mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
7974bdfa80
* create pages, add routes, update policies * add new pages to importer * sandbox page * login -> sandbox-login * Update login.less * psuedo-code/code comments * remove sandbox page * Revert "remove sandbox page" This reverts commitd5a1280759. * view action drafts * delete forgot-password page * two new actions + draft code * change action name * Draft view actions and page scripts * Update signup.js * update comments * update signup & sandbox-login page script * update helper comments * update helper usage in comments * view-sandbox » view-sandbox-or-redirect * Update helpers, actions, and routes * login » sandbox-login * update attributes on user model * update signup action * update page scripts and importer * Update view-register.js * html + css * update signup and view-sandbox-or-redirect * Password reset Update user's sandbox password when they have a sandbox instance * add new-sandbox, update sandbox page - `/try-fleet/new-sandbox` added for users who don't have an existing Fleet Sandbox instance, - `/sandbox` updated to redirect users to the `/demologin` endpoint of their Fleet Sandbox instance if it is still valid, or display the sandbox expired state - updated policies & routes * layout and importer updates * update sandbox-login links & page script * update signup action * change logout redirect location to homepage * lint fixes * lint fixes * Update sandbox & sandbox-expired * Comment updates * update password requirements for existing pages * remove /get-started route * lint fixes * replace env variable with url * remove `required: false` from organization attribute on user model * send redirectToSandbox from view instead of routes * changes sandbox page name * add 10 second timeout to /healthz check, add authorization header to cloud provisioner request * update environment variable name * update authorization header * remove /new-sandbox * update unauthorized response to redirect to correct login screen * update comments * update layout * replace new-sandbox redirects with consistency violation errors * Provision Fleet sandbox for users logging in * Revert "Provision Fleet sandbox for users logging in" This reverts commit6297c33892. * Revert "Revert "Provision Fleet sandbox for users logging in"" This reverts commitc2a2567b68. * Revert "Revert "Revert "Provision Fleet sandbox for users logging in""" This reverts commitacc178ea76. * update sandbox-login mobile styles * update sandbox-expired page to match latest wireframes * remove required: false and planned changes comments, update signup errors and behavior * update error * lint fix on updated error * Update error's indentation * remove added forgot-password flow, add redirect for sandbox users changing their password * Use fleetSandboxDemoKey to login to Fleet Sandbox, remove password changing flow * update bootstrap to give admin user an expired sandbox * Update signup.js * remove unused exits, revert password recovery email changes * required:false is implied if unspecified, so can be omitted * Remove defaultsTo: '', since it is not needed This applies the changes discussed in https://github.com/fleetdm/fleet/pull/6380#discussion_r929538495 It also makes two other trivial changes. * Eliminate another unnecessary require:false I think this one is actually baked into the sails-generate template. * remove custom password validation * update page name (sandbox-teleporter) and view action name * revert minor changes to existing files * update sandbox login friendlyName * Update unauthorized response to redirect to /login * Delete new-sandbox.less * update layouts and importer * add /fleetctl-preview route for old get-started page, update sandbox route * update signup action with changes from review, add retry() to cloud provisioner request * Update routes.js * add missing comma to route * update layout, fix typo in signup * Update sandbox-expired.ejs * lint fixes * Update download-sitemap.js * small whitespace changes, regenerate cloud-sdk * remove placeholder text in password inputs * add loading spinner to sandbox teleporter * add logout button to header nav * hide header on sandbox-teleporter * update errors, check if a user already exists before cloud provisioner request * Update sandbox-teleporter.page.js * Update sandbox-teleporter.page.js * Update signup.js * resize loading spinner, history.pushState() » history.replaceState() * send users who reset their password back to the fleetdm.com homepage * Add Zapier webhook request for sandbox signups * rebuild-scloud-sdk after resolving merge conflict * update zapier request error * Add comment w/ context about how Zapier responds with a 2xx even if there was a problem * Update links to /get-started to go to /try-fleet/register, change /get-started redirect * Revert changes to links * add /test-fleet-sandbox redirect, revert /try-fleet redirect * send logged out users to the sandbox login page when they go to /try-fleet/sandbox Co-authored-by: Mike McNeil <[email protected]>
203 lines
8.2 KiB
JavaScript
Vendored
203 lines
8.2 KiB
JavaScript
Vendored
/**
|
|
* User.js
|
|
*
|
|
* A user who can log in to this application.
