mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-25 04:34:06 -08:00
🚀 Release 0.216.1 (#5531)
* 🚀 Release 0.216.1 * fix(core): Do not allow arbitrary path traversal in the credential-translation endpoint (#5522) * fix(core): Do not allow arbitrary path traversal in BinaryDataManager (#5523) * fix(core): User update endpoint should only allow updating email, firstName, and lastName (#5526) * fix(core): Do not explicitly bypass auth on urls containing `.svg` (#5525) * 📚 Update CHANGELOG.md --------- Co-authored-by: janober <janober@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <netroy@users.noreply.github.com> Co-authored-by: Jan Oberhauser <jan.oberhauser@gmail.com>
This commit is contained in:
parent
fe782c8f6a
commit
7400c35a48
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -1,3 +1,15 @@
|
|||
## [0.216.1](https://github.com/n8n-io/n8n/compare/n8n@0.216.0...n8n@0.216.1) (2023-02-21)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **core:** Do not allow arbitrary path traversal in BinaryDataManager ([#5523](https://github.com/n8n-io/n8n/issues/5523)) ([40b9784](https://github.com/n8n-io/n8n/commit/40b97846483fe7c58229c156acb66f43a5a79dc3))
|
||||
* **core:** Do not allow arbitrary path traversal in the credential-translation endpoint ([#5522](https://github.com/n8n-io/n8n/issues/5522)) ([fb07d77](https://github.com/n8n-io/n8n/commit/fb07d77106bb4933758c63bbfb87f591bf4a27dd))
|
||||
* **core:** Do not explicitly bypass auth on urls containing `.svg` ([#5525](https://github.com/n8n-io/n8n/issues/5525)) ([27adea7](https://github.com/n8n-io/n8n/commit/27adea70459329fc0dddabee69e10c9d1453835f))
|
||||
* **core:** User update endpoint should only allow updating email, firstName, and lastName ([#5526](https://github.com/n8n-io/n8n/issues/5526)) ([5599221](https://github.com/n8n-io/n8n/commit/5599221007cb09cb81f0623874fafc6cd481384c))
|
||||
|
||||
|
||||
|
||||
# [0.216.0](https://github.com/n8n-io/n8n/compare/n8n@0.215.2...n8n@0.216.0) (2023-02-16)
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "n8n",
|
||||
"version": "0.216.0",
|
||||
"version": "0.216.1",
|
||||
"private": true,
|
||||
"homepage": "https://n8n.io",
|
||||
"engines": {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "n8n",
|
||||
"version": "0.216.0",
|
||||
"version": "0.216.1",
|
||||
"description": "n8n Workflow Automation Tool",
|
||||
"license": "SEE LICENSE IN LICENSE.md",
|
||||
"homepage": "https://n8n.io",
|
||||
|
@ -127,6 +127,7 @@
|
|||
"callsites": "^3.1.0",
|
||||
"change-case": "^4.1.1",
|
||||
"class-validator": "^0.14.0",
|
||||
"class-transformer": "^0.5.1",
|
||||
"client-oauth2": "^4.2.5",
|
||||
"compression": "^1.7.4",
|
||||
"connect-history-api-fallback": "^1.6.0",
|
||||
|
|
|
@ -22,6 +22,7 @@ import type { WorkflowEntity } from '@db/entities/WorkflowEntity';
|
|||
import type { CredentialsEntity } from '@db/entities/CredentialsEntity';
|
||||
import type { TagEntity } from '@db/entities/TagEntity';
|
||||
import type { User } from '@db/entities/User';
|
||||
import type { UserUpdatePayload } from '@/requests';
|
||||
|
||||
/**
|
||||
* Returns the base URL n8n is reachable from
|
||||
|
@ -99,7 +100,7 @@ export async function generateUniqueName(
|
|||
}
|
||||
|
||||
export async function validateEntity(
|
||||
entity: WorkflowEntity | CredentialsEntity | TagEntity | User,
|
||||
entity: WorkflowEntity | CredentialsEntity | TagEntity | User | UserUpdatePayload,
|
||||
): Promise<void> {
|
||||
const errors = await validate(entity);
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ import {
|
|||
LoadNodeParameterOptions,
|
||||
LoadNodeListSearch,
|
||||
UserSettings,
|
||||
FileNotFoundError,
|
||||
} from 'n8n-core';
|
||||
|
||||
import type {
|
||||
|
@ -55,7 +56,6 @@ import history from 'connect-history-api-fallback';
|
|||
import config from '@/config';
|
||||
import * as Queue from '@/Queue';
|
||||
import { InternalHooksManager } from '@/InternalHooksManager';
|
||||
import { getCredentialTranslationPath } from '@/TranslationHelpers';
|
||||
import { getSharedWorkflowIds } from '@/WorkflowHelpers';
|
||||
|
||||
import { nodesController } from '@/api/nodes.api';
|
||||
|
@ -86,6 +86,7 @@ import {
|
|||
MeController,
|
||||
OwnerController,
|
||||
PasswordResetController,
|
||||
