MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2801 from Budibase/fix/set-tenant-from-url-ui 

Respect tenant in url in UI app. Reject tenant and session mismatch
This commit is contained in:
Rory Powell 2021-09-29 17:14:33 +01:00 committed by GitHub
parent 736970afcc 8de6cd3585
commit 3816d6a632
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
packages/builder/src/pages/builder/_layout.svelte
View File

@ -9,10 +9,31 @@
$: hasAdminUser = $admin?.checklist?.adminUser?.checked $: hasAdminUser = $admin?.checklist?.adminUser?.checked
$: tenantSet = $auth.tenantSet $: tenantSet = $auth.tenantSet
$: cloud = $admin.cloud $: cloud = $admin.cloud
$: user = $auth.user
const validateTenantId = async () => {
// set the tenant from the url in the cloud
const tenantId = window.location.host.split(".")[0]
if (!tenantId.includes("localhost:")) {
// user doesn't have permission to access this tenant - kick them out
if (user?.tenantId !== tenantId) {
await auth.logout()
await auth.setOrganisation(null)
} else {
await auth.setOrganisation(tenantId)
}
}
}
onMount(async () => { onMount(async () => {
await auth.checkAuth() await auth.checkAuth()
await admin.init() await admin.init()
if (cloud && multiTenancyEnabled) {
await validateTenantId()
}
loaded = true loaded = true
}) })

1
packages/builder/src/stores/portal/auth.js
View File

@ -80,6 +80,7 @@ export function createAuthStore() {
return { return {
subscribe: store.subscribe, subscribe: store.subscribe,
setOrganisation: setOrganisation,
checkQueryString: async () => { checkQueryString: async () => {
const urlParams = new URLSearchParams(window.location.search) const urlParams = new URLSearchParams(window.location.search)
if (urlParams.has("tenantId")) { if (urlParams.has("tenantId")) {