Password reset for budibase users

packages/auth/src/tenancy/tenancy.js

@@ -63,6 +63,7 @@ exports.tryAddTenant = async (tenantId, userId, email) => {
   }
   if (emailDoc) {
     emailDoc.tenantId = tenantId
+    emailDoc.userId = userId
     promises.push(db.put(emailDoc))
   }
   if (tenants.tenantIds.indexOf(tenantId) === -1) {

packages/builder/src/pages/builder/auth/_layout.svelte

@@ -12,7 +12,7 @@
     }
 
     // redirect to account portal for authentication in the cloud
-    if ($admin.cloud && $admin.accountPortalUrl) {
+    if (!$auth.user && $admin.cloud && $admin.accountPortalUrl) {
       window.location.href = $admin.accountPortalUrl
     }
   })

packages/worker/src/api/controllers/global/auth.js

@@ -96,7 +96,7 @@ exports.reset = async ctx => {
 exports.resetUpdate = async ctx => {
   const { resetCode, password } = ctx.request.body
   try {
-    const userId = await checkResetPasswordCode(resetCode)
+    const { userId } = await checkResetPasswordCode(resetCode)
     const db = getGlobalDB()
     const user = await db.get(userId)
     user.password = await hash(password)

packages/worker/src/api/controllers/global/users.js

@@ -6,13 +6,11 @@ const {
 } = require("@budibase/auth/db")
 const { hash, getGlobalUserByEmail } = require("@budibase/auth").utils
 const { UserStatus, EmailTemplatePurpose } = require("../../../constants")
-const { DEFAULT_TENANT_ID } = require("@budibase/auth/constants")
 const { checkInviteCode } = require("../../../utilities/redis")
 const { sendEmail } = require("../../../utilities/email")
 const { user: userCache } = require("@budibase/auth/cache")
 const { invalidateSessions } = require("@budibase/auth/sessions")
 const CouchDB = require("../../../db")
-const env = require("../../../environment")
 const {
   getGlobalDB,
   getTenantId,
@@ -251,25 +249,14 @@ exports.find = async ctx => {
   ctx.body = user
 }
 
-exports.tenantLookup = async ctx => {
+exports.tenantUserLookup = async ctx => {
   const id = ctx.params.id
   // lookup, could be email or userId, either will return a doc
   const db = new CouchDB(PLATFORM_INFO_DB)
-  let tenantId = null
   try {
-    const doc = await db.get(id)
-    if (doc && doc.tenantId) {
-      tenantId = doc.tenantId
-    }
+    ctx.body = await db.get(id)
   } catch (err) {
-    if (!env.MULTI_TENANCY) {
-      tenantId = DEFAULT_TENANT_ID
-    } else {
-      ctx.throw(400, "No tenant found.")
-    }
-  }
-  ctx.body = {
-    tenantId,
+    ctx.throw(400, "No tenant user found.")
   }
 }
 

packages/worker/src/api/routes/global/users.js

@@ -94,7 +94,7 @@ router
     controller.adminUser
   )
   .get("/api/global/users/self", controller.getSelf)
-  .get("/api/global/users/tenant/:id", controller.tenantLookup)
+  .get("/api/global/users/tenant/:id", controller.tenantUserLookup)
   // global endpoint but needs to come at end (blocks other endpoints otherwise)
   .get("/api/global/users/:id", adminOnly, controller.find)
 

packages/worker/src/utilities/email.js

@@ -51,7 +51,7 @@ function createSMTPTransport(config) {
 async function getLinkCode(purpose, email, user, info = null) {
   switch (purpose) {
     case EmailTemplatePurpose.PASSWORD_RECOVERY:
-      return getResetPasswordCode(user._id)
+      return getResetPasswordCode(user._id, info)
     case EmailTemplatePurpose.INVITATION:
       return getInviteCode(email, info)
     default:

packages/worker/src/utilities/redis.js

@@ -63,8 +63,8 @@ exports.shutdown = async () => {
  * @param {string} userId the ID of the user which is to be reset.
  * @return {Promise<string>} returns the code that was stored to redis.
  */
-exports.getResetPasswordCode = async userId => {
-  return writeACode(utils.Databases.PW_RESETS, userId)
+exports.getResetPasswordCode = async (userId, info) => {
+  return writeACode(utils.Databases.PW_RESETS, { userId, info })
 }
 
 /**