Merge pull request #2802 from Budibase/develop
develop -> master (deprovisioning and auth/tenancy fixes)
This commit is contained in:
commit
532ef90acb
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"npmClient": "yarn",
|
"npmClient": "yarn",
|
||||||
"packages": [
|
"packages": [
|
||||||
"packages/*"
|
"packages/*"
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
module.exports = require("./src/tenancy/deprovision")
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/auth",
|
"name": "@budibase/auth",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"description": "Authentication middlewares for budibase builder and apps",
|
"description": "Authentication middlewares for budibase builder and apps",
|
||||||
"main": "src/index.js",
|
"main": "src/index.js",
|
||||||
"author": "Budibase",
|
"author": "Budibase",
|
||||||
|
|
|
@ -0,0 +1,81 @@
|
||||||
|
const { getGlobalUserParams, getAllApps } = require("../db/utils")
|
||||||
|
const { getDB, getCouch } = require("../db")
|
||||||
|
const { getGlobalDB } = require("./tenancy")
|
||||||
|
const { StaticDatabases } = require("../db/constants")
|
||||||
|
|
||||||
|
const TENANT_DOC = StaticDatabases.PLATFORM_INFO.docs.tenants
|
||||||
|
const PLATFORM_INFO_DB = StaticDatabases.PLATFORM_INFO.name
|
||||||
|
|
||||||
|
const removeTenantFromInfoDB = async tenantId => {
|
||||||
|
try {
|
||||||
|
const infoDb = getDB(PLATFORM_INFO_DB)
|
||||||
|
let tenants = await infoDb.get(TENANT_DOC)
|
||||||
|
tenants.tenantIds = tenants.tenantIds.filter(id => id !== tenantId)
|
||||||
|
|
||||||
|
await infoDb.put(tenants)
|
||||||
|
} catch (err) {
|
||||||
|
console.error(`Error removing tenant ${tenantId} from info db`, err)
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const removeUsersFromInfoDB = async tenantId => {
|
||||||
|
try {
|
||||||
|
const globalDb = getGlobalDB(tenantId)
|
||||||
|
const infoDb = getDB(PLATFORM_INFO_DB)
|
||||||
|
const allUsers = await globalDb.allDocs(
|
||||||
|
getGlobalUserParams(null, {
|
||||||
|
include_docs: true,
|
||||||
|
})
|
||||||
|
)
|
||||||
|
const allEmails = allUsers.rows.map(row => row.doc.email)
|
||||||
|
// get the id docs
|
||||||
|
let keys = allUsers.rows.map(row => row.id)
|
||||||
|
// and the email docs
|
||||||
|
keys = keys.concat(allEmails)
|
||||||
|
// retrieve the docs and delete them
|
||||||
|
const userDocs = await infoDb.allDocs({
|
||||||
|
keys,
|
||||||
|
include_docs: true,
|
||||||
|
})
|
||||||
|
const toDelete = userDocs.rows.map(row => {
|
||||||
|
return {
|
||||||
|
...row.doc,
|
||||||
|
_deleted: true,
|
||||||
|
}
|
||||||
|
})
|
||||||
|
await infoDb.bulkDocs(toDelete)
|
||||||
|
} catch (err) {
|
||||||
|
console.error(`Error removing tenant ${tenantId} users from info db`, err)
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const removeGlobalDB = async tenantId => {
|
||||||
|
try {
|
||||||
|
const globalDb = getGlobalDB(tenantId)
|
||||||
|
await globalDb.destroy()
|
||||||
|
} catch (err) {
|
||||||
|
console.error(`Error removing tenant ${tenantId} users from info db`, err)
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const removeTenantApps = async tenantId => {
|
||||||
|
try {
|
||||||
|
const apps = await getAllApps(getCouch(), { all: true })
|
||||||
|
const destroyPromises = apps.map(app => getDB(app.appId).destroy())
|
||||||
|
await Promise.allSettled(destroyPromises)
|
||||||
|
} catch (err) {
|
||||||
|
console.error(`Error removing tenant ${tenantId} apps`, err)
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// can't live in tenancy package due to circular dependency on db/utils
|
||||||
|
exports.deleteTenant = async tenantId => {
|
||||||
|
await removeTenantFromInfoDB(tenantId)
|
||||||
|
await removeUsersFromInfoDB(tenantId)
|
||||||
|
await removeGlobalDB(tenantId)
|
||||||
|
await removeTenantApps(tenantId)
|
||||||
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/bbui",
|
"name": "@budibase/bbui",
|
||||||
"description": "A UI solution used in the different Budibase projects.",
|
"description": "A UI solution used in the different Budibase projects.",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"license": "AGPL-3.0",
|
"license": "AGPL-3.0",
|
||||||
"svelte": "src/index.js",
|
"svelte": "src/index.js",
|
||||||
"module": "dist/bbui.es.js",
|
"module": "dist/bbui.es.js",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/builder",
|
"name": "@budibase/builder",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"license": "AGPL-3.0",
|
"license": "AGPL-3.0",
|
||||||
"private": true,
|
"private": true,
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
@ -65,10 +65,10 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@budibase/bbui": "^0.9.145",
|
"@budibase/bbui": "^0.9.146-alpha.1",
|
||||||
"@budibase/client": "^0.9.145",
|
"@budibase/client": "^0.9.146-alpha.1",
|
||||||
"@budibase/colorpicker": "1.1.2",
|
"@budibase/colorpicker": "1.1.2",
|
||||||
"@budibase/string-templates": "^0.9.145",
|
"@budibase/string-templates": "^0.9.146-alpha.1",
|
||||||
"@sentry/browser": "5.19.1",
|
"@sentry/browser": "5.19.1",
|
||||||
"@spectrum-css/page": "^3.0.1",
|
"@spectrum-css/page": "^3.0.1",
|
||||||
"@spectrum-css/vars": "^3.0.1",
|
"@spectrum-css/vars": "^3.0.1",
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
let upgradeModal
|
let upgradeModal
|
||||||
|
|
||||||
const onConfirm = () => {
|
const onConfirm = () => {
|
||||||
window.open("https://accounts.budibase.com/install", "_blank")
|
window.open("https://account.budibase.app/portal/install", "_blank")
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
|
@ -9,10 +9,31 @@
|
||||||
$: hasAdminUser = $admin?.checklist?.adminUser?.checked
|
$: hasAdminUser = $admin?.checklist?.adminUser?.checked
|
||||||
$: tenantSet = $auth.tenantSet
|
$: tenantSet = $auth.tenantSet
|
||||||
$: cloud = $admin.cloud
|
$: cloud = $admin.cloud
|
||||||
|
$: user = $auth.user
|
||||||
|
|
||||||
|
const validateTenantId = async () => {
|
||||||
|
// set the tenant from the url in the cloud
|
||||||
|
const tenantId = window.location.host.split(".")[0]
|
||||||
|
|
||||||
|
if (!tenantId.includes("localhost:")) {
|
||||||
|
// user doesn't have permission to access this tenant - kick them out
|
||||||
|
if (user?.tenantId !== tenantId) {
|
||||||
|
await auth.logout()
|
||||||
|
await auth.setOrganisation(null)
|
||||||
|
} else {
|
||||||
|
await auth.setOrganisation(tenantId)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
onMount(async () => {
|
onMount(async () => {
|
||||||
await auth.checkAuth()
|
await auth.checkAuth()
|
||||||
await admin.init()
|
await admin.init()
|
||||||
|
|
||||||
|
if (cloud && multiTenancyEnabled) {
|
||||||
|
await validateTenantId()
|
||||||
|
}
|
||||||
|
|
||||||
loaded = true
|
loaded = true
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -1,26 +1,23 @@
|
||||||
<script>
|
<script>
|
||||||
import { auth, admin } from "stores/portal"
|
import { auth, admin } from "stores/portal"
|
||||||
import { onMount } from "svelte"
|
|
||||||
import { redirect } from "@roxi/routify"
|
import { redirect } from "@roxi/routify"
|
||||||
|
|
||||||
// If already authenticated, redirect away from the auth section.
|
// If already authenticated, redirect away from the auth section.
|
||||||
// Check this onMount rather than a reactive statement to avoid trumping
|
// Check this onMount rather than a reactive statement to avoid trumping
|
||||||
// the login return URL functionality.
|
// the login return URL functionality.
