ensuring public users can log in after being assigned a roleId

2024-06-28 02:50:50 +12:00 · 2021-04-13 16:56:45 +01:00 · 2021-04-13 16:56:45 +01:00 · 06f3b1fbad
parent 7e6855262b
commit 06f3b1fbad
5 changed files with 10 additions and 45 deletions
--- a/packages/client/src/api/auth.js
+++ b/packages/client/src/api/auth.js
@ -13,8 +13,8 @@ export const logIn = async ({ email, password }) => {
    return API.error("Please enter your password")
  }
  return await API.post({
-    url: "/api/authenticate",
-    body: { email, password },
+    url: "/api/admin/auth",
+    body: { username: email, password },
  })
 }

--- a/packages/client/src/store/auth.js
+++ b/packages/client/src/store/auth.js
@ -19,8 +19,8 @@ const createAuthStore = () => {

  // Logs a user in
  const logIn = async ({ email, password }) => {
-    const user = await API.logIn({ email, password })
-    if (!user.error) {
+    const auth = await API.logIn({ email, password })
+    if (auth.success) {
      await fetchUser()
      await initialise()
      goToDefaultRoute()
@ -30,12 +30,7 @@ const createAuthStore = () => {
  // Logs a user out
  const logOut = async () => {
    store.set(null)
-    const appId = get(builderStore).appId
-    if (appId) {
-      for (let environment of ["local", "cloud"]) {
-        window.document.cookie = `budibase:${appId}:${environment}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;`
-      }
-    }
+    window.document.cookie = `budibase:auth=; budibase:currentapp=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;`
    await initialise()
    goToDefaultRoute()
  }
--- a/packages/server/src/middleware/currentapp.js
+++ b/packages/server/src/middleware/currentapp.js
@ -23,8 +23,11 @@ module.exports = async (ctx, next) => {
    roleId = BUILTIN_ROLE_IDS.PUBLIC
  } else if (
    requestAppId != null &&
-    (appCookie == null || requestAppId !== appCookie.appId)
+    (appCookie == null ||
+      requestAppId !== appCookie.appId ||
+      appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC)
  ) {
+    // Different App ID means cookie needs reset, or if the same public user has logged in
    const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user.email)
    updateCookie = true
    appId = requestAppId
--- a/packages/server/src/utilities/builder/setBuilderToken.js
+++ b/packages/server/src/utilities/builder/setBuilderToken.js
@ -1,33 +0,0 @@
-const { BUILTIN_ROLE_IDS } = require("../security/roles")
-const env = require("../../environment")
-const CouchDB = require("../../db")
-const jwt = require("jsonwebtoken")
-const { DocumentTypes, SEPARATOR } = require("../../db/utils")
-const { setCookie } = require("@budibase/auth")
-// const { setCookie, clearCookie } = require("../index")
-// const APP_PREFIX = DocumentTypes.APP + SEPARATOR
-
-module.exports = async (ctx, appId, version) => {
-  // const builderUser = {
-  //   userId: "BUILDER",
-  //   roleId: BUILTIN_ROLE_IDS.BUILDER,
-  //   version,
-  // }
-  // if (env.BUDIBASE_API_KEY) {
-  //   builderUser.apiKey = env.BUDIBASE_API_KEY
-  // }
-  // const token = jwt.sign(builderUser, ctx.config.jwtSecret, {
-  //   expiresIn: "30 days",
-  // })
-
-  // set the builder token
-  // setCookie(ctx, token, "builder")
-  // setCookie(ctx, appId, "currentapp")
-  // need to clear all app tokens or else unable to use the app in the builder
-  // let allDbNames = await CouchDB.allDbs()
-  // allDbNames.map(dbName => {
-  //   if (dbName.startsWith(APP_PREFIX)) {
-  //     clearCookie(ctx, dbName)
-  //   }
-  // })
-}
--- a/packages/worker/src/api/controllers/auth.js
+++ b/packages/worker/src/api/controllers/auth.js
@ -28,7 +28,7 @@ exports.authenticate = async (ctx, next) => {
 }

 exports.logout = async ctx => {
-  clearCookie(Cookies.Auth)
+  clearCookie(ctx, Cookies.Auth)
  ctx.body = { success: true }
 }