Merge pull request #2691 from Budibase/feature/onboarding-backend

SSO flow and account deletion
This commit is contained in:
Rory Powell 2021-09-22 09:47:06 +01:00 committed by GitHub
commit f62b525736
6 changed files with 34 additions and 12 deletions

View File

@ -12,6 +12,7 @@ const {
auditLog,
tenancy,
appTenancy,
authError,
} = require("./middleware")
const { setDB } = require("./db")
const userCache = require("./cache/user")
@ -60,6 +61,7 @@ module.exports = {
buildTenancyMiddleware: tenancy,
buildAppTenancyMiddleware: appTenancy,
auditLog,
authError,
},
cache: {
user: userCache,

View File

@ -2,6 +2,7 @@ const jwt = require("./passport/jwt")
const local = require("./passport/local")
const google = require("./passport/google")
const oidc = require("./passport/oidc")
const { authError } = require("./passport/utils")
const authenticated = require("./authenticated")
const auditLog = require("./auditLog")
const tenancy = require("./tenancy")
@ -16,4 +17,5 @@ module.exports = {
auditLog,
tenancy,
appTenancy,
authError,
}

View File

@ -27,7 +27,11 @@ async function authenticate(accessToken, refreshToken, profile, done) {
* from couchDB rather than environment variables, using this factory is necessary for dynamically configuring passport.
* @returns Dynamically configured Passport Google Strategy
*/
exports.strategyFactory = async function (config, callbackUrl) {
exports.strategyFactory = async function (
config,
callbackUrl,
verify = authenticate
) {
try {
const { clientID, clientSecret } = config
@ -43,7 +47,7 @@ exports.strategyFactory = async function (config, callbackUrl) {
clientSecret: config.clientSecret,
callbackURL: callbackUrl,
},
authenticate
verify
)
} catch (err) {
console.error(err)

View File

@ -30,6 +30,10 @@ exports.invalidateSessions = async (userId, sessionId = null) => {
sessions.push({ key: makeSessionID(userId, sessionId) })
} else {
sessions = await getSessionsForUser(userId)
sessions.forEach(
session =>
(session.key = makeSessionID(session.userId, session.sessionId))
)
}
const client = await redis.getSessionClient()
const promises = []

View File

@ -31,7 +31,12 @@ async function allUsers() {
return response.rows.map(row => row.doc)
}
async function saveUser(user, tenantId, hashPassword = true) {
async function saveUser(
user,
tenantId,
hashPassword = true,
requirePassword = true
) {
if (!tenantId) {
throw "No tenancy specified."
}
@ -57,7 +62,7 @@ async function saveUser(user, tenantId, hashPassword = true) {
hashedPassword = hashPassword ? await hash(password) : password
} else if (dbUser) {
hashedPassword = dbUser.password
} else {
} else if (requirePassword) {
throw "Password must be specified."
}
@ -106,16 +111,21 @@ exports.save = async ctx => {
}
}
const parseBooleanParam = param => {
if (param && param == "false") {
return false
} else {
return true
}
}
exports.adminUser = async ctx => {
const { email, password, tenantId } = ctx.request.body
// account portal sends a pre-hashed password - honour param to prevent double hashing
let hashPassword = ctx.request.query.hashPassword
if (hashPassword && hashPassword == "false") {
hashPassword = false
} else {
hashPassword = true
}
const hashPassword = parseBooleanParam(ctx.request.query.hashPassword)
// account portal sends no password for SSO users
const requirePassword = parseBooleanParam(ctx.request.query.requirePassword)
if (await doesTenantExist(tenantId)) {
ctx.throw(403, "Organisation already exists.")
@ -148,7 +158,7 @@ exports.adminUser = async ctx => {
tenantId,
}
try {
ctx.body = await saveUser(user, tenantId, hashPassword)
ctx.body = await saveUser(user, tenantId, hashPassword, requirePassword)
} catch (err) {
ctx.throw(err.status || 400, err)
}

View File

@ -10,7 +10,7 @@ function buildAdminInitValidation() {
return joiValidator.body(
Joi.object({
email: Joi.string().required(),
password: Joi.string().required(),
password: Joi.string(),
tenantId: Joi.string().required(),
})
.required()