budibase/packages/worker/src/api/controllers/admin/users.js

const CouchDB = require("../../../db")
const {
  generateGlobalUserID,
  getGlobalUserParams,
  StaticDatabases,
} = require("@budibase/auth").db
const { hash, getGlobalUserByEmail } = require("@budibase/auth").utils
const { UserStatus } = require("../../../constants")

const FIRST_USER_EMAIL = "test@test.com"
const FIRST_USER_PASSWORD = "test"
const GLOBAL_DB = StaticDatabases.GLOBAL.name

exports.save = async ctx => {
  const db = new CouchDB(GLOBAL_DB)
  const { email, password, _id } = ctx.request.body

  // make sure another user isn't using the same email
  const dbUser = await getGlobalUserByEmail(email)
  if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
    ctx.throw(400, "Email address already in use.")
  }

  // get the password, make sure one is defined
  let hashedPassword
  if (password) {
    hashedPassword = await hash(password)
  } else if (dbUser) {
    hashedPassword = dbUser.password
  } else {
    ctx.throw(400, "Password must be specified.")
  }

  let user = {
    ...dbUser,
    ...ctx.request.body,
    _id: _id || generateGlobalUserID(),
    password: hashedPassword,
  }
  // add the active status to a user if its not provided
  if (user.status == null) {
    user.status = UserStatus.ACTIVE
  }
  try {
    const response = await db.post({
      password: hashedPassword,
      ...user,
    })
    ctx.body = {
      _id: response.id,
      _rev: response.rev,
      email,
    }
  } catch (err) {
    if (err.status === 409) {
      ctx.throw(400, "User exists already")
    } else {
      ctx.throw(err.status, err)
    }
  }
}

exports.firstUser = async ctx => {
  const existing = await getGlobalUserByEmail(FIRST_USER_EMAIL)
  const params = {}
  if (existing) {
    params._id = existing._id
    params._rev = existing._rev
  }
  ctx.request.body = {
    ...params,
    email: FIRST_USER_EMAIL,
    password: FIRST_USER_PASSWORD,
    roles: {},
    builder: {
      global: true,
    },
  }
  await exports.save(ctx)
}

exports.destroy = async ctx => {
  const db = new CouchDB(GLOBAL_DB)
  const dbUser = await db.get(ctx.params.id)
  await db.remove(dbUser._id, dbUser._rev)
  ctx.body = {
    message: `User ${ctx.params.id} deleted.`,
  }
}

// called internally by app server user fetch
exports.fetch = async ctx => {
  const db = new CouchDB(GLOBAL_DB)
  const response = await db.allDocs(
    getGlobalUserParams(null, {
      include_docs: true,
    })
  )
  const users = response.rows.map(row => row.doc)
  // user hashed password shouldn't ever be returned
  for (let user of users) {
    if (user) {
      delete user.password
    }
  }
  ctx.body = users
}

// called internally by app server user find
exports.find = async ctx => {
  const db = new CouchDB(GLOBAL_DB)
  let user
  try {
    user = await db.get(ctx.params.id)
  } catch (err) {
    // no user found, just return nothing
    user = {}
  }
  if (user) {
    delete user.password
  }
  ctx.body = user
}
basic group apis 2021-04-19 22:34:07 +12:00			`const CouchDB = require("../../../db")`
			`const {`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`generateGlobalUserID,`
			`getGlobalUserParams,`
basic group apis 2021-04-19 22:34:07 +12:00			`StaticDatabases,`
Some re-work of the auth package, making it a bit easier to use/less likely to make a mistake. 2021-04-22 03:42:44 +12:00			`} = require("@budibase/auth").db`
			`const { hash, getGlobalUserByEmail } = require("@budibase/auth").utils`
basic group apis 2021-04-19 22:34:07 +12:00			`const { UserStatus } = require("../../../constants")`

Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`const FIRST_USER_EMAIL = "test@test.com"`
			`const FIRST_USER_PASSWORD = "test"`
merge 2021-04-19 22:38:54 +12:00			`const GLOBAL_DB = StaticDatabases.GLOBAL.name`
basic group apis 2021-04-19 22:34:07 +12:00
Major update, fixing email test case. 2021-04-24 05:54:12 +12:00			`exports.save = async ctx => {`
merge 2021-04-19 22:38:54 +12:00			`const db = new CouchDB(GLOBAL_DB)`
basic group apis 2021-04-19 22:34:07 +12:00			`const { email, password, _id } = ctx.request.body`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00
			`// make sure another user isn't using the same email`
			`const dbUser = await getGlobalUserByEmail(email)`
			`if (dbUser != null && (dbUser._id !== _id \|\| Array.isArray(dbUser))) {`
			`ctx.throw(400, "Email address already in use.")`
			`}`

