Merge branch 'main' into snyk-upgrade-55e69c54c9c39d7d899989cefd7e2b1a

curveball · Oct 9, 2024 · c3c2758 · c3c2758
2 parents de3f0eb + b7a56bf
commit c3c2758
Show file tree

Hide file tree

Showing 9 changed files with 37 additions and 25 deletions.
diff --git a/changelog.md b/changelog.md
@@ -5,6 +5,8 @@ Changelog
 -------------------
 
 * Stricter validation on the 'Create App Client Form.'
+* Looks for database in 'public' searchPath in Postgres. (@Zen-cronic)
+* Fix internal error on user/id route in Postgres. (@Zen-cronic)
 
 
 0.26.2 (2024-08-30)

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -69,9 +69,9 @@
     "eff-diceware-passphrase": "^3.0.0",
     "geoip-lite": "^1.0.10",
     "handlebars": "^4.7.7",
-    "jose": "^5.1.0",
+    "jose": "^5.9.2",
     "knex": "^3.0.1",
-    "mysql2": "^3.10.2",
+    "mysql2": "^3.11.2",
     "nodemailer": "^6.9.15",
     "otplib": "^12.0.1",
     "pg": "^8.7.1",

diff --git a/src/changepassword/controller.ts b/src/changepassword/controller.ts
@@ -10,9 +10,9 @@ class ChangePasswordController extends Controller {
 
   async get(ctx: Context) {
 
+    const csrfToken = await ctx.getCsrf();
     ctx.response.type = 'text/html';
-    ctx.response.body = changePasswordForm(ctx.query.msg, ctx.query.error);
-
+    ctx.response.body = changePasswordForm(ctx.query.msg, ctx.query.error, csrfToken);
   }
 
   async post(ctx: Context<any>) {

diff --git a/src/changepassword/formats/html.ts b/src/changepassword/formats/html.ts
@@ -1,12 +1,13 @@
 import { render } from '../../templates.js';
 
-export function changePasswordForm(msg: string, error: string) {
+export function changePasswordForm(msg: string, error: string, csrfToken: string) {
 
   return render('changepassword', {
     title: 'Change Password',
     msg: msg,
     error: error,
     action: '/change-password',
+    csrfToken: csrfToken,
   });
 
 }
diff --git a/src/database.ts b/src/database.ts
@@ -132,6 +132,7 @@ export function getSettings(): Knex.Config {
         searchPath = [
           connection.user as string,
           connection.database as string,
+          'public',
         ];
         break;
       case 'mysql' :

diff --git a/src/principal-identity/service.ts b/src/principal-identity/service.ts
@@ -124,9 +124,9 @@ function recordToModel(principal: Principal, record: PrincipalIdentitiesRecord):
     externalId: record.external_id,
     label: record.label,
     isPrimary: !!record.is_primary,
-    verifiedAt: record.verified_at ? new Date(record.verified_at) : null,
-    createdAt: new Date(record.created_at),
-    modifiedAt: new Date(record.modified_at),
+    verifiedAt: record.verified_at ? new Date(+record.verified_at) : null,
+    createdAt: new Date(+record.created_at),
+    modifiedAt: new Date(+record.modified_at),
   };
 
 }
diff --git a/src/principal/service.ts b/src/principal/service.ts
@@ -411,8 +411,8 @@ function recordToModel(user: PrincipalsRecord): Principal {
     href: `/${userTypeIntToUserType(user.type)}/${user.external_id}`,
     externalId: user.external_id,
     nickname: user.nickname!,
-    createdAt: new Date(user.created_at),
-    modifiedAt: new Date(user.modified_at),
+    createdAt: new Date(+user.created_at),
+    modifiedAt: new Date(+user.modified_at),
     type: userTypeIntToUserType(user.type),
     active: !!user.active,
     system: !!user.system,

diff --git a/templates/changepassword.hbs b/templates/changepassword.hbs
@@ -26,6 +26,8 @@
     <p class="form-options"><a href="/">Cancel</a></p>
   </fieldset>
 
+  <input type="hidden" name="csrf-token" value="{{ csrfToken }}" />
+
   {{#each hiddenFields}}
   <input type="hidden" name="{{@key}}" value="{{this}}" />
   {{/each}}