budibase/packages/backend-core/src/users.ts

import {
  ViewName,
  getUsersByAppParams,
  getProdAppID,
  generateAppUserID,
  queryGlobalView,
  UNICODE_MAX,
  DocumentType,
  SEPARATOR,
  directCouchFind,
  getGlobalUserParams,
  pagination,
} from "./db"
import { BulkDocsResponse, SearchUsersRequest, User } from "@budibase/types"
import { getGlobalDB } from "./context"
import * as context from "./context"

type GetOpts = { cleanup?: boolean }

function removeUserPassword(users: User | User[]) {
  if (Array.isArray(users)) {
    return users.map(user => {
      if (user) {
        delete user.password
        return user
      }
    })
  } else if (users) {
    delete users.password
    return users
  }
  return users
}

export const bulkGetGlobalUsersById = async (
  userIds: string[],
  opts?: GetOpts
) => {
  const db = getGlobalDB()
  let users = (
    await db.allDocs({
      keys: userIds,
      include_docs: true,
    })
  ).rows.map(row => row.doc) as User[]
  if (opts?.cleanup) {
    users = removeUserPassword(users) as User[]
  }
  return users
}

export const getAllUserIds = async () => {
  const db = getGlobalDB()
  const startKey = `${DocumentType.USER}${SEPARATOR}`
  const response = await db.allDocs({
    startkey: startKey,
    endkey: `${startKey}${UNICODE_MAX}`,
  })
  return response.rows.map(row => row.id)
}

export const bulkUpdateGlobalUsers = async (users: User[]) => {
  const db = getGlobalDB()
  return (await db.bulkDocs(users)) as BulkDocsResponse
}

export async function getById(id: string, opts?: GetOpts): Promise<User> {
  const db = context.getGlobalDB()
  let user = await db.get(id)
  if (opts?.cleanup) {
    user = removeUserPassword(user)
  }
  return user
}

/**
 * Given an email address this will use a view to search through
 * all the users to find one with this email address.
 */
export const getGlobalUserByEmail = async (
  email: String,
  opts?: GetOpts
): Promise<User | undefined> => {
  if (email == null) {
    throw "Must supply an email address to view"
  }

  const response = await queryGlobalView<User>(ViewName.USER_BY_EMAIL, {
    key: email.toLowerCase(),
    include_docs: true,
  })

  if (Array.isArray(response)) {
    // shouldn't be able to happen, but need to handle just in case
    throw new Error(`Multiple users found with email address: ${email}`)
  }

  let user = response as User
  if (opts?.cleanup) {
    user = removeUserPassword(user) as User
  }

  return user
}

export const searchGlobalUsersByApp = async (
  appId: any,
  opts: any,
  getOpts?: GetOpts
) => {
  if (typeof appId !== "string") {
    throw new Error("Must provide a string based app ID")
  }
  const params = getUsersByAppParams(appId, {
    include_docs: true,
  })
  params.startkey = opts && opts.startkey ? opts.startkey : params.startkey
  let response = await queryGlobalView(ViewName.USER_BY_APP, params)

  if (!response) {
    response = []
  }
  let users: User[] = Array.isArray(response) ? response : [response]
  if (getOpts?.cleanup) {
    users = removeUserPassword(users) as User[]
  }
  return users
}

/*
  Return any user who potentially has access to the application
  Admins, developers and app users with the explicitly role.
*/
export const searchGlobalUsersByAppAccess = async (appId: any, opts: any) => {
  const roleSelector = `roles.${appId}`

  let orQuery: any[] = [
    {
      "builder.global": true,
    },
    {
      "admin.global": true,
    },
  ]

  if (appId) {
    const roleCheck = {
      [roleSelector]: {
        $exists: true,
      },
    }
    orQuery.push(roleCheck)
  }

  let searchOptions = {
    selector: {
      $or: orQuery,
      _id: {
        $regex: "^us_",
      },
    },
    limit: opts?.limit || 50,
  }

  const resp = await directCouchFind(context.getGlobalDBName(), searchOptions)
  return resp?.rows
}

export const getGlobalUserByAppPage = (appId: string, user: User) => {
  if (!user) {
    return
  }
  return generateAppUserID(getProdAppID(appId)!, user._id!)
}

/**
 * Performs a starts with search on the global email view.
 */
export const searchGlobalUsersByEmail = async (
  email: string,
  opts: any,
  getOpts?: GetOpts
) => {
  if (typeof email !== "string") {
    throw new Error("Must provide a string to search by")
  }
  const lcEmail = email.toLowerCase()
  // handle if passing up startkey for pagination
  const startkey = opts && opts.startkey ? opts.startkey : lcEmail
  let response = await queryGlobalView<User>(ViewName.USER_BY_EMAIL, {
    ...opts,
    startkey,
    endkey: `${lcEmail}${UNICODE_MAX}`,
  })
  if (!response) {
    response = []
  }
  let users: User[] = Array.isArray(response) ? response : [response]
  if (getOpts?.cleanup) {
    users = removeUserPassword(users) as User[]
  }
  return users
}

const PAGE_LIMIT = 8
export const paginatedUsers = async ({
  page,
  email,
  appId,
}: SearchUsersRequest = {}) => {
  const db = getGlobalDB()
  // get one extra document, to have the next page
  const opts: any = {
    include_docs: true,
    limit: PAGE_LIMIT + 1,
  }
  // add a startkey if the page was specified (anchor)
  if (page) {
    opts.startkey = page
  }
  // property specifies what to use for the page/anchor
  let userList: User[],
    property = "_id",
    getKey
  if (appId) {
    userList = await searchGlobalUsersByApp(appId, opts)
    getKey = (doc: any) => getGlobalUserByAppPage(appId, doc)
  } else if (email) {
    userList = await searchGlobalUsersByEmail(email, opts)
    property = "email"
  } else {
    // no search, query allDocs
    const response = await db.allDocs(getGlobalUserParams(null, opts))
    userList = response.rows.map((row: any) => row.doc)
  }
  return pagination(userList, PAGE_LIMIT, {
    paginate: true,
    property,
    getKey,
  })
}
Merge branch 'develop' into feature/day-pass-pricing 2022-08-19 15:08:03 +02:00			`import {`
Replacing all plural TS enumerations with singular - this involves a major rename of the DocumentTypes. 2022-08-11 14:50:05 +02:00			`ViewName,`
some more pr comments 2022-07-25 19:57:10 +02:00			`getUsersByAppParams,`
			`getProdAppID,`
			`generateAppUserID,`
PR comments - still experiencing build issues. 2022-11-17 14:31:54 +01:00			`queryGlobalView,`
			`UNICODE_MAX,`
allUsers function & more metrics 2023-02-22 22:10:35 +01:00			`DocumentType,`
			`SEPARATOR,`
Builder user onboarding 2023-02-28 10:37:03 +01:00			`directCouchFind,`
Move user search to core 2023-03-10 17:06:53 +01:00			`getGlobalUserParams,`
			`pagination,`
PR comments - still experiencing build issues. 2022-11-17 14:31:54 +01:00			`} from "./db"`
Move user search to core 2023-03-10 17:06:53 +01:00			`import { BulkDocsResponse, SearchUsersRequest, User } from "@budibase/types"`
Adding group cleanup, removing group IDs from users when group is deleted. 2022-09-21 13:43:09 +02:00			`import { getGlobalDB } from "./context"`
Prevent SSO users from setting / resetting a password (#9672) * Prevent SSO users from setting / resetting a password * Add support for ENABLE_SSO_MAINTENANCE_MODE * Add typing to self api and build out user update sdk * Integrate sso checks with user sdk. Integrate user sdk with self api * Test fixes * Move self update into SDK * Lock down maintenance mode to admin user * Fix typo * Add health status response and return type signature to accounts.getStatus * Remove some unnecessary comments * Make sso save user function non optional * Remove redundant check on sso auth details provider * Update syncProfilePicture function name to getProfilePictureUrl * Update packages/worker/src/sdk/users/events.ts Co-authored-by: Adria Navarro <adria@revityapp.com> * Add ENABLE_EMAIL_TEST_MODE flag * Fix for logging in as sso user when existing user has password already * Hide password update and force reset from ui for sso users * Always disable sso maintenance mode in cloud --------- Co-authored-by: Adria Navarro <adria@revityapp.com> 2023-02-21 09:23:53 +01:00			`import * as context from "./context"`
Adding group cleanup, removing group IDs from users when group is deleted. 2022-09-21 13:43:09 +02:00
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`type GetOpts = { cleanup?: boolean }`

