@budibase/worker 2.22.11 → 2.22.13

package/jest.config.ts

@@ -2,7 +2,7 @@ import { Config } from "@jest/types"
 import * as fs from "fs"
 
 const config: Config.InitialOptions = {
-  preset: "@trendyol/jest-testcontainers",
+  globalSetup: "./../../globalSetup.ts",
   setupFiles: ["./src/tests/jestEnv.ts"],
   setupFilesAfterEnv: ["./src/tests/jestSetup.ts"],
   collectCoverageFrom: ["src/**/*.{js,ts}", "../backend-core/src/**/*.{js,ts}"],

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "2.22.11",
+  "version": "2.22.13",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -37,10 +37,10 @@
   "author": "Budibase",
   "license": "GPL-3.0",
   "dependencies": {
-    "@budibase/backend-core": "2.22.11",
-    "@budibase/pro": "2.22.11",
-    "@budibase/string-templates": "2.22.11",
-    "@budibase/types": "2.22.11",
+    "@budibase/backend-core": "2.22.13",
+    "@budibase/pro": "2.22.13",
+    "@budibase/string-templates": "2.22.13",
+    "@budibase/types": "2.22.13",
     "@koa/router": "8.0.8",
     "@techpass/passport-openidconnect": "0.3.2",
     "@types/global-agent": "2.1.1",
@@ -75,7 +75,6 @@
   "devDependencies": {
     "@swc/core": "1.3.71",
     "@swc/jest": "0.2.27",
-    "@trendyol/jest-testcontainers": "2.1.1",
     "@types/jest": "29.5.5",
     "@types/jsonwebtoken": "9.0.3",
     "@types/koa": "2.13.4",
@@ -86,6 +85,7 @@
     "@types/supertest": "2.0.14",
     "@types/uuid": "8.3.4",
     "jest": "29.7.0",
+    "nock": "^13.5.4",
     "nodemon": "2.0.15",
     "rimraf": "3.0.2",
     "supertest": "6.3.3",
@@ -108,5 +108,5 @@
       }
     }
   },
-  "gitHead": "7aa98dd5445fa3a34c0fe3ffabc27dd3f20f0826"
+  "gitHead": "a8479c046fc0ccb320f5f128aafeb9421dde5db5"
 }

package/src/api/controllers/global/users.ts

@@ -3,6 +3,7 @@ import env from "../../../environment"
 import {
   AcceptUserInviteRequest,
   AcceptUserInviteResponse,
+  AddSSoUserRequest,
   BulkUserRequest,
   BulkUserResponse,
   CloudAccount,
@@ -15,6 +16,7 @@ import {
   LockName,
   LockType,
   MigrationType,
+  PlatformUserByEmail,
   SaveUserResponse,
   SearchUsersRequest,
   User,
@@ -53,6 +55,25 @@ export const save = async (ctx: UserCtx<User, SaveUserResponse>) => {
   }
 }
 
+export const addSsoSupport = async (ctx: Ctx<AddSSoUserRequest>) => {
+  const { email, ssoId } = ctx.request.body
+  try {
+    // Status is changed to 404 from getUserDoc if user is not found
+    let userByEmail = (await platform.users.getUserDoc(
+      email
+    )) as PlatformUserByEmail
+    await platform.users.addSsoUser(
+      ssoId,
+      email,
+      userByEmail.userId,
+      userByEmail.tenantId
+    )
+    ctx.status = 200
+  } catch (err: any) {
+    ctx.throw(err.status || 400, err)
+  }
+}
+
 const bulkDelete = async (userIds: string[], currentUserId: string) => {
   if (userIds?.indexOf(currentUserId) !== -1) {
     throw new Error("Unable to delete self.")
@@ -127,8 +148,8 @@ export const adminUser = async (
     try {
       const finalUser = await userSdk.db.createAdminUser(
         email,
-        password,
         tenantId,
+        password,
         {
           ssoId,
           hashPassword,

package/src/api/index.ts

@@ -41,6 +41,10 @@ const PUBLIC_ENDPOINTS = [
     route: "/api/global/users/init",
     method: "POST",
   },
+  {
+    route: "/api/global/users/sso",
+    method: "POST",
+  },
   {
     route: "/api/global/users/invite/accept",
     method: "POST",
@@ -81,6 +85,11 @@ const NO_TENANCY_ENDPOINTS = [
     route: "/api/global/users/init",
     method: "POST",
   },
+  // tenant is retrieved from the user found by the requested email
+  {
+    route: "/api/global/users/sso",
+    method: "POST",
+  },
   // deprecated single tenant sso callback
   {
     route: "/api/admin/auth/google/callback",

package/src/api/routes/global/tests/auth.spec.ts

@@ -13,6 +13,8 @@ import { events, constants } from "@budibase/backend-core"
 import { Response } from "superagent"
 
 import * as userSdk from "../../../../sdk/users"
+import nock from "nock"
+import * as jwt from "jsonwebtoken"
 
 function getAuthCookie(response: Response) {
   return response.headers["set-cookie"]
@@ -274,45 +276,9 @@ describe("/api/global/auth", () => {
     })
   })
 
