2022-01-12 05:18:30 +13:00
|
|
|
const core = require("@budibase/backend-core")
|
2022-01-11 08:33:00 +13:00
|
|
|
const { getScopedConfig } = require("@budibase/backend-core/db")
|
2022-01-13 01:54:25 +13:00
|
|
|
const { google } = require("@budibase/backend-core/middleware")
|
|
|
|
const { oidc } = require("@budibase/backend-core/middleware")
|
2021-05-06 02:10:28 +12:00
|
|
|
const { Configs, EmailTemplatePurpose } = require("../../../constants")
|
2021-05-05 23:11:06 +12:00
|
|
|
const { sendEmail, isEmailConfigured } = require("../../../utilities/email")
|
2022-04-08 12:28:22 +12:00
|
|
|
const { setCookie, getCookie, clearCookie, hash, platformLogout } = core.utils
|
2022-01-12 05:18:30 +13:00
|
|
|
const { Cookies, Headers } = core.constants
|
|
|
|
const { passport } = core.auth
|
2021-05-06 02:10:28 +12:00
|
|
|
const { checkResetPasswordCode } = require("../../../utilities/redis")
|
2021-08-05 20:59:08 +12:00
|
|
|
const {
|
|
|
|
getGlobalDB,
|
|
|
|
getTenantId,
|
|
|
|
isMultiTenant,
|
2022-01-11 08:33:00 +13:00
|
|
|
} = require("@budibase/backend-core/tenancy")
|
2021-08-05 20:59:08 +12:00
|
|
|
const env = require("../../../environment")
|
2022-04-08 12:28:22 +12:00
|
|
|
const { events, users: usersCore } = require("@budibase/backend-core")
|
|
|
|
import { users } from "../../../sdk"
|
2021-08-05 20:59:08 +12:00
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
const ssoCallbackUrl = async (config: any, type: any) => {
|
2021-08-05 22:27:51 +12:00
|
|
|
// incase there is a callback URL from before
|
|
|
|
if (config && config.callbackURL) {
|
|
|
|
return config.callbackURL
|
|
|
|
}
|
2021-11-13 02:31:55 +13:00
|
|
|
|
|
|
|
const db = getGlobalDB()
|
|
|
|
const publicConfig = await getScopedConfig(db, {
|
|
|
|
type: Configs.SETTINGS,
|
|
|
|
})
|
|
|
|
|
2021-08-05 20:59:08 +12:00
|
|
|
let callbackUrl = `/api/global/auth`
|
|
|
|
if (isMultiTenant()) {
|
|
|
|
callbackUrl += `/${getTenantId()}`
|
|
|
|
}
|
2021-11-13 02:31:55 +13:00
|
|
|
callbackUrl += `/${type}/callback`
|
|
|
|
|
|
|
|
return `${publicConfig.platformUrl}${callbackUrl}`
|
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const googleCallbackUrl = async (config: any) => {
|
2021-11-13 02:31:55 +13:00
|
|
|
return ssoCallbackUrl(config, "google")
|
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const oidcCallbackUrl = async (config: any) => {
|
2021-11-13 02:31:55 +13:00
|
|
|
return ssoCallbackUrl(config, "oidc")
|
2021-08-05 20:59:08 +12:00
|
|
|
}
|
2021-07-23 02:26:14 +12:00
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
async function authInternal(ctx: any, user: any, err = null, info = null) {
|
2021-04-28 04:29:05 +12:00
|
|
|
if (err) {
|
2021-07-08 22:12:34 +12:00
|
|
|
console.error("Authentication error", err)
|
2021-07-09 00:12:25 +12:00
|
|
|
return ctx.throw(403, info ? info : "Unauthorized")
|
2021-04-28 04:29:05 +12:00
|
|
|
}
|
2021-04-07 22:33:16 +12:00
|
|
|
|
2021-04-28 04:29:05 +12:00
|
|
|
if (!user) {
|
2021-07-09 00:12:25 +12:00
|
|
|
return ctx.throw(403, info ? info : "Unauthorized")
|
2021-04-28 04:29:05 +12:00
|
|
|
}
|
2021-04-12 21:47:48 +12:00
|
|
|
|
2021-12-18 03:08:48 +13:00
|
|
|
// set a cookie for browser access
|
2021-12-04 01:39:20 +13:00
|
|
|
setCookie(ctx, user.token, Cookies.Auth, { sign: false })
|
2021-12-18 03:08:48 +13:00
|
|
|
// set the token in a header as well for APIs
|
|
|
|
ctx.set(Headers.TOKEN, user.token)
|
2021-10-08 00:19:23 +13:00
|
|
|
