Merge remote-tracking branch 'origin/master' into global-bindings

This commit is contained in:
Dean 2024-01-05 14:54:07 +00:00
commit 876bc0a33c
7 changed files with 40 additions and 10 deletions

View File

@ -26,7 +26,7 @@ services:
BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL} BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD} BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}
PLUGINS_DIR: ${PLUGINS_DIR} PLUGINS_DIR: ${PLUGINS_DIR}
OFFLINE_MODE: ${OFFLINE_MODE} OFFLINE_MODE: ${OFFLINE_MODE:-}
depends_on: depends_on:
- worker-service - worker-service
- redis-service - redis-service
@ -53,7 +53,7 @@ services:
INTERNAL_API_KEY: ${INTERNAL_API_KEY} INTERNAL_API_KEY: ${INTERNAL_API_KEY}
REDIS_URL: redis-service:6379 REDIS_URL: redis-service:6379
REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_PASSWORD: ${REDIS_PASSWORD}
OFFLINE_MODE: ${OFFLINE_MODE} OFFLINE_MODE: ${OFFLINE_MODE:-}
depends_on: depends_on:
- redis-service - redis-service
- minio-service - minio-service

View File

@ -166,6 +166,8 @@ const environment = {
DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING, DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
BLACKLIST_IPS: process.env.BLACKLIST_IPS, BLACKLIST_IPS: process.env.BLACKLIST_IPS,
SERVICE_TYPE: "unknown", SERVICE_TYPE: "unknown",
PASSWORD_MIN_LENGTH: process.env.PASSWORD_MIN_LENGTH,
PASSWORD_MAX_LENGTH: process.env.PASSWORD_MAX_LENGTH,
/** /**
* Enable to allow an admin user to login using a password. * Enable to allow an admin user to login using a password.
* This can be useful to prevent lockout when configuring SSO. * This can be useful to prevent lockout when configuring SSO.

View File

@ -15,6 +15,7 @@ import * as identity from "../context/identity"
import env from "../environment" import env from "../environment"
import { Ctx, EndpointMatcher, SessionCookie } from "@budibase/types" import { Ctx, EndpointMatcher, SessionCookie } from "@budibase/types"
import { InvalidAPIKeyError, ErrorCode } from "../errors" import { InvalidAPIKeyError, ErrorCode } from "../errors"
import tracer from "dd-trace"
const ONE_MINUTE = env.SESSION_UPDATE_PERIOD const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
? parseInt(env.SESSION_UPDATE_PERIOD) ? parseInt(env.SESSION_UPDATE_PERIOD)
@ -166,6 +167,19 @@ export default function (
if (!authenticated) { if (!authenticated) {
authenticated = false authenticated = false
} }
if (user) {
tracer.setUser({
id: user?._id,
tenantId: user?.tenantId,
admin: user?.admin,
builder: user?.builder,
budibaseAccess: user?.budibaseAccess,
status: user?.status,
roles: user?.roles,
})
}
// isAuthenticated is a function, so use a variable to be able to check authed state // isAuthenticated is a function, so use a variable to be able to check authed state
finalise(ctx, { authenticated, user, internal, version, publicEndpoint }) finalise(ctx, { authenticated, user, internal, version, publicEndpoint })

View File

@ -1,7 +1,7 @@
import { env } from ".." import env from "../environment"
export const PASSWORD_MIN_LENGTH = +(process.env.PASSWORD_MIN_LENGTH || 8) export const PASSWORD_MIN_LENGTH = +(env.PASSWORD_MIN_LENGTH || 8)
export const PASSWORD_MAX_LENGTH = +(process.env.PASSWORD_MAX_LENGTH || 512) export const PASSWORD_MAX_LENGTH = +(env.PASSWORD_MAX_LENGTH || 512)
export function validatePassword( export function validatePassword(
password: string password: string

View File

@ -44,6 +44,12 @@ type GroupFns = {
getBulk: GroupGetFn getBulk: GroupGetFn
getGroupBuilderAppIds: GroupBuildersFn getGroupBuilderAppIds: GroupBuildersFn
} }
type CreateAdminUserOpts = {
ssoId?: string
hashPassword?: boolean
requirePassword?: boolean
skipPasswordValidation?: boolean
}
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn } type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
const bulkDeleteProcessing = async (dbUser: User) => { const bulkDeleteProcessing = async (dbUser: User) => {
@ -112,9 +118,11 @@ export class UserDB {
throw new HTTPError("Password change is disabled for this user", 400) throw new HTTPError("Password change is disabled for this user", 400)
} }
const passwordValidation = validatePassword(password) if (!opts.skipPasswordValidation) {
if (!passwordValidation.valid) { const passwordValidation = validatePassword(password)
throw new HTTPError(passwordValidation.error, 400) if (!passwordValidation.valid) {
throw new HTTPError(passwordValidation.error, 400)
}
} }
hashedPassword = opts.hashPassword ? await hash(password) : password hashedPassword = opts.hashPassword ? await hash(password) : password
@ -489,7 +497,7 @@ export class UserDB {
email: string, email: string,
password: string, password: string,
tenantId: string, tenantId: string,
opts?: { ssoId?: string; hashPassword?: boolean; requirePassword?: boolean } opts?: CreateAdminUserOpts
) { ) {
const user: User = { const user: User = {
email: email, email: email,
@ -513,6 +521,7 @@ export class UserDB {
return await UserDB.save(user, { return await UserDB.save(user, {
hashPassword: opts?.hashPassword, hashPassword: opts?.hashPassword,
requirePassword: opts?.requirePassword, requirePassword: opts?.requirePassword,
skipPasswordValidation: opts?.skipPasswordValidation,
}) })
} }

View File

@ -138,7 +138,11 @@ export async function startup(app?: Koa, server?: Server) {
bbAdminEmail, bbAdminEmail,
bbAdminPassword, bbAdminPassword,
tenantId, tenantId,
{ hashPassword: true, requirePassword: true } {
hashPassword: true,
requirePassword: true,
skipPasswordValidation: true,
}
) )
// Need to set up an API key for automated integration tests // Need to set up an API key for automated integration tests
if (env.isTest()) { if (env.isTest()) {

View File

@ -2,4 +2,5 @@ export interface SaveUserOpts {
hashPassword?: boolean hashPassword?: boolean
requirePassword?: boolean requirePassword?: boolean
currentUserId?: string currentUserId?: string
skipPasswordValidation?: boolean
} }