@budibase/backend-core 2.14.1 → 2.14.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +24 -6
- package/dist/index.js.map +3 -3
- package/dist/index.js.meta.json +1 -1
- package/dist/package.json +4 -4
- package/dist/plugins.js.meta.json +1 -1
- package/dist/src/environment.d.ts +2 -0
- package/dist/src/environment.js +1 -1
- package/dist/src/environment.js.map +1 -1
- package/dist/src/middleware/authenticated.js +12 -0
- package/dist/src/middleware/authenticated.js.map +1 -1
- package/dist/src/redis/redlockImpl.js.map +1 -1
- package/dist/src/security/auth.js +6 -2
- package/dist/src/security/auth.js.map +1 -1
- package/dist/src/users/db.d.ts +7 -5
- package/dist/src/users/db.js +6 -3
- package/dist/src/users/db.js.map +1 -1
- package/package.json +4 -4
- package/src/environment.ts +2 -0
- package/src/middleware/authenticated.ts +14 -0
- package/src/redis/redlockImpl.ts +0 -1
- package/src/security/auth.ts +3 -3
- package/src/users/db.ts +13 -4
package/dist/index.js
CHANGED
|
@@ -2591,6 +2591,8 @@ var init_environment2 = __esm({
|
|
|
2591
2591
|
DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
|
|
2592
2592
|
BLACKLIST_IPS: process.env.BLACKLIST_IPS,
|
|
2593
2593
|
SERVICE_TYPE: "unknown",
|
|
2594
|
+
PASSWORD_MIN_LENGTH: process.env.PASSWORD_MIN_LENGTH,
|
|
2595
|
+
PASSWORD_MAX_LENGTH: process.env.PASSWORD_MAX_LENGTH,
|
|
2594
2596
|
/**
|
|
2595
2597
|
* Enable to allow an admin user to login using a password.
|
|
2596
2598
|
* This can be useful to prevent lockout when configuring SSO.
|
|
@@ -10521,8 +10523,9 @@ __export(security_exports, {
|
|
|
10521
10523
|
});
|
|
10522
10524
|
|
|
10523
10525
|
// src/security/auth.ts
|
|
10524
|
-
|
|
10525
|
-
var
|
|
10526
|
+
init_environment2();
|
|
10527
|
+
var PASSWORD_MIN_LENGTH = +(environment_default.PASSWORD_MIN_LENGTH || 8);
|
|
10528
|
+
var PASSWORD_MAX_LENGTH = +(environment_default.PASSWORD_MAX_LENGTH || 512);
|
|
10526
10529
|
function validatePassword(password) {
|
|
10527
10530
|
if (!password || password.length < PASSWORD_MIN_LENGTH) {
|
|
10528
10531
|
return {
|
|
@@ -10581,9 +10584,11 @@ var UserDB = class _UserDB {
|
|
|
10581
10584
|
if (await _UserDB.isPreventPasswordActions(user, account)) {
|
|
10582
10585
|
throw new HTTPError("Password change is disabled for this user", 400);
|
|
10583
10586
|
}
|
|
10584
|
-
|
|
10585
|
-
|
|
10586
|
-
|
|
10587
|
+
if (!opts.skipPasswordValidation) {
|
|
10588
|
+
const passwordValidation = validatePassword(password);
|
|
10589
|
+
if (!passwordValidation.valid) {
|
|
10590
|
+
throw new HTTPError(passwordValidation.error, 400);
|
|
10591
|
+
}
|
|
10587
10592
|
}
|
|
10588
10593
|
hashedPassword = opts.hashPassword ? await hash(password) : password;
|
|
10589
10594
|
} else if (dbUser) {
|
|
@@ -10892,7 +10897,8 @@ var UserDB = class _UserDB {
|
|
|
10892
10897
|
await bustCache("checklist" /* CHECKLIST */);
|
|
10893
10898
|
return await _UserDB.save(user, {
|
|
10894
10899
|
hashPassword: opts?.hashPassword,
|
|
10895
|
-
requirePassword: opts?.requirePassword
|
|
10900
|
+
requirePassword: opts?.requirePassword,
|
|
10901
|
+
skipPasswordValidation: opts?.skipPasswordValidation
|
|
10896
10902
|
});
|
|
10897
10903
|
}
|
|
10898
10904
|
static async getGroups(groupIds) {
|
|
@@ -12915,6 +12921,7 @@ function readBytes(stream2, length) {
|
|
|
12915
12921
|
// src/middleware/authenticated.ts
|
|
12916
12922
|
init_identity();
|
|
12917
12923
|
init_environment2();
|
|
12924
|
+
var import_dd_trace3 = __toESM(require("dd-trace"));
|
|
12918
12925
|
var ONE_MINUTE = environment_default.SESSION_UPDATE_PERIOD ? parseInt(environment_default.SESSION_UPDATE_PERIOD) : 60 * 1e3;
|
|
12919
12926
|
function timeMinusOneMinute() {
|
|
12920
12927
|
return new Date(Date.now() - ONE_MINUTE).toISOString();
|
|
@@ -13025,6 +13032,17 @@ function authenticated_default(noAuthPatterns = [], opts = {
|
|
|
13025
13032
|
if (!authenticated) {
|
|
13026
13033
|
authenticated = false;
|
|
13027
13034
|
}
|
|
13035
|
+
if (user) {
|
|
13036
|
+
import_dd_trace3.default.setUser({
|
|
13037
|
+
id: user?._id,
|
|
13038
|
+
tenantId: user?.tenantId,
|
|
13039
|
+
admin: user?.admin,
|
|
13040
|
+
builder: user?.builder,
|
|
13041
|
+
budibaseAccess: user?.budibaseAccess,
|
|
13042
|
+
status: user?.status,
|
|
13043
|
+
roles: user?.roles
|
|
13044
|
+
});
|
|
13045
|
+
}
|
|
13028
13046
|
finalise(ctx, { authenticated, user, internal, version, publicEndpoint });
|
|
13029
13047
|
if (user && user.email) {
|
|
13030
13048
|
return doInUserContext(user, ctx, next);
|