Code review updates
This commit is contained in:
parent
709e8600b0
commit
4ecae7fa5b
|
@ -15,6 +15,7 @@ const {
|
||||||
tenancy,
|
tenancy,
|
||||||
appTenancy,
|
appTenancy,
|
||||||
authError,
|
authError,
|
||||||
|
ssoCallbackUrl,
|
||||||
csrf,
|
csrf,
|
||||||
internalApi,
|
internalApi,
|
||||||
} = require("./middleware")
|
} = require("./middleware")
|
||||||
|
@ -72,11 +73,10 @@ async function refreshOIDCAccessToken(db, chosenConfig, refreshToken) {
|
||||||
|
|
||||||
async function refreshGoogleAccessToken(db, config, refreshToken) {
|
async function refreshGoogleAccessToken(db, config, refreshToken) {
|
||||||
let callbackUrl = await google.getCallbackUrl(db, config)
|
let callbackUrl = await google.getCallbackUrl(db, config)
|
||||||
const googleConfig = await google.fetchStrategyConfig(config)
|
|
||||||
|
|
||||||
let strategy
|
let strategy
|
||||||
try {
|
try {
|
||||||
strategy = await google.strategyFactory(googleConfig, callbackUrl)
|
strategy = await google.strategyFactory(config, callbackUrl)
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error(err)
|
console.error(err)
|
||||||
throw new Error("Error constructing OIDC refresh strategy", err)
|
throw new Error("Error constructing OIDC refresh strategy", err)
|
||||||
|
@ -168,4 +168,5 @@ module.exports = {
|
||||||
internalApi,
|
internalApi,
|
||||||
refreshOAuthToken,
|
refreshOAuthToken,
|
||||||
updateUserOAuth,
|
updateUserOAuth,
|
||||||
|
ssoCallbackUrl,
|
||||||
}
|
}
|
||||||
|
|
|
@ -386,10 +386,9 @@ export const getScopedFullConfig = async function (
|
||||||
if (type === Configs.SETTINGS) {
|
if (type === Configs.SETTINGS) {
|
||||||
if (scopedConfig && scopedConfig.doc) {
|
if (scopedConfig && scopedConfig.doc) {
|
||||||
// overrides affected by environment variables
|
// overrides affected by environment variables
|
||||||
scopedConfig.doc.config.platformUrl = await getPlatformUrl(
|
scopedConfig.doc.config.platformUrl = await getPlatformUrl({
|
||||||
{ tenantAware: true },
|
tenantAware: true,
|
||||||
db
|
})
|
||||||
)
|
|
||||||
scopedConfig.doc.config.analyticsEnabled =
|
scopedConfig.doc.config.analyticsEnabled =
|
||||||
await events.analytics.enabled()
|
await events.analytics.enabled()
|
||||||
} else {
|
} else {
|
||||||
|
@ -398,7 +397,7 @@ export const getScopedFullConfig = async function (
|
||||||
doc: {
|
doc: {
|
||||||
_id: generateConfigID({ type, user, workspace }),
|
_id: generateConfigID({ type, user, workspace }),
|
||||||
config: {
|
config: {
|
||||||
platformUrl: await getPlatformUrl({ tenantAware: true }, db),
|
platformUrl: await getPlatformUrl({ tenantAware: true }),
|
||||||
analyticsEnabled: await events.analytics.enabled(),
|
analyticsEnabled: await events.analytics.enabled(),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -409,10 +408,7 @@ export const getScopedFullConfig = async function (
|
||||||
return scopedConfig && scopedConfig.doc
|
return scopedConfig && scopedConfig.doc
|
||||||
}
|
}
|
||||||
|
|
||||||
export const getPlatformUrl = async (
|
export const getPlatformUrl = async (opts = { tenantAware: true }) => {
|
||||||
opts = { tenantAware: true },
|
|
||||||
db = null
|
|
||||||
) => {
|
|
||||||
let platformUrl = env.PLATFORM_URL || "http://localhost:10000"
|
let platformUrl = env.PLATFORM_URL || "http://localhost:10000"
|
||||||
|
|
||||||
if (!env.SELF_HOSTED && env.MULTI_TENANCY && opts.tenantAware) {
|
if (!env.SELF_HOSTED && env.MULTI_TENANCY && opts.tenantAware) {
|
||||||
|
@ -422,11 +418,11 @@ export const getPlatformUrl = async (
|
||||||
platformUrl = platformUrl.replace("://", `://${tenantId}.`)
|
platformUrl = platformUrl.replace("://", `://${tenantId}.`)
|
||||||
}
|
}
|
||||||
} else if (env.SELF_HOSTED) {
|
} else if (env.SELF_HOSTED) {
|
||||||
const dbx = db ? db : getGlobalDB()
|
const db = getGlobalDB()
|
||||||
// get the doc directly instead of with getScopedConfig to prevent loop
|
// get the doc directly instead of with getScopedConfig to prevent loop
|
||||||
let settings
|
let settings
|
||||||
try {
|
try {
|
||||||
settings = await dbx.get(generateConfigID({ type: Configs.SETTINGS }))
|
settings = await db.get(generateConfigID({ type: Configs.SETTINGS }))
|
||||||
} catch (e: any) {
|
} catch (e: any) {
|
||||||
if (e.status !== 404) {
|
if (e.status !== 404) {
|
||||||
throw e
|
throw e
|
||||||
|
|
|
@ -94,7 +94,6 @@ module.exports = (
|
||||||
user = await getUser(userId, session.tenantId)
|
user = await getUser(userId, session.tenantId)
|
||||||
}
|
}
|
||||||
user.csrfToken = session.csrfToken
|
user.csrfToken = session.csrfToken
|
||||||
delete user.password
|
|
||||||
authenticated = true
|
authenticated = true
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
error = err
|
error = err
|
||||||
|
|
|
@ -2,7 +2,7 @@ const jwt = require("./passport/jwt")
|
||||||
const local = require("./passport/local")
|
const local = require("./passport/local")
|
||||||
const google = require("./passport/google")
|
const google = require("./passport/google")
|
||||||
const oidc = require("./passport/oidc")
|
const oidc = require("./passport/oidc")
|
||||||
const { authError } = require("./passport/utils")
|
const { authError, ssoCallbackUrl } = require("./passport/utils")
|
||||||
const authenticated = require("./authenticated")
|
const authenticated = require("./authenticated")
|
||||||
const auditLog = require("./auditLog")
|
const auditLog = require("./auditLog")
|
||||||
const tenancy = require("./tenancy")
|
const tenancy = require("./tenancy")
|
||||||
|
@ -20,6 +20,7 @@ module.exports = {
|
||||||
tenancy,
|
tenancy,
|
||||||
authError,
|
authError,
|
||||||
internalApi,
|
internalApi,
|
||||||
|
ssoCallbackUrl,
|
||||||
datasource: {
|
datasource: {
|
||||||
google: datasourceGoogle,
|
google: datasourceGoogle,
|
||||||
},
|
},
|
||||||
|
|
|
@ -2,7 +2,6 @@ const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
|
||||||
const { ssoCallbackUrl } = require("./utils")
|
const { ssoCallbackUrl } = require("./utils")
|
||||||
const { authenticateThirdParty } = require("./third-party-common")
|
const { authenticateThirdParty } = require("./third-party-common")
|
||||||
const { Configs } = require("../../../constants")
|
const { Configs } = require("../../../constants")
|
||||||
const environment = require("../../environment")
|
|
||||||
|
|
||||||
const buildVerifyFn = saveUserFn => {
|
const buildVerifyFn = saveUserFn => {
|
||||||
return (accessToken, refreshToken, profile, done) => {
|
return (accessToken, refreshToken, profile, done) => {
|
||||||
|
@ -60,15 +59,6 @@ exports.strategyFactory = async function (config, callbackUrl, saveUserFn) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.fetchStrategyConfig = async function (googleConfig) {
|
|
||||||
return (
|
|
||||||
googleConfig || {
|
|
||||||
clientID: environment.GOOGLE_CLIENT_ID,
|
|
||||||
clientSecret: environment.GOOGLE_CLIENT_SECRET,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
exports.getCallbackUrl = async function (db, config) {
|
exports.getCallbackUrl = async function (db, config) {
|
||||||
return ssoCallbackUrl(db, config, Configs.GOOGLE)
|
return ssoCallbackUrl(db, config, Configs.GOOGLE)
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ const users = require("../../users")
|
||||||
const { authError } = require("./utils")
|
const { authError } = require("./utils")
|
||||||
const { newid } = require("../../hashing")
|
const { newid } = require("../../hashing")
|
||||||
const { createASession } = require("../../security/sessions")
|
const { createASession } = require("../../security/sessions")
|
||||||
const { getTenantId, getGlobalDB } = require("../../tenancy")
|
const { getTenantId } = require("../../tenancy")
|
||||||
|
|
||||||
const INVALID_ERR = "Invalid credentials"
|
const INVALID_ERR = "Invalid credentials"
|
||||||
const SSO_NO_PASSWORD = "SSO user does not have a password set"
|
const SSO_NO_PASSWORD = "SSO user does not have a password set"
|
||||||
|
@ -56,19 +56,6 @@ exports.authenticate = async function (ctx, email, password, done) {
|
||||||
const sessionId = newid()
|
const sessionId = newid()
|
||||||
const tenantId = getTenantId()
|
const tenantId = getTenantId()
|
||||||
|
|
||||||
if (dbUser.provider || dbUser.providerType || dbUser.pictureUrl) {
|
|
||||||
delete dbUser.provider
|
|
||||||
delete dbUser.providerType
|
|
||||||
delete dbUser.pictureUrl
|
|
||||||
|
|
||||||
try {
|
|
||||||
const db = getGlobalDB()
|
|
||||||
await db.put(dbUser)
|
|
||||||
} catch (err) {
|
|
||||||
console.error("OAuth elements could not be purged")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
await createASession(dbUser._id, { sessionId, tenantId })
|
await createASession(dbUser._id, { sessionId, tenantId })
|
||||||
|
|
||||||
dbUser.token = jwt.sign(
|
dbUser.token = jwt.sign(
|
||||||
|
|
|
@ -103,9 +103,9 @@ exports.strategyFactory = async function (config, saveUserFn) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.fetchStrategyConfig = async function (config, callbackUrl) {
|
exports.fetchStrategyConfig = async function (enrichedConfig, callbackUrl) {
|
||||||
try {
|
try {
|
||||||
const { clientID, clientSecret, configUrl } = config
|
const { clientID, clientSecret, configUrl } = enrichedConfig
|
||||||
|
|
||||||
if (!clientID || !clientSecret || !callbackUrl || !configUrl) {
|
if (!clientID || !clientSecret || !callbackUrl || !configUrl) {
|
||||||
//check for remote config and all required elements
|
//check for remote config and all required elements
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
const { getGlobalDB, isMultiTenant, getTenantId } = require("../../tenancy")
|
const { isMultiTenant, getTenantId } = require("../../tenancy")
|
||||||
const { getScopedConfig } = require("../../db/utils")
|
const { getScopedConfig } = require("../../db/utils")
|
||||||
const { Configs } = require("../../constants")
|
const { Configs } = require("../../constants")
|
||||||
|
|
||||||
|
@ -23,9 +23,7 @@ exports.ssoCallbackUrl = async (db, config, type) => {
|
||||||
if (config && config.callbackURL) {
|
if (config && config.callbackURL) {
|
||||||
return config.callbackURL
|
return config.callbackURL
|
||||||
}
|
}
|
||||||
|
const publicConfig = await getScopedConfig(db, {
|
||||||
const dbx = db ? db : getGlobalDB()
|
|
||||||
const publicConfig = await getScopedConfig(dbx, {
|
|
||||||
type: Configs.SETTINGS,
|
type: Configs.SETTINGS,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -1,49 +1,22 @@
|
||||||
const core = require("@budibase/backend-core")
|
const core = require("@budibase/backend-core")
|
||||||
const { getScopedConfig } = require("@budibase/backend-core/db")
|
|
||||||
const { google } = require("@budibase/backend-core/middleware")
|
|
||||||
const { oidc } = require("@budibase/backend-core/middleware")
|
|
||||||
const { Configs, EmailTemplatePurpose } = require("../../../constants")
|
const { Configs, EmailTemplatePurpose } = require("../../../constants")
|
||||||
const { sendEmail, isEmailConfigured } = require("../../../utilities/email")
|
const { sendEmail, isEmailConfigured } = require("../../../utilities/email")
|
||||||
const { setCookie, getCookie, clearCookie, hash, platformLogout } = core.utils
|
const { setCookie, getCookie, clearCookie, hash, platformLogout } = core.utils
|
||||||
const { Cookies, Headers } = core.constants
|
const { Cookies, Headers } = core.constants
|
||||||
const { passport } = core.auth
|
const { passport, ssoCallbackUrl, google, oidc } = core.auth
|
||||||
const { checkResetPasswordCode } = require("../../../utilities/redis")
|
const { checkResetPasswordCode } = require("../../../utilities/redis")
|
||||||
const {
|
const { getGlobalDB } = require("@budibase/backend-core/tenancy")
|
||||||
getGlobalDB,
|
|
||||||
getTenantId,
|
|
||||||
isMultiTenant,
|
|
||||||
} = require("@budibase/backend-core/tenancy")
|
|
||||||
const env = require("../../../environment")
|
const env = require("../../../environment")
|
||||||
import { events, users as usersCore, context } from "@budibase/backend-core"
|
import { events, users as usersCore, context } from "@budibase/backend-core"
|
||||||
import { users } from "../../../sdk"
|
import { users } from "../../../sdk"
|
||||||
import { User } from "@budibase/types"
|
import { User } from "@budibase/types"
|
||||||
|
|
||||||
const ssoCallbackUrl = async (config: any, type: any) => {
|
|
||||||
// incase there is a callback URL from before
|
|
||||||
if (config && config.callbackURL) {
|
|
||||||
return config.callbackURL
|
|
||||||
}
|
|
||||||
|
|
||||||
const db = getGlobalDB()
|
|
||||||
const publicConfig = await getScopedConfig(db, {
|
|
||||||
type: Configs.SETTINGS,
|
|
||||||
})
|
|
||||||
|
|
||||||
let callbackUrl = `/api/global/auth`
|
|
||||||
if (isMultiTenant()) {
|
|
||||||
callbackUrl += `/${getTenantId()}`
|
|
||||||
}
|
|
||||||
callbackUrl += `/${type}/callback`
|
|
||||||
|
|
||||||
return `${publicConfig.platformUrl}${callbackUrl}`
|
|
||||||
}
|
|
||||||
|
|
||||||
export const googleCallbackUrl = async (config: any) => {
|
export const googleCallbackUrl = async (config: any) => {
|
||||||
return ssoCallbackUrl(config, "google")
|
return ssoCallbackUrl(getGlobalDB(), config, "google")
|
||||||
}
|
}
|
||||||
|
|
||||||
export const oidcCallbackUrl = async (config: any) => {
|
export const oidcCallbackUrl = async (config: any) => {
|
||||||
return ssoCallbackUrl(config, "oidc")
|
return ssoCallbackUrl(getGlobalDB(), config, "oidc")
|
||||||
}
|
}
|
||||||
|
|
||||||
async function authInternal(ctx: any, user: any, err = null, info = null) {
|
async function authInternal(ctx: any, user: any, err = null, info = null) {
|
||||||
|
@ -70,7 +43,7 @@ async function authInternal(ctx: any, user: any, err = null, info = null) {
|
||||||
export const authenticate = async (ctx: any, next: any) => {
|
export const authenticate = async (ctx: any, next: any) => {
|
||||||
return passport.authenticate(
|
return passport.authenticate(
|
||||||
"local",
|
"local",
|
||||||
async (err: any, user: any, info: any) => {
|
async (err: any, user: User, info: any) => {
|
||||||
await authInternal(ctx, user, err, info)
|
await authInternal(ctx, user, err, info)
|
||||||
await context.identity.doInUserContext(user, async () => {
|
await context.identity.doInUserContext(user, async () => {
|
||||||
await events.auth.login("local")
|
await events.auth.login("local")
|
||||||
|
|
Loading…
Reference in New Issue