|
|
*/
|
|
|
|
module.exports = {
|
|
|
|
attributes: {
|
|
|
|
// ╔═╗╦═╗╦╔╦╗╦╔╦╗╦╦ ╦╔═╗╔═╗
|
|
// ╠═╝╠╦╝║║║║║ ║ ║╚╗╔╝║╣ ╚═╗
|
|
// ╩ ╩╚═╩╩ ╩╩ ╩ ╩ ╚╝ ╚═╝╚═╝
|
|
|
|
emailAddress: {
|
|
type: 'string',
|
|
required: true,
|
|
unique: true,
|
|
isEmail: true,
|
|
maxLength: 200,
|
|
example: '[email protected]'
|
|
},
|
|
|
|
emailStatus: {
|
|
type: 'string',
|
|
isIn: ['unconfirmed', 'change-requested', 'confirmed'],
|
|
defaultsTo: 'confirmed',
|
|
description: 'The confirmation status of the user\'s email address.',
|
|
extendedDescription:
|
|
`Users might be created as "unconfirmed" (e.g. normal signup) or as "confirmed" (e.g. hard-coded
|
|
admin users). When the email verification feature is enabled, new users created via the
|
|
signup form have \`emailStatus: 'unconfirmed'\` until they click the link in the confirmation email.
|
|
Similarly, when an existing user changes their email address, they switch to the "change-requested"
|
|
email status until they click the link in the confirmation email.`
|
|
},
|
|
|
|
emailChangeCandidate: {
|
|
type: 'string',
|
|
isEmail: true,
|
|
description: 'A still-unconfirmed email address that this user wants to change to (if relevant).'
|
|
},
|
|
|
|
password: {
|
|
type: 'string',
|
|
required: true,
|
|
description: 'Securely hashed representation of the user\'s login password.',
|
|
protect: true,
|
|
example: '2$28a8eabna301089103-13948134nad'
|
|
},
|
|
|
|
firstName: {
|
|
type: 'string',
|
|
required: true,
|
|
description: 'The user\'s first name.',
|
|
maxLength: 120,
|
|
example: 'Mary'
|
|
},
|
|
|
|
lastName: {
|
|
type: 'string',
|
|
required: true,
|
|
description: 'The user\'s last name.',
|
|
maxLength: 120,
|
|
example: 'van der McHenst'
|
|
},
|
|
|
|
organization: {
|
|
type: 'string',
|
|
description: 'The organization the user works for.',
|
|
maxLength: 120,
|
|
example: 'The Sails Company',
|
|
},
|
|
|
|
isSuperAdmin: {
|
|
type: 'boolean',
|
|
description: 'Whether this user is a "super admin" with extra permissions, etc.',
|
|
extendedDescription:
|
|
`Super admins might have extra permissions, see a different default home page when they log in,
|
|
or even have a completely different feature set from normal users. In this app, the \`isSuperAdmin\`
|
|
flag is just here as a simple way to represent two different kinds of users. Usually, it's a good idea
|
|
to keep the data model as simple as possible, only adding attributes when you actually need them for
|
|
features being built right now.
|
|
|
|
For example, a "super admin" user for a small to medium-sized e-commerce website might be able to
|
|
change prices, deactivate seasonal categories, add new offerings, and view live orders as they come in.
|
|
On the other hand, for an e-commerce website like Walmart.com that has undergone years of development
|
|
by a large team, those administrative features might be split across a few different roles.
|
|
|
|
So, while this \`isSuperAdmin\` demarcation might not be the right approach forever, it's a good place to start.`
|
|
},
|
|
|
|
passwordResetToken: {
|
|
type: 'string',
|
|
description: 'A unique token used to verify the user\'s identity when recovering a password. Expires after 1 use, or after a set amount of time has elapsed.'
|
|
},
|
|
|
|
passwordResetTokenExpiresAt: {
|
|
type: 'number',
|
|
description: 'A JS timestamp (epoch ms) representing the moment when this user\'s `passwordResetToken` will expire (or 0 if the user currently has no such token).',
|
|
example: 1502844074211
|
|
},
|
|
|
|
emailProofToken: {
|
|
type: 'string',
|
|
description: 'A pseudorandom, probabilistically-unique token for use in our account verification emails.'
