@budibase/worker 2.1.43-alpha.11 → 2.1.43-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (107) hide show
  1. package/coverage/clover.xml +386 -376
  2. package/coverage/coverage-final.json +9 -9
  3. package/coverage/lcov-report/index.html +23 -23
  4. package/coverage/lcov-report/src/api/controllers/global/auth.ts.html +1 -1
  5. package/coverage/lcov-report/src/api/controllers/global/configs.ts.html +1 -1
  6. package/coverage/lcov-report/src/api/controllers/global/email.ts.html +1 -1
  7. package/coverage/lcov-report/src/api/controllers/global/index.html +10 -10
  8. package/coverage/lcov-report/src/api/controllers/global/license.ts.html +1 -1
  9. package/coverage/lcov-report/src/api/controllers/global/roles.ts.html +1 -1
  10. package/coverage/lcov-report/src/api/controllers/global/self.ts.html +1 -1
  11. package/coverage/lcov-report/src/api/controllers/global/templates.ts.html +1 -1
  12. package/coverage/lcov-report/src/api/controllers/global/users.ts.html +14 -11
  13. package/coverage/lcov-report/src/api/controllers/global/workspaces.ts.html +1 -1
  14. package/coverage/lcov-report/src/api/controllers/system/accounts.ts.html +1 -1
  15. package/coverage/lcov-report/src/api/controllers/system/environment.ts.html +1 -1
  16. package/coverage/lcov-report/src/api/controllers/system/index.html +1 -1
  17. package/coverage/lcov-report/src/api/controllers/system/migrations.ts.html +1 -1
  18. package/coverage/lcov-report/src/api/controllers/system/restore.ts.html +1 -1
  19. package/coverage/lcov-report/src/api/controllers/system/status.ts.html +1 -1
  20. package/coverage/lcov-report/src/api/controllers/system/tenants.ts.html +1 -1
  21. package/coverage/lcov-report/src/api/index.html +1 -1
  22. package/coverage/lcov-report/src/api/index.ts.html +7 -7
  23. package/coverage/lcov-report/src/api/routes/global/auth.ts.html +1 -1
  24. package/coverage/lcov-report/src/api/routes/global/configs.ts.html +1 -1
  25. package/coverage/lcov-report/src/api/routes/global/email.ts.html +1 -1
  26. package/coverage/lcov-report/src/api/routes/global/index.html +1 -1
  27. package/coverage/lcov-report/src/api/routes/global/license.ts.html +1 -1
  28. package/coverage/lcov-report/src/api/routes/global/roles.ts.html +1 -1
  29. package/coverage/lcov-report/src/api/routes/global/self.ts.html +1 -1
  30. package/coverage/lcov-report/src/api/routes/global/templates.ts.html +1 -1
  31. package/coverage/lcov-report/src/api/routes/global/users.ts.html +3 -3
  32. package/coverage/lcov-report/src/api/routes/global/workspaces.ts.html +1 -1
  33. package/coverage/lcov-report/src/api/routes/index.html +1 -1
  34. package/coverage/lcov-report/src/api/routes/index.ts.html +1 -1
  35. package/coverage/lcov-report/src/api/routes/system/accounts.ts.html +1 -1
  36. package/coverage/lcov-report/src/api/routes/system/environment.ts.html +1 -1
  37. package/coverage/lcov-report/src/api/routes/system/index.html +1 -1
  38. package/coverage/lcov-report/src/api/routes/system/migrations.ts.html +1 -1
