Merge pull request #3238 from Budibase/user-password-fix
Fix: Prevent user updates in multi tenant mode from deleting user password
This commit is contained in:
commit
320314ca3e
|
@ -9,6 +9,8 @@ const { createASession } = require("../../security/sessions")
|
||||||
const { getTenantId } = require("../../tenancy")
|
const { getTenantId } = require("../../tenancy")
|
||||||
|
|
||||||
const INVALID_ERR = "Invalid Credentials"
|
const INVALID_ERR = "Invalid Credentials"
|
||||||
|
const SSO_NO_PASSWORD = "SSO user does not have a password set"
|
||||||
|
const EXPIRED = "This account has expired. Please reset your password"
|
||||||
|
|
||||||
exports.options = {
|
exports.options = {
|
||||||
passReqToCallback: true,
|
passReqToCallback: true,
|
||||||
|
@ -36,6 +38,19 @@ exports.authenticate = async function (ctx, email, password, done) {
|
||||||
return authError(done, INVALID_ERR)
|
return authError(done, INVALID_ERR)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check that the user has a stored password before proceeding
|
||||||
|
if (!dbUser.password) {
|
||||||
|
if (
|
||||||
|
(dbUser.account && dbUser.account.authType === "sso") || // root account sso
|
||||||
|
dbUser.thirdPartyProfile // internal sso
|
||||||
|
) {
|
||||||
|
return authError(done, SSO_NO_PASSWORD)
|
||||||
|
}
|
||||||
|
|
||||||
|
console.error("Non SSO usser has no password set", dbUser)
|
||||||
|
return authError(done, EXPIRED)
|
||||||
|
}
|
||||||
|
|
||||||
// authenticate
|
// authenticate
|
||||||
if (await compare(password, dbUser.password)) {
|
if (await compare(password, dbUser.password)) {
|
||||||
const sessionId = newid()
|
const sessionId = newid()
|
||||||
|
|
|
@ -181,8 +181,8 @@ exports.saveUser = async (
|
||||||
|
|
||||||
// check budibase users in other tenants
|
// check budibase users in other tenants
|
||||||
if (env.MULTI_TENANCY) {
|
if (env.MULTI_TENANCY) {
|
||||||
dbUser = await getTenantUser(email)
|
const tenantUser = await getTenantUser(email)
|
||||||
if (dbUser != null && dbUser.tenantId !== tenantId) {
|
if (tenantUser != null && tenantUser.tenantId !== tenantId) {
|
||||||
throw `Email address ${email} already in use.`
|
throw `Email address ${email} already in use.`
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,7 +44,7 @@
|
||||||
}
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error(err)
|
console.error(err)
|
||||||
notifications.error("Invalid credentials")
|
notifications.error(err.message ? err.message : "Invalid Credentials")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -112,7 +112,7 @@ export function createAuthStore() {
|
||||||
if (response.status === 200) {
|
if (response.status === 200) {
|
||||||
setUser(json.user)
|
setUser(json.user)
|
||||||
} else {
|
} else {
|
||||||
throw "Invalid credentials"
|
throw new Error(json.message ? json.message : "Invalid credentials")
|
||||||
}
|
}
|
||||||
return json
|
return json
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue