Merge pull request #2691 from Budibase/feature/onboarding-backend
SSO flow and account deletion
This commit is contained in:
commit
f62b525736
|
@ -12,6 +12,7 @@ const {
|
|||
auditLog,
|
||||
tenancy,
|
||||
appTenancy,
|
||||
authError,
|
||||
} = require("./middleware")
|
||||
const { setDB } = require("./db")
|
||||
const userCache = require("./cache/user")
|
||||
|
@ -60,6 +61,7 @@ module.exports = {
|
|||
buildTenancyMiddleware: tenancy,
|
||||
buildAppTenancyMiddleware: appTenancy,
|
||||
auditLog,
|
||||
authError,
|
||||
},
|
||||
cache: {
|
||||
user: userCache,
|
||||
|
|
|
@ -2,6 +2,7 @@ const jwt = require("./passport/jwt")
|
|||
const local = require("./passport/local")
|
||||
const google = require("./passport/google")
|
||||
const oidc = require("./passport/oidc")
|
||||
const { authError } = require("./passport/utils")
|
||||
const authenticated = require("./authenticated")
|
||||
const auditLog = require("./auditLog")
|
||||
const tenancy = require("./tenancy")
|
||||
|
@ -16,4 +17,5 @@ module.exports = {
|
|||
auditLog,
|
||||
tenancy,
|
||||
appTenancy,
|
||||
authError,
|
||||
}
|
||||
|
|
|
@ -27,7 +27,11 @@ async function authenticate(accessToken, refreshToken, profile, done) {
|
|||
* from couchDB rather than environment variables, using this factory is necessary for dynamically configuring passport.
|
||||
* @returns Dynamically configured Passport Google Strategy
|
||||
*/
|
||||
exports.strategyFactory = async function (config, callbackUrl) {
|
||||
exports.strategyFactory = async function (
|
||||
config,
|
||||
callbackUrl,
|
||||
verify = authenticate
|
||||
) {
|
||||
try {
|
||||
const { clientID, clientSecret } = config
|
||||
|
||||
|
@ -43,7 +47,7 @@ exports.strategyFactory = async function (config, callbackUrl) {
|
|||
clientSecret: config.clientSecret,
|
||||
callbackURL: callbackUrl,
|
||||
},
|
||||
authenticate
|
||||
verify
|
||||
)
|
||||
} catch (err) {
|
||||
console.error(err)
|
||||
|
|
|
@ -30,6 +30,10 @@ exports.invalidateSessions = async (userId, sessionId = null) => {
|
|||
sessions.push({ key: makeSessionID(userId, sessionId) })
|
||||
} else {
|
||||
sessions = await getSessionsForUser(userId)
|
||||
sessions.forEach(
|
||||
session =>
|
||||
(session.key = makeSessionID(session.userId, session.sessionId))
|
||||
)
|
||||
}
|
||||
const client = await redis.getSessionClient()
|
||||
const promises = []
|
||||
|
|
|
@ -31,7 +31,12 @@ async function allUsers() {
|
|||
return response.rows.map(row => row.doc)
|
||||
}
|
||||
|
||||
async function saveUser(user, tenantId, hashPassword = true) {
|
||||
async function saveUser(
|
||||
user,
|
||||
tenantId,
|
||||
hashPassword = true,
|
||||
requirePassword = true
|
||||
) {
|
||||
if (!tenantId) {
|
||||
throw "No tenancy specified."
|
||||
}
|
||||
|
@ -57,7 +62,7 @@ async function saveUser(user, tenantId, hashPassword = true) {
|
|||
hashedPassword = hashPassword ? await hash(password) : password
|
||||
} else if (dbUser) {
|
||||
hashedPassword = dbUser.password
|
||||
} else {
|
||||
} else if (requirePassword) {
|
||||
throw "Password must be specified."
|
||||
}
|
||||
|
||||
|
@ -106,16 +111,21 @@ exports.save = async ctx => {
|
|||
}
|
||||
}
|
||||
|
||||
const parseBooleanParam = param => {
|
||||
if (param && param == "false") {
|
||||
return false
|
||||
} else {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
exports.adminUser = async ctx => {
|
||||
const { email, password, tenantId } = ctx.request.body
|
||||
|
||||
// account portal sends a pre-hashed password - honour param to prevent double hashing
|
||||
let hashPassword = ctx.request.query.hashPassword
|
||||
if (hashPassword && hashPassword == "false") {
|
||||
hashPassword = false
|
||||
} else {
|
||||
hashPassword = true
|
||||
}
|
||||
const hashPassword = parseBooleanParam(ctx.request.query.hashPassword)
|
||||
// account portal sends no password for SSO users
|
||||
const requirePassword = parseBooleanParam(ctx.request.query.requirePassword)
|
||||
|
||||
if (await doesTenantExist(tenantId)) {
|
||||
ctx.throw(403, "Organisation already exists.")
|
||||
|
@ -148,7 +158,7 @@ exports.adminUser = async ctx => {
|
|||
tenantId,
|
||||
}
|
||||
try {
|
||||
ctx.body = await saveUser(user, tenantId, hashPassword)
|
||||
ctx.body = await saveUser(user, tenantId, hashPassword, requirePassword)
|
||||
} catch (err) {
|
||||
ctx.throw(err.status || 400, err)
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ function buildAdminInitValidation() {
|
|||
return joiValidator.body(
|
||||
Joi.object({
|
||||
email: Joi.string().required(),
|
||||
password: Joi.string().required(),
|
||||
password: Joi.string(),
|
||||
tenantId: Joi.string().required(),
|
||||
})
|
||||
.required()
|
||||
|
|
Loading…
Reference in New Issue