Main body of PR comments. 2023-02-24 14:32:45 +01:00			`function removeUserPassword(users: User \| User[]) {`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`if (Array.isArray(users)) {`
			`return users.map(user => {`
Implementing a few basic tests to create and search the audit logs. 2023-02-23 18:23:06 +01:00			`if (user) {`
			`delete user.password`
			`return user`
			`}`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`})`
Implementing a few basic tests to create and search the audit logs. 2023-02-23 18:23:06 +01:00			`} else if (users) {`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`delete users.password`
			`return users`
			`}`
Implementing a few basic tests to create and search the audit logs. 2023-02-23 18:23:06 +01:00			`return users`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`}`

			`export const bulkGetGlobalUsersById = async (`
			`userIds: string[],`
			`opts?: GetOpts`
			`) => {`
Major update - removing the use of context for PouchDB instances, swapping knowledge of PouchDB to the PouchLike structure that replaces it. 2022-11-09 17:53:42 +01:00			`const db = getGlobalDB()`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`let users = (`
Adding group cleanup, removing group IDs from users when group is deleted. 2022-09-21 13:43:09 +02:00			`await db.allDocs({`
			`keys: userIds,`
			`include_docs: true,`
			`})`
			`).rows.map(row => row.doc) as User[]`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`if (opts?.cleanup) {`
Main body of PR comments. 2023-02-24 14:32:45 +01:00			`users = removeUserPassword(users) as User[]`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`}`
			`return users`
Adding group cleanup, removing group IDs from users when group is deleted. 2022-09-21 13:43:09 +02:00			`}`
user / rbac events + tests 2022-04-08 02:28:22 +02:00
allUsers function & more metrics 2023-02-22 22:10:35 +01:00			`export const getAllUserIds = async () => {`
			`const db = getGlobalDB()`
			const startKey = `${DocumentType.USER}${SEPARATOR}`
			`const response = await db.allDocs({`
			`startkey: startKey,`
			endkey: `${startKey}${UNICODE_MAX}`,
			`})`
			`return response.rows.map(row => row.id)`
			`}`

Adding a user core bulk update function. 2022-09-21 14:55:10 +02:00			`export const bulkUpdateGlobalUsers = async (users: User[]) => {`
Major update - removing the use of context for PouchDB instances, swapping knowledge of PouchDB to the PouchLike structure that replaces it. 2022-11-09 17:53:42 +01:00			`const db = getGlobalDB()`
Adding a user core bulk update function. 2022-09-21 14:55:10 +02:00			`return (await db.bulkDocs(users)) as BulkDocsResponse`
			`}`

Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`export async function getById(id: string, opts?: GetOpts): Promise<User> {`
Prevent SSO users from setting / resetting a password (#9672) * Prevent SSO users from setting / resetting a password * Add support for ENABLE_SSO_MAINTENANCE_MODE * Add typing to self api and build out user update sdk * Integrate sso checks with user sdk. Integrate user sdk with self api * Test fixes * Move self update into SDK * Lock down maintenance mode to admin user * Fix typo * Add health status response and return type signature to accounts.getStatus * Remove some unnecessary comments * Make sso save user function non optional * Remove redundant check on sso auth details provider * Update syncProfilePicture function name to getProfilePictureUrl * Update packages/worker/src/sdk/users/events.ts Co-authored-by: Adria Navarro <adria@revityapp.com> * Add ENABLE_EMAIL_TEST_MODE flag * Fix for logging in as sso user when existing user has password already * Hide password update and force reset from ui for sso users * Always disable sso maintenance mode in cloud --------- Co-authored-by: Adria Navarro <adria@revityapp.com> 2023-02-21 09:23:53 +01:00			`const db = context.getGlobalDB()`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`let user = await db.get(id)`
			`if (opts?.cleanup) {`
Main body of PR comments. 2023-02-24 14:32:45 +01:00			`user = removeUserPassword(user)`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`}`
			`return user`
Prevent SSO users from setting / resetting a password (#9672) * Prevent SSO users from setting / resetting a password * Add support for ENABLE_SSO_MAINTENANCE_MODE * Add typing to self api and build out user update sdk * Integrate sso checks with user sdk. Integrate user sdk with self api * Test fixes * Move self update into SDK * Lock down maintenance mode to admin user * Fix typo * Add health status response and return type signature to accounts.getStatus * Remove some unnecessary comments * Make sso save user function non optional * Remove redundant check on sso auth details provider * Update syncProfilePicture function name to getProfilePictureUrl * Update packages/worker/src/sdk/users/events.ts Co-authored-by: Adria Navarro <adria@revityapp.com> * Add ENABLE_EMAIL_TEST_MODE flag * Fix for logging in as sso user when existing user has password already * Hide password update and force reset from ui for sso users * Always disable sso maintenance mode in cloud --------- Co-authored-by: Adria Navarro <adria@revityapp.com> 2023-02-21 09:23:53 +01:00			`}`

