From 94bc2fed8b16777394e6e3825aa7eef7b70dda81 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Tue, 11 Jun 2024 09:47:42 +0200
Subject: [PATCH 01/39] bump to 5.0.3 and fix decode

---
 CHANGELOG.md                   | 4 ++++
 client/package.json            | 2 +-
 server/package.json            | 2 +-
 server/src/models/job.model.js | 2 +-
 server/src/swagger.json        | 2 +-
 5 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2fc75267..a4bb8b2d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+-   Vault credentials, alpine requires decode -d instead --decode
+
 ## [5.0.2] - 2024-06-10
 
 ### Adding
diff --git a/client/package.json b/client/package.json
index 4ec63ac4..f61e0c28 100644
--- a/client/package.json
+++ b/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ansible_forms_vue",
-  "version": "5.0.2",
+  "version": "5.0.3",
   "private": true,
   "scripts": {
     "serve": "vue-cli-service serve",
diff --git a/server/package.json b/server/package.json
index fea12980..b8b11193 100644
--- a/server/package.json
+++ b/server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ansible_forms",
-  "version": "5.0.2",
+  "version": "5.0.3",
   "repository": {
     "type": "git",
     "url": "git://github.com/ansibleguy76/ansibleforms.git"
diff --git a/server/src/models/job.model.js b/server/src/models/job.model.js
index 95fb362e..53d9c271 100644
--- a/server/src/models/job.model.js
+++ b/server/src/models/job.model.js
@@ -953,7 +953,7 @@ Ansible.launch=async (ev,credentials,jobid,counter,approval,approved=false)=>{
   if(!vaultPassword){
     command = `ansible-playbook -e '@${extravarsFileName}' -e '@${hiddenExtravarsFileName}'`
   }else{
-    command = `echo ${Buffer.from(vaultPassword).toString('base64')} | base64 --decode | ansible-playbook -e '@${extravarsFileName}' -e '@${hiddenExtravarsFileName}' --vault-password-file=/bin/cat`
+    command = `echo ${Buffer.from(vaultPassword).toString('base64')} | base64 -d | ansible-playbook -e '@${extravarsFileName}' -e '@${hiddenExtravarsFileName}' --vault-password-file=/bin/cat`
   }
 
   inventory.forEach((item, i) => {  command += ` -i '${item}'` });
diff --git a/server/src/swagger.json b/server/src/swagger.json
index 660236bb..5237031b 100644
--- a/server/src/swagger.json
+++ b/server/src/swagger.json
@@ -2,7 +2,7 @@
   "swagger": "2.0",
   "info": {
     "description": "This is the swagger interface for AnsibleForms.\r\nUse the `/auth/login` api with basic authentication to obtain a JWT token.\r\nThen use the access token, prefixed with the word '**Bearer**' to use all other api's.\r\nNote that the access token is limited in time.  You can then either login again and get a new set of tokens or use the `/token` api and the refresh token to obtain a new set (preferred).",
-    "version": "5.0.2",
+    "version": "5.0.3",
     "title": "AnsibleForms",
     "contact": {
       "email": "info@ansibleforms.com"

From 7d1b0072f7e386aae7d96a8bde3043f61809e844 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Tue, 18 Jun 2024 08:21:55 +0200
Subject: [PATCH 02/39] improved schema check and error messages

---
 client/src/views/Schema.vue                 | 11 +++-
 server/src/controllers/schema.controller.js |  4 +-
 server/src/init/index.js                    | 67 +++++++++++++++++----
 server/src/models/schema.model.js           | 26 +++++---
 4 files changed, 84 insertions(+), 24 deletions(-)

diff --git a/client/src/views/Schema.vue b/client/src/views/Schema.vue
index 19ff0422..3650e16b 100644
--- a/client/src/views/Schema.vue
+++ b/client/src/views/Schema.vue
@@ -7,7 +7,7 @@
             <div class="notification is-danger" v-if="error!=''" v-text="error"></div>
             <div class="notification is-success" v-if="success" v-html="success"></div>
             <div class="notification is-warning" v-if="failed" v-html="failed"></div>
-            <form action="" class="box" v-if="error!='FATAL ERROR' && error!=''">
+            <form action="" class="box" v-if="error!='FATAL ERROR' && error!='' && success==''">
               <div class="content">
                 If this is the first time setup and you don't have your own schema and tables.<br><br>
                 Would you like me to try and create the schema and tables ?<br>
@@ -28,6 +28,13 @@
                 </button>
               </div>
             </form>
+            <form action="" class="box" v-else>
+              <div class="content">
+                It appears that you have an unuseable schema.  Part of the tables is present, and part is missing.<br>
+                Please contact your database or application administrator to either restore from a backup, or create the missing tables.  
+                For now there is nothing I can do for you, until the schema and tables are in a consistent state.
+              </div>
+            </form>            
             <div v-if="error=='FATAL ERROR'" class="box">
               <div class="content">
                 Something went wrong.  Most likely the database is simply not reachable.   
@@ -67,7 +74,7 @@
         },
         failed(){
           if(Array.isArray(this.errorData.error)){
-            return this.errorData.error.map((e)=>{return e.message}).join('<br>')
+            return this.errorData.error.join('<br>')
           }else {
             return this.errorData.error
           }
diff --git a/server/src/controllers/schema.controller.js b/server/src/controllers/schema.controller.js
index 8d2b1809..49fe6077 100644
--- a/server/src/controllers/schema.controller.js
+++ b/server/src/controllers/schema.controller.js
@@ -1,11 +1,13 @@
 'use strict';
 const Schema = require('../models/schema.model');
 var RestResult = require('../models/restResult.model');
+var util = require('util');
 
 exports.hasSchema = function(req, res) {
     Schema.hasSchema()
       .then((result)=>{ res.json(new RestResult("success","schema and tables are ok",result.data?.success,result.data?.failed)) })
-      .catch((result)=>{ 
+      .catch((err)=>{ 
+        var result = err.result // we check if the error has a result
         if(!result?.data){
           res.json(new RestResult("error","FATAL ERROR",[],[result.message])) 
         }else{
diff --git a/server/src/init/index.js b/server/src/init/index.js
index d0427c48..cf7474ac 100644
--- a/server/src/init/index.js
+++ b/server/src/init/index.js
@@ -4,28 +4,69 @@ async function init(){
   var Ssh = require('../models/ssh.model');
   var Form = require('../models/form.model');
   var Job = require('../models/job.model');
+  var Schema = require('../models/schema.model');
   const mysql=require("../models/db.model");
   const Repository = require('../models/repository.model');
   const parser = require("cron-parser")
   const dayjs = require("dayjs")
+  const util = require('util')
 
-    // this is at startup, don't start the app until mysql is ready
-    // rewrite with await
-    console.log("Waiting for mysql to start")
-    async function sleep(millis) {
-      return new Promise(resolve => setTimeout(resolve, millis));
+  // this is at startup, don't start the app until mysql is ready
+  // rewrite with await
+  logger.info("Waiting for mysql to start")
+  async function sleep(millis) {
+    return new Promise(resolve => setTimeout(resolve, millis));
+  }
+  var MYSQL_IS_READY = false
+  while(!MYSQL_IS_READY){
+    try{
+      await mysql.do("SELECT 1")
+      MYSQL_IS_READY = true
+    }catch(e){
+      logger.log("Mysql not ready yet")
+      await sleep(5000)
     }
-    var MYSQL_IS_READY = false
-    while(!MYSQL_IS_READY){
-      try{
-        await mysql.do("SELECT 1")
-        MYSQL_IS_READY = true
-      }catch(e){
-        console.log("Mysql not ready yet")
-        await sleep(5000)
+  }
+
+  logger.info("Mysql is ready")
+
+  // check Schema
+  try{
+    var schemaresult = await Schema.hasSchema()
+    if(schemaresult.data.failed.length>0){
+      logger.warning("Schema is not up to date")
+      for(let i=0;i<schemaresult.data.success.length;i++){
+        logger.info(schemaresult.data.success[i])
+      }
+      for(let i=0;i<schemaresult.data.failed.length;i++){
+        logger.error(schemaresult.data.failed[i])
+      }
+    }else{
+      logger.info("Schema is up to date")
+      // for(let i=0;i<schemaresult.data.success.length;i++){
+      //   logger.info(schemaresult.data.success[i])
+      // }      
+    }
+
+  }catch(err){
+    var result = err.result
+    if(result?.data){
+      if(result.data.failed.length>0){
+        for(let i=0;i<result.data.success.length;i++){
+          logger.info(result.data.success[i])
+        }
+        for(let i=0;i<result.data.failed.length;i++){
+          logger.error(result.data.failed[i])
+        }
       }
+    }else{
+      logger.error("Fatal error : " + err)
+      throw err
     }
 
+  }
+
+
   Ssh.generate(false)
     .catch((err)=>{
       logger.warning("Failed to generate ssh keys : " + err)
diff --git a/server/src/models/schema.model.js b/server/src/models/schema.model.js
index ddc1156f..8139de92 100644
--- a/server/src/models/schema.model.js
+++ b/server/src/models/schema.model.js
@@ -2,6 +2,7 @@
 const bcrypt = require('bcrypt');
 const logger=require("../lib/logger");
 const mysql = require("./db.model")
+const Helpers = require("../lib/common")
 const fs = require('fs');
 const NodeCache = require("node-cache")
 
@@ -13,8 +14,7 @@ const cache = new NodeCache({
 var Schema=function(){
 };
 function handleError(err){
-  logger.error(err.toString())
-  throw(err)
+  throw err
 }
 
 function checkSchema(){
@@ -31,7 +31,9 @@ function checkSchema(){
         }else{
           message=`Schema '${db}' is not present`
           logger.warning(message)
-          throw({message:message,data:{success:"",failed:message}})
+          var err = new Error(message)
+          err.result = {message:[message],data:{success:[],failed:[message]}}
+          throw err
         }
       }
     })
@@ -223,7 +225,7 @@ function checkTable(table){
       }else{
         message=`Table '${table}' is not present`
         logger.warning(message)
-        throw({message:message,data:{success:"",failed:message}})
+        throw new Error(message)
       }
     })
 
@@ -353,7 +355,7 @@ function checkAll(){
           if(x.status === "fulfilled")
             success.push(x.v)
           if(x.status === "rejected")
-            failed.push(x.e)
+            failed.push(x.e.message)
         })
         messages=messages.concat(success).concat(failed); // overal message
         if(failed.length==0){
@@ -367,10 +369,14 @@ function checkAll(){
           }).catch((res)=>{
             messages=messages.concat(res)
             failed=failed.concat(res)
-            throw({message:messages,data:{success:"",failed:failed}}) // throw failed
+            var err = new Error(messages.toString())
+            err.result = {message:messages,data:{success:[],failed:failed}}
+            throw err
           })
         }else {
-          throw({message:messages,data:{success:success,failed:failed}}) // throw failed
+          var err = new Error(messages.toString())
+          err.result = {message:messages,data:{success:success,failed:failed}}
+          throw err // throw failed
         }
       },
       handleError
@@ -383,14 +389,18 @@ Schema.create = function () {
   logger.notice(`Trying to create database schema 'AnsibleForms' and tables`)
   const buffer=fs.readFileSync(`${__dirname}/../db/create_schema_and_tables.sql`)
   const query=buffer.toString();
+  cache.del('result') // clear cache
   return mysql.do(query)
     .then((res)=>{
       if(res.length > 0){
         logger.notice(`Created schema 'AnsibleForms' and tables`)
         return `Created schema 'AnsibleForms' and tables`
       }else{
-        throw {message:`Failed to create schema 'AnsibleForms' and/or tables`,data:{success:"",failed:`Failed to create schema 'AnsibleForms' and/or tables`}}
+        var err = new Error(`Failed to create schema 'AnsibleForms' and/or tables`)
+        err.result = {message:[`Failed to create schema 'AnsibleForms' and/or tables`],data:{success:[],failed:[`Failed to create schema 'AnsibleForms' and/or tables`]}}
+        throw err
       }
+      
     })
 };
 

From 5e6dd3e86245fcb6a4ab73bb7e34533da1102b68 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Tue, 18 Jun 2024 09:06:30 +0200
Subject: [PATCH 03/39] allow disabling schema creation

---
 client/src/views/Schema.vue                 | 62 ++++++++++++---------
 docs/_data/help.yaml                        | 16 ++++++
 server/config/app.config.js                 |  1 +
 server/src/controllers/schema.controller.js |  7 ++-
 server/src/models/schema.model.js           | 37 ++++++------
 5 files changed, 78 insertions(+), 45 deletions(-)

diff --git a/client/src/views/Schema.vue b/client/src/views/Schema.vue
index 3650e16b..afa5e9c7 100644
--- a/client/src/views/Schema.vue
+++ b/client/src/views/Schema.vue
@@ -7,34 +7,42 @@
             <div class="notification is-danger" v-if="error!=''" v-text="error"></div>
             <div class="notification is-success" v-if="success" v-html="success"></div>
             <div class="notification is-warning" v-if="failed" v-html="failed"></div>
-            <form action="" class="box" v-if="error!='FATAL ERROR' && error!='' && success==''">
+            <div v-if="error!='Schema creation is disabled'">
+              <form action="" class="box" v-if="error!='FATAL ERROR' && error!='' && success==''">
+                <div class="content">
+                  If this is the first time setup and you don't have your own schema and tables.<br><br>
+                  Would you like me to try and create the schema and tables ?<br>
+                  I would create the following : <br><br>
+                  <table class="table is-bordered is-striped">
+                    <tbody>
+                      <tr><th>Databaseschema</th><td>AnsibleForms</td></tr>
+                      <tr><th>Tables</th><td>All required tables</td></tr>
+                      <tr><th>Users</th><td>admin (pw = AnsibleForms!123)</td></tr>
+                      <tr><th>Groups</th><td>admins</td></tr>
+                      
+                    </tbody>
+                  </table>
+                </div>
+                <div class="field">
+                  <button class="button is-success" @click="create()">
+                    <span class="icon"><font-awesome-icon icon="magic" /></span><span>Create</span>
+                  </button>
+                </div>
+              </form>
+              <form action="" class="box" v-else>
+                <div class="content">
+                  It appears that you have an unuseable schema.  Part of the tables is present, and part is missing.<br>
+                  Please contact your database or application administrator to either restore from a backup, or create the missing tables.  
+                  For now there is nothing I can do for you, until the schema and tables are in a consistent state.
+                </div>
+              </form>
+            </div>
+            <div v-else class="box">
               <div class="content">
-                If this is the first time setup and you don't have your own schema and tables.<br><br>
-                Would you like me to try and create the schema and tables ?<br>
-                I would create the following : <br><br>
-                <table class="table is-bordered is-striped">
-                  <tbody>
-                    <tr><th>Databaseschema</th><td>AnsibleForms</td></tr>
-                    <tr><th>Tables</th><td>All required tables</td></tr>
-                    <tr><th>Users</th><td>admin (pw = AnsibleForms!123)</td></tr>
-                    <tr><th>Groups</th><td>admins</td></tr>
-                    
-                  </tbody>
-                </table>
-              </div>
-              <div class="field">
-                <button class="button is-success" @click="create()">
-                  <span class="icon"><font-awesome-icon icon="magic" /></span><span>Create</span>
-                </button>
-              </div>
-            </form>
-            <form action="" class="box" v-else>
-              <div class="content">
-                It appears that you have an unuseable schema.  Part of the tables is present, and part is missing.<br>
-                Please contact your database or application administrator to either restore from a backup, or create the missing tables.  
-                For now there is nothing I can do for you, until the schema and tables are in a consistent state.
-              </div>
-            </form>            
+                Schema creation is disabled by your administrator.<br>
+                Please contact your database or application administrator to create the schema and tables.
+              </div>   
+            </div>
             <div v-if="error=='FATAL ERROR'" class="box">
               <div class="content">
                 Something went wrong.  Most likely the database is simply not reachable.   
diff --git a/docs/_data/help.yaml b/docs/_data/help.yaml
index 36b53b39..bf4fad31 100644
--- a/docs/_data/help.yaml
+++ b/docs/_data/help.yaml
@@ -103,6 +103,22 @@
     default: https://graph.microsoft.com
     description: |
       This variable is used to acquire data from the Azure AD api.      
+  - name: ALLOW_SCHEMA_CREATION
+    type: number
+    choices:
+    - name: 0
+      description: Disables schema creation
+    - name: 1
+      description: Enables schema creation
+    default: 1    
+    short: Enable the schema creation
+    description: | 
+      When you start Ansible Forms for the first time and there is no database, Ansible Forms will present you the option to create the schema. 
+      Although this is fairly handy, you might want to disable this option to prevent accidental schema re-creation.  
+      Also note that if you use the docker-compose solution, the database is created as part of the Mysql initialization.  
+      If you use a different database, you might want to enable this option, to at the very least create the schema the very first time.  
+      If you want to disable this option, set this variable to 0.
+    version: 5.0.3      
   - name: SHOW_DESIGNER
     type: number
     choices:
diff --git a/server/config/app.config.js b/server/config/app.config.js
index 50b26067..d2c9844c 100644
--- a/server/config/app.config.js
+++ b/server/config/app.config.js
@@ -5,6 +5,7 @@ var app_config = {
   baseUrl: process.env.BASE_URL || "/",
   nodeEnvironment: process.env.NODE_ENV || "production",
   showDesigner: (process.env.SHOW_DESIGNER ?? 1)==1,
+  allowSchemaCreation: (process.env.ALLOW_SCHEMA_CREATION ?? 1)==1,
   formsPath: process.env.FORMS_PATH || path.resolve(__dirname + "/../persistent/forms.yaml"),
   useYtt: (process.env.USE_YTT ?? 0)==1,
   lockPath: process.env.LOCK_PATH || path.resolve(__dirname + "/../persistent/ansibleForms.lock"),
diff --git a/server/src/controllers/schema.controller.js b/server/src/controllers/schema.controller.js
index 49fe6077..ea373462 100644
--- a/server/src/controllers/schema.controller.js
+++ b/server/src/controllers/schema.controller.js
@@ -1,6 +1,7 @@
 'use strict';
 const Schema = require('../models/schema.model');
 var RestResult = require('../models/restResult.model');
+var Helpers = require('../lib/common')
 var util = require('util');
 
 exports.hasSchema = function(req, res) {
@@ -18,6 +19,8 @@ exports.hasSchema = function(req, res) {
 };
 exports.create = function(req, res) {
     Schema.create()
-      .then((result)=>{ res.json(new RestResult("success",result,null,""))})
-      .catch((err)=>{res.json(new RestResult("error",err.toString(),null,null))})
+      .then((result)=>{ res.json(new RestResult("success",result,null,"")) })
+      .catch((err)=>{
+        res.json(new RestResult("error",Helpers.getError(err),null,null))
+      })
 };
diff --git a/server/src/models/schema.model.js b/server/src/models/schema.model.js
index 8139de92..5de7a76c 100644
--- a/server/src/models/schema.model.js
+++ b/server/src/models/schema.model.js
@@ -3,6 +3,7 @@ const bcrypt = require('bcrypt');
 const logger=require("../lib/logger");
 const mysql = require("./db.model")
 const Helpers = require("../lib/common")
+const appConfig = require('../../config/app.config')
 const fs = require('fs');
 const NodeCache = require("node-cache")
 
@@ -329,7 +330,7 @@ function checkAll(){
   var resultobj=undefined
   resultobj=cache.get('result')  // get from cache, we only check the schema once (or once a day)
   if(resultobj){
-    logger.debug("Schema check from cache")
+    // logger.debug("Schema check from cache")
     return Promise.resolve(resultobj)
   }
   return checkSchema() // schema
@@ -387,21 +388,25 @@ Schema.hasSchema = function(){
 }
 Schema.create = function () {
   logger.notice(`Trying to create database schema 'AnsibleForms' and tables`)
-  const buffer=fs.readFileSync(`${__dirname}/../db/create_schema_and_tables.sql`)
-  const query=buffer.toString();
-  cache.del('result') // clear cache
-  return mysql.do(query)
-    .then((res)=>{
-      if(res.length > 0){
-        logger.notice(`Created schema 'AnsibleForms' and tables`)
-        return `Created schema 'AnsibleForms' and tables`
-      }else{
-        var err = new Error(`Failed to create schema 'AnsibleForms' and/or tables`)
-        err.result = {message:[`Failed to create schema 'AnsibleForms' and/or tables`],data:{success:[],failed:[`Failed to create schema 'AnsibleForms' and/or tables`]}}
-        throw err
-      }
-      
-    })
+  if(appConfig.allowSchemaCreation){ // added in 5.0.3
+    const buffer=fs.readFileSync(`${__dirname}/../db/create_schema_and_tables.sql`)
+    const query=buffer.toString();
+    cache.del('result') // clear cache
+    return mysql.do(query)
+      .then((res)=>{
+        if(res.length > 0){
+          logger.notice(`Created schema 'AnsibleForms' and tables`)
+          return `Created schema 'AnsibleForms' and tables`
+        }else{
+          var err = new Error(`Failed to create schema 'AnsibleForms' and/or tables`)
+          throw err
+        }
+        
+      })
+  }else{
+    var err = new Error(`Schema creation is disabled`)
+    return Promise.reject(err)
+  }
 };
 
 module.exports= Schema;

From d8f25f1847e22e378b8358b287633a1de70c0eaa Mon Sep 17 00:00:00 2001
From: Markus Daugs <markus.daugs@cgi.com>
Date: Thu, 20 Jun 2024 13:01:46 +0200
Subject: [PATCH 04/39] express router config in async context does not work
 properly

---
 server/src/configure.js | 239 ++++++++++++++++++++--------------------
 1 file changed, 119 insertions(+), 120 deletions(-)

diff --git a/server/src/configure.js b/server/src/configure.js
index 148a97ff..ce611858 100644
--- a/server/src/configure.js
+++ b/server/src/configure.js
@@ -25,6 +25,43 @@ const checkAdminMiddleware = require('./lib/common').checkAdminMiddleware
 
 // our personal app settings
 const appConfig = require('../config/app.config')
+const logger = require("./lib/logger");
+const schemaRoutes = require("./routes/schema.routes");
+const queryRoutes = require("./routes/query.routes");
+const expressionRoutes = require("./routes/expression.routes");
+const versionRoutes = require("./routes/version.routes");
+const installRoutes = require("./routes/install.routes");
+const lockRoutes = require("./routes/lock.routes");
+const helpRoutes = require("./routes/help.routes");
+const profileRoutes = require("./routes/profile.routes");
+const loginRoutes = require("./routes/login.routes");
+const tokenRoutes = require("./routes/token.routes");
+const jobRoutes = require("./routes/job.routes");
+const userRoutes = require("./routes/user.routes");
+const groupRoutes = require("./routes/group.routes");
+const ldapRoutes = require("./routes/ldap.routes");
+const azureadRoutes = require("./routes/azuread.routes");
+const oidcRoutes = require("./routes/oidc.routes");
+const settingsRoutes = require("./routes/settings.routes");
+const credentialRoutes = require("./routes/credential.routes");
+const sshRoutes = require("./routes/ssh.routes");
+const awxRoutes = require("./routes/awx.routes");
+const logRoutes = require("./routes/log.routes");
+const repositoryRoutes = require("./routes/repository.routes");
+const knownhostsRoutes = require("./routes/knownhosts.routes");
+const configRoutes = require("./routes/config.routes");
+
+// we use 4 authentications/authorization strategies
+// - basic : with username and password to get jwt tokens
+// - azure-ad-oauth2 : microsoft login
+// - oidc : open id connect
+// - jwt : to use the jwt tokens
+// passport (the auth lib used) is smart, if basic authentication headers are detected
+// then the basic authentication strategy kicks and the basic login procedure starts
+require('./auth/auth_basic');
+require('./auth/auth_jwt');
+const auth_azuread = require('./auth/auth_azuread');
+const auth_oidc = require('./auth/auth_oidc');
 
 // start the app
 module.exports = app => {
@@ -32,126 +69,88 @@ module.exports = app => {
   // first time run init
   // from now on, it's async => we wait for mysql to be ready
   const init = require('./init/')
-  init().then(()=>{
-
-    // passport
-    app.use(session({ 
-      secret: 'AnsibleForms',
-      resave: false,
-      saveUninitialized: true
-    }));
-    app.use(passport.initialize());
-    app.use(passport.session());
-
-    // we use 4 authentications/authorization strategies
-    // - basic : with username and password to get jwt tokens
-    // - azure-ad-oauth2 : microsoft login
-    // - oidc : open id connect
-    // - jwt : to use the jwt tokens
-    // passport (the auth lib used) is smart, if basic authentication headers are detected
-    // then the basic authentication strategy kicks and the basic login procedure starts
-    require('./auth/auth_basic');
-    require('./auth/auth_jwt');
-    const auth_azuread = require('./auth/auth_azuread');  
-    auth_azuread.initialize()
-
-    const auth_oidc = require('./auth/auth_oidc');
-    auth_oidc.initialize()
-
-    app.use(bodyParser.json({limit: '50mb'}));
-    app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
-
-    // import api routes
-    const awxRoutes = require('./routes/awx.routes')
-    const jobRoutes = require('./routes/job.routes')
-    const queryRoutes = require('./routes/query.routes')
-    const expressionRoutes = require('./routes/expression.routes')
-    const userRoutes = require('./routes/user.routes')
-    const groupRoutes = require('./routes/group.routes')
-    const ldapRoutes = require('./routes/ldap.routes')
-    const azureadRoutes = require('./routes/azuread.routes')
-    const oidcRoutes = require('./routes/oidc.routes')
-    const settingsRoutes = require('./routes/settings.routes')
-    const credentialRoutes = require('./routes/credential.routes')
-    const loginRoutes = require('./routes/login.routes')
-    const schemaRoutes = require('./routes/schema.routes')
-    const tokenRoutes = require('./routes/token.routes')
-    const configRoutes = require('./routes/config.routes')
-    const versionRoutes = require('./routes/version.routes')
-    const lockRoutes = require('./routes/lock.routes')
-    const profileRoutes = require('./routes/profile.routes')
-    const sshRoutes = require('./routes/ssh.routes')
-    const logRoutes = require('./routes/log.routes')
-    const knownhostsRoutes = require('./routes/knownhosts.routes')
-    const helpRoutes = require('./routes/help.routes')
-    const installRoutes = require('./routes/install.routes')
-    const repositoryRoutes = require('./routes/repository.routes')
-
-    // mysql2 has a bug that can throw an uncaught exception if the mysql server crashes (not enough mem for example)
-    // also git commands can chain child processes and cause issues
-    process.on('uncaughtException', function(err) {
-      // handle the error safely
-      console.error("An uncaught exception happened, ignore... ",err)
-    })
-
-    // using json web tokens as middleware
-    // the jwtauthentication strategy from passport (/auth/auth.js)
-    // is used as a middleware.  Every route will check the token for validity
-    const authobj = passport.authenticate('jwt', { session: false })
-
-    // api routes for browser only (no cors)
-    const swaggerOptions = {
-      customSiteTitle: "Ansibleforms Swagger UI",
-      customfavIcon: `${appConfig.baseUrl}favicon.svg`,
-      customCssUrl: `${appConfig.baseUrl}assets/css/swagger.css`,
-      docExpansion:"none"
-    }
-    // change basePath dynamically
-    swaggerDocument.basePath = `${appConfig.baseUrl}api/v1`
-    app.use(`${appConfig.baseUrl}api-docs`, swaggerUi.serve, swaggerUi.setup(swaggerDocument,swaggerOptions));
-    app.use(`${appConfig.baseUrl}api/v1/schema`, schemaRoutes)
-
-    // api routes for querying
-    app.use(`${appConfig.baseUrl}api/v1/query`,cors(), authobj, queryRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/expression`,cors(), authobj, expressionRoutes)
-
-    // api route for version
-    app.use(`${appConfig.baseUrl}api/v1/version`,cors(), versionRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/install`,cors(), installRoutes)
-
-    app.use(`${appConfig.baseUrl}api/v1/lock`,cors(),authobj, lockRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/help`,cors(),authobj, helpRoutes)    
-
-    // api route for profile
-    app.use(`${appConfig.baseUrl}api/v1/profile`,cors(), authobj, profileRoutes)
-
-    // api routes for authorization
-    app.use(`${appConfig.baseUrl}api/v1/auth`,cors(), loginRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/token`,cors(), tokenRoutes)
-
-    // api routes for automation actions
-
-    // app.use(`${appConfig.baseUrl}api/v1/multistep`,cors(), authobj, multistepRoutes)
-
-    // api routes for admin management
-    app.use(`${appConfig.baseUrl}api/v1/job`,cors(), authobj, jobRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/user`,cors(), authobj, checkAdminMiddleware, userRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/group`,cors(), authobj, checkAdminMiddleware, groupRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/ldap`,cors(), authobj, checkAdminMiddleware, ldapRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/azuread`,cors(), authobj, checkAdminMiddleware, azureadRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/oidc`,cors(), authobj, checkAdminMiddleware, oidcRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/settings`,cors(), authobj, checkAdminMiddleware, settingsRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/credential`,cors(), authobj, checkAdminMiddleware, credentialRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/sshkey`,cors(), authobj, checkAdminMiddleware, sshRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/awx`,cors(), authobj, checkAdminMiddleware, awxRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/log`,cors(), authobj, checkAdminMiddleware, logRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/repository`,cors(), authobj, checkAdminMiddleware, repositoryRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/knownhosts`,cors(), authobj, checkAdminMiddleware, knownhostsRoutes)
-
-    // routes for form config (extra middleware in the routes itself)
-    app.use(`${appConfig.baseUrl}api/v1/config`,cors(), authobj, configRoutes)
-
+  init()
+      .then(()=> {
+        auth_azuread.initialize()
+        auth_oidc.initialize()
+      })
+      .catch(
+          r => logger.error(r)
+      );
+
+  // passport
+  app.use(session({
+    secret: 'AnsibleForms',
+    resave: false,
+    saveUninitialized: true
+  }));
+  app.use(passport.initialize());
+  app.use(passport.session());
+
+  app.use(bodyParser.json({limit: '50mb'}));
+  app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
+
+  // mysql2 has a bug that can throw an uncaught exception if the mysql server crashes (not enough mem for example)
+  // also git commands can chain child processes and cause issues
+  process.on('uncaughtException', function(err) {
+    // handle the error safely
+    console.error("An uncaught exception happened, ignore... ",err)
   })
 
- 
+  // using json web tokens as middleware
+  // the jwtauthentication strategy from passport (/auth/auth.js)
+  // is used as a middleware.  Every route will check the token for validity
+  const authobj = passport.authenticate('jwt', { session: false })
+
+  // api routes for browser only (no cors)
+  const swaggerOptions = {
+    customSiteTitle: "Ansibleforms Swagger UI",
+    customfavIcon: `${appConfig.baseUrl}favicon.svg`,
+    customCssUrl: `${appConfig.baseUrl}assets/css/swagger.css`,
+    docExpansion:"none"
+  }
+  // change basePath dynamically
+  swaggerDocument.basePath = `${appConfig.baseUrl}api/v1`
+  app.use(`${appConfig.baseUrl}api-docs`, swaggerUi.serve, swaggerUi.setup(swaggerDocument,swaggerOptions));
+  app.use(`${appConfig.baseUrl}api/v1/schema`, schemaRoutes)
+
+  // api routes for querying
+  app.use(`${appConfig.baseUrl}api/v1/query`,cors(), authobj, queryRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/expression`,cors(), authobj, expressionRoutes)
+
+  // api route for version
+  app.use(`${appConfig.baseUrl}api/v1/version`,cors(), versionRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/install`,cors(), installRoutes)
+
+  app.use(`${appConfig.baseUrl}api/v1/lock`,cors(),authobj, lockRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/help`,cors(),authobj, helpRoutes)
+
+  // api route for profile
+  app.use(`${appConfig.baseUrl}api/v1/profile`,cors(), authobj, profileRoutes)
+
+  // api routes for authorization
+  app.use(`${appConfig.baseUrl}api/v1/auth`,cors(), loginRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/token`,cors(), tokenRoutes)
+
+  // api routes for automation actions
+
+  // app.use(`${appConfig.baseUrl}api/v1/multistep`,cors(), authobj, multistepRoutes)
+
+  // api routes for admin management
+  app.use(`${appConfig.baseUrl}api/v1/job`,cors(), authobj, jobRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/user`,cors(), authobj, checkAdminMiddleware, userRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/group`,cors(), authobj, checkAdminMiddleware, groupRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/ldap`,cors(), authobj, checkAdminMiddleware, ldapRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/azuread`,cors(), authobj, checkAdminMiddleware, azureadRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/oidc`,cors(), authobj, checkAdminMiddleware, oidcRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/settings`,cors(), authobj, checkAdminMiddleware, settingsRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/credential`,cors(), authobj, checkAdminMiddleware, credentialRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/sshkey`,cors(), authobj, checkAdminMiddleware, sshRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/awx`,cors(), authobj, checkAdminMiddleware, awxRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/log`,cors(), authobj, checkAdminMiddleware, logRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/repository`,cors(), authobj, checkAdminMiddleware, repositoryRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/knownhosts`,cors(), authobj, checkAdminMiddleware, knownhostsRoutes)
+
+  // routes for form config (extra middleware in the routes itself)
+  app.use(`${appConfig.baseUrl}api/v1/config`,cors(), authobj, configRoutes)
 }

From 318004bb3a76970c1330f239ba1f24f562485a0a Mon Sep 17 00:00:00 2001
From: Markus Daugs <markus.daugs@cgi.com>
Date: Thu, 20 Jun 2024 13:36:03 +0200
Subject: [PATCH 05/39] fixed cookie-session handling

---
 server/src/configure.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/server/src/configure.js b/server/src/configure.js
index ce611858..8b55a398 100644
--- a/server/src/configure.js
+++ b/server/src/configure.js
@@ -87,6 +87,21 @@ module.exports = app => {
   app.use(passport.initialize());
   app.use(passport.session());
 
+  // register regenerate & save after the cookieSession middleware initialization
+  app.use(function(request, response, next) {
+    if (request.session && !request.session.regenerate) {
+      request.session.regenerate = (cb) => {
+        cb()
+      }
+    }
+    if (request.session && !request.session.save) {
+      request.session.save = (cb) => {
+        cb()
+      }
+    }
+    next()
+  })
+
   app.use(bodyParser.json({limit: '50mb'}));
   app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
 

From 5e8c3a9680fa1b230d0dd86de4d866b48a32a205 Mon Sep 17 00:00:00 2001
From: Markus Daugs <markus.daugs@cgi.com>
Date: Thu, 20 Jun 2024 15:58:53 +0200
Subject: [PATCH 06/39] fixed file loading on import

---
 server/src/configure.js | 80 ++++++++++++++++++++---------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/server/src/configure.js b/server/src/configure.js
index 8b55a398..d29bed4c 100644
--- a/server/src/configure.js
+++ b/server/src/configure.js
@@ -23,49 +23,49 @@ const passport = require('passport');
 // a small custom middleware to check whether the user is administrator
 const checkAdminMiddleware = require('./lib/common').checkAdminMiddleware
 
-// our personal app settings
-const appConfig = require('../config/app.config')
-const logger = require("./lib/logger");
-const schemaRoutes = require("./routes/schema.routes");
-const queryRoutes = require("./routes/query.routes");
-const expressionRoutes = require("./routes/expression.routes");
-const versionRoutes = require("./routes/version.routes");
-const installRoutes = require("./routes/install.routes");
-const lockRoutes = require("./routes/lock.routes");
-const helpRoutes = require("./routes/help.routes");
-const profileRoutes = require("./routes/profile.routes");
-const loginRoutes = require("./routes/login.routes");
-const tokenRoutes = require("./routes/token.routes");
-const jobRoutes = require("./routes/job.routes");
-const userRoutes = require("./routes/user.routes");
-const groupRoutes = require("./routes/group.routes");
-const ldapRoutes = require("./routes/ldap.routes");
-const azureadRoutes = require("./routes/azuread.routes");
-const oidcRoutes = require("./routes/oidc.routes");
-const settingsRoutes = require("./routes/settings.routes");
-const credentialRoutes = require("./routes/credential.routes");
-const sshRoutes = require("./routes/ssh.routes");
-const awxRoutes = require("./routes/awx.routes");
-const logRoutes = require("./routes/log.routes");
-const repositoryRoutes = require("./routes/repository.routes");
-const knownhostsRoutes = require("./routes/knownhosts.routes");
-const configRoutes = require("./routes/config.routes");
-
-// we use 4 authentications/authorization strategies
-// - basic : with username and password to get jwt tokens
-// - azure-ad-oauth2 : microsoft login
-// - oidc : open id connect
-// - jwt : to use the jwt tokens
-// passport (the auth lib used) is smart, if basic authentication headers are detected
-// then the basic authentication strategy kicks and the basic login procedure starts
-require('./auth/auth_basic');
-require('./auth/auth_jwt');
-const auth_azuread = require('./auth/auth_azuread');
-const auth_oidc = require('./auth/auth_oidc');
-
 // start the app
 module.exports = app => {
 
+  // our personal app settings
+  const appConfig = require('../config/app.config')
+  const logger = require("./lib/logger");
+  const schemaRoutes = require("./routes/schema.routes");
+  const queryRoutes = require("./routes/query.routes");
+  const expressionRoutes = require("./routes/expression.routes");
+  const versionRoutes = require("./routes/version.routes");
+  const installRoutes = require("./routes/install.routes");
+  const lockRoutes = require("./routes/lock.routes");
+  const helpRoutes = require("./routes/help.routes");
+  const profileRoutes = require("./routes/profile.routes");
+  const loginRoutes = require("./routes/login.routes");
+  const tokenRoutes = require("./routes/token.routes");
+  const jobRoutes = require("./routes/job.routes");
+  const userRoutes = require("./routes/user.routes");
+  const groupRoutes = require("./routes/group.routes");
+  const ldapRoutes = require("./routes/ldap.routes");
+  const azureadRoutes = require("./routes/azuread.routes");
+  const oidcRoutes = require("./routes/oidc.routes");
+  const settingsRoutes = require("./routes/settings.routes");
+  const credentialRoutes = require("./routes/credential.routes");
+  const sshRoutes = require("./routes/ssh.routes");
+  const awxRoutes = require("./routes/awx.routes");
+  const logRoutes = require("./routes/log.routes");
+  const repositoryRoutes = require("./routes/repository.routes");
+  const knownhostsRoutes = require("./routes/knownhosts.routes");
+  const configRoutes = require("./routes/config.routes");
+
+  // we use 4 authentications/authorization strategies
+  // - basic : with username and password to get jwt tokens
+  // - azure-ad-oauth2 : microsoft login
+  // - oidc : open id connect
+  // - jwt : to use the jwt tokens
+  // passport (the auth lib used) is smart, if basic authentication headers are detected
+  // then the basic authentication strategy kicks and the basic login procedure starts
+  require('./auth/auth_basic');
+  require('./auth/auth_jwt');
+  const auth_azuread = require('./auth/auth_azuread');
+  const auth_oidc = require('./auth/auth_oidc');
+
   // first time run init
   // from now on, it's async => we wait for mysql to be ready
   const init = require('./init/')

From a22cdd425fc01ff4399b7c141310b0196e799264 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 16:59:12 +0200
Subject: [PATCH 07/39] add help

---
 client/src/components/BulmaTextArea.vue | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/client/src/components/BulmaTextArea.vue b/client/src/components/BulmaTextArea.vue
index 49d13395..b4581110 100644
--- a/client/src/components/BulmaTextArea.vue
+++ b/client/src/components/BulmaTextArea.vue
@@ -1,6 +1,7 @@
 <template>
   <div class="field">
     <label v-if="label!=''" class="label">{{label}} <span v-if="required" class="has-text-danger">*</span></label>
+    <p class="is-size-7" v-if="help!=''">{{ help  }}</p>
     <textarea class="textarea is-family-monospace" rows="10" @keyup.enter="$emit('enterClicked')"  :readonly="readonly" v-focus="focus" :type="type" :value="value" :class="{'is-danger':hasError}" @input="$emit('input', $event.target.value)" :placeholder="placeholder"></textarea>
     <p class="has-text-danger" v-for="e in errors" :key="e.label" :class="{'is-hidden':!e.if}">{{ e.label }}</p>
   </div>
@@ -31,6 +32,7 @@
       label:{type:String,default:""},
       hasError:{type:Boolean,default:false},
       errors:{type:Array},
+      help:{type:String,default:""}
     },data(){
       return{
       }

From b6edd4eb1d7dce5532facb20b9ac74876eb1afa0 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 16:59:40 +0200
Subject: [PATCH 08/39] add oracle

---
 server/package.json                           |  1 +
 .../src/controllers/credential.controller.js  |  6 ++-
 server/src/lib/oracle.js                      | 40 +++++++++++++++++++
 server/src/models/query.model.js              | 21 +++++++---
 4 files changed, 61 insertions(+), 7 deletions(-)
 create mode 100644 server/src/lib/oracle.js

diff --git a/server/package.json b/server/package.json
index b8b11193..0b8bc3c0 100644
--- a/server/package.json
+++ b/server/package.json
@@ -40,6 +40,7 @@
     "modern-passport-http": "~0.3.0",
     "moment": "~2.30.1",
     "mongodb": "~6.7.0",
+    "oracledb": "~6.5.1",
     "mssql": "~10.0.2",
     "multer": "~1.4.5-lts.1",
     "mysql2": "~3.10.0",
diff --git a/server/src/controllers/credential.controller.js b/server/src/controllers/credential.controller.js
index 4e25cd25..896d4dbf 100644
--- a/server/src/controllers/credential.controller.js
+++ b/server/src/controllers/credential.controller.js
@@ -4,6 +4,8 @@ var RestResult = require('../models/restResult.model');
 const mysql=require("../lib/mysql")
 const postgres=require("../lib/postgres")
 const mssql=require("../lib/mssql")
+const oracle=require("../lib/oracle")
+const mongodb=require("../lib/mongodb")
 
 exports.find = function(req, res) {
   if(req.query.name){
@@ -62,8 +64,10 @@ exports.testDb = function(req,res){
           return mssql.query(cred[0].name,'select 1')
         }else if(db_type=='postgres'){
           return postgres.query(cred[0].name,'select 1')
+        }else if(db_type=='oracle'){
+          return oracle.query(cred[0].name,'select 1')          
         }else if(db_type=='mongodb'){
-          throw new Error("Mongodb test is not implemented")
+          return mongodb.query(cred[0].name,'admin~system.version~{}')
         }else{
           throw new Error("Database type not set")
         }
diff --git a/server/src/lib/oracle.js b/server/src/lib/oracle.js
new file mode 100644
index 00000000..a3075064
--- /dev/null
+++ b/server/src/lib/oracle.js
@@ -0,0 +1,40 @@
+//- MYSQL Module
+const logger = require('./logger');
+const Oracledb = require('oracledb');
+const Credential = require('../models/credential.model')
+
+Oracle = {}
+
+// rewritten with await 5.0.3
+Oracle.query = async function (connection_name, query) {
+  var creds = await Credential.findByName(connection_name)
+  var connection
+  var config = {
+      user: creds.user,
+      password: creds.password,
+      connectionString: (creds.db_name)?`${creds.host}:${creds.port}/${creds.db_name}`:`${creds.host}:${creds.port}`
+  };
+
+  try{
+    connection = await Oracledb.getConnection(config)
+  }catch(err){
+    logger.error(`[${connection_name}] connection error`,err)
+    throw err
+  }
+  try{
+    const result = await connection.execute(query)
+    return result?.rows
+  }catch(err){
+    logger.error(`[${connection_name}] query error`,err)
+    throw err
+  }finally{
+    try{
+      await connection.close()
+    }catch(e){
+      logger.error(`[${connection_name}] connection error`,e)
+      throw e
+    }
+  }
+}
+
+module.exports = Oracle
diff --git a/server/src/models/query.model.js b/server/src/models/query.model.js
index e7cfb9f1..bc177e55 100644
--- a/server/src/models/query.model.js
+++ b/server/src/models/query.model.js
@@ -5,6 +5,7 @@ const mysql=require("../lib/mysql")
 const mssql=require("../lib/mssql")
 const postgres=require("../lib/postgres")
 const mongodb=require("../lib/mongodb")
+const oracle=require("../lib/oracle")
 
 //reporter object create
 var Query=function(){
@@ -31,18 +32,20 @@ Query.findAll = async function (query,cfg,noLog) {
     config.push(cfg)
   }
 
-  if(noLog){
-    logger.info(`[${config.type}][${config.name}] Running query : noLog is applied`)
-  }else{
-    logger.info(`[${config.type}][${config.name}] Running query ${query}`)
-  }
+
   for await (var c of config){
+
     var res = []
     if(!c.type){ // if no type is given, we try to find the credential
       logger.debug(`[${c.name}] No type is passed, looking up credential`)
       var cred = await Credential.findByName(c.name)
       c.type = cred.db_type || "mysql"
     }
+    if(noLog){
+      logger.info(`[${c.type}][${c.name}] Running query : noLog is applied`)
+    }else{
+      logger.info(`[${c.type}][${c.name}] Running query ${query}`)
+    }        
     if(c.type=="mssql"){  // use mssql connection lib
       res = await mssql.query(c.name,query)
       if(!noLog){
@@ -62,7 +65,13 @@ Query.findAll = async function (query,cfg,noLog) {
         logger.debug(`[${c.name}] query result : ${JSON.stringify(res)}`)
       }
       result = result.concat(res)
-    }else if(config.type=="mongodb"){  // use postgres connection lib
+    }else if(c.type=="oracle"){  // use postgres connection lib
+      res = await oracle.query(c.name,query)
+      if(!noLog){
+        logger.debug(`[${c.name}] query result : ${JSON.stringify(res)}`)
+      }
+      result = result.concat(res)      
+    }else if(c.type=="mongodb"){  // use postgres connection lib
       res = await mongodb.query(c.name,query)
       if(!noLog){
         logger.debug(`[${c.name}] query result : ${JSON.stringify(res)}`)

From 6d39e0c01e9197f88583d63677aea448b7b2e92f Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 16:59:53 +0200
Subject: [PATCH 09/39] add oracle

---
 client/src/views/Credentials.vue | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/src/views/Credentials.vue b/client/src/views/Credentials.vue
index adfaa6e7..55bf7382 100644
--- a/client/src/views/Credentials.vue
+++ b/client/src/views/Credentials.vue
@@ -39,8 +39,8 @@
                 <BulmaInput icon="server" v-model="credential.host" label="Host" placeholder="Host" :required="!!credential.is_database" :hasError="$v.credential.host.$invalid" :errors="[]" />
                 <BulmaInput icon="door-closed" v-model="credential.port" label="Port" placeholder="3306" :required="!!credential.is_database" :hasError="$v.credential.port.$invalid" :errors="[]" />
                 <BulmaInput icon="info-circle" v-model="credential.description" label="Description" placeholder="Description" />
-                <BulmaInput v-if="!!credential.is_database" icon="database" v-model="credential.db_name" label="Database" placeholder="Database" />
-                <BulmaSelect v-if="!!credential.is_database" icon="database" v-model="credential.db_type" label="Database type" :list="['mysql','mssql','postgres','mongodb']"  />
+                <BulmaSelect v-if="!!credential.is_database" icon="database" v-model="credential.db_type" label="Database type" :list="['mysql','mssql','postgres','mongodb','oracle']"  />
+                <BulmaInput v-if="!!credential.is_database" icon="database" v-model="credential.db_name" :label="(credential.db_type=='oracle')?'Service':'Database'" :placeholder="(credential.db_type=='oracle')?'Service Name':'Database Name'" />
                 <BulmaCheckbox v-if="!!credential.is_database" checktype="checkbox" v-model="credential.secure" label="Secure connection" /><br><br>
                 <BulmaButton v-if="credentialItem==-1" icon="save" label="Create Credential" @click="newCredential()"></BulmaButton>
                 <BulmaButton v-if="credentialItem!=-1" icon="save" label="Update Credential" @click="updateCredential()"></BulmaButton>

From c54f511bd28d9f6d73251a0713b2b45d0cb3b005 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:00:15 +0200
Subject: [PATCH 10/39] typo

---
 client/src/views/Schema.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/views/Schema.vue b/client/src/views/Schema.vue
index afa5e9c7..46a982c4 100644
--- a/client/src/views/Schema.vue
+++ b/client/src/views/Schema.vue
@@ -31,7 +31,7 @@
               </form>
               <form action="" class="box" v-else>
                 <div class="content">
-                  It appears that you have an unuseable schema.  Part of the tables is present, and part is missing.<br>
+                  It appears that you have an unuseable schema.  Part of the database is present, and part is missing.<br>
                   Please contact your database or application administrator to either restore from a backup, or create the missing tables.  
                   For now there is nothing I can do for you, until the schema and tables are in a consistent state.
                 </div>

