@budibase/backend-core 3.2.5 → 3.2.7

package/src/users/events.ts

@@ -1,176 +0,0 @@
-import env from "../environment"
-import * as events from "../events"
-import * as accounts from "../accounts"
-import { getTenantId } from "../context"
-import { User, UserRoles, CloudAccount } from "@budibase/types"
-import { hasBuilderPermissions, hasAdminPermissions } from "./utils"
-
-export const handleDeleteEvents = async (user: any) => {
-  await events.user.deleted(user)
-
-  if (hasBuilderPermissions(user)) {
-    await events.user.permissionBuilderRemoved(user)
-  }
-
-  if (hasAdminPermissions(user)) {
-    await events.user.permissionAdminRemoved(user)
-  }
-}
-
-const assignAppRoleEvents = async (
-  user: User,
-  roles: UserRoles,
-  existingRoles: UserRoles
-) => {
-  for (const [appId, role] of Object.entries(roles)) {
-    // app role in existing is not same as new
-    if (!existingRoles || existingRoles[appId] !== role) {
-      await events.role.assigned(user, role)
-    }
-  }
-}
-
-const unassignAppRoleEvents = async (
-  user: User,
-  roles: UserRoles,
-  existingRoles: UserRoles
-) => {
-  if (!existingRoles) {
-    return
-  }
-  for (const [appId, role] of Object.entries(existingRoles)) {
-    // app role in new is not same as existing
-    if (!roles || roles[appId] !== role) {
-      await events.role.unassigned(user, role)
-    }
-  }
-}
-
-const handleAppRoleEvents = async (user: any, existingUser: any) => {
-  const roles = user.roles
-  const existingRoles = existingUser?.roles
-
-  await assignAppRoleEvents(user, roles, existingRoles)
-  await unassignAppRoleEvents(user, roles, existingRoles)
-}
-
-export const handleSaveEvents = async (
-  user: User,
-  existingUser: User | undefined
-) => {
-  const tenantId = getTenantId()
-  let tenantAccount: CloudAccount | undefined
-  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
-    tenantAccount = await accounts.getAccountByTenantId(tenantId)
-  }
-  await events.identification.identifyUser(user, tenantAccount)
-
-  if (existingUser) {
-    await events.user.updated(user)
-
-    if (isRemovingBuilder(user, existingUser)) {
-      await events.user.permissionBuilderRemoved(user)
-    }
-
-    if (isRemovingAdmin(user, existingUser)) {
-      await events.user.permissionAdminRemoved(user)
-    }
-
-    if (isOnboardingComplete(user, existingUser)) {
-      await events.user.onboardingComplete(user)
-    }
-
-    if (
-      !existingUser.forceResetPassword &&
-      user.forceResetPassword &&
-      user.password
-    ) {
-      await events.user.passwordForceReset(user)
-    }
-
-    if (user.password !== existingUser.password) {
-      await events.user.passwordUpdated(user)
-    }
-  } else {
-    await events.user.created(user)
-  }
-
-  if (isAddingBuilder(user, existingUser)) {
-    await events.user.permissionBuilderAssigned(user)
-  }
-
-  if (isAddingAdmin(user, existingUser)) {
-    await events.user.permissionAdminAssigned(user)
-  }
-
-  await handleAppRoleEvents(user, existingUser)
-}
-
-export const isAddingBuilder = (user: any, existingUser: any) => {
-  return isAddingPermission(user, existingUser, hasBuilderPermissions)
-}
-
-export const isRemovingBuilder = (user: any, existingUser: any) => {
-  return isRemovingPermission(user, existingUser, hasBuilderPermissions)
-}
-
-const isAddingAdmin = (user: any, existingUser: any) => {
-  return isAddingPermission(user, existingUser, hasAdminPermissions)
-}
-
-const isRemovingAdmin = (user: any, existingUser: any) => {
-  return isRemovingPermission(user, existingUser, hasAdminPermissions)
-}
-
-const isOnboardingComplete = (user: any, existingUser: any) => {
-  return !existingUser?.onboardedAt && typeof user.onboardedAt === "string"
-}
-
-/**
- * Check if a permission is being added to a new or existing user.
- */
-const isAddingPermission = (
-  user: any,
-  existingUser: any,
-  hasPermission: any
-) => {
-  // new user doesn't have the permission
-  if (!hasPermission(user)) {
-    return false
-  }
-
-  // existing user has the permission
-  if (existingUser && hasPermission(existingUser)) {
-    return false
-  }
-
-  // permission is being added
-  return true
-}
-
-/**
- * Check if a permission is being removed from an existing user.
- */
-const isRemovingPermission = (
-  user: any,
-  existingUser: any,
-  hasPermission: any
-) => {
-  // new user has the permission
-  if (hasPermission(user)) {
-    return false
-  }
-
-  // no existing user or existing user doesn't have the permission
-  if (!existingUser) {
-    return false
-  }
-
-  // existing user doesn't have the permission
-  if (!hasPermission(existingUser)) {
-    return false
-  }
-
-  // permission is being removed
-  return true
-}