user / rbac events + tests 2022-04-08 02:28:22 +02:00			`/**`
			`* Given an email address this will use a view to search through`
			`* all the users to find one with this email address.`
			`*/`
Day pass middleware 2022-09-06 13:25:57 +02:00			`export const getGlobalUserByEmail = async (`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`email: String,`
			`opts?: GetOpts`
Day pass middleware 2022-09-06 13:25:57 +02:00			`): Promise<User \| undefined> => {`
user / rbac events + tests 2022-04-08 02:28:22 +02:00			`if (email == null) {`
			`throw "Must supply an email address to view"`
			`}`

Merge branch 'develop' into feature/day-pass-pricing 2022-08-19 15:08:03 +02:00			`const response = await queryGlobalView<User>(ViewName.USER_BY_EMAIL, {`
user / rbac events + tests 2022-04-08 02:28:22 +02:00			`key: email.toLowerCase(),`
			`include_docs: true,`
			`})`
User management events 2022-04-12 13:34:36 +02:00
Write users and activity to dynamo 2022-07-18 22:11:52 +02:00			`if (Array.isArray(response)) {`
			`// shouldn't be able to happen, but need to handle just in case`
			throw new Error(`Multiple users found with email address: ${email}`)
			`}`

Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`let user = response as User`
			`if (opts?.cleanup) {`
Main body of PR comments. 2023-02-24 14:32:45 +01:00			`user = removeUserPassword(user) as User`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`}`

			`return user`
user / rbac events + tests 2022-04-08 02:28:22 +02:00			`}`
Updating user page to search through the backend and building a basic pagination store that can be used for it. 2022-06-30 16:39:26 +02:00
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`export const searchGlobalUsersByApp = async (`
			`appId: any,`
			`opts: any,`
			`getOpts?: GetOpts`
			`) => {`
Updating user search endpoint to allow searching by app ID with a new view, as well as updating user page to have a search input again. 2022-07-06 17:09:05 +02:00			`if (typeof appId !== "string") {`
			`throw new Error("Must provide a string based app ID")`
			`}`
			`const params = getUsersByAppParams(appId, {`
			`include_docs: true,`
			`})`
			`params.startkey = opts && opts.startkey ? opts.startkey : params.startkey`
Replacing all plural TS enumerations with singular - this involves a major rename of the DocumentTypes. 2022-08-11 14:50:05 +02:00			`let response = await queryGlobalView(ViewName.USER_BY_APP, params)`
Builder user onboarding 2023-02-28 10:37:03 +01:00
Updating user search endpoint to allow searching by app ID with a new view, as well as updating user page to have a search input again. 2022-07-06 17:09:05 +02:00			`if (!response) {`
			`response = []`
			`}`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`let users: User[] = Array.isArray(response) ? response : [response]`
			`if (getOpts?.cleanup) {`
Main body of PR comments. 2023-02-24 14:32:45 +01:00			`users = removeUserPassword(users) as User[]`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`}`
			`return users`
Updating user search endpoint to allow searching by app ID with a new view, as well as updating user page to have a search input again. 2022-07-06 17:09:05 +02:00			`}`

Builder user onboarding 2023-02-28 10:37:03 +01:00			`/*`
			`Return any user who potentially has access to the application`
			`Admins, developers and app users with the explicitly role.`
			`*/`
			`export const searchGlobalUsersByAppAccess = async (appId: any, opts: any) => {`
			const roleSelector = `roles.${appId}`

			`let orQuery: any[] = [`
			`{`
			`"builder.global": true,`
			`},`
			`{`
			`"admin.global": true,`
			`},`
			`]`

