@budibase/worker 2.13.51 → 2.13.53

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "2.13.51",
+  "version": "2.13.53",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -37,10 +37,10 @@
   "author": "Budibase",
   "license": "GPL-3.0",
   "dependencies": {
-    "@budibase/backend-core": "2.13.51",
-    "@budibase/pro": "2.13.51",
-    "@budibase/string-templates": "2.13.51",
-    "@budibase/types": "2.13.51",
+    "@budibase/backend-core": "2.13.53",
+    "@budibase/pro": "2.13.53",
+    "@budibase/string-templates": "2.13.53",
+    "@budibase/types": "2.13.53",
     "@koa/router": "8.0.8",
     "@techpass/passport-openidconnect": "0.3.2",
     "@types/global-agent": "2.1.1",
@@ -107,5 +107,5 @@
       }
     }
   },
-  "gitHead": "de9602636388e8008fea9001494a816d5fc387e8"
+  "gitHead": "fdca8d1da7a9fd7ccd26a0aca8c19da4699325d3"
 }

package/scripts/dev/manage.js

@@ -30,6 +30,7 @@ async function init() {
     ENABLE_EMAIL_TEST_MODE: "1",
     HTTP_LOGGING: "0",
     VERSION: "0.0.0+local",
+    PASSWORD_MIN_LENGTH: "1",
   }
 
   config = { ...config, ...existingConfig }

package/src/api/controllers/global/auth.ts

@@ -122,10 +122,10 @@ export const resetUpdate = async (ctx: Ctx<PasswordResetUpdateRequest>) => {
     ctx.body = {
       message: "password reset successfully.",
     }
-  } catch (err) {
+  } catch (err: any) {
     console.warn(err)
     // hide any details of the error for security
-    ctx.throw(400, "Cannot reset password.")
+    ctx.throw(400, err.message || "Cannot reset password.")
   }
 }
 

package/src/api/routes/global/tests/auth.spec.ts

@@ -229,7 +229,7 @@ describe("/api/global/auth", () => {
           )
 
           expect(res.body).toEqual({
-            message: "Cannot reset password.",
+            message: "Password change is disabled for this user",
             status: 400,
           })
         }
@@ -261,8 +261,12 @@ describe("/api/global/auth", () => {
             )
 
             // convert to account owner now that password has been requested
-            const account = structures.accounts.ssoAccount() as CloudAccount
-            mocks.accounts.getAccount.mockReturnValueOnce(
+            const account: CloudAccount = {
+              ...structures.accounts.ssoAccount(),
+              budibaseUserId: "budibaseUserId",
+              email: user.email,
+            }
+            mocks.accounts.getAccountByTenantId.mockReturnValueOnce(
               Promise.resolve(account)
             )
 

package/src/api/routes/global/tests/scim.spec.ts

@@ -1,6 +1,6 @@
 import tk from "timekeeper"
 import _ from "lodash"
-import { mocks, structures } from "@budibase/backend-core/tests"
+import { generator, mocks, structures } from "@budibase/backend-core/tests"
 import {
   ScimCreateUserRequest,
   ScimGroupResponse,
@@ -14,9 +14,14 @@ import { events } from "@budibase/backend-core"
 jest.retryTimes(2, { logErrorsBeforeRetry: true })
 jest.setTimeout(30000)
 
-mocks.licenses.useScimIntegration()
-
 describe("scim", () => {
+  beforeAll(async () => {
+    tk.freeze(mocks.date.MOCK_DATE)
+    mocks.licenses.useScimIntegration()
+
+    await config.setSCIMConfig(true)
+  })
+
   beforeEach(async () => {
     jest.resetAllMocks()
     tk.freeze(mocks.date.MOCK_DATE)
@@ -570,8 +575,15 @@ describe("scim", () => {
         beforeAll(async () => {
           groups = []
 
-          for (let i = 0; i < groupCount; i++) {
-            const body = structures.scim.createGroupRequest()
+          const groupNames = generator.unique(
+            () => generator.word(),
+            groupCount
+          )
+
+          for (const groupName of groupNames) {
+            const body = structures.scim.createGroupRequest({
+              displayName: groupName,
+            })
             groups.push(await config.api.scimGroupsAPI.post({ body }))
           }
 

package/src/sdk/auth/auth.ts

@@ -79,6 +79,9 @@ export const resetUpdate = async (resetCode: string, password: string) => {
   user.password = password
   user = await userSdk.db.save(user)
 
+  await cache.passwordReset.invalidateCode(resetCode)
+  await sessions.invalidateSessions(userId)
+
   // remove password from the user before sending events
   delete user.password
   await events.user.passwordReset(user)

package/src/sdk/auth/tests/auth.spec.ts

@@ -0,0 +1,70 @@
+import { cache, context, sessions, utils } from "@budibase/backend-core"
+import { loginUser, resetUpdate } from "../auth"
+import { generator, structures } from "@budibase/backend-core/tests"
+import { TestConfiguration } from "../../../tests"
+
+describe("auth", () => {
+  const config = new TestConfiguration()
+
+  describe("resetUpdate", () => {
+    it("providing a valid code will update the password", async () => {
+      await context.doInTenant(structures.tenant.id(), async () => {
+        const user = await config.createUser()
+        const previousPassword = user.password
+
+        const code = await cache.passwordReset.createCode(user._id!, {})
+        const newPassword = generator.hash()
+
+        await resetUpdate(code, newPassword)
+
+        const persistedUser = await config.getUser(user.email)
+        expect(persistedUser.password).not.toBe(previousPassword)
+        expect(
+          await utils.compare(newPassword, persistedUser.password!)
+        ).toBeTruthy()
+      })
+    })
+
+    it("wrong code will not allow to reset the password", async () => {
+      await context.doInTenant(structures.tenant.id(), async () => {
+        const code = generator.hash()
+        const newPassword = generator.hash()
+
+        await expect(resetUpdate(code, newPassword)).rejects.toThrow(
+          "Provided information is not valid, cannot reset password - please try again."
+        )
+      })
+    })
+
+    it("the same code cannot be used twice", async () => {
+      await context.doInTenant(structures.tenant.id(), async () => {
+        const user = await config.createUser()
+
+        const code = await cache.passwordReset.createCode(user._id!, {})
+        const newPassword = generator.hash()
+
+        await resetUpdate(code, newPassword)
+        await expect(resetUpdate(code, newPassword)).rejects.toThrow(
+          "Provided information is not valid, cannot reset password - please try again."
+        )
+      })
+    })
+
+    it("updating the password will invalidate all the sessions", async () => {
+      await context.doInTenant(structures.tenant.id(), async () => {
+        const user = await config.createUser()
+
+        await loginUser(user)
+
+        expect(await sessions.getSessionsForUser(user._id!)).toHaveLength(1)
+
+        const code = await cache.passwordReset.createCode(user._id!, {})
+        const newPassword = generator.hash()
+
+        await resetUpdate(code, newPassword)
+
+        expect(await sessions.getSessionsForUser(user._id!)).toHaveLength(0)
+      })
+    })
+  })
+})

package/src/sdk/users/tests/users.spec.ts

@@ -1,6 +1,5 @@
 import { structures, mocks } from "../../../tests"
 import { env, context } from "@budibase/backend-core"
-import * as users from "../users"
 import { db as userDb } from "../"
 import { CloudAccount } from "@budibase/types"
 

package/src/tests/TestConfiguration.ts

@@ -45,7 +45,7 @@ class TestConfiguration {
   tenantId: string
   user?: User
   apiKey?: string
-  userPassword = "test"
+  userPassword = "password"
 
   constructor(opts: { openServer: boolean } = { openServer: true }) {
     // default to cloud hosting

package/src/tests/api/users.ts

@@ -101,7 +101,7 @@ export class UserAPI extends TestAPI {
     if (!request) {
       request = {
         email: structures.email(),
-        password: generator.string(),
+        password: generator.string({ length: 8 }),
         tenantId: structures.tenant.id(),
       }
     }