Merge pull request #2802 from Budibase/develop

develop -> master (deprovisioning and auth/tenancy fixes)
This commit is contained in:
Rory Powell 2021-09-29 19:50:56 +01:00 committed by GitHub
commit 532ef90acb
22 changed files with 229 additions and 3081 deletions

View File

@ -1,5 +1,5 @@
{ {
"version": "0.9.145", "version": "0.9.146-alpha.1",
"npmClient": "yarn", "npmClient": "yarn",
"packages": [ "packages": [
"packages/*" "packages/*"

View File

@ -0,0 +1 @@
module.exports = require("./src/tenancy/deprovision")

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/auth", "name": "@budibase/auth",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"description": "Authentication middlewares for budibase builder and apps", "description": "Authentication middlewares for budibase builder and apps",
"main": "src/index.js", "main": "src/index.js",
"author": "Budibase", "author": "Budibase",

View File

@ -0,0 +1,81 @@
const { getGlobalUserParams, getAllApps } = require("../db/utils")
const { getDB, getCouch } = require("../db")
const { getGlobalDB } = require("./tenancy")
const { StaticDatabases } = require("../db/constants")
const TENANT_DOC = StaticDatabases.PLATFORM_INFO.docs.tenants
const PLATFORM_INFO_DB = StaticDatabases.PLATFORM_INFO.name
const removeTenantFromInfoDB = async tenantId => {
try {
const infoDb = getDB(PLATFORM_INFO_DB)
let tenants = await infoDb.get(TENANT_DOC)
tenants.tenantIds = tenants.tenantIds.filter(id => id !== tenantId)
await infoDb.put(tenants)
} catch (err) {
console.error(`Error removing tenant ${tenantId} from info db`, err)
throw err
}
}
const removeUsersFromInfoDB = async tenantId => {
try {
const globalDb = getGlobalDB(tenantId)
const infoDb = getDB(PLATFORM_INFO_DB)
const allUsers = await globalDb.allDocs(
getGlobalUserParams(null, {
include_docs: true,
})
)
const allEmails = allUsers.rows.map(row => row.doc.email)
// get the id docs
let keys = allUsers.rows.map(row => row.id)
// and the email docs
keys = keys.concat(allEmails)
// retrieve the docs and delete them
const userDocs = await infoDb.allDocs({
keys,
include_docs: true,
})
const toDelete = userDocs.rows.map(row => {
return {
...row.doc,
_deleted: true,
}
})
await infoDb.bulkDocs(toDelete)
} catch (err) {
console.error(`Error removing tenant ${tenantId} users from info db`, err)
throw err
}
}
const removeGlobalDB = async tenantId => {
try {
const globalDb = getGlobalDB(tenantId)
await globalDb.destroy()
} catch (err) {
console.error(`Error removing tenant ${tenantId} users from info db`, err)
throw err
}
}
const removeTenantApps = async tenantId => {
try {
const apps = await getAllApps(getCouch(), { all: true })
const destroyPromises = apps.map(app => getDB(app.appId).destroy())
await Promise.allSettled(destroyPromises)
} catch (err) {
console.error(`Error removing tenant ${tenantId} apps`, err)
throw err
}
}
// can't live in tenancy package due to circular dependency on db/utils
exports.deleteTenant = async tenantId => {
await removeTenantFromInfoDB(tenantId)
await removeUsersFromInfoDB(tenantId)
await removeGlobalDB(tenantId)
await removeTenantApps(tenantId)
}

View File

@ -1,7 +1,7 @@
{ {
"name": "@budibase/bbui", "name": "@budibase/bbui",
"description": "A UI solution used in the different Budibase projects.", "description": "A UI solution used in the different Budibase projects.",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"license": "AGPL-3.0", "license": "AGPL-3.0",
"svelte": "src/index.js", "svelte": "src/index.js",
"module": "dist/bbui.es.js", "module": "dist/bbui.es.js",

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/builder", "name": "@budibase/builder",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"license": "AGPL-3.0", "license": "AGPL-3.0",
"private": true, "private": true,
"scripts": { "scripts": {
@ -65,10 +65,10 @@
} }
}, },
"dependencies": { "dependencies": {
"@budibase/bbui": "^0.9.145", "@budibase/bbui": "^0.9.146-alpha.1",
"@budibase/client": "^0.9.145", "@budibase/client": "^0.9.146-alpha.1",
"@budibase/colorpicker": "1.1.2", "@budibase/colorpicker": "1.1.2",
"@budibase/string-templates": "^0.9.145", "@budibase/string-templates": "^0.9.146-alpha.1",
"@sentry/browser": "5.19.1", "@sentry/browser": "5.19.1",
"@spectrum-css/page": "^3.0.1", "@spectrum-css/page": "^3.0.1",
"@spectrum-css/vars": "^3.0.1", "@spectrum-css/vars": "^3.0.1",