// get rid of any app cookies on login
|
2021-10-08 05:39:44 +13:00
|
|
|
// have to check test because this breaks cypress
|
|
|
|
if (!env.isTest()) {
|
|
|
|
clearCookie(ctx, Cookies.CurrentApp)
|
|
|
|
}
|
2021-04-28 04:29:05 +12:00
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const authenticate = async (ctx: any, next: any) => {
|
|
|
|
return passport.authenticate(
|
|
|
|
"local",
|
|
|
|
async (err: any, user: any, info: any) => {
|
|
|
|
await authInternal(ctx, user, err, info)
|
2022-04-06 02:46:04 +12:00
|
|
|
events.auth.login("local")
|
2022-03-18 21:01:31 +13:00
|
|
|
ctx.status = 200
|
|
|
|
}
|
|
|
|
)(ctx, next)
|
2021-04-02 08:34:43 +13:00
|
|
|
}
|
2021-04-11 22:35:55 +12:00
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const setInitInfo = (ctx: any) => {
|
2021-11-05 02:03:18 +13:00
|
|
|
const initInfo = ctx.request.body
|
|
|
|
setCookie(ctx, initInfo, Cookies.Init)
|
|
|
|
ctx.status = 200
|
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const getInitInfo = (ctx: any) => {
|
2022-03-15 08:05:02 +13:00
|
|
|
try {
|
|
|
|
ctx.body = getCookie(ctx, Cookies.Init) || {}
|
|
|
|
} catch (err) {
|
|
|
|
clearCookie(ctx, Cookies.Init)
|
|
|
|
ctx.body = {}
|
|
|
|
}
|
2021-11-05 02:03:18 +13:00
|
|
|
}
|
|
|
|
|
2021-04-28 04:29:05 +12:00
|
|
|
/**
|
|
|
|
* Reset the user password, used as part of a forgotten password flow.
|
|
|
|
*/
|
2022-03-18 21:01:31 +13:00
|
|
|
export const reset = async (ctx: any) => {
|
2021-04-28 04:29:05 +12:00
|
|
|
const { email } = ctx.request.body
|
2021-08-03 05:34:43 +12:00
|
|
|
const configured = await isEmailConfigured()
|
2021-05-05 23:11:06 +12:00
|
|
|
if (!configured) {
|
2021-05-06 02:19:44 +12:00
|
|
|
ctx.throw(
|
|
|
|
400,
|
|
|
|
"Please contact your platform administrator, SMTP is not configured."
|
|
|
|
)
|
2021-05-05 23:11:06 +12:00
|
|
|
}
|
2021-04-28 04:29:05 +12:00
|
|
|
try {
|
2022-04-08 12:28:22 +12:00
|
|
|
const user = await usersCore.getGlobalUserByEmail(email)
|
2021-05-19 02:48:28 +12:00
|
|
|
// only if user exists, don't error though if they don't
|
|
|
|
if (user) {
|
2021-08-03 05:34:43 +12:00
|
|
|
await sendEmail(email, EmailTemplatePurpose.PASSWORD_RECOVERY, {
|
2021-05-19 02:48:28 +12:00
|
|
|
user,
|
|
|
|
subject: "{{ company }} platform password reset",
|
|
|
|
})
|
|
|
|
}
|
2021-04-28 04:29:05 +12:00
|
|
|
} catch (err) {
|
2021-08-05 20:59:08 +12:00
|
|
|
console.log(err)
|
2021-04-28 04:29:05 +12:00
|
|
|
// don't throw any kind of error to the user, this might give away something
|
|
|
|
}
|
2021-05-05 23:11:06 +12:00
|
|
|
ctx.body = {
|
2021-05-06 02:10:28 +12:00
|
|
|
message: "Please check your email for a reset link.",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Perform the user password update if the provided reset code is valid.
|
|
|
|
*/
|
2022-03-18 21:01:31 +13:00
|
|
|
export const resetUpdate = async (ctx: any) => {
|
2021-05-06 02:10:28 +12:00
|
|
|
const { resetCode, password } = ctx.request.body
|
2021-05-06 02:17:15 +12:00
|
|
|
try {
|
2021-09-18 00:41:22 +12:00
|
|
|
const { userId } = await checkResetPasswordCode(resetCode)
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2021-05-06 02:17:15 +12:00
|
|
|
const user = await db.get(userId)
|
|
|
|
user.password = await hash(password)
|
|
|
|
await db.put(user)
|
|
|
|
ctx.body = {
|
|
|
|
message: "password reset successfully.",
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
ctx.throw(400, "Cannot reset password.")
|
2021-05-05 23:11:06 +12:00
|
|
|
}
|
2021-04-28 04:29:05 +12:00
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const logout = async (ctx: any) => {
|
2022-01-20 00:22:44 +13:00
|
|
|
if (ctx.user && ctx.user._id) {
|
|
|
|
await platformLogout({ ctx, userId: ctx.user._id })
|
|
|
|
}
|
2021-05-06 02:10:28 +12:00
|
|
|
ctx.body = { message: "User logged out." }
|
2021-04-14 00:56:28 +12:00
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const datasourcePreAuth = async (ctx: any, next: any) => {
|
2022-01-18 03:52:10 +13:00
|
|
|
const provider = ctx.params.provider
|
|
|
|
const middleware = require(`@budibase/backend-core/middleware`)
|
|
|
|
const handler = middleware.datasource[provider]
|
2022-01-06 21:08:54 +13:00
|
|
|
|
|
|
|
setCookie(
|
|
|
|
ctx,
|
|
|
|
{
|
2022-01-18 03:52:10 +13:00
|
|
|
provider,
|
2022-01-06 21:08:54 +13:00
|
|
|
appId: ctx.query.appId,
|
|
|
|
datasourceId: ctx.query.datasourceId,
|
|
|
|
},
|
2022-01-18 03:52:10 +13:00
|
|
|
Cookies.DatasourceAuth
|
2022-01-06 21:08:54 +13:00
|
|
|
)
|
|
|
|
|
2022-01-18 03:52:10 +13:00
|
|
|
return handler.preAuth(passport, ctx, next)
|
2022-01-06 21:08:54 +13:00
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const datasourceAuth = async (ctx: any, next: any) => {
|
2022-01-18 03:52:10 +13:00
|
|
|
const authStateCookie = getCookie(ctx, Cookies.DatasourceAuth)
|
|
|
|
const provider = authStateCookie.provider
|
|
|
|
const middleware = require(`@budibase/backend-core/middleware`)
|
|
|
|
const handler = middleware.datasource[provider]
|
|
|
|
return handler.postAuth(passport, ctx, next)
|
2022-01-06 21:08:54 +13:00
|
|
|
}
|
|
|
|
|
2021-04-22 22:45:22 +12:00
|
|
|
/**
|
|
|
|
* The initial call that google authentication makes to take you to the google login screen.
|
|
|
|
* On a successful login, you will be redirected to the googleAuth callback route.
|
|
|
|
*/
|
2022-03-18 21:01:31 +13:00
|
|
|
export const googlePreAuth = async (ctx: any, next: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
|
|
|
|
2022-01-12 05:18:30 +13:00
|
|
|
const config = await core.db.getScopedConfig(db, {
|
2021-04-22 22:45:22 +12:00
|
|
|
type: Configs.GOOGLE,
|
2021-08-05 20:59:08 +12:00
|
|
|
workspace: ctx.query.workspace,
|
2021-04-22 22:45:22 +12:00
|
|
|
})
|
2021-11-13 02:31:55 +13:00
|
|
|
let callbackUrl = await exports.googleCallbackUrl(config)
|
2022-03-18 21:01:31 +13:00
|
|
|
const strategy = await google.strategyFactory(config, callbackUrl, users.save)
|
2021-04-22 08:08:04 +12:00
|
|
|
|
|
|
|
return passport.authenticate(strategy, {
|
|
|
|
scope: ["profile", "email"],
|
|
|
|
})(ctx, next)
|
|
|
|
}
|
2021-04-22 05:40:32 +12:00
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const googleAuth = async (ctx: any, next: any) => {
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2021-04-23 00:46:54 +12:00
|
|
|
|
2022-01-12 05:18:30 +13:00
|
|
|
const config = await core.db.getScopedConfig(db, {
|
2021-04-22 22:48:37 +12:00
|
|
|
type: Configs.GOOGLE,
|
2021-08-05 20:59:08 +12:00
|
|
|
workspace: ctx.query.workspace,
|
2021-04-22 22:48:37 +12:00
|
|
|
})
|
2021-11-13 02:31:55 +13:00
|
|
|
const callbackUrl = await exports.googleCallbackUrl(config)
|
2022-03-18 21:01:31 +13:00
|
|
|
const strategy = await google.strategyFactory(config, callbackUrl, users.save)
|
2021-04-22 08:08:04 +12:00
|
|
|
|
2021-04-21 23:12:22 +12:00
|
|
|
return passport.authenticate(
|
2021-04-22 08:08:04 +12:00
|
|
|
strategy,
|
|
|
|
{ successRedirect: "/", failureRedirect: "/error" },
|
2022-03-18 21:01:31 +13:00
|
|
|
async (err: any, user: any, info: any) => {
|
2021-07-09 07:03:51 +12:00
|
|
|
await authInternal(ctx, user, err, info)
|
2022-04-06 02:46:04 +12:00
|
|
|
events.auth.login("google")
|
2021-04-21 23:12:22 +12:00
|
|
|
ctx.redirect("/")
|
|
|
|
}
|
|
|
|
)(ctx, next)
|
2021-04-11 22:35:55 +12:00
|
|
|
}
|
2021-06-28 02:46:04 +12:00
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
async function oidcStrategyFactory(ctx: any, configId: any) {
|
2021-08-05 20:59:08 +12:00
|
|
|
const db = getGlobalDB()
|
2022-01-12 05:18:30 +13:00
|
|
|
const config = await core.db.getScopedConfig(db, {
|
2021-07-09 00:04:04 +12:00
|
|
|
type: Configs.OIDC,
|
|
|
|
group: ctx.query.group,
|
|
|
|
})
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
const chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0]
|
2021-11-13 02:31:55 +13:00
|
|
|
let callbackUrl = await exports.oidcCallbackUrl(chosenConfig)
|
2021-07-09 00:04:04 +12:00
|
|
|
|
2022-03-20 14:13:54 +13:00
|
|
|
return oidc.strategyFactory(chosenConfig, callbackUrl, users.save)
|
2021-07-06 04:16:45 +12:00
|
|
|
}
|
2021-06-28 02:46:04 +12:00
|
|
|
|
2021-07-06 04:16:45 +12:00
|
|
|
/**
|
|
|
|
* The initial call that OIDC authentication makes to take you to the configured OIDC login screen.
|
|
|
|
* On a successful login, you will be redirected to the oidcAuth callback route.
|
|
|
|
*/
|
2022-03-18 21:01:31 +13:00
|
|
|
export const oidcPreAuth = async (ctx: any, next: any) => {
|
2021-07-16 03:20:31 +12:00
|
|
|
const { configId } = ctx.params
|
|
|
|
const strategy = await oidcStrategyFactory(ctx, configId)
|
|
|
|
|
|
|
|
setCookie(ctx, configId, Cookies.OIDC_CONFIG)
|
2021-06-28 02:46:04 +12:00
|
|
|
|
|
|
|
return passport.authenticate(strategy, {
|
2021-07-09 02:21:54 +12:00
|
|
|
// required 'openid' scope is added by oidc strategy factory
|
2021-06-28 02:46:04 +12:00
|
|
|
scope: ["profile", "email"],
|
|
|
|
})(ctx, next)
|
|
|
|
}
|
|
|
|
|
2022-03-18 21:01:31 +13:00
|
|
|
export const oidcAuth = async (ctx: any, next: any) => {
|
2021-07-16 03:20:31 +12:00
|
|
|
const configId = getCookie(ctx, Cookies.OIDC_CONFIG)
|
|
|
|
const strategy = await oidcStrategyFactory(ctx, configId)
|
2021-06-28 02:46:04 +12:00
|
|
|
|
|
|
|
return passport.authenticate(
|
|
|
|
strategy,
|
|
|
|
{ successRedirect: "/", failureRedirect: "/error" },
|
2022-03-18 21:01:31 +13:00
|
|
|
async (err: any, user: any, info: any) => {
|
2021-07-09 07:03:51 +12:00
|
|
|
await authInternal(ctx, user, err, info)
|
2022-04-06 02:46:04 +12:00
|
|
|
events.auth.login("oidc")
|
2021-04-21 23:12:22 +12:00
|
|
|
ctx.redirect("/")
|
|
|
|
}
|
|
|
|
)(ctx, next)
|
2021-04-11 22:35:55 +12:00
|
|
|
}
|