Merge branch 'master' of github.com:Budibase/budibase into feature/security-update

This commit is contained in:
Andrew Kingston 2020-12-08 11:42:29 +00:00
commit b7cb7c59a0
12 changed files with 128 additions and 57 deletions

View File

@ -15,7 +15,7 @@ exports.fetch = async function(ctx) {
exports.create = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const { email, username, password, name, roleId } = ctx.request.body
const { email, password, roleId } = ctx.request.body
if (!email || !password) {
ctx.throw(400, "email and Password Required.")
@ -29,7 +29,6 @@ exports.create = async function(ctx) {
_id: generateUserID(email),
email,
password: await bcrypt.hash(password),
name,
type: "user",
roleId,
tableId: ViewNames.USERS,
@ -43,7 +42,6 @@ exports.create = async function(ctx) {
ctx.body = {
_rev: response.rev,
email,
name,
}
} catch (err) {
if (err.status === 409) {
@ -80,7 +78,6 @@ exports.find = async function(ctx) {
const user = await database.get(generateUserID(ctx.params.email))
ctx.body = {
email: user.email,
name: user.name,
_rev: user._rev,
}
}

View File

@ -127,8 +127,8 @@ describe("/automations", () => {
trigger.id = "wadiawdo34"
let createAction = ACTION_DEFINITIONS["CREATE_ROW"]
createAction.inputs.row = {
name: "{{trigger.name}}",
description: "{{trigger.description}}"
name: "{{trigger.row.name}}",
description: "{{trigger.row.description}}"
}
createAction.id = "awde444wk"
@ -167,19 +167,20 @@ describe("/automations", () => {
TEST_AUTOMATION.definition.trigger.inputs.tableId = table._id
TEST_AUTOMATION.definition.steps[0].inputs.row.tableId = table._id
await createAutomation()
await delay(500)
const res = await triggerWorkflow(automation._id)
// this looks a bit mad but we don't actually have a way to wait for a response from the automation to
// know that it has finished all of its actions - this is currently the best way
// also when this runs in CI it is very temper-mental so for now trying to make run stable by repeating until it works
// TODO: update when workflow logs are a thing
for (let tries = 0; tries < MAX_RETRIES; tries++) {
const res = await triggerWorkflow(automation._id)
expect(res.body.message).toEqual(`Automation ${automation._id} has been triggered.`)
expect(res.body.automation.name).toEqual(TEST_AUTOMATION.name)
await delay(500)
let elements = await getAllFromTable(request, appId, table._id)
// don't test it unless there are values to test
if (elements.length === 1) {
expect(elements.length).toEqual(1)
if (elements.length > 1) {
expect(elements.length).toEqual(5)
expect(elements[0].name).toEqual("Test")
expect(elements[0].description).toEqual("TEST")
return

View File

@ -5,14 +5,13 @@ const {
createUser,
testPermissionsForEndpoint,
} = require("./couchTestUtils")
const {
BUILTIN_ROLE_IDS,
} = require("../../../utilities/security/roles")
const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles")
const { cloneDeep } = require("lodash/fp")
const baseBody = {
email: "bill@bill.com",
password: "yeeooo",
roleId: BUILTIN_ROLE_IDS.POWER
roleId: BUILTIN_ROLE_IDS.POWER,
}
describe("/users", () => {
@ -22,7 +21,7 @@ describe("/users", () => {
let appId
beforeAll(async () => {
({ request, server } = await supertest(server))
;({ request, server } = await supertest(server))
})
beforeEach(async () => {
@ -42,16 +41,16 @@ describe("/users", () => {
const res = await request
.get(`/api/users`)
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect("Content-Type", /json/)
.expect(200)
expect(res.body.length).toBe(2)
expect(res.body.find(u => u.email === "brenda@brenda.com")).toBeDefined()
expect(res.body.find(u => u.email === "pam@pam.com")).toBeDefined()
})
it("should apply authorization to endpoint", async () => {
await createUser(request, appId, "brenda", "brendas_password")
await createUser(request, appId, "brenda@brenda.com", "brendas_password")
await testPermissionsForEndpoint({
request,
method: "GET",
@ -61,7 +60,6 @@ describe("/users", () => {
failRole: BUILTIN_ROLE_IDS.PUBLIC,
})
})
})
describe("create", () => {
@ -73,7 +71,7 @@ describe("/users", () => {
.set(defaultHeaders(appId))
.send(body)
.expect(200)
.expect('Content-Type', /json/)
.expect("Content-Type", /json/)
expect(res.res.statusMessage).toEqual("User created successfully.")
expect(res.body._id).toBeUndefined()

