CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-09-28 23:31:43 +12:00
Code Issues Projects Releases Wiki Activity

Prevent root account users being re-created as internal budibase users

Browse source
This commit is contained in:
Rory Powell 2021-09-28 15:22:19 +01:00
parent c9696145e0
commit 96698f7e07
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/auth/accounts.js Normal file
View file

@ -0,0 +1 @@
module.exports = require("./src/cloud/accounts")

10
packages/worker/src/api/controllers/global/users.js
View file

@ -11,6 +11,7 @@ const { sendEmail } = require("../../../utilities/email")
const { user: userCache } = require("@budibase/auth/cache") const { user: userCache } = require("@budibase/auth/cache")
const { invalidateSessions } = require("@budibase/auth/sessions") const { invalidateSessions } = require("@budibase/auth/sessions")
const CouchDB = require("../../../db") const CouchDB = require("../../../db")
const accounts = require("@budibase/auth/accounts")
const { const {
getGlobalDB, getGlobalDB,
getTenantId, getTenantId,
@ -49,10 +50,19 @@ async function saveUser(
// make sure another user isn't using the same email // make sure another user isn't using the same email
let dbUser let dbUser
if (email) { if (email) {
// check budibase users inside the tenant
dbUser = await getGlobalUserByEmail(email) dbUser = await getGlobalUserByEmail(email)
if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) { if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
throw "Email address already in use." throw "Email address already in use."
} }
// check root account users in account portal
if (!env.SELF_HOSTED) {
const account = await accounts.getAccount(email)
if (account) {
throw "Email address already in use."
}
}
} else { } else {
dbUser = await db.get(_id) dbUser = await db.get(_id)
} }