Merge pull request #1576 from akto-api-security/hotfix/remove_email_f…

…rom_welcom remove email request param from welcom detail api
akto-api-security · Oct 1, 2024 · 6a2a613 · 6a2a613
2 parents 8501bb2 + 1736c03
commit 6a2a613
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 24 deletions.
diff --git a/apps/dashboard/src/main/java/com/akto/action/DashboardAction.java b/apps/dashboard/src/main/java/com/akto/action/DashboardAction.java
@@ -250,19 +250,16 @@ public String markConnectionAsSkipped(){
         }
     }
 
-    private String email;
     private String username;
     private String organization;
     private final Pattern usernamePattern = Pattern.compile("^[\\w\\s-]{1,}$");
     private final Pattern organizationPattern = Pattern.compile("^[\\w\\s.&-]{1,}$");
     public String updateUsernameAndOrganization() {
-        this.setUsername(username.trim());
-        this.setOrganization(organization.trim());
-
-        if(username.isEmpty()) {
+        if(username == null || username.trim().isEmpty()) {
             addActionError("Username cannot be empty");
             return Action.ERROR.toUpperCase();
         }
+        this.setUsername(username.trim());
 
         if(!usernamePattern.matcher(username).matches()) {
             addActionError("Username is not valid");
@@ -274,18 +271,28 @@ public String updateUsernameAndOrganization() {
             return Action.ERROR.toUpperCase();
         }
 
+        User userFromSession = getSUser();
+        if (userFromSession == null) {
+            addActionError("Invalid user");
+            return Action.ERROR.toUpperCase();
+        }
+
+        String email = userFromSession.getLogin();
+
         User user = UsersDao.instance.updateOneNoUpsert(Filters.in(User.LOGIN, email), Updates.combine(
                 Updates.set(User.NAME, username),
                 Updates.set(User.NAME_LAST_UPDATE, Context.now())
         ));
         RBAC.Role currentRoleForUser = RBACDao.getCurrentRoleForUser(user.getId(), Context.accountId.get());
 
-        if(currentRoleForUser.getName().equals(RBAC.Role.ADMIN.getName())) {
-            if(organization.isEmpty()) {
+        if(currentRoleForUser != null && currentRoleForUser.getName().equals(RBAC.Role.ADMIN.getName())) {
+            if(organization == null || organization.trim().isEmpty()) {
                 addActionError("Organization cannot be empty");
                 return Action.ERROR.toUpperCase();
             }
 
+            setOrganization(organization.trim());
+
             if(!organizationPattern.matcher(organization).matches()) {
                 addActionError("Organization is not valid");
                 return Action.ERROR.toUpperCase();
@@ -389,14 +396,6 @@ public List<HistoricalData> getInitialHistoricalData() {
         return initialHistoricalData;
     }
 
-    public String getEmail() {
-        return email;
-    }
-
-    public void setEmail(String email) {
-        this.email = email;
-    }
-
     public String getUsername() {
         return username;
     }

diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/WelcomeBackDetailsModal.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/WelcomeBackDetailsModal.jsx
@@ -6,8 +6,8 @@ import homeRequests from "../pages/home/api"
 const WelcomeBackDetailsModal = ({ isAdmin }) => {
     const [modalToggle, setModalToggle] = useState(true)
 
-    const [username, setUsername] = useState(window.USER_FULL_NAME)
-    const [organization, setOrganization] = useState(window.ORGANIZATION_NAME)
+    const [username, setUsername] = useState(window.USER_FULL_NAME || "")
+    const [organization, setOrganization] = useState(window.ORGANIZATION_NAME || "")
 
     const handleWelcomeBackDetails = async () => {
 
@@ -18,9 +18,7 @@ const WelcomeBackDetailsModal = ({ isAdmin }) => {
             return
         }
 
-        const email = window.USER_NAME
-
-        homeRequests.updateUsernameAndOrganization(email ,username, organization).then((resp) => {
+        homeRequests.updateUsernameAndOrganization(username, organization).then((resp) => {
             try {
                 setModalToggle(false)
             } catch (error) {

diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/Dashboard.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/Dashboard.jsx
@@ -165,13 +165,13 @@ function Dashboard() {
 
     },[])
 
-    const shouldShowWelcomeBackModal = !func.checkLocal() && (window?.USER_FULL_NAME?.length === 0 || (window.USER_ROLE === 'ADMIN' && window.ORGANIZATION_NAME?.length === 0))
+    // const shouldShowWelcomeBackModal = !func.checkLocal() && window?.USER_NAME?.length > 0 && (window?.USER_FULL_NAME?.length === 0 || (window?.USER_ROLE === 'ADMIN' && window?.ORGANIZATION_NAME?.length === 0))
 
     return (
         <div className="dashboard">
         <Frame>
             <Outlet />
-            {shouldShowWelcomeBackModal && <WelcomeBackDetailsModal isAdmin={window.USER_ROLE === 'ADMIN'} />}
+            {/* {shouldShowWelcomeBackModal && <WelcomeBackDetailsModal isAdmin={window.USER_ROLE === 'ADMIN'} />} */}
             {toastMarkup}
             {ConfirmationModalMarkup}
             {displayItems.length > 0 ? <div className="alerts-banner">

diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/home/api.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/home/api.js
@@ -30,11 +30,11 @@ const homeRequests = {
             data: {}
         })
     },
-    updateUsernameAndOrganization: async(email, username, organization) => {
+    updateUsernameAndOrganization: async(username, organization) => {
         return await request({
             url: 'api/updateUsernameAndOrganization',
             method: 'post',
-            data: {email, username, organization}
+            data: { username, organization}
         })
     }
 }