View File

@ -58,7 +58,7 @@ module.exports.definition = {
},
}
module.exports.run = async function({ inputs, appId, apiKey }) {
module.exports.run = async function({ inputs, appId, apiKey, emitter }) {
// TODO: better logging of when actions are missed due to missing parameters
if (inputs.row == null || inputs.row.tableId == null) {
return
@ -77,6 +77,7 @@ module.exports.run = async function({ inputs, appId, apiKey }) {
body: inputs.row,
},
user: { appId },
eventEmitter: emitter,
}
try {

View File

@ -59,7 +59,7 @@ module.exports.definition = {
},
}
module.exports.run = async function({ inputs, appId, apiKey }) {
module.exports.run = async function({ inputs, appId, apiKey, emitter }) {
const { email, password, roleId } = inputs
const ctx = {
user: {
@ -68,6 +68,7 @@ module.exports.run = async function({ inputs, appId, apiKey }) {
request: {
body: { email, password, roleId },
},
eventEmitter: emitter,
}
try {

View File

@ -50,7 +50,7 @@ module.exports.definition = {
},
}
module.exports.run = async function({ inputs, appId, apiKey }) {
module.exports.run = async function({ inputs, appId, apiKey, emitter }) {
// TODO: better logging of when actions are missed due to missing parameters
if (inputs.id == null || inputs.revision == null) {
return
@ -62,6 +62,7 @@ module.exports.run = async function({ inputs, appId, apiKey }) {
revId: inputs.revision,
},
user: { appId },
eventEmitter: emitter,
}
try {

View File

@ -53,7 +53,7 @@ module.exports.definition = {
},
}
module.exports.run = async function({ inputs, appId }) {
module.exports.run = async function({ inputs, appId, emitter }) {
if (inputs.rowId == null || inputs.row == null) {
return
}
@ -79,6 +79,7 @@ module.exports.run = async function({ inputs, appId }) {
body: inputs.row,
},
user: { appId },
eventEmitter: emitter,
}
try {

View File

@ -2,6 +2,7 @@ const handlebars = require("handlebars")
const actions = require("./actions")
const logic = require("./logic")
const automationUtils = require("./automationUtils")
const AutomationEmitter = require("../events/AutomationEmitter")
handlebars.registerHelper("object", value => {
return new handlebars.SafeString(JSON.stringify(value))
@ -32,12 +33,18 @@ function recurseMustache(inputs, context) {
*/
class Orchestrator {
constructor(automation, triggerOutput) {
this._metadata = triggerOutput.metadata
this._chainCount = this._metadata ? this._metadata.automationChainCount : 0
this._appId = triggerOutput.appId
// remove from context
delete triggerOutput.appId
delete triggerOutput.metadata
// step zero is never used as the mustache is zero indexed for customer facing
this._context = { steps: [{}], trigger: triggerOutput }
this._automation = automation
// create an emitter which has the chain count for this automation run in it, so it can block
// excessive chaining if required
this._emitter = new AutomationEmitter(this._chainCount + 1)
}
async getStepFunctionality(type, stepId) {
@ -68,6 +75,7 @@ class Orchestrator {
inputs: step.inputs,
appId: this._appId,
apiKey: automation.apiKey,
emitter: this._emitter,
})
if (step.stepId === FILTER_STEP_ID && !outputs.success) {
break

