Merge pull request #6070 from Countly/master_from_24_05_28_merge_conflict

Master from 24_05_28

Author: coskunaydinoglu

CHANGELOG.md

@@ -1,5 +1,9 @@
-##Version 25.03.XX
+## Version 25.03.2
+Fixes:
+- [user-management] Prevent global admin from self-revoke and self-delete
+
 Enterprise fixes:
+- [cohorts] Fixed issue with combining multiple cohorts
 - [drill] Fixed issue with column naming in export according to event
 - [drill] Fixed an issue with incorrect date range in report manager
 
@@ -8,7 +12,7 @@ Fixes:
 - [crashes] Remove memory addresses from stack trace grouping
 - [script] Refined delete_custom_events.js to clean up faulty/dead events completely.
 
-Enterprise fixes:
+Enterprise Fixes:
 - [ab-testing] Fixed bug with variant user filtering
 - [license] Fixed issue with handling invalid date periods
 

bin/scripts/mongodb.install.sh

@@ -380,4 +380,4 @@ elif [ "$1" == "configure" ]; then
     else
         mongodb_configure
     fi
-fi
+fi

bin/upgrade/mongodb8/upgrade.mongo.70.sh

@@ -0,0 +1,146 @@
+#!/bin/bash
+
+#we have to check since we cannot continue unless
+if [ -f /etc/redhat-release ]; then
+    CENTOS_MAJOR="$(cat /etc/redhat-release |awk -F'[^0-9]+' '{ print $2 }')"
+
+    if [[ "$CENTOS_MAJOR" != "8" && "$CENTOS_MAJOR" != "9" ]]; then
+        echo "Unsupported OS version, only support CentOS/RHEL 8 and 9."
+        exit 1
+    fi
+fi
+
+if [ -f /etc/lsb-release ]; then
+    UBUNTU_YEAR="$(lsb_release -sr | cut -d '.' -f 1)";
+    UBUNTU_RELEASE="$(lsb_release -cs)"
+
+    if [[ "$UBUNTU_YEAR" != "20" && "$UBUNTU_YEAR" != "22" ]]; then
+        echo "Unsupported OS version, only support Ubuntu 20 and 22."
+        exit 1
+    fi
+fi
+
+#check if authentication is required
+isAuth=0
+if grep -Eq '^\s*authorization\s*:\s*enabled' /etc/mongod.conf; then
+    isAuth=1
+fi
+
+#check if we have previous upgrade needed
+FEATVER=$(mongosh admin --eval "printjson(db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ).featureCompatibilityVersion)" --quiet);
+VER=$(mongod -version | grep "db version" | cut -d ' ' -f 3 | cut -d 'v' -f 2)
+
+if [ "$isAuth" -eq "1" ]; then
+    echo "Since authentication is enabled, we cannot verify if you need to run this upgrade script"
+    echo ""
+    echo "Please run this command with authentication parameters:"
+    echo ""
+    echo "mongosh admin --eval \"db.adminCommand({ getParameter: 1, featureCompatibilityVersion: 1 } )\""
+    echo ""
+    echo "and continue only if \"featureCompatibilityVersion\" is 6.0 "
+    echo ""
+    read -r -p "Is your \"featureCompatibilityVersion\" version is 6.0? [y/N] " response
+    if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]
+    then
+        echo "Continue upgrading"
+    else
+        echo "Stopping script"
+        exit 0;
+    fi
+
+fi
+
+if [ -x "$(command -v mongosh)" ]; then
+    if echo "$VER" | grep -q -i "7.0" ; then
+        if echo "$FEATVER" | grep -q -i "6.0" ; then
+            echo "run this command to upgrade to 7.0";
+            echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\"7.0\\\" } )\"";
+        else
+            echo "We already have version 7.0";
+        fi
+        exit 0;
+    elif echo "$VER" | grep -q -i "6.0" ; then
+        if echo "$FEATVER" | grep -q -i "5.0" ; then
+            echo "run this command before upgrading to 7.0";
+            echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\"6.0\\\" } )\"";
+            exit 0;
+        else
+            echo "Upgrading to MongoDB 7.0";
+        fi
+    else
+        echo "Unsupported MongodB version $VER";
+        echo "Upgrade to MongoDB 6.0 first and then run this script";
+        exit 1;
+    fi
+
+    if [ -f /etc/redhat-release ]; then
+        #backup of systemd unit file and mongod.conf file
+        \cp /usr/lib/systemd/system/mongod.service /usr/lib/systemd/system/mongod.service.bak
+        \cp -f /etc/mongod.conf /etc/mongod.conf.bak
+        #uninstall mognodb
+        yum erase -y mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
+    fi
+
+    if [ -f /etc/lsb-release ]; then
+        #uninstall mognodb
+        apt-get remove -y mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
+    fi
+fi
+
+if [ -f /etc/redhat-release ]; then
+    #install latest mongodb
+    #select source based on release
+    echo "[mongodb-org-7.0]
+name=MongoDB Repository
+baseurl=https://repo.mongodb.org/yum/redhat/${CENTOS_MAJOR}/mongodb-org/7.0/x86_64/
+gpgcheck=1
+enabled=1
+gpgkey=https://www.mongodb.org/static/pgp/server-7.0.asc" > /etc/yum.repos.d/mongodb-org-7.0.repo
+
+    yum install -y mongodb-org
+    \cp -f /etc/mongod.conf.bak /etc/mongod.conf
+fi
+
+if [ -f /etc/lsb-release ]; then
+    #install latest mongodb
+	wget -qO - https://www.mongodb.org/static/pgp/server-7.0.asc | sudo apt-key add -
+
+    echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu ${UBUNTU_RELEASE}/mongodb-org/7.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list ;
+    apt-get update
+    #install mongodb
+    apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -y mongodb-org --force-yes || (echo "Failed to install mongodb." ; exit)
+fi
+
+if [ -f /etc/redhat-release ]; then
+    #Restoring systemd unit file
+    \cp -f /usr/lib/systemd/system/mongod.service.bak /usr/lib/systemd/system/mongod.service
+    systemctl daemon-reload
+fi
+
+# check and comment out journal: enabled: true in mongod.conf
+CONF_FILE="/etc/mongod.conf"
+if grep -qP '^\s*journal\s*:\s*$' "$CONF_FILE" && grep -qP '^\s*enabled\s*:\s*true\s*$' "$CONF_FILE"; then
+    echo "Commenting out journal: enabled: true in $CONF_FILE"
+    sed -i '/^\s*journal\s*:/ { N; s/\(.*\n\s*\)\(enabled\s*:\s*true\s*$\)/# \1# \2/ }' "$CONF_FILE"
+else
+    echo "Could not find 'journal: enabled: true' in $CONF_FILE or it's already commented."
+fi
+
+#mongodb might need to be started
+systemctl restart mongod || echo "mongodb systemctl job does not exist"
+
+#nc not available on latest centos
+#until nc -z localhost 27017; do echo Waiting for MongoDB; sleep 1; done
+mongosh --nodb --eval 'var conn; print("Waiting for MongoDB connection on port 27017. Exit if incorrect port"); var cnt = 0; while(!conn && cnt <= 300){try{conn = new Mongo("localhost:27017");}catch(Error){}sleep(1000);cnt++;}'
+
+if [ "$isAuth" -eq "1" ]; then
+    echo "run this command with authentication to upgrade to 7.0"
+    echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\"7.0\\\" } )\""
+elif ! mongosh admin --eval "printjson(db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ))" ; then
+    echo "Could not connect to MongodB, run this command when Mongo is up and running"
+    echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\"7.0\\\" } )\""
+else
+    mongosh admin --eval "printjson(db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ))"
+    mongosh admin --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"7.0\", confirm: true } )"
+    echo "Finished upgrading script"
+fi