TranslationController,
|
||||
UsersController,
|
||||
} from '@/controllers';
|
||||
|
||||
|
@ -347,6 +348,7 @@ class Server extends AbstractServer {
|
|||
new OwnerController({ config, internalHooks, repositories, logger }),
|
||||
new MeController({ externalHooks, internalHooks, repositories, logger }),
|
||||
new PasswordResetController({ config, externalHooks, internalHooks, repositories, logger }),
|
||||
new TranslationController(config, this.credentialTypes),
|
||||
new UsersController({
|
||||
config,
|
||||
mailer,
|
||||
|
@ -585,48 +587,6 @@ class Server extends AbstractServer {
|
|||
),
|
||||
);
|
||||
|
||||
this.app.get(
|
||||
`/${this.restEndpoint}/credential-translation`,
|
||||
ResponseHelper.send(
|
||||
async (
|
||||
req: express.Request & { query: { credentialType: string } },
|
||||
res: express.Response,
|
||||
): Promise<object | null> => {
|
||||
const translationPath = getCredentialTranslationPath({
|
||||
locale: this.frontendSettings.defaultLocale,
|
||||
credentialType: req.query.credentialType,
|
||||
});
|
||||
|
||||
try {
|
||||
return require(translationPath);
|
||||
} catch (error) {
|
||||
return null;
|
||||
}
|
||||
},
|
||||
),
|
||||
);
|
||||
|
||||
// Returns node information based on node names and versions
|
||||
const headersPath = pathJoin(NODES_BASE_DIR, 'dist', 'nodes', 'headers');
|
||||
this.app.get(
|
||||
`/${this.restEndpoint}/node-translation-headers`,
|
||||
ResponseHelper.send(
|
||||
async (req: express.Request, res: express.Response): Promise<object | void> => {
|
||||
try {
|
||||
await fsAccess(`${headersPath}.js`);
|
||||
} catch (_) {
|
||||
return; // no headers available
|
||||
}
|
||||
|
||||
try {
|
||||
return require(headersPath);
|
||||
} catch (error) {
|
||||
res.status(500).send('Failed to load headers file');
|
||||
}
|
||||
},
|
||||
),
|
||||
);
|
||||
|
||||
// ----------------------------------------
|
||||
// Node-Types
|
||||
// ----------------------------------------
|
||||
|
@ -1160,21 +1120,26 @@ class Server extends AbstractServer {
|
|||
// TODO UM: check if this needs permission check for UM
|
||||
const identifier = req.params.path;
|
||||
const binaryDataManager = BinaryDataManager.getInstance();
|
||||
const binaryPath = binaryDataManager.getBinaryPath(identifier);
|
||||
let { mode, fileName, mimeType } = req.query;
|
||||
if (!fileName || !mimeType) {
|
||||
try {
|
||||
const metadata = await binaryDataManager.getBinaryMetadata(identifier);
|
||||
fileName = metadata.fileName;
|
||||
mimeType = metadata.mimeType;
|
||||
res.setHeader('Content-Length', metadata.fileSize);
|
||||
} catch {}
|
||||
try {
|
||||
const binaryPath = binaryDataManager.getBinaryPath(identifier);
|
||||
let { mode, fileName, mimeType } = req.query;
|
||||
if (!fileName || !mimeType) {
|
||||
try {
|
||||
const metadata = await binaryDataManager.getBinaryMetadata(identifier);
|
||||
fileName = metadata.fileName;
|
||||
mimeType = metadata.mimeType;
|
||||
res.setHeader('Content-Length', metadata.fileSize);
|
||||
} catch {}
|
||||
}
|
||||
if (mimeType) res.setHeader('Content-Type', mimeType);
|
||||
if (mode === 'download') {
|
||||
res.setHeader('Content-Disposition', `attachment; filename="${fileName}"`);
|
||||
}
|
||||
res.sendFile(binaryPath);
|
||||
} catch (error) {
|
||||
if (error instanceof FileNotFoundError) res.writeHead(404).end();
|
||||
else throw error;
|
||||
}
|
||||
if (mimeType) res.setHeader('Content-Type', mimeType);
|
||||
if (mode === 'download') {
|
||||
res.setHeader('Content-Disposition', `attachment; filename="${fileName}"`);
|
||||
}
|
||||
res.sendFile(binaryPath);
|
||||
},
|
||||
);
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import { join, dirname } from 'path';
|
||||
import { readdir } from 'fs/promises';
|
||||
import type { Dirent } from 'fs';
|
||||
import { NODES_BASE_DIR } from '@/constants';
|
||||
|
||||
const ALLOWED_VERSIONED_DIRNAME_LENGTH = [2, 3]; // e.g. v1, v10
|
||||
|
||||
|
@ -47,18 +46,3 @@ export async function getNodeTranslationPath({
|
|||
? join(nodeDir, `v${maxVersion}`, 'translations', locale, `${nodeType}.json`)
|
||||
: join(nodeDir, 'translations', locale, `${nodeType}.json`);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the full path to a credential translation file in `/dist`.
|
||||
*/
|
||||
export function getCredentialTranslationPath({
|
||||
locale,
|
||||
credentialType,
|
||||
}: {
|
||||
locale: string;
|
||||
credentialType: string;
|
||||
}): string {
|
||||
const credsPath = join(NODES_BASE_DIR, 'dist', 'credentials');
|
||||
|
||||
return join(credsPath, 'translations', locale, `${credentialType}.json`);
|
||||
}
|
||||
|
|
|
@ -2,4 +2,5 @@ export { AuthController } from './auth.controller';
|
|||
export { MeController } from './me.controller';
|
||||
export { OwnerController } from './owner.controller';
|
||||
export { PasswordResetController } from './passwordReset.controller';
|
||||
export { TranslationController } from './translation.controller';
|
||||
export { UsersController } from './users.controller';
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import validator from 'validator';
|
||||
import { plainToInstance } from 'class-transformer';
|
||||
import { Delete, Get, Patch, Post, RestController } from '@/decorators';
|
||||
import {
|
||||
compareHash,
|
||||
|
@ -7,13 +8,13 @@ import {
|
|||
validatePassword,
|
||||
} from '@/UserManagement/UserManagementHelper';
|
||||
import { BadRequestError } from '@/ResponseHelper';
|
||||
import { User } from '@db/entities/User';
|
||||
import type { User } from '@db/entities/User';
|
||||
import { validateEntity } from '@/GenericHelpers';
|
||||
import { issueCookie } from '@/auth/jwt';
|
||||
import { Response } from 'express';
|
||||
import type { Repository } from 'typeorm';
|
||||
import type { ILogger } from 'n8n-workflow';
|
||||
import { AuthenticatedRequest, MeRequest } from '@/requests';
|
||||
import { AuthenticatedRequest, MeRequest, UserUpdatePayload } from '@/requests';
|
||||
import type {
|
||||
PublicUser,
|
||||
IDatabaseCollections,
|
||||
|
@ -61,38 +62,40 @@ export class MeController {
|
|||
* Update the logged-in user's settings, except password.
|
||||
*/
|
||||
@Patch('/')
|
||||
async updateCurrentUser(req: MeRequest.Settings, res: Response): Promise<PublicUser> {
|
||||
const { email } = req.body;
|
||||
async updateCurrentUser(req: MeRequest.UserUpdate, res: Response): Promise<PublicUser> {
|
||||
const { id: userId, email: currentEmail } = req.user;
|
||||
const payload = plainToInstance(UserUpdatePayload, req.body);
|
||||
|
||||
const { email } = payload;
|
||||
if (!email) {
|
||||
this.logger.debug('Request to update user email failed because of missing email in payload', {
|
||||
userId: req.user.id,
|
||||
payload: req.body,
|
||||
userId,
|
||||
payload,
|
||||
});
|
||||
throw new BadRequestError('Email is mandatory');
|
||||
}
|
||||
|
||||
if (!validator.isEmail(email)) {
|
||||
this.logger.debug('Request to update user email failed because of invalid email in payload', {
|
||||
userId: req.user.id,
|
||||
userId,
|
||||
invalidEmail: email,
|
||||
});
|
||||
throw new BadRequestError('Invalid email address');
|
||||
}
|
||||
|
||||
const { email: currentEmail } = req.user;
|
||||
const newUser = new User();
|
||||
await validateEntity(payload);
|
||||
|
||||
Object.assign(newUser, req.user, req.body);
|
||||
await this.userRepository.update(userId, payload);
|
||||
const user = await this.userRepository.findOneOrFail({
|
||||
where: { id: userId },
|
||||
relations: { globalRole: true },
|
||||
});
|
||||
|
||||
await validateEntity(newUser);
|
||||
|
||||
const user = await this.userRepository.save(newUser);
|
||||
|
||||
this.logger.info('User updated successfully', { userId: user.id });
|
||||
this.logger.info('User updated successfully', { userId });
|
||||
|
||||
await issueCookie(res, user);
|
||||
|
||||
const updatedKeys = Object.keys(req.body);
|
||||
const updatedKeys = Object.keys(payload);
|
||||
void this.internalHooks.onUserUpdate({
|
||||
user,
|
||||
fields_changed: updatedKeys,
|
||||
|
|
58
packages/cli/src/controllers/translation.controller.ts
Normal file
58
packages/cli/src/controllers/translation.controller.ts
Normal file
|
@ -0,0 +1,58 @@
|
|||
import type { Request } from 'express';
|
||||
import { ICredentialTypes } from 'n8n-workflow';
|
||||
import { join } from 'path';
|
||||
import { access } from 'fs/promises';
|
||||
