From 48b964378b950281b86a7582c8698a336439b1c8 Mon Sep 17 00:00:00 2001 From: adrinr Date: Thu, 30 Mar 2023 13:11:42 +0100 Subject: [PATCH] Remove all app cookie references (not really needed anymore) --- packages/backend-core/src/auth/auth.ts | 1 - packages/backend-core/src/constants/misc.ts | 1 - packages/server/src/middleware/currentapp.ts | 31 +------------------ .../src/tests/utilities/TestConfiguration.ts | 21 ++----------- .../worker/src/api/controllers/global/auth.ts | 5 --- .../worker/src/api/controllers/global/self.ts | 15 +-------- 6 files changed, 5 insertions(+), 69 deletions(-) diff --git a/packages/backend-core/src/auth/auth.ts b/packages/backend-core/src/auth/auth.ts index 26c7cd4e26..fb2fd2cf51 100644 --- a/packages/backend-core/src/auth/auth.ts +++ b/packages/backend-core/src/auth/auth.ts @@ -199,7 +199,6 @@ export async function platformLogout(opts: PlatformLogoutOpts) { } else { // clear cookies clearCookie(ctx, Cookie.Auth) - clearCookie(ctx, Cookie.CurrentApp) } const sessionIds = sessions.map(({ sessionId }) => sessionId) diff --git a/packages/backend-core/src/constants/misc.ts b/packages/backend-core/src/constants/misc.ts index e25c90575f..15cec7a6b9 100644 --- a/packages/backend-core/src/constants/misc.ts +++ b/packages/backend-core/src/constants/misc.ts @@ -4,7 +4,6 @@ export enum UserStatus { } export enum Cookie { - CurrentApp = "budibase:currentapp", Auth = "budibase:auth", Init = "budibase:init", ACCOUNT_RETURN_URL = "budibase:account:returnurl", diff --git a/packages/server/src/middleware/currentapp.ts b/packages/server/src/middleware/currentapp.ts index 7621bf61ee..efafc59e21 100644 --- a/packages/server/src/middleware/currentapp.ts +++ b/packages/server/src/middleware/currentapp.ts @@ -2,7 +2,6 @@ import { utils, constants, roles, - db as dbCore, tenancy, context, } from "@budibase/backend-core" @@ -15,29 +14,10 @@ import { UserCtx } from "@budibase/types" export default async (ctx: UserCtx, next: any) => { // try to get the appID from the request let requestAppId = await utils.getAppIdFromCtx(ctx) - // get app cookie if it exists - let appCookie: { appId?: string } | undefined - try { - appCookie = utils.getCookie(ctx, constants.Cookie.CurrentApp) - } catch (err) { - utils.clearCookie(ctx, constants.Cookie.CurrentApp) - } - if (!appCookie && !requestAppId) { + if (!requestAppId) { return next() } - // check the app exists referenced in cookie - if (appCookie) { - const appId = appCookie.appId - const exists = await dbCore.dbExists(appId) - if (!exists) { - utils.clearCookie(ctx, constants.Cookie.CurrentApp) - return next() - } - // if the request app ID wasn't set, update it with the cookie - requestAppId = requestAppId || appId - } - // deny access to application preview if (!env.isTest()) { if ( @@ -45,7 +25,6 @@ export default async (ctx: UserCtx, next: any) => { !isWebhookEndpoint(ctx) && (!ctx.user || !ctx.user.builder || !ctx.user.builder.global) ) { - utils.clearCookie(ctx, constants.Cookie.CurrentApp) return ctx.redirect("/") } } @@ -127,14 +106,6 @@ export default async (ctx: UserCtx, next: any) => { role: await roles.getRole(roleId), } } - if ( - (requestAppId !== appId || - appCookie == null || - appCookie.appId !