Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures.

packages/builder/src/components/login/LoginForm.svelte

@@ -1,5 +1,5 @@
 <script>
-  import { Button, Label, Input, TextArea, Spacer } from "@budibase/bbui"
+  import { Button, Label, Input, Spacer } from "@budibase/bbui"
   import { notifier } from "builderStore/store/notifications"
   import { auth } from "stores/backend"
 
@@ -8,24 +8,20 @@
 
   async function login() {
     try {
-      const json = await auth.login({
+      await auth.login({
         username,
         password,
       })
-      if (json.success) {
+      notifier.success("Logged in successfully.")
-        notifier.success("Logged in successfully.")
-      } else {
-        notifier.danger("Invalid credentials")
-      }
     } catch (err) {
       console.error(err)
-      notifier.danger(`Error logging in: ${err}`)
+      notifier.danger("Invalid credentials")
     }
   }
 
   async function createTestUser() {
     try {
-      const json = await auth.createUser({
+      await auth.createUser({
         email: "test@test.com",
         password: "test",
         roles: {},
@@ -36,6 +32,7 @@
       notifier.success("Test user created")
     } catch (err) {
       console.error(err)
+      notifier.danger("Could not create test user")
     }
   }
 </script>

packages/builder/src/pages/builder/_layout.svelte

@@ -1,5 +1,5 @@
 <script>
-  import { Home as Link, Button } from "@budibase/bbui"
+  import { Home as Link } from "@budibase/bbui"
   import {
     AppsIcon,
     HostingIcon,

packages/builder/src/stores/backend/auth.js

@@ -21,7 +21,11 @@ export function createAuthStore() {
     login: async creds => {
       const response = await api.post(`/api/admin/auth`, creds)
       const json = await response.json()
-      set({ user: json })
+      if (response.status === 200) {
+        set({ user: json.user })
+      } else {
+        throw "Invalid credentials"
+      }
       return json
     },
     logout: async () => {

packages/server/src/api/controllers/dev.js

@@ -0,0 +1,34 @@
+const fetch = require("node-fetch")
+const env = require("../../environment")
+const { checkSlashesInUrl } = require("../../utilities")
+const { request } = require("../../utilities/workerRequests")
+
+async function redirect(ctx, method) {
+  const { path } = ctx.params
+  const response = await fetch(
+    checkSlashesInUrl(`${env.WORKER_URL}/api/admin/${path}`),
+    request(ctx, {
+      method,
+      body: ctx.request.body,
+    })
+  )
+  ctx.body = await response.json()
+  const cookie = response.headers.get("set-cookie")
+  if (cookie) {
+    ctx.set("set-cookie", cookie)
+  }
+  ctx.status = response.status
+  ctx.cookies
+}
+
+exports.redirectGet = async ctx => {
+  await redirect(ctx, "GET")
+}
+
+exports.redirectPost = async ctx => {
+  await redirect(ctx, "POST")
+}
+
+exports.redirectDelete = async ctx => {
+  await redirect(ctx, "DELETE")
+}

packages/server/src/api/routes/dev.js

@@ -0,0 +1,13 @@
+const Router = require("@koa/router")
+const controller = require("../controllers/dev")
+const env = require("../../environment")
+
+const router = Router()
+
+if (env.isDev()) {
+  router.get("/api/admin/:path", controller.redirectGet)
+  router.post("/api/admin/:path", controller.redirectPost)
+  router.delete("/api/admin/:path", controller.redirectDelete)
+}
+
+module.exports = router

packages/server/src/api/routes/index.js

@@ -22,6 +22,7 @@ const datasourceRoutes = require("./datasource")
 const queryRoutes = require("./query")
 const hostingRoutes = require("./hosting")
 const backupRoutes = require("./backup")
+const devRoutes = require("./dev")
 
 exports.mainRoutes = [
   deployRoutes,
@@ -44,6 +45,7 @@ exports.mainRoutes = [
   queryRoutes,
   hostingRoutes,
   backupRoutes,
+  devRoutes,
   // these need to be handled last as they still use /api/:tableId
   // this could be breaking as koa may recognise other routes as this
   tableRoutes,

packages/server/src/utilities/users.js

@@ -9,10 +9,11 @@ exports.getFullUser = async ({ ctx, email, userId }) => {
   if (!email) {
     email = getEmailFromUserMetadataID(userId)
   }
-  const db = new CouchDB(ctx.appId)
   const global = await getGlobalUsers(ctx, ctx.appId, email)
   let metadata
   try {
+    // this will throw an error if the db doesn't exist, or there is no appId
+    const db = new CouchDB(ctx.appId)
     metadata = await db.get(generateUserMetadataID(email))
   } catch (err) {
     // it is fine if there is no user metadata, just remove global db info

packages/server/src/utilities/workerRequests.js

@@ -11,11 +11,11 @@ function getAppRole(appId, user) {
   if (!user.roleId) {
     user.roleId = BUILTIN_ROLE_IDS.PUBLIC
   }
-  // delete user.roles
+  delete user.roles
   return user
 }
 
-function prepRequest(ctx, request) {
+function request(ctx, request) {
   if (!request.headers) {
     request.headers = {}
   }
@@ -32,6 +32,8 @@ function prepRequest(ctx, request) {
   return request
 }
 
+exports.request = request
+
 exports.getDeployedApps = async ctx => {
   if (!env.SELF_HOSTED) {
     throw "Can only check apps for self hosted environments"
@@ -39,7 +41,7 @@ exports.getDeployedApps = async ctx => {
   try {
     const response = await fetch(
       checkSlashesInUrl(env.WORKER_URL + `/api/apps`),
-      prepRequest(ctx, {
+      request(ctx, {
         method: "GET",
       })
     )
@@ -63,19 +65,22 @@ exports.deleteGlobalUser = async (ctx, email) => {
   const reqCfg = { method: "DELETE" }
   const response = await fetch(
     checkSlashesInUrl(env.WORKER_URL + endpoint),
-    prepRequest(ctx, reqCfg)
+    request(ctx, reqCfg)
   )
   return response.json()
 }
 
-exports.getGlobalUsers = async (ctx, appId, email = null) => {
+exports.getGlobalUsers = async (ctx, appId = null, email = null) => {
   const endpoint = email ? `/api/admin/users/${email}` : `/api/admin/users`
   const reqCfg = { method: "GET" }
   const response = await fetch(
     checkSlashesInUrl(env.WORKER_URL + endpoint),
-    prepRequest(ctx, reqCfg)
+    request(ctx, reqCfg)
   )
   let users = await response.json()
+  if (!appId) {
+    return users
+  }
   if (Array.isArray(users)) {
     users = users.map(user => getAppRole(appId, user))
   } else {
@@ -107,7 +112,7 @@ exports.saveGlobalUser = async (ctx, appId, email, body) => {
 
   const response = await fetch(
     checkSlashesInUrl(env.WORKER_URL + endpoint),
-    prepRequest(ctx, reqCfg)
+    request(ctx, reqCfg)
   )
   const json = await response.json()
   if (json.status !== 200 && response.status !== 200) {

packages/worker/src/api/controllers/auth.js

@@ -3,15 +3,14 @@ const { passport, Cookies, clearCookie } = require("@budibase/auth")
 exports.authenticate = async (ctx, next) => {
   return passport.authenticate("local", async (err, user) => {
     if (err) {
-      return ctx.throw(err)
+      return ctx.throw(403, "Unauthorized")
     }
 
     const expires = new Date()
     expires.setDate(expires.getDate() + 1)
 
     if (!user) {
-      ctx.body = { success: false }
+      return ctx.throw(403, "Unauthorized")
-      return next()
     }
 
     ctx.cookies.set(Cookies.Auth, user.token, {
@@ -23,13 +22,13 @@ exports.authenticate = async (ctx, next) => {
 
     delete user.token
 
-    ctx.body = { success: true, user }
+    ctx.body = { user }
   })(ctx, next)
 }
 
 exports.logout = async ctx => {
   clearCookie(ctx, Cookies.Auth)
-  ctx.body = { success: true }
+  ctx.body = { messaged: "User logged out" }
 }
 
 exports.googleAuth = async () => {