gromov/casdoor
1
0
Fork 0
forked from casdoor/casdoor
Code Pull Requests Actions Packages Releases Activity

fix: remove old use keys (#5299)

Browse Source
This commit is contained in:
ANormalDD
2026-03-22 14:40:14 +08:00
parent 7148c9db85
commit 4879926977
12 changed files with 5 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
controllers/user.go
View File

@@ -730,29 +730,6 @@ func (c *ApiController) GetUserCount() {
c.ResponseOk(count)
}
// AddUserKeys
// @Title AddUserKeys
// @router /add-user-keys [post]
// @Tag User API
// @Success 200 {object} object.Userinfo The Response object
func (c *ApiController) AddUserKeys() {
var user object.User
err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
if err != nil {
c.ResponseError(err.Error())
return
}
isAdmin := c.IsAdmin()
affected, err := object.AddUserKeys(&user, isAdmin)
if err != nil {
c.ResponseError(err.Error())
return
}
c.ResponseOk(affected)
}
func (c *ApiController) RemoveUserFromGroup() {
owner := c.Ctx.Request.Form.Get("owner")
name := c.Ctx.Request.Form.Get("name")

1
object/init.go
View File

@@ -90,7 +90,6 @@ func getBuiltInAccountItems() []*AccountItem {
{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
{Name: "Register type", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
{Name: "Register source", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
{Name: "API key", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
{Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
{Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
{Name: "Groups", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},

4
object/token_jwt.go
View File

@@ -112,8 +112,6 @@ type UserWithoutThirdIdp struct {
PreHash string `xorm:"varchar(100)" json:"preHash"`
RegisterType string `xorm:"varchar(100)" json:"registerType"`
RegisterSource string `xorm:"varchar(100)" json:"registerSource"`
AccessKey string `xorm:"varchar(100)" json:"accessKey"`
AccessSecret string `xorm:"varchar(100)" json:"accessSecret"`
GitHub string `xorm:"github varchar(100)" json:"github"`
Google string `xorm:"varchar(100)" json:"google"`
@@ -267,8 +265,6 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {
PreHash: user.PreHash,
RegisterType: user.RegisterType,
RegisterSource: user.RegisterSource,
AccessKey: user.AccessKey,
AccessSecret: user.AccessSecret,
GitHub: user.GitHub,
Google: user.Google,

35
object/user.go
View File

@@ -109,8 +109,6 @@ type User struct {
PreHash string `xorm:"varchar(100)" json:"preHash"`
RegisterType string `xorm:"varchar(100)" json:"registerType"`
RegisterSource string `xorm:"varchar(100)" json:"registerSource"`
AccessKey string `xorm:"varchar(100)" json:"accessKey"`
AccessSecret string `xorm:"varchar(100)" json:"accessSecret"`
AccessToken string `xorm:"mediumtext" json:"accessToken"`
OriginalToken string `xorm:"mediumtext" json:"originalToken"`
OriginalRefreshToken string `xorm:"mediumtext" json:"originalRefreshToken"`
@@ -639,23 +637,6 @@ func GetUserByInvitationCode(owner string, invitationCode string) (*User, error)
}
}
func GetUserByAccessKey(accessKey string) (*User, error) {
if accessKey == "" {
return nil, nil
}
user := User{AccessKey: accessKey}
existed, err := ormer.Engine.Get(&user)
if err != nil {
return nil, err
}
if existed {
return &user, nil
} else {
return nil, nil
}
}
func GetUser(id string) (*User, error) {
owner, name, err := util.GetOwnerAndNameFromIdWithError(id)
if err != nil {
@@ -683,9 +664,6 @@ func GetMaskedUser(user *User, isAdminOrSelf bool, errs ...error) (*User, error)
}
if !isAdminOrSelf {
if user.AccessSecret != "" {
user.AccessSecret = "***"
}
if user.OriginalToken != "" {
user.OriginalToken = "***"
}
@@ -865,7 +843,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
"owner", "display_name", "avatar", "first_name", "last_name",
"location", "address", "addresses", "country_code", "region", "language", "affiliation", "title", "id_card_type", "id_card", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application", "register_type", "register_source",
"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "mfa_items", "last_change_password_time", "managedAccounts", "face_ids", "mfaAccounts",
"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret", "mfa_phone_enabled", "mfa_email_enabled", "email_verified",
"signin_wrong_times", "last_signin_wrong_time", "groups", "mfa_phone_enabled", "mfa_email_enabled", "email_verified",
"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "azureadb2c", "slack", "steam", "bilibili", "okta", "douyin", "kwai", "line", "amazon",
"auth0", "battlenet", "bitbucket", "box", "cloudfoundry", "dailymotion", "deezer", "digitalocean", "discord", "dropbox",
@@ -1396,17 +1374,6 @@ func (user *User) GetPreferredMfaProps(masked bool) *MfaProps {
return user.GetMfaProps(user.PreferredMfaType, masked)
}
func AddUserKeys(user *User, isAdmin bool) (bool, error) {
if user == nil {
return false, fmt.Errorf("the user is not found")
}
user.AccessKey = util.GenerateId()
user.AccessSecret = util.GenerateId()
return UpdateUser(user.GetId(), user, []string{}, isAdmin)
}
func (user *User) IsApplicationAdmin(application *Application) bool {
if user == nil {
return false

