Remove loop for get account during user bulk import (#10203)
This commit is contained in:
parent
fbbb36b809
commit
5eecb6e686
|
@ -126,9 +126,8 @@ describe("/api/global/auth", () => {
|
|||
it("should prevent user from logging in", async () => {
|
||||
user = await config.createUser()
|
||||
const account = structures.accounts.ssoAccount() as CloudAccount
|
||||
mocks.accounts.getAccount.mockReturnValueOnce(
|
||||
Promise.resolve(account)
|
||||
)
|
||||
account.email = user.email
|
||||
mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
|
||||
|
||||
await testSSOUser()
|
||||
})
|
||||
|
@ -186,9 +185,8 @@ describe("/api/global/auth", () => {
|
|||
it("should prevent user from generating password reset email", async () => {
|
||||
user = await config.createUser(structures.users.user())
|
||||
const account = structures.accounts.ssoAccount() as CloudAccount
|
||||
mocks.accounts.getAccount.mockReturnValueOnce(
|
||||
Promise.resolve(account)
|
||||
)
|
||||
account.email = user.email
|
||||
mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
|
||||
|
||||
await testSSOUser()
|
||||
})
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import { structures } from "../../../tests"
|
||||
import { mocks } from "@budibase/backend-core/tests"
|
||||
import { env } from "@budibase/backend-core"
|
||||
import { env, context } from "@budibase/backend-core"
|
||||
import * as users from "../users"
|
||||
import { CloudAccount } from "@budibase/types"
|
||||
import { isPreventPasswordActions } from "../users"
|
||||
|
@ -16,34 +16,52 @@ describe("users", () => {
|
|||
|
||||
describe("isPreventPasswordActions", () => {
|
||||
it("returns false for non sso user", async () => {
|
||||
await context.doInTenant(structures.tenant.id(), async () => {
|
||||
const user = structures.users.user()
|
||||
const result = await users.isPreventPasswordActions(user)
|
||||
expect(result).toBe(false)
|
||||
})
|
||||
})
|
||||
|
||||
it("returns true for sso account user", async () => {
|
||||
await context.doInTenant(structures.tenant.id(), async () => {
|
||||
const user = structures.users.user()
|
||||
mocks.accounts.getAccount.mockReturnValue(
|
||||
Promise.resolve(structures.accounts.ssoAccount() as CloudAccount)
|
||||
)
|
||||
const account = structures.accounts.ssoAccount() as CloudAccount
|
||||
account.email = user.email
|
||||
mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
|
||||
const result = await users.isPreventPasswordActions(user)
|
||||
expect(result).toBe(true)
|
||||
})
|
||||
})
|
||||
|
||||
it("returns false when account doesn't match user email", async () => {
|
||||
await context.doInTenant(structures.tenant.id(), async () => {
|
||||
const user = structures.users.user()
|
||||
const account = structures.accounts.ssoAccount() as CloudAccount
|
||||
mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
|
||||
const result = await users.isPreventPasswordActions(user)
|
||||
expect(result).toBe(false)
|
||||
})
|
||||
})
|
||||
|
||||
it("returns true for sso user", async () => {
|
||||
await context.doInTenant(structures.tenant.id(), async () => {
|
||||
const user = structures.users.ssoUser()
|
||||
const result = await users.isPreventPasswordActions(user)
|
||||
expect(result).toBe(true)
|
||||
})
|
||||
})
|
||||
|
||||
describe("enforced sso", () => {
|
||||
it("returns true for all users when sso is enforced", async () => {
|
||||
await context.doInTenant(structures.tenant.id(), async () => {
|
||||
const user = structures.users.user()
|
||||
pro.features.isSSOEnforced.mockReturnValue(Promise.resolve(true))
|
||||
pro.features.isSSOEnforced.mockResolvedValueOnce(true)
|
||||
const result = await users.isPreventPasswordActions(user)
|
||||
expect(result).toBe(true)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
describe("sso maintenance mode", () => {
|
||||
beforeEach(() => {
|
||||
|
|
|
@ -31,6 +31,7 @@ import {
|
|||
SearchUsersRequest,
|
||||
User,
|
||||
SaveUserOpts,
|
||||
Account,
|
||||
} from "@budibase/types"
|
||||
import { sendEmail } from "../../utilities/email"
|
||||
import { EmailTemplatePurpose } from "../../constants"
|
||||
|
@ -127,7 +128,8 @@ const buildUser = async (
|
|||
requirePassword: true,
|
||||
},
|
||||
tenantId: string,
|
||||
dbUser?: any
|
||||
dbUser?: any,
|
||||
account?: Account
|
||||
): Promise<User> => {
|
||||
let { password, _id } = user
|
||||
|
||||
|
@ -138,7 +140,7 @@ const buildUser = async (
|
|||
|
||||
let hashedPassword
|
||||
if (password) {
|
||||
if (await isPreventPasswordActions(user)) {
|
||||
if (await isPreventPasswordActions(user, account)) {
|
||||
throw new HTTPError("Password change is disabled for this user", 400)
|
||||
}
|
||||
hashedPassword = opts.hashPassword ? await utils.hash(password) : password
|
||||
|
@ -209,7 +211,7 @@ const validateUniqueUser = async (email: string, tenantId: string) => {
|
|||
}
|
||||
}
|
||||
|
||||
export async function isPreventPasswordActions(user: User) {
|
||||
export async function isPreventPasswordActions(user: User, account?: Account) {
|
||||
// when in maintenance mode we allow sso users with the admin role
|
||||
// to perform any password action - this prevents lockout
|
||||
if (coreEnv.ENABLE_SSO_MAINTENANCE_MODE && user.admin?.global) {
|
||||
|
@ -227,8 +229,10 @@ export async function isPreventPasswordActions(user: User) {
|
|||
}
|
||||
|
||||
// Check account sso
|
||||
const account = await accountSdk.api.getAccount(user.email)
|
||||
return !!(account && isSSOAccount(account))
|
||||
if (!account) {
|
||||
account = await accountSdk.api.getAccountByTenantId(tenancy.getTenantId())
|
||||
}
|
||||
return !!(account && account.email === user.email && isSSOAccount(account))
|
||||
}
|
||||
|
||||
export const save = async (
|
||||
|
@ -439,6 +443,7 @@ export const bulkCreate = async (
|
|||
newUsers.push(newUser)
|
||||
}
|
||||
|
||||
const account = await accountSdk.api.getAccountByTenantId(tenantId)
|
||||
// create the promises array that will be called by bulkDocs
|
||||
newUsers.forEach((user: any) => {
|
||||
usersToSave.push(
|
||||
|
@ -448,7 +453,9 @@ export const bulkCreate = async (
|
|||
hashPassword: true,
|
||||
requirePassword: user.requirePassword,
|
||||
},
|
||||
tenantId
|
||||
tenantId,
|
||||
undefined, // no dbUser
|
||||
account
|
||||
)
|
||||
)
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue