Merge pull request #4261 from Budibase/fix/csrf-post-login

Fix CSRF token not present using local auth
This commit is contained in:
Rory Powell 2022-01-31 16:41:43 +00:00 committed by GitHub
commit fc05cd240e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 15 deletions

View File

@ -61,7 +61,7 @@
await auth.setInitInfo({ init_template: $params["?template"] }) await auth.setInitInfo({ init_template: $params["?template"] })
} }
await auth.checkAuth() await auth.getSelf()
await admin.init() await admin.init()
if (useAccountPortal && multiTenancyEnabled) { if (useAccountPortal && multiTenancyEnabled) {

View File

@ -31,7 +31,7 @@
} }
onMount(async () => { onMount(async () => {
await auth.checkAuth() await auth.getSelf()
await organisation.init() await organisation.init()
}) })
</script> </script>

View File

@ -108,11 +108,7 @@ export function createAuthStore() {
return json return json
} }
return { const actions = {
subscribe: store.subscribe,
setOrganisation,
getInitInfo,
setInitInfo,
checkQueryString: async () => { checkQueryString: async () => {
const urlParams = new URLSearchParams(window.location.search) const urlParams = new URLSearchParams(window.location.search)
if (urlParams.has("tenantId")) { if (urlParams.has("tenantId")) {
@ -123,7 +119,7 @@ export function createAuthStore() {
setOrg: async tenantId => { setOrg: async tenantId => {
await setOrganisation(tenantId) await setOrganisation(tenantId)
}, },
checkAuth: async () => { getSelf: async () => {
const response = await api.get("/api/global/users/self") const response = await api.get("/api/global/users/self")
if (response.status !== 200) { if (response.status !== 200) {
setUser(null) setUser(null)
@ -138,13 +134,12 @@ export function createAuthStore() {
`/api/global/auth/${tenantId}/login`, `/api/global/auth/${tenantId}/login`,
creds creds
) )
const json = await response.json()
if (response.status === 200) { if (response.status === 200) {
setUser(json.user) await actions.getSelf()
} else { } else {
const json = await response.json()
throw new Error(json.message ? json.message : "Invalid credentials") throw new Error(json.message ? json.message : "Invalid credentials")
} }
return json
}, },
logout: async () => { logout: async () => {
const response = await api.post(`/api/global/auth/logout`) const response = await api.post(`/api/global/auth/logout`)
@ -197,6 +192,14 @@ export function createAuthStore() {
await response.json() await response.json()
}, },
} }
return {
subscribe: store.subscribe,
setOrganisation,
getInitInfo,
setInitInfo,
...actions,
}
} }
export const auth = createAuthStore() export const auth = createAuthStore()

View File

@ -74,10 +74,7 @@ async function authInternal(ctx, user, err = null, info = null) {
exports.authenticate = async (ctx, next) => { exports.authenticate = async (ctx, next) => {
return passport.authenticate("local", async (err, user, info) => { return passport.authenticate("local", async (err, user, info) => {
await authInternal(ctx, user, err, info) await authInternal(ctx, user, err, info)
ctx.status = 200
delete user.token
ctx.body = { user }
})(ctx, next) })(ctx, next)
} }