MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update error message to be more generic

This commit is contained in:
Martin McKeaveney 2025-02-15 19:07:26 +00:00
parent b85f198fc2
commit d933e47754
2 changed files with 7 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/server/src/middleware/ensureTenantAppOwnership.ts
View File

@ -6,10 +6,9 @@ async function ensureTenantAppOwnership(ctx: UserCtx, next: any) {
if (!appId) { if (!appId) {
ctx.throw(400, "appId must be provided") ctx.throw(400, "appId must be provided")
} }
const exportAppId = tenancy.getTenantIDFromAppID(appId)
const tenantId = tenancy.getTenantId() const tenantId = tenancy.getTenantId()
if (exportAppId !== tenantId) { if (appId !== tenantId) {
ctx.throw(403, `Cannot export app from another tenant`) ctx.throw(403, `App does not belong to tenant`)
} }
await next() await next()
} }

16
packages/server/src/middleware/tests/ensureTenantAppOwnership.spec.js
View File

@ -4,7 +4,6 @@ import { tenancy, utils } from "@budibase/backend-core"
jest.mock("@budibase/backend-core", () => ({ jest.mock("@budibase/backend-core", () => ({
tenancy: { tenancy: {
getTenantId: jest.fn(), getTenantId: jest.fn(),
getTenantIDFromAppID: jest.fn(),
}, },
utils: { utils: {
getAppIdFromCtx: jest.fn(), getAppIdFromCtx: jest.fn(),
@ -12,7 +11,7 @@ jest.mock("@budibase/backend-core", () => ({
})) }))
class TestConfiguration { class TestConfiguration {
constructor(appId = "app_123") { constructor(appId = "tenant_1") {
this.next = jest.fn() this.next = jest.fn()
this.throw = jest.fn() this.throw = jest.fn()
this.middleware = ensureTenantAppOwnership this.middleware = ensureTenantAppOwnership
@ -45,8 +44,7 @@ describe("Ensure Tenant Ownership Middleware", () => {
config.afterEach() config.afterEach()
}) })
it("calls next() when tenant IDs match", async () => { it("calls next() when appId matches tenant ID", async () => {
tenancy.getTenantIDFromAppID.mockReturnValue("tenant_1")
tenancy.getTenantId.mockReturnValue("tenant_1") tenancy.getTenantId.mockReturnValue("tenant_1")
await config.executeMiddleware() await config.executeMiddleware()
@ -55,17 +53,13 @@ describe("Ensure Tenant Ownership Middleware", () => {
expect(config.next).toHaveBeenCalled() expect(config.next).toHaveBeenCalled()
}) })
it("throws 403 when tenant IDs do not match", async () => { it("throws 403 when appId does not match tenant ID", async () => {
tenancy.getTenantIDFromAppID.mockReturnValue("tenant_2") tenancy.getTenantId.mockReturnValue("tenant_2")
tenancy.getTenantId.mockReturnValue("tenant_1")
await config.executeMiddleware() await config.executeMiddleware()
expect(utils.getAppIdFromCtx).toHaveBeenCalledWith(config.ctx) expect(utils.getAppIdFromCtx).toHaveBeenCalledWith(config.ctx)
expect(config.throw).toHaveBeenCalledWith( expect(config.throw).toHaveBeenCalledWith(403, "App does not belong to tenant")
403,
"Cannot export app from another tenant"
)
}) })
it("throws 400 when appId is missing", async () => { it("throws 400 when appId is missing", async () => {