34
routers/authz_filter.go
View File

@@ -32,10 +32,8 @@ import (
)
type Object struct {
Owner string `json:"owner"`
Name string `json:"name"`
AccessKey string `json:"accessKey"`
AccessSecret string `json:"accessSecret"`
Owner string `json:"owner"`
Name string `json:"name"`
}
type ObjectWithOrg struct {
@@ -49,10 +47,6 @@ func getUsername(ctx *context.Context) (username string) {
username, _ = getUsernameByClientIdSecret(ctx)
}
if username == "" {
username, _ = getUsernameByKeys(ctx)
}
session := ctx.Input.Session("SessionData")
if session == nil {
return
@@ -185,30 +179,6 @@ func getObject(ctx *context.Context) (string, string, error) {
}
}
func getKeys(ctx *context.Context) (string, string) {
method := ctx.Request.Method
if method == http.MethodGet {
accessKey := ctx.Input.Query("accessKey")
accessSecret := ctx.Input.Query("accessSecret")
return accessKey, accessSecret
} else {
body := ctx.Input.RequestBody
if len(body) == 0 {
return ctx.Request.Form.Get("accessKey"), ctx.Request.Form.Get("accessSecret")
}
var obj Object
err := json.Unmarshal(body, &obj)
if err != nil {
return "", ""
}
return obj.AccessKey, obj.AccessSecret
}
}
func willLog(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
if subOwner == "anonymous" && subName == "anonymous" && method == "GET" && (urlPath == "/api/get-account" || urlPath == "/api/get-app-login") && objOwner == "" && objName == "" {
return false

11
routers/auto_signin_filter.go
View File

@@ -86,17 +86,6 @@ func AutoSigninFilter(ctx *context.Context) {
return
}
accessKey := ctx.Input.Query("accessKey")
accessSecret := ctx.Input.Query("accessSecret")
if accessKey != "" && accessSecret != "" {
userId, err := getUsernameByKeys(ctx)
if err != nil {
responseError(ctx, err.Error())
}
setSessionUser(ctx, userId)
}
// "/page?clientId=123&clientSecret=456"
userId, err := getUsernameByClientIdSecret(ctx)
if err != nil {

18
routers/base.go
View File

@@ -135,24 +135,6 @@ func getUsernameByClientIdSecret(ctx *context.Context) (string, error) {
return fmt.Sprintf("app/%s", application.Name), nil
}
func getUsernameByKeys(ctx *context.Context) (string, error) {
accessKey, accessSecret := getKeys(ctx)
user, err := object.GetUserByAccessKey(accessKey)
if err != nil {
return "", err
}
if user == nil {
return "", fmt.Errorf("user not found for access key: %s", accessKey)
}
if accessSecret != user.AccessSecret {
return "", fmt.Errorf("incorrect access secret for user: %s", user.Name)
}
return user.GetId(), nil
}
func getSessionUser(ctx *context.Context) string {
user := ctx.Input.CruSession.Get(stdcontext.Background(), "username")
if user == nil {

1
routers/router.go
View File

@@ -87,7 +87,6 @@ func InitAPI() {
web.Router("/api/get-user-count", &controllers.ApiController{}, "GET:GetUserCount")
web.Router("/api/get-user", &controllers.ApiController{}, "GET:GetUser")
web.Router("/api/update-user", &controllers.ApiController{}, "POST:UpdateUser")
web.Router("/api/add-user-keys", &controllers.ApiController{}, "POST:AddUserKeys")
web.Router("/api/add-user", &controllers.ApiController{}, "POST:AddUser")
web.Router("/api/delete-user", &controllers.ApiController{}, "POST:DeleteUser")
web.Router("/api/upload-users", &controllers.ApiController{}, "POST:UploadUsers")

1
web/src/OrganizationListPage.js
View File

@@ -94,7 +94,6 @@ class OrganizationListPage extends BaseListPage {
{name: "Signup application", visible: true, viewRule: "Public", modifyRule: "Admin"},
{name: "Register type", visible: true, viewRule: "Public", modifyRule: "Admin"},
{name: "Register source", visible: true, viewRule: "Public", modifyRule: "Admin"},
{name: "API key", label: i18next.t("general:API key"), modifyRule: "Self"},
{name: "Groups", visible: true, viewRule: "Public", modifyRule: "Admin"},
{name: "Roles", visible: true, viewRule: "Public", modifyRule: "Immutable"},
{name: "Permissions", visible: true, viewRule: "Public", modifyRule: "Immutable"},

4
web/src/Setting.js
View File

@@ -462,7 +462,7 @@ export const UserFields = ["owner", "name", "password", "display_name", "id", "t
"avatar_type", "permanent_avatar", "email_verified", "region", "location", "address",
"affiliation", "title", "id_card_type", "id_card", "real_name", "is_verified", "bio", "tag", "language",
"education", "score", "karma", "ranking", "balance", "balance_credit", "balance_currency", "currency", "is_default_avatar", "is_online",
"is_forbidden", "is_deleted", "signup_application", "register_type", "register_source", "hash", "pre_hash", "access_key", "access_secret", "access_token",
"is_forbidden", "is_deleted", "signup_application", "register_type", "register_source", "hash", "pre_hash", "access_token",
"created_ip", "last_signin_time", "last_signin_ip", "github", "google", "qq", "wechat", "facebook", "dingtalk",
"weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs", "baidu", "alipay", "casdoor", "infoflow", "apple",
"azuread", "azureadb2c", "slack", "steam", "bilibili", "okta", "douyin", "kwai", "line", "amazon", "auth0",
@@ -2361,7 +2361,7 @@ export function getApiPaths() {
res.push("place-order", "cancel-order", "pay-order");
}
if (obj === "user") {
res.push("add-user-keys", "remove-user-from-group", "upload-users");
res.push("remove-user-from-group", "upload-users");
res.push("check-user-password", "set-password", "reset-email-or-phone");
res.push("verify-identification");
}

44
web/src/UserEditPage.js
View File

@@ -137,17 +137,6 @@ class UserEditPage extends React.Component {
});
}
addUserKeys() {
UserBackend.addUserKeys(this.state.user)
.then((res) => {
if (res.status === "ok") {
this.getUser();
} else {
Setting.showMessage("error", res.msg);
}
});
}
getOrganizations() {
OrganizationBackend.getOrganizations("admin")
.then((res) => {
@@ -971,39 +960,6 @@ class UserEditPage extends React.Component {
</Col>
</Row>
);
} else if (accountItem.name === "API key") {
return (
<Row style={{marginTop: "20px"}} >
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
{Setting.getLabel(i18next.t("general:API key"), i18next.t("general:API key - Tooltip"))} :
</Col>
<Col span={22} >
<Row style={{marginTop: "20px"}} >
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
{Setting.getLabel(i18next.t("general:Access key"), i18next.t("general:Access key - Tooltip"))} :
</Col>
<Col span={22} >
<Input value={this.state.user.accessKey} disabled={true} />
</Col>
</Row>
<Row style={{marginTop: "20px"}} >
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
{Setting.getLabel(i18next.t("general:Access secret"), i18next.t("general:Access secret - Tooltip"))} :
</Col>
<Col span={22} >
<Input value={this.state.user.accessSecret} disabled={true} />
</Col>
</Row>
<Row style={{marginTop: "20px", marginBottom: "20px"}} >
<Col span={22} >
<Button type="primary" onClick={() => this.addUserKeys()}>
{i18next.t("general:Generate")}
</Button>
</Col>
</Row>
</Col>
</Row>
);
} else if (accountItem.name === "Roles") {
return (
<Row style={{marginTop: "20px", alignItems: "center"}} >

11
web/src/backend/UserBackend.js
View File

@@ -45,17 +45,6 @@ export function getUser(owner, name) {
}).then(res => res.json());
}
export function addUserKeys(user) {
return fetch(`${Setting.ServerUrl}/api/add-user-keys`, {
method: "POST",
credentials: "include",
body: JSON.stringify(user),
headers: {
"Accept-Language": Setting.getAcceptLanguage(),
},
}).then(res => res.json());
}
export function updateUser(owner, name, user) {
const newUser = Setting.deepCopy(user);
return fetch(`${Setting.ServerUrl}/api/update-user?id=${owner}/${encodeURIComponent(name)}`, {