			`if (appId) {`
			`const roleCheck = {`
			`[roleSelector]: {`
			`$exists: true,`
			`},`
			`}`
			`orQuery.push(roleCheck)`
			`}`

			`let searchOptions = {`
			`selector: {`
			`$or: orQuery,`
			`_id: {`
			`$regex: "^us_",`
			`},`
			`},`
			`limit: opts?.limit \|\| 50,`
			`}`

			`const resp = await directCouchFind(context.getGlobalDBName(), searchOptions)`
			`return resp?.rows`
Updating user search endpoint to allow searching by app ID with a new view, as well as updating user page to have a search input again. 2022-07-06 17:09:05 +02:00			`}`

Merge branch 'develop' into feature/day-pass-pricing 2022-08-19 15:08:03 +02:00			`export const getGlobalUserByAppPage = (appId: string, user: User) => {`
Updating user search endpoint to allow searching by app ID with a new view, as well as updating user page to have a search input again. 2022-07-06 17:09:05 +02:00			`if (!user) {`
			`return`
			`}`
Typescript conversions - trying to get all of context/db layer into TS. 2022-11-11 12:57:50 +01:00			`return generateAppUserID(getProdAppID(appId)!, user._id!)`
user / rbac events + tests 2022-04-08 02:28:22 +02:00			`}`
Updating user page to search through the backend and building a basic pagination store that can be used for it. 2022-06-30 16:39:26 +02:00
			`/**`
			`* Performs a starts with search on the global email view.`
			`*/`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`export const searchGlobalUsersByEmail = async (`
			`email: string,`
			`opts: any,`
			`getOpts?: GetOpts`
			`) => {`
Updating user page to search through the backend and building a basic pagination store that can be used for it. 2022-06-30 16:39:26 +02:00			`if (typeof email !== "string") {`
			`throw new Error("Must provide a string to search by")`
			`}`
			`const lcEmail = email.toLowerCase()`
			`// handle if passing up startkey for pagination`
			`const startkey = opts && opts.startkey ? opts.startkey : lcEmail`
Merge branch 'develop' into feature/day-pass-pricing 2022-08-19 15:08:03 +02:00			`let response = await queryGlobalView<User>(ViewName.USER_BY_EMAIL, {`
Updating user page to search through the backend and building a basic pagination store that can be used for it. 2022-06-30 16:39:26 +02:00			`...opts,`
			`startkey,`
			endkey: `${lcEmail}${UNICODE_MAX}`,
			`})`
			`if (!response) {`
			`response = []`
			`}`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`let users: User[] = Array.isArray(response) ? response : [response]`
			`if (getOpts?.cleanup) {`
Main body of PR comments. 2023-02-24 14:32:45 +01:00			`users = removeUserPassword(users) as User[]`
Adding the ability to cleanup users from get functions (default is old behaviour). 2023-02-23 12:28:18 +01:00			`}`
			`return users`
Updating user page to search through the backend and building a basic pagination store that can be used for it. 2022-06-30 16:39:26 +02:00			`}`
Move user search to core 2023-03-10 17:06:53 +01:00
			`const PAGE_LIMIT = 8`
			`export const paginatedUsers = async ({`
			`page,`
			`email,`
			`appId,`
			`}: SearchUsersRequest = {}) => {`
			`const db = getGlobalDB()`
			`// get one extra document, to have the next page`
			`const opts: any = {`
			`include_docs: true,`
			`limit: PAGE_LIMIT + 1,`
			`}`
			`// add a startkey if the page was specified (anchor)`
			`if (page) {`
			`opts.startkey = page`
			`}`
			`// property specifies what to use for the page/anchor`
			`let userList: User[],`
			`property = "_id",`
			`getKey`
			`if (appId) {`
			`userList = await searchGlobalUsersByApp(appId, opts)`
			`getKey = (doc: any) => getGlobalUserByAppPage(appId, doc)`
			`} else if (email) {`
			`userList = await searchGlobalUsersByEmail(email, opts)`
			`property = "email"`
			`} else {`
			`// no search, query allDocs`
			`const response = await db.allDocs(getGlobalUserParams(null, opts))`
			`userList = response.rows.map((row: any) => row.doc)`
			`}`
			`return pagination(userList, PAGE_LIMIT, {`
			`paginate: true,`
			`property,`
			`getKey,`
			`})`
			`}`