-  describe("init", () => {
-    describe("POST /api/global/auth/init", () => {})
-
-    describe("GET /api/global/auth/init", () => {})
-  })
-
-  describe("datasource", () => {
-    // MULTI TENANT
-
-    describe("GET /api/global/auth/:tenantId/datasource/:provider", () => {})
-
-    describe("GET /api/global/auth/:tenantId/datasource/:provider/callback", () => {})
-
-    // SINGLE TENANT
-
-    describe("GET /api/global/auth/datasource/:provider/callback", () => {})
-  })
-
-  describe("google", () => {
-    // MULTI TENANT
-
-    describe("GET /api/global/auth/:tenantId/google", () => {})
-
-    describe("GET /api/global/auth/:tenantId/google/callback", () => {})
-
-    // SINGLE TENANT
-
-    describe("GET /api/global/auth/google/callback", () => {})
-
-    describe("GET /api/admin/auth/google/callback", () => {})
-  })
-
   describe("oidc", () => {
-    beforeEach(async () => {
-      jest.clearAllMocks()
-      mockGetWellKnownConfig()
-
-      // see: __mocks__/oauth
-      // for associated mocking inside passport
+    afterEach(() => {
+      nock.cleanAll()
     })
 
     const generateOidcConfig = async () => {
@@ -321,21 +287,16 @@ describe("/api/global/auth", () => {
       return chosenConfig.uuid
     }
 
-    const mockGetWellKnownConfig = () => {
-      mocks.fetch.mockReturnValue({
-        ok: true,
-        json: () => ({
+    // MULTI TENANT
+    describe("GET /api/global/auth/:tenantId/oidc/configs/:configId", () => {
+      it("redirects to auth provider", async () => {
+        nock("http://someconfigurl").get("/").times(1).reply(200, {
           issuer: "test",
           authorization_endpoint: "http://localhost/auth",
           token_endpoint: "http://localhost/token",
           userinfo_endpoint: "http://localhost/userinfo",
-        }),
-      })
-    }
+        })
 
-    // MULTI TENANT
-    describe("GET /api/global/auth/:tenantId/oidc/configs/:configId", () => {
-      it("redirects to auth provider", async () => {
         const configId = await generateOidcConfig()
 
         const res = await config.api.configs.getOIDCConfig(configId)
@@ -352,10 +313,43 @@ describe("/api/global/auth", () => {
 
     describe("GET /api/global/auth/:tenantId/oidc/callback", () => {
       it("logs in", async () => {
+        nock("http://someconfigurl").get("/").times(2).reply(200, {
+          issuer: "test",
+          authorization_endpoint: "http://localhost/auth",
+          token_endpoint: "http://localhost/token",
+          userinfo_endpoint: "http://localhost/userinfo",
+        })
+
+        const token = jwt.sign(
+          {
+            iss: "test",
+            sub: "sub",
+            aud: "clientId",
+            exp: Math.floor(Date.now() / 1000) + 60 * 60,
+            email: "oauth@example.com",
+          },
+          "secret"
+        )
+
+        nock("http://localhost").post("/token").reply(200, {
+          access_token: "access",
+          refresh_token: "refresh",
+          id_token: token,
+        })
+
+        nock("http://localhost").get("/userinfo?schema=openid").reply(200, {
+          sub: "sub",
+          email: "oauth@example.com",
+        })
+
         const configId = await generateOidcConfig()
         const preAuthRes = await config.api.configs.getOIDCConfig(configId)
-
         const res = await config.api.configs.OIDCCallback(configId, preAuthRes)
+        if (res.status > 399) {
+          throw new Error(
+            `OIDC callback failed with status ${res.status}: ${res.text}`
+          )
+        }
 
