@budibase/worker 2.5.0 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@budibase/worker",
3
3
  "email": "hi@budibase.com",
4
- "version": "2.5.0",
4
+ "version": "2.5.1",
5
5
  "description": "Budibase background service",
6
6
  "main": "src/index.ts",
7
7
  "repository": {
@@ -36,10 +36,10 @@
36
36
  "author": "Budibase",
37
37
  "license": "GPL-3.0",
38
38
  "dependencies": {
39
- "@budibase/backend-core": "^2.5.0",
40
- "@budibase/pro": "2.4.44",
41
- "@budibase/string-templates": "^2.5.0",
42
- "@budibase/types": "^2.5.0",
39
+ "@budibase/backend-core": "^2.5.1",
40
+ "@budibase/pro": "2.5.0",
41
+ "@budibase/string-templates": "^2.5.1",
42
+ "@budibase/types": "^2.5.1",
43
43
  "@koa/router": "8.0.8",
44
44
  "@sentry/node": "6.17.7",
45
45
  "@techpass/passport-openidconnect": "0.3.2",
@@ -101,5 +101,5 @@
101
101
  "typescript": "4.7.3",
102
102
  "update-dotenv": "1.1.1"
103
103
  },
104
- "gitHead": "aa8ddde74c69b49755866666204c79a27c6c8a2c"
104
+ "gitHead": "2726f2a3fa10e66838f89d8d35d974bd6420a114"
105
105
  }
@@ -126,9 +126,8 @@ describe("/api/global/auth", () => {
126
126
  it("should prevent user from logging in", async () => {
127
127
  user = await config.createUser()
128
128
  const account = structures.accounts.ssoAccount() as CloudAccount
129
- mocks.accounts.getAccount.mockReturnValueOnce(
130
- Promise.resolve(account)
131
- )
129
+ account.email = user.email
130
+ mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
132
131
 
133
132
  await testSSOUser()
134
133
  })
@@ -186,9 +185,8 @@ describe("/api/global/auth", () => {
186
185
  it("should prevent user from generating password reset email", async () => {
187
186
  user = await config.createUser(structures.users.user())
188
187
  const account = structures.accounts.ssoAccount() as CloudAccount
189
- mocks.accounts.getAccount.mockReturnValueOnce(
190
- Promise.resolve(account)
191
- )
188
+ account.email = user.email
189
+ mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
192
190
 
193
191
  await testSSOUser()
194
192
  })
@@ -1,6 +1,6 @@
1
1
  import { structures } from "../../../tests"
2
2
  import { mocks } from "@budibase/backend-core/tests"
3
- import { env } from "@budibase/backend-core"
3
+ import { env, context } from "@budibase/backend-core"
4
4
  import * as users from "../users"
5
5
  import { CloudAccount } from "@budibase/types"
6
6
  import { isPreventPasswordActions } from "../users"
@@ -16,32 +16,50 @@ describe("users", () => {
16
16
 
17
17
  describe("isPreventPasswordActions", () => {
18
18
  it("returns false for non sso user", async () => {
19
- const user = structures.users.user()
20
- const result = await users.isPreventPasswordActions(user)
21
- expect(result).toBe(false)
19
+ await context.doInTenant(structures.tenant.id(), async () => {
20
+ const user = structures.users.user()
21
+ const result = await users.isPreventPasswordActions(user)
22
+ expect(result).toBe(false)
23
+ })
22
24
  })
23
25
 
24
26
  it("returns true for sso account user", async () => {
25
- const user = structures.users.user()
26
- mocks.accounts.getAccount.mockReturnValue(
27
- Promise.resolve(structures.accounts.ssoAccount() as CloudAccount)
28
- )
29
- const result = await users.isPreventPasswordActions(user)
30
- expect(result).toBe(true)
27
+ await context.doInTenant(structures.tenant.id(), async () => {
28
+ const user = structures.users.user()
29
+ const account = structures.accounts.ssoAccount() as CloudAccount
30
+ account.email = user.email
31
+ mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
32
+ const result = await users.isPreventPasswordActions(user)
33
+ expect(result).toBe(true)
34
+ })
35
+ })
36
+
37
+ it("returns false when account doesn't match user email", async () => {
38
+ await context.doInTenant(structures.tenant.id(), async () => {
39
+ const user = structures.users.user()
40
+ const account = structures.accounts.ssoAccount() as CloudAccount
41
+ mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
42
+ const result = await users.isPreventPasswordActions(user)
43
+ expect(result).toBe(false)
44
+ })
31
45
  })
32
46
 