			`// get the password, make sure one is defined`
			`let hashedPassword`
			`if (password) {`
			`hashedPassword = await hash(password)`
			`} else if (dbUser) {`
			`hashedPassword = dbUser.password`
			`} else {`
			`ctx.throw(400, "Password must be specified.")`
			`}`

basic group apis 2021-04-19 22:34:07 +12:00			`let user = {`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`...dbUser,`
basic group apis 2021-04-19 22:34:07 +12:00			`...ctx.request.body,`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`_id: _id \|\| generateGlobalUserID(),`
basic group apis 2021-04-19 22:34:07 +12:00			`password: hashedPassword,`
			`}`
			`// add the active status to a user if its not provided`
			`if (user.status == null) {`
			`user.status = UserStatus.ACTIVE`
			`}`
			`try {`
			`const response = await db.post({`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`password: hashedPassword,`
basic group apis 2021-04-19 22:34:07 +12:00			`...user,`
			`})`
			`ctx.body = {`
			`_id: response.id,`
			`_rev: response.rev,`
			`email,`
			`}`
			`} catch (err) {`
			`if (err.status === 409) {`
			`ctx.throw(400, "User exists already")`
			`} else {`
			`ctx.throw(err.status, err)`
			`}`
			`}`
			`}`

Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`exports.firstUser = async ctx => {`
Fixing login issue. 2021-04-29 01:28:25 +12:00			`const existing = await getGlobalUserByEmail(FIRST_USER_EMAIL)`
			`const params = {}`
			`if (existing) {`
			`params._id = existing._id`
			`params._rev = existing._rev`
			`}`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`ctx.request.body = {`
Fixing login issue. 2021-04-29 01:28:25 +12:00			`...params,`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`email: FIRST_USER_EMAIL,`
			`password: FIRST_USER_PASSWORD,`
			`roles: {},`
			`builder: {`
			`global: true,`
			`},`
			`}`
Major update, fixing email test case. 2021-04-24 05:54:12 +12:00			`await exports.save(ctx)`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`}`

Major update, fixing email test case. 2021-04-24 05:54:12 +12:00			`exports.destroy = async ctx => {`
merge 2021-04-19 22:38:54 +12:00			`const db = new CouchDB(GLOBAL_DB)`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`const dbUser = await db.get(ctx.params.id)`
basic group apis 2021-04-19 22:34:07 +12:00			`await db.remove(dbUser._id, dbUser._rev)`
			`ctx.body = {`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			message: `User ${ctx.params.id} deleted.`,
basic group apis 2021-04-19 22:34:07 +12:00			`}`
			`}`

			`// called internally by app server user fetch`
Major update, fixing email test case. 2021-04-24 05:54:12 +12:00			`exports.fetch = async ctx => {`
merge 2021-04-19 22:38:54 +12:00			`const db = new CouchDB(GLOBAL_DB)`
basic group apis 2021-04-19 22:34:07 +12:00			`const response = await db.allDocs(`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`getGlobalUserParams(null, {`
basic group apis 2021-04-19 22:34:07 +12:00			`include_docs: true,`
			`})`
			`)`
			`const users = response.rows.map(row => row.doc)`
			`// user hashed password shouldn't ever be returned`
			`for (let user of users) {`
			`if (user) {`
			`delete user.password`
			`}`
			`}`
			`ctx.body = users`
			`}`

			`// called internally by app server user find`
Major update, fixing email test case. 2021-04-24 05:54:12 +12:00			`exports.find = async ctx => {`
merge 2021-04-19 22:38:54 +12:00			`const db = new CouchDB(GLOBAL_DB)`
basic group apis 2021-04-19 22:34:07 +12:00			`let user`
			`try {`
Swapping over everything to use the new user ID and updating everything after some end to end testing. 2021-04-21 04:17:44 +12:00			`user = await db.get(ctx.params.id)`
basic group apis 2021-04-19 22:34:07 +12:00			`} catch (err) {`
			`// no user found, just return nothing`
			`user = {}`
			`}`
			`if (user) {`
			`delete user.password`
			`}`
			`ctx.body = user`
			`}`