|
|
},
|
|
|
|
emailProofTokenExpiresAt: {
|
|
type: 'number',
|
|
description: 'A JS timestamp (epoch ms) representing the moment when this user\'s `emailProofToken` will expire (or 0 if the user currently has no such token).',
|
|
example: 1502844074211
|
|
},
|
|
|
|
stripeCustomerId: {
|
|
type: 'string',
|
|
protect: true,
|
|
description: 'The id of the customer entry in Stripe associated with this user (or empty string if this user is not linked to a Stripe customer -- e.g. if billing features are not enabled).',
|
|
extendedDescription:
|
|
`Just because this value is set doesn't necessarily mean that this user has a billing card.
|
|
It just means they have a customer entry in Stripe, which might or might not have a billing card.`
|
|
},
|
|
|
|
hasBillingCard: {
|
|
type: 'boolean',
|
|
description: 'Whether this user has a default billing card hooked up as their payment method.',
|
|
extendedDescription:
|
|
`More specifically, this indcates whether this user record's linked customer entry in Stripe has
|
|
a default payment source (i.e. credit card). Note that a user have a \`stripeCustomerId\`
|
|
without necessarily having a billing card.`
|
|
},
|
|
|
|
billingCardBrand: {
|
|
type: 'string',
|
|
example: 'Visa',
|
|
description: 'The brand of this user\'s default billing card (or empty string if no billing card is set up).',
|
|
extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
|
|
},
|
|
|
|
billingCardLast4: {
|
|
type: 'string',
|
|
example: '4242',
|
|
description: 'The last four digits of the card number for this user\'s default billing card (or empty string if no billing card is set up).',
|
|
extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
|
|
},
|
|
|
|
billingCardExpMonth: {
|
|
type: 'string',
|
|
example: '08',
|
|
description: 'The two-digit expiration month from this user\'s default billing card, formatted as MM (or empty string if no billing card is set up).',
|
|
extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
|
|
},
|
|
|
|
billingCardExpYear: {
|
|
type: 'string',
|
|
example: '2023',
|
|
description: 'The four-digit expiration year from this user\'s default billing card, formatted as YYYY (or empty string if no credit card is set up).',
|
|
extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
|
|
},
|
|
|
|
tosAcceptedByIp: {
|
|
type: 'string',
|
|
description: 'The IP (ipv4) address of the request that accepted the terms of service.',
|
|
extendedDescription: 'Useful for certain types of businesses and regulatory requirements (KYC, etc.)',
|
|
moreInfoUrl: 'https://en.wikipedia.org/wiki/Know_your_customer'
|
|
},
|
|
|
|
lastSeenAt: {
|
|
type: 'number',
|
|
description: 'A JS timestamp (epoch ms) representing the moment at which this user most recently interacted with the backend while logged in (or 0 if they have not interacted with the backend at all yet).',
|
|
example: 1502844074211
|
|
},
|
|
|
|
fleetSandboxURL: {
|
|
type: 'string',
|
|
description: 'The URL of the Fleet sandbox instance that was provisioned for this user',
|
|
example: 'https://billybobcat.sandbox.fleetdm.com',
|
|
},
|
|
|
|
fleetSandboxExpiresAt: {
|
|
type: 'number',
|
|
description: 'An JS timestamp (epoch ms) representing when this user\'s fleet sandbox instance will expire',
|
|
example: '1502844074211',
|
|
},
|
|
|
|
fleetSandboxDemoKey: {
|
|
type: 'string',
|
|
description: 'The UUID that is used as the password of this user\'s Fleet Sandbox instance that is generated when the user signs up. Only used to log the user into their Fleet Sandbox instance while it is still live.',
|
|
}
|
|
|
|
// ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗
|
|
// ║╣ ║║║╠╩╗║╣ ║║╚═╗
|
|
// ╚═╝╩ ╩╚═╝╚═╝═╩╝╚═╝
|
|
// n/a
|
|
|
|
// ╔═╗╔═╗╔═╗╔═╗╔═╗╦╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
// ╠═╣╚═╗╚═╗║ ║║ ║╠═╣ ║ ║║ ║║║║╚═╗
|
|
// ╩ ╩╚═╝╚═╝╚═╝╚═╝╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
// n/a
|
|
|
|
},
|
|
|
|
|
|
};
|