package/src/users/index.ts

@@ -1,4 +0,0 @@
-export * from "./users"
-export * from "./utils"
-export * from "./lookup"
-export { UserDB } from "./db"

package/src/users/lookup.ts

@@ -1,99 +0,0 @@
-import {
-  AccountMetadata,
-  PlatformUser,
-  PlatformUserByEmail,
-  User,
-} from "@budibase/types"
-import * as dbUtils from "../db"
-import { ViewName } from "../constants"
-import { getExistingInvites } from "../cache/invite"
-
-/**
- * Apply a system-wide search on emails:
- * - in tenant
- * - cross tenant
- * - accounts
- * return an array of emails that match the supplied emails.
- */
-export async function searchExistingEmails(emails: string[]) {
-  let matchedEmails: string[] = []
-
-  const existingTenantUsers = await getExistingTenantUsers(emails)
-  matchedEmails.push(...existingTenantUsers.map(user => user.email))
-
-  const existingPlatformUsers = await getExistingPlatformUsers(emails)
-  matchedEmails.push(...existingPlatformUsers.map(user => user._id!))
-
-  const existingAccounts = await getExistingAccounts(emails)
-  matchedEmails.push(...existingAccounts.map(account => account.email))
-
-  const invitedEmails = await getExistingInvites(emails)
-  matchedEmails.push(...invitedEmails.map(invite => invite.email))
-
-  return [...new Set(matchedEmails.map(email => email.toLowerCase()))]
-}
-
-// lookup, could be email or userId, either will return a doc
-export async function getPlatformUsers(
-  identifier: string
-): Promise<PlatformUser[]> {
-  // use the view here and allow to find anyone regardless of casing
-  // Use lowercase to ensure email login is case insensitive
-  return await dbUtils.queryPlatformView(ViewName.PLATFORM_USERS_LOWERCASE, {
-    keys: [identifier.toLowerCase()],
-    include_docs: true,
-  })
-}
-
-export async function getFirstPlatformUser(
-  identifier: string
-): Promise<PlatformUser | null> {
-  const platformUserDocs = await getPlatformUsers(identifier)
-  return platformUserDocs[0] ?? null
-}
-
-export async function getExistingTenantUsers(
-  emails: string[]
-): Promise<User[]> {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-
-  const opts = {
-    arrayResponse: true,
-  }
-
-  return (await dbUtils.queryGlobalView(
-    ViewName.USER_BY_EMAIL,
-    params,
-    undefined,
-    opts
-  )) as User[]
-}
-
-export async function getExistingPlatformUsers(
-  emails: string[]
-): Promise<PlatformUserByEmail[]> {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-  return await dbUtils.queryPlatformView(
-    ViewName.PLATFORM_USERS_LOWERCASE,
-    params
-  )
-}
-
-export async function getExistingAccounts(
-  emails: string[]
-): Promise<AccountMetadata[]> {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-  return await dbUtils.queryPlatformView(ViewName.ACCOUNT_BY_EMAIL, params)
-}

package/src/users/test/db.spec.ts

@@ -1,188 +0,0 @@
-import { User, UserStatus } from "@budibase/types"
-import { DBTestConfiguration, generator, structures } from "../../../tests"
-import { UserDB } from "../db"
-import { searchExistingEmails } from "../lookup"
-
-const db = UserDB
-
-const config = new DBTestConfiguration()
-
-const quotas = {
-  addUsers: jest
-    .fn()
-    .mockImplementation(
-      (_change: number, _creatorsChange: number, cb?: () => Promise<any>) =>
-        cb && cb()
-    ),
-  removeUsers: jest
-    .fn()
-    .mockImplementation(
-      (_change: number, _creatorsChange: number, cb?: () => Promise<any>) =>
-        cb && cb()
-    ),
-}
-const groups = {
-  addUsers: jest.fn(),
-  getBulk: jest.fn(),
-  getGroupBuilderAppIds: jest.fn(),
-}
-const features = { isSSOEnforced: jest.fn(), isAppBuildersEnabled: jest.fn() }
-
-describe("UserDB", () => {
-  beforeAll(() => {
-    db.init(quotas, groups, features)
-  })
-
-  describe("save", () => {
-    describe("create", () => {
-      it("creating a new user will persist it", async () => {
-        const email = generator.email({})
-        const user: User = structures.users.user({
-          email,
-          tenantId: config.getTenantId(),
-        })
-
-        await config.doInTenant(async () => {
-          const saveUserResponse = await db.save(user)
-
-          const persistedUser = await db.getUserByEmail(email)
-          expect(persistedUser).toEqual({
-            ...user,
-            _id: saveUserResponse._id,
-            _rev: expect.stringMatching(/^1-\w+/),
-            password: expect.not.stringMatching(user.password!),
-            status: UserStatus.ACTIVE,
-            createdAt: Date.now(),
-            updatedAt: new Date().toISOString(),
-          })
-        })
-      })
-
-      it("the same email cannot be used twice in the same tenant", async () => {
-        const email = generator.email({})
-        const user: User = structures.users.user({
-          email,
-          tenantId: config.getTenantId(),
-        })
-
-        await config.doInTenant(() => db.save(user))
-
-        await config.doInTenant(() =>
-          expect(db.save(user)).rejects.toThrow(
-            `Email already in use: '${email}'`
-          )
-        )
-      })
-
-      it("the same email cannot be used twice in different tenants", async () => {
-        const email = generator.email({})
-        const user: User = structures.users.user({
-          email,
-          tenantId: config.getTenantId(),
-        })
-
-        await config.doInTenant(() => db.save(user))
-
-        config.newTenant()
-        await config.doInTenant(() =>
-          expect(db.save(user)).rejects.toThrow(
-            `Email already in use: '${email}'`
-          )
-        )
-      })
-    })
-
-    describe("update", () => {
-      let user: User
-
-      beforeEach(async () => {
-        user = await config.doInTenant(() =>
-          db.save(
-            structures.users.user({
-              email: generator.email({}),
-              tenantId: config.getTenantId(),
-            })
-          )
-        )
-      })
-
-      it("can update user properties", async () => {
-        await config.doInTenant(async () => {
-          const updatedName = generator.first()
-          user.firstName = updatedName
-
-          await db.save(user)
-
-          const persistedUser = await db.getUserByEmail(user.email)
-          expect(persistedUser).toEqual(
-            expect.objectContaining({
-              _id: user._id,
-              email: user.email,
-              firstName: updatedName,
-              lastName: user.lastName,
-            })
-          )
-        })
-      })
-
-      it("email cannot be updated by default", async () => {
-        await config.doInTenant(async () => {
-          await expect(
-            db.save({ ...user, email: generator.email({}) })
-          ).rejects.toThrow("Email address cannot be changed")
-        })
-      })
-
-      it("email can be updated if specified", async () => {
-        await config.doInTenant(async () => {
-          const newEmail = generator.email({})
-
-          await db.save(
-            { ...user, email: newEmail },
-            { allowChangingEmail: true }
-          )
-
-          const persistedUser = await db.getUserByEmail(newEmail)
-          expect(persistedUser).toEqual(
-            expect.objectContaining({
-              _id: user._id,
-              email: newEmail,
-              lastName: user.lastName,
-              _rev: expect.stringMatching(/^2-\w+/),
-            })
-          )
-        })
-      })
-
-      it("updating emails frees previous emails", async () => {
-        await config.doInTenant(async () => {
-          const previousEmail = user.email
-          const newEmail = generator.email({})
-          expect(await searchExistingEmails([previousEmail, newEmail])).toEqual(
-            [previousEmail]
-          )
-
-          await db.save(
-            { ...user, email: newEmail },
-            { allowChangingEmail: true }
-          )
-
-          expect(await searchExistingEmails([previousEmail, newEmail])).toEqual(
-            [newEmail]
-          )
-
-          await db.save(
-            structures.users.user({
-              email: previousEmail,
-              tenantId: config.getTenantId(),
-            })
-          )
-
-          expect(await searchExistingEmails([previousEmail, newEmail])).toEqual(
-            [previousEmail, newEmail]
-          )
-        })
-      })
-    })
-  })
-})

