budibase/packages/worker/src/api/controllers/admin/auth.js

const authPkg = require("@budibase/auth")
const { google } = require("@budibase/auth/src/middleware")
const { Configs } = require("../../../constants")
const CouchDB = require("../../../db")
const { sendEmail, isEmailConfigured } = require("../../../utilities/email")
const { clearCookie, getGlobalUserByEmail } = authPkg.utils
const { Cookies } = authPkg.constants
const { passport } = authPkg.auth

const GLOBAL_DB = authPkg.StaticDatabases.GLOBAL.name

function authInternal(ctx, user, err = null) {
  if (err) {
    return ctx.throw(403, "Unauthorized")
  }

  const expires = new Date()
  expires.setDate(expires.getDate() + 1)

  if (!user) {
    return ctx.throw(403, "Unauthorized")
  }

  ctx.cookies.set(Cookies.Auth, user.token, {
    expires,
    path: "/",
    httpOnly: false,
    overwrite: true,
  })
}

exports.authenticate = async (ctx, next) => {
  return passport.authenticate("local", async (err, user) => {
    authInternal(ctx, user, err)

    delete user.token

    ctx.body = { user }
  })(ctx, next)
}

/**
 * Reset the user password, used as part of a forgotten password flow.
 */
exports.reset = async ctx => {
  const { email } = ctx.request.body
  const configured = await isEmailConfigured()
  if (!configured) {
    throw "Please contact your platform administrator, SMTP is not configured."
  }
  try {
    const user = await getGlobalUserByEmail(email)
    sendEmail()
  } catch (err) {
    // don't throw any kind of error to the user, this might give away something
  }
  ctx.body = {
    message: "If user exists an email has been sent.",
  }
}

exports.logout = async ctx => {
  clearCookie(ctx, Cookies.Auth)
  ctx.body = { message: "User logged out" }
}

/**
 * The initial call that google authentication makes to take you to the google login screen.
 * On a successful login, you will be redirected to the googleAuth callback route.
 */
exports.googlePreAuth = async (ctx, next) => {
  const db = new CouchDB(GLOBAL_DB)
  const config = await authPkg.db.determineScopedConfig(db, {
    type: Configs.GOOGLE,
    group: ctx.query.group,
  })
  const strategy = await google.strategyFactory(config)

  return passport.authenticate(strategy, {
    scope: ["profile", "email"],
  })(ctx, next)
}

exports.googleAuth = async (ctx, next) => {
  const db = new CouchDB(GLOBAL_DB)

  const config = await authPkg.db.determineScopedConfig(db, {
    type: Configs.GOOGLE,
    group: ctx.query.group,
  })
  const strategy = await google.strategyFactory(config)

  return passport.authenticate(
    strategy,
    { successRedirect: "/", failureRedirect: "/error" },
    async (err, user) => {
      authInternal(ctx, user, err)

      ctx.redirect("/")
    }
  )(ctx, next)
}
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00			`const authPkg = require("@budibase/auth")`
google login reading from couch 2021-04-22 08:08:04 +12:00			`const { google } = require("@budibase/auth/src/middleware")`
Updating auth middleware to accomodate public endpoints for the server properly and some refactoring. 2021-04-29 05:13:21 +12:00			`const { Configs } = require("../../../constants")`
			`const CouchDB = require("../../../db")`
Fleshed out fully all redis interactions for invitations and password resets. 2021-05-05 23:11:06 +12:00			`const { sendEmail, isEmailConfigured } = require("../../../utilities/email")`
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`const { clearCookie, getGlobalUserByEmail } = authPkg.utils`
fix imports 2021-04-23 02:27:09 +12:00			`const { Cookies } = authPkg.constants`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00			`const { passport } = authPkg.auth`
basic couchDB authentication using passport 2021-04-02 08:34:43 +13:00
scoped configuration management 2021-04-23 00:46:54 +12:00			`const GLOBAL_DB = authPkg.StaticDatabases.GLOBAL.name`

Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`function authInternal(ctx, user, err = null) {`
			`if (err) {`
			`return ctx.throw(403, "Unauthorized")`
			`}`
groundwork for budibase auth lib 2021-04-07 22:33:16 +12:00
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`const expires = new Date()`
			`expires.setDate(expires.getDate() + 1)`
JWT auth on admin endpoints 2021-04-08 02:15:05 +12:00
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`if (!user) {`
			`return ctx.throw(403, "Unauthorized")`
			`}`
builder login 2021-04-12 21:47:48 +12:00
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`ctx.cookies.set(Cookies.Auth, user.token, {`
			`expires,`
			`path: "/",`
			`httpOnly: false,`
			`overwrite: true,`
			`})`
			`}`

