From 65b3561244af009815b1a53e93f4c35511d64d84 Mon Sep 17 00:00:00 2001 From: Maurits Lourens Date: Tue, 29 Mar 2022 10:06:54 +0200 Subject: [PATCH 1/5] invalidate sessions before login --- packages/backend-core/src/middleware/passport/local.js | 8 +++++++- .../src/middleware/passport/third-party-common.js | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/packages/backend-core/src/middleware/passport/local.js b/packages/backend-core/src/middleware/passport/local.js index 2149bd3e18..f3921bea51 100644 --- a/packages/backend-core/src/middleware/passport/local.js +++ b/packages/backend-core/src/middleware/passport/local.js @@ -5,7 +5,10 @@ const env = require("../../environment") const { getGlobalUserByEmail } = require("../../utils") const { authError } = require("./utils") const { newid } = require("../../hashing") -const { createASession } = require("../../security/sessions") +const { + createASession, + invalidateSessions, +} = require("../../security/sessions") const { getTenantId } = require("../../tenancy") const INVALID_ERR = "Invalid credentials" @@ -53,6 +56,9 @@ exports.authenticate = async function (ctx, email, password, done) { // authenticate if (await compare(password, dbUser.password)) { + // invalidate all other sessions + await invalidateSessions(dbUser._id) + const sessionId = newid() const tenantId = getTenantId() await createASession(dbUser._id, { sessionId, tenantId }) diff --git a/packages/backend-core/src/middleware/passport/third-party-common.js b/packages/backend-core/src/middleware/passport/third-party-common.js index b467c0b10b..32be3f474a 100644 --- a/packages/backend-core/src/middleware/passport/third-party-common.js +++ b/packages/backend-core/src/middleware/passport/third-party-common.js @@ -4,7 +4,10 @@ const { generateGlobalUserID } = require("../../db/utils") const { saveUser } = require("../../utils") const { authError } = require("./utils") const { newid } = require("../../hashing") -const { createASession } = require("../../security/sessions") +const { + createASession, + invalidateSessions, +} = require("../../security/sessions") const { getGlobalUserByEmail } = require("../../utils") const { getGlobalDB, getTenantId } = require("../../tenancy") const fetch = require("node-fetch") @@ -76,6 +79,9 @@ exports.authenticateThirdParty = async function ( // never prompt for password reset dbUser.forceResetPassword = false + // invalidate all other sessions + await invalidateSessions(dbUser._id) + // create or sync the user let response try { From 5f91841a261996a07f73cd16242f7dc8a98b93cc Mon Sep 17 00:00:00 2001 From: Maurits Lourens Date: Tue, 29 Mar 2022 11:59:16 +0200 Subject: [PATCH 2/5] move invalidation to the creation of a session --- packages/backend-core/src/middleware/passport/local.js | 8 +------- .../src/middleware/passport/third-party-common.js | 8 +------- packages/backend-core/src/security/sessions.js | 3 +++ 3 files changed, 5 insertions(+), 14 deletions(-) diff --git a/packages/backend-core/src/middleware/passport/local.js b/packages/backend-core/src/middleware/passport/local.js index f3921bea51..2149bd3e18 100644 --- a/packages/backend-core/src/middleware/passport/local.js +++ b/packages/backend-core/src/middleware/passport/local.js @@ -5,10 +5,7 @@ const env = require("../../environment") const { getGlobalUserByEmail } = require("../../utils") const { authError } = require("./utils") const { newid } = require("../../hashing") -const { - createASession, - invalidateSessions, -} = require("../../security/sessions") +const { createASession } = require("../../security/sessions") const { getTenantId } = require("../../tenancy") const INVALID_ERR = "Invalid credentials" @@ -56,9 +53,6 @@ exports.authenticate = async function (ctx, email, password, done) { // authenticate if (await compare(password, dbUser.password)) { - // invalidate all other sessions - await invalidateSessions(dbUser._id) - const sessionId = newid() const tenantId = getTenantId() await createASession(dbUser._id, { sessionId, tenantId }) diff --git a/packages/backend-core/src/middleware/passport/third-party-common.js b/packages/backend-core/src/middleware/passport/third-party-common.js index 32be3f474a..b467c0b10b 100644 --- a/packages/backend-core/src/middleware/passport/third-party-common.js +++ b/packages/backend-core/src/middleware/passport/third-party-common.js @@ -4,10 +4,7 @@ const { generateGlobalUserID } = require("../../db/utils") const { saveUser } = require("../../utils") const { authError } = require("./utils") const { newid } = require("../../hashing") -const { - createASession, - invalidateSessions, -} = require("../../security/sessions") +const { createASession } = require("../../security/sessions") const { getGlobalUserByEmail } = require("../../utils") const { getGlobalDB, getTenantId } = require("../../tenancy") const fetch = require("node-fetch") @@ -79,9 +76,6 @@ exports.authenticateThirdParty = async function ( // never prompt for password reset dbUser.forceResetPassword = false - // invalidate all other sessions - await invalidateSessions(dbUser._id) - // create or sync the user let response try { diff --git a/packages/backend-core/src/security/sessions.js b/packages/backend-core/src/security/sessions.js index bbe6be299d..cd0405c0c9 100644 --- a/packages/backend-core/src/security/sessions.js +++ b/packages/backend-core/src/security/sessions.js @@ -15,6 +15,9 @@ function makeSessionID(userId, sessionId) { } exports.createASession = async (userId, session) => { + // invalidate all other sessions + await this.invalidateSessions(userId) + const client = await redis.getSessionClient() const sessionId = session.sessionId if (!session.csrfToken) { From eb4206cc55f6fbcbd660941c326a47d96aad7ef7 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Wed, 6 Apr 2022 17:31:59 +0100 Subject: [PATCH 3/5] Move settings bar below element if at very top --- packages/client/src/components/preview/SettingsBar.svelte | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/client/src/components/preview/SettingsBar.svelte b/packages/client/src/components/preview/SettingsBar.svelte index c5ad8bef6c..05df1ef898 100644 --- a/packages/client/src/components/preview/SettingsBar.svelte +++ b/packages/client/src/components/preview/SettingsBar.svelte @@ -66,6 +66,11 @@ newTop = deviceBottom - 44 } + //If element is at the very top of the screen, put the bar below the element + if (elBounds.top < elBounds.height) { + newTop = elBounds.bottom + verticalOffset + } + // Horizontally, try to center first. // Failing that, render to left edge of component. // Failing that, render to right edge of component, From bb7c4e1d41608b04539467c7fa770f27815e5518 Mon Sep 17 00:00:00 2001 From: Budibase Staging Release Bot <> Date: Wed, 6 Apr 2022 20:15:30 +0000 Subject: [PATCH 4/5] v1.0.105-alpha.6 --- lerna.json | 2 +- packages/backend-core/package.json | 2 +- packages/bbui/package.json | 4 ++-- packages/builder/package.json | 10 +++++----- packages/cli/package.json | 2 +- packages/client/package.json | 8 ++++---- packages/frontend-core/package.json | 4 ++-- packages/server/package.json | 8 ++++---- packages/string-templates/package.json | 2 +- packages/worker/package.json | 6 +++--- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lerna.json b/lerna.json index 83d4eae0ac..4127e676b0 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json index 0ce51f147e..8a45c1e0ef 100644 --- a/packages/backend-core/package.json +++ b/packages/backend-core/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/backend-core", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "description": "Budibase backend core libraries used in server and worker", "main": "src/index.js", "author": "Budibase", diff --git a/packages/bbui/package.json b/packages/bbui/package.json index 710ed35636..950cba388b 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "license": "MPL-2.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", @@ -38,7 +38,7 @@ ], "dependencies": { "@adobe/spectrum-css-workflow-icons": "^1.2.1", - "@budibase/string-templates": "^1.0.105-alpha.5", + "@budibase/string-templates": "^1.0.105-alpha.6", "@spectrum-css/actionbutton": "^1.0.1", "@spectrum-css/actiongroup": "^1.0.1", "@spectrum-css/avatar": "^3.0.2", diff --git a/packages/builder/package.json b/packages/builder/package.json index 582120c76f..490a249d3b 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "license": "GPL-3.0", "private": true, "scripts": { @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^1.0.105-alpha.5", - "@budibase/client": "^1.0.105-alpha.5", - "@budibase/frontend-core": "^1.0.105-alpha.5", - "@budibase/string-templates": "^1.0.105-alpha.5", + "@budibase/bbui": "^1.0.105-alpha.6", + "@budibase/client": "^1.0.105-alpha.6", + "@budibase/frontend-core": "^1.0.105-alpha.6", + "@budibase/string-templates": "^1.0.105-alpha.6", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/cli/package.json b/packages/cli/package.json index c74ccabadf..c0b2ddaa68 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/cli", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "description": "Budibase CLI, for developers, self hosting and migrations.", "main": "src/index.js", "bin": { diff --git a/packages/client/package.json