View File

@ -174,22 +174,20 @@ async function fillRowOutput(automation, params) {
let table = await db.get(tableId)
let row = {}
for (let schemaKey of Object.keys(table.schema)) {
if (params[schemaKey] != null) {
continue
}
const paramValue = params[schemaKey]
let propSchema = table.schema[schemaKey]
switch (propSchema.constraints.type) {
case "string":
row[schemaKey] = FAKE_STRING
row[schemaKey] = paramValue || FAKE_STRING
break
case "boolean":
row[schemaKey] = FAKE_BOOL
row[schemaKey] = paramValue || FAKE_BOOL
break
case "number":
row[schemaKey] = FAKE_NUMBER
row[schemaKey] = paramValue || FAKE_NUMBER
break
case "datetime":
row[schemaKey] = FAKE_DATETIME
row[schemaKey] = paramValue || FAKE_DATETIME
break
}
}

View File

@ -0,0 +1,51 @@
const { rowEmission, tableEmission } = require("./utils")
const mainEmitter = require("./index")
// max number of automations that can chain on top of each other
const MAX_AUTOMATION_CHAIN = 5
/**
* Special emitter which takes the count of automation runs which have occurred and blocks an
* automation from running if it has reached the maximum number of chained automations runs.
* This essentially "fakes" the normal emitter to add some functionality in-between to stop automations
* from getting stuck endlessly chaining.
*/
class AutomationEmitter {
constructor(chainCount) {
this.chainCount = chainCount
this.metadata = {
automationChainCount: chainCount,
}
}
emitRow(eventName, appId, row, table = null) {
// don't emit even if we've reached max automation chain
if (this.chainCount >= MAX_AUTOMATION_CHAIN) {
return
}
rowEmission({
emitter: mainEmitter,
eventName,
appId,
row,
table,
metadata: this.metadata,
})
}
emitTable(eventName, appId, table = null) {
// don't emit even if we've reached max automation chain
if (this.chainCount > MAX_AUTOMATION_CHAIN) {
return
}
tableEmission({
emitter: mainEmitter,
eventName,
appId,
table,
metadata: this.metadata,
})
}
}
module.exports = AutomationEmitter

View File

@ -1,4 +1,5 @@
const EventEmitter = require("events").EventEmitter
const { rowEmission, tableEmission } = require("./utils")
/**
* keeping event emitter in one central location as it might be used for things other than
@ -12,36 +13,11 @@ const EventEmitter = require("events").EventEmitter
*/
class BudibaseEmitter extends EventEmitter {
emitRow(eventName, appId, row, table = null) {
let event = {
row,
appId,
tableId: row.tableId,
}
if (table) {
event.table = table
}
event.id = row._id
if (row._rev) {
event.revision = row._rev
}
this.emit(eventName, event)
rowEmission({ emitter: this, eventName, appId, row, table })
}
emitTable(eventName, appId, table = null) {
const tableId = table._id
let event = {
table: {
...table,
tableId: tableId,
},
appId,
tableId: tableId,
}
event.id = tableId
if (table._rev) {
event.revision = table._rev
}
this.emit(eventName, event)
tableEmission({ emitter: this, eventName, appId, table })
}
}

View File

@ -0,0 +1,38 @@
exports.rowEmission = ({ emitter, eventName, appId, row, table, metadata }) => {
let event = {
row,
appId,
tableId: row.tableId,
}
if (table) {
event.table = table
}
event.id = row._id
if (row._rev) {
event.revision = row._rev
}
if (metadata) {
event.metadata = metadata
}
emitter.emit(eventName, event)
}
exports.tableEmission = ({ emitter, eventName, appId, table, metadata }) => {
const tableId = table._id
let event = {
table: {
...table,
tableId: tableId,
},
appId,
tableId: tableId,
}
event.id = tableId
if (table._rev) {
event.revision = table._rev
}
if (metadata) {
event.metadata = metadata
}
emitter.emit(eventName, event)
}