diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js index a03127ccf0..0cc8668687 100644 --- a/packages/server/src/api/controllers/auth.js +++ b/packages/server/src/api/controllers/auth.js @@ -8,7 +8,7 @@ const { setCookie } = require("../../utilities") const { outputProcessing } = require("../../utilities/rowProcessor") const { InternalTables } = require("../../db/utils") const { UserStatus } = require("@budibase/auth") -const setBuilderToken = require("../../utilities/builder/setBuilderToken") +const { getFullUser } = require("../../utilities/users") const INVALID_ERR = "Invalid Credentials" @@ -70,11 +70,6 @@ exports.authenticate = async ctx => { } } -// exports.builderLogin = async ctx => { -// await setBuilderToken(ctx) -// ctx.status = 200 -// } - exports.fetchSelf = async ctx => { const { userId, appId } = ctx.user /* istanbul ignore next */ @@ -83,7 +78,7 @@ exports.fetchSelf = async ctx => { return } const db = new CouchDB(appId) - const user = await db.get(userId) + const user = await getFullUser({ ctx, userId: userId }) const userTable = await db.get(InternalTables.USER_METADATA) if (user) { delete user.password diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js index 2ef8753845..2e2fa2c6f0 100644 --- a/packages/server/src/api/controllers/user.js +++ b/packages/server/src/api/controllers/user.js @@ -11,6 +11,7 @@ const { saveGlobalUser, deleteGlobalUser, } = require("../../utilities/workerRequests") +const { getFullUser } = require("../../utilities/users") exports.fetchMetadata = async function(ctx) { const database = new CouchDB(ctx.appId) @@ -95,15 +96,9 @@ exports.destroyMetadata = async function(ctx) { } exports.findMetadata = async function(ctx) { - const database = new CouchDB(ctx.appId) - const email = - ctx.params.email || getEmailFromUserMetadataID(ctx.params.userId) - const global = await getGlobalUsers(ctx, ctx.appId, email) - const user = await database.get(generateUserMetadataID(email)) - ctx.body = { - ...global, - ...user, - // make sure the ID is always a local ID, not a global one - _id: generateUserMetadataID(email), - } + ctx.body = await getFullUser({ + ctx, + email: ctx.params.email, + userId: ctx.params.userId, + }) } diff --git a/packages/server/src/api/routes/auth.js b/packages/server/src/api/routes/auth.js index 191db6aeed..954130370b 100644 --- a/packages/server/src/api/routes/auth.js +++ b/packages/server/src/api/routes/auth.js @@ -1,14 +1,10 @@ const Router = require("@koa/router") const controller = require("../controllers/auth") -const authorized = require("../../middleware/authorized") -const { BUILDER } = require("../../utilities/security/permissions") const router = Router() +// TODO: needs removed router.post("/api/authenticate", controller.authenticate) -// TODO: this is a hack simply to make sure builder has a cookie until auth reworked -// router.post("/api/builder/login", authorized(BUILDER), controller.builderLogin) -// doesn't need authorization as can only fetch info about self router.get("/api/self", controller.fetchSelf) module.exports = router diff --git a/packages/server/src/utilities/users.js b/packages/server/src/utilities/users.js new file mode 100644 index 0000000000..b41a0da9c7 --- /dev/null +++ b/packages/server/src/utilities/users.js @@ -0,0 +1,21 @@ +const CouchDB = require("../../db") +const { + generateUserMetadataID, + getEmailFromUserMetadataID, +} = require("../db/utils") +const { getGlobalUsers } = require("../../utilities/workerRequests") + +exports.getFullUser = async ({ ctx, email, userId }) => { + if (!email) { + email = getEmailFromUserMetadataID(userId) + } + const db = new CouchDB(ctx.appId) + const global = await getGlobalUsers(ctx, ctx.appId, email) + const user = await db.get(generateUserMetadataID(email)) + return { + ...global, + ...user, + // make sure the ID is always a local ID, not a global one + _id: generateUserMetadataID(email), + } +}