b/packages/client/package.json index c5a17da44f..f6d603ca54 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/client", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "license": "MPL-2.0", "module": "dist/budibase-client.js", "main": "dist/budibase-client.js", @@ -19,9 +19,9 @@ "dev:builder": "rollup -cw" }, "dependencies": { - "@budibase/bbui": "^1.0.105-alpha.5", - "@budibase/frontend-core": "^1.0.105-alpha.5", - "@budibase/string-templates": "^1.0.105-alpha.5", + "@budibase/bbui": "^1.0.105-alpha.6", + "@budibase/frontend-core": "^1.0.105-alpha.6", + "@budibase/string-templates": "^1.0.105-alpha.6", "@spectrum-css/button": "^3.0.3", "@spectrum-css/card": "^3.0.3", "@spectrum-css/divider": "^1.0.3", diff --git a/packages/frontend-core/package.json b/packages/frontend-core/package.json index c287793f9d..662fbb2347 100644 --- a/packages/frontend-core/package.json +++ b/packages/frontend-core/package.json @@ -1,12 +1,12 @@ { "name": "@budibase/frontend-core", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "description": "Budibase frontend core libraries used in builder and client", "author": "Budibase", "license": "MPL-2.0", "svelte": "src/index.js", "dependencies": { - "@budibase/bbui": "^1.0.105-alpha.5", + "@budibase/bbui": "^1.0.105-alpha.6", "lodash": "^4.17.21", "svelte": "^3.46.2" } diff --git a/packages/server/package.json b/packages/server/package.json index 6cbbcce867..2fdf043012 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/server", "email": "hi@budibase.com", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "description": "Budibase Web Server", "main": "src/index.ts", "repository": { @@ -68,9 +68,9 @@ "license": "GPL-3.0", "dependencies": { "@apidevtools/swagger-parser": "^10.0.3", - "@budibase/backend-core": "^1.0.105-alpha.5", - "@budibase/client": "^1.0.105-alpha.5", - "@budibase/string-templates": "^1.0.105-alpha.5", + "@budibase/backend-core": "^1.0.105-alpha.6", + "@budibase/client": "^1.0.105-alpha.6", + "@budibase/string-templates": "^1.0.105-alpha.6", "@bull-board/api": "^3.7.0", "@bull-board/koa": "^3.7.0", "@elastic/elasticsearch": "7.10.0", diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json index 1fbd58b007..e2e195ff56 100644 --- a/packages/string-templates/package.json +++ b/packages/string-templates/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/string-templates", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "description": "Handlebars wrapper for Budibase templating.", "main": "src/index.cjs", "module": "dist/bundle.mjs", diff --git a/packages/worker/package.json b/packages/worker/package.json index 6c36405b3e..f07b200f24 100644 --- a/packages/worker/package.json +++ b/packages/worker/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/worker", "email": "hi@budibase.com", - "version": "1.0.105-alpha.5", + "version": "1.0.105-alpha.6", "description": "Budibase background service", "main": "src/index.ts", "repository": { @@ -31,8 +31,8 @@ "author": "Budibase", "license": "GPL-3.0", "dependencies": { - "@budibase/backend-core": "^1.0.105-alpha.5", - "@budibase/string-templates": "^1.0.105-alpha.5", + "@budibase/backend-core": "^1.0.105-alpha.6", + "@budibase/string-templates": "^1.0.105-alpha.6", "@koa/router": "^8.0.0", "@sentry/node": "^6.0.0", "@techpass/passport-openidconnect": "^0.3.0", From 50729710c53c0b1d7a9626d9f7924351587a86e9 Mon Sep 17 00:00:00 2001 From: Budibase Staging Release Bot <> Date: Wed, 6 Apr 2022 21:25:19 +0000 Subject: [PATCH 5/5] v1.0.105-alpha.7 --- lerna.json | 2 +- packages/backend-core/package.json | 2 +- packages/bbui/package.json | 4 ++-- packages/builder/package.json | 10 +++++----- packages/cli/package.json | 2 +- packages/client/package.json | 8 ++++---- packages/frontend-core/package.json | 4 ++-- packages/server/package.json | 8 ++++---- packages/string-templates/package.json | 2 +- packages/worker/package.json | 6 +++--- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lerna.json b/lerna.json index 4127e676b0..27420b844a 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json index 8a45c1e0ef..290d1c4d9d 100644 --- a/packages/backend-core/package.json +++ b/packages/backend-core/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/backend-core", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "description": "Budibase backend core libraries used in server and worker", "main": "src/index.js", "author": "Budibase", diff --git a/packages/bbui/package.json b/packages/bbui/package.json index 950cba388b..8d6b2c3bbd 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "license": "MPL-2.