form-control" type="password">
+                </div>
+            </div>
+            <div class="form-group">
+                <button class="btn btn-success">Set password</button>
+            </div>
+        </form>
+    </div>
+</div>
+
+<script>
+    // Required for correct loading of scripts in Electron
+    if (typeof module === 'object') {window.module = module; module = undefined;}
+</script>
+
+<link href="libraries/bootstrap/css/bootstrap.min.css" rel="stylesheet">
+</body>
+</html>