Merge remote-tracking branch 'origin/master' into global-bindings
This commit is contained in:
commit
876bc0a33c
|
@ -26,7 +26,7 @@ services:
|
||||||
BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
|
BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
|
||||||
BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}
|
BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}
|
||||||
PLUGINS_DIR: ${PLUGINS_DIR}
|
PLUGINS_DIR: ${PLUGINS_DIR}
|
||||||
OFFLINE_MODE: ${OFFLINE_MODE}
|
OFFLINE_MODE: ${OFFLINE_MODE:-}
|
||||||
depends_on:
|
depends_on:
|
||||||
- worker-service
|
- worker-service
|
||||||
- redis-service
|
- redis-service
|
||||||
|
@ -53,7 +53,7 @@ services:
|
||||||
INTERNAL_API_KEY: ${INTERNAL_API_KEY}
|
INTERNAL_API_KEY: ${INTERNAL_API_KEY}
|
||||||
REDIS_URL: redis-service:6379
|
REDIS_URL: redis-service:6379
|
||||||
REDIS_PASSWORD: ${REDIS_PASSWORD}
|
REDIS_PASSWORD: ${REDIS_PASSWORD}
|
||||||
OFFLINE_MODE: ${OFFLINE_MODE}
|
OFFLINE_MODE: ${OFFLINE_MODE:-}
|
||||||
depends_on:
|
depends_on:
|
||||||
- redis-service
|
- redis-service
|
||||||
- minio-service
|
- minio-service
|
||||||
|
|
|
@ -166,6 +166,8 @@ const environment = {
|
||||||
DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
|
DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
|
||||||
BLACKLIST_IPS: process.env.BLACKLIST_IPS,
|
BLACKLIST_IPS: process.env.BLACKLIST_IPS,
|
||||||
SERVICE_TYPE: "unknown",
|
SERVICE_TYPE: "unknown",
|
||||||
|
PASSWORD_MIN_LENGTH: process.env.PASSWORD_MIN_LENGTH,
|
||||||
|
PASSWORD_MAX_LENGTH: process.env.PASSWORD_MAX_LENGTH,
|
||||||
/**
|
/**
|
||||||
* Enable to allow an admin user to login using a password.
|
* Enable to allow an admin user to login using a password.
|
||||||
* This can be useful to prevent lockout when configuring SSO.
|
* This can be useful to prevent lockout when configuring SSO.
|
||||||
|
|
|
@ -15,6 +15,7 @@ import * as identity from "../context/identity"
|
||||||
import env from "../environment"
|
import env from "../environment"
|
||||||
import { Ctx, EndpointMatcher, SessionCookie } from "@budibase/types"
|
import { Ctx, EndpointMatcher, SessionCookie } from "@budibase/types"
|
||||||
import { InvalidAPIKeyError, ErrorCode } from "../errors"
|
import { InvalidAPIKeyError, ErrorCode } from "../errors"
|
||||||
|
import tracer from "dd-trace"
|
||||||
|
|
||||||
const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
|
const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
|
||||||
? parseInt(env.SESSION_UPDATE_PERIOD)
|
? parseInt(env.SESSION_UPDATE_PERIOD)
|
||||||
|
@ -166,6 +167,19 @@ export default function (
|
||||||
if (!authenticated) {
|
if (!authenticated) {
|
||||||
authenticated = false
|
authenticated = false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (user) {
|
||||||
|
tracer.setUser({
|
||||||
|
id: user?._id,
|
||||||
|
tenantId: user?.tenantId,
|
||||||
|
admin: user?.admin,
|
||||||
|
builder: user?.builder,
|
||||||
|
budibaseAccess: user?.budibaseAccess,
|
||||||
|
status: user?.status,
|
||||||
|
roles: user?.roles,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
// isAuthenticated is a function, so use a variable to be able to check authed state
|
// isAuthenticated is a function, so use a variable to be able to check authed state
|
||||||
finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
|
finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import { env } from ".."
|
import env from "../environment"
|
||||||
|
|
||||||
export const PASSWORD_MIN_LENGTH = +(process.env.PASSWORD_MIN_LENGTH || 8)
|
export const PASSWORD_MIN_LENGTH = +(env.PASSWORD_MIN_LENGTH || 8)
|
||||||
export const PASSWORD_MAX_LENGTH = +(process.env.PASSWORD_MAX_LENGTH || 512)
|
export const PASSWORD_MAX_LENGTH = +(env.PASSWORD_MAX_LENGTH || 512)
|
||||||
|
|
||||||
export function validatePassword(
|
export function validatePassword(
|
||||||
password: string
|
password: string
|
||||||
|
|
|
@ -44,6 +44,12 @@ type GroupFns = {
|
||||||
getBulk: GroupGetFn
|
getBulk: GroupGetFn
|
||||||
getGroupBuilderAppIds: GroupBuildersFn
|
getGroupBuilderAppIds: GroupBuildersFn
|
||||||
}
|
}
|
||||||
|
type CreateAdminUserOpts = {
|
||||||
|
ssoId?: string
|
||||||
|
hashPassword?: boolean
|
||||||
|
requirePassword?: boolean
|
||||||
|
skipPasswordValidation?: boolean
|
||||||
|
}
|
||||||
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
|
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
|
||||||
|
|
||||||
const bulkDeleteProcessing = async (dbUser: User) => {
|
const bulkDeleteProcessing = async (dbUser: User) => {
|
||||||
|
@ -112,9 +118,11 @@ export class UserDB {
|
||||||
throw new HTTPError("Password change is disabled for this user", 400)
|
throw new HTTPError("Password change is disabled for this user", 400)
|
||||||
}
|
}
|
||||||
|
|
||||||
const passwordValidation = validatePassword(password)
|
if (!opts.skipPasswordValidation) {
|
||||||
if (!passwordValidation.valid) {
|
const passwordValidation = validatePassword(password)
|
||||||
throw new HTTPError(passwordValidation.error, 400)
|
if (!passwordValidation.valid) {
|
||||||
|
throw new HTTPError(passwordValidation.error, 400)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
hashedPassword = opts.hashPassword ? await hash(password) : password
|
hashedPassword = opts.hashPassword ? await hash(password) : password
|
||||||
|
@ -489,7 +497,7 @@ export class UserDB {
|
||||||
email: string,
|
email: string,
|
||||||
password: string,
|
password: string,
|
||||||
tenantId: string,
|
tenantId: string,
|
||||||
opts?: { ssoId?: string; hashPassword?: boolean; requirePassword?: boolean }
|
opts?: CreateAdminUserOpts
|
||||||
) {
|
) {
|
||||||
const user: User = {
|
const user: User = {
|
||||||
email: email,
|
email: email,
|
||||||
|
@ -513,6 +521,7 @@ export class UserDB {
|
||||||
return await UserDB.save(user, {
|
return await UserDB.save(user, {
|
||||||
hashPassword: opts?.hashPassword,
|
hashPassword: opts?.hashPassword,
|
||||||
requirePassword: opts?.requirePassword,
|
requirePassword: opts?.requirePassword,
|
||||||
|
skipPasswordValidation: opts?.skipPasswordValidation,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -138,7 +138,11 @@ export async function startup(app?: Koa, server?: Server) {
|
||||||
bbAdminEmail,
|
bbAdminEmail,
|
||||||
bbAdminPassword,
|
bbAdminPassword,
|
||||||
tenantId,
|
tenantId,
|
||||||
{ hashPassword: true, requirePassword: true }
|
{
|
||||||
|
hashPassword: true,
|
||||||
|
requirePassword: true,
|
||||||
|
skipPasswordValidation: true,
|
||||||
|
}
|
||||||
)
|
)
|
||||||
// Need to set up an API key for automated integration tests
|
// Need to set up an API key for automated integration tests
|
||||||
if (env.isTest()) {
|
if (env.isTest()) {
|
||||||
|
|
|
@ -2,4 +2,5 @@ export interface SaveUserOpts {
|
||||||
hashPassword?: boolean
|
hashPassword?: boolean
|
||||||
requirePassword?: boolean
|
requirePassword?: boolean
|
||||||
currentUserId?: string
|
currentUserId?: string
|
||||||
|
skipPasswordValidation?: boolean
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue