@budibase/worker 3.31.5 → 3.31.6

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "3.31.5",
+  "version": "3.31.6",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -91,5 +91,5 @@
     "supertest": "6.3.3",
     "timekeeper": "2.2.0"
   },
-  "gitHead": "8b6307f21fc1e0496119295b4417d57e13857c6a"
+  "gitHead": "431d595ada96873e3b6ff34e80a2f710f5ad5051"
 }

package/src/api/controllers/global/users.ts

@@ -153,6 +153,9 @@ export const changeTenantOwnerEmail = async (
 export const addSsoSupport = async (
   ctx: Ctx<AddSSoUserRequest, AddSSoUserResponse>
 ) => {
+  if (!ctx.internal) {
+    ctx.throw(403, "Unauthorized")
+  }
   const { email, ssoId } = ctx.request.body
   try {
     const [userByEmail] = await users.getExistingPlatformUsers([email])
@@ -367,6 +370,44 @@ export const search = async (
 }
 
 const DEFAULT_USER_LIMIT = 8
+const GLOBAL_PERMISSION_USER_PAGE_LIMIT = 1000
+
+const getGlobalPermissionUsers = async () => {
+  const globalDb = context.getGlobalDB()
+  const globalPermissionUsers = new Map<string, User>()
+  let bookmark: string | undefined
+  let nextBookmark: string | undefined
+
+  do {
+    const response = await globalDb.find<User>({
+      selector: {
+        _id: {
+          $regex: `^${db.DocumentType.USER}${db.SEPARATOR}`,
+        },
+        $or: [{ "admin.global": true }, { "builder.global": true }],
+      },
+      limit: GLOBAL_PERMISSION_USER_PAGE_LIMIT,
+      ...(bookmark ? { bookmark } : {}),
+    })
+
+    for (const user of response.docs) {
+      if (user?._id) {
+        globalPermissionUsers.set(user._id, user)
+      }
+    }
+
+    nextBookmark =
+      response.docs.length === GLOBAL_PERMISSION_USER_PAGE_LIMIT
+        ? response.bookmark
+        : undefined
+    if (!nextBookmark || nextBookmark === bookmark) {
+      break
+    }
+    bookmark = nextBookmark
+  } while (bookmark)
+
+  return [...globalPermissionUsers.values()]
+}
 
 const searchWorkspaceUsers = async (
   body: SearchUsersRequest
@@ -391,16 +432,7 @@ const searchWorkspaceUsers = async (
         undefined,
         { arrayResponse: true }
       ) as Promise<User[]>,
-      globalDb
-        .find<User>({
-          selector: {
-            _id: {
-              $regex: `^${db.DocumentType.USER}${db.SEPARATOR}`,
-            },
-            $or: [{ "admin.global": true }, { "builder.global": true }],
-          },
-        })
-        .then(response => response.docs),
+      getGlobalPermissionUsers(),
       globalDb
         .allDocs<UserGroup>(
           db.getDocParams(db.DocumentType.GROUP, null, {

package/src/api/index.ts

@@ -41,10 +41,6 @@ const PUBLIC_ENDPOINTS = [
     route: "/api/global/users/init",
     method: "POST",
   },
-  {
-    route: "/api/global/users/sso",
-    method: "POST",
-  },
   {
     route: "/api/global/users/invite/accept",
     method: "POST",

package/src/api/routes/global/tests/users.spec.ts

@@ -1,6 +1,11 @@
 import { InviteUsersResponse, OIDCUser, User } from "@budibase/types"
 
-import { accounts as _accounts, events, tenancy } from "@budibase/backend-core"
+import {
+  accounts as _accounts,
+  events,
+  tenancy,
+  withEnv,
+} from "@budibase/backend-core"
 import { mocks as featureMocks } from "@budibase/backend-core/tests"
 import { sdk as proSdk } from "@budibase/pro"
 import * as userSdk from "../../../../sdk/users"
@@ -820,6 +825,16 @@ describe("/api/global/users", () => {
           .expect(403)
       })
 
+      it("sso support cannot be used without internal key on self-hosted", async () => {
+        const user = await createPasswordUser()
+        const ssoId = "fake-ssoId"
+        await withEnv({ SELF_HOSTED: true }, () =>
+          config.api.users
+            .addSsoSupportDefaultAuth(ssoId, user.email)
+            .expect(403)
+        )
+      })
+
       it("if user email doesn't exist, SSO support couldn't be added. Not found error returned", async () => {
         const ssoId = "fake-ssoId"
         const email = "fake-email@budibase.com"
@@ -963,6 +978,34 @@ describe("/api/global/users", () => {
       expect(response.body.data[0].email).toBe(email)
     })
 
+    it("should include all global admins in workspace search when there are more than 25", async () => {
+      const workspaceId = "app_workspace_filter_global_admin_many"
+      const globalAdminUsers = await Promise.all(
+        Array.from({ length: 30 }).map((_, index) =>
+          config.createUser({
+            email: `workspace-global-admin-${index}-${structures.users.newEmail()}`,
+            admin: { global: true },
+            builder: { global: true },
+          })
+        )
+      )
+      const globalAdminIds = globalAdminUsers
+        .map(user => user._id)
+        .filter(Boolean) as string[]
+
+      const response = await config.api.users.searchUsers({
+        workspaceId,
+        query: { oneOf: { _id: globalAdminIds } },
+        limit: 100,
+      })
+
+      const returnedIds = response.body.data
+        .map((user: User) => user._id)
+        .filter(Boolean)
+      expect(returnedIds).toHaveLength(globalAdminIds.length)
+      expect(returnedIds).toEqual(expect.arrayContaining(globalAdminIds))
+    })
+
     it("should return no users when workspaceId is empty", async () => {
       const email = structures.users.newEmail()
       await config.createUser({ email })