         expect(events.auth.login).toHaveBeenCalledWith(
           "oidc",

package/src/api/routes/global/tests/users.spec.ts

@@ -520,10 +520,51 @@ describe("/api/global/users", () => {
         })
       }
 
+      function createPasswordUser() {
+        return config.doInTenant(() => {
+          const user = structures.users.user()
+          return userSdk.db.save(user)
+        })
+      }
+
       it("should be able to update an sso user that has no password", async () => {
         const user = await createSSOUser()
         await config.api.users.saveUser(user)
       })
+
+      it("sso support couldn't be used by admin. It is cloud restricted and needs internal key", async () => {
+        const user = await config.createUser()
+        const ssoId = "fake-ssoId"
+        await config.api.users
+          .addSsoSupportDefaultAuth(ssoId, user.email)
+          .expect("Content-Type", /json/)
+          .expect(403)
+      })
+
+      it("if user email doesn't exist, SSO support couldn't be added. Not found error returned", async () => {
+        const ssoId = "fake-ssoId"
+        const email = "fake-email@budibase.com"
+        await config.api.users
+          .addSsoSupportInternalAPIAuth(ssoId, email)
+          .expect("Content-Type", /json/)
+          .expect(404)
+      })
+
+      it("if user email exist, SSO support is added", async () => {
+        const user = await createPasswordUser()
+        const ssoId = "fakessoId"
+        await config.api.users
+          .addSsoSupportInternalAPIAuth(ssoId, user.email)
+          .expect(200)
+      })
+
+      it("if user ssoId is already assigned, no change will be applied", async () => {
+        const user = await createSSOUser()
+        user.ssoId = "testssoId"
+        await config.api.users
+          .addSsoSupportInternalAPIAuth(user.ssoId, user.email)
+          .expect(200)
+      })
     })
   })
 

package/src/api/routes/global/users.ts

@@ -7,12 +7,13 @@ import { users } from "../validation"
 import * as selfController from "../../controllers/global/self"
 
 const router: Router = new Router()
+const OPTIONAL_STRING = Joi.string().optional().allow(null).allow("")
 
 function buildAdminInitValidation() {
   return auth.joiValidator.body(
     Joi.object({
       email: Joi.string().required(),
-      password: Joi.string(),
+      password: OPTIONAL_STRING,
       tenantId: Joi.string().required(),
       ssoId: Joi.string(),
     })
@@ -64,6 +65,12 @@ router
     users.buildUserSaveValidation(),
     controller.save
   )
+  .post(
+    "/api/global/users/sso",
+    cloudRestricted,
+    users.buildAddSsoSupport(),
+    controller.addSsoSupport
+  )
   .post(
     "/api/global/users/bulk",
     auth.adminOnly,

package/src/api/routes/validation/users.ts

@@ -41,6 +41,15 @@ export const buildUserSaveValidation = () => {
   return auth.joiValidator.body(Joi.object(schema).required().unknown(true))
 }
 
+export const buildAddSsoSupport = () => {
+  return auth.joiValidator.body(
+    Joi.object({
+      ssoId: Joi.string().required(),
+      email: Joi.string().required(),
+    }).required()
+  )
+}
+
 export const buildUserBulkUserValidation = (isSelf = false) => {
   if (!isSelf) {
     schema = {

package/src/tests/api/users.ts

@@ -127,6 +127,20 @@ export class UserAPI extends TestAPI {
       .expect(status ? status : 200)
   }
 
+  addSsoSupportInternalAPIAuth = (ssoId: string, email: string) => {
+    return this.request
+      .post(`/api/global/users/sso`)
+      .send({ ssoId, email })
+      .set(this.config.internalAPIHeaders())
+  }
+
+  addSsoSupportDefaultAuth = (ssoId: string, email: string) => {
+    return this.request
+      .post(`/api/global/users/sso`)
+      .send({ ssoId, email })
+      .set(this.config.defaultHeaders())
+  }
+
   deleteUser = (userId: string, status?: number) => {
     return this.request
       .delete(`/api/global/users/${userId}`)

package/src/tests/jestEnv.ts

@@ -11,3 +11,5 @@ process.env.INTERNAL_API_KEY = "tet"
 process.env.DISABLE_ACCOUNT_PORTAL = "0"
 process.env.MOCK_REDIS = "1"
 process.env.BUDIBASE_VERSION = "0.0.0+jest"
+process.env.COUCH_DB_PASSWORD = "budibase"
+process.env.COUCH_DB_USER = "budibase"

