diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js index 5966da483e..2fdf4baf6c 100644 --- a/packages/auth/src/middleware/authenticated.js +++ b/packages/auth/src/middleware/authenticated.js @@ -11,7 +11,7 @@ module.exports = async (ctx, next) => { ctx.isAuthenticated = true ctx.user = authCookie // make sure email is correct from ID - ctx.user.email = getEmailFromUserID(authCookie._id) + ctx.user.email = getEmailFromUserID(authCookie.userId) } await next() diff --git a/packages/auth/src/middleware/passport/jwt.js b/packages/auth/src/middleware/passport/jwt.js index 1d6a4e04e0..06071f77e8 100644 --- a/packages/auth/src/middleware/passport/jwt.js +++ b/packages/auth/src/middleware/passport/jwt.js @@ -1,5 +1,10 @@ +const { Cookies } = require("../../constants") + exports.options = { secretOrKey: process.env.JWT_SECRET, + jwtFromRequest: function(ctx) { + return ctx.cookies.get(Cookies.Auth) + }, } exports.authenticate = async function(jwt, done) { diff --git a/packages/auth/src/middleware/passport/local.js b/packages/auth/src/middleware/passport/local.js index 379ec58dbb..5a2221499a 100644 --- a/packages/auth/src/middleware/passport/local.js +++ b/packages/auth/src/middleware/passport/local.js @@ -38,7 +38,7 @@ exports.authenticate = async function(username, password, done) { // authenticate if (await compare(password, dbUser.password)) { const payload = { - _id: dbUser._id, + userId: dbUser._id, } const token = jwt.sign(payload, process.env.JWT_SECRET, { diff --git a/packages/builder/src/components/login/LoginForm.svelte b/packages/builder/src/components/login/LoginForm.svelte index 5265d2e6d6..57ba75934c 100644 --- a/packages/builder/src/components/login/LoginForm.svelte +++ b/packages/builder/src/components/login/LoginForm.svelte @@ -12,7 +12,11 @@ username, password, }) - notifier.success("Logged in successfully.") + if (json.success) { + notifier.success("Logged in successfully.") + } else { + notifier.danger("Invalid credentials") + } } catch (err) { console.error(err) notifier.danger(`Error logging in: ${err}`) diff --git a/packages/builder/src/stores/backend/auth.js b/packages/builder/src/stores/backend/auth.js index e0a9496b94..b6a39dc0af 100644 --- a/packages/builder/src/stores/backend/auth.js +++ b/packages/builder/src/stores/backend/auth.js @@ -3,8 +3,7 @@ import api from "../../builderStore/api" async function checkAuth() { const response = await api.get("/api/self") - const user = await response.json() - if (json) return json + return await response.json() } export function createAuthStore() { @@ -21,6 +20,7 @@ export function createAuthStore() { localStorage.setItem("auth:user", JSON.stringify(json.user)) set({ user: json.user }) } + return json }, logout: async () => { const response = await api.post(`/api/auth/logout`) diff --git a/packages/server/src/api/controllers/application.js b/packages/server/src/api/controllers/application.js index 042474c5b6..fd1d7a6688 100644 --- a/packages/server/src/api/controllers/application.js +++ b/packages/server/src/api/controllers/application.js @@ -145,7 +145,7 @@ exports.fetchAppPackage = async function(ctx) { layouts, clientLibPath: clientLibraryPath(ctx.params.appId), } - await setBuilderToken(ctx, ctx.params.appId, application.version) + // await setBuilderToken(ctx, ctx.params.appId, application.version) } exports.create = async function(ctx) { @@ -184,7 +184,7 @@ exports.create = async function(ctx) { await createApp(appId) } - await setBuilderToken(ctx, appId, version) + // await setBuilderToken(ctx, appId, version) ctx.status = 200 ctx.body = newApplication ctx.message = `Application ${ctx.request.body.name} created successfully` diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js index 