2021-08-05 20:59:08 +12:00
|
|
|
const {
|
|
|
|
getGlobalUserParams,
|
|
|
|
StaticDatabases,
|
2022-01-11 08:33:00 +13:00
|
|
|
} = require("@budibase/backend-core/db")
|
2022-01-13 00:32:14 +13:00
|
|
|
const {
|
|
|
|
hash,
|
|
|
|
getGlobalUserByEmail,
|
|
|
|
platformLogout,
|
|
|
|
} = require("@budibase/backend-core/utils")
|
2022-03-16 21:18:09 +13:00
|
|
|
import { EmailTemplatePurpose } from "../../../constants"
|
|
|
|
import { checkInviteCode } from "../../../utilities/redis"
|
|
|
|
import { sendEmail } from "../../../utilities/email"
|
2022-01-11 08:33:00 +13:00
|
|
|
const { user: userCache } = require("@budibase/backend-core/cache")
|
|
|
|
const { invalidateSessions } = require("@budibase/backend-core/sessions")
|
|
|
|
const accounts = require("@budibase/backend-core/accounts")
|
2021-08-05 20:59:08 +12:00
|
|
|
const {
|
|
|
|
getGlobalDB,
|
|
|
|
getTenantId,
|
2021-10-07 03:15:46 +13:00
|
|
|
getTenantUser,
|
2021-08-05 20:59:08 +12:00
|
|
|
doesTenantExist,
|
2022-01-11 08:33:00 +13:00
|
|
|
} = require("@budibase/backend-core/tenancy")
|
|
|
|
const { removeUserFromInfoDB } = require("@budibase/backend-core/deprovision")
|
2022-03-16 21:18:09 +13:00
|
|
|
import env from "../../../environment"
|
|
|
|
import { syncUserInApps } from "../../../utilities/appService"
|
2022-03-18 21:01:31 +13:00
|
|
|
import { quotas, users } from "@budibase/pro"
|
2022-03-05 02:42:50 +13:00
|
|
|
const { errors } = require("@budibase/backend-core")
|
2021-04-19 22:34:07 +12:00
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
const allUsers = async () => {
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2021-06-02 02:58:40 +12:00
|
|
|
const response = await db.allDocs(
|
|
|
|
getGlobalUserParams(null, {
|
|
|
|
include_docs: true,
|
|
|
|
})
|
|
|
|
)
|
2022-03-16 21:18:09 +13:00
|
|
|
return response.rows.map((row: any) => row.doc)
|
2021-06-02 02:58:40 +12:00
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const save = async (ctx: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
try {
|
2022-03-18 21:01:31 +13:00
|
|
|
const user = await users.save(ctx.request.body, getTenantId())
|
2021-11-05 03:53:03 +13:00
|
|
|
// let server know to sync user
|
|
|
|
await syncUserInApps(user._id)
|
|
|
|
ctx.body = user
|
2022-03-16 21:18:09 +13:00
|
|
|
} catch (err: any) {
|
2021-08-05 20:59:08 +12:00
|
|
|
ctx.throw(err.status || 400, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
const parseBooleanParam = (param: any) => {
|
2021-11-16 08:34:08 +13:00
|
|
|
return !(param && param === "false")
|
2021-09-22 05:20:26 +12:00
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const adminUser = async (ctx: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
const { email, password, tenantId } = ctx.request.body
|
2021-09-10 04:08:27 +12:00
|
|
|
|
|
|
|
// account portal sends a pre-hashed password - honour param to prevent double hashing
|
2021-09-22 05:20:26 +12:00
|
|
|
const hashPassword = parseBooleanParam(ctx.request.query.hashPassword)
|
|
|
|
// account portal sends no password for SSO users
|
|
|
|
const requirePassword = parseBooleanParam(ctx.request.query.requirePassword)
|
2021-09-10 04:08:27 +12:00
|
|
|
|
2021-08-05 20:59:08 +12:00
|
|
|
if (await doesTenantExist(tenantId)) {
|
|
|
|
ctx.throw(403, "Organisation already exists.")
|
|
|
|
}
|
|
|
|
|
|
|
|
const db = getGlobalDB(tenantId)
|
2021-07-17 05:04:49 +12:00
|
|
|
const response = await db.allDocs(
|
|
|
|
getGlobalUserParams(null, {
|
|
|
|
include_docs: true,
|
|
|
|
})
|
|
|
|
)
|
2021-09-24 10:25:25 +12:00
|
|
|
|
2021-09-24 09:40:14 +12:00
|
|
|
// write usage quotas for cloud
|
2021-09-28 03:03:48 +13:00
|
|
|
if (!env.SELF_HOSTED) {
|
2021-09-30 04:55:59 +13:00
|
|
|
// could be a scenario where it exists, make sure its clean
|
|
|
|
try {
|
2022-01-12 06:49:42 +13:00
|
|
|
const usageQuota = await db.get(StaticDatabases.GLOBAL.docs.usageQuota)
|
2021-09-30 04:55:59 +13:00
|
|
|
if (usageQuota) {
|
|
|
|
await db.remove(usageQuota._id, usageQuota._rev)
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
// don't worry about errors
|
|
|
|
}
|
2022-03-18 21:01:31 +13:00
|
|
|
await db.put(quotas.generateNewQuotaUsage())
|
2021-09-28 03:03:48 +13:00
|
|
|
}
|
2021-07-17 05:04:49 +12:00
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
if (response.rows.some((row: any) => row.doc.admin)) {
|
2021-08-05 20:59:08 +12:00
|
|
|
ctx.throw(
|
|
|
|
403,
|
|
|
|
"You cannot initialise once an global user has been created."
|
|
|
|
)
|
2021-05-06 09:06:31 +12:00
|
|
|
}
|
|
|
|
|
2021-08-05 20:59:08 +12:00
|
|
|
const user = {
|
2021-05-06 08:56:43 +12:00
|
|
|
email: email,
|
|
|
|
password: password,
|
2021-09-22 20:29:51 +12:00
|
|
|
createdAt: Date.now(),
|
2021-04-21 04:17:44 +12:00
|
|
|
roles: {},
|
|
|
|
builder: {
|
2021-05-06 08:56:43 +12:00
|
|
|
global: true,
|
|
|
|
},
|
|
|
|
admin: {
|
2021-04-21 04:17:44 +12:00
|
|
|
global: true,
|
|
|
|
},
|
2021-08-05 20:59:08 +12:00
|
|
|
tenantId,
|
|
|
|
}
|
|
|
|
try {
|
2022-03-18 21:01:31 +13:00
|
|
|
ctx.body = await users.save(user, tenantId, hashPassword, requirePassword)
|
2022-03-16 21:18:09 +13:00
|
|
|
} catch (err: any) {
|
2021-08-05 20:59:08 +12:00
|
|
|
ctx.throw(err.status || 400, err)
|
2021-07-16 04:57:02 +12:00
|
|
|
}
|
2021-04-21 04:17:44 +12:00
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const destroy = async (ctx: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2021-04-21 04:17:44 +12:00
|
|
|
const dbUser = await db.get(ctx.params.id)
|
2021-10-04 23:30:59 +13:00
|
|
|
|
2021-10-11 23:14:44 +13:00
|
|
|
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
|
|
|
|
// root account holder can't be deleted from inside budibase
|
|
|
|
const email = dbUser.email
|
|
|
|
const account = await accounts.getAccount(email)
|
|
|
|
if (account) {
|
|
|
|
if (email === ctx.user.email) {
|
|
|
|
ctx.throw(400, 'Please visit "Account" to delete this user')
|
|
|
|
} else {
|
|
|
|
ctx.throw(400, "Account holder cannot be deleted")
|
|
|
|
}
|
2021-10-04 23:30:59 +13:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-10-01 01:08:07 +13:00
|
|
|
await removeUserFromInfoDB(dbUser)
|
2021-04-19 22:34:07 +12:00
|
|
|
await db.remove(dbUser._id, dbUser._rev)
|
2021-07-07 05:10:04 +12:00
|
|
|
await userCache.invalidateUser(dbUser._id)
|
|
|
|
await invalidateSessions(dbUser._id)
|
2021-11-05 03:53:03 +13:00
|
|
|
// let server know to sync user
|
|
|
|
await syncUserInApps(dbUser._id)
|
2021-04-19 22:34:07 +12:00
|
|
|
ctx.body = {
|
2021-04-21 04:17:44 +12:00
|
|
|
message: `User ${ctx.params.id} deleted.`,
|
2021-04-19 22:34:07 +12:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const removeAppRole = async (ctx: any) => {
|
2021-06-02 02:58:40 +12:00
|
|
|
const { appId } = ctx.params
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2022-03-16 21:18:09 +13:00
|
|
|
const users = await allUsers()
|
2021-06-02 02:58:40 +12:00
|
|
|
const bulk = []
|
2021-07-08 10:29:19 +12:00
|
|
|
const cacheInvalidations = []
|
2021-06-02 02:58:40 +12:00
|
|
|
for (let user of users) {
|
|
|
|
if (user.roles[appId]) {
|
2021-07-08 10:29:19 +12:00
|
|
|
cacheInvalidations.push(userCache.invalidateUser(user._id))
|
2021-06-02 02:58:40 +12:00
|
|
|
delete user.roles[appId]
|
|
|
|
bulk.push(user)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
await db.bulkDocs(bulk)
|
2021-07-08 10:29:19 +12:00
|
|
|
await Promise.all(cacheInvalidations)
|
2021-06-02 02:58:40 +12:00
|
|
|
ctx.body = {
|
|
|
|
message: "App role removed from all users",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-04 02:37:04 +13:00
|
|
|
/**
|
|
|
|
* Add the attributes that are session based to the current user.
|
|
|
|
*/
|
2022-03-16 21:18:09 +13:00
|
|
|
const addSessionAttributesToUser = (ctx: any) => {
|
2022-03-04 02:37:04 +13:00
|
|
|
ctx.body.account = ctx.user.account
|
|
|
|
ctx.body.license = ctx.user.license
|
|
|
|
ctx.body.budibaseAccess = ctx.user.budibaseAccess
|
|
|
|
ctx.body.accountPortalAccess = ctx.user.accountPortalAccess
|
|
|
|
ctx.body.csrfToken = ctx.user.csrfToken
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove the attributes that are session based from the current user,
|
|
|
|
* so that stale values are not written to the db
|
|
|
|
*/
|
2022-03-16 21:18:09 +13:00
|
|
|
const removeSessionAttributesFromUser = (ctx: any) => {
|
2022-03-04 02:37:04 +13:00
|
|
|
delete ctx.request.body.csrfToken
|
|
|
|
delete ctx.request.body.account
|
|
|
|
delete ctx.request.body.accountPortalAccess
|
|
|
|
delete ctx.request.body.budibaseAccess
|
|
|
|
delete ctx.request.body.license
|
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const getSelf = async (ctx: any) => {
|
2021-06-22 05:37:14 +12:00
|
|
|
if (!ctx.user) {
|
|
|
|
ctx.throw(403, "User not logged in")
|
|
|
|
}
|
2021-05-20 00:37:59 +12:00
|
|
|
ctx.params = {
|
2021-05-20 02:09:57 +12:00
|
|
|
id: ctx.user._id,
|
2021-05-20 00:37:59 +12:00
|
|
|
}
|
|
|
|
// this will set the body
|
|
|
|
await exports.find(ctx)
|
2022-03-04 02:37:04 +13:00
|
|
|
addSessionAttributesToUser(ctx)
|
2021-05-20 00:37:59 +12:00
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const updateSelf = async (ctx: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2021-05-20 00:17:50 +12:00
|
|
|
const user = await db.get(ctx.user._id)
|
|
|
|
if (ctx.request.body.password) {
|
2021-10-13 04:13:54 +13:00
|
|
|
// changing password
|
2021-05-20 00:17:50 +12:00
|
|
|
ctx.request.body.password = await hash(ctx.request.body.password)
|
2021-10-13 07:49:34 +13:00
|
|
|
// Log all other sessions out apart from the current one
|
|
|
|
await platformLogout({
|
|
|
|
ctx,
|
|
|
|
userId: ctx.user._id,
|
|
|
|
keepActiveSession: true,
|
|
|
|
})
|
2021-05-20 00:17:50 +12:00
|
|
|
}
|
2021-05-20 00:30:55 +12:00
|
|
|
// don't allow sending up an ID/Rev, always use the existing one
|
|
|
|
delete ctx.request.body._id
|
|
|
|
delete ctx.request.body._rev
|
2022-03-04 02:37:04 +13:00
|
|
|
removeSessionAttributesFromUser(ctx)
|
|
|
|
|
2021-05-20 00:17:50 +12:00
|
|
|
const response = await db.put({
|
|
|
|
...user,
|
|
|
|
...ctx.request.body,
|
|
|
|
})
|
2021-07-08 10:29:19 +12:00
|
|
|
await userCache.invalidateUser(user._id)
|
2021-05-20 00:17:50 +12:00
|
|
|
ctx.body = {
|
|
|
|
_id: response.id,
|
|
|
|
_rev: response.rev,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-19 22:34:07 +12:00
|
|
|
// called internally by app server user fetch
|
2022-03-16 21:18:09 +13:00
|
|
|
export const fetch = async (ctx: any) => {
|
|
|
|
const users = await allUsers()
|
2021-04-19 22:34:07 +12:00
|
|
|
// user hashed password shouldn't ever be returned
|
|
|
|
for (let user of users) {
|
|
|
|
if (user) {
|
|
|
|
delete user.password
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ctx.body = users
|
|
|
|
}
|
|
|
|
|
|
|
|
// called internally by app server user find
|
2022-03-16 21:18:09 +13:00
|
|
|
export const find = async (ctx: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2021-04-19 22:34:07 +12:00
|
|
|
let user
|
|
|
|
try {
|
2021-04-21 04:17:44 +12:00
|
|
|
user = await db.get(ctx.params.id)
|
2021-04-19 22:34:07 +12:00
|
|
|
} catch (err) {
|
|
|
|
// no user found, just return nothing
|
|
|
|
user = {}
|
|
|
|
}
|
|
|
|
if (user) {
|
|
|
|
delete user.password
|
|
|
|
}
|
|
|
|
ctx.body = user
|
|
|
|
}
|
2021-05-06 02:10:28 +12:00
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const tenantUserLookup = async (ctx: any) => {
|
2021-09-29 03:49:03 +13:00
|
|
|
const id = ctx.params.id
|
|
|
|
const user = await getTenantUser(id)
|
|
|
|
if (user) {
|
|
|
|
ctx.body = user
|
|
|
|
} else {
|
2021-09-18 00:41:22 +12:00
|
|
|
ctx.throw(400, "No tenant user found.")
|
2021-08-05 20:59:08 +12:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const invite = async (ctx: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
let { email, userInfo } = ctx.request.body
|
2021-08-03 05:34:43 +12:00
|
|
|
const existing = await getGlobalUserByEmail(email)
|
2021-05-06 02:17:15 +12:00
|
|
|
if (existing) {
|
|
|
|
ctx.throw(400, "Email address already in use.")
|
|
|
|
}
|
2021-08-05 20:59:08 +12:00
|
|
|
if (!userInfo) {
|
|
|
|
userInfo = {}
|
|
|
|
}
|
|
|
|
userInfo.tenantId = getTenantId()
|
2022-03-16 21:18:09 +13:00
|
|
|
const opts: any = {
|
2021-05-12 02:24:17 +12:00
|
|
|
subject: "{{ company }} platform invitation",
|
2021-05-25 05:45:43 +12:00
|
|
|
info: userInfo,
|
2022-03-16 21:18:09 +13:00
|
|
|
}
|
|
|
|
await sendEmail(email, EmailTemplatePurpose.INVITATION, opts)
|
2021-05-06 02:17:15 +12:00
|
|
|
ctx.body = {
|
2021-05-06 02:19:44 +12:00
|
|
|
message: "Invitation has been sent.",
|
2021-05-06 02:17:15 +12:00
|
|
|
}
|
2021-05-06 02:10:28 +12:00
|
|
|
}
|
|
|
|
|
2022-03-16 21:18:09 +13:00
|
|
|
export const inviteAccept = async (ctx: any) => {
|
2021-05-20 02:09:57 +12:00
|
|
|
const { inviteCode, password, firstName, lastName } = ctx.request.body
|
2021-05-06 02:17:15 +12:00
|
|
|
try {
|
2021-08-05 20:59:08 +12:00
|
|
|
// info is an extension of the user object that was stored by global
|
2022-03-16 21:18:09 +13:00
|
|
|
const { email, info }: any = await checkInviteCode(inviteCode)
|
2022-03-18 21:01:31 +13:00
|
|
|
ctx.body = await users.save(
|
2021-08-05 20:59:08 +12:00
|
|
|
{
|
|
|
|
firstName,
|
|
|
|
lastName,
|
|
|
|
password,
|
|
|
|
email,
|
|
|
|
...info,
|
|
|
|
},
|
|
|
|
info.tenantId
|
|
|
|
)
|
2022-03-16 21:18:09 +13:00
|
|
|
} catch (err: any) {
|
2022-03-05 02:42:50 +13:00
|
|
|
if (err.code === errors.codes.USAGE_LIMIT_EXCEEDED) {
|
|
|
|
// explicitly re-throw limit exceeded errors
|
|
|
|
ctx.throw(400, err)
|
|
|
|
}
|
2021-05-06 02:17:15 +12:00
|
|
|
ctx.throw(400, "Unable to create new user, invitation invalid.")
|
2021-05-06 02:10:28 +12:00
|
|
|
}
|
|
|
|
}
|