View File

@ -4,7 +4,7 @@
let upgradeModal let upgradeModal
const onConfirm = () => { const onConfirm = () => {
window.open("https://accounts.budibase.com/install", "_blank") window.open("https://account.budibase.app/portal/install", "_blank")
} }
</script> </script>

View File

@ -9,10 +9,31 @@
$: hasAdminUser = $admin?.checklist?.adminUser?.checked $: hasAdminUser = $admin?.checklist?.adminUser?.checked
$: tenantSet = $auth.tenantSet $: tenantSet = $auth.tenantSet
$: cloud = $admin.cloud $: cloud = $admin.cloud
$: user = $auth.user
const validateTenantId = async () => {
// set the tenant from the url in the cloud
const tenantId = window.location.host.split(".")[0]
if (!tenantId.includes("localhost:")) {
// user doesn't have permission to access this tenant - kick them out
if (user?.tenantId !== tenantId) {
await auth.logout()
await auth.setOrganisation(null)
} else {
await auth.setOrganisation(tenantId)
}
}
}
onMount(async () => { onMount(async () => {
await auth.checkAuth() await auth.checkAuth()
await admin.init() await admin.init()
if (cloud && multiTenancyEnabled) {
await validateTenantId()
}
loaded = true loaded = true
}) })

View File

@ -1,26 +1,23 @@
<script> <script>
import { auth, admin } from "stores/portal" import { auth, admin } from "stores/portal"
import { onMount } from "svelte"
import { redirect } from "@roxi/routify" import { redirect } from "@roxi/routify"
// If already authenticated, redirect away from the auth section. // If already authenticated, redirect away from the auth section.
// Check this onMount rather than a reactive statement to avoid trumping // Check this onMount rather than a reactive statement to avoid trumping
// the login return URL functionality. // the login return URL functionality.
onMount(() => { if ($auth.user && !$auth.user.forceResetPassword) {
if ($auth.user && !$auth.user.forceResetPassword) { $redirect("../")
$redirect("../") }
}
// redirect to account portal for authentication in the cloud // redirect to account portal for authentication in the cloud
if ( if (
!$auth.user && !$auth.user &&
$admin.cloud && $admin.cloud &&
$admin.accountPortalUrl && $admin.accountPortalUrl &&
!$admin?.checklist?.sso?.checked !$admin?.checklist?.sso?.checked
) { ) {
window.location.href = $admin.accountPortalUrl window.location.href = $admin.accountPortalUrl
} }
})
</script> </script>
{#if !$auth.user || $auth.user.forceResetPassword} {#if !$auth.user || $auth.user.forceResetPassword}

View File

@ -80,6 +80,7 @@ export function createAuthStore() {
return { return {
subscribe: store.subscribe, subscribe: store.subscribe,
setOrganisation: setOrganisation,
checkQueryString: async () => { checkQueryString: async () => {
const urlParams = new URLSearchParams(window.location.search) const urlParams = new URLSearchParams(window.location.search)
if (urlParams.has("tenantId")) { if (urlParams.has("tenantId")) {

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/cli", "name": "@budibase/cli",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"description": "Budibase CLI, for developers, self hosting and migrations.", "description": "Budibase CLI, for developers, self hosting and migrations.",
"main": "src/index.js", "main": "src/index.js",
"bin": { "bin": {

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/client", "name": "@budibase/client",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"license": "MPL-2.0", "license": "MPL-2.0",
"module": "dist/budibase-client.js", "module": "dist/budibase-client.js",
"main": "dist/budibase-client.js", "main": "dist/budibase-client.js",
@ -19,9 +19,9 @@
"dev:builder": "rollup -cw" "dev:builder": "rollup -cw"
}, },
"dependencies": { "dependencies": {
"@budibase/bbui": "^0.9.145", "@budibase/bbui": "^0.9.146-alpha.1",
"@budibase/standard-components": "^0.9.139", "@budibase/standard-components": "^0.9.139",
"@budibase/string-templates": "^0.9.145", "@budibase/string-templates": "^0.9.146-alpha.1",
"regexparam": "^1.3.0", "regexparam": "^1.3.0",
"shortid": "^2.2.15", "shortid": "^2.2.15",
"svelte-spa-router": "^3.0.5" "svelte-spa-router": "^3.0.5"

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
{ {
"name": "@budibase/server", "name": "@budibase/server",
"email": "hi@budibase.com", "email": "hi@budibase.com",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"description": "Budibase Web Server", "description": "Budibase Web Server",
"main": "src/index.js", "main": "src/index.js",
"repository": { "repository": {
@ -64,9 +64,9 @@
"author": "Budibase", "author": "Budibase",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@budibase/auth": "^0.9.145", "@budibase/auth": "^0.9.146-alpha.1",
"@budibase/client": "^0.9.145", "@budibase/client": "^0.9.146-alpha.1",
"@budibase/string-templates": "^0.9.145", "@budibase/string-templates": "^0.9.146-alpha.1",
"@elastic/elasticsearch": "7.10.0", "@elastic/elasticsearch": "7.10.0",
"@koa/router": "8.0.0", "@koa/router": "8.0.0",
"@sendgrid/mail": "7.1.1", "@sendgrid/mail": "7.1.1",

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/string-templates", "name": "@budibase/string-templates",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"description": "Handlebars wrapper for Budibase templating.", "description": "Handlebars wrapper for Budibase templating.",
"main": "src/index.cjs", "main": "src/index.cjs",
"module": "dist/bundle.mjs", "module": "dist/bundle.mjs",

View File

@ -1,7 +1,7 @@
{ {
"name": "@budibase/worker", "name": "@budibase/worker",
"email": "hi@budibase.com", "email": "hi@budibase.com",
"version": "0.9.145", "version": "0.9.146-alpha.1",
"description": "Budibase background service", "description": "Budibase background service",
"main": "src/index.js", "main": "src/index.js",
"repository": { "repository": {
@ -25,8 +25,8 @@
"author": "Budibase", "author": "Budibase",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@budibase/auth": "^0.9.145", "@budibase/auth": "^0.9.146-alpha.1",
"@budibase/string-templates": "^0.9.145", "@budibase/string-templates": "^0.9.146-alpha.1",
"@koa/router": "^8.0.0", "@koa/router": "^8.0.0",
"@techpass/passport-openidconnect": "^0.3.0", "@techpass/passport-openidconnect": "^0.3.0",
"aws-sdk": "^2.811.0", "aws-sdk": "^2.811.0",

View File

@ -53,22 +53,22 @@ async function saveUser(
// check budibase users inside the tenant // check budibase users inside the tenant
dbUser = await getGlobalUserByEmail(email) dbUser = await getGlobalUserByEmail(email)
if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) { if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
throw "Email address already in use." throw `Email address ${email} already in use.`
} }
// check budibase users in other tenants // check budibase users in other tenants
if (env.MULTI_TENANCY) { if (env.MULTI_TENANCY) {
dbUser = await getTenantUser(email) dbUser = await getTenantUser(email)
if (dbUser != null) { if (dbUser != null) {
throw "Email address already in use." throw `Email address ${email} already in use.`
} }
} }
// check root account users in account portal // check root account users in account portal
if (!env.SELF_HOSTED) { if (!env.SELF_HOSTED) {
const account = await accounts.getAccount(email) const account = await accounts.getAccount(email)
if (account) { if (account && account.verified) {
throw "Email address already in use." throw `Email address ${email} already in use.`
} }
} }
} else { } else {

View File

@ -1,5 +1,7 @@
const CouchDB = require("../../../db") const CouchDB = require("../../../db")
const { StaticDatabases } = require("@budibase/auth/db") const { StaticDatabases } = require("@budibase/auth/db")
const { getTenantId } = require("@budibase/auth/tenancy")
const { deleteTenant } = require("@budibase/auth/deprovision")
exports.exists = async ctx => { exports.exists = async ctx => {
const tenantId = ctx.request.params const tenantId = ctx.request.params
@ -31,3 +33,19 @@ exports.fetch = async ctx => {
} }
ctx.body = tenants ctx.body = tenants
} }
exports.delete = async ctx => {
const tenantId = getTenantId()
if (ctx.params.tenantId !== tenantId) {
ctx.throw(403, "Unauthorized")
}
try {
await deleteTenant(tenantId)
ctx.status = 204
} catch (err) {
ctx.log.error(err)
throw err
}
}

View File

@ -7,5 +7,6 @@ const router = Router()
router router
.get("/api/system/tenants/:tenantId/exists", controller.exists) .get("/api/system/tenants/:tenantId/exists", controller.exists)
.get("/api/system/tenants", adminOnly, controller.fetch) .get("/api/system/tenants", adminOnly, controller.fetch)
.delete("/api/system/tenants/:tenantId", adminOnly, controller.delete)
module.exports = router module.exports = router

File diff suppressed because it is too large Load Diff