From 043aa171ca64bdd395894686ebd363d65dc82a4b Mon Sep 17 00:00:00 2001
From: Janis Hutz <development@janishutz.com>
Date: Fri, 1 Sep 2023 17:16:52 +0200
Subject: [PATCH] root login + admin account settings

---
 src/server/admin/adminRoutes.js               |  11 +-
 src/server/admin/api/postHandler.js           |  35 +++--
 src/server/admin/pwdmanager.js                |   2 +-
 src/server/backend/db/data/rootAccount.json   |   4 +
 .../main/src/views/admin/AdminLoginView.vue   |   2 +-
 .../main/src/views/admin/SettingsView.vue     | 120 ++++++++++++++----
 6 files changed, 136 insertions(+), 38 deletions(-)

diff --git a/src/server/admin/adminRoutes.js b/src/server/admin/adminRoutes.js
index 5e67174..4a4261a 100644
--- a/src/server/admin/adminRoutes.js
+++ b/src/server/admin/adminRoutes.js
@@ -9,6 +9,7 @@
 
 // const db = require( './db/db.js' );
 const pwdmanager = require( './pwdmanager.js' );
+const db = require( '../backend/db/db.js' );
 const auth = require( './2fa.js' );
 const twoFA = new auth();
 const path = require( 'path' );
@@ -44,7 +45,15 @@ module.exports = ( app, settings ) => {
                             let res = twoFA.registerEnhancedAuthentication();
                             let ipRetrieved = request.headers[ 'x-forwarded-for' ];
                             let ip = ipRetrieved ? ipRetrieved.split( /, / )[ 0 ] : request.connection.remoteAddress;
-                            mailManager.sendMail( request.body.mail, await twoFA.generateTwoFAMail( res.token, ip, settings.yourDomain, settings.name ), 'Verify admin account login', settings.mailSender );
+                            if ( request.body.mail === 'root' ) {
+                                db.getJSONDataSimple( 'rootAccount', 'email' ).then( email => {
+                                    ( async () => {
+                                        mailManager.sendMail( email, await twoFA.generateTwoFAMail( res.token, ip, settings.yourDomain, settings.name ), 'Verify admin account login', settings.mailSender );
+                                    } )();
+                                } );
+                            } else {
+                                mailManager.sendMail( request.body.mail, await twoFA.generateTwoFAMail( res.token, ip, settings.yourDomain, settings.name ), 'Verify admin account login', settings.mailSender );
+                            }
                             request.session.token = res.token;
                             response.send( { 'status': '2fa+', 'code': res.code } );
                         } )();
diff --git a/src/server/admin/api/postHandler.js b/src/server/admin/api/postHandler.js
index 52684d8..9857373 100644
--- a/src/server/admin/api/postHandler.js
+++ b/src/server/admin/api/postHandler.js
@@ -8,6 +8,7 @@
 */
 
 const db = require( '../../backend/db/db.js' );
+const pwdmanager = require( '../pwdmanager.js' );
 const fs = require( 'fs' );
 const path = require( 'path' );
 const pm = require( '../../backend/plugins/manager.js' );
@@ -113,17 +114,33 @@ class POSTHandler {
                     reject( { 'code': 500, 'error': error } );
                 } );
             } else if ( call === 'createAdminAccount' ) {
-                db.writeDataSimple( 'admin', 'email', data.email, data ).then( resp => {
-                    resolve( resp );
-                } ).catch( error => {
-                    reject( { 'code': 500, 'error': error } );
+                let dat = data;
+                pwdmanager.hashPassword( dat.pass ).then( hash => {
+                    dat[ 'pass' ] = hash;
+                    db.writeDataSimple( 'admin', 'email', data.email, dat ).then( resp => {
+                        resolve( resp );
+                    } ).catch( error => {
+                        reject( { 'code': 500, 'error': error } );
+                    } );
                 } );
             } else if ( call === 'updateAdminAccount' ) {
-                db.writeDataSimple( 'admin', 'email', data.email, data ).then( resp => {
-                    resolve( resp );
-                } ).catch( error => {
-                    reject( { 'code': 500, 'error': error } );
-                } );
+                if ( data.pass ) {
+                    let dat = data;
+                    pwdmanager.hashPassword( data.pass ).then( hash => {
+                        dat[ 'pass' ] = hash;
+                        db.writeDataSimple( 'admin', 'email', data.email, dat ).then( resp => {
+                            resolve( resp );
+                        } ).catch( error => {
+                            reject( { 'code': 500, 'error': error } );
+                        } );
+                    } );
+                } else {
+                    db.writeDataSimple( 'admin', 'email', data.email, data ).then( resp => {
+                        resolve( resp );
+                    } ).catch( error => {
+                        reject( { 'code': 500, 'error': error } );
+                    } );
+                }
             } else if ( call === 'deleteAdminAccount' ) {
                 db.deleteDataSimple( 'admin', 'email', data.email ).then( resp => {
                     resolve( resp );
diff --git a/src/server/admin/pwdmanager.js b/src/server/admin/pwdmanager.js
index 8193c89..5f8f9ae 100644
--- a/src/server/admin/pwdmanager.js
+++ b/src/server/admin/pwdmanager.js
@@ -23,7 +23,7 @@ module.exports.checkpassword = ( username, password ) => {
         if ( username === 'root' ) {
             db.getJSONData( 'rootAccount' ).then( account => {
                 bcrypt.compare( password, account.pass ).then( res => {
-                    resolve( { 'status': res, 'twoFA': true } );
+                    resolve( { 'status': res, 'twoFA': 'enhanced' } );
                 } );
             } );
         } else {
diff --git a/src/server/backend/db/data/rootAccount.json b/src/server/backend/db/data/rootAccount.json
index e69de29..6d5c77a 100644
--- a/src/server/backend/db/data/rootAccount.json
+++ b/src/server/backend/db/data/rootAccount.json
@@ -0,0 +1,4 @@
+{
+    "pass": "$2b$10$56u70OdMWo/Jv5lrqaNq8OV7TxTDOPGC9tP8Ea.1zhGluHYTzuTd.",
+    "email": "development@janishutz.com"
+}
\ No newline at end of file
diff --git a/src/webapp/main/src/views/admin/AdminLoginView.vue b/src/webapp/main/src/views/admin/AdminLoginView.vue
index 715a112..2b082a8 100644
--- a/src/webapp/main/src/views/admin/AdminLoginView.vue
+++ b/src/webapp/main/src/views/admin/AdminLoginView.vue
@@ -57,7 +57,7 @@
                             res.json().then( json => {
                                 if ( json.status === 'ok' ) {
                                     this.userStore.setAdminAuth( true );
-                                    this.$router.push( sessionStorage.getItem( 'redirect' ) ? sessionStorage.getItem( 'redirect' ) : '/account' );
+                                    this.$router.push( '/admin' );
                                     sessionStorage.removeItem( 'redirect' );
                                 } else if ( json.status === '2fa' ) {
                                     this.userStore.setAdmin2fa( true );
diff --git a/src/webapp/main/src/views/admin/SettingsView.vue b/src/webapp/main/src/views/admin/SettingsView.vue
index d1a7400..126ac63 100644
--- a/src/webapp/main/src/views/admin/SettingsView.vue
+++ b/src/webapp/main/src/views/admin/SettingsView.vue
@@ -35,7 +35,7 @@
             <p style="margin-bottom: 0;">Before setting or editing permissions here, please read the corresponding section of the documentation <a href="https://libreevent.janishutz.com/docs/admin-panel/settings/admin-accounts#permissions" target="_blank">here</a>.</p>
             <p style="margin-top: 0;">Usually, the permissions automatically set by the system on account creation should be appropriate. (TIP: Right click for more options)</p>
             <div v-if="Object.keys( adminAccounts ).length > 0" class="account-wrapper">
-                <div v-for="account in adminAccounts" class="account" @click="showAccountSettings( account.username );" title="Edit permissions of this account (right click for more options)" @contextmenu="( e ) => { e.preventDefault(); openRightClickMenu( account.username, e ); }">
+                <div v-for="account in adminAccounts" class="account" @click="showPasswordSettings( account.email );" title="Edit settings of this account (right click for more options)" @contextmenu="( e ) => { e.preventDefault(); openRightClickMenu( account.email, e ); }">
                     <div class="location-name">
                         <h3>{{ account.username }}</h3>
                         <p>{{ account.email }}</p>
@@ -155,7 +155,7 @@
         },
         methods: {
             showAccountSettings ( account ) {
-                this.currentPopup = 'account';
+                this.currentPopup = 'permissions';
                 this.$refs.popup.openPopup( 'Edit user permissions for ' + this.adminAccounts[ account ][ 'username' ], {
                     'pagesSettings': { 
                         'display': 'Modify pages', 
@@ -185,6 +185,20 @@
                         'value': false,
                         'type': 'toggle',
                     },
+                }
+            , 'settings' );
+            },
+            showPasswordSettings ( account ) {
+                this.currentlyOpenMenu = account;
+                this.currentPopup = 'account';
+                this.$refs.popup.openPopup( 'Edit user settings for ' + this.adminAccounts[ account ][ 'username' ], {
+                    'username': { 
+                        'display': 'Username', 
+                        'id': 'username', 
+                        'tooltip':'Change the username for this user.', 
+                        'value': this.adminAccounts[ account ][ 'username' ],
+                        'type': 'text',
+                    },
                     'pass': { 
                         'display': 'Password', 
                         'id': 'pass', 
@@ -192,8 +206,7 @@
                         'value': '',
                         'type': 'password',
                     },
-                }
-            , 'settings' );
+                }, 'settings' );
             },
             showPaymentSettings () {
                 this.currentPopup = 'payments';
@@ -252,9 +265,9 @@
                         'value': '',
                         'type': 'password',
                     },
-                    'twoFA': { 
+                    'two_fa': { 
                         'display': 'Two Factor Authentication',
-                        'id': 'twoFA',
+                        'id': 'two_fa',
                         'tooltip':'With this setting you may change the 2FA Authentication should work for this user. Enhanced requires the user to enter a code, simple solely to click a link', 
                         'value': 'enhanced',
                         'type': 'select',
@@ -278,22 +291,44 @@
             },
             executeCommand( command ) {
                 if ( command === 'openPermissions' ) {
+                    this.currentPopup = 'account';
                     this.showAccountSettings( this.currentlyOpenMenu );
                 } else if ( command === 'deleteUser' ) {
+                    this.currentPopup = 'deleteUser';
                     this.$refs.popup.openPopup( 'Do you really want to delete the user ' + this.currentlyOpenMenu + '?', {}, 'confirm' );
+                } else if ( command === 'updatePassword' ) {
+                    this.currentPopup = 'deleteUser';
+                    this.showPasswordSettings( this.currentlyOpenMenu );
                 }
             },
             handlePopupReturns( data ) {
                 console.log( data );
                 // TODO: Delete user
                 if ( data.status === 'cancel' ) {
-                    console.log( 'user canceled' );
                     return;
                 } else if ( data.status === 'settings' ) {
-                    console.log( this.currentPopup );
                     if ( this.currentPopup === 'account' ) { 
-                        console.log( 'settings processing' )
-                        // TODO: Call to server to create account, also add to admin accounts here
+                        if ( data.data.username != '' ) {
+                            let updatedData = data.data;
+                            if ( updatedData.pass == '' ) {
+                                delete updatedData[ 'pass' ];
+                            }
+                            updatedData[ 'email' ] = this.currentlyOpenMenu;
+                            let fetchOptions = {
+                                method: 'post',
+                                body: JSON.stringify( updatedData ),
+                                headers: {
+                                    'Content-Type': 'application/json',
+                                    'charset': 'utf-8'
+                                }
+                            };
+                            fetch( '/admin/API/updateAdminAccount', fetchOptions ).then( res => {
+                                if ( res.status === 200 ) {
+                                    this.$refs.notification.createNotification( 'Updated settings for admin account successfully', 5, 'ok', 'normal' );
+                                    this.loadAdminAccounts();
+                                }
+                            } );
+                        }
                     } else if ( this.currentPopup === 'payments' ) {
                         for ( let setting in data.data ) {
                             if ( !data.data[ setting ] ) {
@@ -316,14 +351,44 @@
                             }
                         } )
                     } else if ( this.currentPopup === 'createAccount' ) {
-
+                        let fetchOptions = {
+                            method: 'post',
+                            body: JSON.stringify( data.data ),
+                            headers: {
+                                'Content-Type': 'application/json',
+                                'charset': 'utf-8'
+                            }
+                        };
+                        fetch( '/admin/API/createAdminAccount', fetchOptions ).then( res => {
+                            if ( res.status === 200 ) {
+                                this.$refs.notification.createNotification( 'Created new admin account successfully', 5, 'ok', 'normal' );
+                                this.loadAdminAccounts();
+                            }
+                        } );
+                    }
+                } else if ( data.status === 'ok' ) {
+                    if ( this.currentPopup === 'deleteUser' ) {
+                        let fetchOptions = {
+                            method: 'post',
+                            body: JSON.stringify( {  } ),
+                            headers: {
+                                'Content-Type': 'application/json',
+                                'charset': 'utf-8'
+                            }
+                        };
+                        fetch( '/admin/API/deleteAdminAccount', fetchOptions ).then( res => {
+                            if ( res.status === 200 ) {
+                                this.$refs.notification.createNotification( 'Admin account deleted successfully', 5, 'ok', 'normal' );
+                                this.loadAdminAccounts();
+                            }
+                        } );
                     }
                 } else {
                     console.log( 'hi' );
                 }
             },
             openRightClickMenu( id, event ) {
-                this.$refs.rclk.openRightClickMenu( event, { 'permissions': { 'command': 'openPermissions', 'symbol': 'edit', 'display': 'Edit permissions' }, 'password': { 'command': 'updatePassword', 'symbol': 'password', 'display': 'Edit password' }, 'delete': { 'command': 'deleteUser', 'symbol': 'delete', 'display': 'Delete User' } } )
+                this.$refs.rclk.openRightClickMenu( event, { 'permissions': { 'command': 'openPermissions', 'symbol': 'edit', 'display': 'Edit permissions' }, 'password': { 'command': 'updatePassword', 'symbol': 'password', 'display': 'Edit account settings' }, 'delete': { 'command': 'deleteUser', 'symbol': 'delete', 'display': 'Delete User' } } )
                 this.currentlyOpenMenu = id;
             },
             loadData() {
@@ -338,6 +403,22 @@
                     }
                 } );
             },
+            loadAdminAccounts () {
+                fetch( '/admin/getAPI/getAdminAccounts' ).then( res => {
+                    if ( res.status === 200 ) {
+                        res.json().then( json => {
+                            if ( json.status === 'ok' ) {
+                                this.adminAccounts = {};
+                                for ( let account in json.data ) {
+                                    this.adminAccounts[ json.data[ account ][ 'email' ] ] = json.data[ account ];
+                                }
+                            } else {
+                                this.adminAccounts = {};
+                            }
+                        } );
+                    }
+                } );
+            },
             save() {
                 let fetchOptions = {
                     method: 'post',
@@ -362,20 +443,7 @@
         },
         created () {
             this.loadData();
-            fetch( '/admin/getAPI/getAdminAccounts' ).then( res => {
-                if ( res.status === 200 ) {
-                    res.json().then( json => {
-                        console.log( json );
-                        if ( json.status === 'ok' ) {
-                            for ( let account in json.data ) {
-                                this.adminAccounts[ json.data[ account ][ 'username' ] ] = json.data[ account ];
-                            }
-                        } else {
-                            this.adminAccounts = {};
-                        }
-                    } );
-                }
-            } );
+            this.loadAdminAccounts();
         }
     };
     // TODO: Load gateways and settings for gateways from server.