bin/upgrade/mongodb8/upgrade.mongo.80.sh

@@ -0,0 +1,138 @@
+#!/bin/bash
+
+#we have to check since we cannot continue unless
+if [ -f /etc/redhat-release ]; then
+    CENTOS_MAJOR="$(cat /etc/redhat-release |awk -F'[^0-9]+' '{ print $2 }')"
+
+    if [[ "$CENTOS_MAJOR" != "8" && "$CENTOS_MAJOR" != "9" ]]; then
+        echo "Unsupported OS version, only support CentOS/RHEL 8 and 9."
+        exit 1
+    fi
+fi
+
+if [ -f /etc/lsb-release ]; then
+    UBUNTU_YEAR="$(lsb_release -sr | cut -d '.' -f 1)";
+    UBUNTU_RELEASE="$(lsb_release -cs)"
+
+    if [[ "$UBUNTU_YEAR" != "20" && "$UBUNTU_YEAR" != "22" && "$UBUNTU_YEAR" != "24" ]]; then
+        echo "Unsupported OS version, only support Ubuntu 20 and 22 and 24."
+        exit 1
+    fi
+fi
+
+#check if authentication is required
+isAuth=0
+if grep -Eq '^\s*authorization\s*:\s*enabled' /etc/mongod.conf; then
+    isAuth=1
+fi
+
+#check if we have previous upgrade needed
+FEATVER=$(mongosh admin --eval "printjson(db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ).featureCompatibilityVersion)" --quiet);
+VER=$(mongod -version | grep "db version" | cut -d ' ' -f 3 | cut -d 'v' -f 2)
+
+if [ "$isAuth" -eq "1" ]; then
+    echo "Since authentication is enabled, we cannot verify if you need to run this upgrade script"
+    echo ""
+    echo "Please run this command with authentication parameters:"
+    echo ""
+    echo "mongosh admin --eval \"db.adminCommand({ getParameter: 1, featureCompatibilityVersion: 1 } )\""
+    echo ""
+    echo "and continue only if \"featureCompatibilityVersion\" is 7.0 "
+    echo ""
+    read -r -p "Is your \"featureCompatibilityVersion\" version is 7.0? [y/N] " response
+    if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]
+    then
+        echo "Continue upgrading"
+    else
+        echo "Stopping script"
+        exit 0;
+    fi
+
+fi
+
+if [ -x "$(command -v mongosh)" ]; then
+    if echo "$VER" | grep -q -i "8.0" ; then
+        if echo "$FEATVER" | grep -q -i "7.0" ; then
+            echo "run this command to upgrade to 8.0";
+            echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\"8.0\\\", confirm: true } )\"";
+        else
+            echo "We already have version 8.0";
+        fi
+        exit 0;
+    elif echo "$VER" | grep -q -i "7.0" ; then
+        if echo "$FEATVER" | grep -q -i "6.0" ; then
+            echo "run this command before upgrading to 8.0 and rerunning this script";
+            echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\"7.0\\\", confirm: true } )\"";
+            exit 0;
+        else
+            echo "Upgrading to MongoDB 8.0";
+        fi
+    else
+        echo "Unsupported MongodB version $VER";
+        echo "Upgrade to MongoDB 7.0 first and then run this script";
+        exit 1;
+    fi
+
+    if [ -f /etc/redhat-release ]; then
+        #backup of systemd unit file and mongod.conf file
+        \cp /usr/lib/systemd/system/mongod.service /usr/lib/systemd/system/mongod.service.bak
+        \cp -f /etc/mongod.conf /etc/mongod.conf.bak
+        #uninstall mognodb
+        yum erase -y mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
+    fi
+
+    if [ -f /etc/lsb-release ]; then
+        #uninstall mognodb
+        apt-get remove -y mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
+    fi
+fi
+
+if [ -f /etc/redhat-release ]; then
+    #install latest mongodb
+    #select source based on release
+echo "[mongodb-org-8.0]
+name=MongoDB Repository
+baseurl=https://repo.mongodb.org/yum/redhat/${CENTOS_MAJOR}/mongodb-org/8.0/x86_64/
+gpgcheck=1
+enabled=1
+gpgkey=https://pgp.mongodb.com/server-8.0.asc" > /etc/yum.repos.d/mongodb-org-8.0.repo
+
+    yum install -y mongodb-org
+    \cp -f /etc/mongod.conf.bak /etc/mongod.conf
+fi
+
+if [ -f /etc/lsb-release ]; then
+    #install latest mongodb
+	curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor
+
+    echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu ${UBUNTU_RELEASE}/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
+    apt-get update
+    #install mongodb
+    apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -y mongodb-org --force-yes || (echo "Failed to install mongodb." ; exit)
+fi
+
+if [ -f /etc/redhat-release ]; then
+    #Restoring systemd unit file
+    \cp -f /usr/lib/systemd/system/mongod.service.bak /usr/lib/systemd/system/mongod.service
+    systemctl daemon-reload
+fi
+
+#mongodb might need to be started
+systemctl restart mongod || echo "mongodb systemctl job does not exist"
+
+#nc not available on latest centos
+#until nc -z localhost 27017; do echo Waiting for MongoDB; sleep 1; done
+mongosh --nodb --eval 'var conn; print("Waiting for MongoDB connection on port 27017. Exit if incorrect port"); var cnt = 0; while(!conn && cnt <= 300){try{conn = new Mongo("localhost:27017");}catch(Error){}sleep(1000);cnt++;}'
+
+if [ "$isAuth" -eq "1" ]; then
+    echo "run this command with authentication to upgrade to 8.0"
+    # shellcheck disable=SC2028
+    echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\8.0\\\", confirm: true } )\""
+elif ! mongosh admin --eval "printjson(db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ))" ; then
+    echo "Could not connect to MongodB, run this command when Mongo is up and running"
+    echo "mongosh admin --eval \"db.adminCommand( { setFeatureCompatibilityVersion: \\\"8.0\\\", confirm: true } )\""
+else
+    mongosh admin --eval "printjson(db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ))"
+    mongosh admin --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"8.0\", confirm: true } )"
+    echo "Finished upgrading script"
+fi

frontend/express/public/core/user-management/javascripts/countly.views.js

@@ -122,6 +122,16 @@
                 switch (command) {
                 case "delete-user":
                     var self = this;
+
+                    // Check if user is trying to delete themselves
+                    if (index === countlyGlobal.member._id) {
+                        CountlyHelpers.notify({
+                            type: 'error',
+                            message: CV.i18n('management-users.cannot-delete-own-account')
+                        });
+                        return;
+                    }
+
                     CountlyHelpers.confirm(CV.i18n('management-users.this-will-delete-user'), "red", function(result) {
                         if (!result) {
                             CountlyHelpers.notify({
@@ -712,6 +722,15 @@
             // drawer event handlers
             onClose: function() {},
             onSubmit: function(submitted, done) {
+                if (submitted._id === countlyGlobal.member._id && countlyGlobal.member.global_admin && !submitted.global_admin) {
+                    CountlyHelpers.notify({
+                        message: CV.i18n('management-users.cannot-revoke-own-admin'),
+                        type: 'error'
+                    });
+                    done(CV.i18n('management-users.cannot-revoke-own-admin'));
+                    return;
+                }
+
                 var atLeastOneAppSelected = false;
 
                 for (var i = 0; i < submitted.permission._.u.length; i++) {

frontend/express/public/javascripts/countly/vue/components/vis.js

@@ -956,6 +956,7 @@
                         },
                         animation: false
                     },
+                    symbol: 'none'
                 },
                 mergedNotes: [],
             };

frontend/express/public/javascripts/countly/vue/templates/drawer.html

@@ -89,8 +89,8 @@ <h3>{{title}}</h3>
                     <div class="cly-vue-drawer__buttons is-multi-step is-single-step bu-is-justify-content-flex-end bu-is-flex" v-if="isMultiStep">
                         <el-button :data-test-id="testId + '-cancel-button'" type="secondary" @click="doClose" size="small" v-if="currentStepIndex === 0 && hasCancelButton" :disabled="isSubmitPending">{{cancelButtonLabel}}</el-button>
                         <el-button :data-test-id="testId + '-previous-step-button'" type="secondary" @click="prevStep" size="small" v-if="currentStepIndex > 0" :disabled="isSubmitPending">{{i18n('common.drawer.previous-step')}}</el-button>
-                        <el-button :data-test-id="testId + '-next-step-button'" type="success" @click="nextStep" size="small" v-if="!isLastStep" :class="{'is-disabled':!isCurrentStepValid}" :disabled="isSubmitPending">{{i18n('common.drawer.next-step')}}</el-button>
-                        <el-button :data-test-id="testId + '-save-button'" type="success" @click="submit" :loading="isSubmitPending" size="small" v-if="isLastStep" :class="{'is-disabled':!isSubmissionAllowed}" :disabled="isSubmitPending">{{saveButtonLabel}}</el-button>
+                        <el-button :data-test-id="testId + '-next-step-button'" type="success" :key="isLastStep" @click="nextStep" size="small" v-if="!isLastStep" :class="{'is-disabled':!isCurrentStepValid}" :disabled="isSubmitPending">{{i18n('common.drawer.next-step')}}</el-button>
+                        <el-button :data-test-id="testId + '-save-button'" type="success" :key="isLastStep" @click="submit" :loading="isSubmitPending" size="small" v-if="isLastStep" :class="{'is-disabled':!isSubmissionAllowed}" :disabled="isSubmitPending">{{saveButtonLabel}}</el-button>
                     </div>
                     <div class="cly-vue-drawer__buttons is-single-step is-single-step bu-is-justify-content-flex-end bu-is-flex" v-if="!isMultiStep">
                         <el-button :data-test-id="testId + '-cancel-button'" type="secondary" @click="doClose" size="small" v-if="hasCancelButton" :disabled="isSubmitPending">{{cancelButtonLabel}}</el-button>

frontend/express/public/localization/dashboard/dashboard.properties

@@ -956,6 +956,8 @@ management-users.search-placeholder = Search in Features
 management-users.reset-failed-logins = Reset failed logins
 management-users.reset-failed-logins-success = Failed logins reset successfully\!
 management-users.reset-failed-logins-failed = Failed to reset logins\!
+management-users.cannot-delete-own-account = You can not delete your own account
+management-users.cannot-revoke-own-admin = You can not revoke your own global admin privileges
 
 #date-preset
 management.preset = Date presets

plugins/star-rating/frontend/public/templates/star-consent-link.html

@@ -1,7 +1,7 @@
 <div class="bu-py-1 bu-px-4 cly-vue-drawer-step__section-group--filled">
   <div class="cly-vue-drawer-step__section">
-    <div class="text-small text-heading bu-pb-1" data-test-id="ratings-drawer-settings-add-user-consent-text-label">{{i18n('rating.drawer.consent.text')}}</div>
-    <validation-provider name="value.consent" rules="required|max:93" v-slot="v">
+    <div class="text-small text-heading bu-pb-1">{{i18n('rating.drawer.consent.text')}}</div>
+    <validation-provider name="value.consent" rules="required|max:94" v-slot="v">
       <el-input
         test-id="ratings-drawer-settings-add-user-consent-text-input"
         :class="{'is-error': v.errors.length > 0}"