import { Get, RestController } from '@/decorators';
|
||||
import { BadRequestError, InternalServerError } from '@/ResponseHelper';
|
||||
import { Config } from '@/config';
|
||||
import { NODES_BASE_DIR } from '@/constants';
|
||||
|
||||
export const CREDENTIAL_TRANSLATIONS_DIR = 'n8n-nodes-base/dist/credentials/translations';
|
||||
export const NODE_HEADERS_PATH = join(NODES_BASE_DIR, 'dist/nodes/headers');
|
||||
|
||||
export declare namespace TranslationRequest {
|
||||
export type Credential = Request<{}, {}, {}, { credentialType: string }>;
|
||||
}
|
||||
|
||||
@RestController('/')
|
||||
export class TranslationController {
|
||||
constructor(private config: Config, private credentialTypes: ICredentialTypes) {}
|
||||
|
||||
@Get('/credential-translation')
|
||||
async getCredentialTranslation(req: TranslationRequest.Credential) {
|
||||
const { credentialType } = req.query;
|
||||
|
||||
if (!this.credentialTypes.recognizes(credentialType))
|
||||
throw new BadRequestError(`Invalid Credential type: "${credentialType}"`);
|
||||
|
||||
const defaultLocale = this.config.getEnv('defaultLocale');
|
||||
const translationPath = join(
|
||||
CREDENTIAL_TRANSLATIONS_DIR,
|
||||
defaultLocale,
|
||||
`${credentialType}.json`,
|
||||
);
|
||||
|
||||
try {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-return
|
||||
return require(translationPath);
|
||||
} catch (error) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Get('/node-translation-headers')
|
||||
async getNodeTranslationHeaders() {
|
||||
try {
|
||||
await access(`${NODE_HEADERS_PATH}.js`);
|
||||
} catch (_) {
|
||||
return; // no headers available
|
||||
}
|
||||
|
||||
try {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-return
|
||||
return require(NODE_HEADERS_PATH);
|
||||
} catch (error) {
|
||||
throw new InternalServerError('Failed to load headers file');
|
||||
}
|
||||
}
|
||||
}
|
|
@ -111,6 +111,9 @@ export class User extends AbstractEntity implements IUser {
|
|||
@AfterLoad()
|
||||
@AfterUpdate()
|
||||
computeIsPending(): void {
|
||||
this.isPending = this.password === null;
|
||||
this.isPending =
|
||||
this.globalRole?.name === 'owner' && this.globalRole.scope === 'global'
|
||||
? false
|
||||
: this.password === null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,11 +3,12 @@ import jwt from 'jsonwebtoken';
|
|||
import cookieParser from 'cookie-parser';
|
||||
import passport from 'passport';
|
||||
import { Strategy } from 'passport-jwt';
|
||||
import { sync as globSync } from 'fast-glob';
|
||||
import { LoggerProxy as Logger } from 'n8n-workflow';
|
||||
import type { JwtPayload } from '@/Interfaces';
|
||||
import type { AuthenticatedRequest } from '@/requests';
|
||||
import config from '@/config';
|
||||
import { AUTH_COOKIE_NAME } from '@/constants';
|
||||
import { AUTH_COOKIE_NAME, EDITOR_UI_DIST_DIR } from '@/constants';
|
||||
import { issueCookie, resolveJwtContent } from '@/auth/jwt';
|
||||
import {
|
||||
isAuthenticatedRequest,
|
||||
|
@ -61,6 +62,10 @@ const refreshExpiringCookie: RequestHandler = async (req: AuthenticatedRequest,
|
|||
|
||||
const passportMiddleware = passport.authenticate('jwt', { session: false }) as RequestHandler;
|
||||
|
||||
const staticAssets = globSync(['**/*.html', '**/*.svg', '**/*.png', '**/*.ico'], {
|
||||
cwd: EDITOR_UI_DIST_DIR,
|
||||
});
|
||||
|
||||
/**
|
||||
* This sets up the auth middlewares in the correct order
|
||||
*/
|
||||
|
@ -79,12 +84,7 @@ export const setupAuthMiddlewares = (
|
|||
// TODO: refactor me!!!
|
||||
// skip authentication for preflight requests
|
||||
req.method === 'OPTIONS' ||
|
||||
req.url === '/index.html' ||
|
||||
req.url === '/favicon.ico' ||
|
||||
req.url.startsWith('/css/') ||
|
||||
req.url.startsWith('/js/') ||
|
||||
req.url.startsWith('/fonts/') ||
|
||||
req.url.includes('.svg') ||
|
||||
staticAssets.includes(req.url.slice(1)) ||
|
||||
req.url.startsWith(`/${restEndpoint}/settings`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/login`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/logout`) ||
|
||||
|
|
|
@ -10,11 +10,28 @@ import type {
|
|||
IWorkflowSettings,
|
||||
} from 'n8n-workflow';
|
||||
|
||||
