Merge pull request #2985 from Budibase/fix/postrelease

Fix/postrelease

packages/auth/src/middleware/authenticated.js

@@ -42,8 +42,9 @@ module.exports = (
         internal = false
       if (authCookie) {
         let error = null
-        const sessionId = authCookie.sessionId,
+        const sessionId = authCookie.sessionId
-          userId = authCookie.userId
+        const userId = authCookie.userId
+
         const session = await getSession(userId, sessionId)
         if (!session) {
           error = "No session found"

packages/auth/src/security/sessions.js

@@ -24,17 +24,24 @@ exports.createASession = async (userId, session) => {
   await client.store(makeSessionID(userId, sessionId), session, EXPIRY_SECONDS)
 }
 
-exports.invalidateSessions = async (userId, sessionId = null) => {
+exports.invalidateSessions = async (userId, sessionIds = null) => {
   let sessions = []
-  if (sessionId) {
+
-    sessions.push({ key: makeSessionID(userId, sessionId) })
+  // If no sessionIds, get all the sessions for the user
-  } else {
+  if (!sessionIds) {
     sessions = await getSessionsForUser(userId)
     sessions.forEach(
       session =>
         (session.key = makeSessionID(session.userId, session.sessionId))
     )
+  } else {
+    // use the passed array of sessionIds
+    sessions = Array.isArray(sessionIds) ? sessionIds : [sessionIds]
+    sessions = sessions.map(sessionId => ({
+      key: makeSessionID(userId, sessionId),
+    }))
   }
+
   const client = await redis.getSessionClient()
   const promises = []
   for (let session of sessions) {

packages/auth/src/utils.js

@@ -7,7 +7,7 @@ const {
 const jwt = require("jsonwebtoken")
 const { options } = require("./middleware/passport/jwt")
 const { createUserEmailView } = require("./db/views")
-const { Headers, UserStatus } = require("./constants")
+const { Headers, UserStatus, Cookies } = require("./constants")
 const {
   getGlobalDB,
   updateTenantId,
@@ -19,6 +19,7 @@ const accounts = require("./cloud/accounts")
 const { hash } = require("./hashing")
 const userCache = require("./cache/user")
 const env = require("./environment")
+const { getUserSessions, invalidateSessions } = require("./security/sessions")
 
 const APP_PREFIX = DocumentTypes.APP + SEPARATOR
 
@@ -235,3 +236,28 @@ exports.saveUser = async (
     }
   }
 }
+
+/**
+ * Logs a user out from budibase. Re-used across account portal and builder.
+ */
+exports.platformLogout = async ({ ctx, userId, keepActiveSession }) => {
+  if (!ctx) throw new Error("Koa context must be supplied to logout.")
+
+  const currentSession = this.getCookie(ctx, Cookies.Auth)
+  let sessions = await getUserSessions(userId)
+
+  if (keepActiveSession) {
+    sessions = sessions.filter(
+      session => session.sessionId !== currentSession.sessionId
+    )
+  } else {
+    // clear cookies
+    this.clearCookie(ctx, Cookies.Auth)
+    this.clearCookie(ctx, Cookies.CurrentApp)
+  }
+
+  await invalidateSessions(
+    userId,
+    sessions.map(({ sessionId }) => sessionId)
+  )
+}

packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte

@@ -32,6 +32,7 @@
   const FORMULA_TYPE = FIELDS.FORMULA.type
   const LINK_TYPE = FIELDS.LINK.type
   const dispatch = createEventDispatcher()
+  const PROHIBITED_COLUMN_NAMES = ["type", "_id", "_rev", "tableId"]
   const { hide } = getContext(Context.Modal)
   let fieldDefinitions = cloneDeep(FIELDS)
 
@@ -66,6 +67,10 @@
     (field.type === LINK_TYPE && !field.tableId) ||
     Object.keys($tables.draft?.schema ?? {}).some(
       key => key !== originalName && key === field.name
+    ) ||
+    columnNameInvalid
+  $: columnNameInvalid = PROHIBITED_COLUMN_NAMES.some(
+    name => field.name === name
   )
 
   // used to select what different options can be displayed for column type
@@ -200,6 +205,9 @@
     label="Name"
     bind:value={field.name}
     disabled={uneditable || (linkEditDisabled && field.type === LINK_TYPE)}
+    error={columnNameInvalid
+      ? `${PROHIBITED_COLUMN_NAMES.join(", ")} are not allowed as column names`
+      : ""}
   />
 
   <Select

packages/builder/src/components/backend/DatasourceNavigator/TableIntegrationMenu/IntegrationConfigForm.svelte

@@ -1,10 +1,18 @@
 <script>
-  import { Label, Input, Layout, Toggle, Button } from "@budibase/bbui"
+  import {
+    Label,
+    Input,
+    Layout,
+    Toggle,
+    Button,
+    TextArea,
+  } from "@budibase/bbui"
   import KeyValueBuilder from "components/integration/KeyValueBuilder.svelte"
   import { capitalise } from "helpers"
 
   export let integration
   export let schema
+
   let addButton
 </script>
 
@@ -29,6 +37,15 @@
           <Label>{capitalise(configKey)}</Label>
           <Toggle text="" bind:value={integration[configKey]} />
         </div>
+      {:else if schema[configKey].type === "longForm"}
+        <div class="form-row">
+          <Label>{capitalise(configKey)}</Label>
+          <TextArea
+            type={schema[configKey].type}
+            on:change
+            bind:value={integration[configKey]}
+          />
+        </div>
       {:else}
         <div class="form-row">
           <Label>{capitalise(configKey)}</Label>

packages/builder/src/components/backend/DatasourceNavigator/modals/CreateDatasourceModal.svelte

@@ -60,7 +60,7 @@
 </Modal>
 
 <Modal bind:this={externalDatasourceModal}>
-  <DatasourceConfigModal {integration} />
+  <DatasourceConfigModal {integration} {modal} />
 </Modal>
 
 <Modal bind:this={modal}>

packages/builder/src/components/backend/DatasourceNavigator/modals/DatasourceConfigModal.svelte

@@ -64,7 +64,7 @@
     ? "Fetch tables from database"
     : "Save and continue to query"}
   cancelText="Back"
-  size="M"
+  size="L"
 >
   <Layout noPadding>
     <Body size="XS"

packages/server/src/automations/steps/discord.js

@@ -77,7 +77,7 @@ exports.run = async function ({ inputs }) {
   const { status, message } = await getFetchResponse(response)
   return {
     httpStatus: status,
-    success: status === 200,
+    success: status === 200 || status === 204,
     response: message,
   }
 }

packages/server/src/definitions/datasource.ts

@@ -20,12 +20,14 @@ export enum QueryTypes {
 
 export enum DatasourceFieldTypes {
   STRING = "string",
+  LONGFORM = "longForm",
   BOOLEAN = "boolean",
   NUMBER = "number",
   PASSWORD = "password",
   LIST = "list",
   OBJECT = "object",
   JSON = "json",
+  FILE = "file",
 }
 
 export enum SourceNames {

packages/server/src/integrations/postgres.ts

@@ -28,6 +28,8 @@ module PostgresModule {
     user: string
     password: string
     ssl?: boolean
+    ca?: string
+    rejectUnauthorized?: boolean
   }
 
   const SCHEMA: Integration = {
@@ -67,6 +69,16 @@ module PostgresModule {
         default: false,
         required: false,
       },
+      rejectUnauthorized: {
+        type: DatasourceFieldTypes.BOOLEAN,
+        default: false,
+        required: false,
+      },
+      ca: {
+        type: DatasourceFieldTypes.LONGFORM,
+        default: false,
+        required: false,
+      },
     },
     query: {
       create: {
@@ -144,7 +156,12 @@ module PostgresModule {
 
       let newConfig = {
         ...this.config,
-        ssl: this.config.ssl ? { rejectUnauthorized: true } : undefined,
+        ssl: this.config.ssl
+          ? {
+              rejectUnauthorized: this.config.rejectUnauthorized,
+              ca: this.config.ca,
+            }
+          : undefined,
       }
       if (!this.pool) {
         this.pool = new Pool(newConfig)

packages/worker/src/api/controllers/global/auth.js

@@ -14,6 +14,7 @@ const {
   isMultiTenant,
 } = require("@budibase/auth/tenancy")
 const env = require("../../../environment")
+const { platformLogout } = require("../../../../../auth/src/utils")
 
 function googleCallbackUrl(config) {
   // incase there is a callback URL from before
@@ -121,8 +122,7 @@ exports.resetUpdate = async ctx => {
 }
 
 exports.logout = async ctx => {
-  clearCookie(ctx, Cookies.Auth)
+  await platformLogout({ ctx, userId: ctx.user._id })
-  clearCookie(ctx, Cookies.CurrentApp)
   ctx.body = { message: "User logged out." }
 }
 

packages/worker/src/api/controllers/global/users.js

@@ -3,7 +3,8 @@ const {
   StaticDatabases,
   generateNewUsageQuotaDoc,
 } = require("@budibase/auth/db")
-const { hash, getGlobalUserByEmail, saveUser } = require("@budibase/auth").utils
+const { hash, getGlobalUserByEmail, saveUser, platformLogout } =
+  require("@budibase/auth").utils
 const { EmailTemplatePurpose } = require("../../../constants")
 const { checkInviteCode } = require("../../../utilities/redis")
 const { sendEmail } = require("../../../utilities/email")
@@ -173,7 +174,14 @@ exports.updateSelf = async ctx => {
   const db = getGlobalDB()
   const user = await db.get(ctx.user._id)
   if (ctx.request.body.password) {
+    // changing password
     ctx.request.body.password = await hash(ctx.request.body.password)
+    // Log all other sessions out apart from the current one
+    await platformLogout({
+      ctx,
+      userId: ctx.user._id,
+      keepActiveSession: true,
+    })
   }
   // don't allow sending up an ID/Rev, always use the existing one
   delete ctx.request.body._id