From a3f9fd2675de46c26ad6af9425330c6ed76de966 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:00:48 +0200
Subject: [PATCH 11/39] add forms yaml in database

---
 docs/forms.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/forms.md b/docs/forms.md
index 8b5913f5..bcda24a6 100644
--- a/docs/forms.md
+++ b/docs/forms.md
@@ -72,7 +72,10 @@ forms: # a list of forms
         label: Username
 ```
 
-To add more forms, you either extend the forms-list property in the forms.yaml file, or you make seperate yaml files under the forms folder.  Each file must contain [a single form item](#form-object).
+To add more forms, you either extend the forms-list property in the forms.yaml file, or you make seperate yaml files under the forms folder.  Each file must contain [a single form item](#form-object).  
+  
+**YAML FROM REPOSITORY** : The `forms.yaml` and `forms/` folder can be placed in the root of a repository and loaded from there.  
+**YAML FROM DATABASE** : The `forms.yaml` can also be stored in the database and will have preference over the `forms.yaml` file.  
 
 <table class="table-responsive">
       <thead>

From 45bb8c834e86d43d7132bfe36c7f54594e12a887 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:01:09 +0200
Subject: [PATCH 12/39] add forms yaml

---
 server/src/db/create_settings_table.sql | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/src/db/create_settings_table.sql b/server/src/db/create_settings_table.sql
index 634ab817..2830ea8d 100644
--- a/server/src/db/create_settings_table.sql
+++ b/server/src/db/create_settings_table.sql
@@ -6,6 +6,7 @@ CREATE TABLE `settings` (
   `mail_username` varchar(250) DEFAULT NULL,
   `mail_password` text DEFAULT NULL,
   `mail_from` varchar(250) DEFAULT NULL,
-  `url` varchar(250) DEFAULT NULL
+  `url` varchar(250) DEFAULT NULL,
+  `forms_yaml` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL,  
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-INSERT INTO AnsibleForms.settings(mail_server,mail_port,mail_secure,mail_username,mail_password,mail_from,url) VALUES('',25,0,'','','','');
+INSERT INTO AnsibleForms.settings(mail_server,mail_port,mail_secure,mail_username,mail_password,mail_from,url) VALUES('',25,0,'','','','','');

From 4ec96992c259235d4291dcaed6b7153ce3d73d29 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:01:41 +0200
Subject: [PATCH 13/39] add forms.yaml in db

---
 client/src/views/Settings.vue | 83 ++++++++++++++++++++++++++++-------
 1 file changed, 66 insertions(+), 17 deletions(-)

diff --git a/client/src/views/Settings.vue b/client/src/views/Settings.vue
index 65329ef2..9ce96bb4 100644
--- a/client/src/views/Settings.vue
+++ b/client/src/views/Settings.vue
@@ -15,22 +15,47 @@
           </nav>
           <div class="box">
             <BulmaInput icon="globe" v-model="settings.url" help="" label="Public Root Url" placeholder="https://ansibleforms:8443" :required="true" :hasError="$v.settings.url.$invalid" :errors="[]" />
+            <p class="has-text-weight-bold mb-2">Forms YAML</p>
+            <p class="is-size-6 mb-2">In case you want the forms.yaml file in the database instead of loaded from the filesystem.  <BulmaButton icon="file-import" label="Import from forms.yaml" @click="importYamlFile()"></BulmaButton></p>
+            <VueCodeEditor
+                  v-model="settings.forms_yaml"
+                  @init="editorInit"
+                  lang="yaml"
+                  theme="monokai"
+                  width="100%"
+                  height="40vh"
+                  tabindex=0
+                  :lazymodel="true"
+                  @dirty="formDirty=true"
+                  :options="{
+                      enableBasicAutocompletion: true,
+                      enableLiveAutocompletion: false,
+                      fontSize: 14,
+                      highlightActiveLine: true,
+                      enableSnippets: false,
+                      showLineNumbers: true,
+                      tabSize: 2,
+                      wrap:false,
+                      showPrintMargin: false,
+                      showGutter: true
+                  }"
+                />
           </div>  
 
-            <table class="table is-bordered is-striped is-fullwidth">
-              <thead>
-                <tr>
-                  <th>Environment Variable</th><th>Set</th><th>Value</th>
-                </tr>
-              </thead>
-              <tbody>
-                <tr v-for="e in env" :key="e.name">
-                  <td>{{ e.name }}</td>
-                  <td><font-awesome-icon :icon="(e.set)?'check':'times'" :class="{'has-text-success':e.set,'has-text-danger':!e.set}" /></td>
-                  <td>{{ e.value }}</td>
-                </tr>
-              </tbody>
-            </table>
+          <table class="table is-bordered is-striped is-fullwidth">
+            <thead>
+              <tr>
+                <th>Environment Variable</th><th>Set</th><th>Value</th>
+              </tr>
+            </thead>
+            <tbody>
+              <tr v-for="e in env" :key="e.name">
+                <td>{{ e.name }}</td>
+                <td><font-awesome-icon :icon="(e.set)?'check':'times'" :class="{'has-text-success':e.set,'has-text-danger':!e.set}" /></td>
+                <td>{{ e.value }}</td>
+              </tr>
+            </tbody>
+          </table>
               
         </div>
       </div>
@@ -44,6 +69,7 @@
   import Vuelidate from 'vuelidate'
   import BulmaButton from './../components/BulmaButton.vue'
   import BulmaInput from './../components/BulmaInput.vue'
+  import VueCodeEditor from './../components/VueCodeEditor';
   import BulmaSettingsMenu from '../components/BulmaSettingsMenu.vue'
   import TokenStorage from './../lib/TokenStorage'
   import { required, email, minValue,maxValue,minLength,maxLength,helpers,requiredIf,sameAs } from 'vuelidate/lib/validators'
@@ -56,17 +82,32 @@
       authenticated:{type:Boolean},
       isAdmin:{type:Boolean}
     },
-    components:{BulmaButton,BulmaInput,BulmaSettingsMenu},
+    components:{BulmaButton,BulmaInput,VueCodeEditor,BulmaSettingsMenu},
     data(){
       return  {
           settings:{
-            url:""
+            url:"",
+            forms_yaml:"",
           },
           env:[]
 
         }
     },
     methods:{
+      importYamlFile(){
+        var ref= this;
+        axios.put(`${process.env.BASE_URL}api/v1/settings/importFormsFileFromYaml`,{},TokenStorage.getAuthentication())
+          .then((result)=>{
+            if(result.data.status=="error"){
+                ref.$toast.error(result.data.message + ", " + result.data.data.error);
+              }else{
+                ref.$toast.success(result.data.message);
+                ref.loadSettings();
+              }
+          }),function(err){
+            ref.$toast.error(err.toString());
+          };
+      },
       loadSettings(){
         var ref= this;
         axios.get(`${process.env.BASE_URL}api/v1/settings/`,TokenStorage.getAuthentication())
@@ -98,7 +139,13 @@
         }else{
           this.$toast.warning("Invalid form data")
         }
-      }
+      },
+      editorInit: function () {
+          // vue2-code-editor/node_modules/
+          require('brace/ext/language_tools') //language extension prerequsite...
+          require('brace/mode/yaml')
+          require('brace/theme/monokai')
+      }      
     },
     validations: {
       settings:{
@@ -108,6 +155,8 @@
               {description: "Must be a valid public url",type:"regex"},
               (value) => !helpers.req(value) || (new RegExp("^https?:\/\/[^\/]+$").test(value)) // eslint-disable-line
           )                
+        },
+        forms_yaml:{
         }
       }
     },

From fe3aea9ed19cc7886568ec7f055c5ac5650aae7b Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:02:07 +0200
Subject: [PATCH 14/39] add oracle

---
 server/schema/forms_schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/schema/forms_schema.json b/server/schema/forms_schema.json
index 34d421fc..0be3545b 100644
--- a/server/schema/forms_schema.json
+++ b/server/schema/forms_schema.json
@@ -1198,7 +1198,7 @@
                         "name": {"type": "string"},
                         "type": {
                           "type": "string",
-                          "enum": ["mysql", "mssql", "postgres", "mongodb"]
+                          "enum": ["mysql", "mssql", "postgres", "mongodb","oracle"]
                         }
                       }                        
                     },

From 1f406f808be37e1ba4e668a52256e5f1a95b27ba Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:02:43 +0200
Subject: [PATCH 15/39] rewritten in async await

---
 server/src/lib/mongodb.js     | 59 ++++++++++-------------
 server/src/lib/mssql.js       | 91 ++++++++++++++++++-----------------
 server/src/lib/mysql.js       | 79 +++++++++++-------------------
 server/src/lib/postgres.js    | 65 +++++++++++--------------
 server/src/models/db.model.js | 67 ++++++++++++--------------
 5 files changed, 161 insertions(+), 200 deletions(-)

diff --git a/server/src/lib/mongodb.js b/server/src/lib/mongodb.js
index fb44cfcd..486d57e3 100644
--- a/server/src/lib/mongodb.js
+++ b/server/src/lib/mongodb.js
@@ -5,49 +5,40 @@ const Credential = require('../models/credential.model')
 
 Mongo = {}
 
-Mongo.query=async function(connection_name,query){
-  // does the pool exist already, if not let's add it
-  // logger.info("["+connection_name+"] running query : " + query)
-  var config=undefined
+Mongo.query = async function (connection_name, query) {
+
   var queryarr = query.split("~")
+  var queryJson
   if(queryarr.length!=3){
-    return Promise.reject("["+connection_name+"] query must contain 3 parts separated with '~'. " + query)
+    throw new Error("["+connection_name+"] query must contain 3 parts separated with '~'. " + query)
   }
+  var dbName = queryarr[0]
+  var collectionName = queryarr[1]
   try{
-    var queryprep = JSON.parse(queryarr[2])
+    queryJson = JSON.parse(queryarr[2])
   }catch(err){
-    return Promise.reject("["+connection_name+"] query must be valid json. Use double quotes, not single quotes.  " + queryarr[2])
+    throw new Error("["+connection_name+"] query must be valid json. Use double quotes, not single quotes.  " + queryarr[2])
   }
-
-  Credential.findByName(connection_name)
-  .then((config)=>{
-    Client.connect(uri,function(err,db){
-      if(err){
-        throw ("["+connection_name+"] Connection error : " + err)
-      }else{
-        return new Promise((resolve,reject)=>{
-          var dbo=db.db(queryarr[0])
-          dbo.collection(queryarr[1]).find(queryprep).toArray(function(err,result){
-            db.close()
-            if(err){
-              reject(`[${connection_name}] query error : ${err.toString()}`)
-            }
-            resolve(result)
-          })
-        })
-
-      }
-    })
-  })
-
+  var config = await Credential.findByName(connection_name)
   var uri = `mongodb://${encodeURI(config.user)}:${encodeURI(config.password)}@${config.host}:${config.port}`
-  // logger.debug("["+connection_name+"] uri : " + uri)
+  var client
   try{
-
+    client = await Client.connect(uri)
+    var db = client.db(dbName)
+    var collection = db.collection(collectionName)
+    var result = await collection.find(queryJson).toArray()
+    return result
   }catch(err){
-    logger.error("["+connection_name+"] " + err)
-    callback(null,null)
+    logger.error("["+connection_name+"] ", err)
+    throw err
+  }finally{
+    try{
+      client.close()
+    }catch(e){
+      logger.error("["+connection_name+"] ",e)
+      throw e
+    }
   }
 
-};
+}
 module.exports = Mongo
diff --git a/server/src/lib/mssql.js b/server/src/lib/mssql.js
index 16d2790c..c8252785 100644
--- a/server/src/lib/mssql.js
+++ b/server/src/lib/mssql.js
@@ -2,53 +2,58 @@
 const logger = require('./logger');
 const client = require('mssql');
 const Credential = require('../models/credential.model')
+const Helpers = require('./common')
 
 Mssql = {}
 
-Mssql.query=async function(connection_name,query){
-  return Credential.findByName(connection_name)
-  .then((creds)=>{
-    var config = {
-        server: creds.host,
-        user: creds.user,
-        password: creds.password,
-        database: creds.db_name,
-        port: creds.port,
-        options: {
-            trustServerCertificate: true
-        }
-    };
-    if(creds.secure){
-      
-      config.encrypt=true
+// rewrite with await 5.0.3
+
+Mssql.query = async function (connection_name, query) {
+
+  var creds = await Credential.findByName(connection_name)
+  var config = {
+    server: creds.host,
+    user: creds.user,
+    password: creds.password,
+    database: creds.db_name,
+    port: creds.port,
+    options: {
+      trustServerCertificate: true
     }
-    // remove database if needed
-    if(!creds.db_name){
-      delete config.database
+  };
+  if(creds.secure){
+    
+    config.encrypt=true
+  }
+  // remove database if needed
+  if(!creds.db_name){
+    delete config.database
+  }
+
+  var conn
+  try{
+    var conn = await client.connect(config)
+  }catch(err){
+    logger.error(`[${connection_name}] connection error`,err)
+    throw err
+  }
+
+  var result
+  try{
+    result = await conn.query(query)
+    return result?.recordset
+  }catch(err){
+    logger.error(`[${connection_name}] query error`,err)
+    throw err
+  }finally{
+    try{
+      conn.close()
+    }catch(e){
+      logger.error(`[${connection_name}] connection error`,e)
+      throw e
     }
-    return config
-  })
-  .then((config)=>{
-    return new Promise((resolve,reject)=>{
-      client.connect(config, function(err,conn){
-        if(err){
-          reject(`[${connection_name}] connection error : ${err.toString()}`)
-        }else{
-          conn.query(query, (err, result) => {
-            // close connection immediately
-            logger.debug(`[${connection_name}] closing connection`)
-            conn.close()
-            if(err){
-              reject(`[${connection_name}] query error : ${err.toString()}`)
-            }
-            resolve(result?.recordset)
-          })
-        }
-
-      })
-    })
-
-  })
-};
+  }
+
+}
 
 module.exports = Mssql
diff --git a/server/src/lib/mysql.js b/server/src/lib/mysql.js
index 5f1c56ca..f529220d 100644
--- a/server/src/lib/mysql.js
+++ b/server/src/lib/mysql.js
@@ -1,6 +1,6 @@
 //- MYSQL Module
 const logger = require('./logger');
-const client = require('mysql2');
+const client = require('mysql2/promise');
 const Credential = require('../models/credential.model')
 const util = require('util')
 
@@ -15,54 +15,33 @@ MySql.clean=function(config){
   return config
 }
 
-MySql.query=function(connection_name,query){
-  // get credentials
-  return Credential.findByName(connection_name)
-  .then((config)=>{
-    logger.debug(`[${connection_name}] query : ${query}`)
-    return new Promise((resolve,reject)=>{
-      var conn
-      try{
-        logger.debug(`[${connection_name}] connection found : ${config.name}`)
-        config.multipleStatements=true
-        // remove database if not defined
-        if(config.db_name){
-          config.database = config.db_name
-        }
-        if(config.secure){
-          config.ssl={
-            sslmode:"required",
-            rejectUnauthorized:false
-          }
-        }else{
-          config.ssl={
-            sslmode:"none",
-            rejectUnauthorized:false
-          }
-        }
-        // get connection
-        config=MySql.clean(config) // remove unsupported properties
-        // logger.notice(util.inspect(config))
-        conn = client.createConnection(config)
-
-        // get data
-        conn.query(query,function(err,result){
-          // logger.debug(`[${connection_name}] closing connection`)
-          if(err){
-            reject(`[${connection_name}] query error : ${err.toString()}`)
-          }else{
-            conn.end()
-            // logger.debug("["+connection_name+"] query result 1 : " + JSON.stringify(result))
-            resolve(result)
-          }
-
-        })
-      }catch(err){
-        reject(`[${connection_name}] connection error : ${err.toString()}`)
-      }
+// rewrite with await 5.0.3
 
-    })
-
-  })
-};
+MySql.query = async function (connection_name, query) {
+  // get credentials
+  var config = await Credential.findByName(connection_name)
+  logger.debug(`[${connection_name}] query : ${query}`)
+  var conn
+  try{
+    conn = await client.createConnection(MySql.clean(config))
+    var result
+    try{
+      [result] = await conn.query(query)
+      return result
+    }catch(err){
+      logger.error(`[${connection_name}] query error : ${err.toString()}`)
+      throw err
+    }
+  }catch(err){
+    logger.error(`[${connection_name}] connection error : ${err.toString()}`)
+    throw err
+  }finally{
+    try{
+      await conn.end()
+    }catch(e){
+      logger.error(`[${connection_name}] ${e}`)
+      throw e
+    }
+  }
+}
 module.exports = MySql
diff --git a/server/src/lib/postgres.js b/server/src/lib/postgres.js
index c41fa0ae..e437a2a0 100644
--- a/server/src/lib/postgres.js
+++ b/server/src/lib/postgres.js
@@ -5,41 +5,34 @@ const Credential = require('../models/credential.model')
 
 Postgres = {}
 
-Postgres.query=function(connection_name,query){
+// rewritten with await 5.0.3
+Postgres.query = async function (connection_name, query) {
+  var creds = await Credential.findByName(connection_name)
+  var config = {
+      host: creds.host,
+      user: creds.user,
+      password: creds.password,
+      database: creds.db_name||creds.user,
+      port: creds.port,
+  };
+  var client
+  try{
+    client = new Client(config)
+    await client.connect()
+    var result = await client.query(query)
+    return result?.rows
+  }catch(err){
+    logger.error(`[${connection_name}] query error`,err)
+    throw err
+  }finally{
+    try{
+      // logger.debug("["+connection_name+"] Closing connection")
+      await client.end()
+    }catch(e){
+      logger.error(`[${connection_name}] connection error`,e)
+      throw e
+    }
+  }
+}
 
-  return Credential.findByName(connection_name)
-  .then((creds)=>{
-    var config = {
-        host: creds.host,
-        user: creds.user,
-        password: creds.password,
-        database: creds.db_name||creds.user,
-        port: creds.port,
-    };
-    // console.log(config)
-    return config
-  })  
-  .then((config)=>{
-    logger.debug(`[${connection_name}] query : ${query}`)
-    return new Promise((resolve,reject)=>{
-      var client
-      try{
-        client = new Client(config)
-        return client.connect()
-        .then(() => client.query(query))
-        .catch((err)=>{ reject(`[${connection_name}] connection error : ${err.toString()}`) })
-        .then((result)=>{
-            logger.debug("["+connection_name+"] Closing connection")
-            client.end()
-            resolve(result?.rows)
-        }).catch((err)=>{
-          reject(`[${connection_name}] query error : ${err.toString()}`)
-        })
-      }catch(err){
-        reject(`[${connection_name}] connection error : ${err.toString()}`)
-      }
-    })
-
-  })
-};
 module.exports = Postgres
diff --git a/server/src/models/db.model.js b/server/src/models/db.model.js
index a106db1c..7dd1a570 100644
--- a/server/src/models/db.model.js
+++ b/server/src/models/db.model.js
@@ -1,51 +1,44 @@
 //- MYSQL Module
 const logger = require('../lib/logger');
 const dbConfig = require('../../config/db.config')
-const client = require('mysql2');
+const client = require('mysql2/promise');
+const appConfig = require('../../config/app.config')
 
 dbConfig.multipleStatements=true
 delete dbConfig.name // remove unsupported property
 delete dbConfig.is_database // remove unsupported property
 MySql = {}
 
-MySql.do=function(query,vars,silent=false){
-  return new Promise((resolve,reject) => {
-    if(!silent){
-      logger.info("[ansibleforms] running query : " + query)
+// rewritten with await 5.0.3
+MySql.do = async function (query, vars, silent = false) {
+  if (!silent && appConfig.enableDbQueryLogging) {
+    logger.info('[ansibleforms] running query : ' + query)
+  }
+  var conn
+  try {
+    conn = await client.createConnection(dbConfig)
+  } catch (err) {
+    logger.error('[ansibleforms] Connection error : ' + err)
+    throw err
+  }
+  try {
+    const [result] = await conn.query(query, vars)
+    if (!silent && appConfig.enableDbQueryLogging) {
+      logger.debug('[ansibleforms] query result : ' + JSON.stringify(result))
     }
-    var conn
-    try{
-      var conn = client.createConnection(dbConfig)
-    }catch(err){
-      logger.error("[ansibleforms] Connection error : " + err)
-      reject(err)
+    return result
+  } catch (err) {
+    logger.error('[ansibleforms] Query error : ' + err)
+    throw err
+  } finally {
+    try {
+      await conn.end()
+    } catch (e) {
+      logger.error('[ansibleforms] ' + e)
+      throw e
     }
-    try{
-      conn.query(query,vars,function(err,result){
-        // logger.debug("[ansibleforms] Closing connection")
-        try{
-          conn.end()
-        }catch(e){}
-        if(err){
-          logger.error("[ansibleforms] Query error : " + err)
-          reject(err)
-        }else{
-          if(!silent){
-            logger.debug("[ansibleforms] query result : " + JSON.stringify(result))
-          }
-          resolve(result)
-        }
-      })
-    }catch(err){
-      // logger.debug("[ansibleforms] Closing connection")
-      try{
-        conn.end()
-      }catch(e){}
-      logger.error("[ansibleforms] " + err)
-      reject(err)
-    }
-  })
-};
+  }
+}
 
 
 module.exports = MySql

From 2b018f376a07930236c29a2b2ae7d3a67b95d2a9 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:03:02 +0200
Subject: [PATCH 16/39] typo in template

---
 server/src/models/job.model.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/models/job.model.js b/server/src/models/job.model.js
index 53d9c271..a96aa70e 100644
--- a/server/src/models/job.model.js
+++ b/server/src/models/job.model.js
@@ -641,7 +641,7 @@ Job.sendStatusNotification = async function(jobid){
       var logo = `${url}${appConfig.baseUrl}assets/img/logo.png`
       message = message.replace("${message}",job.output.replaceAll("\r\n","<br>"))
                       .replaceAll("${url}",url)
-                      .replaceAll("${baseurl",appConfig.baseUrl)
+                      .replaceAll("${baseurl}",appConfig.baseUrl)
                       .replaceAll("${jobid}",jobid)
                       .replaceAll("${title}",subject)
                       .replaceAll("${logo}",logo)

From 22d326f242b4640597c05239c89707225b57f331 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:03:25 +0200
Subject: [PATCH 17/39] add forms yaml in db

---
 server/src/models/schema.model.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/src/models/schema.model.js b/server/src/models/schema.model.js
index 5de7a76c..63866c1c 100644
--- a/server/src/models/schema.model.js
+++ b/server/src/models/schema.model.js
@@ -290,13 +290,17 @@ function patchAll(){
 
   buffer = fs.readFileSync(`${__dirname}/../db/create_oidc_table.sql`)
   sql = buffer.toString()
-  tablePromises.push(addTable("oidc",sql)) // add oidc table
+  tablePromises.push(addTable("oidc",sql)) // add oidc table  // added in 5.0.2
 
   buffer = fs.readFileSync(`${__dirname}/../db/create_repositories_table.sql`)
   sql = buffer.toString()
   tablePromises.push(addTable("repositories",sql)) // add repositories table
 
   tablePromises.push(addColumn("azuread","groupfilter","varchar(250)",true,"NULL"))  // add column to limit azuread groups
+
+  tablePromises.push(addColumn("settings","forms_yaml","longtext",true,"NULL"))  // add forms_yaml column
+  tablePromises.push(setUtf8mb4CharacterSet("settings","forms_yaml","longtext")) // allow emoticon or utf16 characters  
+
   //tablePromises.push(addRecord("settings",["mail_server","mail_port","mail_secure","mail_username","mail_password","mail_from","url"],["''",25,0,"''","''","''","''"]))
   // buffer=fs.readFileSync(`${__dirname}/../db/create_settings_table.sql`)
   // sql=buffer.toString();

From b329053577b19e28cd0c696ab852172314ec1292 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:04:58 +0200
Subject: [PATCH 18/39] be consistent with capitals

---
 server/src/controllers/config.controller.js | 16 ++++++-------
 server/src/controllers/login.controller.js  | 26 ++++++++++-----------
 server/src/lib/common.js                    |  4 ++--
 server/src/models/azureAd.model.js          |  2 +-
