Merge remote-tracking branch 'origin/master' into global-bindings

2024-09-10 14:35:47 +12:00 · 2024-01-05 14:54:07 +00:00 · 2024-01-05 14:54:07 +00:00 · 876bc0a33c
commit 876bc0a33c
parent 659a01dd82 d09ccdaf70
7 changed files with 40 additions and 10 deletions
--- a/hosting/docker-compose.yaml
+++ b/hosting/docker-compose.yaml
@ -26,7 +26,7 @@ services:
      BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
      BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}
      PLUGINS_DIR: ${PLUGINS_DIR}
-      OFFLINE_MODE: ${OFFLINE_MODE}
+      OFFLINE_MODE: ${OFFLINE_MODE:-}
    depends_on:
      - worker-service
      - redis-service
@ -53,7 +53,7 @@ services:
      INTERNAL_API_KEY: ${INTERNAL_API_KEY}
      REDIS_URL: redis-service:6379
      REDIS_PASSWORD: ${REDIS_PASSWORD}
-      OFFLINE_MODE: ${OFFLINE_MODE}
+      OFFLINE_MODE: ${OFFLINE_MODE:-}
    depends_on:
      - redis-service
      - minio-service
--- a/packages/backend-core/src/environment.ts
+++ b/packages/backend-core/src/environment.ts
@ -166,6 +166,8 @@ const environment = {
  DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
  BLACKLIST_IPS: process.env.BLACKLIST_IPS,
  SERVICE_TYPE: "unknown",
+  PASSWORD_MIN_LENGTH: process.env.PASSWORD_MIN_LENGTH,
+  PASSWORD_MAX_LENGTH: process.env.PASSWORD_MAX_LENGTH,
  /**
   * Enable to allow an admin user to login using a password.
   * This can be useful to prevent lockout when configuring SSO.
--- a/packages/backend-core/src/middleware/authenticated.ts
+++ b/packages/backend-core/src/middleware/authenticated.ts
@ -15,6 +15,7 @@ import * as identity from "../context/identity"
 import env from "../environment"
 import { Ctx, EndpointMatcher, SessionCookie } from "@budibase/types"
 import { InvalidAPIKeyError, ErrorCode } from "../errors"
+import tracer from "dd-trace"

 const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
  ? parseInt(env.SESSION_UPDATE_PERIOD)
@ -166,6 +167,19 @@ export default function (
      if (!authenticated) {
        authenticated = false
      }
+
+      if (user) {
+        tracer.setUser({
+          id: user?._id,
+          tenantId: user?.tenantId,
+          admin: user?.admin,
+          builder: user?.builder,
+          budibaseAccess: user?.budibaseAccess,
+          status: user?.status,
+          roles: user?.roles,
+        })
+      }
+
      // isAuthenticated is a function, so use a variable to be able to check authed state
      finalise(ctx, { authenticated, user, internal, version, publicEndpoint })

--- a/packages/backend-core/src/security/auth.ts
+++ b/packages/backend-core/src/security/auth.ts
@ -1,7 +1,7 @@
-import { env } from ".."
+import env from "../environment"

-export const PASSWORD_MIN_LENGTH = +(process.env.PASSWORD_MIN_LENGTH || 8)
-export const PASSWORD_MAX_LENGTH = +(process.env.PASSWORD_MAX_LENGTH || 512)
+export const PASSWORD_MIN_LENGTH = +(env.PASSWORD_MIN_LENGTH || 8)
+export const PASSWORD_MAX_LENGTH = +(env.PASSWORD_MAX_LENGTH || 512)

 export function validatePassword(
  password: string
--- a/packages/backend-core/src/users/db.ts
+++ b/packages/backend-core/src/users/db.ts
@ -44,6 +44,12 @@ type GroupFns = {
  getBulk: GroupGetFn
  getGroupBuilderAppIds: GroupBuildersFn
 }
+type CreateAdminUserOpts = {
+  ssoId?: string
+  hashPassword?: boolean
+  requirePassword?: boolean
+  skipPasswordValidation?: boolean
+}
 type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }

 const bulkDeleteProcessing = async (dbUser: User) => {
@ -112,9 +118,11 @@ export class UserDB {
        throw new HTTPError("Password change is disabled for this user", 400)
      }

-      const passwordValidation = validatePassword(password)
-      if (!passwordValidation.valid) {
-        throw new HTTPError(passwordValidation.error, 400)
+      if (!opts.skipPasswordValidation) {
+        const passwordValidation = validatePassword(password)
+        if (!passwordValidation.valid) {
+          throw new HTTPError(passwordValidation.error, 400)
+        }
      }

      hashedPassword = opts.hashPassword ? await hash(password) : password
@ -489,7 +497,7 @@ export class UserDB {
    email: string,
    password: string,
    tenantId: string,
-    opts?: { ssoId?: string; hashPassword?: boolean; requirePassword?: boolean }
+    opts?: CreateAdminUserOpts
  ) {
    const user: User = {
      email: email,
@ -513,6 +521,7 @@ export class UserDB {
    return await UserDB.save(user, {
      hashPassword: opts?.hashPassword,
      requirePassword: opts?.requirePassword,
+      skipPasswordValidation: opts?.skipPasswordValidation,
    })
  }

--- a/packages/server/src/startup.ts
+++ b/packages/server/src/startup.ts
@ -138,7 +138,11 @@ export async function startup(app?: Koa, server?: Server) {
            bbAdminEmail,
            bbAdminPassword,
            tenantId,
-            { hashPassword: true, requirePassword: true }
+            {
+              hashPassword: true,
+              requirePassword: true,
+              skipPasswordValidation: true,
+            }
          )
          // Need to set up an API key for automated integration tests
          if (env.isTest()) {
--- a/packages/types/src/sdk/user.ts
+++ b/packages/types/src/sdk/user.ts
@ -2,4 +2,5 @@ export interface SaveUserOpts {
  hashPassword?: boolean
  requirePassword?: boolean
  currentUserId?: string
+  skipPasswordValidation?: boolean
 }