MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12500 from Budibase/fix/BUDI-7811 

Cross tenant app denial
This commit is contained in:
Michael Drury 2023-12-04 17:17:46 +00:00 committed by GitHub
parent 661735a3fd c321c83916
commit 864fe6be68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
packages/backend-core/src/tenancy/tenancy.ts
View File

@ -93,11 +93,19 @@ export const getTenantIDFromCtx = (
// subdomain // subdomain
if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) { if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) {
// e.g. budibase.app or local.com:10000 // e.g. budibase.app or local.com:10000
const platformHost = new URL(getPlatformURL()).host.split(":")[0] let platformHost
try {
platformHost = new URL(getPlatformURL()).host.split(":")[0]
} catch (err: any) {
// if invalid URL, just don't try to process subdomain
if (err.code !== "ERR_INVALID_URL") {
throw err
}
}
// e.g. tenant.budibase.app or tenant.local.com // e.g. tenant.budibase.app or tenant.local.com
const requestHost = ctx.host const requestHost = ctx.host
// parse the tenant id from the difference // parse the tenant id from the difference
if (requestHost.includes(platformHost)) { if (platformHost && requestHost.includes(platformHost)) {
const tenantId = requestHost.substring( const tenantId = requestHost.substring(
0, 0,
requestHost.indexOf(`.${platformHost}`) requestHost.indexOf(`.${platformHost}`)

41
packages/server/src/middleware/currentapp.ts
View File

@ -5,6 +5,7 @@ import {
tenancy, tenancy,
context, context,
users, users,
auth,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import { generateUserMetadataID, isDevAppID } from "../db/utils" import { generateUserMetadataID, isDevAppID } from "../db/utils"
import { getCachedSelf } from "../utilities/global" import { getCachedSelf } from "../utilities/global"
@ -69,28 +70,34 @@ export default async (ctx: UserCtx, next: any) => {
return next() return next()
} }
return context.doInAppContext(appId, async () => { const userId = ctx.user ? generateUserMetadataID(ctx.user._id!) : undefined
// if the user not in the right tenant then make sure they have no permissions
// need to judge this only based on the request app ID,
if (
env.MULTI_TENANCY &&
ctx.user?._id &&
requestAppId &&
!tenancy.isUserInAppTenant(requestAppId, ctx.user)
) {
// don't error, simply remove the users rights (they are a public user)
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
ctx.isAuthenticated = false
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
}
// if the user is not in the right tenant then make sure to wipe their cookie
// also cleanse any information about them that has been allocated
// this avoids apps making calls to say the worker which are cross tenant,
// we simply remove the authentication
if (
env.MULTI_TENANCY &&
userId &&
requestAppId &&
!tenancy.isUserInAppTenant(requestAppId, ctx.user)
) {
// clear out the user
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
ctx.isAuthenticated = false
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
// remove the cookie, so future calls are public
await auth.platformLogout({
ctx,
userId,
})
}
return context.doInAppContext(appId, async () => {
ctx.appId = appId ctx.appId = appId
if (roleId) { if (roleId) {
ctx.roleId = roleId ctx.roleId = roleId
const globalId = ctx.user ? ctx.user._id : undefined const globalId = ctx.user ? ctx.user._id : undefined
const userId = ctx.user
? generateUserMetadataID(ctx.user._id!)
: undefined
ctx.user = { ctx.user = {
...ctx.user!, ...ctx.user!,
// override userID with metadata one // override userID with metadata one