== requestAppId) && - !skipCookie - ) { - utils.setCookie(ctx, { appId }, constants.Cookie.CurrentApp) - } return next() }) diff --git a/packages/server/src/tests/utilities/TestConfiguration.ts b/packages/server/src/tests/utilities/TestConfiguration.ts index cf337c689f..f5009e95a8 100644 --- a/packages/server/src/tests/utilities/TestConfiguration.ts +++ b/packages/server/src/tests/utilities/TestConfiguration.ts @@ -330,21 +330,13 @@ class TestConfiguration { sessionId: "sessionid", tenantId: this.getTenantId(), } - const app = { - roleId: roleId, - appId, - } const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET) - const appToken = auth.jwt.sign(app, coreEnv.JWT_SECRET) // returning necessary request headers await cache.user.invalidateUser(userId) return { Accept: "application/json", - Cookie: [ - `${constants.Cookie.Auth}=${authToken}`, - `${constants.Cookie.CurrentApp}=${appToken}`, - ], + Cookie: [`${constants.Cookie.Auth}=${authToken}`], [constants.Header.APP_ID]: appId, } }) @@ -359,18 +351,11 @@ class TestConfiguration { sessionId: "sessionid", tenantId, } - const app = { - roleId: roles.BUILTIN_ROLE_IDS.ADMIN, - appId: this.appId, - } const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET) - const appToken = auth.jwt.sign(app, coreEnv.JWT_SECRET) + const headers: any = { Accept: "application/json", - Cookie: [ - `${constants.Cookie.Auth}=${authToken}`, - `${constants.Cookie.CurrentApp}=${appToken}`, - ], + Cookie: [`${constants.Cookie.Auth}=${authToken}`], [constants.Header.CSRF_TOKEN]: this.defaultUserValues.csrfToken, Host: this.tenantHost(), ...extras, diff --git a/packages/worker/src/api/controllers/global/auth.ts b/packages/worker/src/api/controllers/global/auth.ts index 1286fd519d..c8f75b3610 100644 --- a/packages/worker/src/api/controllers/global/auth.ts +++ b/packages/worker/src/api/controllers/global/auth.ts @@ -50,11 +50,6 @@ async function passportCallback( setCookie(ctx, token, Cookie.Auth, { sign: false }) // set the token in a header as well for APIs ctx.set(Header.TOKEN, token) - // get rid of any app cookies on login - // have to check test because this breaks cypress - if (!env.isTest()) { - clearCookie(ctx, Cookie.CurrentApp) - } } export const login = async (ctx: Ctx, next: any) => { diff --git a/packages/worker/src/api/controllers/global/self.ts b/packages/worker/src/api/controllers/global/self.ts index 78e5bf7164..d0232bee60 100644 --- a/packages/worker/src/api/controllers/global/self.ts +++ b/packages/worker/src/api/controllers/global/self.ts @@ -2,7 +2,6 @@ import * as userSdk from "../../../sdk/users" import { featureFlags, tenancy, - constants, db as dbCore, utils, encryption, @@ -11,7 +10,7 @@ import { import env from "../../../environment" import { groups } from "@budibase/pro" import { UpdateSelfRequest, UpdateSelfResponse, UserCtx } from "@budibase/types" -const { getCookie, clearCookie, newid } = utils +const { newid } = utils function newTestApiKey() { return env.ENCRYPTED_TEST_PUBLIC_API_KEY @@ -71,16 +70,6 @@ export async function fetchAPIKey(ctx: any) { ctx.body = cleanupDevInfo(devInfo) } -const checkCurrentApp = (ctx: any) => { - const appCookie = getCookie(ctx, constants.Cookie.CurrentApp) - if (appCookie && !tenancy.isUserInAppTenant(appCookie.appId)) { - // there is a currentapp cookie from another tenant - // remove the cookie as this is incompatible with the builder - // due to builder and admin permissions being removed - clearCookie(ctx, constants.Cookie.CurrentApp) - } -} - /** * Add the attributes that are session based to the current user. */ @@ -101,8 +90,6 @@ export async function getSelf(ctx: any) { id: userId, } - checkCurrentApp(ctx) - // get the main body of the user const user = await userSdk.getUser(userId) ctx.body = await groups.enrichUserRolesFromGroups(user)