			`exports.authenticate = async (ctx, next) => {`
			`return passport.authenticate("local", async (err, user) => {`
Fixing login issue. 2021-04-29 01:28:25 +12:00			`authInternal(ctx, user, err)`
JWT auth on admin endpoints 2021-04-08 02:15:05 +12:00
builder login 2021-04-12 21:47:48 +12:00			`delete user.token`

Some changes to initial login form, improvements based on testing and attempts to fix cypress test failures. 2021-04-16 02:57:55 +12:00			`ctx.body = { user }`
basic couchDB authentication using passport 2021-04-02 08:34:43 +13:00			`})(ctx, next)`
			`}`
login page 2021-04-11 22:35:55 +12:00
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`/**`
			`* Reset the user password, used as part of a forgotten password flow.`
			`*/`
			`exports.reset = async ctx => {`
			`const { email } = ctx.request.body`
Fleshed out fully all redis interactions for invitations and password resets. 2021-05-05 23:11:06 +12:00			`const configured = await isEmailConfigured()`
			`if (!configured) {`
			`throw "Please contact your platform administrator, SMTP is not configured."`
			`}`
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`try {`
Fleshed out fully all redis interactions for invitations and password resets. 2021-05-05 23:11:06 +12:00			`const user = await getGlobalUserByEmail(email)`
			`sendEmail()`
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`} catch (err) {`
			`// don't throw any kind of error to the user, this might give away something`
			`}`
Fleshed out fully all redis interactions for invitations and password resets. 2021-05-05 23:11:06 +12:00			`ctx.body = {`
Formatting. 2021-05-05 23:11:31 +12:00			`message: "If user exists an email has been sent.",`
Fleshed out fully all redis interactions for invitations and password resets. 2021-05-05 23:11:06 +12:00			`}`
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`}`

logout button 2021-04-14 00:56:28 +12:00			`exports.logout = async ctx => {`
ensuring public users can log in after being assigned a roleId 2021-04-14 03:56:45 +12:00			`clearCookie(ctx, Cookies.Auth)`
merge 2021-04-16 03:49:35 +12:00			`ctx.body = { message: "User logged out" }`
logout button 2021-04-14 00:56:28 +12:00			`}`

config specificity 2021-04-22 22:45:22 +12:00			`/**`
			`* The initial call that google authentication makes to take you to the google login screen.`
			`* On a successful login, you will be redirected to the googleAuth callback route.`
			`*/`
google login reading from couch 2021-04-22 08:08:04 +12:00			`exports.googlePreAuth = async (ctx, next) => {`
scoped configuration management 2021-04-23 00:46:54 +12:00			`const db = new CouchDB(GLOBAL_DB)`
fix imports 2021-04-23 02:27:09 +12:00			`const config = await authPkg.db.determineScopedConfig(db, {`
config specificity 2021-04-22 22:45:22 +12:00			`type: Configs.GOOGLE,`
			`group: ctx.query.group,`
			`})`
scoped configuration management 2021-04-23 00:46:54 +12:00			`const strategy = await google.strategyFactory(config)`
google login reading from couch 2021-04-22 08:08:04 +12:00
			`return passport.authenticate(strategy, {`
			`scope: ["profile", "email"],`
			`})(ctx, next)`
			`}`
custom google middleware 2021-04-22 05:40:32 +12:00
google auth E2E 2021-04-21 23:12:22 +12:00			`exports.googleAuth = async (ctx, next) => {`
scoped configuration management 2021-04-23 00:46:54 +12:00			`const db = new CouchDB(GLOBAL_DB)`

fix imports 2021-04-23 02:27:09 +12:00			`const config = await authPkg.db.determineScopedConfig(db, {`
lint 2021-04-22 22:48:37 +12:00			`type: Configs.GOOGLE,`
			`group: ctx.query.group,`
			`})`
scoped configuration management 2021-04-23 00:46:54 +12:00			`const strategy = await google.strategyFactory(config)`
google login reading from couch 2021-04-22 08:08:04 +12:00
google auth E2E 2021-04-21 23:12:22 +12:00			`return passport.authenticate(`
google login reading from couch 2021-04-22 08:08:04 +12:00			`strategy,`
			`{ successRedirect: "/", failureRedirect: "/error" },`
google auth E2E 2021-04-21 23:12:22 +12:00			`async (err, user) => {`
Adding a redis client to the auth system, as part of work towards the reset password flow. 2021-04-28 04:29:05 +12:00			`authInternal(ctx, user, err)`
google auth E2E 2021-04-21 23:12:22 +12:00
			`ctx.redirect("/")`
			`}`
			`)(ctx, next)`
login page 2021-04-11 22:35:55 +12:00			`}`