  39. package/coverage/lcov-report/src/api/routes/system/restore.ts.html +1 -1
  40. package/coverage/lcov-report/src/api/routes/system/status.ts.html +1 -1
  41. package/coverage/lcov-report/src/api/routes/system/tenants.ts.html +1 -1
  42. package/coverage/lcov-report/src/api/routes/validation/index.html +1 -1
  43. package/coverage/lcov-report/src/api/routes/validation/index.ts.html +1 -1
  44. package/coverage/lcov-report/src/api/routes/validation/users.ts.html +1 -1
  45. package/coverage/lcov-report/src/constants/index.html +1 -1
  46. package/coverage/lcov-report/src/constants/index.ts.html +1 -1
  47. package/coverage/lcov-report/src/constants/templates/index.html +1 -1
  48. package/coverage/lcov-report/src/constants/templates/index.ts.html +1 -1
  49. package/coverage/lcov-report/src/db/index.html +1 -1
  50. package/coverage/lcov-report/src/db/index.ts.html +1 -1
  51. package/coverage/lcov-report/src/environment.ts.html +2 -2
  52. package/coverage/lcov-report/src/index.html +1 -1
  53. package/coverage/lcov-report/src/index.ts.html +1 -1
  54. package/coverage/lcov-report/src/middleware/cloudRestricted.ts.html +1 -1
  55. package/coverage/lcov-report/src/middleware/index.html +1 -1
  56. package/coverage/lcov-report/src/migrations/functions/globalInfoSyncUsers.ts.html +1 -1
  57. package/coverage/lcov-report/src/migrations/functions/index.html +1 -1
  58. package/coverage/lcov-report/src/migrations/index.html +1 -1
  59. package/coverage/lcov-report/src/migrations/index.ts.html +1 -1
  60. package/coverage/lcov-report/src/sdk/accounts/accounts.ts.html +1 -1
  61. package/coverage/lcov-report/src/sdk/accounts/index.html +1 -1
  62. package/coverage/lcov-report/src/sdk/accounts/index.ts.html +1 -1
  63. package/coverage/lcov-report/src/sdk/index.html +1 -1
  64. package/coverage/lcov-report/src/sdk/index.ts.html +1 -1
  65. package/coverage/lcov-report/src/sdk/users/events.ts.html +43 -43
  66. package/coverage/lcov-report/src/sdk/users/index.html +22 -22
  67. package/coverage/lcov-report/src/sdk/users/index.ts.html +1 -1
  68. package/coverage/lcov-report/src/sdk/users/users.ts.html +112 -73
  69. package/coverage/lcov-report/src/tests/TestConfiguration.ts.html +12 -12
  70. package/coverage/lcov-report/src/tests/api/accounts.ts.html +1 -1
  71. package/coverage/lcov-report/src/tests/api/auth.ts.html +1 -1
  72. package/coverage/lcov-report/src/tests/api/base.ts.html +1 -1
  73. package/coverage/lcov-report/src/tests/api/configs.ts.html +1 -1
  74. package/coverage/lcov-report/src/tests/api/email.ts.html +1 -1
  75. package/coverage/lcov-report/src/tests/api/environment.ts.html +1 -1
  76. package/coverage/lcov-report/src/tests/api/index.html +5 -5
  77. package/coverage/lcov-report/src/tests/api/index.ts.html +1 -1
  78. package/coverage/lcov-report/src/tests/api/migrations.ts.html +1 -1
  79. package/coverage/lcov-report/src/tests/api/restore.ts.html +1 -1
  80. package/coverage/lcov-report/src/tests/api/self.ts.html +1 -1
  81. package/coverage/lcov-report/src/tests/api/status.ts.html +1 -1
  82. package/coverage/lcov-report/src/tests/api/tenants.ts.html +1 -1
  83. package/coverage/lcov-report/src/tests/api/users.ts.html +7 -7
  84. package/coverage/lcov-report/src/tests/controllers.ts.html +1 -1
  85. package/coverage/lcov-report/src/tests/index.html +1 -1
  86. package/coverage/lcov-report/src/tests/index.ts.html +1 -1
  87. package/coverage/lcov-report/src/tests/mocks/email.js.html +1 -1
  88. package/coverage/lcov-report/src/tests/mocks/index.html +1 -1
  89. package/coverage/lcov-report/src/tests/mocks/index.ts.html +1 -1
  90. package/coverage/lcov-report/src/tests/structures/configs.ts.html +1 -1
  91. package/coverage/lcov-report/src/tests/structures/groups.ts.html +1 -1
  92. package/coverage/lcov-report/src/tests/structures/index.html +1 -1
  93. package/coverage/lcov-report/src/tests/structures/index.ts.html +1 -1
  94. package/coverage/lcov-report/src/tests/structures/users.ts.html +1 -1
  95. package/coverage/lcov-report/src/utilities/appService.ts.html +5 -5
  96. package/coverage/lcov-report/src/utilities/email.ts.html +1 -1
  97. package/coverage/lcov-report/src/utilities/fileSystem.ts.html +1 -1
  98. package/coverage/lcov-report/src/utilities/index.html +1 -1
  99. package/coverage/lcov-report/src/utilities/index.ts.html +1 -1
  100. package/coverage/lcov-report/src/utilities/redis.ts.html +1 -1
  101. package/coverage/lcov-report/src/utilities/templates.ts.html +1 -1
  102. package/coverage/lcov-report/src/utilities/users.ts.html +1 -1
  103. package/coverage/lcov.info +659 -640
  104. package/package.json +6 -6
  105. package/src/api/controllers/global/users.ts +2 -1
  106. package/src/api/routes/global/tests/users.spec.ts +18 -1
  107. package/src/sdk/users/users.ts +28 -15
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@budibase/worker",
3
3
  "email": "hi@budibase.com",
4
- "version": "2.1.43-alpha.11",
4
+ "version": "2.1.43-alpha.13",
5
5
  "description": "Budibase background service",
6
6
  "main": "src/index.ts",
7
7
  "repository": {
@@ -36,10 +36,10 @@
36
36
  "author": "Budibase",
37
37
  "license": "GPL-3.0",
38
38
  "dependencies": {
39
- "@budibase/backend-core": "2.1.43-alpha.11",
40
- "@budibase/pro": "2.1.43-alpha.10",
41
- "@budibase/string-templates": "2.1.43-alpha.11",
42
- "@budibase/types": "2.1.43-alpha.11",
39
+ "@budibase/backend-core": "2.1.43-alpha.13",
40
+ "@budibase/pro": "2.1.43-alpha.12",
41
+ "@budibase/string-templates": "2.1.43-alpha.13",
42
+ "@budibase/types": "2.1.43-alpha.13",
43
43
  "@koa/router": "8.0.8",
44
44
  "@sentry/node": "6.17.7",
45
45
  "@techpass/passport-openidconnect": "0.3.2",
@@ -94,5 +94,5 @@
94
94
  "typescript": "4.7.3",
95
95
  "update-dotenv": "1.1.1"
96
96
  },
97
- "gitHead": "5e37b2273c6debb01054cca004421d99e2ae64ad"
97
+ "gitHead": "0e33c2a66ef7b1d3385d631edfc26eb1acbe30ab"
98
98
  }
@@ -24,7 +24,8 @@ const MAX_USERS_UPLOAD_LIMIT = 1000
24
24
 
25
25
  export const save = async (ctx: any) => {
26
26
  try {
27
- ctx.body = await sdk.users.save(ctx.request.body)
27
+ const currentUserId = ctx.user._id
28
+ ctx.body = await sdk.users.save(ctx.request.body, { currentUserId })
28
29
  } catch (err: any) {
29
30
  ctx.throw(err.status || 400, err)
30
31
  }
@@ -1,4 +1,4 @@
1
- import { InviteUsersResponse } from "@budibase/types"
1
+ import { InviteUsersResponse, User } from "@budibase/types"
2
2
 
3
3
  jest.mock("nodemailer")
4
4
  import {
@@ -298,6 +298,23 @@ describe("/api/global/users", () => {
298
298
  expect(events.user.passwordForceReset).not.toBeCalled()
299
299
  })
300
300
 
301
+ it("should not allow a user to update their own admin/builder status", async () => {
302
+ const user = (await config.api.users.getUser(config.defaultUser?._id!))
303
+ .body as User
304
+ await config.api.users.saveUser({
305
+ ...user,
306
+ admin: {
307
+ global: false,
308
+ },
309
+ builder: {
310
+ global: false,
311
+ },
312
+ })
313
+ const userOut = (await config.api.users.getUser(user._id!)).body
314
+ expect(userOut.admin.global).toBe(true)
315
+ expect(userOut.builder.global).toBe(true)
316
+ })
317
+
301
318
  it("should be able to force reset password", async () => {
302
319
  const user = await config.createUser()
303
320
  jest.clearAllMocks()
@@ -29,6 +29,7 @@ import {
29
29
  RowResponse,
30
30
  SearchUsersRequest,
31
31
  User,
32
+ ThirdPartyUser,
32
33
  } from "@budibase/types"
33
34
  import { sendEmail } from "../../utilities/email"
34
35
  import { EmailTemplatePurpose } from "../../constants"
@@ -103,13 +104,14 @@ export const getUser = async (userId: string) => {
103
104
  return user
104
105
  }
105
106
 
106
- interface SaveUserOpts {
107
+ export interface SaveUserOpts {
107
108
  hashPassword?: boolean
108
109
  requirePassword?: boolean
110
+ currentUserId?: string
109
111
  }
110
112
 
111
113
  const buildUser = async (
112
- user: User,
114
+ user: User | ThirdPartyUser,
113
115
  opts: SaveUserOpts = {
114
116
  hashPassword: true,
115
117
  requirePassword: true,
@@ -117,7 +119,8 @@ const buildUser = async (
117
119
  tenantId: string,
118
120
  dbUser?: any
119
121
  ): Promise<User> => {
120
- let { password, _id } = user
122
+ let fullUser = user as User
123
+ let { password, _id } = fullUser
121
124
 
122
125
  let hashedPassword
123
126
  if (password) {
@@ -130,24 +133,24 @@ const buildUser = async (
130
133
 
131
134
  _id = _id || dbUtils.generateGlobalUserID()
132
135
 
133
- user = {
136
+ fullUser = {
134
137
  createdAt: Date.now(),
135
138
  ...dbUser,
136
- ...user,
139
+ ...fullUser,
137
140
  _id,
138
141
  password: hashedPassword,
139
142
  tenantId,
140
143
  }
141
144
  // make sure the roles object is always present
142
- if (!user.roles) {
143
- user.roles = {}
145
+ if (!fullUser.roles) {
146
+ fullUser.roles = {}
144
147
  }
145
148
  // add the active status to a user if its not provided
146
- if (user.status == null) {
147
- user.status = constants.UserStatus.ACTIVE
149
+ if (fullUser.status == null) {
150
+ fullUser.status = constants.UserStatus.ACTIVE
148
151
  }
149
152
 
150
- return user
153
+ return fullUser
151
154
  }
152
155
 
153
156
  const validateUniqueUser = async (email: string, tenantId: string) => {
@@ -169,12 +172,16 @@ const validateUniqueUser = async (email: string, tenantId: string) => {
169
172
  }
170
173
 
171
174
  export const save = async (
172
- user: User,
173
- opts: SaveUserOpts = {
174
- hashPassword: true,
175
- requirePassword: true,
176
- }
175
+ user: User | ThirdPartyUser,
176
+ opts: SaveUserOpts = {}
177
177
  ): Promise<CreateUserResponse> => {
178
+ // default booleans to true
179
+ if (opts.hashPassword == null) {
180
+ opts.hashPassword = true
181
+ }
182
+ if (opts.requirePassword == null) {
183
+ opts.requirePassword = true
184
+ }
178
185
  const tenantId = tenancy.getTenantId()
179
186
  const db = tenancy.getGlobalDB()
180
187
 
@@ -213,6 +220,12 @@ export const save = async (
213
220
  await validateUniqueUser(email, tenantId)
214
221
 
215
222
  let builtUser = await buildUser(user, opts, tenantId, dbUser)
223
+ // don't allow a user to update its own roles/perms
224
+ if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
225
+ builtUser.builder = dbUser.builder
226
+ builtUser.admin = dbUser.admin
227
+ builtUser.roles = dbUser.roles
228
+ }
216
229
 
217
230
  // make sure we set the _id field for a new user
218
231
  // Also if this is a new user, associate groups with them