From 0dfae96e52f947bcaf2ab6ec6ccff5a5dc03a7fe Mon Sep 17 00:00:00 2001 From: Rory Powell Date: Wed, 29 Sep 2021 16:41:58 +0100 Subject: [PATCH] Respect tenant in url in UI app. Reject tenant and session mismatch --- .../builder/src/pages/builder/_layout.svelte | 21 +++++++++++++++++++ packages/builder/src/stores/portal/auth.js | 1 + 2 files changed, 22 insertions(+) diff --git a/packages/builder/src/pages/builder/_layout.svelte b/packages/builder/src/pages/builder/_layout.svelte index 4b296854b6..f4715b3017 100644 --- a/packages/builder/src/pages/builder/_layout.svelte +++ b/packages/builder/src/pages/builder/_layout.svelte @@ -9,10 +9,31 @@ $: hasAdminUser = $admin?.checklist?.adminUser?.checked $: tenantSet = $auth.tenantSet $: cloud = $admin.cloud + $: user = $auth.user + + const validateTenantId = async () => { + // set the tenant from the url in the cloud + const tenantId = window.location.host.split(".")[0] + + if (!tenantId.includes("localhost:")) { + // user doesn't have permission to access this tenant - kick them out + if (user && user.tenantId && user.tenantId !== tenantId) { + await auth.logout() + await auth.setOrganisation(null) + } else { + await auth.setOrganisation(tenantId) + } + } + } onMount(async () => { await auth.checkAuth() await admin.init() + + if (cloud && multiTenancyEnabled) { + await validateTenantId() + } + loaded = true }) diff --git a/packages/builder/src/stores/portal/auth.js b/packages/builder/src/stores/portal/auth.js index 95157e3f93..f522095473 100644 --- a/packages/builder/src/stores/portal/auth.js +++ b/packages/builder/src/stores/portal/auth.js @@ -80,6 +80,7 @@ export function createAuthStore() { return { subscribe: store.subscribe, + setOrganisation: setOrganisation, checkQueryString: async () => { const urlParams = new URLSearchParams(window.location.search) if (urlParams.has("tenantId")) {