Merge pull request #12789 from Budibase/bug/BUDI-7896/incorrect-handling-of-short-passwords-in-user-invitation
[Bug] Incorrect handling of short passwords in user invitation
This commit is contained in:
commit
39b7a719e3
|
@ -22,6 +22,7 @@ export enum LockName {
|
||||||
QUOTA_USAGE_EVENT = "quota_usage_event",
|
QUOTA_USAGE_EVENT = "quota_usage_event",
|
||||||
APP_MIGRATION = "app_migrations",
|
APP_MIGRATION = "app_migrations",
|
||||||
PROCESS_AUTO_COLUMNS = "process_auto_columns",
|
PROCESS_AUTO_COLUMNS = "process_auto_columns",
|
||||||
|
PROCESS_USER_INVITE = "process_user_invite",
|
||||||
}
|
}
|
||||||
|
|
||||||
export type LockOptions = {
|
export type LockOptions = {
|
||||||
|
|
|
@ -12,6 +12,8 @@ import {
|
||||||
InviteUserRequest,
|
InviteUserRequest,
|
||||||
InviteUsersRequest,
|
InviteUsersRequest,
|
||||||
InviteUsersResponse,
|
InviteUsersResponse,
|
||||||
|
LockName,
|
||||||
|
LockType,
|
||||||
MigrationType,
|
MigrationType,
|
||||||
SaveUserResponse,
|
SaveUserResponse,
|
||||||
SearchUsersRequest,
|
SearchUsersRequest,
|
||||||
|
@ -27,6 +29,7 @@ import {
|
||||||
platform,
|
platform,
|
||||||
tenancy,
|
tenancy,
|
||||||
db,
|
db,
|
||||||
|
locks,
|
||||||
} from "@budibase/backend-core"
|
} from "@budibase/backend-core"
|
||||||
import { checkAnyUserExists } from "../../../utilities/users"
|
import { checkAnyUserExists } from "../../../utilities/users"
|
||||||
import { isEmailConfigured } from "../../../utilities/email"
|
import { isEmailConfigured } from "../../../utilities/email"
|
||||||
|
@ -380,9 +383,16 @@ export const inviteAccept = async (
|
||||||
) => {
|
) => {
|
||||||
const { inviteCode, password, firstName, lastName } = ctx.request.body
|
const { inviteCode, password, firstName, lastName } = ctx.request.body
|
||||||
try {
|
try {
|
||||||
|
await locks.doWithLock(
|
||||||
|
{
|
||||||
|
type: LockType.AUTO_EXTEND,
|
||||||
|
name: LockName.PROCESS_USER_INVITE,
|
||||||
|
resource: inviteCode,
|
||||||
|
systemLock: true,
|
||||||
|
},
|
||||||
|
async () => {
|
||||||
// info is an extension of the user object that was stored by global
|
// info is an extension of the user object that was stored by global
|
||||||
const { email, info }: any = await cache.invite.getCode(inviteCode)
|
const { email, info } = await cache.invite.getCode(inviteCode)
|
||||||
await cache.invite.deleteCode(inviteCode)
|
|
||||||
const user = await tenancy.doInTenant(info.tenantId, async () => {
|
const user = await tenancy.doInTenant(info.tenantId, async () => {
|
||||||
let request: any = {
|
let request: any = {
|
||||||
firstName,
|
firstName,
|
||||||
|
@ -393,7 +403,7 @@ export const inviteAccept = async (
|
||||||
roles: info.apps,
|
roles: info.apps,
|
||||||
tenantId: info.tenantId,
|
tenantId: info.tenantId,
|
||||||
}
|
}
|
||||||
let builder: { global: boolean; apps?: string[] } = {
|
const builder: { global: boolean; apps?: string[] } = {
|
||||||
global: info?.builder?.global || false,
|
global: info?.builder?.global || false,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -408,23 +418,25 @@ export const inviteAccept = async (
|
||||||
}
|
}
|
||||||
|
|
||||||
const saved = await userSdk.db.save(request)
|
const saved = await userSdk.db.save(request)
|
||||||
const db = tenancy.getGlobalDB()
|
await events.user.inviteAccepted(saved)
|
||||||
const user = await db.get<User>(saved._id)
|
|
||||||
await events.user.inviteAccepted(user)
|
|
||||||
return saved
|
return saved
|
||||||
})
|
})
|
||||||
|
|
||||||
|
await cache.invite.deleteCode(inviteCode)
|
||||||
|
|
||||||
ctx.body = {
|
ctx.body = {
|
||||||
_id: user._id!,
|
_id: user._id!,
|
||||||
_rev: user._rev!,
|
_rev: user._rev!,
|
||||||
email: user.email,
|
email: user.email,
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
} catch (err: any) {
|
} catch (err: any) {
|
||||||
if (err.code === ErrorCode.USAGE_LIMIT_EXCEEDED) {
|
if (err.code === ErrorCode.USAGE_LIMIT_EXCEEDED) {
|
||||||
// explicitly re-throw limit exceeded errors
|
// explicitly re-throw limit exceeded errors
|
||||||
ctx.throw(400, err)
|
ctx.throw(400, err)
|
||||||
}
|
}
|
||||||
console.warn("Error inviting user", err)
|
console.warn("Error inviting user", err)
|
||||||
ctx.throw(400, "Unable to create new user, invitation invalid.")
|
ctx.throw(400, err || "Unable to create new user, invitation invalid.")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue