Merge branch 'master' into merge-env-vars
This commit is contained in:
Sam Rose
GitHub
commit
75360bdb9b
|
|
@ -214,6 +214,7 @@ jobs:
|
|||
echo "pro_commit=$pro_commit"
|
||||
echo "pro_commit=$pro_commit" >> "$GITHUB_OUTPUT"
|
||||
echo "base_commit=$base_commit"
|
||||
echo "base_commit=$base_commit" >> "$GITHUB_OUTPUT"
|
||||
|
||||
base_commit_excluding_merges=$(git log --no-merges -n 1 --format=format:%H $base_commit)
|
||||
echo "base_commit_excluding_merges=$base_commit_excluding_merges"
|
||||
|
|
@ -230,7 +231,7 @@ jobs:
|
|||
base_commit_excluding_merges='${{ steps.get_pro_commits.outputs.base_commit_excluding_merges }}'
|
||||
pro_commit='${{ steps.get_pro_commits.outputs.pro_commit }}'
|
||||
|
||||
any_commit=$(git log --no-merges $base_commit...$pro_commit)
|
||||
any_commit=$(git log --no-merges $base_commit_excluding_merges...$pro_commit)
|
||||
|
||||
if [ -n "$any_commit" ]; then
|
||||
echo $any_commit
|
||||
|
|
|
|||
|
|
@ -221,7 +221,7 @@ export class UserDB {
|
|||
const tenantId = getTenantId()
|
||||
const db = getGlobalDB()
|
||||
|
||||
let { email, _id, userGroups = [], roles } = user
|
||||
const { email, _id, userGroups = [], roles } = user
|
||||
|
||||
if (!email && !_id) {
|
||||
throw new Error("_id or email is required")
|
||||
|
|
@ -231,11 +231,10 @@ export class UserDB {
|
|||
if (_id) {
|
||||
// try to get existing user from db
|
||||
try {
|
||||
dbUser = (await db.get(_id)) as User
|
||||
if (email && dbUser.email !== email) {
|
||||
throw "Email address cannot be changed"
|
||||
dbUser = await usersCore.getById(_id)
|
||||
if (email && dbUser.email !== email && !opts.allowChangingEmail) {
|
||||
throw new Error("Email address cannot be changed")
|
||||
}
|
||||
email = dbUser.email
|
||||
} catch (e: any) {
|
||||
if (e.status === 404) {
|
||||
// do nothing, save this new user with the id specified - required for SSO auth
|
||||
|
|
@ -271,13 +270,13 @@ export class UserDB {
|
|||
|
||||
// make sure we set the _id field for a new user
|
||||
// Also if this is a new user, associate groups with them
|
||||
let groupPromises = []
|
||||
const groupPromises = []
|
||||
if (!_id) {
|
||||
_id = builtUser._id!
|
||||
|
||||
if (userGroups.length > 0) {
|
||||
for (let groupId of userGroups) {
|
||||
groupPromises.push(UserDB.groups.addUsers(groupId, [_id!]))
|
||||
groupPromises.push(
|
||||
UserDB.groups.addUsers(groupId, [builtUser._id!])
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -288,6 +287,11 @@ export class UserDB {
|
|||
builtUser._rev = response.rev
|
||||
|
||||
await eventHelpers.handleSaveEvents(builtUser, dbUser)
|
||||
if (dbUser && builtUser.email !== dbUser.email) {
|
||||
// Remove the plaform email reference if the email changed
|
||||
await platform.users.removeUser({ email: dbUser.email } as User)
|
||||
}
|
||||
|
||||
await platform.users.addUser(
|
||||
tenantId,
|
||||
builtUser._id!,
|
||||
|
|
|
|||
|
|
@ -0,0 +1,188 @@
|
|||
import { User, UserStatus } from "@budibase/types"
|
||||
import { DBTestConfiguration, generator, structures } from "../../../tests"
|
||||
import { UserDB } from "../db"
|
||||
import { searchExistingEmails } from "../lookup"
|
||||
|
||||
const db = UserDB
|
||||
|
||||
const config = new DBTestConfiguration()
|
||||
|
||||
const quotas = {
|
||||
addUsers: jest
|
||||
.fn()
|
||||
.mockImplementation(
|
||||
(_change: number, _creatorsChange: number, cb?: () => Promise<any>) =>
|
||||
cb && cb()
|
||||
),
|
||||
removeUsers: jest
|
||||
.fn()
|
||||
.mockImplementation(
|
||||
(_change: number, _creatorsChange: number, cb?: () => Promise<any>) =>
|
||||
cb && cb()
|
||||
),
|
||||
}
|
||||
const groups = {
|
||||
addUsers: jest.fn(),
|
||||
getBulk: jest.fn(),
|
||||
getGroupBuilderAppIds: jest.fn(),
|
||||
}
|
||||
const features = { isSSOEnforced: jest.fn(), isAppBuildersEnabled: jest.fn() }
|
||||
|
||||
describe("UserDB", () => {
|
||||
beforeAll(() => {
|
||||
db.init(quotas, groups, features)
|
||||
})
|
||||
|
||||
describe("save", () => {
|
||||
describe("create", () => {
|
||||
it("creating a new user will persist it", async () => {
|
||||
const email = generator.email({})
|
||||
const user: User = structures.users.user({
|
||||
email,
|
||||
tenantId: config.getTenantId(),
|
||||
})
|
||||
|
||||
await config.doInTenant(async () => {
|
||||
const saveUserResponse = await db.save(user)
|
||||
|
||||
const persistedUser = await db.getUserByEmail(email)
|
||||
expect(persistedUser).toEqual({
|
||||
...user,
|
||||
_id: saveUserResponse._id,
|
||||
_rev: expect.stringMatching(/^1-\w+/),
|
||||
password: expect.not.stringMatching(user.password!),
|
||||
status: UserStatus.ACTIVE,
|
||||
createdAt: Date.now(),
|
||||
updatedAt: new Date().toISOString(),
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
it("the same email cannot be used twice in the same tenant", async () => {
|
||||
const email = generator.email({})
|
||||
const user: User = structures.users.user({
|
||||
email,
|
||||
tenantId: config.getTenantId(),
|
||||
})
|
||||
|
||||
await config.doInTenant(() => db.save(user))
|
||||
|
||||
await config.doInTenant(() =>
|
||||
expect(db.save(user)).rejects.toThrow(
|
||||
`Email already in use: '${email}'`
|
||||
)
|
||||
)
|
||||
})
|
||||
|
||||
it("the same email cannot be used twice in different tenants", async () => {
|
||||
const email = generator.email({})
|
||||
const user: User = structures.users.user({
|
||||
email,
|
||||
tenantId: config.getTenantId(),
|
||||
})
|
||||
|
||||
await config.doInTenant(() => db.save(user))
|
||||
|
||||
config.newTenant()
|
||||
await config.doInTenant(() =>
|
||||
expect(db.save(user)).rejects.toThrow(
|
||||
`Email already in use: '${email}'`
|
||||
)
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe("update", () => {
|
||||
let user: User
|
||||
|
||||
beforeEach(async () => {
|
||||
user = await config.doInTenant(() =>
|
||||
db.save(
|
||||
structures.users.user({
|
||||
email: generator.email({}),
|
||||
tenantId: config.getTenantId(),
|
||||
})
|
||||
)
|
||||
)
|
||||
})
|
||||
|
||||
it("can update user properties", async () => {
|
||||
await config.doInTenant(async () => {
|
||||
const updatedName = generator.first()
|
||||
user.firstName = updatedName
|
||||
|
||||
await db.save(user)
|
||||
|
||||
const persistedUser = await db.getUserByEmail(user.email)
|
||||
expect(persistedUser).toEqual(
|
||||
expect.objectContaining({
|
||||
_id: user._id,
|
||||
email: user.email,
|
||||
firstName: updatedName,
|
||||
lastName: user.lastName,
|
||||
})
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
it("email cannot be updated by default", async () => {
|
||||
await config.doInTenant(async () => {
|
||||
await expect(
|
||||
db.save({ ...user, email: generator.email({}) })
|
||||
).rejects.toThrow("Email address cannot be changed")
|
||||
})
|
||||
})
|
||||
|
||||
it("email can be updated if specified", async () => {
|
||||
await config.doInTenant(async () => {
|
||||
const newEmail = generator.email({})
|
||||
|
||||
await db.save(
|
||||
{ ...user, email: newEmail },
|
||||
{ allowChangingEmail: true }
|
||||
)
|
||||
|
||||
const persistedUser = await db.getUserByEmail(newEmail)
|
||||
expect(persistedUser).toEqual(
|
||||
expect.objectContaining({
|
||||
_id: user._id,
|
||||
email: newEmail,
|
||||
lastName: user.lastName,
|
||||
_rev: expect.stringMatching(/^2-\w+/),
|
||||
})
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
it("updating emails frees previous emails", async () => {
|
||||
await config.doInTenant(async () => {
|
||||
const previousEmail = user.email
|
||||
const newEmail = generator.email({})
|
||||
expect(await searchExistingEmails([previousEmail, newEmail])).toEqual(
|
||||
[previousEmail]
|
||||
)
|
||||
|
||||
await db.save(
|
||||
{ ...user, email: newEmail },
|
||||
{ allowChangingEmail: true }
|
||||
)
|
||||
|
||||
expect(await searchExistingEmails([previousEmail, newEmail])).toEqual(
|
||||
[newEmail]
|
||||
)
|
||||
|
||||
await db.save(
|
||||
structures.users.user({
|
||||
email: previousEmail,
|
||||
tenantId: config.getTenantId(),
|
||||
})
|
||||
)
|
||||
|
||||
expect(await searchExistingEmails([previousEmail, newEmail])).toEqual(
|
||||
[previousEmail, newEmail]
|
||||
)
|
||||
})
|
||||
})
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit e8f2c5a14780e1f61ec3896821ba5f93d486eb72
|
||||
Subproject commit dbb78c8737c291871500bc655e30f331f6ffccbf
|
||||
|
|
@ -3,4 +3,5 @@ export interface SaveUserOpts {
|
|||
requirePassword?: boolean
|
||||
currentUserId?: string
|
||||
skipPasswordValidation?: boolean
|
||||
allowChangingEmail?: boolean
|
||||
}
|
||||
|
|
|
|||
|
|
@ -574,6 +574,41 @@ describe("scim", () => {
|
|||
|
||||
expect(events.user.updated).toHaveBeenCalledTimes(1)
|
||||
})
|
||||
|
||||
it("an existing user's email can be updated", async () => {
|
||||
const newEmail = structures.generator.email()
|
||||
const body: ScimUpdateRequest = {
|
||||
schemas: ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
|
||||
Operations: [
|
||||
{
|
||||
op: "Replace",
|
||||
path: 'emails[type eq "work"].value',
|
||||
value: newEmail,
|
||||
},
|
||||
],
|
||||
}
|
||||
|
||||
const response = await patchScimUser({ id: user.id, body })
|
||||
|
||||
const expectedScimUser: ScimUserResponse = {
|
||||
...user,
|
||||
emails: [
|
||||
{
|
||||
value: newEmail,
|
||||
type: "work",
|
||||
primary: true,
|
||||
},
|
||||
],
|
||||
}
|
||||
expect(response).toEqual(expectedScimUser)
|
||||
|
||||
const persistedUser = await config.api.scimUsersAPI.find(user.id)
|
||||
expect(persistedUser).toEqual(expectedScimUser)
|
||||
|
||||
expect((await config.api.users.getUser(user.id)).body).toEqual(
|
||||
expect.objectContaining({ _id: user.id, email: newEmail })
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe("DELETE /api/global/scim/v2/users/:id", () => {
|
||||
|
|
|
|||
Loading…
Reference in New Issue