Merge pull request #4261 from Budibase/fix/csrf-post-login

Fix CSRF token not present using local auth
This commit is contained in:
Rory Powell 2022-01-31 16:41:43 +00:00 committed by GitHub
commit fc05cd240e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 15 deletions

View File

@ -61,7 +61,7 @@
await auth.setInitInfo({ init_template: $params["?template"] })
}
await auth.checkAuth()
await auth.getSelf()
await admin.init()
if (useAccountPortal && multiTenancyEnabled) {

View File

@ -31,7 +31,7 @@
}
onMount(async () => {
await auth.checkAuth()
await auth.getSelf()
await organisation.init()
})
</script>

View File

@ -108,11 +108,7 @@ export function createAuthStore() {
return json
}
return {
subscribe: store.subscribe,
setOrganisation,
getInitInfo,
setInitInfo,
const actions = {
checkQueryString: async () => {
const urlParams = new URLSearchParams(window.location.search)
if (urlParams.has("tenantId")) {
@ -123,7 +119,7 @@ export function createAuthStore() {
setOrg: async tenantId => {
await setOrganisation(tenantId)
},
checkAuth: async () => {
getSelf: async () => {
const response = await api.get("/api/global/users/self")
if (response.status !== 200) {
setUser(null)
@ -138,13 +134,12 @@ export function createAuthStore() {
`/api/global/auth/${tenantId}/login`,
creds
)
const json = await response.json()
if (response.status === 200) {
setUser(json.user)
await actions.getSelf()
} else {
const json = await response.json()
throw new Error(json.message ? json.message : "Invalid credentials")
}
return json
},
logout: async () => {
const response = await api.post(`/api/global/auth/logout`)
@ -197,6 +192,14 @@ export function createAuthStore() {
await response.json()
},
}
return {
subscribe: store.subscribe,
setOrganisation,
getInitInfo,
setInitInfo,
...actions,
}
}
export const auth = createAuthStore()

View File

@ -74,10 +74,7 @@ async function authInternal(ctx, user, err = null, info = null) {
exports.authenticate = async (ctx, next) => {
return passport.authenticate("local", async (err, user, info) => {
await authInternal(ctx, user, err, info)
delete user.token
ctx.body = { user }
ctx.status = 200
})(ctx, next)
}