33
47
  it("returns true for sso user", async () => {
34
- const user = structures.users.ssoUser()
35
- const result = await users.isPreventPasswordActions(user)
36
- expect(result).toBe(true)
48
+ await context.doInTenant(structures.tenant.id(), async () => {
49
+ const user = structures.users.ssoUser()
50
+ const result = await users.isPreventPasswordActions(user)
51
+ expect(result).toBe(true)
52
+ })
37
53
  })
38
54
 
39
55
  describe("enforced sso", () => {
40
56
  it("returns true for all users when sso is enforced", async () => {
41
- const user = structures.users.user()
42
- pro.features.isSSOEnforced.mockReturnValue(Promise.resolve(true))
43
- const result = await users.isPreventPasswordActions(user)
44
- expect(result).toBe(true)
57
+ await context.doInTenant(structures.tenant.id(), async () => {
58
+ const user = structures.users.user()
59
+ pro.features.isSSOEnforced.mockResolvedValueOnce(true)
60
+ const result = await users.isPreventPasswordActions(user)
61
+ expect(result).toBe(true)
62
+ })
45
63
  })
46
64
  })
47
65
 
@@ -31,6 +31,7 @@ import {
31
31
  SearchUsersRequest,
32
32
  User,
33
33
  SaveUserOpts,
34
+ Account,
34
35
  } from "@budibase/types"
35
36
  import { sendEmail } from "../../utilities/email"
36
37
  import { EmailTemplatePurpose } from "../../constants"
@@ -127,7 +128,8 @@ const buildUser = async (
127
128
  requirePassword: true,
128
129
  },
129
130
  tenantId: string,
130
- dbUser?: any
131
+ dbUser?: any,
132
+ account?: Account
131
133
  ): Promise<User> => {
132
134
  let { password, _id } = user
133
135
 
@@ -138,7 +140,7 @@ const buildUser = async (
138
140
 
139
141
  let hashedPassword
140
142
  if (password) {
141
- if (await isPreventPasswordActions(user)) {
143
+ if (await isPreventPasswordActions(user, account)) {
142
144
  throw new HTTPError("Password change is disabled for this user", 400)
143
145
  }
144
146
  hashedPassword = opts.hashPassword ? await utils.hash(password) : password
@@ -209,7 +211,7 @@ const validateUniqueUser = async (email: string, tenantId: string) => {
209
211
  }
210
212
  }
211
213
 
212
- export async function isPreventPasswordActions(user: User) {
214
+ export async function isPreventPasswordActions(user: User, account?: Account) {
213
215
  // when in maintenance mode we allow sso users with the admin role
214
216
  // to perform any password action - this prevents lockout
215
217
  if (coreEnv.ENABLE_SSO_MAINTENANCE_MODE && user.admin?.global) {
@@ -227,8 +229,10 @@ export async function isPreventPasswordActions(user: User) {
227
229
  }
228
230
 
229
231
  // Check account sso
230
- const account = await accountSdk.api.getAccount(user.email)
231
- return !!(account && isSSOAccount(account))
232
+ if (!account) {
233
+ account = await accountSdk.api.getAccountByTenantId(tenancy.getTenantId())
234
+ }
235
+ return !!(account && account.email === user.email && isSSOAccount(account))
232
236
  }
233
237
 
234
238
  export const save = async (
@@ -439,6 +443,7 @@ export const bulkCreate = async (
439
443
  newUsers.push(newUser)
440
444
  }
441
445
 
446
+ const account = await accountSdk.api.getAccountByTenantId(tenantId)
442
447
  // create the promises array that will be called by bulkDocs
443
448
  newUsers.forEach((user: any) => {
444
449
  usersToSave.push(
@@ -448,7 +453,9 @@ export const bulkCreate = async (
448
453
  hashPassword: true,
449
454
  requirePassword: user.requirePassword,
450
455
  },
451
- tenantId
456
+ tenantId,
457
+ undefined, // no dbUser
458
+ account
452
459
  )
453
460
  )
454
461
  })