import { IsEmail, IsString, Length } from 'class-validator';
|
||||
import { NoXss } from '@db/utils/customValidators';
|
||||
import type { PublicUser, IExecutionDeleteFilter, IWorkflowDb } from '@/Interfaces';
|
||||
import type { Role } from '@db/entities/Role';
|
||||
import type { User } from '@db/entities/User';
|
||||
import type * as UserManagementMailer from '@/UserManagement/email/UserManagementMailer';
|
||||
|
||||
export class UserUpdatePayload implements Pick<User, 'email' | 'firstName' | 'lastName'> {
|
||||
@IsEmail()
|
||||
email: string;
|
||||
|
||||
@NoXss()
|
||||
@IsString({ message: 'First name must be of type string.' })
|
||||
@Length(1, 32, { message: 'First name must be $constraint1 to $constraint2 characters long.' })
|
||||
firstName: string;
|
||||
|
||||
@NoXss()
|
||||
@IsString({ message: 'Last name must be of type string.' })
|
||||
@Length(1, 32, { message: 'Last name must be $constraint1 to $constraint2 characters long.' })
|
||||
lastName: string;
|
||||
}
|
||||
|
||||
export type AuthlessRequest<
|
||||
RouteParams = {},
|
||||
ResponseBody = {},
|
||||
|
@ -144,11 +161,7 @@ export declare namespace ExecutionRequest {
|
|||
// ----------------------------------
|
||||
|
||||
export declare namespace MeRequest {
|
||||
export type Settings = AuthenticatedRequest<
|
||||
{},
|
||||
{},
|
||||
Pick<PublicUser, 'email' | 'firstName' | 'lastName'>
|
||||
>;
|
||||
export type UserUpdate = AuthenticatedRequest<{}, {}, UserUpdatePayload>;
|
||||
export type Password = AuthenticatedRequest<
|
||||
{},
|
||||
{},
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
import 'reflect-metadata';
|
||||
|
||||
jest.mock('@sentry/node');
|
||||
jest.mock('@n8n_io/license-sdk');
|
||||
jest.mock('@/telemetry');
|
||||
|
|
|
@ -28,40 +28,74 @@ describe('MeController', () => {
|
|||
|
||||
describe('updateCurrentUser', () => {
|
||||
it('should throw BadRequestError if email is missing in the payload', async () => {
|
||||
const req = mock<MeRequest.Settings>({});
|
||||
const req = mock<MeRequest.UserUpdate>({});
|
||||
expect(controller.updateCurrentUser(req, mock())).rejects.toThrowError(
|
||||
new BadRequestError('Email is mandatory'),
|
||||
);
|
||||
});
|
||||
|
||||
it('should throw BadRequestError if email is invalid', async () => {
|
||||
const req = mock<MeRequest.Settings>({ body: { email: 'invalid-email' } });
|
||||
const req = mock<MeRequest.UserUpdate>({ body: { email: 'invalid-email' } });
|
||||
expect(controller.updateCurrentUser(req, mock())).rejects.toThrowError(
|
||||
new BadRequestError('Invalid email address'),
|
||||
);
|
||||
});
|
||||
|
||||
it('should update the user in the DB, and issue a new cookie', async () => {
|
||||
const req = mock<MeRequest.Settings>({
|
||||
user: mock({ id: '123', password: 'password', authIdentities: [] }),
|
||||
body: { email: 'valid@email.com', firstName: 'John', lastName: 'Potato' },
|
||||
const user = mock<User>({
|
||||
id: '123',
|
||||
password: 'password',
|
||||
authIdentities: [],
|
||||
globalRoleId: '1',
|
||||
});
|
||||
const reqBody = { email: 'valid@email.com', firstName: 'John', lastName: 'Potato' };
|
||||
const req = mock<MeRequest.UserUpdate>({ user, body: reqBody });
|
||||
const res = mock<Response>();
|
||||
userRepository.save.calledWith(anyObject()).mockResolvedValue(req.user);
|
||||
userRepository.findOneOrFail.mockResolvedValue(user);
|
||||
jest.spyOn(jwt, 'sign').mockImplementation(() => 'signed-token');
|
||||
|
||||
await controller.updateCurrentUser(req, res);
|
||||
|
||||
expect(userRepository.update).toHaveBeenCalled();
|
||||
|
||||
const cookieOptions = captor<CookieOptions>();
|
||||
expect(res.cookie).toHaveBeenCalledWith(AUTH_COOKIE_NAME, 'signed-token', cookieOptions);
|
||||
expect(cookieOptions.value.httpOnly).toBe(true);
|
||||
expect(cookieOptions.value.sameSite).toBe('lax');
|
||||
|
||||
expect(externalHooks.run).toHaveBeenCalledWith('user.profile.update', [
|
||||
req.user.email,
|
||||
user.email,
|
||||
anyObject(),
|
||||
]);
|
||||
});
|
||||
|
||||
it('should not allow updating any other fields on a user besides email and name', async () => {
|
||||
const user = mock<User>({
