From a68227735cdf0fe19ae867745a79ab642e4b898a Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Tue, 13 Apr 2021 16:56:45 +0100 Subject: [PATCH] ensuring public users can log in after being assigned a roleId --- packages/client/src/api/auth.js | 4 +-- packages/client/src/store/auth.js | 11 ++----- packages/server/src/middleware/currentapp.js | 5 ++- .../src/utilities/builder/setBuilderToken.js | 33 ------------------- packages/worker/src/api/controllers/auth.js | 2 +- 5 files changed, 10 insertions(+), 45 deletions(-) delete mode 100644 packages/server/src/utilities/builder/setBuilderToken.js diff --git a/packages/client/src/api/auth.js b/packages/client/src/api/auth.js index 9b2988c69d..426d4f08d0 100644 --- a/packages/client/src/api/auth.js +++ b/packages/client/src/api/auth.js @@ -13,8 +13,8 @@ export const logIn = async ({ email, password }) => { return API.error("Please enter your password") } return await API.post({ - url: "/api/authenticate", - body: { email, password }, + url: "/api/admin/auth", + body: { username: email, password }, }) } diff --git a/packages/client/src/store/auth.js b/packages/client/src/store/auth.js index 8158e343c4..9e01a5648f 100644 --- a/packages/client/src/store/auth.js +++ b/packages/client/src/store/auth.js @@ -19,8 +19,8 @@ const createAuthStore = () => { // Logs a user in const logIn = async ({ email, password }) => { - const user = await API.logIn({ email, password }) - if (!user.error) { + const auth = await API.logIn({ email, password }) + if (auth.success) { await fetchUser() await initialise() goToDefaultRoute() @@ -30,12 +30,7 @@ const createAuthStore = () => { // Logs a user out const logOut = async () => { store.set(null) - const appId = get(builderStore).appId - if (appId) { - for (let environment of ["local", "cloud"]) { - window.document.cookie = `budibase:${appId}:${environment}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;` - } - } + window.document.cookie = `budibase:auth=; budibase:currentapp=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;` await initialise() goToDefaultRoute() } diff --git a/packages/server/src/middleware/currentapp.js b/packages/server/src/middleware/currentapp.js index ba1b94559c..1a9468c6eb 100644 --- a/packages/server/src/middleware/currentapp.js +++ b/packages/server/src/middleware/currentapp.js @@ -23,8 +23,11 @@ module.exports = async (ctx, next) => { roleId = BUILTIN_ROLE_IDS.PUBLIC } else if ( requestAppId != null && - (appCookie == null || requestAppId !== appCookie.appId) + (appCookie == null || + requestAppId !== appCookie.appId || + appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC) ) { + // Different App ID means cookie needs reset, or if the same public user has logged in const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user.email) updateCookie = true appId = requestAppId diff --git a/packages/server/src/utilities/builder/setBuilderToken.js b/packages/server/src/utilities/builder/setBuilderToken.js deleted file mode 100644 index 663a962582..0000000000 --- a/packages/server/src/utilities/builder/setBuilderToken.js +++ /dev/null @@ -1,33 +0,0 @@ -const { BUILTIN_ROLE_IDS } = require("../security/roles") -const env = require("../../environment") -const CouchDB = require("../../db") -const jwt = require("jsonwebtoken") -const { DocumentTypes, SEPARATOR } = require("../../db/utils") -const { setCookie } = require("@budibase/auth") -// const { setCookie, clearCookie } = require("../index") -// const APP_PREFIX = DocumentTypes.APP + SEPARATOR - -module.exports = async (ctx, appId, version) => { - // const builderUser = { - // userId: "BUILDER", - // roleId: BUILTIN_ROLE_IDS.BUILDER, - // version, - // } - // if (env.BUDIBASE_API_KEY) { - // builderUser.apiKey = env.BUDIBASE_API_KEY - // } - // const token = jwt.sign(builderUser, ctx.config.jwtSecret, { - // expiresIn: "30 days", - // }) - - // set the builder token - // setCookie(ctx, token, "builder") - // setCookie(ctx, appId, "currentapp") - // need to clear all app tokens or else unable to use the app in the builder - // let allDbNames = await CouchDB.allDbs() - // allDbNames.map(dbName => { - // if (dbName.startsWith(APP_PREFIX)) { - // clearCookie(ctx, dbName) - // } - // }) -} diff --git a/packages/worker/src/api/controllers/auth.js b/packages/worker/src/api/controllers/auth.js index 2f83effb63..1dbaa36743 100644 --- a/packages/worker/src/api/controllers/auth.js +++ b/packages/worker/src/api/controllers/auth.js @@ -28,7 +28,7 @@ exports.authenticate = async (ctx, next) => { } exports.logout = async ctx => { - clearCookie(Cookies.Auth) + clearCookie(ctx, Cookies.Auth) ctx.body = { success: true } }