package/src/users/test/utils.spec.ts

@@ -1,67 +0,0 @@
-import { User, UserGroup } from "@budibase/types"
-import { generator, structures } from "../../../tests"
-import { DBTestConfiguration } from "../../../tests/extra"
-import { getGlobalDB } from "../../context"
-import { isCreator } from "../utils"
-
-const config = new DBTestConfiguration()
-
-describe("Users", () => {
-  it("User is a creator if it is configured as a global builder", async () => {
-    const user: User = structures.users.user({ builder: { global: true } })
-    expect(await isCreator(user)).toBe(true)
-  })
-
-  it("User is a creator if it is configured as a global admin", async () => {
-    const user: User = structures.users.user({ admin: { global: true } })
-    expect(await isCreator(user)).toBe(true)
-  })
-
-  it("User is a creator if it is configured with creator permission", async () => {
-    const user: User = structures.users.user({ builder: { creator: true } })
-    expect(await isCreator(user)).toBe(true)
-  })
-
-  it("User is a creator if it is a builder in some application", async () => {
-    const user: User = structures.users.user({ builder: { apps: ["app1"] } })
-    expect(await isCreator(user)).toBe(true)
-  })
-
-  it("User is a creator if it has CREATOR permission in some application", async () => {
-    const user: User = structures.users.user({ roles: { app1: "CREATOR" } })
-    expect(await isCreator(user)).toBe(true)
-  })
-
-  it("User is a creator if it has ADMIN permission in some application", async () => {
-    const user: User = structures.users.user({ roles: { app1: "ADMIN" } })
-    expect(await isCreator(user)).toBe(true)
-  })
-
-  it("User is a creator if it remains to a group with ADMIN permissions", async () => {
-    const usersInGroup = 10
-    const groupId = "gr_17abffe89e0b40268e755b952f101a59"
-    const group: UserGroup = {
-      ...structures.userGroups.userGroup(),
-      ...{ _id: groupId, roles: { app1: "ADMIN" } },
-    }
-    const users: User[] = []
-    for (let i = 0; i < usersInGroup; i++) {
-      const userId = `us_${generator.guid()}`
-      const user: User = structures.users.user({
-        _id: userId,
-        userGroups: [groupId],
-      })
-      users.push(user)
-    }
-
-    await config.doInTenant(async () => {
-      const db = getGlobalDB()
-      await db.put(group)
-      for (let user of users) {
-        await db.put(user)
-        const creator = await isCreator(user)
-        expect(creator).toBe(true)
-      }
-    })
-  })
-})