0cc8668687..f62afdf185 100644 --- a/packages/server/src/api/controllers/auth.js +++ b/packages/server/src/api/controllers/auth.js @@ -7,7 +7,7 @@ const { generateUserMetadataID } = require("../../db/utils") const { setCookie } = require("../../utilities") const { outputProcessing } = require("../../utilities/rowProcessor") const { InternalTables } = require("../../db/utils") -const { UserStatus } = require("@budibase/auth") +const { UserStatus, StaticDatabases } = require("@budibase/auth") const { getFullUser } = require("../../utilities/users") const INVALID_ERR = "Invalid Credentials" @@ -73,10 +73,19 @@ exports.authenticate = async ctx => { exports.fetchSelf = async ctx => { const { userId, appId } = ctx.user /* istanbul ignore next */ - if (!userId || !appId) { + if (!userId) { ctx.body = {} return } + + if (!appId) { + const db = new CouchDB(StaticDatabases.USER.name) + const user = await db.get(userId) + delete user.password + ctx.body = { user } + return + } + const db = new CouchDB(appId) const user = await getFullUser({ ctx, userId: userId }) const userTable = await db.get(InternalTables.USER_METADATA) diff --git a/packages/server/src/api/controllers/static/index.js b/packages/server/src/api/controllers/static/index.js index a1edd4643a..dd60ee5985 100644 --- a/packages/server/src/api/controllers/static/index.js +++ b/packages/server/src/api/controllers/static/index.js @@ -9,7 +9,6 @@ const { processString } = require("@budibase/string-templates") const { budibaseTempDir } = require("../../../utilities/budibaseDir") const { getDeployedApps } = require("../../../utilities/builder/hosting") const CouchDB = require("../../../db") -const setBuilderToken = require("../../../utilities/builder/setBuilderToken") const { loadHandlebarsFile, NODE_MODULES_PATH, @@ -35,9 +34,9 @@ const COMP_LIB_BASE_APP_VERSION = "0.2.5" exports.serveBuilder = async function(ctx) { let builderPath = resolve(TOP_LEVEL_PATH, "builder") - if (ctx.file === "index.html") { - // await setBuilderToken(ctx) - } + // if (ctx.file === "index.html") { + // // await setBuilderToken(ctx) + // } await send(ctx, ctx.file, { root: builderPath }) } diff --git a/packages/server/src/api/routes/auth.js b/packages/server/src/api/routes/auth.js index 954130370b..b07627c29e 100644 --- a/packages/server/src/api/routes/auth.js +++ b/packages/server/src/api/routes/auth.js @@ -4,7 +4,6 @@ const controller = require("../controllers/auth") const router = Router() // TODO: needs removed -router.post("/api/authenticate", controller.authenticate) router.get("/api/self", controller.fetchSelf) module.exports = router diff --git a/packages/server/src/middleware/currentapp.js b/packages/server/src/middleware/currentapp.js index a591874e6f..80522d6ac0 100644 --- a/packages/server/src/middleware/currentapp.js +++ b/packages/server/src/middleware/currentapp.js @@ -15,7 +15,7 @@ function finish(ctx, next, { appId, roleId, cookie = false }) { ctx.roleId = roleId } if (cookie && appId) { - setCookie(ctx, new CurrentAppCookie(appId, roleId)) + setCookie(ctx, new CurrentAppCookie(appId, roleId), Cookies.CurrentApp) } return next() } diff --git a/packages/server/src/utilities/users.js b/packages/server/src/utilities/users.js index b41a0da9c7..f8246e4e91 100644 --- a/packages/server/src/utilities/users.js +++ b/packages/server/src/utilities/users.js @@ -1,9 +1,9 @@ -const CouchDB = require("../../db") +const CouchDB = require("../db") const { generateUserMetadataID, getEmailFromUserMetadataID, } = require("../db/utils") -const { getGlobalUsers } = require("../../utilities/workerRequests") +const { getGlobalUsers } = require("../utilities/workerRequests") exports.getFullUser = async ({ ctx, email, userId }) => { if (!email) {