 server/src/models/ldap.model.js             |  6 ++---
 5 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/server/src/controllers/config.controller.js b/server/src/controllers/config.controller.js
index 8ddc9859..6339ef4b 100644
--- a/server/src/controllers/config.controller.js
+++ b/server/src/controllers/config.controller.js
@@ -4,7 +4,7 @@ const Lock=require("../models/lock.model")
 const Help=require("../models/help.model")
 const path=require("path")
 const logger=require("../lib/logger")
-const Helpers=require("../lib/common")
+const helpers=require("../lib/common")
 const YAML=require("yaml")
 var RestResult = require('../models/restResult.model');
 const {inspect} = require("node:util")
@@ -13,7 +13,7 @@ exports.findAll = async function(req,res){
     var forms = await Form.load()
     res.json(forms)
   }catch(err){
-    res.json({error:Helpers.getError(err)})
+    res.json({error:helpers.getError(err)})
   }
 }
 
@@ -22,7 +22,7 @@ exports.backups = function(req,res){
     var backups = Form.backups()
     res.json(backups)
   }catch(err){
-    res.json({error:Helpers.getError(err)})
+    res.json({error:helpers.getError(err)})
   }
 }
 exports.env = function(req,res){
@@ -67,7 +67,7 @@ exports.restore = async function(req,res){
     }
   }catch(err){
     logger.error("Failed to get lock : ",err)
-    res.json(new RestResult("error","Failed to restore forms",null,Helpers.getError(err,"Failed to get lock : ")))
+    res.json(new RestResult("error","Failed to restore forms",null,helpers.getError(err,"Failed to get lock : ")))
     return true
   }
   if(lock.match || lock.free){
@@ -85,7 +85,7 @@ exports.restore = async function(req,res){
         res.json(new RestResult("error",`Failed to restore, no backup name provided`,null,"Failed to restore forms"))
       }
     }catch(err){
-      res.json(new RestResult("error","Failed to restore forms",null,Helpers.getError(err)))
+      res.json(new RestResult("error","Failed to restore forms",null,helpers.getError(err)))
     }
   }else{
     res.json(new RestResult("error","Failed to restore forms",null,"Designer is locked by "+lock.username))
@@ -101,7 +101,7 @@ exports.save = async function(req,res){
     }
   }catch(err){
     logger.error("Failed to get lock : ",err)
-    res.json(new RestResult("error","Failed to save forms",null,Helpers.getError(err,"Faild to get lock")))
+    res.json(new RestResult("error","Failed to save forms",null,helpers.getError(err,"Faild to get lock")))
     return true
   }
   if(lock.match || lock.free){
@@ -118,7 +118,7 @@ exports.save = async function(req,res){
           res.json(new RestResult("error","Failed to save forms",null,"Failed to save forms"))
         }
       }catch(err){
-        res.json(new RestResult("error","Failed to save forms",null,Helpers.getError(err)))
+        res.json(new RestResult("error","Failed to save forms",null,helpers.getError(err)))
       }
     }
   }else{
@@ -143,7 +143,7 @@ exports.validate = function(req,res){
         res.json(new RestResult("error","Failed to validate new forms config",null,"Failed to validate new forms config"))
       }
     }catch(err){
-      res.json(new RestResult("error","Failed to validate new forms config",null,Helpers.getError(err)))
+      res.json(new RestResult("error","Failed to validate new forms config",null,helpers.getError(err)))
     }
   }
 }
diff --git a/server/src/controllers/login.controller.js b/server/src/controllers/login.controller.js
index 8f1cf5a5..f611f46e 100644
--- a/server/src/controllers/login.controller.js
+++ b/server/src/controllers/login.controller.js
@@ -7,7 +7,7 @@ const jwt = require('jsonwebtoken');
 var authConfig = require('../../config/auth.config')
 const logger=require("../lib/logger");
 const {inspect}=require("node:util")
-const Helpers=require('../lib/common')
+const helpers=require('../lib/common')
 const RestResult = require("../models/restResult.model")
 const auth_oidc = require("../auth/auth_oidc");
 
@@ -51,7 +51,7 @@ exports.settings = async function(req,res){
       res.json(new RestResult("success","",settings,""))
     })
   })
-  .catch((err)=>{res.json(new RestResult("error","failed to get app settings",null,Helpers.getError(err)))})
+  .catch((err)=>{res.json(new RestResult("error","failed to get app settings",null,helpers.getError(err)))})
 }
 // basic authentication with local users
 exports.basic = async function(req, res,next) {
@@ -63,7 +63,7 @@ exports.basic = async function(req, res,next) {
       async (err, user) => {
         try {
           // if we have an error; we return it
-          var e=Helpers.getError(err)
+          var e=helpers.getError(err)
           if (e || !user) {
             // basic authentication returned no result, move to next middleware (ldap)
             if(e.includes('not found')){
@@ -86,7 +86,7 @@ exports.basic = async function(req, res,next) {
             { session: false },
             async (error) => {
               if (error){
-                logger.error(Helpers.getError(error))
+                logger.error(helpers.getError(error))
                 //return next(error);
               }
               // send the tokens to the requester
@@ -98,7 +98,7 @@ exports.basic = async function(req, res,next) {
             }
           );
         } catch (error) {
-          logger.error(Helpers.getError(error))
+          logger.error(helpers.getError(error))
           //return next(error);
         }
       }
@@ -114,7 +114,7 @@ exports.basic_ldap = async function(req, res,next) {
     async (err, user) => {
       try {
         // if we have an error; we return it
-        var e=Helpers.getError(err)
+        var e=helpers.getError(err)
         if (e || !user) {
           var error={token:""}
           if(e){
@@ -132,7 +132,7 @@ exports.basic_ldap = async function(req, res,next) {
           { session: false },
           async (error) => {
             if (error){
-              logger.error(Helpers.getError(error))
+              logger.error(helpers.getError(error))
               return next(error);
             }
             // send the tokens to the requester
@@ -144,7 +144,7 @@ exports.basic_ldap = async function(req, res,next) {
           }
         );
       } catch (error) {
-        logger.error(Helpers.getError(error))
+        logger.error(helpers.getError(error))
         return next(error);
       }
     }
@@ -157,7 +157,7 @@ exports.basic_ldap = async function(req, res,next) {
 exports.logout = async function(req, res, next){
   req.logout((err) => {
     if (err) {
-      logger.error(Helpers.getError(error))
+      logger.error(helpers.getError(error))
       return next(err)
     }
     const auth_oidc = require('../auth/auth_oidc');
@@ -181,14 +181,14 @@ const authCallback = function(req, res, next, type='azuread') {
     try {
       // if we have an error; we return it
       if (err) {
-        logger.error(Helpers.getError(err))
+        logger.error(helpers.getError(err))
         return next(err)
       }else{
         res.redirect(`/#/login?token=${token}`)
       }
 
     } catch (err) {
-      logger.error(Helpers.getError(err))
+      logger.error(helpers.getError(err))
       return next(err)
     }
   }
@@ -245,7 +245,7 @@ exports.azureadoauth2login = async function(req, res,next) {
   try {
     await tokenLogin('azuread', req, res, next)
   } catch(err){
-    logger.error(Helpers.getError(err))
+    logger.error(helpers.getError(err))
     next(err)
   }
 };
@@ -266,7 +266,7 @@ exports.oidcLogin = async function(req, res, next) {
   try {
     await tokenLogin('oidc', req, res, next)
   } catch(err){
-    logger.error(Helpers.getError(err))
+    logger.error(helpers.getError(err))
     next(err)
   }
 };
diff --git a/server/src/lib/common.js b/server/src/lib/common.js
index 2badfc33..34a1e210 100644
--- a/server/src/lib/common.js
+++ b/server/src/lib/common.js
@@ -1,4 +1,4 @@
-const Certinfo=require("cert-info")
+const certinfo=require("cert-info")
 const restResult=require("../models/restResult.model")
 const logger=require("./logger")
 const config=require("../../config/app.config")
@@ -55,7 +55,7 @@ Helpers.checkCertificate=function(cert){
       logger.debug("Base64 is valid...")
       try{
         var tmp
-        tmp = Certinfo.info(c)
+        tmp = certinfo.info(c)
         logger.debug(JSON.stringify(tmp))
       }catch(e){
         logger.error("Certificate cannot be parsed...")
diff --git a/server/src/models/azureAd.model.js b/server/src/models/azureAd.model.js
index c80e9800..7fe1cb71 100644
--- a/server/src/models/azureAd.model.js
+++ b/server/src/models/azureAd.model.js
@@ -1,7 +1,7 @@
 'use strict';
 const logger=require("../lib/logger");
 const mysql=require("./db.model")
-const Helpers=require("../lib/common")
+const helpers=require("../lib/common")
 const YAML=require("yaml")
 const {encrypt,decrypt} = require("../lib/crypto")
 
diff --git a/server/src/models/ldap.model.js b/server/src/models/ldap.model.js
index 14749b40..6ce4e18e 100644
--- a/server/src/models/ldap.model.js
+++ b/server/src/models/ldap.model.js
@@ -1,7 +1,7 @@
 'use strict';
 const logger=require("../lib/logger");
 const mysql=require("./db.model")
-const Helpers=require("../lib/common")
+const helpers=require("../lib/common")
 const YAML=require("yaml")
 const {encrypt,decrypt} = require("../lib/crypto")
 
@@ -81,10 +81,10 @@ Ldap.check = function(ldapConfig){
     // console.log(options)
     // ldap-authentication has bad cert check, so we check first !!
     if(ldapConfig.enable_tls && !(ldapConfig.ignore_certs==1)){
-      if(!Helpers.checkCertificate(ldapConfig.cert)){
+      if(!helpers.checkCertificate(ldapConfig.cert)){
         badCertificates=true
       }
-      if(!Helpers.checkCertificate(ldapConfig.ca_bundle)){
+      if(!helpers.checkCertificate(ldapConfig.ca_bundle)){
         badCertificates=true
       }
     }else{

From 514c517ddff553966b56df09b86f335cbb854d9b Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:05:36 +0200
Subject: [PATCH 19/39] strip last slash from baseurl

---
 server/config/app.config.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/config/app.config.js b/server/config/app.config.js
index d2c9844c..111d05c2 100644
--- a/server/config/app.config.js
+++ b/server/config/app.config.js
@@ -2,7 +2,7 @@ const logger=require("../src/lib/logger");
 const path=require("path")
 var app_config = {
   port: process.env.PORT || 8000,
-  baseUrl: process.env.BASE_URL || "/",
+  baseUrl: process.env.BASE_URL?.replace(/\/$/, "") || "/",
   nodeEnvironment: process.env.NODE_ENV || "production",
   showDesigner: (process.env.SHOW_DESIGNER ?? 1)==1,
   allowSchemaCreation: (process.env.ALLOW_SCHEMA_CREATION ?? 1)==1,
@@ -16,6 +16,8 @@ var app_config = {
   repoPath: process.env.REPO_PATH || path.resolve(__dirname + "/../persistent/repositories"),
   formsBackupPath: process.env.FORMS_BACKUP_PATH || path.resolve(__dirname + "/../persistent/forms_backups"),
   oldBackupDays: process.env.OLD_BACKUP_DAYS || 60,
-  filterJobOutputRegex: process.env.REGEX_FILTER_JOB_OUTPUT || "\\[low\\]"
+  filterJobOutputRegex: process.env.REGEX_FILTER_JOB_OUTPUT || "\\[low\\]",
+  enableBypass: (process.env.ENABLE_BYPASS ?? 0)==1,
+  enableDbQueryLogging: (process.env.ENABLE_DB_QUERY_LOGGING ?? 0)==1,
 };
 module.exports = app_config;

From 81a6c73f4953b3c86c9ccea52aadd82dfa3f521c Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:05:53 +0200
Subject: [PATCH 20/39] enable admin bypass

---
 server/src/auth/auth_basic.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/server/src/auth/auth_basic.js b/server/src/auth/auth_basic.js
index 5e1d9f82..ad18b6de 100644
--- a/server/src/auth/auth_basic.js
+++ b/server/src/auth/auth_basic.js
@@ -2,6 +2,7 @@ const passport = require('passport');
 const basicStrategy = require('modern-passport-http').BasicStrategy;
 const User = require('./../models/user.model');
 const authConfig = require('../../config/auth.config.js')
+const appConfig = require('../../config/app.config.js')
 const logger=require("../lib/logger");
 const Helpers = require('../lib/common');
 const Ldap = require('../models/ldap.model')
@@ -14,6 +15,16 @@ passport.use(
     async (username, password, done) => {
       // authentication against database first
       try{
+        if(appConfig.enableBypass){
+          user = {}
+          user.id = 0
+          user.username = 'bypass admin'
+          user.type = 'bypass'
+          user.groups = []
+          user.roles = ['admin']
+          logger.warning("Logging in with bypass")
+          return done(null,user)
+        }
         var user = await User.authenticate(username,password)
           .then(async (result)=>{
             var user = {}

From e18782699e68389432716e01b75e8d279e65d789 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:06:10 +0200
Subject: [PATCH 21/39] start with async await

---
 server/src/models/credential.model.js | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/server/src/models/credential.model.js b/server/src/models/credential.model.js
index ffc0e9ff..6069ef9c 100644
--- a/server/src/models/credential.model.js
+++ b/server/src/models/credential.model.js
@@ -24,26 +24,26 @@ var Credential=function(credential){
     this.db_type = credential.db_type;
 };
 
-Credential.create = function (record) {
+Credential.create = async function (record) {
     logger.info(`Creating credential ${record.name}`)
-    return mysql.do("INSERT INTO AnsibleForms.`credentials` set ?", record)
-    .then((res)=>{ return res.insertId })
+    var res = await mysql.do("INSERT INTO AnsibleForms.`credentials` set ?", record)
+    return res.insertId
 };
-Credential.update = function (record,id) {
+Credential.update = async function (record,id) {
     logger.info(`Updating credential ${record.name}`)
-    return mysql.do("UPDATE AnsibleForms.`credentials` set ? WHERE id=?", [record,id])
-    .then((res)=>{
-      cache.del(record.name)
-      return res
-    })
+    var res = await mysql.do("UPDATE AnsibleForms.`credentials` set ? WHERE id=?", [record,id])
+    cache.del(record.name)
+    return res
 };
-Credential.delete = function(id){
+Credential.delete = async function(id){
     logger.info(`Deleting credential ${id}`)
-    return mysql.do("DELETE FROM AnsibleForms.`credentials` WHERE id = ? AND name<>'admins'", [id])
+    var res = await mysql.do("DELETE FROM AnsibleForms.`credentials` WHERE id = ? AND name<>'admins'", [id])
+    return res
 };
-Credential.findAll = function () {
+Credential.findAll = async function () {
     logger.info("Finding all credentials")
-    return mysql.do("SELECT id,name,user,host,port,description,secure,db_type,db_name,is_database FROM AnsibleForms.`credentials`;")
+    var res = await mysql.do("SELECT id,name,user,host,port,description,secure,db_type,db_name,is_database FROM AnsibleForms.`credentials`;")
+    return res
 };
 Credential.findById = function (id) {
     logger.info(`Finding credential ${id}`)

From 19c05887697a8f65f61b9c199a1824b437507b97 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:06:37 +0200
Subject: [PATCH 22/39] load forms from database

---
 server/src/models/form.model.js | 49 +++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 17 deletions(-)

diff --git a/server/src/models/form.model.js b/server/src/models/form.model.js
index b83c3703..44ce0601 100644
--- a/server/src/models/form.model.js
+++ b/server/src/models/form.model.js
@@ -15,6 +15,7 @@ const Repository = require('./repository.model')
 const Helpers = require("../lib/common")
 const {inspect} = require("node:util");
 const Repo = require('./repo.model');
+const Settings = require('./settings.model');
 
 const backupPath = appConfig.formsBackupPath
 
@@ -81,8 +82,17 @@ Form.load = async function() {
 
   var forms=undefined
   var rawdata=undefined
-  var appFormsPath = (await Repository.getFormsPath()) || appConfig.formsPath
-  logger.info(`Loading ${appFormsPath}`)  
+
+  var settings = await Settings.find()
+  var appFormsPath=undefined
+  if(settings.forms_yaml){
+    logger.info(`Using forms yaml from database`)
+    appFormsPath = (await Repository.getFormsPath(false)) || appConfig.formsPath    
+  }else{
+    appFormsPath = (await Repository.getFormsPath()) || appConfig.formsPath    
+    logger.info(`Loading ${appFormsPath}`)  
+  }
+
   var formsdirpath=path.join(path.dirname(appFormsPath),"/forms");
   var formslibdirpath=path.join(path.dirname(appFormsPath),"/lib");
   var formfilesraw=[]
@@ -98,22 +108,27 @@ Form.load = async function() {
   try{
     // read base forms.yaml
     rawdata = '';
-    try {
-      if (appConfig.useYtt) {
-        logger.info(`interpreting ${appFormsPath} with ytt.`);
-        logger.debug(`executing 'ytt -f ${appFormsPath} -f ${formslibdirpath}${ytt_env_data_opt}${yttLibDataOpts}'`)
-        rawdata = execSync(
-            `ytt -f ${appFormsPath} -f ${formslibdirpath}${ytt_env_data_opt}${yttLibDataOpts}`,
-            {
-              env: process.env,
-              encoding: 'utf-8'
-            }
-        );
-      } else {
-        rawdata = fs.readFileSync(appFormsPath, 'utf8');
+    if(settings.forms_yaml){
+      rawdata = settings.forms_yaml // loading from db
+      // console.log(rawdata)
+    }else{
+      try {
+        if (appConfig.useYtt) {
+          logger.info(`interpreting ${appFormsPath} with ytt.`);
+          logger.debug(`executing 'ytt -f ${appFormsPath} -f ${formslibdirpath}${ytt_env_data_opt}${yttLibDataOpts}'`)
+          rawdata = execSync(
+              `ytt -f ${appFormsPath} -f ${formslibdirpath}${ytt_env_data_opt}${yttLibDataOpts}`,
+              {
+                env: process.env,
+                encoding: 'utf-8'
+              }
+          );
+        } else {
+          rawdata = fs.readFileSync(appFormsPath, 'utf8');
+        }
+      } catch (e) {
+        logger.error(`failed to load '${appFormsPath}'.\n${e}`);
       }
-    } catch (e) {
-      logger.error(`failed to load '${appFormsPath}'.\n${e}`);
     }
     // read extra form files
     try{

From f9c744ca734da0c869a9cbb3c08ad935300c59ef Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:07:04 +0200
Subject: [PATCH 23/39] add forms.yaml to db

---
 server/src/models/settings.model.js  | 22 +++++++++++++++++++++-
 server/src/routes/settings.routes.js |  2 ++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/server/src/models/settings.model.js b/server/src/models/settings.model.js
index ae79bc08..56c61034 100644
--- a/server/src/models/settings.model.js
+++ b/server/src/models/settings.model.js
@@ -1,9 +1,12 @@
 'use strict';
 const logger=require("../lib/logger");
 const mysql=require("./db.model")
-const Helpers=require("../lib/common")
+const helpers=require("../lib/common")
 const nodemailer=require("nodemailer")
 const {encrypt,decrypt} = require("../lib/crypto")
+const Repository = require('./repository.model')
+const appConfig = require("./../../config/app.config")
+const fs = require('fs')
 
 //mail object create
 var Settings=function(settings){
@@ -16,11 +19,28 @@ var Settings=function(settings){
     }
     this.mail_from = settings.mail_from;
     this.url = settings.url;
+    this.forms_yaml = settings.forms_yaml || "";
 };
 Settings.update = function (record) {
     logger.info(`Updating settings`)
     return mysql.do("UPDATE AnsibleForms.`settings` set ?", record)
 };
+Settings.importFormsFileFromYaml = async function(){
+
+  var appFormsPath = (await Repository.getFormsPath()) || appConfig.formsPath   
+  if(!fs.existsSync(appFormsPath)){
+    logger.error(`Forms path ${appFormsPath} doesn't exist`)
+    throw new Error(`Forms path ${appFormsPath} doesn't exist`)
+  }else{
+    logger.notice(`Loading ${appFormsPath} into the database`)  
+    let formsFile = fs.readFileSync(appFormsPath, 'utf8')
+    var settings = await Settings.find()
+    settings.forms_yaml = formsFile
+    await Settings.update(settings)
+    return "Forms.yaml imported successfully"
+  }
+
+}
 Settings.find = function () {
 
   return mysql.do("SELECT * FROM AnsibleForms.`settings` limit 1;")
diff --git a/server/src/routes/settings.routes.js b/server/src/routes/settings.routes.js
index d0d021e4..a0d70111 100644
--- a/server/src/routes/settings.routes.js
+++ b/server/src/routes/settings.routes.js
@@ -5,6 +5,8 @@ const settingsController =   require('../controllers/settings.controller');
 router.get('/', settingsController.find);
 // Set settings
 router.put('/', settingsController.update);
+// Load forms from yaml
+router.put('/importFormsFileFromYaml', settingsController.importFormsFileFromYaml);
 // Test settings
 router.post('/mailcheck/', settingsController.mailcheck);
 

From f7137880420f46c230283f1db101bd6842023849 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:07:26 +0200
Subject: [PATCH 24/39] load forms from db

---
 server/src/models/repository.model.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/src/models/repository.model.js b/server/src/models/repository.model.js
index f9eb97ea..91a9ca88 100644
--- a/server/src/models/repository.model.js
+++ b/server/src/models/repository.model.js
@@ -124,13 +124,16 @@ Repository.hasFormsRepository = async function(){
     return false
   }
 }
-Repository.getFormsPath = async function(){
+Repository.getFormsPath = async function(searchYaml=true){
   try{
     var repositories = await mysql.do("SELECT name FROM AnsibleForms.`repositories` WHERE use_for_forms")
     if(repositories.length>0){
 
       var repoPath = path.join(appConfig.repoPath,repositories[0].name)
-      fs.accessSync(path.join(repoPath,"forms.yaml"))
+      if(searchYaml){
+        // logger.debug("Checking if forms.yaml exists...")
+        fs.accessSync(path.join(repoPath,"forms.yaml"))
+      }
       return path.join(repoPath,"forms.yaml")
     }
     return ""

From 76cd6156f43455bfa0c0fe01f54924f772b28b9c Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:07:44 +0200
Subject: [PATCH 25/39] import forms to db

---
 server/src/controllers/settings.controller.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/server/src/controllers/settings.controller.js b/server/src/controllers/settings.controller.js
index 9b40da71..d9289eb0 100644
--- a/server/src/controllers/settings.controller.js
+++ b/server/src/controllers/settings.controller.js
@@ -2,16 +2,18 @@
 const Settings = require('../models/settings.model');
 var RestResult = require('../models/restResult.model');
 const logger = require('../lib/logger');
+const Helpers = require('../lib/common');
+
 
 exports.find = function(req, res) {
     Settings.find()
       .then((settings)=>{res.json(new RestResult("success","Settings found",settings,""))})
-      .catch((err)=>{res.json(new RestResult("error","Failed to find settings",null,err.toString()))})
+      .catch((err)=>{res.json(new RestResult("error","Failed to find settings",null,Helpers.getError(err)))})
 };
 exports.mailcheck = function(req, res) {
   Settings.mailcheck(new Settings(req.body),req.body.to)
     .then((messageid)=>{res.json(new RestResult("success",`Mail sent with id ${messageid}`))})
-    .catch((err)=>{res.json(new RestResult("error","Mail check failed",null,err.toString()))})
+    .catch((err)=>{res.json(new RestResult("error","Mail check failed",null,Helpers.getError(err)))})
 };
 exports.update = function(req, res) {
     if(req.body.constructor === Object && Object.keys(req.body).length === 0){
@@ -19,6 +21,11 @@ exports.update = function(req, res) {
     }else{
         Settings.update(new Settings(req.body))
           .then(()=>{res.json(new RestResult("success","Settings updated",null,""))})
-          .catch((err)=>{res.json(new RestResult("error","Failed to update settings",null,err.toString()))})
+          .catch((err)=>{res.json(new RestResult("error","Failed to update settings",null,Helpers.getError(err)))})
     }
 };
+exports.importFormsFileFromYaml = function(req, res) {
+    Settings.importFormsFileFromYaml()
+      .then(()=>{res.json(new RestResult("success","Forms imported",null,""))})
+      .catch((err)=>{res.json(new RestResult("error","Failed to import forms.yaml",null,Helpers.getError(err)))})
+}
\ No newline at end of file

From 400c8015af54e209c41fe1c6b8c4d02e1d456b0f Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:08:08 +0200
Subject: [PATCH 26/39] add more help

---
 docs/_data/help.yaml | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/docs/_data/help.yaml b/docs/_data/help.yaml
index bf4fad31..8fca11ef 100644
--- a/docs/_data/help.yaml
+++ b/docs/_data/help.yaml
@@ -119,6 +119,33 @@
       If you use a different database, you might want to enable this option, to at the very least create the schema the very first time.  
       If you want to disable this option, set this variable to 0.
     version: 5.0.3      
+  - name: ENABLE_BYPASS
+    type: number
+    choices:
+    - name: 0
+      description: Disables the bypass admin authentication
+    - name: 1
+      description: Enables the bypass admin authentication
+    default: 0
+    short: Enable the bypass admin authentication
+    description: | 
+      When you have locked yourself out, you can enable the bypass admin authentication, by setting this variable to 1.  
+      This will allow you to login as temp admin with any combination of username and password.  You can then fix the issue and disable this option again.  
+      **Note** : This option will allow ANYONE to login as admin, so use with caution and disable as soon as possible.  
+    version: 5.0.3
+  - name: ENABLE_DB_QUERY_LOGGING
+    type: number
+    choices:
+    - name: 0
+      description: Disables the database query logging
+    - name: 1
+      description: Enables the database query logging
+    default: 0
+    short: Enable the database query logging
+    description: | 
+      When you want to see the database queries that are executed, you can enable this option by setting this variable to 1.  
+      introduced, due to massive amount of logging of database queries, which can be useful for debugging, but not for production.
+    version: 5.0.3    
   - name: SHOW_DESIGNER
     type: number
     choices:
@@ -1815,7 +1842,7 @@
                   The enum field will create a powerfull dropdown box with multi-column, multiselect and filter capabilities. The enum field can be used in 3 ways.
 
                   * **fixed list** : simply use the `values` property to set a fixed list
-                  * **database query** : you can use the query and dbConfig property to query a mysql, mssql, postgres or mongodb.
+                  * **database query** : you can use the query and dbConfig property to query a mysql, mssql, postgres, oracle or mongodb.
                   * **expression** : you can use the expression property to create data. in this case the output of the expression can be :
                     * **single item** : a single item like a string, integer, ...
                     * **array of items** : an array of strings, integers, ...
@@ -1837,7 +1864,7 @@
                 help: |
                   The expression field is the most powerfull field. It can calculate, manipulate, get, post, ... The expression can hold any type of information, array, objects, ... And the extravars-output will takeover the information. The expression field can be used in 2 ways.  
                     
-                  * **database query** : you can use the query and dbConfig property to query a mysql, mssql server, postgres or mongodb.
+                  * **database query** : you can use the query and dbConfig property to query a mysql, mssql server, postgres, oracle or mongodb.
                   * **expression** : you can use the expression property to create or retrieve data. in this case the output of the expression can be any type.  
                   The expression itself is pure javascript. You can do inline javascript or you can use a function. Read more on security concerns about expressions You can extend the functions with your own in the custom.js file. You can have synchronous and asynchronous functions. This allows you to retrieve any kind of data, whether it's reading a file or accessing a rest-api, or querying a foreign database. You can run the expression locally (`runLocal`) in the browser for simple expressions. This is faster and there is no limitation on the expression.  
                   Use the alias type `local` to quickly make an expression type with runLocal, hide and noOutput.  
@@ -1860,7 +1887,7 @@
                   A table field allows you to manually add multi object arrays.  
                   You can start from an empty list, but you can also retrieve existing data first using :  
 
-                  * **database query** : you can use the query and dbConfig property to query a mysql, mssql server, postgres or mongodb.
+                  * **database query** : you can use the query and dbConfig property to query a mysql, mssql server, postgres, oracle or mongodb.
                   * **expression** : you can use the expression property to create or retrieve data. in this case the output of the expression can be any type.    
                 examples:
                 - name: Table
@@ -2642,7 +2669,7 @@
             description: |
               When you want to query data from a database, you will need the proper connection information.  
               We use a credential name to lookup the connection details.  Legacy was to pass an object (name and type).  
-              Since version 5.0.2 you can just specify the name of the credential.  The type is fetched from the credential itself (mysql, mssql, postgres or mongodb). 
+              Since version 5.0.2 you can just specify the name of the credential.  The type is fetched from the credential itself (mysql, mssql, postgres, oracle or mongodb). 
               In case of no type set, mysql is assumed.   
               Additionally you can set an array of credential names, to use multiple databases with a single query.  The result will be a join of the results.  
               Doubles will not be removed automatically.  

From c0910bd96f55c57dd77c12b59ff7f4cb9f1941ca Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Thu, 20 Jun 2024 17:08:24 +0200
Subject: [PATCH 27/39] changes

---
 CHANGELOG.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a4bb8b2d..64ca4917 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,9 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+-   Option to disable/enable schema creation (ALLOW_SCHEMA_CREATION)
+-   Forms yaml can now be in the database (overriding the local file)
+-   Database queries are by default no longer logged, use ENABLE_DB_QUERY_LOGGING to enable it again
+-   Mongodb connection test
+
+### Changed
+
+-   Improved schema creation error messages and error handling
+-   Schema patching is now done at application initialization
+-   Rewrote database connections with await/async
+
 ### Fixed
 
 -   Vault credentials, alpine requires decode -d instead --decode
+-   Type on jobstatus notification template
 
 ## [5.0.2] - 2024-06-10
 

From a296f1d2c85f9ec026fff64b148546a38b021589 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:45:02 +0200
Subject: [PATCH 28/39] rewrote await async

---
 client/src/views/Schema.vue       |  11 +-
 server/src/models/schema.model.js | 563 +++++++++++++++---------------
 2 files changed, 286 insertions(+), 288 deletions(-)

diff --git a/client/src/views/Schema.vue b/client/src/views/Schema.vue
index 46a982c4..0cabc4b2 100644
--- a/client/src/views/Schema.vue
+++ b/client/src/views/Schema.vue
@@ -1,7 +1,7 @@
 <template>
   <section class="hero has-background-light is-fullheight">
     <div class="hero-body">
-      <div class="container">
+      <div v-if="!loading" class="container">
         <div class="columns is-centered">
           <div class="column is-6-tablet is-6-desktop is-6-widescreen">
             <div class="notification is-danger" v-if="error!=''" v-text="error"></div>
@@ -69,7 +69,8 @@
       },
       data() {
           return {
-              error:(this.errorMessage=="schema and tables are ok")?"":this.errorMessage
+              error:(this.errorMessage=="schema and tables are ok")?"":this.errorMessage,
+              loading:false
           }
       },
       computed:{
@@ -91,10 +92,12 @@
       methods: {
           create() {
             var ref=this
+            ref.loading=true
             this.$toast.info("Creating... wait a moment")
             axios.post(`${process.env.BASE_URL}api/v1/schema`,{})
               .then((result)=>{
-
+                this.$emit('recheckSchema')
+                ref.loading=false
                 if(result.data.status!="error"){
                   ref.error=""
                   this.$toast.success(result.data.message)
@@ -102,11 +105,9 @@
                 }else{
                   ref.error=result.data.message
                 }
-                console.log(result)
               }).catch(function (error) {
                   ref.error=error
               })
-            console.log("creating")
           }
       }
   }
diff --git a/server/src/models/schema.model.js b/server/src/models/schema.model.js
index 63866c1c..a969955e 100644
--- a/server/src/models/schema.model.js
+++ b/server/src/models/schema.model.js
@@ -5,7 +5,8 @@ const mysql = require("./db.model")
 const Helpers = require("../lib/common")
 const appConfig = require('../../config/app.config')
 const fs = require('fs');
-const NodeCache = require("node-cache")
+const NodeCache = require("node-cache");
+const { check } = require('./ldap.model');
 
 const cache = new NodeCache({
     stdTTL: 14400,
@@ -14,55 +15,48 @@ const cache = new NodeCache({
 //user object create
 var Schema=function(){
 };
-function handleError(err){
-  throw err
-}
 
-function checkSchema(){
+// Check if the AnsibleForms schema exists
+async function checkSchema(){
   var message
   var db="AnsibleForms"
   logger.debug("checking schema " + db)
-  return mysql.do(`SHOW DATABASES LIKE '${db}'`)
-    .then((res)=>{
-      if(res){
-        if(res.length>0){
-          message=`Schema '${db}' is present`
-          logger.debug(message)
-          return message
-        }else{
-          message=`Schema '${db}' is not present`
-          logger.warning(message)
-          var err = new Error(message)
-          err.result = {message:[message],data:{success:[],failed:[message]}}
-          throw err
-        }
-      }
-    })
+  var res = await mysql.do(`SHOW DATABASES LIKE '${db}'`)
+  if(res){
+    if(res.length>0){
+      message=`Schema '${db}' is present`
+      logger.debug(message)
+      return message
+    }else{
+      message=`Schema '${db}' is not present`
+      logger.warning(message)
+      var err = new Error(message)
+      err.result = {message:[message],data:{success:[],failed:[message]}}
+      throw err
+    }
+  }
 }
-function dropIndex(table,index){
+
+// Check if a table exists
+async function checkTable(table){
   var message
   var db="AnsibleForms"
-  logger.debug(`dropping index '${index}' on table '${table}'`)
-  var checksql = `SHOW INDEX FROM ${db}.${table} WHERE Key_name='${index}'`
-  var sql = `DROP INDEX \`PRIMARY\` ON ${db}.${table}`
-  return mysql.do(checksql)
-    .then((checkres)=>{
-      if(checkres.length>0){
-        return mysql.do(sql)
-      }
-      return false
-    })
-    .then((res)=>{
-      if(!res){
-        message=`Index '${index}' is already dropped on '${table}'`
-        logger.debug(message)
-        return message
-      }
-      message=`Index '${index}' dropped on '${table}'`
-      logger.warning(message)
-      return message
-    })
+  logger.debug("checking table " + table)
+  var sql = `SHOW TABLES FROM ${db} WHERE Tables_in_${db}='${table}'`
+  var res = await mysql.do(sql)
+
+  if(res.length>0){
+    message=`Table '${table}' is present`
+    logger.debug(message)
+    return message
+  }else{
+    message=`Table '${table}' is not present`
+    logger.warning(message)
+    throw new Error(message)
+  }
 }
+
+// PATCHING : add a column to a table
 function addColumn(table,name,fieldtype,nullable,defaultvalue){
   var message
   var db="AnsibleForms"
@@ -93,6 +87,8 @@ function addColumn(table,name,fieldtype,nullable,defaultvalue){
       return message
     })
 }
+
+// PATCHING : Add a table to the schema
 function addTable(table,sql){
   var message
   var db="AnsibleForms"
@@ -116,54 +112,8 @@ function addTable(table,sql){
       return message
     })
 }
-function renameColumn(table,name,newname,fieldtype){
-  var message
-  var db="AnsibleForms"
-  var checksql = `SHOW COLUMNS FROM ${db}.${table} WHERE Field='${newname}'`
-  var sql = `ALTER TABLE ${db}.${table} CHANGE \`${name}\` \`${newname}\` ${fieldtype}`
-  logger.debug(`rename column '${name}'->'${newname}' on table '${table}'`)
-  return mysql.do(checksql)
-    .then((checkres)=>{
-      if(checkres.length==0){
-        return mysql.do(sql)
-      }
-      return false
-    })
-    .then((res)=>{
-      if(!res){
-        message=`Column '${name}' is already present on '${table}'`
-        logger.debug(message)
-        return message
-      }
-      message=`renamed column '${name}'->'${newname}' on '${table}'`
-      logger.warning(message)
-      return message
-    })
-}
-function resizeColumn(table,name,fieldtype){
-  var message
-  var db="AnsibleForms"
-  var checksql = `SHOW COLUMNS FROM ${db}.${table} WHERE Field='${name}' and type='${fieldtype}'`
-  var sql = `ALTER TABLE ${db}.${table} MODIFY \`${name}\` ${fieldtype}`
-  logger.debug(`resize column '${name}'->'${fieldtype}' on table '${table}'`)
-  return mysql.do(checksql)
-    .then((checkres)=>{
-      if(checkres.length==0){
-        return mysql.do(sql)
-      }
-      return false
-    })
-    .then((res)=>{
-      if(!res){
-        message=`Column '${name}' has already correct size on '${table}'`
-        logger.debug(message)
-        return message
-      }
-      message=`resized column '${name}'->'${fieldtype}' on '${table}'`
-      logger.warning(message)
-      return message
-    })
-}
+
+// PATCHING : Set the charset of a column to utf8mb4
 function setUtf8mb4CharacterSet(table,name,fieldtype){
   var message
   var db="AnsibleForms"
@@ -188,229 +138,276 @@ function setUtf8mb4CharacterSet(table,name,fieldtype){
       return message
     })
 }
-function addRecord(table,names,values){
-  var message
-  var db="AnsibleForms"
-  logger.debug("checking record in table " + table)
-  var checksql = `SELECT * FROM ${db}.${table}`
-  var sql = `INSERT INTO ${db}.${table}(${names.join(",")}) VALUES(${values.join(",")});`
-  return mysql.do(checksql)
-    .then((checkres)=>{
-      if(checkres.length==0){
-        return mysql.do(sql)
-      }
-      return false
-    })
-    .then((res)=>{
-      if(!res){
-        message=`Record in '${table}' is present`
-        logger.debug(message)
-        return message
-      }
-      message=`added record in '${table}'`
-      logger.warning(message)
-      return message
-    })
-}
-function checkTable(table){
-  var message
-  var db="AnsibleForms"
-  logger.debug("checking table " + table)
-  var sql = `SHOW TABLES FROM ${db} WHERE Tables_in_${db}='${table}'`
-  return mysql.do(sql)
-    .then((res)=>{
-      if(res.length>0){
-        message=`Table '${table}' is present`
-        logger.debug(message)
-        return message
-      }else{
-        message=`Table '${table}' is not present`
-        logger.warning(message)
-        throw new Error(message)
-      }
-    })
 
-}
-function reflect(promise){
-    return promise.then(function(v){ return {v:v, status: "fulfilled" }},
-                        function(e){ return {e:e, status: "rejected" }});
-}
-function patchAll(){
-  var messages=[]
-  var success=[]
-  var failed=[]
-  var tablePromises=[]
+async function patchVersion4(messages,success,failed){
+
   var buffer
   var sql
-  // patches to db for v2.1.4
-  tablePromises.push(dropIndex("tokens","PRIMARY")) // drop primary ; allow multi devices
-  tablePromises.push(addColumn("tokens","timestamp","datetime",false,"current_timestamp()")) // add timestamp for cleanup
-  tablePromises.push(addColumn("awx","ignore_certs","tinyint(4)",true,"1")) // add for awx certficate validation
-  tablePromises.push(addColumn("awx","ca_bundle","text",true,"NULL")) // add for awx certficate validation
-  tablePromises.push(addColumn("jobs","job_type","varchar(20)",true,"NULL")) // add for git addition
-  tablePromises.push(addColumn("jobs","extravars","mediumtext",true,"NULL")) // add for extravars
-  tablePromises.push(addColumn("jobs","credentials","mediumtext",true,"NULL")) // add for credentials
-  tablePromises.push(addColumn("jobs","notifications","mediumtext",true,"NULL")) // add for notifications
-  tablePromises.push(addColumn("jobs","approval","mediumtext",true,"NULL")) // add for approval info
-  tablePromises.push(addColumn("jobs","parent_id","int(11)",true,"NULL")) // add for multistep
-  tablePromises.push(renameColumn("jobs","playbook","target","VARCHAR(250)")) // better column name
-  tablePromises.push(addColumn("jobs","step","varchar(250)",true,"NULL")) // add column to hold current step
-  tablePromises.push(addColumn("credentials","secure","tinyint(4)",true,"0")) // add column to have secure connection
-  tablePromises.push(addColumn("credentials","is_database","tinyint(4)",true,"1")) // add column to set credentials as database creds
-  tablePromises.push(addColumn("credentials","db_type","varchar(10)",true,"NULL")) // add column to have db type
-  tablePromises.push(addColumn("credentials","db_name","varchar(255)",true,"NULL")) // add column to have db type
-  tablePromises.push(addColumn("awx","username","varchar(255)",true,"NULL")) // add column to have user based awx connection
-  tablePromises.push(addColumn("awx","password","text",true,"NULL")) // add column to have user based awx connection
-  tablePromises.push(addColumn("awx","use_credentials","tinyint(4)",false,"0")) // add column to have user based awx connection
-  tablePromises.push(resizeColumn("tokens","username_type","VARCHAR(10)")) // azuread is longer
-  // patches to db for v4.0.10
-  tablePromises.push(setUtf8mb4CharacterSet("jobs","extravars","longtext")) // allow emoticon or utf16 character
-  tablePromises.push(setUtf8mb4CharacterSet("jobs","notifications","longtext")) // allow emoticon or utf16 character
-  tablePromises.push(setUtf8mb4CharacterSet("jobs","approval","longtext")) // allow emoticon or utf16 character
-  tablePromises.push(setUtf8mb4CharacterSet("job_output","output","longtext")) // allow emoticon or utf16 character
-  // patches to db for v4.0.20
-  tablePromises.push(addColumn("ldap","groups_search_base","varchar(250)",true,"NULL")) // add column to have groups search base  
-  tablePromises.push(addColumn("ldap","groups_attribute","varchar(250)",false,"'memberOf'")) // add column to have groups attribute  
-  tablePromises.push(addColumn("ldap","group_class","varchar(250)",true,"NULL")) // add column to have group class
-  tablePromises.push(addColumn("ldap","group_member_attribute","varchar(250)",true,"NULL")) // add column to have group member attribute
-  tablePromises.push(addColumn("ldap","group_member_user_attribute","varchar(250)",true,"NULL")) // add column to have group member user attribute
-  tablePromises.push(addColumn("ldap","is_advanced","tinyint(4)",true,"0")) // is advanced config
-  // patches to db for v5.0.1
-  tablePromises.push(addColumn("ldap","mail_attribute","varchar(250)",true,"NULL")) // add column to have mail attribute
-  tablePromises.push(addColumn("users","email","varchar(250)",true,"NULL")) // add column to have email
-  // patches to db for v5.0.2
-  tablePromises.push(addColumn("jobs","awx_id","int(11)",true,"NULL")) // add for future tracking
+
+  // patches to db for v4.x.x
+  // Before version 4.0.0, the schema was not utf8mb4, so we need to change the charset of some columns, due to some emoticons or utf16 characters
+  // Also the ldap was enhanced for openLDAP and required some additional columns
+  await checkPromise(setUtf8mb4CharacterSet("jobs","extravars","longtext"),messages,success,failed) // allow emoticon or utf16 character
+  await checkPromise(setUtf8mb4CharacterSet("jobs","notifications","longtext"),messages,success,failed) // allow emoticon or utf16 character
+  await checkPromise(setUtf8mb4CharacterSet("jobs","approval","longtext"),messages,success,failed) // allow emoticon or utf16 character
+  await checkPromise(setUtf8mb4CharacterSet("job_output","output","longtext"),messages,success,failed) // allow emoticon or utf16 character
+  await checkPromise(addColumn("ldap","groups_search_base","varchar(250)",true,"NULL"),messages,success,failed) // add column to have groups search base
+  await checkPromise(addColumn("ldap","groups_attribute","varchar(250)",false,"'memberOf'"),messages,success,failed) // add column to have groups attribute
+  await checkPromise(addColumn("ldap","group_class","varchar(250)",true,"NULL"),messages,success,failed) // add column to have group class
+  await checkPromise(addColumn("ldap","group_member_attribute","varchar(250)",true,"NULL"),messages,success,failed) // add column to have group member attribute
+  await checkPromise(addColumn("ldap","group_member_user_attribute","varchar(250)",true,"NULL"),messages,success,failed) // add column to have group member user attribute
+  await checkPromise(addColumn("ldap","is_advanced","tinyint(4)",true,"0"),messages,success,failed) // is advanced config
+  await checkPromise(addColumn("ldap","mail_attribute","varchar(250)",true,"NULL"),messages,success,failed) // add column to have mail attribute
+
+  // also the settings tables was not present before 4.0.0, it contains the URL and mail settings for notification
+  // later the column forms_yaml was added to store the forms in yaml format (but that was in 5.x.x)
   buffer = fs.readFileSync(`${__dirname}/../db/create_settings_table.sql`)
   sql = buffer.toString()
-  tablePromises.push(addTable("settings",sql)) // add settings table
-  
+  await checkPromise(addTable("settings",sql),messages,success,failed) // add settings table  
+
+}
+
+// PATCHING : Patch All
+async function patchVersion5(messages,success,failed){
+
+  var buffer
+  var sql
+
+  // patches to db for v5.x.x
+  // Before version 5, the users didn't have an email.  The was on request
+  // AF passes the user object and the email address can then be used in ansible for notifications
+  await checkPromise(addColumn("users","email","varchar(250)",true,"NULL"),messages,success,failed) // add column to have email
+
+  // Azure AD integration was added in 5.0.0, so we need to add the table and columns
   buffer = fs.readFileSync(`${__dirname}/../db/create_azuread_table.sql`)
   sql = buffer.toString()
-  tablePromises.push(addTable("azuread",sql)) // add azuread table
+  await checkPromise(addTable("azuread",sql),messages,success,failed) // add azuread table    
 
-  buffer = fs.readFileSync(`${__dirname}/../db/create_oidc_table.sql`)
-  sql = buffer.toString()
-  tablePromises.push(addTable("oidc",sql)) // add oidc table  // added in 5.0.2
+  // A bit later, the groupfilter was added to limit the groups that can be used in AF, because the list can be very long and that's part of the JWT token
+  // which introduced a limit 
+  await checkPromise(addColumn("azuread","groupfilter","varchar(250)",true,"NULL"),messages,success,failed)  // add column to limit azuread groups  
+
+  // on request, the awx_id was added to the jobs table, to later retrieve it for future tracking
+  await checkPromise(addColumn("jobs","awx_id","int(11)",true,"NULL"),messages,success,failed) // add for future tracking
 
+  // A new feature was added, the repositories table, to store the repositories for the forms and playbooks
+  // A real gamechanger, because now the forms and playbooks can be stored in a git repository
   buffer = fs.readFileSync(`${__dirname}/../db/create_repositories_table.sql`)
   sql = buffer.toString()
-  tablePromises.push(addTable("repositories",sql)) // add repositories table
-
-  tablePromises.push(addColumn("azuread","groupfilter","varchar(250)",true,"NULL"))  // add column to limit azuread groups
-
-  tablePromises.push(addColumn("settings","forms_yaml","longtext",true,"NULL"))  // add forms_yaml column
-  tablePromises.push(setUtf8mb4CharacterSet("settings","forms_yaml","longtext")) // allow emoticon or utf16 characters  
-
-  //tablePromises.push(addRecord("settings",["mail_server","mail_port","mail_secure","mail_username","mail_password","mail_from","url"],["''",25,0,"''","''","''","''"]))
-  // buffer=fs.readFileSync(`${__dirname}/../db/create_settings_table.sql`)
-  // sql=buffer.toString();
-  // tablePromises.push(addTable("settings",sql)) // add new table for overriding env variables
-  return Promise.all(tablePromises.map(reflect))
-    .then((results)=>{ // all table results are back
-        // separate success from failed
-        results.map(x => {
-          if(x.status === "fulfilled")
-            success.push(x.v)
-          if(x.status === "rejected")
-            failed.push(x.e)
-        })
-        messages=messages.concat(success).concat(failed); // overal message
-        logger.debug("Patching database finished")
-        if(failed.length==0){
-          logger.notice("Patching database successful")
-          return Promise.resolve(messages) // return success
-        }else {
-          return Promise.reject(failed) // throw failed
-        }
-      },
-      handleError
-    )
+  await checkPromise(addTable("repositories",sql),messages,success,failed) // add repositories table
+
+  // In a first pull requests, mdaug was so kind to contribute the oidc table, to have OpenID Connect integration
+  buffer = fs.readFileSync(`${__dirname}/../db/create_oidc_table.sql`)
+  sql = buffer.toString()
+  await checkPromise(addTable("oidc",sql),messages,success,failed) // add oidc table 
+
+  // In 5.0.3, the settings was extended with a new column, forms_yaml, to store the forms in yaml format
+  // If you use GIT to store the forms, but not the master forms.yaml, you can now store it in the database
+  
+  await checkPromise(addColumn("settings","forms_yaml","longtext",true,"NULL"),messages,success,failed)  // add forms_yaml column
+  await checkPromise(setUtf8mb4CharacterSet("settings","forms_yaml","longtext"),messages,success,failed) // allow emoticon or utf16 characters
+
 }
-function checkAll(){
+
+// PATCHING : Patch All
+async function patchAll(messages,success,failed){
+
+  var buffer
+  var sql
+
+  await checkPromise(patchVersion4(messages,success,failed),messages,success,failed)
+  await checkPromise(patchVersion5(messages,success,failed),messages,success,failed)
+
+}
+async function checkPromise(promise,messages,success,failed){
+  try{
+    var res = await promise
+    messages.push(res)
+    success.push(res)
+  }catch(e){
+    messages.push(e.message)
+    failed.push(e.message)
+  }
+}
+
+async function checkTables(tables,messages,success,failed){
+
+  for(var i=0;i<tables.length;i++){
+    await checkPromise(checkTable(tables[i]),messages,success,failed)
+  }
+
+}
+
+async function checkAll(){
   var messages=[]
   var success=[]
   var failed=[]
-  var tablePromises=[]
   var resultobj=undefined
   resultobj=cache.get('result')  // get from cache, we only check the schema once (or once a day)
   if(resultobj){
-    // logger.debug("Schema check from cache")
-    return Promise.resolve(resultobj)
+    logger.debug("Schema check from cache")
+    return resultobj
+  }
+
+  // check the database
+  await checkPromise(checkSchema(),messages,success,failed)
+
+  if(failed.length>0){
+    // if schema does not exist, we can't check the tables // throw now
+    resultobj={message:messages,data:{success:success,failed:failed}}
+    var err = new Error(messages.toString())
+    err.result = resultobj
+    throw err
+  }
+
+  // check all the tables
+  var tables=["credentials","groups","job_output","jobs","ldap","tokens","users","awx"]
+  await checkPromise(checkTables(tables,messages,success,failed),messages,success,failed)
+
+  if(failed.length>0){
+    // some of the tables are missing, we can't patch them // throw now
+    resultobj={message:messages,data:{success:success,failed:failed}}
+    var err = new Error(messages.toString())
+    err.result = resultobj
+    throw err
+  }
+
+  // patch the tables
+  await checkPromise(patchAll(messages,success,failed),messages,success,failed)
+
+  if(failed.length>0){
+    // some of the patches failed // throw now
+    resultobj={message:messages,data:{success:success,failed:failed}}
+    var err = new Error(messages.toString())
+    err.result = resultobj
+    throw err
   }
-  return checkSchema() // schema
-    .then((res)=>{     // if success
-      messages.push(res); // add schema result
-      success.push(res);  // add schema success
-      // check all tables as promise
-      tablePromises.push(checkTable("credentials"))
-      tablePromises.push(checkTable("groups"))
-      tablePromises.push(checkTable("job_output"))
-      tablePromises.push(checkTable("jobs"))
-      tablePromises.push(checkTable("ldap"))
-      tablePromises.push(checkTable("tokens"))
-      tablePromises.push(checkTable("users"))
-      tablePromises.push(checkTable("awx"))
-      // tablePromises.push(checkTable("settings"))
-      // wait for all results
-      return Promise.all(tablePromises.map(reflect)) // map succes status
-    },handleError) // stop if schema does not exist or other error (db connect failed ?)
-    .then((results)=>{ // all table results are back
-        // separate success from failed
-        results.map(x => {
-          if(x.status === "fulfilled")
-            success.push(x.v)
-          if(x.status === "rejected")
-            failed.push(x.e.message)
-        })
-        messages=messages.concat(success).concat(failed); // overal message
-        if(failed.length==0){
-          return patchAll().then((res)=>{
-            messages=messages.concat(res)
-            success=success.concat(res)
-            logger.debug("Schema check to cache")
-            resultobj={message:messages,data:{success:success,failed:failed}}
-            cache.set('result',resultobj)
-            return resultobj // return success
-          }).catch((res)=>{
-            messages=messages.concat(res)
-            failed=failed.concat(res)
-            var err = new Error(messages.toString())
-            err.result = {message:messages,data:{success:[],failed:failed}}
-            throw err
-          })
-        }else {
-          var err = new Error(messages.toString())
-          err.result = {message:messages,data:{success:success,failed:failed}}
-          throw err // throw failed
-        }
-      },
-      handleError
-    )
+
+  // all passed fine
+  logger.debug("Schema check to cache")
+  resultobj={message:messages,data:{success:success,failed:failed}}
+  cache.set('result',resultobj)
+  return resultobj
 }
 Schema.hasSchema = function(){
   return checkAll()
 }
-Schema.create = function () {
+Schema.create = async function () {
   logger.notice(`Trying to create database schema 'AnsibleForms' and tables`)
   if(appConfig.allowSchemaCreation){ // added in 5.0.3
     const buffer=fs.readFileSync(`${__dirname}/../db/create_schema_and_tables.sql`)
     const query=buffer.toString();
     cache.del('result') // clear cache
-    return mysql.do(query)
-      .then((res)=>{
-        if(res.length > 0){
-          logger.notice(`Created schema 'AnsibleForms' and tables`)
-          return `Created schema 'AnsibleForms' and tables`
-        }else{
-          var err = new Error(`Failed to create schema 'AnsibleForms' and/or tables`)
-          throw err
-        }
-        
-      })
+    var res = await mysql.do(query)
+    if(res.length > 0){
+      logger.notice(`Created schema 'AnsibleForms' and tables`)
+      return `Created schema 'AnsibleForms' and tables`
+    }else{
+      var err = new Error(`Failed to create schema 'AnsibleForms' and/or tables`)
+      throw err
+    }
+
   }else{
-    var err = new Error(`Schema creation is disabled`)
-    return Promise.reject(err)
+    throw new Error(`Schema creation is disabled`)
   }
 };
 
 module.exports= Schema;
+
+// function addRecord(table,names,values){
+//   var message
+//   var db="AnsibleForms"
+//   logger.debug("checking record in table " + table)
+//   var checksql = `SELECT * FROM ${db}.${table}`
+//   var sql = `INSERT INTO ${db}.${table}(${names.join(",")}) VALUES(${values.join(",")});`
+//   return mysql.do(checksql)
+//     .then((checkres)=>{
+//       if(checkres.length==0){
+//         return mysql.do(sql)
+//       }
+//       return false
+//     })
+//     .then((res)=>{
+//       if(!res){
+//         message=`Record in '${table}' is present`
+//         logger.debug(message)
+//         return message
+//       }
+//       message=`added record in '${table}'`
+//       logger.warning(message)
+//       return message
+//     })
+// }
+
+// function dropIndex(table,index){
+//   var message
+//   var db="AnsibleForms"
+//   logger.debug(`dropping index '${index}' on table '${table}'`)
+//   var checksql = `SHOW INDEX FROM ${db}.${table} WHERE Key_name='${index}'`
+//   var sql = `DROP INDEX \`PRIMARY\` ON ${db}.${table}`
+//   return mysql.do(checksql)
+//     .then((checkres)=>{
+//       if(checkres.length>0){
+//         return mysql.do(sql)
+//       }
+//       return false
+//     })
+//     .then((res)=>{
+//       if(!res){
+//         message=`Index '${index}' is already dropped on '${table}'`
+//         logger.debug(message)
+//         return message
+//       }
+//       message=`Index '${index}' dropped on '${table}'`
+//       logger.warning(message)
+//       return message
+//     })
+// }
+// function renameColumn(table,name,newname,fieldtype){
+//   var message
+//   var db="AnsibleForms"
+//   var checksql = `SHOW COLUMNS FROM ${db}.${table} WHERE Field='${newname}'`
+//   var sql = `ALTER TABLE ${db}.${table} CHANGE \`${name}\` \`${newname}\` ${fieldtype}`
+//   logger.debug(`rename column '${name}'->'${newname}' on table '${table}'`)
+//   return mysql.do(checksql)
+//     .then((checkres)=>{
+//       if(checkres.length==0){
+//         return mysql.do(sql)
+//       }
+//       return false
+//     })
+//     .then((res)=>{
+//       if(!res){
+//         message=`Column '${name}' is already present on '${table}'`
+//         logger.debug(message)
+//         return message
+//       }
+//       message=`renamed column '${name}'->'${newname}' on '${table}'`
+//       logger.warning(message)
+//       return message
+//     })
+// }
+// function resizeColumn(table,name,fieldtype){
+//   var message
+//   var db="AnsibleForms"
+//   var checksql = `SHOW COLUMNS FROM ${db}.${table} WHERE Field='${name}' and type='${fieldtype}'`
+//   var sql = `ALTER TABLE ${db}.${table} MODIFY \`${name}\` ${fieldtype}`
+//   logger.debug(`resize column '${name}'->'${fieldtype}' on table '${table}'`)
+//   return mysql.do(checksql)
+//     .then((checkres)=>{
+//       if(checkres.length==0){
+//         return mysql.do(sql)
+//       }
+//       return false
+//     })
+//     .then((res)=>{
+//       if(!res){
+//         message=`Column '${name}' has already correct size on '${table}'`
+//         logger.debug(message)
+//         return message
+//       }
+//       message=`resized column '${name}'->'${fieldtype}' on '${table}'`
+//       logger.warning(message)
+//       return message
+//     })
+// }
\ No newline at end of file

From e1dfd053d5133468c089dc5d2fb4ddd673a27f88 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:45:38 +0200
Subject: [PATCH 29/39] init broke the azuread and openid

---
 server/src/configure.js | 257 +++++++++++++++++++++-------------------
 1 file changed, 135 insertions(+), 122 deletions(-)

diff --git a/server/src/configure.js b/server/src/configure.js
index 148a97ff..22066cc2 100644
--- a/server/src/configure.js
+++ b/server/src/configure.js
@@ -23,135 +23,148 @@ const passport = require('passport');
 // a small custom middleware to check whether the user is administrator
 const checkAdminMiddleware = require('./lib/common').checkAdminMiddleware
 
-// our personal app settings
-const appConfig = require('../config/app.config')
-
 // start the app
 module.exports = app => {
 
+  // our personal app settings
+  const appConfig = require('../config/app.config')
+  const logger = require("./lib/logger");
+  const schemaRoutes = require("./routes/schema.routes");
+  const queryRoutes = require("./routes/query.routes");
+  const expressionRoutes = require("./routes/expression.routes");
+  const versionRoutes = require("./routes/version.routes");
+  const installRoutes = require("./routes/install.routes");
+  const lockRoutes = require("./routes/lock.routes");
+  const helpRoutes = require("./routes/help.routes");
+  const profileRoutes = require("./routes/profile.routes");
+  const loginRoutes = require("./routes/login.routes");
+  const tokenRoutes = require("./routes/token.routes");
+  const jobRoutes = require("./routes/job.routes");
+  const userRoutes = require("./routes/user.routes");
+  const groupRoutes = require("./routes/group.routes");
+  const ldapRoutes = require("./routes/ldap.routes");
+  const azureadRoutes = require("./routes/azuread.routes");
+  const oidcRoutes = require("./routes/oidc.routes");
+  const settingsRoutes = require("./routes/settings.routes");
+  const credentialRoutes = require("./routes/credential.routes");
+  const sshRoutes = require("./routes/ssh.routes");
+  const awxRoutes = require("./routes/awx.routes");
+  const logRoutes = require("./routes/log.routes");
+  const repositoryRoutes = require("./routes/repository.routes");
+  const knownhostsRoutes = require("./routes/knownhosts.routes");
+  const configRoutes = require("./routes/config.routes");
+
+  // we use 4 authentications/authorization strategies
+  // - basic : with username and password to get jwt tokens
+  // - azure-ad-oauth2 : microsoft login
+  // - oidc : open id connect
+  // - jwt : to use the jwt tokens
+  // passport (the auth lib used) is smart, if basic authentication headers are detected
+  // then the basic authentication strategy kicks and the basic login procedure starts
+  require('./auth/auth_basic');
+  require('./auth/auth_jwt');
+
+
   // first time run init
   // from now on, it's async => we wait for mysql to be ready
   const init = require('./init/')
-  init().then(()=>{
-
-    // passport
-    app.use(session({ 
-      secret: 'AnsibleForms',
-      resave: false,
-      saveUninitialized: true
-    }));
-    app.use(passport.initialize());
-    app.use(passport.session());
-
-    // we use 4 authentications/authorization strategies
-    // - basic : with username and password to get jwt tokens
-    // - azure-ad-oauth2 : microsoft login
-    // - oidc : open id connect
-    // - jwt : to use the jwt tokens
-    // passport (the auth lib used) is smart, if basic authentication headers are detected
-    // then the basic authentication strategy kicks and the basic login procedure starts
-    require('./auth/auth_basic');
-    require('./auth/auth_jwt');
-    const auth_azuread = require('./auth/auth_azuread');  
-    auth_azuread.initialize()
-
-    const auth_oidc = require('./auth/auth_oidc');
-    auth_oidc.initialize()
-
-    app.use(bodyParser.json({limit: '50mb'}));
-    app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
-
-    // import api routes
-    const awxRoutes = require('./routes/awx.routes')
-    const jobRoutes = require('./routes/job.routes')
-    const queryRoutes = require('./routes/query.routes')
-    const expressionRoutes = require('./routes/expression.routes')
-    const userRoutes = require('./routes/user.routes')
-    const groupRoutes = require('./routes/group.routes')
-    const ldapRoutes = require('./routes/ldap.routes')
-    const azureadRoutes = require('./routes/azuread.routes')
-    const oidcRoutes = require('./routes/oidc.routes')
-    const settingsRoutes = require('./routes/settings.routes')
-    const credentialRoutes = require('./routes/credential.routes')
-    const loginRoutes = require('./routes/login.routes')
-    const schemaRoutes = require('./routes/schema.routes')
-    const tokenRoutes = require('./routes/token.routes')
-    const configRoutes = require('./routes/config.routes')
-    const versionRoutes = require('./routes/version.routes')
-    const lockRoutes = require('./routes/lock.routes')
-    const profileRoutes = require('./routes/profile.routes')
-    const sshRoutes = require('./routes/ssh.routes')
-    const logRoutes = require('./routes/log.routes')
-    const knownhostsRoutes = require('./routes/knownhosts.routes')
-    const helpRoutes = require('./routes/help.routes')
-    const installRoutes = require('./routes/install.routes')
-    const repositoryRoutes = require('./routes/repository.routes')
-
-    // mysql2 has a bug that can throw an uncaught exception if the mysql server crashes (not enough mem for example)
-    // also git commands can chain child processes and cause issues
-    process.on('uncaughtException', function(err) {
-      // handle the error safely
-      console.error("An uncaught exception happened, ignore... ",err)
-    })
-
-    // using json web tokens as middleware
-    // the jwtauthentication strategy from passport (/auth/auth.js)
-    // is used as a middleware.  Every route will check the token for validity
-    const authobj = passport.authenticate('jwt', { session: false })
-
-    // api routes for browser only (no cors)
-    const swaggerOptions = {
-      customSiteTitle: "Ansibleforms Swagger UI",
-      customfavIcon: `${appConfig.baseUrl}favicon.svg`,
-      customCssUrl: `${appConfig.baseUrl}assets/css/swagger.css`,
-      docExpansion:"none"
+  init()
+      .then(async ()=> {
+        const auth_azuread = require('./auth/auth_azuread');
+        const auth_oidc = require('./auth/auth_oidc');        
+        await auth_azuread.initialize() // we wait for the azuread to be ready
+        await auth_oidc.initialize() // we wait for the oidc to be ready
+      })
+      .catch( e => logger.error(e) );
+
+  // passport
+  app.use(session({
+    secret: 'AnsibleForms',
+    resave: false,
+    saveUninitialized: true
+  }));
+  app.use(passport.initialize());
+  app.use(passport.session());
+
+  // register regenerate & save after the cookieSession middleware initialization
+  app.use(function(request, response, next) {
+    if (request.session && !request.session.regenerate) {
+      request.session.regenerate = (cb) => {
+        cb()
+      }
+    }
+    if (request.session && !request.session.save) {
+      request.session.save = (cb) => {
+        cb()
+      }
     }
-    // change basePath dynamically
-    swaggerDocument.basePath = `${appConfig.baseUrl}api/v1`
-    app.use(`${appConfig.baseUrl}api-docs`, swaggerUi.serve, swaggerUi.setup(swaggerDocument,swaggerOptions));
-    app.use(`${appConfig.baseUrl}api/v1/schema`, schemaRoutes)
-
-    // api routes for querying
-    app.use(`${appConfig.baseUrl}api/v1/query`,cors(), authobj, queryRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/expression`,cors(), authobj, expressionRoutes)
-
-    // api route for version
-    app.use(`${appConfig.baseUrl}api/v1/version`,cors(), versionRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/install`,cors(), installRoutes)
-
-    app.use(`${appConfig.baseUrl}api/v1/lock`,cors(),authobj, lockRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/help`,cors(),authobj, helpRoutes)    
-
-    // api route for profile
-    app.use(`${appConfig.baseUrl}api/v1/profile`,cors(), authobj, profileRoutes)
-
-    // api routes for authorization
-    app.use(`${appConfig.baseUrl}api/v1/auth`,cors(), loginRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/token`,cors(), tokenRoutes)
-
-    // api routes for automation actions
-
-    // app.use(`${appConfig.baseUrl}api/v1/multistep`,cors(), authobj, multistepRoutes)
-
-    // api routes for admin management
-    app.use(`${appConfig.baseUrl}api/v1/job`,cors(), authobj, jobRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/user`,cors(), authobj, checkAdminMiddleware, userRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/group`,cors(), authobj, checkAdminMiddleware, groupRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/ldap`,cors(), authobj, checkAdminMiddleware, ldapRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/azuread`,cors(), authobj, checkAdminMiddleware, azureadRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/oidc`,cors(), authobj, checkAdminMiddleware, oidcRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/settings`,cors(), authobj, checkAdminMiddleware, settingsRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/credential`,cors(), authobj, checkAdminMiddleware, credentialRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/sshkey`,cors(), authobj, checkAdminMiddleware, sshRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/awx`,cors(), authobj, checkAdminMiddleware, awxRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/log`,cors(), authobj, checkAdminMiddleware, logRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/repository`,cors(), authobj, checkAdminMiddleware, repositoryRoutes)
-    app.use(`${appConfig.baseUrl}api/v1/knownhosts`,cors(), authobj, checkAdminMiddleware, knownhostsRoutes)
-
-    // routes for form config (extra middleware in the routes itself)
-    app.use(`${appConfig.baseUrl}api/v1/config`,cors(), authobj, configRoutes)
+    next()
+  })
+
+  app.use(bodyParser.json({limit: '50mb'}));
+  app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
 
+  // mysql2 has a bug that can throw an uncaught exception if the mysql server crashes (not enough mem for example)
+  // also git commands can chain child processes and cause issues
+  process.on('uncaughtException', function(err) {
+    // handle the error safely
+    console.error("An uncaught exception happened, ignore... ",err)
   })
 
- 
-}
+  // using json web tokens as middleware
+  // the jwtauthentication strategy from passport (/auth/auth.js)
+  // is used as a middleware.  Every route will check the token for validity
+  const authobj = passport.authenticate('jwt', { session: false })
+
+  // api routes for browser only (no cors)
+  const swaggerOptions = {
+    customSiteTitle: "Ansibleforms Swagger UI",
+    customfavIcon: `${appConfig.baseUrl}favicon.svg`,
+    customCssUrl: `${appConfig.baseUrl}assets/css/swagger.css`,
+    docExpansion:"none"
+  }
+  // change basePath dynamically
+  swaggerDocument.basePath = `${appConfig.baseUrl}api/v1`
+  app.use(`${appConfig.baseUrl}api-docs`, swaggerUi.serve, swaggerUi.setup(swaggerDocument,swaggerOptions));
+  app.use(`${appConfig.baseUrl}api/v1/schema`, schemaRoutes)
+
+  // api routes for querying
+  app.use(`${appConfig.baseUrl}api/v1/query`,cors(), authobj, queryRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/expression`,cors(), authobj, expressionRoutes)
+
+  // api route for version
+  app.use(`${appConfig.baseUrl}api/v1/version`,cors(), versionRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/install`,cors(), installRoutes)
+
+  app.use(`${appConfig.baseUrl}api/v1/lock`,cors(),authobj, lockRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/help`,cors(),authobj, helpRoutes)
+
+  // api route for profile
+  app.use(`${appConfig.baseUrl}api/v1/profile`,cors(), authobj, profileRoutes)
+
+  // api routes for authorization
+  app.use(`${appConfig.baseUrl}api/v1/auth`,cors(), loginRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/token`,cors(), tokenRoutes)
+
+  // api routes for automation actions
+
+  // app.use(`${appConfig.baseUrl}api/v1/multistep`,cors(), authobj, multistepRoutes)
+
+  // api routes for admin management
+  app.use(`${appConfig.baseUrl}api/v1/job`,cors(), authobj, jobRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/user`,cors(), authobj, checkAdminMiddleware, userRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/group`,cors(), authobj, checkAdminMiddleware, groupRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/ldap`,cors(), authobj, checkAdminMiddleware, ldapRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/azuread`,cors(), authobj, checkAdminMiddleware, azureadRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/oidc`,cors(), authobj, checkAdminMiddleware, oidcRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/settings`,cors(), authobj, checkAdminMiddleware, settingsRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/credential`,cors(), authobj, checkAdminMiddleware, credentialRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/sshkey`,cors(), authobj, checkAdminMiddleware, sshRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/awx`,cors(), authobj, checkAdminMiddleware, awxRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/log`,cors(), authobj, checkAdminMiddleware, logRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/repository`,cors(), authobj, checkAdminMiddleware, repositoryRoutes)
+  app.use(`${appConfig.baseUrl}api/v1/knownhosts`,cors(), authobj, checkAdminMiddleware, knownhostsRoutes)
+
+  // routes for form config (extra middleware in the routes itself)
+  app.use(`${appConfig.baseUrl}api/v1/config`,cors(), authobj, configRoutes)
+}
\ No newline at end of file

From 355a53930f18b5477bf6eaffd336b32206db49f3 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:46:09 +0200
Subject: [PATCH 30/39] improved database check

---
 client/src/App.vue | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/client/src/App.vue b/client/src/App.vue
index e0d5fe92..d830cc03 100644
--- a/client/src/App.vue
+++ b/client/src/App.vue
@@ -60,7 +60,7 @@
       </div>
     </BulmaModal>    
     <BulmaNav v-if="version" :isAdmin="isAdmin" @profile="showProfile=true" @about="showAbout=true" :approvals="approvals" :authenticated="authenticated" :profile="profile" @logout="logout()" :version="version" />
-    <router-view v-if="isLoaded" :isAdmin="isAdmin" :profile="profile" :authenticated="authenticated" :errorMessage="errorMessage" :errorData="errorData" @authenticated="login()" @logout="logout()" @refreshApprovals="loadApprovals()" />
+    <router-view v-if="isLoaded" :isAdmin="isAdmin" :profile="profile" :authenticated="authenticated" :errorMessage="errorMessage" :errorData="errorData" @recheckSchema="checkDatabase()"  @authenticated="login()" @logout="logout()" @refreshApprovals="loadApprovals()" />
   </div>
 </template>
 <script>
@@ -144,7 +144,9 @@
             return; // Skip the database check
           }
           console.log("Checking database")
-          axios.get(`${process.env.BASE_URL}api/v1/schema`)                               // check database
+          // create timestamp to add to api call to prevent caching
+          var timestamp = new Date().getTime();
+          axios.get(`${process.env.BASE_URL}api/v1/schema?${timestamp}`)                               // check database
           .then((result)=>{
             if(result.data.status=="error"){
               ref.errorMessage=result.data.message;

From 83c5262b80af87ee240f98a443a816e1adaaab72 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:46:23 +0200
Subject: [PATCH 31/39] new formyaml db feature

---
 client/src/views/Settings.vue | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/client/src/views/Settings.vue b/client/src/views/Settings.vue
index 9ce96bb4..beb46988 100644
--- a/client/src/views/Settings.vue
+++ b/client/src/views/Settings.vue
@@ -15,8 +15,23 @@
           </nav>
           <div class="box">
             <BulmaInput icon="globe" v-model="settings.url" help="" label="Public Root Url" placeholder="https://ansibleforms:8443" :required="true" :hasError="$v.settings.url.$invalid" :errors="[]" />
-            <p class="has-text-weight-bold mb-2">Forms YAML</p>
-            <p class="is-size-6 mb-2">In case you want the forms.yaml file in the database instead of loaded from the filesystem.  <BulmaButton icon="file-import" label="Import from forms.yaml" @click="importYamlFile()"></BulmaButton></p>
+          </div>
+          <div class="box" v-if="settings.enableFormsYamlInDatabase">
+            <p class="mb-2">
+              In case you want the main forms.yaml file in the database instead of loaded from the filesystem. 
+              <strong class="ml-3">Note that the designer will be disabled.</strong>
+            </p>
+            <div class="level">
+              <div class="level-left">
+                <p class="level-item has-text-weight-bold">
+                  Forms YAML
+                </p>
+              </div>
+              <div class="level-right">
+                <p class="level-item"><BulmaButton icon="file-import" label="Import from file" @click="importYamlFile()"></BulmaButton></p>
+              </div>
+            </div>
+            
             <VueCodeEditor
                   v-model="settings.forms_yaml"
                   @init="editorInit"
@@ -93,6 +108,8 @@
 
         }
     },
+    computed:{
+    },
     methods:{
       importYamlFile(){
         var ref= this;

From 07bf64878e584f445acc6be5a934999d7ec68d26 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:47:07 +0200
Subject: [PATCH 32/39] baseurl fix

---
 server/index.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/index.js b/server/index.js
index 72b016cd..b5db250f 100644
--- a/server/index.js
+++ b/server/index.js
@@ -12,16 +12,20 @@ const appConfig = require('./config/app.config')
 const { resolve } = require('path')
 const publicPath = resolve(__dirname, './views')
 const staticConf = { maxAge: '1y', etag: false }
-app.use(express.static(publicPath, staticConf))
+app.use(appConfig.baseUrl,express.static(publicPath, staticConf))
 
 // allow browser history
 const history = require('connect-history-api-fallback')
 app.use(`${appConfig.baseUrl}`, history())
 
+
+
 // choose whether to start https or http server
 var httpServer
 const httpsConfig = require('./config/https.config');
 const logger = require('./src/lib/logger');
+logger.notice(`Serving static files from ${publicPath}`)
+logger.notice(`Exposing app under ${appConfig.baseUrl}`)
 if(httpsConfig.https){
   logger.notice("Running https !")
   var credentials = {key: httpsConfig.httpsKey, cert: httpsConfig.httpsCert};

From 90c98068d25f4bc5bff5a4e321e8bfc54a823e69 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:47:22 +0200
Subject: [PATCH 33/39] added formsyaml

---
 docs/_data/help.yaml | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/docs/_data/help.yaml b/docs/_data/help.yaml
index 8fca11ef..bfbb5b23 100644
--- a/docs/_data/help.yaml
+++ b/docs/_data/help.yaml
@@ -146,6 +146,19 @@
       When you want to see the database queries that are executed, you can enable this option by setting this variable to 1.  
       introduced, due to massive amount of logging of database queries, which can be useful for debugging, but not for production.
     version: 5.0.3    
+  - name: ENABLE_FORMS_YAML_IN_DATABASE
+    type: number
+    choices:
+    - name: 0
+      description: Disables the forms.yaml in database
+    - name: 1
+      description: Enables the forms.yaml in database
+    default: 0
+    short: Enable the forms.yaml in database
+    description: | 
+      If you use git repositories to store the forms, you can choose to store the master forms.yaml in git as well.  
+      Or, you can choose to have the forms.yaml in the database instead.  Having a clean separation : master forms.yaml in database, and the actual forms in git.
+    version: 5.0.3
   - name: SHOW_DESIGNER
     type: number
     choices:
@@ -416,15 +429,15 @@
     default: "%PERSISTENT_FOLDER%/uploads"
     description: |
       Since 4.0.16, a new field type is introduced that allows file uploads.  The files are uploaded in this path.
-  - name: BASE_URL
-    type: string
-    allowed: a valid baes url
-    default: "/"
-    short: Set the base url
-    description: | 
-      By default AnsibleForms is hosted under root `/`, but you can choose a base url of choice.  
-      It must start and end with a `/`, for example `/myapp/`.
-    version: 5.0.0      
+  # - name: BASE_URL
+  #   type: string
+  #   allowed: a valid base url
+  #   default: "/"
+  #   short: Set the base url
+  #   description: | 
+  #     By default AnsibleForms is hosted under root `/`, but you can choose a base url of choice.  
+  #     It must start and end with a `/`, for example `/myapp/`.
+  #   version: 5.0.0      
 - name: Forms.yaml
   icon: fab,wpforms
   link: forms

From 5ec367ca60124984d208399ac183557955fa1472 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:47:37 +0200
Subject: [PATCH 34/39] add formsyaml

---
 server/config/app.config.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/config/app.config.js b/server/config/app.config.js
index 111d05c2..15c16ba5 100644
--- a/server/config/app.config.js
+++ b/server/config/app.config.js
@@ -2,7 +2,7 @@ const logger=require("../src/lib/logger");
 const path=require("path")
 var app_config = {
   port: process.env.PORT || 8000,
-  baseUrl: process.env.BASE_URL?.replace(/\/$/, "") || "/",
+  baseUrl: process.env.BASE_URL || "/",
   nodeEnvironment: process.env.NODE_ENV || "production",
   showDesigner: (process.env.SHOW_DESIGNER ?? 1)==1,
   allowSchemaCreation: (process.env.ALLOW_SCHEMA_CREATION ?? 1)==1,
@@ -19,5 +19,6 @@ var app_config = {
   filterJobOutputRegex: process.env.REGEX_FILTER_JOB_OUTPUT || "\\[low\\]",
   enableBypass: (process.env.ENABLE_BYPASS ?? 0)==1,
   enableDbQueryLogging: (process.env.ENABLE_DB_QUERY_LOGGING ?? 0)==1,
+  enableFormsYamlInDatabase: (process.env.ENABLE_FORMS_YAML_IN_DATABASE ?? 0)==1,
 };
 module.exports = app_config;

From d634756751c97fbceacff1a171fbc2e371cb8fee Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:49:15 +0200
Subject: [PATCH 35/39] minor changes

---
 docs/.htaccess                              |  1 -
 server/src/auth/auth_azuread.js             |  2 +-
 server/src/auth/auth_oidc.js                |  2 +-
 server/src/controllers/schema.controller.js |  7 +--
 server/src/db/create_schema_and_tables.sql  |  3 +-
 server/src/models/form.model.js             |  4 +-
 server/src/models/job.model.js              |  4 +-
 server/src/models/lock.model.js             |  5 ++
 server/src/models/settings.model.js         | 51 ++++++++++++++++++++-
 9 files changed, 66 insertions(+), 13 deletions(-)
 delete mode 100644 docs/.htaccess

diff --git a/docs/.htaccess b/docs/.htaccess
deleted file mode 100644
index 8af8cc95..00000000
--- a/docs/.htaccess
+++ /dev/null
@@ -1 +0,0 @@
-ErrorDocument 404 /404/index.html
diff --git a/server/src/auth/auth_azuread.js b/server/src/auth/auth_azuread.js
index 06170ccb..7e8859a4 100644
--- a/server/src/auth/auth_azuread.js
+++ b/server/src/auth/auth_azuread.js
@@ -33,7 +33,7 @@ exports.initialize = async () =>{
       logger.info("Azure AD is not enabled")
     }else{
       azureConfig = await AzureAd.find()
-      settings = await Settings.find()
+      settings = await Settings.findUrl()
       url = settings.url?.replace(/\/$/g,'')
       if(!url){
         logger.error("AnsibleForms Url is not set")
diff --git a/server/src/auth/auth_oidc.js b/server/src/auth/auth_oidc.js
index c601902a..6fcb8cf4 100644
--- a/server/src/auth/auth_oidc.js
+++ b/server/src/auth/auth_oidc.js
@@ -30,7 +30,7 @@ exports.initialize = async () =>{
       logger.info("OIDC is not enabled")
     }else{
       oidcConfig = await OIDC.find()
-      settings = await Settings.find()
+      settings = await Settings.findUrl()
       url = settings.url?.replace(/\/$/g,'')
       if(!url){
         logger.error("AnsibleForms Url is not set")
diff --git a/server/src/controllers/schema.controller.js b/server/src/controllers/schema.controller.js
index ea373462..1b6c2dfe 100644
--- a/server/src/controllers/schema.controller.js
+++ b/server/src/controllers/schema.controller.js
@@ -1,10 +1,11 @@
 'use strict';
 const Schema = require('../models/schema.model');
 var RestResult = require('../models/restResult.model');
-var Helpers = require('../lib/common')
+var helpers = require('../lib/common')
 var util = require('util');
 
 exports.hasSchema = function(req, res) {
+
     Schema.hasSchema()
       .then((result)=>{ res.json(new RestResult("success","schema and tables are ok",result.data?.success,result.data?.failed)) })
       .catch((err)=>{ 
@@ -14,13 +15,13 @@ exports.hasSchema = function(req, res) {
         }else{
           res.json(new RestResult("error","schema and tables are not ok",result.data?.success,result.data?.failed)) 
         }
-        
       })
+
 };
 exports.create = function(req, res) {
     Schema.create()
       .then((result)=>{ res.json(new RestResult("success",result,null,"")) })
       .catch((err)=>{
-        res.json(new RestResult("error",Helpers.getError(err),null,null))
+        res.json(new RestResult("error",helpers.getError(err),null,null))
       })
 };
diff --git a/server/src/db/create_schema_and_tables.sql b/server/src/db/create_schema_and_tables.sql
index 432aa192..7fcda862 100644
--- a/server/src/db/create_schema_and_tables.sql
+++ b/server/src/db/create_schema_and_tables.sql
@@ -114,7 +114,8 @@ CREATE TABLE `settings` (
   `mail_username` varchar(250) DEFAULT NULL,
   `mail_password` text DEFAULT NULL,
   `mail_from` varchar(250) DEFAULT NULL,
-  `url` varchar(250) DEFAULT NULL
+  `url` varchar(250) DEFAULT NULL,
+  `forms_yaml` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL 
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 USE `AnsibleForms`;
 DROP TABLE IF EXISTS `azuread`;
diff --git a/server/src/models/form.model.js b/server/src/models/form.model.js
index 44ce0601..76f6010c 100644
--- a/server/src/models/form.model.js
+++ b/server/src/models/form.model.js
@@ -83,9 +83,9 @@ Form.load = async function() {
   var forms=undefined
   var rawdata=undefined
 
-  var settings = await Settings.find()
+  var settings = await Settings.findFormsYaml()
   var appFormsPath=undefined
-  if(settings.forms_yaml){
+  if(settings.forms_yaml && appConfig.enableFormsYamlInDatabase){
     logger.info(`Using forms yaml from database`)
     appFormsPath = (await Repository.getFormsPath(false)) || appConfig.formsPath    
   }else{
diff --git a/server/src/models/job.model.js b/server/src/models/job.model.js
index a96aa70e..e0f751db 100644
--- a/server/src/models/job.model.js
+++ b/server/src/models/job.model.js
@@ -572,7 +572,7 @@ Job.approve = async function(user,id,next){
 Job.sendApprovalNotification = async function(approval,extravars,jobid){
   if(!approval?.notifications?.length>0)return false
   try{
-    const config = await Settings.find()
+    const config = await Settings.findUrl()
     const url = config.url?.replace(/\/$/g,'') // remove trailing slash if present
 
     var subject = Helpers.replacePlaceholders(approval.title,extravars) || "AnsibleForms Approval Request"
@@ -626,7 +626,7 @@ Job.sendStatusNotification = async function(jobid){
       return false
     }else{
       // we have notifications, correct status => let's send the mail
-      const config = await Settings.find()
+      const config = await Settings.findUrl()
       const url = config.url?.replace(/\/$/g,'') // remove trailing slash if present
 
       if(!url){
diff --git a/server/src/models/lock.model.js b/server/src/models/lock.model.js
index c7f9c3d1..dcbd2028 100644
--- a/server/src/models/lock.model.js
+++ b/server/src/models/lock.model.js
@@ -6,6 +6,7 @@ var config=require('../../config/app.config')
 const moment = require("moment")
 const Repository = require("./repository.model");
 const Repo = require("./repo.model");
+const Settings = require("./settings.model");
 
 //lock object create
 var Lock=function(){
@@ -13,9 +14,13 @@ var Lock=function(){
 };
 Lock.status = async function(user){
   const hasFormsRepository = await Repository.hasFormsRepository()
+  const settings = await Settings.findFormsYaml()
   if(hasFormsRepository){
     throw new Error("Designer is disabled, Forms repository found.")
   }
+  if(settings.forms_yaml){
+    throw new Error("Designer is disabled, Forms are stored in the database.")
+  }  
   try{
     const lock = await Lock.get()
     const lck=YAML.parse(lock)
diff --git a/server/src/models/settings.model.js b/server/src/models/settings.model.js
index 56c61034..c592b35a 100644
--- a/server/src/models/settings.model.js
+++ b/server/src/models/settings.model.js
@@ -34,7 +34,7 @@ Settings.importFormsFileFromYaml = async function(){
   }else{
     logger.notice(`Loading ${appFormsPath} into the database`)  
     let formsFile = fs.readFileSync(appFormsPath, 'utf8')
-    var settings = await Settings.find()
+    var settings = await Settings.findFormsYaml()
     settings.forms_yaml = formsFile
     await Settings.update(settings)
     return "Forms.yaml imported successfully"
@@ -54,6 +54,53 @@ Settings.find = function () {
           logger.error("Couldn't decrypt mail password, did the secretkey change ?")
           res[0].mail_password=""
         }
+        res[0].enableFormsYamlInDatabase = appConfig.enableFormsYamlInDatabase
+        return res[0]
+      }else{
+        logger.error("No settings record in the database, something is wrong")
+        throw "No settings record in the database, something is wrong"
+      }
+    })
+
+};
+Settings.findMailSettings = function () {
+  return mysql.do("SELECT mail_server,mail_port,mail_secure,mail_username,mail_password,mail_from FROM AnsibleForms.`settings` limit 1;")
+    .then((res)=>{
+      if(res.length>0){
+        try{
+          if(res[0].mail_password!=""){
+            res[0].mail_password=decrypt(res[0].mail_password)
+          }
+        }catch(e){
+          logger.error("Couldn't decrypt mail password, did the secretkey change ?")
+          res[0].mail_password=""
+        }
+        return res[0]
+      }else{
+        logger.error("No settings record in the database, something is wrong")
+        throw "No settings record in the database, something is wrong"
+      }
+    })
+
+};
+Settings.findUrl = function () {
+
+  return mysql.do("SELECT url FROM AnsibleForms.`settings` limit 1;")
+    .then((res)=>{
+      if(res.length>0){
+        return res[0]
+      }else{
+        logger.error("No settings record in the database, something is wrong")
+        throw "No settings record in the database, something is wrong"
+      }
+    })
+
+};
+Settings.findFormsYaml = function () {
+
+  return mysql.do("SELECT forms_yaml FROM AnsibleForms.`settings` limit 1;")
+    .then((res)=>{
+      if(res.length>0){
         return res[0]
       }else{
         logger.error("No settings record in the database, something is wrong")
@@ -77,7 +124,7 @@ Settings.mailcheck = function(config,to){
   return Settings.maildo(config,to,subject,message)
 }
 Settings.mailsend = function(to,subject,message){
-  return Settings.find()
+  return Settings.findMailSettings()
     .then((config)=>{
       return Settings.maildo(config,to,subject,message)
     })

From ed4b08d40c8229d12b34fa73e4155a23f6dd6b60 Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 14:56:51 +0200
Subject: [PATCH 36/39] wrong tags

---
 server/src/swagger.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/src/swagger.json b/server/src/swagger.json
index 5237031b..0cc39896 100644
--- a/server/src/swagger.json
+++ b/server/src/swagger.json
@@ -1713,7 +1713,7 @@
     "/azuread": {
       "get": {
         "tags": [
-          "Azure AD config"
+          "MS Entra Id config"
         ],
         "security": [
           {
@@ -1816,7 +1816,7 @@
     "/oidc": {
       "get": {
         "tags": [
-          "OIDC config"
+          "Open ID Connect config"
         ],
         "security": [
           {

From 3487f9fcbb149ccd9c92da122418cb52df1cc8ea Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 15:33:20 +0200
Subject: [PATCH 37/39] ldap-authentication fix their bug

---
 server/package.json                   |   1 +
 server/src/lib/ldap-authentication.js | 480 --------------------------
 server/src/models/ldap.model.js       |   2 +-
 server/src/models/user.model.js       |   2 +-
 4 files changed, 3 insertions(+), 482 deletions(-)
 delete mode 100644 server/src/lib/ldap-authentication.js

diff --git a/server/package.json b/server/package.json
index 0b8bc3c0..39587f53 100644
--- a/server/package.json
+++ b/server/package.json
@@ -35,6 +35,7 @@
     "fs-extra": "~11.2.0",
     "ip": "2.0.1",
     "json-bigint": "~1.0.0",
+    "ldap-authentication": "~3.2.1",
     "ldapjs": "~3.0.7",
     "lodash": "~4.17.21",
     "modern-passport-http": "~0.3.0",
diff --git a/server/src/lib/ldap-authentication.js b/server/src/lib/ldap-authentication.js
deleted file mode 100644
index 0775fff3..00000000
--- a/server/src/lib/ldap-authentication.js
+++ /dev/null
@@ -1,480 +0,0 @@
-const assert = require('assert')
-const ldap = require('ldapjs')
-
-// convert a SearchResultEntry object in ldapjs 3.0
-// to a user object to maintain backward compatibility
-
-// added by Mirko for 5.0.1 => ü in results
-function unescapeLdapResult(ldapResult) {
-  // Regular expression to match the escaped sequences
-  const regex = /\\([0-9a-fA-F]{2})\\([0-9a-fA-F]{2})/g;
-
-  // Replace each escaped sequence with its Unicode character
-  return ldapResult.replace(regex, (match, p1, p2) => {
-      // Convert the hex codes to a Buffer
-      const bytes = Buffer.from([parseInt(p1, 16), parseInt(p2, 16)]);
-      // Convert the Buffer to a UTF-8 String
-      return bytes.toString('utf8');
-  });
-}
-
-function _searchResultToUser(pojo) {
-  assert(pojo.type == 'SearchResultEntry')
-  let user = { dn: pojo.objectName }
-  pojo.attributes.forEach((attribute) => {
-    user[attribute.type] =
-      attribute.values.length == 1 ? attribute.values[0] : attribute.values
-  })
-  return user
-}
-// bind and return the ldap client
-function _ldapBind(dn, password, starttls, ldapOpts) {
-  return new Promise(function (resolve, reject) {
-    ldapOpts.connectTimeout = ldapOpts.connectTimeout || 5000
-    var client = ldap.createClient(ldapOpts)
-
-    client.on('connect', function () {
-      if (starttls) {
-        client.starttls(ldapOpts.tlsOptions, null, function (error) {
-          if (error) {
-            reject(error)
-            return
-          }
-          client.bind(dn, password, function (err) {
-            if (err) {
-              reject(err)
-              client.unbind()
-              return
-            }
-            ldapOpts.log && ldapOpts.log.trace('bind success!')
-            resolve(client)
-          })
-        })
-      } else {
-        client.bind(dn, password, function (err) {
-          if (err) {
-            reject(err)
-            client.unbind()
-            return
-          }
-          ldapOpts.log && ldapOpts.log.trace('bind success!')
-          resolve(client)
-        })
-      }
-    })
-
-    //Fix for issue https://github.com/shaozi/ldap-authentication/issues/13
-    client.on('timeout', (err) => {
-      reject(err)
-    })
-    client.on('connectTimeout', (err) => {
-      reject(err)
-    })
-    client.on('error', (err) => {
-      reject(err)
-    })
-
-    client.on('connectError', function (error) {
-      if (error) {
-        reject(error)
-        return
-      }
-    })
-  })
-}
-
-// search a user and return the object
-async function _searchUser(
-  ldapClient,
-  searchBase,
-  usernameAttribute,
-  username,
-  attributes = null
-) {
-  return new Promise(function (resolve, reject) {
-    var filter = new ldap.filters.EqualityFilter({
-      attribute: usernameAttribute,
-      value: username,
-    })
-    let searchOptions = {
-      filter: filter,
-      scope: 'sub',
-      attributes: attributes
-    }
-    if (attributes) {
-      searchOptions.attributes = attributes
-    }
-    ldapClient.search(searchBase, searchOptions, function (err, res) {
-      var user = null
-      if (err) {
-        reject(err)
-        ldapClient.unbind()
-        return
-      }
-      res.on('searchEntry', function (entry) {
-        user = _searchResultToUser(entry.pojo)
-      })
-      res.on('searchReference', function (referral) {
-        // TODO: we don't support reference yet
-        // If the server was able to locate the entry referred to by the baseObject
-        // but could not search one or more non-local entries,
-        // the server may return one or more SearchResultReference messages,
-        // each containing a reference to another set of servers for continuing the operation.
-        // referral.uris
-      })
-      res.on('error', function (err) {
-        reject(err)
-        ldapClient.unbind()
-      })
-      res.on('end', function (result) {
-        if (result.status != 0) {
-          reject(new Error('ldap search status is not 0, search failed'))
-        } else {
-          resolve(user)
-        }
-        ldapClient.unbind()
-      })
-    })
-  })
-}
-
-// search a groups which user is member
-async function _searchUserGroups(
-  ldapClient,
-  searchBase,
-  user,
-  groupClass,
-  groupMemberAttribute = 'member',
-  groupMemberUserAttribute = 'dn'
-) {
-  return new Promise(function (resolve, reject) {
-    ldapClient.search(
-      searchBase,
-      {
-        filter: `(&(objectclass=${groupClass})(${groupMemberAttribute}=${user[groupMemberUserAttribute]}))`,
-        scope: 'sub',
-      },
-      function (err, res) {
-        var groups = []
-        if (err) {
-          reject(err)
-          ldapClient.unbind()
-          return
-        }
-        res.on('searchEntry', function (entry) {
-          groups.push(entry.pojo)
-        })
-        res.on('searchReference', function (referral) {})
-        res.on('error', function (err) {
-          reject(err)
-          ldapClient.unbind()
-        })
-        res.on('end', function (result) {
-          if (result.status != 0) {
-            reject(new Error('ldap search status is not 0, search failed'))
-          } else {
-            resolve(groups)
-          }
-          ldapClient.unbind()
-        })
-      }
-    )
-  })
-}
-
-async function authenticateWithAdmin(
-  adminDn,
-  adminPassword,
-  userSearchBase,
-  usernameAttribute,
-  username,
-  userPassword,
-  starttls,
-  ldapOpts,
-  groupsSearchBase,
-  groupClass,
-  groupMemberAttribute = 'member',
-  groupMemberUserAttribute = 'dn',
-  attributes = null
-) {
-  var ldapAdminClient
-  try {
-    ldapAdminClient = await _ldapBind(
-      adminDn,
-      adminPassword,
-      starttls,
-      ldapOpts
-    )
-  } catch (error) {
-    throw { admin: error }
-  }
-  var user = await _searchUser(
-    ldapAdminClient,
-    userSearchBase,
-    usernameAttribute,
-    username,
-    attributes
-  )
-  ldapAdminClient.unbind()
-  if (!user || !user.dn) {
-    ldapOpts.log &&
-      ldapOpts.log.trace(
-        `admin did not find user! (${usernameAttribute}=${username})`
-      )
-    throw new LdapAuthenticationError(
-      'user not found or usernameAttribute is wrong'
-    )
-  }
-  var userDn = user.dn
-  userDn = unescapeLdapResult(userDn)
-  let ldapUserClient
-  try {
-    ldapUserClient = await _ldapBind(userDn, userPassword, starttls, ldapOpts)
-  } catch (error) {
-    throw error
-  }
-  ldapUserClient.unbind()
-  if (groupsSearchBase && groupClass && groupMemberAttribute) {
-    try {
-      ldapAdminClient = await _ldapBind(
-        adminDn,
-        adminPassword,
-        starttls,
-        ldapOpts
-      )
-    } catch (error) {
-      throw error
-    }
-    var groups = await _searchUserGroups(
-      ldapAdminClient,
-      groupsSearchBase,
-      user,
-      groupClass,
-      groupMemberAttribute,
-      groupMemberUserAttribute
-    )
-    user.groups = groups
-    ldapAdminClient.unbind()
-  }
-  return user
-}
-
-async function authenticateWithUser(
-  userDn,
-  userSearchBase,
-  usernameAttribute,
-  username,
-  userPassword,
-  starttls,
-  ldapOpts,
-  groupsSearchBase,
-  groupClass,
-  groupMemberAttribute = 'member',
-  groupMemberUserAttribute = 'dn',
-  attributes = null
-) {
-  let ldapUserClient
-  try {
-    ldapUserClient = await _ldapBind(userDn, userPassword, starttls, ldapOpts)
-  } catch (error) {
-    throw error
-  }
-  if (!usernameAttribute || !userSearchBase) {
-    // if usernameAttribute is not provided, no user detail is needed.
-    ldapUserClient.unbind()
-    return true
-  }
-  var user = await _searchUser(
-    ldapUserClient,
-    userSearchBase,
-    usernameAttribute,
-    username,
-    attributes
-  )
-  if (!user || !user.dn) {
-    ldapOpts.log &&
-      ldapOpts.log.trace(
-        `user logged in, but user details could not be found. (${usernameAttribute}=${username}). Probabaly wrong attribute or searchBase?`
-      )
-    throw new LdapAuthenticationError(
-      'user logged in, but user details could not be found. Probabaly usernameAttribute or userSearchBase is wrong?'
-    )
-  }
-  ldapUserClient.unbind()
-  if (groupsSearchBase && groupClass && groupMemberAttribute) {
-    try {
-      ldapUserClient = await _ldapBind(userDn, userPassword, starttls, ldapOpts)
-    } catch (error) {
-      throw error
-    }
-    var groups = await _searchUserGroups(
-      ldapUserClient,
-      groupsSearchBase,
-      user,
-      groupClass,
-      groupMemberAttribute,
-      groupMemberUserAttribute
-    )
-    user.groups = groups
-    ldapUserClient.unbind()
-  }
-  return user
-}
-
-async function verifyUserExists(
-  adminDn,
-  adminPassword,
-  userSearchBase,
-  usernameAttribute,
-  username,
-  starttls,
-  ldapOpts,
-  groupsSearchBase,
-  groupClass,
-  groupMemberAttribute = 'member',
-  groupMemberUserAttribute = 'dn',
-  attributes = null
-) {
-  var ldapAdminClient
-  try {
-    ldapAdminClient = await _ldapBind(
-      adminDn,
-      adminPassword,
-      starttls,
-      ldapOpts
-    )
-  } catch (error) {
-    throw { admin: error }
-  }
-  var user = await _searchUser(
-    ldapAdminClient,
-    userSearchBase,
-    usernameAttribute,
-    username,
-    attributes
-  )
-  ldapAdminClient.unbind()
-  if (!user || !user.dn) {
-    ldapOpts.log &&
-      ldapOpts.log.trace(
-        `admin did not find user! (${usernameAttribute}=${username})`
-      )
-    throw new LdapAuthenticationError(
-      'user not found or usernameAttribute is wrong'
-    )
-  }
-  if (groupsSearchBase && groupClass && groupMemberAttribute) {
-    try {
-      ldapAdminClient = await _ldapBind(
-        adminDn,
-        adminPassword,
-        starttls,
-        ldapOpts
-      )
-    } catch (error) {
-      throw error
-    }
-    var groups = await _searchUserGroups(
-      ldapAdminClient,
-      groupsSearchBase,
-      user,
-      groupClass,
-      groupMemberAttribute,
-      groupMemberUserAttribute
-    )
-    user.groups = groups
-    ldapAdminClient.unbind()
-  }
-  return user
-}
-
-async function authenticate(options) {
-  if (!options.userDn) {
-    assert(options.adminDn, 'Admin mode adminDn must be provided')
-    assert(options.adminPassword, 'Admin mode adminPassword must be provided')
-    assert(options.userSearchBase, 'Admin mode userSearchBase must be provided')
-    assert(
-      options.usernameAttribute,
-      'Admin mode usernameAttribute must be provided'
-    )
-    assert(options.username, 'Admin mode username must be provided')
-  } else {
-    assert(options.userDn, 'User mode userDn must be provided')
-  }
-  assert(
-    options.ldapOpts && options.ldapOpts.url,
-    'ldapOpts.url must be provided'
-  )
-  if (options.verifyUserExists) {
-    assert(options.adminDn, 'Admin mode adminDn must be provided')
-    assert(
-      options.adminPassword,
-      'adminDn and adminPassword must be both provided.'
-    )
-    return await verifyUserExists(
-      options.adminDn,
-      options.adminPassword,
-      options.userSearchBase,
-      options.usernameAttribute,
-      options.username,
-      options.starttls,
-      options.ldapOpts,
-      options.groupsSearchBase,
-      options.groupClass,
-      options.groupMemberAttribute,
-      options.groupMemberUserAttribute
-    )
-  }
-  assert(options.userPassword, 'userPassword must be provided')
-  if (options.adminDn) {
-    assert(
-      options.adminPassword,
-      'adminDn and adminPassword must be both provided.'
-    )
-    return await authenticateWithAdmin(
-      options.adminDn,
-      options.adminPassword,
-      options.userSearchBase,
-      options.usernameAttribute,
-      options.username,
-      options.userPassword,
-      options.starttls,
-      options.ldapOpts,
-      options.groupsSearchBase,
-      options.groupClass,
-      options.groupMemberAttribute,
-      options.groupMemberUserAttribute,
-      options.attributes
-    )
-  }
-  assert(options.userDn, 'adminDn/adminPassword OR userDn must be provided')
-  return await authenticateWithUser(
-    options.userDn,
-    options.userSearchBase,
-    options.usernameAttribute,
-    options.username,
-    options.userPassword,
-    options.starttls,
-    options.ldapOpts,
-    options.groupsSearchBase,
-    options.groupClass,
-    options.groupMemberAttribute,
-    options.groupMemberUserAttribute,
-    options.attributes
-  )
-}
-
-class LdapAuthenticationError extends Error {
-  constructor(message) {
-    super(message)
-    // Ensure the name of this error is the same as the class name
-    this.name = this.constructor.name
-    // This clips the constructor invocation from the stack trace.
-    // It's not absolutely essential, but it does make the stack trace a little nicer.
-    //  @see Node.js reference (bottom)
-    Error.captureStackTrace(this, this.constructor)
-  }
-}
-
-module.exports.authenticate = authenticate
-module.exports.LdapAuthenticationError = LdapAuthenticationError
\ No newline at end of file
diff --git a/server/src/models/ldap.model.js b/server/src/models/ldap.model.js
index 6ce4e18e..d37559e1 100644
--- a/server/src/models/ldap.model.js
+++ b/server/src/models/ldap.model.js
@@ -50,7 +50,7 @@ Ldap.find = function(){
 Ldap.check = function(ldapConfig){
   return new Promise(async (resolve,reject)=>{
 
-    const { authenticate } = require('../lib/ldap-authentication')
+    const { authenticate } = require('ldap-authentication')
     // auth with admin
     var badCertificates=false
     let options = {
diff --git a/server/src/models/user.model.js b/server/src/models/user.model.js
index 02a739ec..4dd5bafe 100644
--- a/server/src/models/user.model.js
+++ b/server/src/models/user.model.js
@@ -3,7 +3,7 @@ const crypto = require("../lib/crypto")
 const logger=require("../lib/logger");
 const authConfig = require('../../config/auth.config')
 const appConfig = require('../../config/app.config')
-const ldapAuthentication = require('../lib/ldap-authentication').authenticate
+const ldapAuthentication = require('ldap-authentication').authenticate
 const Ldap = require('./ldap.model')
 const Form = require('./form.model')
 const YAML = require('yaml')

From 1197ebb609202513c61f05de7b10fea8b4f1806c Mon Sep 17 00:00:00 2001
From: Mirko Van Colen <mirko@vancolen.com>
Date: Fri, 21 Jun 2024 16:26:19 +0200
Subject: [PATCH 38/39] ldap still local

---
 server/src/lib/ldap-authentication.js | 470 ++++++++++++++++++++++++++
 server/src/models/ldap.model.js       |   2 +-
 server/src/models/user.model.js       |   4 +-
 3 files changed, 473 insertions(+), 3 deletions(-)
 create mode 100644 server/src/lib/ldap-authentication.js

diff --git a/server/src/lib/ldap-authentication.js b/server/src/lib/ldap-authentication.js
new file mode 100644
index 00000000..727b48c0
--- /dev/null
+++ b/server/src/lib/ldap-authentication.js
@@ -0,0 +1,470 @@
+const assert = require('assert')
+const ldap = require('ldapjs')
+
+// convert an escaped utf8 string returned from ldapjs
+function _isHex(c) {
+  return (
+    (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')
+  )
+}
+function _parseEscapedHexToUtf8(s) {
+  // convert 'cn=\\e7\\a0\\94\\e5\\8f\\91A\\e9\\83\\a8,ou=users,dc=example,dc=com'
+  // to 'cn=研发A部,ou=users,dc=example,dc=com'
+  let ret = Buffer.alloc(0)
+  let len = s.length
+  for (let i = 0; i < len; i++) {
+    let c = s[i]
+    let item
+    if (c == '\\' && i < len - 2 && _isHex(s[i + 1]) && _isHex(s[i + 2])) {
+      item = Buffer.from(s.substring(i + 1, i + 3), 'hex')
+      i += 2
+    } else {
+      item = Buffer.from(c)
+    }
+    ret = Buffer.concat([ret, item])
+  }
+  return ret.toString()
+}
+
+function _recursiveParseHexString(obj) {
+  if (Array.isArray(obj)) {
+    return obj.map((ele) => _recursiveParseHexString(ele))
+  }
+  if (typeof obj == 'string') {
+    return _parseEscapedHexToUtf8(obj)
+  }
+  if (typeof obj == 'object') {
+    for (let key in obj) {
+      obj[key] = _recursiveParseHexString(obj[key])
+    }
+    return obj
+  }
+  return obj
+}
+// convert a SearchResultEntry object in ldapjs 3.0
+// to a user object to maintain backward compatibility
+
+function _searchResultToUser(pojo) {
+  assert(pojo.type == 'SearchResultEntry')
+  let user = { dn: pojo.objectName }
+  pojo.attributes.forEach((attribute) => {
+    user[attribute.type] =
+      attribute.values.length == 1 ? attribute.values[0] : attribute.values
+  })
+  return _recursiveParseHexString(user)
+}
+// bind and return the ldap client
+function _ldapBind(dn, password, starttls, ldapOpts) {
+  return new Promise(function (resolve, reject) {
+    ldapOpts.connectTimeout = ldapOpts.connectTimeout || 5000
+    let client = ldap.createClient(ldapOpts)
+
+    client.on('connect', function () {
+      if (starttls) {
+        client.starttls(ldapOpts.tlsOptions, null, function (error) {
+          if (error) {
+            reject(error)
+            return
+          }
+          client.bind(dn, password, function (err) {
+            if (err) {
+              reject(err)
+              return
+            }
+            ldapOpts.log && ldapOpts.log.trace('bind success!')
+            resolve(client)
+          })
+        })
+      } else {
+        client.bind(dn, password, function (err) {
+          if (err) {
+            reject(err)
+            return
+          }
+          ldapOpts.log && ldapOpts.log.trace('bind success!')
+          resolve(client)
+        })
+      }
+    })
+
+    //Fix for issue https://github.com/shaozi/ldap-authentication/issues/13
+    client.on('timeout', (err) => {
+      reject(err)
+    })
+    client.on('connectTimeout', (err) => {
+      reject(err)
+    })
+    client.on('error', (err) => {
+      reject(err)
+    })
+
+    client.on('connectError', function (error) {
+      if (error) {
+        reject(error)
+        return
+      }
+    })
+  })
+}
+
+// search a user and return the object
+async function _searchUser(
+  ldapClient,
+  searchBase,
+  usernameAttribute,
+  username,
+  attributes = null
+) {
+  return new Promise(function (resolve, reject) {
+    let filter = new ldap.filters.EqualityFilter({
+      attribute: usernameAttribute,
+      value: username,
+    })
+    let searchOptions = {
+      filter: filter,
+      scope: 'sub',
+      attributes: attributes,
+    }
+    if (attributes) {
+      searchOptions.attributes = attributes
+    }
+    ldapClient.search(searchBase, searchOptions, function (err, res) {
+      let user = null
+      if (err) {
+        reject(err)
+        return
+      }
+      res.on('searchEntry', function (entry) {
+        user = _searchResultToUser(entry.pojo)
+      })
+      res.on('searchReference', function (referral) {
+        // TODO: we don't support reference yet
+        // If the server was able to locate the entry referred to by the baseObject
+        // but could not search one or more non-local entries,
+        // the server may return one or more SearchResultReference messages,
+        // each containing a reference to another set of servers for continuing the operation.
+        // referral.uris
+      })
+      res.on('error', function (err) {
+        reject(err)
+      })
+      res.on('end', function (result) {
+        if (result.status != 0) {
+          reject(new Error('ldap search status is not 0, search failed'))
+        } else {
+          resolve(user)
+        }
+      })
+    })
+  })
+}
+
+// search a groups which user is member
+async function _searchUserGroups(
+  ldapClient,
+  searchBase,
+  user,
+  groupClass,
+  groupMemberAttribute = 'member',
+  groupMemberUserAttribute = 'dn'
+) {
+  return new Promise(function (resolve, reject) {
+    ldapClient.search(
+      searchBase,
+      {
+        filter: `(&(objectclass=${groupClass})(${groupMemberAttribute}=${user[groupMemberUserAttribute]}))`,
+        scope: 'sub',
+      },
+      function (err, res) {
+        let groups = []
+        if (err) {
+          reject(err)
+          return
+        }
+        res.on('searchEntry', function (entry) {
+          groups.push(_recursiveParseHexString(entry.pojo))
+        })
+        res.on('searchReference', function (referral) {})
+        res.on('error', function (err) {
+          reject(err)
+        })
+        res.on('end', function (result) {
+          if (result.status != 0) {
+            reject(new Error('ldap search status is not 0, search failed'))
+          } else {
+            resolve(groups)
+          }
+        })
+      }
+    )
+  })
+}
+
+async function authenticateWithAdmin(
+  adminDn,
+  adminPassword,
+  userSearchBase,
+  usernameAttribute,
+  username,
+  userPassword,
+  starttls,
+  ldapOpts,
+  groupsSearchBase,
+  groupClass,
+  groupMemberAttribute = 'member',
+  groupMemberUserAttribute = 'dn',
+  attributes = null
+) {
+  let ldapAdminClient
+  try {
+    ldapAdminClient = await _ldapBind(
+      adminDn,
+      adminPassword,
+      starttls,
+      ldapOpts
+    )
+  } catch (error) {
+    throw { admin: error }
+  }
+  let user = await _searchUser(
+    ldapAdminClient,
+    userSearchBase,
+    usernameAttribute,
+    username,
+    attributes
+  )
+  if (!user || !user.dn) {
+    ldapOpts.log &&
+      ldapOpts.log.trace(
+        `admin did not find user! (${usernameAttribute}=${username})`
+      )
+    throw new LdapAuthenticationError(
+      'user not found or usernameAttribute is wrong'
+    )
+  }
+  let userDn = user.dn
+  let ldapUserClient
+  try {
+    ldapUserClient = await _ldapBind(userDn, userPassword, starttls, ldapOpts)
+  } catch (error) {
+    throw error
+  }
+  if (groupsSearchBase && groupClass && groupMemberAttribute) {
+    let groups = await _searchUserGroups(
+      ldapAdminClient,
+      groupsSearchBase,
+      user,
+      groupClass,
+      groupMemberAttribute,
+      groupMemberUserAttribute
+    )
+    user.groups = groups
+  }
+  return user
+}
+
+async function authenticateWithUser(
+  userDn,
+  userSearchBase,
+  usernameAttribute,
+  username,
+  userPassword,
+  starttls,
+  ldapOpts,
+  groupsSearchBase,
+  groupClass,
+  groupMemberAttribute = 'member',
+  groupMemberUserAttribute = 'dn',
+  attributes = null
+) {
+  let ldapUserClient
+  try {
+    ldapUserClient = await _ldapBind(userDn, userPassword, starttls, ldapOpts)
+  } catch (error) {
+    throw error
+  }
+  if (!usernameAttribute || !userSearchBase) {
+    // if usernameAttribute is not provided, no user detail is needed.
+    return true
+  }
+  let user = await _searchUser(
+    ldapUserClient,
+    userSearchBase,
+    usernameAttribute,
+    username,
+    attributes
+  )
+  if (!user || !user.dn) {
+    ldapOpts.log &&
+      ldapOpts.log.trace(
+        `user logged in, but user details could not be found. (${usernameAttribute}=${username}). Probabaly wrong attribute or searchBase?`
+      )
+    throw new LdapAuthenticationError(
+      'user logged in, but user details could not be found. Probabaly usernameAttribute or userSearchBase is wrong?'
+    )
+  }
+  if (groupsSearchBase && groupClass && groupMemberAttribute) {
+    let groups = await _searchUserGroups(
+      ldapUserClient,
+      groupsSearchBase,
+      user,
+      groupClass,
+      groupMemberAttribute,
+      groupMemberUserAttribute
+    )
+    user.groups = groups
+  }
+  return user
+}
+
+async function verifyUserExists(
+  adminDn,
+  adminPassword,
+  userSearchBase,
+  usernameAttribute,
+  username,
+  starttls,
+  ldapOpts,
+  groupsSearchBase,
+  groupClass,
+  groupMemberAttribute = 'member',
+  groupMemberUserAttribute = 'dn',
+  attributes = null
+) {
+  let ldapAdminClient
+  try {
+    ldapAdminClient = await _ldapBind(
+      adminDn,
+      adminPassword,
+      starttls,
+      ldapOpts
+    )
+  } catch (error) {
+    throw { admin: error }
+  }
+  let user = await _searchUser(
+    ldapAdminClient,
+    userSearchBase,
+    usernameAttribute,
+    username,
+    attributes
+  )
+  if (!user || !user.dn) {
+    ldapOpts.log &&
+      ldapOpts.log.trace(
+        `admin did not find user! (${usernameAttribute}=${username})`
+      )
+    throw new LdapAuthenticationError(
+      'user not found or usernameAttribute is wrong'
+    )
+  }
+  if (groupsSearchBase && groupClass && groupMemberAttribute) {
+    let groups = await _searchUserGroups(
+      ldapAdminClient,
+      groupsSearchBase,
+      user,
+      groupClass,
+      groupMemberAttribute,
+      groupMemberUserAttribute
+    )
+    user.groups = groups
+  }
+  return user
+}
+
+async function authenticate(options) {
+  if (!options.userDn) {
+    assert(options.adminDn, 'Admin mode adminDn must be provided')
+    assert(options.adminPassword, 'Admin mode adminPassword must be provided')
+    assert(options.userSearchBase, 'Admin mode userSearchBase must be provided')
+    assert(
+      options.usernameAttribute,
+      'Admin mode usernameAttribute must be provided'
+    )
+    assert(options.username, 'Admin mode username must be provided')
+  } else {
+    assert(options.userDn, 'User mode userDn must be provided')
+  }
+  assert(
+    options.ldapOpts && options.ldapOpts.url,
+    'ldapOpts.url must be provided'
+  )
+  if (options.verifyUserExists) {
+    assert(options.adminDn, 'Admin mode adminDn must be provided')
+    assert(
+      options.adminPassword,
+      'adminDn and adminPassword must be both provided.'
+    )
+    return await verifyUserExists(
+      options.adminDn,
+      options.adminPassword,
+      options.userSearchBase,
+      options.usernameAttribute,
+      options.username,
+      options.starttls,
+      options.ldapOpts,
+      options.groupsSearchBase,
+      options.groupClass,
+      options.groupMemberAttribute,
+      options.groupMemberUserAttribute
+    )
+  }
+  assert(options.userPassword, 'userPassword must be provided')
+  if (options.adminDn) {
+    assert(
+      options.adminPassword,
+      'adminDn and adminPassword must be both provided.'
+    )
+    return await authenticateWithAdmin(
+      options.adminDn,
+      options.adminPassword,
+      options.userSearchBase,
+      options.usernameAttribute,
+      options.username,
+      options.userPassword,
+      options.starttls,
+      options.ldapOpts,
+      options.groupsSearchBase,
+      options.groupClass,
+      options.groupMemberAttribute,
+      options.groupMemberUserAttribute,
+      options.attributes
+    )
+  }
+  assert(options.userDn, 'adminDn/adminPassword OR userDn must be provided')
+  return await authenticateWithUser(
+    options.userDn,
+    options.userSearchBase,
+    options.usernameAttribute,
+    options.username,
+    options.userPassword,
+    options.starttls,
+    options.ldapOpts,
+    options.groupsSearchBase,
+    options.groupClass,
+    options.groupMemberAttribute,
+    options.groupMemberUserAttribute,
+    options.attributes
+  )
+}
+
+class LdapAuthenticationError extends Error {
+  constructor(message) {
+    super(message)
+    // Ensure the name of this error is the same as the class name
+    this.name = this.constructor.name
+    // This clips the constructor invocation from the stack trace.
+    // It's not absolutely essential, but it does make the stack trace a little nicer.
+    //  @see Node.js reference (bottom)
+    Error.captureStackTrace(this, this.constructor)
+  }
+}
+
+module.exports.authenticate = authenticate
+module.exports.LdapAuthenticationError = LdapAuthenticationError
+
+module.exports.exportForTesting = {
+  _isHex,
+  _parseEscapedHexToUtf8,
+  _recursiveParseHexString,
+}
\ No newline at end of file
diff --git a/server/src/models/ldap.model.js b/server/src/models/ldap.model.js
index d37559e1..6ce4e18e 100644
--- a/server/src/models/ldap.model.js
+++ b/server/src/models/ldap.model.js
@@ -50,7 +50,7 @@ Ldap.find = function(){
 Ldap.check = function(ldapConfig){
   return new Promise(async (resolve,reject)=>{
 
-    const { authenticate } = require('ldap-authentication')
+    const { authenticate } = require('../lib/ldap-authentication')
     // auth with admin
     var badCertificates=false
     let options = {
diff --git a/server/src/models/user.model.js b/server/src/models/user.model.js
index 4dd5bafe..8e2cb697 100644
--- a/server/src/models/user.model.js
+++ b/server/src/models/user.model.js
@@ -3,7 +3,7 @@ const crypto = require("../lib/crypto")
 const logger=require("../lib/logger");
 const authConfig = require('../../config/auth.config')
 const appConfig = require('../../config/app.config')
-const ldapAuthentication = require('ldap-authentication').authenticate
+const ldapAuthentication = require('../lib/ldap-authentication').authenticate
 const Ldap = require('./ldap.model')
 const Form = require('./form.model')
 const YAML = require('yaml')
@@ -251,7 +251,7 @@ User.checkLdap = function(username,password){
         throw "Certificate is not valid"
       }else{
         logger.info(`Checking ldap for user ${username}`)
-        logger.debug(JSON.stringify(options))
+        // logger.debug(JSON.stringify(options))
         return ldapAuthentication(options)
       }
     })

From 3bf7c39ae005e66207bcd27fb1069af2b9c1a5d9 Mon Sep 17 00:00:00 2001
From: GitHub Actions <noreply@github.com>
Date: Fri, 21 Jun 2024 14:41:19 +0000
Subject: [PATCH 39/39] Prepare release 5.0.3

---
 CHANGELOG.md        | 6 +++++-
 app_versions.gradle | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 64ca4917..97fc5173 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.0.3] - 2024-06-21
+
 ### Added
 
 -   Option to disable/enable schema creation (ALLOW_SCHEMA_CREATION)
@@ -707,7 +709,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Allow change password for current local user
 -   Start tracking versions
 
-[Unreleased]: https://github.com/ansibleguy76/ansibleforms/compare/5.0.2...HEAD
+[Unreleased]: https://github.com/ansibleguy76/ansibleforms/compare/5.0.3...HEAD
+
+[5.0.3]: https://github.com/ansibleguy76/ansibleforms/compare/5.0.2...5.0.3
 
 [5.0.2]: https://github.com/ansibleguy76/ansibleforms/compare/5.0.1...5.0.2
 
diff --git a/app_versions.gradle b/app_versions.gradle
index 927586b1..22ed8bcf 100644
--- a/app_versions.gradle
+++ b/app_versions.gradle
@@ -1,2 +1,2 @@
-ext.version_code = 50002
-ext.version_name = "5.0.2"
+ext.version_code = 50003
+ext.version_name = "5.0.3"