|
||||||
onMount(() => {
|
if ($auth.user && !$auth.user.forceResetPassword) {
|
||||||
if ($auth.user && !$auth.user.forceResetPassword) {
|
$redirect("../")
|
||||||
$redirect("../")
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// redirect to account portal for authentication in the cloud
|
// redirect to account portal for authentication in the cloud
|
||||||
if (
|
if (
|
||||||
!$auth.user &&
|
!$auth.user &&
|
||||||
$admin.cloud &&
|
$admin.cloud &&
|
||||||
$admin.accountPortalUrl &&
|
$admin.accountPortalUrl &&
|
||||||
!$admin?.checklist?.sso?.checked
|
!$admin?.checklist?.sso?.checked
|
||||||
) {
|
) {
|
||||||
window.location.href = $admin.accountPortalUrl
|
window.location.href = $admin.accountPortalUrl
|
||||||
}
|
}
|
||||||
})
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
{#if !$auth.user || $auth.user.forceResetPassword}
|
{#if !$auth.user || $auth.user.forceResetPassword}
|
||||||
|
|
|
@ -80,6 +80,7 @@ export function createAuthStore() {
|
||||||
|
|
||||||
return {
|
return {
|
||||||
subscribe: store.subscribe,
|
subscribe: store.subscribe,
|
||||||
|
setOrganisation: setOrganisation,
|
||||||
checkQueryString: async () => {
|
checkQueryString: async () => {
|
||||||
const urlParams = new URLSearchParams(window.location.search)
|
const urlParams = new URLSearchParams(window.location.search)
|
||||||
if (urlParams.has("tenantId")) {
|
if (urlParams.has("tenantId")) {
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/cli",
|
"name": "@budibase/cli",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"description": "Budibase CLI, for developers, self hosting and migrations.",
|
"description": "Budibase CLI, for developers, self hosting and migrations.",
|
||||||
"main": "src/index.js",
|
"main": "src/index.js",
|
||||||
"bin": {
|
"bin": {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/client",
|
"name": "@budibase/client",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"license": "MPL-2.0",
|
"license": "MPL-2.0",
|
||||||
"module": "dist/budibase-client.js",
|
"module": "dist/budibase-client.js",
|
||||||
"main": "dist/budibase-client.js",
|
"main": "dist/budibase-client.js",
|
||||||
|
@ -19,9 +19,9 @@
|
||||||
"dev:builder": "rollup -cw"
|
"dev:builder": "rollup -cw"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@budibase/bbui": "^0.9.145",
|
"@budibase/bbui": "^0.9.146-alpha.1",
|
||||||
"@budibase/standard-components": "^0.9.139",
|
"@budibase/standard-components": "^0.9.139",
|
||||||
"@budibase/string-templates": "^0.9.145",
|
"@budibase/string-templates": "^0.9.146-alpha.1",
|
||||||
"regexparam": "^1.3.0",
|
"regexparam": "^1.3.0",
|
||||||
"shortid": "^2.2.15",
|
"shortid": "^2.2.15",
|
||||||
"svelte-spa-router": "^3.0.5"
|
"svelte-spa-router": "^3.0.5"
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/server",
|
"name": "@budibase/server",
|
||||||
"email": "hi@budibase.com",
|
"email": "hi@budibase.com",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"description": "Budibase Web Server",
|
"description": "Budibase Web Server",
|
||||||
"main": "src/index.js",
|
"main": "src/index.js",
|
||||||
"repository": {
|
"repository": {
|
||||||
|
@ -64,9 +64,9 @@
|
||||||
"author": "Budibase",
|
"author": "Budibase",
|
||||||
"license": "AGPL-3.0-or-later",
|
"license": "AGPL-3.0-or-later",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@budibase/auth": "^0.9.145",
|
"@budibase/auth": "^0.9.146-alpha.1",
|
||||||
"@budibase/client": "^0.9.145",
|
"@budibase/client": "^0.9.146-alpha.1",
|
||||||
"@budibase/string-templates": "^0.9.145",
|
"@budibase/string-templates": "^0.9.146-alpha.1",
|
||||||
"@elastic/elasticsearch": "7.10.0",
|
"@elastic/elasticsearch": "7.10.0",
|
||||||
"@koa/router": "8.0.0",
|
"@koa/router": "8.0.0",
|
||||||
"@sendgrid/mail": "7.1.1",
|
"@sendgrid/mail": "7.1.1",
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/string-templates",
|
"name": "@budibase/string-templates",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"description": "Handlebars wrapper for Budibase templating.",
|
"description": "Handlebars wrapper for Budibase templating.",
|
||||||
"main": "src/index.cjs",
|
"main": "src/index.cjs",
|
||||||
"module": "dist/bundle.mjs",
|
"module": "dist/bundle.mjs",
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"name": "@budibase/worker",
|
"name": "@budibase/worker",
|
||||||
"email": "hi@budibase.com",
|
"email": "hi@budibase.com",
|
||||||
"version": "0.9.145",
|
"version": "0.9.146-alpha.1",
|
||||||
"description": "Budibase background service",
|
"description": "Budibase background service",
|
||||||
"main": "src/index.js",
|
"main": "src/index.js",
|
||||||
"repository": {
|
"repository": {
|
||||||
|
@ -25,8 +25,8 @@
|
||||||
"author": "Budibase",
|
"author": "Budibase",
|
||||||
"license": "AGPL-3.0-or-later",
|
"license": "AGPL-3.0-or-later",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@budibase/auth": "^0.9.145",
|
"@budibase/auth": "^0.9.146-alpha.1",
|
||||||
"@budibase/string-templates": "^0.9.145",
|
"@budibase/string-templates": "^0.9.146-alpha.1",
|
||||||
"@koa/router": "^8.0.0",
|
"@koa/router": "^8.0.0",
|
||||||
"@techpass/passport-openidconnect": "^0.3.0",
|
"@techpass/passport-openidconnect": "^0.3.0",
|
||||||
"aws-sdk": "^2.811.0",
|
"aws-sdk": "^2.811.0",
|
||||||
|
|
|
@ -53,22 +53,22 @@ async function saveUser(
|
||||||
// check budibase users inside the tenant
|
// check budibase users inside the tenant
|
||||||
dbUser = await getGlobalUserByEmail(email)
|
dbUser = await getGlobalUserByEmail(email)
|
||||||
if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
|
if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
|
||||||
throw "Email address already in use."
|
throw `Email address ${email} already in use.`
|
||||||
}
|
}
|
||||||
|
|
||||||
// check budibase users in other tenants
|
// check budibase users in other tenants
|
||||||
if (env.MULTI_TENANCY) {
|
if (env.MULTI_TENANCY) {
|
||||||
dbUser = await getTenantUser(email)
|
dbUser = await getTenantUser(email)
|
||||||
if (dbUser != null) {
|
if (dbUser != null) {
|
||||||
throw "Email address already in use."
|
throw `Email address ${email} already in use.`
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// check root account users in account portal
|
// check root account users in account portal
|
||||||
if (!env.SELF_HOSTED) {
|
if (!env.SELF_HOSTED) {
|
||||||
const account = await accounts.getAccount(email)
|
const account = await accounts.getAccount(email)
|
||||||
if (account) {
|
if (account && account.verified) {
|
||||||
throw "Email address already in use."
|
throw `Email address ${email} already in use.`
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
const CouchDB = require("../../../db")
|
const CouchDB = require("../../../db")
|
||||||
const { StaticDatabases } = require("@budibase/auth/db")
|
const { StaticDatabases } = require("@budibase/auth/db")
|
||||||
|
const { getTenantId } = require("@budibase/auth/tenancy")
|
||||||
|
const { deleteTenant } = require("@budibase/auth/deprovision")
|
||||||
|
|
||||||
exports.exists = async ctx => {
|
exports.exists = async ctx => {
|
||||||
const tenantId = ctx.request.params
|
const tenantId = ctx.request.params
|
||||||
|
@ -31,3 +33,19 @@ exports.fetch = async ctx => {
|
||||||
}
|
}
|
||||||
ctx.body = tenants
|
ctx.body = tenants
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exports.delete = async ctx => {
|
||||||
|
const tenantId = getTenantId()
|
||||||
|
|
||||||
|
if (ctx.params.tenantId !== tenantId) {
|
||||||
|
ctx.throw(403, "Unauthorized")
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
await deleteTenant(tenantId)
|
||||||
|
ctx.status = 204
|
||||||
|
} catch (err) {
|
||||||
|
ctx.log.error(err)
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -7,5 +7,6 @@ const router = Router()
|
||||||
router
|
router
|
||||||
.get("/api/system/tenants/:tenantId/exists", controller.exists)
|
.get("/api/system/tenants/:tenantId/exists", controller.exists)
|
||||||
.get("/api/system/tenants", adminOnly, controller.fetch)
|
.get("/api/system/tenants", adminOnly, controller.fetch)
|
||||||
|
.delete("/api/system/tenants/:tenantId", adminOnly, controller.delete)
|
||||||
|
|
||||||
module.exports = router
|
module.exports = router
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue