Merge pull request #9908 from Budibase/fix/invite-codes-leak

fix tenant filtering issue
This commit is contained in:
Martin McKeaveney 2023-03-07 10:19:22 +00:00 committed by GitHub
commit 779f765970
3 changed files with 11 additions and 15 deletions

View File

@ -194,8 +194,7 @@ export const buildUserEndpoints = API => ({
}, },
/** /**
* Retrieves the invitation associated with a provided code. * Retrieves all user invitations for the current tenant.
* @param code The unique code for the target invite
*/ */
getUserInvites: async () => { getUserInvites: async () => {
return await API.get({ return await API.get({

View File

@ -341,7 +341,7 @@ export const getUserInvites = async (ctx: any) => {
let invites let invites
try { try {
// Restricted to the currently authenticated tenant // Restricted to the currently authenticated tenant
invites = await getInviteCodes([ctx.user.tenantId]) invites = await getInviteCodes()
} catch (e) { } catch (e) {
ctx.throw(400, "There was a problem fetching invites") ctx.throw(400, "There was a problem fetching invites")
} }

View File

@ -1,4 +1,5 @@
import { redis, utils } from "@budibase/backend-core" import { redis, utils, tenancy } from "@budibase/backend-core"
import env from "../environment"
function getExpirySecondsForDB(db: string) { function getExpirySecondsForDB(db: string) {
switch (db) { switch (db) {
@ -129,10 +130,9 @@ export async function checkInviteCode(
} }
/** /**
Get all currently available user invitations. Get all currently available user invitations for the current tenant.
@return {Object[]} A list of all objects containing invite metadata
**/ **/
export async function getInviteCodes(tenantIds?: string[]) { export async function getInviteCodes() {
const client = await getClient(redis.utils.Databases.INVITATIONS) const client = await getClient(redis.utils.Databases.INVITATIONS)
const invites: any[] = await client.scan() const invites: any[] = await client.scan()
@ -142,12 +142,9 @@ export async function getInviteCodes(tenantIds?: string[]) {
code: invite.key, code: invite.key,
} }
}) })
return results.reduce((acc, invite) => { if (!env.MULTI_TENANCY) {
if (tenantIds?.length && tenantIds.includes(invite.info.tenantId)) { return results
acc.push(invite) }
} else { const tenantId = tenancy.getTenantId()
acc.push(invite) return results.filter(invite => tenantId === invite.info.tenantId)
}
return acc
}, [])
} }