From 96698f7e0788ad377dfe5e118df37e6afede6b27 Mon Sep 17 00:00:00 2001 From: Rory Powell Date: Tue, 28 Sep 2021 15:22:19 +0100 Subject: [PATCH] Prevent root account users being re-created as internal budibase users --- packages/auth/accounts.js | 1 + packages/worker/src/api/controllers/global/users.js | 10 ++++++++++ 2 files changed, 11 insertions(+) create mode 100644 packages/auth/accounts.js diff --git a/packages/auth/accounts.js b/packages/auth/accounts.js new file mode 100644 index 0000000000..47ad03456a --- /dev/null +++ b/packages/auth/accounts.js @@ -0,0 +1 @@ +module.exports = require("./src/cloud/accounts") diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js index 1d3f38698b..9d2d27a05c 100644 --- a/packages/worker/src/api/controllers/global/users.js +++ b/packages/worker/src/api/controllers/global/users.js @@ -11,6 +11,7 @@ const { sendEmail } = require("../../../utilities/email") const { user: userCache } = require("@budibase/auth/cache") const { invalidateSessions } = require("@budibase/auth/sessions") const CouchDB = require("../../../db") +const accounts = require("@budibase/auth/accounts") const { getGlobalDB, getTenantId, @@ -49,10 +50,19 @@ async function saveUser( // make sure another user isn't using the same email let dbUser if (email) { + // check budibase users inside the tenant dbUser = await getGlobalUserByEmail(email) if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) { throw "Email address already in use." } + + // check root account users in account portal + if (!env.SELF_HOSTED) { + const account = await accounts.getAccount(email) + if (account) { + throw "Email address already in use." + } + } } else { dbUser = await db.get(_id) }