2 лет назад · 0827174e1c
--- a/apps/app/src/server/routes/apiv3/index.js
+++ b/apps/app/src/server/routes/apiv3/index.js
@@ -9,6 +9,7 @@ import * as registerFormValidator from '../../middlewares/register-form-validato
 
				 import g2gTransfer from './g2g-transfer';
			
 
				 import importRoute from './import';
			
 
				 import pageListing from './page-listing';
			
 
				+import securitySettings from './security-settings';
			
 
				 import * as userActivation from './user-activation';
			
 
				 
			
 
				 const logger = loggerFactory('growi:routes:apiv3'); // eslint-disable-line no-unused-vars
			
@@ -38,7 +39,7 @@ module.exports = (crowi, app) => {
 
				   routerForAdmin.use('/export', require('./export')(crowi));
			
 
				   routerForAdmin.use('/import', importRoute(crowi));
			
 
				   routerForAdmin.use('/search', require('./search')(crowi));
			
 
				-  routerForAdmin.use('/security-setting', require('./security-setting')(crowi));
			
 
				+  routerForAdmin.use('/security-setting', securitySettings(crowi));
			
 
				   routerForAdmin.use('/mongo', require('./mongo')(crowi));
			
 
				   routerForAdmin.use('/slack-integration-settings', require('./slack-integration-settings')(crowi));
			
 
				   routerForAdmin.use('/slack-integration-legacy-settings', require('./slack-integration-legacy-settings')(crowi));
			
--- a/apps/app/src/server/routes/apiv3/security-settings/checkAllSetupStrategiesHasAdmin.ts
+++ b/apps/app/src/server/routes/apiv3/security-settings/checkAllSetupStrategiesHasAdmin.ts
@@ -0,0 +1,41 @@
 
				+import Crowi from '~/server/crowi';
			
 
				+
			
 
				+const checkAuthStrategyHasAdmin = (async(crowi: Crowi, strategy: string): Promise<boolean> => {
			
 
				+  const ExternalAccount = crowi.model('ExternalAccount');
			
 
				+  const User = crowi.model('User');
			
 
				+
			
 
				+  if (strategy === 'local') {
			
 
				+    // Get all local admin accounts and filter local admins that are not in external accounts
			
 
				+    const localAdmins = await User.aggregate([
			
 
				+      { $match: { admin: true, status: User.STATUS_ACTIVE } },
			
 
				+      {
			
 
				+        $lookup: {
			
 
				+          from: 'externalaccounts',
			
 
				+          localField: '_id',
			
 
				+          foreignField: 'user',
			
 
				+          as: 'externalAccounts',
			
 
				+        },
			
 
				+      },
			
 
				+      { $match: { externalAccounts: [] } },
			
 
				+    ]).exec();
			
 
				+    return localAdmins.length > 0;
			
 
				+  }
			
 
				+
			
 
				+  const externalAccounts = await ExternalAccount.find({ providerType: strategy })
			
 
				+    .populate('user', null, { admin: true, status: User.STATUS_ACTIVE })
			
 
				+    .exec();
			
 
				+
			
 
				+  const hasAdmin = externalAccounts.some(account => account.user !== null);
			
 
				+
			
 
				+  return hasAdmin;
			
 
				+});
			
 
				+
			
 
				+
			
 
				+export const checkAllSetupStrategiesHasAdmin = (async(crowi: Crowi, setupStrategies: string[]): Promise<boolean> => {
			
 
				+  const results = await Promise.all(setupStrategies.map(async(strategy) => {
			
 
				+    const hasAdmin = await checkAuthStrategyHasAdmin(crowi, strategy);
			
 
				+    return hasAdmin;
			
 
				+  }));
			
 
				+
			
 
				+  return results.some(hasAdmin => hasAdmin);
			
 
				+});
			
--- a/apps/app/src/server/routes/apiv3/security-settings/index.js
+++ b/apps/app/src/server/routes/apiv3/security-settings/index.js
@@ -2,12 +2,13 @@ import { ErrorV3 } from '@growi/core';
 
				 
			
 
				 import { SupportedAction } from '~/interfaces/activity';
			
 
				 import { PageDeleteConfigValue } from '~/interfaces/page-delete-config';
			
 
				+import { generateAddActivityMiddleware } from '~/server/middlewares/add-activity';
			
 
				+import { apiV3FormValidator } from '~/server/middlewares/apiv3-form-validator';
			
 
				 import { configManager } from '~/server/service/config-manager';
			
 
				 import loggerFactory from '~/utils/logger';
			
 
				 import { validateDeleteConfigs, prepareDeleteConfigValuesForCalc } from '~/utils/page-delete-config';
			
 
				 
			
 
				-import { generateAddActivityMiddleware } from '../../middlewares/add-activity';
			
 
				-import { apiV3FormValidator } from '../../middlewares/apiv3-form-validator';
			
 
				+import { checkAllSetupStrategiesHasAdmin } from './checkAllSetupStrategiesHasAdmin';
			
 
				 
			
 
				 
			
 
				 const logger = loggerFactory('growi:routes:apiv3:security-setting');
			
@@ -309,8 +310,8 @@ const validator = {
 
				  *            description: local account automatically linked the email matched
			
 
				  */
			
 
				 module.exports = (crowi) => {
			
 
				-  const loginRequiredStrictly = require('../../middlewares/login-required')(crowi);
			
 
				-  const adminRequired = require('../../middlewares/admin-required')(crowi);
			
 
				+  const loginRequiredStrictly = require('~/server/middlewares/login-required')(crowi);
			
 
				+  const adminRequired = require('~/server/middlewares/admin-required')(crowi);
			
 
				   const addActivity = generateAddActivityMiddleware(crowi);
			
 
				 
			
 
				   const activityEvent = crowi.event('activity');
			
@@ -477,8 +478,6 @@ module.exports = (crowi) => {
 
				   // eslint-disable-next-line max-len
			
 
				   router.put('/authentication/enabled', loginRequiredStrictly, adminRequired, addActivity, validator.authenticationSetting, apiV3FormValidator, async(req, res) => {
			
 
				     const { isEnabled, authId } = req.body;
			
 
				-    const ExternalAccount = crowi.model('ExternalAccount');
			
 
				-    const User = crowi.model('User');
			
 
				 
			
 
				     let setupStrategies = await crowi.passportService.getSetupStrategies();
			
 
				 
			
@@ -491,44 +490,8 @@ module.exports = (crowi) => {
 
				       return res.apiv3Err(new ErrorV3('Can not turn everything off'), 405);
			
 
				     }
			
 
				 
			
 
				-    async function checkAuthStrategyHasAdmin(strategy) {
			
 
				-      if (strategy === 'local') {
			
 
				-        // Get all local admin accounts and filter local admins that are not in external accounts
			
 
				-        const localAdmins = await User.aggregate([
			
 
				-          { $match: { admin: true, status: User.STATUS_ACTIVE } },
			
 
				-          {
			
 
				-            $lookup: {
			
 
				-              from: 'externalaccounts',
			
 
				-              localField: '_id',
			
 
				-              foreignField: 'user',
			
 
				-              as: 'externalAccounts',
			
 
				-            },
			
 
				-          },
			
 
				-          { $match: { externalAccounts: [] } },
			
 
				-        ]).exec();
			
 
				-        return localAdmins.length > 0;
			
 
				-      }
			
 
				-
			
 
				-      const externalAccounts = await ExternalAccount.find({ providerType: strategy })
			
 
				-        .populate('user', null, { admin: true, status: User.STATUS_ACTIVE })
			
 
				-        .exec();
			
 
				-
			
 
				-      const hasAdmin = externalAccounts.some(account => account.user !== null);
			
 
				-
			
 
				-      return hasAdmin;
			
 
				-    }
			
 
				-
			
 
				-    async function checkAllSetupStrategiesHasAdmin() {
			
 
				-      const results = await Promise.all(setupStrategies.map(async(strategy) => {
			
 
				-        const hasAdmin = await checkAuthStrategyHasAdmin(strategy);
			
 
				-        return hasAdmin;
			
 
				-      }));
			
 
				-
			
 
				-      return results.some(hasAdmin => hasAdmin);
			
 
				-    }
			
 
				-
			
 
				     if (!isEnabled) {
			
 
				-      const isSetupStrategiesHasAdmin = await checkAllSetupStrategiesHasAdmin();
			
 
				+      const isSetupStrategiesHasAdmin = await checkAllSetupStrategiesHasAdmin(crowi, setupStrategies);
			
 
				 
			
 
				       // Return an error when disabling an strategy when there are no setup strategies with admin-enabled login
			
 
				       if (!isSetupStrategiesHasAdmin) {