|
||||
id: '123',
|
||||
password: 'password',
|
||||
authIdentities: [],
|
||||
globalRoleId: '1',
|
||||
});
|
||||
const reqBody = { email: 'valid@email.com', firstName: 'John', lastName: 'Potato' };
|
||||
const req = mock<MeRequest.UserUpdate>({ user, body: reqBody });
|
||||
const res = mock<Response>();
|
||||
userRepository.findOneOrFail.mockResolvedValue(user);
|
||||
jest.spyOn(jwt, 'sign').mockImplementation(() => 'signed-token');
|
||||
|
||||
// Add invalid data to the request payload
|
||||
Object.assign(reqBody, { id: '0', globalRoleId: '42' });
|
||||
|
||||
await controller.updateCurrentUser(req, res);
|
||||
|
||||
expect(userRepository.update).toHaveBeenCalled();
|
||||
|
||||
const updatedUser = userRepository.update.mock.calls[0][1];
|
||||
expect(updatedUser.email).toBe(reqBody.email);
|
||||
expect(updatedUser.firstName).toBe(reqBody.firstName);
|
||||
expect(updatedUser.lastName).toBe(reqBody.lastName);
|
||||
expect(updatedUser.id).not.toBe('0');
|
||||
expect(updatedUser.globalRoleId).not.toBe('42');
|
||||
});
|
||||
});
|
||||
|
||||
describe('updatePassword', () => {
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
import { mock } from 'jest-mock-extended';
|
||||
import type { ICredentialTypes } from 'n8n-workflow';
|
||||
import type { Config } from '@/config';
|
||||
import {
|
||||
TranslationController,
|
||||
TranslationRequest,
|
||||
CREDENTIAL_TRANSLATIONS_DIR,
|
||||
} from '@/controllers/translation.controller';
|
||||
import { BadRequestError } from '@/ResponseHelper';
|
||||
|
||||
describe('TranslationController', () => {
|
||||
const config = mock<Config>();
|
||||
const credentialTypes = mock<ICredentialTypes>();
|
||||
const controller = new TranslationController(config, credentialTypes);
|
||||
|
||||
describe('getCredentialTranslation', () => {
|
||||
it('should throw 400 on invalid credential types', async () => {
|
||||
const credentialType = 'not-a-valid-credential-type';
|
||||
const req = mock<TranslationRequest.Credential>({ query: { credentialType } });
|
||||
credentialTypes.recognizes.calledWith(credentialType).mockReturnValue(false);
|
||||
|
||||
expect(controller.getCredentialTranslation(req)).rejects.toThrowError(
|
||||
new BadRequestError(`Invalid Credential type: "${credentialType}"`),
|
||||
);
|
||||
});
|
||||
|
||||
it('should return translation json on valid credential types', async () => {
|
||||
const credentialType = 'credential-type';
|
||||
const req = mock<TranslationRequest.Credential>({ query: { credentialType } });
|
||||
config.getEnv.calledWith('defaultLocale').mockReturnValue('de');
|
||||
credentialTypes.recognizes.calledWith(credentialType).mockReturnValue(true);
|
||||
const response = { translation: 'string' };
|
||||
jest.mock(`${CREDENTIAL_TRANSLATIONS_DIR}/de/credential-type.json`, () => response, {
|
||||
virtual: true,
|
||||
});
|
||||
|
||||
expect(await controller.getCredentialTranslation(req)).toEqual(response);
|
||||
});
|
||||
});
|
||||
});
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "n8n-core",
|
||||
"version": "0.155.0",
|
||||
"version": "0.155.1",
|
||||
"description": "Core functionality of n8n",
|
||||
"license": "SEE LICENSE IN LICENSE.md",
|
||||
"homepage": "https://n8n.io",
|
||||
|
|
|
@ -7,6 +7,7 @@ import type { BinaryMetadata } from 'n8n-workflow';
|
|||
import { jsonParse } from 'n8n-workflow';
|
||||
|
||||
import type { IBinaryDataConfig, IBinaryDataManager } from '../Interfaces';
|
||||
import { FileNotFoundError } from '../errors';
|
||||
|
||||
const PREFIX_METAFILE = 'binarymeta';
|
||||
const PREFIX_PERSISTED_METAFILE = 'persistedmeta';
|
||||
|
@ -85,17 +86,17 @@ export class BinaryDataFileSystem implements IBinaryDataManager {
|
|||
}
|
||||
|
||||
getBinaryPath(identifier: string): string {
|
||||
return path.join(this.storagePath, identifier);
|
||||
return this.resolveStoragePath(identifier);
|
||||
}
|
||||
|
||||
getMetadataPath(identifier: string): string {
|
||||
return path.join(this.storagePath, `${identifier}.metadata`);
|
||||
return this.resolveStoragePath(`${identifier}.metadata`);
|
||||
}
|
||||
|
||||
async markDataForDeletionByExecutionId(executionId: string): Promise<void> {
|
||||
const tt = new Date(new Date().getTime() + this.binaryDataTTL * 60000);
|
||||
return fs.writeFile(
|
||||
path.join(this.getBinaryDataMetaPath(), `${PREFIX_METAFILE}_${executionId}_${tt.valueOf()}`),
|
||||
this.resolveStoragePath('meta', `${PREFIX_METAFILE}_${executionId}_${tt.valueOf()}`),
|
||||
'',
|
||||
);
|
||||
}
|
||||
|
@ -116,8 +117,8 @@ export class BinaryDataFileSystem implements IBinaryDataManager {
|
|||
const timeAtNextHour = currentTime + 3600000 - (currentTime % 3600000);
|
||||
const timeoutTime = timeAtNextHour + this.persistedBinaryDataTTL * 60000;
|
||||
|
||||
const filePath = path.join(
|
||||
this.getBinaryDataPersistMetaPath(),
|
||||
const filePath = this.resolveStoragePath(
|
||||
'persistMeta',
|
||||
`${PREFIX_PERSISTED_METAFILE}_${executionId}_${timeoutTime}`,
|
||||
);
|
||||
|
||||
|
@ -170,21 +171,18 @@ export class BinaryDataFileSystem implements IBinaryDataManager {
|
|||
const newBinaryDataId = this.generateFileName(prefix);
|
||||
|
||||
return fs
|
||||
.copyFile(
|
||||
path.join(this.storagePath, binaryDataId),
|
||||
path.join(this.storagePath, newBinaryDataId),
|
||||
)
|
||||
.copyFile(this.resolveStoragePath(binaryDataId), this.resolveStoragePath(newBinaryDataId))
|
||||
.then(() => newBinaryDataId);
|
||||
}
|
||||
|
||||
async deleteBinaryDataByExecutionId(executionId: string): Promise<void> {
|
||||
const regex = new RegExp(`${executionId}_*`);
|
||||
const filenames = await fs.readdir(path.join(this.storagePath));
|
||||
const filenames = await fs.readdir(this.storagePath);
|
||||
|
||||
const proms = filenames.reduce(
|
||||
(allProms, filename) => {
|
||||
if (regex.test(filename)) {
|
||||
allProms.push(fs.rm(path.join(this.storagePath, filename)));
|
||||
allProms.push(fs.rm(this.resolveStoragePath(filename)));
|
||||
}
|
||||
|
||||
return allProms;
|
||||
|
@ -253,4 +251,11 @@ export class BinaryDataFileSystem implements IBinaryDataManager {
|
|||
throw new Error(`Error finding file: ${filePath}`);
|
||||
}
|
||||
}
|
||||
|
||||
private resolveStoragePath(...args: string[]) {
|
||||
const returnPath = path.join(this.storagePath, ...args);
|
||||
if (path.relative(this.storagePath, returnPath).startsWith('..'))
|
||||
throw new FileNotFoundError('Invalid path detected');
|
||||
return returnPath;
|
||||
}
|
||||
}
|
||||
|
|
5
packages/core/src/errors.ts
Normal file
5
packages/core/src/errors.ts
Normal file
|
@ -0,0 +1,5 @@
|
|||
export class FileNotFoundError extends Error {
|
||||
constructor(readonly filePath: string) {
|
||||
super(`File not found: ${filePath}`);
|
||||
}
|
||||
}
|
|
@ -15,6 +15,7 @@ export * from './LoadNodeListSearch';
|
|||
export * from './NodeExecuteFunctions';
|
||||
export * from './WorkflowExecute';
|
||||
export { eventEmitter, NodeExecuteFunctions, UserSettings };
|
||||
export * from './errors';
|
||||
|
||||
declare module 'http' {
|
||||
export interface IncomingMessage {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "n8n-editor-ui",
|
||||
"version": "0.182.0",
|
||||
"version": "0.182.1",
|
||||
"description": "Workflow Editor UI for n8n",
|
||||
"license": "SEE LICENSE IN LICENSE.md",
|
||||
"homepage": "https://n8n.io",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "n8n-node-dev",
|
||||
"version": "0.94.0",
|
||||
"version": "0.94.1",
|
||||
"description": "CLI to simplify n8n credentials/node development",
|
||||
"license": "SEE LICENSE IN LICENSE.md",
|
||||
"homepage": "https://n8n.io",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "n8n-nodes-base",
|
||||
"version": "0.214.0",
|
||||
"version": "0.214.1",
|
||||
"description": "Base nodes of n8n",
|
||||
"license": "SEE LICENSE IN LICENSE.md",
|
||||
"homepage": "https://n8n.io",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "n8n-workflow",
|
||||
"version": "0.137.0",
|
||||
"version": "0.137.1",
|
||||
"description": "Workflow base code of n8n",
|
||||
"license": "SEE LICENSE IN LICENSE.md",
|
||||
"homepage": "https://n8n.io",
|
||||
|
|
|
@ -163,6 +163,7 @@ importers:
|
|||
callsites: ^3.1.0
|
||||
change-case: ^4.1.1
|
||||
chokidar: 3.5.2
|
||||
class-transformer: ^0.5.1
|
||||
class-validator: ^0.14.0
|
||||
client-oauth2: ^4.2.5
|
||||
compression: ^1.7.4
|
||||
|
@ -259,6 +260,7 @@ importers:
|
|||
bull: 4.10.2
|
||||
callsites: 3.1.0
|
||||
change-case: 4.1.2
|
||||
class-transformer: 0.5.1
|
||||
class-validator: 0.14.0
|
||||
client-oauth2: 4.3.3
|
||||
compression: 1.7.4
|
||||
|
@ -4136,7 +4138,7 @@ packages:
|
|||
dependencies:
|
||||
'@storybook/client-logger': 7.0.0-beta.46
|
||||
'@storybook/core-events': 7.0.0-beta.46
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/global': 5.0.0
|
||||
'@storybook/manager-api': 7.0.0-beta.46_6l5554ty5ajsajah6yazvrjhoe
|
||||
'@storybook/preview-api': 7.0.0-beta.46
|
||||
|
@ -4344,7 +4346,7 @@ packages:
|
|||
'@storybook/client-logger': 7.0.0-beta.46
|
||||
'@storybook/components': 7.0.0-beta.46_6l5554ty5ajsajah6yazvrjhoe
|
||||
'@storybook/core-events': 7.0.0-beta.46
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/docs-tools': 7.0.0-beta.46
|
||||
'@storybook/global': 5.0.0
|
||||
'@storybook/manager-api': 7.0.0-beta.46_6l5554ty5ajsajah6yazvrjhoe
|
||||
|
@ -4564,7 +4566,7 @@ packages:
|
|||
'@babel/core': 7.20.12
|
||||
'@babel/preset-env': 7.20.2_@babel+core@7.20.12
|
||||
'@babel/types': 7.20.7
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/csf-tools': 7.0.0-beta.46
|
||||
'@storybook/node-logger': 7.0.0-beta.46
|
||||
'@storybook/types': 7.0.0-beta.46
|
||||
|
@ -4604,7 +4606,7 @@ packages:
|
|||
react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0
|
||||
dependencies:
|
||||
'@storybook/client-logger': 7.0.0-beta.46
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/global': 5.0.0
|
||||
'@storybook/theming': 7.0.0-beta.46_6l5554ty5ajsajah6yazvrjhoe
|
||||
'@storybook/types': 7.0.0-beta.46
|
||||
|
@ -4675,7 +4677,7 @@ packages:
|
|||
'@storybook/builder-manager': 7.0.0-beta.46
|
||||
'@storybook/core-common': 7.0.0-beta.46
|
||||
'@storybook/core-events': 7.0.0-beta.46
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/csf-tools': 7.0.0-beta.46
|
||||
'@storybook/docs-mdx': 0.0.1-next.6
|
||||
'@storybook/global': 5.0.0
|
||||
|
@ -4745,7 +4747,7 @@ packages:
|
|||
resolution: {integrity: sha512-H7zXfL1wf/1jWi5MaFISt/taxE41fgpV/uLfi5CHcHLX9ZgeQs2B/2utpUgwvBsxiL+E/jKAt5cLeuZCIvglMg==}
|
||||
dependencies:
|
||||
'@babel/types': 7.20.7
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/types': 7.0.0-beta.46
|
||||
fs-extra: 11.1.0
|
||||
recast: 0.23.1
|
||||
|
@ -4760,8 +4762,8 @@ packages:
|
|||
lodash: 4.17.21
|
||||
dev: true
|
||||
|
||||
/@storybook/csf/0.0.2-next.9:
|
||||
resolution: {integrity: sha512-ECOLMK425s+z8oA0aVAhBhhquuwTsZrM4oha/5De44JG8uYGXhqVrv/l27oxZEkwytuiQu+9f65HxYli+DY+3w==}
|
||||
/@storybook/csf/0.0.2-next.10:
|
||||
resolution: {integrity: sha512-m2PFgBP/xRIF85VrDhvesn9ktaD2pN3VUjvMqkAL/cINp/3qXsCyI81uw7N5VEOkQAbWrY2FcydnvEPDEdE8fA==}
|
||||
dependencies:
|
||||
type-fest: 2.19.0
|
||||
dev: true
|
||||
|
@ -4797,7 +4799,7 @@ packages:
|
|||
'@storybook/channels': 7.0.0-beta.46
|
||||
'@storybook/client-logger': 7.0.0-beta.46
|
||||
'@storybook/core-events': 7.0.0-beta.46
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/global': 5.0.0
|
||||
'@storybook/router': 7.0.0-beta.46_6l5554ty5ajsajah6yazvrjhoe
|
||||
'@storybook/theming': 7.0.0-beta.46_6l5554ty5ajsajah6yazvrjhoe
|
||||
|
@ -4887,7 +4889,7 @@ packages:
|
|||
'@storybook/channels': 7.0.0-beta.46
|
||||
'@storybook/client-logger': 7.0.0-beta.46
|
||||
'@storybook/core-events': 7.0.0-beta.46
|
||||
'@storybook/csf': 0.0.2-next.9
|
||||
'@storybook/csf': 0.0.2-next.10
|
||||
'@storybook/global': 5.0.0
|
||||
'@storybook/types': 7.0.0-beta.46
|
||||
'@types/qs': 6.9.7
|
||||
|
@ -8088,6 +8090,10 @@ packages:
|
|||
resolution: {integrity: sha512-kgMuFyE78OC6Dyu3Dy7vcx4uy97EIbVxJB/B0eJ3bUNAkwdNcxYzgKltnyADiYwsR7SEqkkUPsEUT//OVS6XMA==}
|
||||
dev: false
|
||||
|
||||
/class-transformer/0.5.1:
|
||||
resolution: {integrity: sha512-SQa1Ws6hUbfC98vKGxZH3KFY0Y1lm5Zm0SY8XX9zbK7FJCyVEac3ATW0RIpwzW+oOfmHE5PMPufDG9hCfoEOMw==}
|
||||
dev: false
|
||||
|
||||
/class-utils/0.3.6:
|
||||
resolution: {integrity: sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg==}
|
||||
engines: {node: '>=0.10.0'}
|
||||
|
|
Loading…
Reference in a new issue