Remove all app cookie references (not really needed anymore)

This commit is contained in:
adrinr 2023-03-30 13:11:42 +01:00
parent 90c8ae9ed3
commit 48b964378b
6 changed files with 5 additions and 69 deletions

View File

@ -199,7 +199,6 @@ export async function platformLogout(opts: PlatformLogoutOpts) {
} else {
// clear cookies
clearCookie(ctx, Cookie.Auth)
clearCookie(ctx, Cookie.CurrentApp)
}
const sessionIds = sessions.map(({ sessionId }) => sessionId)

View File

@ -4,7 +4,6 @@ export enum UserStatus {
}
export enum Cookie {
CurrentApp = "budibase:currentapp",
Auth = "budibase:auth",
Init = "budibase:init",
ACCOUNT_RETURN_URL = "budibase:account:returnurl",

View File

@ -2,7 +2,6 @@ import {
utils,
constants,
roles,
db as dbCore,
tenancy,
context,
} from "@budibase/backend-core"
@ -15,29 +14,10 @@ import { UserCtx } from "@budibase/types"
export default async (ctx: UserCtx, next: any) => {
// try to get the appID from the request
let requestAppId = await utils.getAppIdFromCtx(ctx)
// get app cookie if it exists
let appCookie: { appId?: string } | undefined
try {
appCookie = utils.getCookie(ctx, constants.Cookie.CurrentApp)
} catch (err) {
utils.clearCookie(ctx, constants.Cookie.CurrentApp)
}
if (!appCookie && !requestAppId) {
if (!requestAppId) {
return next()
}
// check the app exists referenced in cookie
if (appCookie) {
const appId = appCookie.appId
const exists = await dbCore.dbExists(appId)
if (!exists) {
utils.clearCookie(ctx, constants.Cookie.CurrentApp)
return next()
}
// if the request app ID wasn't set, update it with the cookie
requestAppId = requestAppId || appId
}
// deny access to application preview
if (!env.isTest()) {
if (
@ -45,7 +25,6 @@ export default async (ctx: UserCtx, next: any) => {
!isWebhookEndpoint(ctx) &&
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
) {
utils.clearCookie(ctx, constants.Cookie.CurrentApp)
return ctx.redirect("/")
}
}
@ -127,14 +106,6 @@ export default async (ctx: UserCtx, next: any) => {
role: await roles.getRole(roleId),
}
}
if (
(requestAppId !== appId ||
appCookie == null ||
appCookie.appId !== requestAppId) &&
!skipCookie
) {
utils.setCookie(ctx, { appId }, constants.Cookie.CurrentApp)
}
return next()
})

View File

@ -330,21 +330,13 @@ class TestConfiguration {
sessionId: "sessionid",
tenantId: this.getTenantId(),
}
const app = {
roleId: roleId,
appId,
}
const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET)
const appToken = auth.jwt.sign(app, coreEnv.JWT_SECRET)
// returning necessary request headers
await cache.user.invalidateUser(userId)
return {
Accept: "application/json",
Cookie: [
`${constants.Cookie.Auth}=${authToken}`,
`${constants.Cookie.CurrentApp}=${appToken}`,
],
Cookie: [`${constants.Cookie.Auth}=${authToken}`],
[constants.Header.APP_ID]: appId,
}
})
@ -359,18 +351,11 @@ class TestConfiguration {
sessionId: "sessionid",
tenantId,
}
const app = {
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
appId: this.appId,
}
const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET)
const appToken = auth.jwt.sign(app, coreEnv.JWT_SECRET)
const headers: any = {
Accept: "application/json",
Cookie: [
`${constants.Cookie.Auth}=${authToken}`,
`${constants.Cookie.CurrentApp}=${appToken}`,
],
Cookie: [`${constants.Cookie.Auth}=${authToken}`],
[constants.Header.CSRF_TOKEN]: this.defaultUserValues.csrfToken,
Host: this.tenantHost(),
...extras,

View File

@ -50,11 +50,6 @@ async function passportCallback(
setCookie(ctx, token, Cookie.Auth, { sign: false })
// set the token in a header as well for APIs
ctx.set(Header.TOKEN, token)
// get rid of any app cookies on login
// have to check test because this breaks cypress
if (!env.isTest()) {
clearCookie(ctx, Cookie.CurrentApp)
}
}
export const login = async (ctx: Ctx<LoginRequest>, next: any) => {

View File

@ -2,7 +2,6 @@ import * as userSdk from "../../../sdk/users"
import {
featureFlags,
tenancy,
constants,
db as dbCore,
utils,
encryption,
@ -11,7 +10,7 @@ import {
import env from "../../../environment"
import { groups } from "@budibase/pro"
import { UpdateSelfRequest, UpdateSelfResponse, UserCtx } from "@budibase/types"
const { getCookie, clearCookie, newid } = utils
const { newid } = utils
function newTestApiKey() {
return env.ENCRYPTED_TEST_PUBLIC_API_KEY
@ -71,16 +70,6 @@ export async function fetchAPIKey(ctx: any) {
ctx.body = cleanupDevInfo(devInfo)
}
const checkCurrentApp = (ctx: any) => {
const appCookie = getCookie(ctx, constants.Cookie.CurrentApp)
if (appCookie && !tenancy.isUserInAppTenant(appCookie.appId)) {
// there is a currentapp cookie from another tenant
// remove the cookie as this is incompatible with the builder
// due to builder and admin permissions being removed
clearCookie(ctx, constants.Cookie.CurrentApp)
}
}
/**
* Add the attributes that are session based to the current user.
*/
@ -101,8 +90,6 @@ export async function getSelf(ctx: any) {
id: userId,
}
checkCurrentApp(ctx)
// get the main body of the user
const user = await userSdk.getUser(userId)
ctx.body = await groups.enrichUserRolesFromGroups(user)