package/.vscode/launch.json

@@ -1,142 +0,0 @@
-{
-    // Use IntelliSense to learn about possible attributes.
-    // Hover to view descriptions of existing attributes.
-    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-    "version": "0.2.0",
-    "configurations": [
-      {
-        "name": "Start Server",
-        "type": "node",
-        "request": "launch",
-        "runtimeExecutable": "node",
-        "runtimeArgs": ["--nolazy", "-r", "ts-node/register/transpile-only"],
-        "args": ["src/index.ts"],
-        "cwd": "${workspaceRoot}",
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - All",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": [],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - Users",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["user.spec", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - Instances",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["instance.spec", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - Roles",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["role.spec", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - Records",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["record.spec", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - Models",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["table.spec", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - Views",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["view.spec", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest - Applications",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["application.spec", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Jest Builder",
-        "program": "${workspaceFolder}/node_modules/.bin/jest",
-        "args": ["builder", "--runInBand"],
-        "console": "integratedTerminal",
-        "internalConsoleOptions": "neverOpen",
-        "disableOptimisticBPs": true,
-        "windows": {
-            "program": "${workspaceFolder}/node_modules/jest-cli/bin/jest",
-        }
-      },
-      {
-        "type": "node",
-        "request": "launch",
-        "name": "Initialise Budibase",
-        "program": "yarn",
-        "args": ["run", "initialise"],
-        "console": "externalTerminal" 
-      }
-    ]
-}

package/__mocks__/aws-sdk.ts

@@ -1,15 +0,0 @@
-const mockS3 = {
-  headBucket: jest.fn().mockReturnThis(),
-  deleteObject: jest.fn().mockReturnThis(),
-  deleteObjects: jest.fn().mockReturnThis(),
-  createBucket: jest.fn().mockReturnThis(),
-  listObjects: jest.fn().mockReturnThis(),
-  promise: jest.fn().mockReturnThis(),
-  catch: jest.fn(),
-}
-
-const AWS = {
-  S3: jest.fn(() => mockS3),
-}
-
-export default AWS

package/__mocks__/node-fetch.ts

@@ -1,23 +0,0 @@
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-module FetchMock {
-  const fetch = jest.requireActual("node-fetch")
-
-  const func = async (url: any, opts: any) => {
-    if (url.includes("http://someconfigurl")) {
-      return {
-        ok: true,
-        json: () => ({
-          issuer: "test",
-          authorization_endpoint: "http://localhost/auth",
-          token_endpoint: "http://localhost/token",
-          userinfo_endpoint: "http://localhost/userinfo",
-        }),
-      }
-    }
-    return fetch(url, opts)
-  }
-
-  func.Headers = fetch.Headers
-
-  module.exports = func
-}

package/__mocks__/oauth.ts

@@ -1,57 +0,0 @@
-import * as jwt from "jsonwebtoken"
-
-const mockOAuth2 = {
-  getOAuthAccessToken: (code: string, p: any, cb: any) => {
-    const err = null
-    const accessToken = "access_token"
-    const refreshToken = "refresh_token"
-
-    const exp = new Date()
-    exp.setDate(exp.getDate() + 1)
-
-    const iat = new Date()
-    iat.setDate(iat.getDate() - 1)
-
-    const claims = {
-      iss: "test",
-      sub: "sub",
-      aud: "clientId",
-      exp: exp.getTime() / 1000,
-      iat: iat.getTime() / 1000,
-      email: "oauth@example.com",
-    }
-
-    const idToken = jwt.sign(claims, "secret")
-
-    const params = {
-      id_token: idToken,
-    }
-    return cb(err, accessToken, refreshToken, params)
-  },
-  _request: (
-    method: string,
-    url: string,
-    headers: any,
-    postBody: any,
-    accessToken: string,
-    cb: any
-  ) => {
-    const err = null
-    const body = {
-      sub: "sub",
-      user_id: "userId",
-      name: "OAuth",
-      family_name: "2",
-      given_name: "OAuth",
-      middle_name: "",
-    }
-    const res = {}
-    return cb(err, JSON.stringify(body), res)
-  },
-}
-
-const oauth = {
-  OAuth2: jest.fn(() => mockOAuth2),
-}
-
-export = oauth

package/jest-testcontainers-config.js

@@ -1,8 +0,0 @@
-const { join } = require("path")
-require("dotenv").config({
-  path: join(__dirname, "..", "..", "hosting", ".env"),
-})
-
-const jestTestcontainersConfigGenerator = require("../../jestTestcontainersConfigGenerator")
-
-module.exports = jestTestcontainersConfigGenerator()