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", @@ -38,7 +38,7 @@ ], "dependencies": { "@adobe/spectrum-css-workflow-icons": "^1.2.1", - "@budibase/string-templates": "^1.0.105-alpha.6", + "@budibase/string-templates": "^1.0.105-alpha.7", "@spectrum-css/actionbutton": "^1.0.1", "@spectrum-css/actiongroup": "^1.0.1", "@spectrum-css/avatar": "^3.0.2", diff --git a/packages/builder/package.json b/packages/builder/package.json index 490a249d3b..e9a6f15c31 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "license": "GPL-3.0", "private": true, "scripts": { @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^1.0.105-alpha.6", - "@budibase/client": "^1.0.105-alpha.6", - "@budibase/frontend-core": "^1.0.105-alpha.6", - "@budibase/string-templates": "^1.0.105-alpha.6", + "@budibase/bbui": "^1.0.105-alpha.7", + "@budibase/client": "^1.0.105-alpha.7", + "@budibase/frontend-core": "^1.0.105-alpha.7", + "@budibase/string-templates": "^1.0.105-alpha.7", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/cli/package.json b/packages/cli/package.json index c0b2ddaa68..dcc53c8584 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/cli", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "description": "Budibase CLI, for developers, self hosting and migrations.", "main": "src/index.js", "bin": { diff --git a/packages/client/package.json b/packages/client/package.json index f6d603ca54..ffee6f4e76 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/client", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "license": "MPL-2.0", "module": "dist/budibase-client.js", "main": "dist/budibase-client.js", @@ -19,9 +19,9 @@ "dev:builder": "rollup -cw" }, "dependencies": { - "@budibase/bbui": "^1.0.105-alpha.6", - "@budibase/frontend-core": "^1.0.105-alpha.6", - "@budibase/string-templates": "^1.0.105-alpha.6", + "@budibase/bbui": "^1.0.105-alpha.7", + "@budibase/frontend-core": "^1.0.105-alpha.7", + "@budibase/string-templates": "^1.0.105-alpha.7", "@spectrum-css/button": "^3.0.3", "@spectrum-css/card": "^3.0.3", "@spectrum-css/divider": "^1.0.3", diff --git a/packages/frontend-core/package.json b/packages/frontend-core/package.json index 662fbb2347..c422d1bd35 100644 --- a/packages/frontend-core/package.json +++ b/packages/frontend-core/package.json @@ -1,12 +1,12 @@ { "name": "@budibase/frontend-core", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "description": "Budibase frontend core libraries used in builder and client", "author": "Budibase", "license": "MPL-2.0", "svelte": "src/index.js", "dependencies": { - "@budibase/bbui": "^1.0.105-alpha.6", + "@budibase/bbui": "^1.0.105-alpha.7", "lodash": "^4.17.21", "svelte": "^3.46.2" } diff --git a/packages/server/package.json b/packages/server/package.json index 2fdf043012..bbbb51ebaf 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/server", "email": "hi@budibase.com", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "description": "Budibase Web Server", "main": "src/index.ts", "repository": { @@ -68,9 +68,9 @@ "license": "GPL-3.0", "dependencies": { "@apidevtools/swagger-parser": "^10.0.3", - "@budibase/backend-core": "^1.0.105-alpha.6", - "@budibase/client": "^1.0.105-alpha.6", - "@budibase/string-templates": "^1.0.105-alpha.6", + "@budibase/backend-core": "^1.0.105-alpha.7", + "@budibase/client": "^1.0.105-alpha.7", + "@budibase/string-templates": "^1.0.105-alpha.7", "@bull-board/api": "^3.7.0", "@bull-board/koa": "^3.7.0", "@elastic/elasticsearch": "7.10.0", diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json index e2e195ff56..15c796e215 100644 --- a/packages/string-templates/package.json +++ b/packages/string-templates/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/string-templates", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "description": "Handlebars wrapper for Budibase templating.", "main": "src/index.cjs", "module": "dist/bundle.mjs", diff --git a/packages/worker/package.json b/packages/worker/package.json index f07b200f24..75f2ca4d94 100644 --- a/packages/worker/package.json +++ b/packages/worker/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/worker", "email": "hi@budibase.com", - "version": "1.0.105-alpha.6", + "version": "1.0.105-alpha.7", "description": "Budibase background service", "main": "src/index.ts", "repository": { @@ -31,8 +31,8 @@ "author": "Budibase", "license": "GPL-3.0", "dependencies": { - "@budibase/backend-core": "^1.0.105-alpha.6", - "@budibase/string-templates": "^1.0.105-alpha.6", + "@budibase/backend-core": "^1.0.105-alpha.7", + "@budibase/string-templates": "^1.0.105-alpha.7", "@koa/router": "^8.0.0", "@sentry/node": "^6.0.0", "@techpass/passport-openidconnect": "^0.3.0",