Remove all app cookie references (not really needed anymore)

packages/backend-core/src/auth/auth.ts

@@ -199,7 +199,6 @@ export async function platformLogout(opts: PlatformLogoutOpts) {
   } else {
     // clear cookies
     clearCookie(ctx, Cookie.Auth)
-    clearCookie(ctx, Cookie.CurrentApp)
   }
 
   const sessionIds = sessions.map(({ sessionId }) => sessionId)

packages/backend-core/src/constants/misc.ts

@@ -4,7 +4,6 @@ export enum UserStatus {
 }
 
 export enum Cookie {
-  CurrentApp = "budibase:currentapp",
   Auth = "budibase:auth",
   Init = "budibase:init",
   ACCOUNT_RETURN_URL = "budibase:account:returnurl",

packages/server/src/middleware/currentapp.ts

@@ -2,7 +2,6 @@ import {
   utils,
   constants,
   roles,
-  db as dbCore,
   tenancy,
   context,
 } from "@budibase/backend-core"
@@ -15,29 +14,10 @@ import { UserCtx } from "@budibase/types"
 export default async (ctx: UserCtx, next: any) => {
   // try to get the appID from the request
   let requestAppId = await utils.getAppIdFromCtx(ctx)
-  // get app cookie if it exists
+  if (!requestAppId) {
-  let appCookie: { appId?: string } | undefined
-  try {
-    appCookie = utils.getCookie(ctx, constants.Cookie.CurrentApp)
-  } catch (err) {
-    utils.clearCookie(ctx, constants.Cookie.CurrentApp)
-  }
-  if (!appCookie && !requestAppId) {
     return next()
   }
 
-  // check the app exists referenced in cookie
-  if (appCookie) {
-    const appId = appCookie.appId
-    const exists = await dbCore.dbExists(appId)
-    if (!exists) {
-      utils.clearCookie(ctx, constants.Cookie.CurrentApp)
-      return next()
-    }
-    // if the request app ID wasn't set, update it with the cookie
-    requestAppId = requestAppId || appId
-  }
-
   // deny access to application preview
   if (!env.isTest()) {
     if (
@@ -45,7 +25,6 @@ export default async (ctx: UserCtx, next: any) => {
       !isWebhookEndpoint(ctx) &&
       (!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
     ) {
-      utils.clearCookie(ctx, constants.Cookie.CurrentApp)
       return ctx.redirect("/")
     }
   }
@@ -127,14 +106,6 @@ export default async (ctx: UserCtx, next: any) => {
         role: await roles.getRole(roleId),
       }
     }
-    if (
-      (requestAppId !== appId ||
-        appCookie == null ||
-        appCookie.appId !== requestAppId) &&
-      !skipCookie
-    ) {
-      utils.setCookie(ctx, { appId }, constants.Cookie.CurrentApp)
-    }
 
     return next()
   })

packages/server/src/tests/utilities/TestConfiguration.ts

@@ -330,21 +330,13 @@ class TestConfiguration {
         sessionId: "sessionid",
         tenantId: this.getTenantId(),
       }
-      const app = {
-        roleId: roleId,
-        appId,
-      }
       const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET)
-      const appToken = auth.jwt.sign(app, coreEnv.JWT_SECRET)
 
       // returning necessary request headers
       await cache.user.invalidateUser(userId)
       return {
         Accept: "application/json",
-        Cookie: [
+        Cookie: [`${constants.Cookie.Auth}=${authToken}`],
-          `${constants.Cookie.Auth}=${authToken}`,
-          `${constants.Cookie.CurrentApp}=${appToken}`,
-        ],
         [constants.Header.APP_ID]: appId,
       }
     })
@@ -359,18 +351,11 @@ class TestConfiguration {
       sessionId: "sessionid",
       tenantId,
     }
-    const app = {
-      roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
-      appId: this.appId,
-    }
     const authToken = auth.jwt.sign(authObj, coreEnv.JWT_SECRET)
-    const appToken = auth.jwt.sign(app, coreEnv.JWT_SECRET)
+
     const headers: any = {
       Accept: "application/json",
-      Cookie: [
+      Cookie: [`${constants.Cookie.Auth}=${authToken}`],
-        `${constants.Cookie.Auth}=${authToken}`,
-        `${constants.Cookie.CurrentApp}=${appToken}`,
-      ],
       [constants.Header.CSRF_TOKEN]: this.defaultUserValues.csrfToken,
       Host: this.tenantHost(),
       ...extras,

packages/worker/src/api/controllers/global/auth.ts

@@ -50,11 +50,6 @@ async function passportCallback(
   setCookie(ctx, token, Cookie.Auth, { sign: false })
   // set the token in a header as well for APIs
   ctx.set(Header.TOKEN, token)
-  // get rid of any app cookies on login
-  // have to check test because this breaks cypress
-  if (!env.isTest()) {
-    clearCookie(ctx, Cookie.CurrentApp)
-  }
 }
 
 export const login = async (ctx: Ctx<LoginRequest>, next: any) => {

packages/worker/src/api/controllers/global/self.ts

@@ -2,7 +2,6 @@ import * as userSdk from "../../../sdk/users"
 import {
   featureFlags,
   tenancy,
-  constants,
   db as dbCore,
   utils,
   encryption,
@@ -11,7 +10,7 @@ import {
 import env from "../../../environment"
 import { groups } from "@budibase/pro"
 import { UpdateSelfRequest, UpdateSelfResponse, UserCtx } from "@budibase/types"
-const { getCookie, clearCookie, newid } = utils
+const { newid } = utils
 
 function newTestApiKey() {
   return env.ENCRYPTED_TEST_PUBLIC_API_KEY
@@ -71,16 +70,6 @@ export async function fetchAPIKey(ctx: any) {
   ctx.body = cleanupDevInfo(devInfo)
 }
 
-const checkCurrentApp = (ctx: any) => {
-  const appCookie = getCookie(ctx, constants.Cookie.CurrentApp)
-  if (appCookie && !tenancy.isUserInAppTenant(appCookie.appId)) {
-    // there is a currentapp cookie from another tenant
-    // remove the cookie as this is incompatible with the builder
-    // due to builder and admin permissions being removed
-    clearCookie(ctx, constants.Cookie.CurrentApp)
-  }
-}
-
 /**
  * Add the attributes that are session based to the current user.
  */
@@ -101,8 +90,6 @@ export async function getSelf(ctx: any) {
     id: userId,
   }
 
-  checkCurrentApp(ctx)
-
   // get the main body of the user
   const user = await userSdk.getUser(userId)
   ctx.body = await groups.enrichUserRolesFromGroups(user)