Fixing an issue with redirect loop in auth,

2021-05-27 12:05:31 +01:00 · 2021-05-27 12:05:31 +01:00 · 88b31d7406
parent de91822ce7
commit 88b31d7406
4 changed files with 9 additions and 6 deletions
--- a/packages/auth/src/security/permissions.js
+++ b/packages/auth/src/security/permissions.js
@ -17,6 +17,7 @@ const PermissionTypes = {
  BUILDER: "builder",
  VIEW: "view",
  QUERY: "query",
+  APP: "app",
 }

 function Permission(type, level) {
@ -86,6 +87,7 @@ const BUILTIN_PERMISSIONS = {
      new Permission(PermissionTypes.QUERY, PermissionLevels.READ),
      new Permission(PermissionTypes.TABLE, PermissionLevels.READ),
      new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
+      new Permission(PermissionTypes.APP, PermissionLevels.READ),
    ],
  },
  WRITE: {
@ -118,6 +120,7 @@ const BUILTIN_PERMISSIONS = {
      new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN),
      new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
      new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN),
+      new Permission(PermissionTypes.APP, PermissionLevels.ADMIN),
    ],
  },
 }
--- a/packages/builder/src/pages/builder/auth/_layout.svelte
+++ b/packages/builder/src/pages/builder/auth/_layout.svelte
@ -7,12 +7,12 @@
  // Check this onMount rather than a reactive statement to avoid trumping
  // the login return URL functionality.
  onMount(() => {
-    if ($auth.user) {
+    if ($auth.user && !$auth.user.forceResetPassword) {
      $redirect("../")
    }
  })
 </script>

-{#if !$auth.user}
+{#if !$auth.user || $auth.user.forceResetPassword}
  <slot />
 {/if}
--- a/packages/server/src/api/routes/analytics.js
+++ b/packages/server/src/api/routes/analytics.js
@ -5,6 +5,6 @@ const { BUILDER } = require("@budibase/auth/permissions")

 const router = Router()

-router.get("/api/analytics", authorized(BUILDER), controller.isEnabled)
+router.get("/api/analytics", controller.isEnabled)

 module.exports = router
--- a/packages/server/src/api/routes/application.js
+++ b/packages/server/src/api/routes/application.js
@ -1,16 +1,16 @@
 const Router = require("@koa/router")
 const controller = require("../controllers/application")
 const authorized = require("../../middleware/authorized")
-const { BUILDER } = require("@budibase/auth/permissions")
+const { BUILDER, PermissionTypes, PermissionLevels } = require("@budibase/auth/permissions")

 const router = Router()

 router
  .get("/api/applications/:appId/definition", controller.fetchAppDefinition)
-  .get("/api/applications", authorized(BUILDER), controller.fetch)
+  .get("/api/applications", authorized(PermissionTypes.APP, PermissionLevels.READ), controller.fetch)
  .get(
    "/api/applications/:appId/appPackage",
-    authorized(BUILDER),
+    authorized(PermissionTypes.APP, PermissionLevels.READ),
    controller.fetchAppPackage
  )
  .put("/api/applications/:appId", authorized(BUILDER), controller.update)