From ec26d5c7388f32d0380a84eaa3c9acf1652f9f55 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Tue, 12 Oct 2021 16:13:54 +0100
Subject: [PATCH 1/5] SSL support for digitalocean, started utility function
 for BB logout, bunch of minor bug fixes

---
 .github/workflows/budibase.code-workspace     | 10 +++++++
 packages/auth/src/middleware/authenticated.js |  5 ++--
 packages/auth/src/security/sessions.js        | 15 ++++++++---
 packages/auth/src/utils.js                    | 26 ++++++++++++++++++-
 packages/builder/cypress/support/commands.js  |  2 +-
 .../DataTable/modals/CreateEditColumn.svelte  | 10 ++++++-
 .../IntegrationConfigForm.svelte              | 19 +++++++++++++-
 .../modals/CreateDatasourceModal.svelte       |  2 +-
 .../modals/DatasourceConfigModal.svelte       |  2 +-
 .../server/src/automations/steps/discord.js   |  2 +-
 packages/server/src/definitions/datasource.ts |  2 ++
 .../src/integrations/ca-certificate.crt       | 25 ++++++++++++++++++
 packages/server/src/integrations/postgres.ts  | 20 +++++++++++++-
 .../worker/src/api/controllers/global/auth.js |  3 +++
 .../src/api/controllers/global/users.js       |  2 ++
 15 files changed, 131 insertions(+), 14 deletions(-)
 create mode 100644 .github/workflows/budibase.code-workspace
 create mode 100644 packages/server/src/integrations/ca-certificate.crt

diff --git a/.github/workflows/budibase.code-workspace b/.github/workflows/budibase.code-workspace
new file mode 100644
index 0000000000..c8c469300a
--- /dev/null
+++ b/.github/workflows/budibase.code-workspace
@@ -0,0 +1,10 @@
+{
+	"folders": [
+		{
+			"path": "../.."
+		},
+		{
+			"path": "../../../budibase-infra"
+		}
+	]
+}
\ No newline at end of file
diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js
index 944f3ee9d9..4223e7e395 100644
--- a/packages/auth/src/middleware/authenticated.js
+++ b/packages/auth/src/middleware/authenticated.js
@@ -42,8 +42,9 @@ module.exports = (
         internal = false
       if (authCookie) {
         let error = null
-        const sessionId = authCookie.sessionId,
-          userId = authCookie.userId
+        const sessionId = authCookie.sessionId
+        const userId = authCookie.userId
+
         const session = await getSession(userId, sessionId)
         if (!session) {
           error = "No session found"
diff --git a/packages/auth/src/security/sessions.js b/packages/auth/src/security/sessions.js
index 83ca9d9bcd..93c2d0a9ca 100644
--- a/packages/auth/src/security/sessions.js
+++ b/packages/auth/src/security/sessions.js
@@ -24,17 +24,24 @@ exports.createASession = async (userId, session) => {
   await client.store(makeSessionID(userId, sessionId), session, EXPIRY_SECONDS)
 }
 
-exports.invalidateSessions = async (userId, sessionId = null) => {
+exports.invalidateSessions = async (userId, sessionIds = null) => {
   let sessions = []
-  if (sessionId) {
-    sessions.push({ key: makeSessionID(userId, sessionId) })
-  } else {
+
+  // If no sessionIds, get all the sessions for the user
+  if (!sessionIds) {
     sessions = await getSessionsForUser(userId)
     sessions.forEach(
       session =>
         (session.key = makeSessionID(session.userId, session.sessionId))
     )
+  } else {
+    // use the passed array of sessionIds
+    sessions = Array.isArray(sessionIds) ? sessionIds : [sessionIds]
+    sessions = sessions.map(sessionId => ({
+      key: makeSessionID(userId, sessionId),
+    }))
   }
+
   const client = await redis.getSessionClient()
   const promises = []
   for (let session of sessions) {
diff --git a/packages/auth/src/utils.js b/packages/auth/src/utils.js
index f509a626c1..13728e1c13 100644
--- a/packages/auth/src/utils.js
+++ b/packages/auth/src/utils.js
@@ -7,7 +7,7 @@ const {
 const jwt = require("jsonwebtoken")
 const { options } = require("./middleware/passport/jwt")
 const { createUserEmailView } = require("./db/views")
-const { Headers, UserStatus } = require("./constants")
+const { Headers, UserStatus, Cookies } = require("./constants")
 const {
   getGlobalDB,
   updateTenantId,
@@ -19,6 +19,10 @@ const accounts = require("./cloud/accounts")
 const { hash } = require("./hashing")
 const userCache = require("./cache/user")
 const env = require("./environment")
+const {
+  getSessionsForUser,
+  invalidateSessions,
+} = require("./security/sessions")
 
 const APP_PREFIX = DocumentTypes.APP + SEPARATOR
 
@@ -235,3 +239,23 @@ exports.saveUser = async (
     }
   }
 }
+
+/**
+ * Logs a user out from budibase. Re-used across account portal and builder.
+ */
+exports.logout = async ({ ctx, userId, sessionId, keepActiveSession }) => {
+  let sessions = await getSessionsForUser(userId)
+
+  if (keepActiveSession) {
+    sessions = sessions.filter(session => session.sessionId !== sessionId)
+  }
+
+  await invalidateSessions(
+    userId,
+    sessions.map(({ sessionId }) => sessionId)
+  )
+
+  // clear cookies
+  this.clearCookie(ctx, Cookies.Auth)
+  this.clearCookie(ctx, Cookies.CurrentApp)
+}
diff --git a/packages/builder/cypress/support/commands.js b/packages/builder/cypress/support/commands.js
index c8e01435aa..f179a24729 100644
--- a/packages/builder/cypress/support/commands.js
+++ b/packages/builder/cypress/support/commands.js
@@ -5,7 +5,7 @@
 // ***********************************************
 //
 
-Cypress.on('uncaught:exception', (err, runnable) => {
+Cypress.on("uncaught:exception", () => {
   return false
 })
 
diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
index 011c9bee43..c2c872fe9c 100644
--- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
+++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
@@ -32,6 +32,7 @@
   const FORMULA_TYPE = FIELDS.FORMULA.type
   const LINK_TYPE = FIELDS.LINK.type
   const dispatch = createEventDispatcher()
+  const PROHIBITED_COLUMN_NAMES = ["type", "_id", "_rev"]
   const { hide } = getContext(Context.Modal)
   let fieldDefinitions = cloneDeep(FIELDS)
 
@@ -66,7 +67,11 @@
     (field.type === LINK_TYPE && !field.tableId) ||
     Object.keys($tables.draft?.schema ?? {}).some(
       key => key !== originalName && key === field.name
-    )
+    ) ||
+    columnNameInvalid
+  $: columnNameInvalid = PROHIBITED_COLUMN_NAMES.some(
+    name => field.name === name
+  )
 
   // used to select what different options can be displayed for column type
   $: canBeSearched =
@@ -200,6 +205,9 @@
     label="Name"
     bind:value={field.name}
     disabled={uneditable || (linkEditDisabled && field.type === LINK_TYPE)}
+    error={columnNameInvalid
+      ? "type, _id and _rev are disallowed as column names"
+      : ""}
   />
 
   <Select
diff --git a/packages/builder/src/components/backend/DatasourceNavigator/TableIntegrationMenu/IntegrationConfigForm.svelte b/packages/builder/src/components/backend/DatasourceNavigator/TableIntegrationMenu/IntegrationConfigForm.svelte
index f67a46d9a1..adec9afce7 100644
--- a/packages/builder/src/components/backend/DatasourceNavigator/TableIntegrationMenu/IntegrationConfigForm.svelte
+++ b/packages/builder/src/components/backend/DatasourceNavigator/TableIntegrationMenu/IntegrationConfigForm.svelte
@@ -1,10 +1,18 @@
 <script>
-  import { Label, Input, Layout, Toggle, Button } from "@budibase/bbui"
+  import {
+    Label,
+    Input,
+    Layout,
+    Toggle,
+    Button,
+    TextArea,
+  } from "@budibase/bbui"
   import KeyValueBuilder from "components/integration/KeyValueBuilder.svelte"
   import { capitalise } from "helpers"
 
   export let integration
   export let schema
+
   let addButton
 </script>
 
@@ -29,6 +37,15 @@
           <Label>{capitalise(configKey)}</Label>
           <Toggle text="" bind:value={integration[configKey]} />
         </div>
+      {:else if schema[configKey].type === "longForm"}
+        <div class="form-row">
+          <Label>{capitalise(configKey)}</Label>
+          <TextArea
+            type={schema[configKey].type}
+            on:change
+            bind:value={integration[configKey]}
+          />
+        </div>
       {:else}
         <div class="form-row">
           <Label>{capitalise(configKey)}</Label>
diff --git a/packages/builder/src/components/backend/DatasourceNavigator/modals/CreateDatasourceModal.svelte b/packages/builder/src/components/backend/DatasourceNavigator/modals/CreateDatasourceModal.svelte
index 05558da81b..1a433785dc 100644
--- a/packages/builder/src/components/backend/DatasourceNavigator/modals/CreateDatasourceModal.svelte
+++ b/packages/builder/src/components/backend/DatasourceNavigator/modals/CreateDatasourceModal.svelte
@@ -60,7 +60,7 @@
 </Modal>
 
 <Modal bind:this={externalDatasourceModal}>
-  <DatasourceConfigModal {integration} />
+  <DatasourceConfigModal {integration} {modal} />
 </Modal>
 
 <Modal bind:this={modal}>
diff --git a/packages/builder/src/components/backend/DatasourceNavigator/modals/DatasourceConfigModal.svelte b/packages/builder/src/components/backend/DatasourceNavigator/modals/DatasourceConfigModal.svelte
index 93deb3eb39..ffd908b101 100644
--- a/packages/builder/src/components/backend/DatasourceNavigator/modals/DatasourceConfigModal.svelte
+++ b/packages/builder/src/components/backend/DatasourceNavigator/modals/DatasourceConfigModal.svelte
@@ -64,7 +64,7 @@
     ? "Fetch tables from database"
     : "Save and continue to query"}
   cancelText="Back"
-  size="M"
+  size="L"
 >
   <Layout noPadding>
     <Body size="XS"
diff --git a/packages/server/src/automations/steps/discord.js b/packages/server/src/automations/steps/discord.js
index 5d225644b1..a0b732b11f 100644
--- a/packages/server/src/automations/steps/discord.js
+++ b/packages/server/src/automations/steps/discord.js
@@ -77,7 +77,7 @@ exports.run = async function ({ inputs }) {
   const { status, message } = await getFetchResponse(response)
   return {
     httpStatus: status,
-    success: status === 200,
+    success: status === 200 || status === 204,
     response: message,
   }
 }
diff --git a/packages/server/src/definitions/datasource.ts b/packages/server/src/definitions/datasource.ts
index d8e767daea..c4b248fa17 100644
--- a/packages/server/src/definitions/datasource.ts
+++ b/packages/server/src/definitions/datasource.ts
@@ -20,12 +20,14 @@ export enum QueryTypes {
 
 export enum DatasourceFieldTypes {
   STRING = "string",
+  LONGFORM = "longForm",
   BOOLEAN = "boolean",
   NUMBER = "number",
   PASSWORD = "password",
   LIST = "list",
   OBJECT = "object",
   JSON = "json",
+  FILE = "file",
 }
 
 export enum SourceNames {
diff --git a/packages/server/src/integrations/ca-certificate.crt b/packages/server/src/integrations/ca-certificate.crt
new file mode 100644
index 0000000000..657676a380
--- /dev/null
+++ b/packages/server/src/integrations/ca-certificate.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAqmgAwIBAgIUMW63R07yQUF/38L/MpYzsfZd1iUwDQYJKoZIhvcNAQEM
+BQAwOjE4MDYGA1UEAwwvNzNjZWI4ZTAtZGE3MC00MzIxLWIyOTEtYjM1Mzk0ZWMw
+NDhiIFByb2plY3QgQ0EwHhcNMjEwNTE3MDU0MTQ0WhcNMzEwNTE1MDU0MTQ0WjA6
+MTgwNgYDVQQDDC83M2NlYjhlMC1kYTcwLTQzMjEtYjI5MS1iMzUzOTRlYzA0OGIg
+UHJvamVjdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANNpSowg
+GurJ0hE4/Lgmg4G3u0AuUqKEsIXikjLl/vTDZV4tzPDgXtrzyaXeI6BgS4/Rcyxg
+KmGCMJIqaiUI/svSz7zMB4jJefBPRDm6CGU3KjoqNR84DYUZHLoRujvLm8WYROUL
+qHgm3EN4OAkifoO1wqqQk6rZR+EMDF+WKQ38wsE9bCm+lYjpPGY4MOoqKZtxtj8H
+1UnH05CC6I0Cv1GUKHYxFqqHhwt5ICa0MSNR6PZGvJXgZUj1uo0XhwEXrZHtbh22
+U0vVLgaP/85YcpO6Q7qHL249yHsKF9rGZqlSzCHg5hWe+uzzwFAd7LH4D61LRBYk
+xGjCK9vzIjylIRRhlpesA9RHUWCvFe7Tw6YLQqrMGnbBYfEVUW2peFy9y7CuZLTb
+persBctuICq4UlBDFhy8zsjCSOkfy9jZIx9Se4+C4yMIl6st7x8jlozOeDHIxSvR
+REcJUIy0udQ6AkCoccMHM/qh+IggsD4ubSUsBKDMcyYTWzsiIesbidhC/wIDAQAB
+oz8wPTAdBgNVHQ4EFgQUpHa3jpKqkIYen1YiWtXuUDcJ/CUwDwYDVR0TBAgwBgEB
+/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggGBABUe16pNHSF9ZlK5
+V9Y45T7qI526zKOf1zUqZOtX35EaQRZ6yvwO4yl1B6BoFk1v1w8jFCmpRNwkBDYr
+uGVfZ+mBiAF6Djgrkw5Yd5atLtsk8jLHzBk00gEt9VlAQgfivc+s9kRqig4dOG25
+yiHNChRgMTvifQauXq71/5L6N1sgE8XEljj5/kY5C/YeM5/52ja/Bx5mHY5qtxxF
+7+CIpUyTZSxuJUPp1F98tpTRiuJDIK60ahmFmvEUQthVZlAx1XzOidATeTtUEnvw
+CVmQyabgp5ewmRNjER4DRJpbpRzf1UUrGxjVHCx8/mn6nf2or0AtsSNoFPGugU1z
+hSqHk3SmEC8uSBVCLZuyIG496OE0RYIC7KG7Lg3X3UHCBHngpCKoA+V1z5P5kPg3
+CPpNvQOuNIEpOEUPgjjbxbVDHsvZH7ix8OZ31K8ioEs9SvXXAW3fSnHxqEBe2LjN
+zHHBiQEJSyL1u4Nx/NahJtP22DUfF6uHdHtpdhxEKVW6GvhNcw==
+-----END CERTIFICATE-----
diff --git a/packages/server/src/integrations/postgres.ts b/packages/server/src/integrations/postgres.ts
index 332ba8544d..64344773e8 100644
--- a/packages/server/src/integrations/postgres.ts
+++ b/packages/server/src/integrations/postgres.ts
@@ -28,6 +28,8 @@ module PostgresModule {
     user: string
     password: string
     ssl?: boolean
+    ca?: string
+    rejectUnauthorized?: boolean
   }
 
   const SCHEMA: Integration = {
@@ -67,6 +69,16 @@ module PostgresModule {
         default: false,
         required: false,
       },
+      rejectUnauthorized: {
+        type: DatasourceFieldTypes.BOOLEAN,
+        default: false,
+        required: false,
+      },
+      ca: {
+        type: DatasourceFieldTypes.LONGFORM,
+        default: false,
+        required: false,
+      },
     },
     query: {
       create: {
@@ -144,7 +156,13 @@ module PostgresModule {
 
       let newConfig = {
         ...this.config,
-        ssl: this.config.ssl ? { rejectUnauthorized: true } : undefined,
+        // ssl: this.config.ssl ? { rejectUnauthorized: true } : undefined,
+        ssl: this.config.ssl
+          ? {
+              rejectUnauthorized: this.config.rejectUnauthorized,
+              ca: this.config.ca,
+            }
+          : undefined,
       }
       if (!this.pool) {
         this.pool = new Pool(newConfig)
diff --git a/packages/worker/src/api/controllers/global/auth.js b/packages/worker/src/api/controllers/global/auth.js
index 9d7df7ca37..2c9d4c7278 100644
--- a/packages/worker/src/api/controllers/global/auth.js
+++ b/packages/worker/src/api/controllers/global/auth.js
@@ -14,6 +14,7 @@ const {
   isMultiTenant,
 } = require("@budibase/auth/tenancy")
 const env = require("../../../environment")
+const { endSession } = require("../../../../../auth/sessions")
 
 function googleCallbackUrl(config) {
   // incase there is a callback URL from before
@@ -121,8 +122,10 @@ exports.resetUpdate = async ctx => {
 }
 
 exports.logout = async ctx => {
+  const authCookie = getCookie(ctx, Cookies.Auth)
   clearCookie(ctx, Cookies.Auth)
   clearCookie(ctx, Cookies.CurrentApp)
+  await endSession(authCookie.sessionId)
   ctx.body = { message: "User logged out." }
 }
 
diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js
index 38a814f465..f511275744 100644
--- a/packages/worker/src/api/controllers/global/users.js
+++ b/packages/worker/src/api/controllers/global/users.js
@@ -171,7 +171,9 @@ exports.updateSelf = async ctx => {
   const db = getGlobalDB()
   const user = await db.get(ctx.user._id)
   if (ctx.request.body.password) {
+    // changing password
     ctx.request.body.password = await hash(ctx.request.body.password)
+    await invalidateSessions(ctx.user._id)
   }
   // don't allow sending up an ID/Rev, always use the existing one
   delete ctx.request.body._id

From 03ba725fbc6da3922dc469fd785a933849ad90db Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Tue, 12 Oct 2021 16:14:49 +0100
Subject: [PATCH 2/5] remove random files

---
 .github/workflows/budibase.code-workspace     | 10 --------
 .../src/integrations/ca-certificate.crt       | 25 -------------------
 2 files changed, 35 deletions(-)
 delete mode 100644 .github/workflows/budibase.code-workspace
 delete mode 100644 packages/server/src/integrations/ca-certificate.crt

diff --git a/.github/workflows/budibase.code-workspace b/.github/workflows/budibase.code-workspace
deleted file mode 100644
index c8c469300a..0000000000
--- a/.github/workflows/budibase.code-workspace
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-	"folders": [
-		{
-			"path": "../.."
-		},
-		{
-			"path": "../../../budibase-infra"
-		}
-	]
-}
\ No newline at end of file
diff --git a/packages/server/src/integrations/ca-certificate.crt b/packages/server/src/integrations/ca-certificate.crt
deleted file mode 100644
index 657676a380..0000000000
--- a/packages/server/src/integrations/ca-certificate.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEQTCCAqmgAwIBAgIUMW63R07yQUF/38L/MpYzsfZd1iUwDQYJKoZIhvcNAQEM
-BQAwOjE4MDYGA1UEAwwvNzNjZWI4ZTAtZGE3MC00MzIxLWIyOTEtYjM1Mzk0ZWMw
-NDhiIFByb2plY3QgQ0EwHhcNMjEwNTE3MDU0MTQ0WhcNMzEwNTE1MDU0MTQ0WjA6
-MTgwNgYDVQQDDC83M2NlYjhlMC1kYTcwLTQzMjEtYjI5MS1iMzUzOTRlYzA0OGIg
-UHJvamVjdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANNpSowg
-GurJ0hE4/Lgmg4G3u0AuUqKEsIXikjLl/vTDZV4tzPDgXtrzyaXeI6BgS4/Rcyxg
-KmGCMJIqaiUI/svSz7zMB4jJefBPRDm6CGU3KjoqNR84DYUZHLoRujvLm8WYROUL
-qHgm3EN4OAkifoO1wqqQk6rZR+EMDF+WKQ38wsE9bCm+lYjpPGY4MOoqKZtxtj8H
-1UnH05CC6I0Cv1GUKHYxFqqHhwt5ICa0MSNR6PZGvJXgZUj1uo0XhwEXrZHtbh22
-U0vVLgaP/85YcpO6Q7qHL249yHsKF9rGZqlSzCHg5hWe+uzzwFAd7LH4D61LRBYk
-xGjCK9vzIjylIRRhlpesA9RHUWCvFe7Tw6YLQqrMGnbBYfEVUW2peFy9y7CuZLTb
-persBctuICq4UlBDFhy8zsjCSOkfy9jZIx9Se4+C4yMIl6st7x8jlozOeDHIxSvR
-REcJUIy0udQ6AkCoccMHM/qh+IggsD4ubSUsBKDMcyYTWzsiIesbidhC/wIDAQAB
-oz8wPTAdBgNVHQ4EFgQUpHa3jpKqkIYen1YiWtXuUDcJ/CUwDwYDVR0TBAgwBgEB
-/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggGBABUe16pNHSF9ZlK5
-V9Y45T7qI526zKOf1zUqZOtX35EaQRZ6yvwO4yl1B6BoFk1v1w8jFCmpRNwkBDYr
-uGVfZ+mBiAF6Djgrkw5Yd5atLtsk8jLHzBk00gEt9VlAQgfivc+s9kRqig4dOG25
-yiHNChRgMTvifQauXq71/5L6N1sgE8XEljj5/kY5C/YeM5/52ja/Bx5mHY5qtxxF
-7+CIpUyTZSxuJUPp1F98tpTRiuJDIK60ahmFmvEUQthVZlAx1XzOidATeTtUEnvw
-CVmQyabgp5ewmRNjER4DRJpbpRzf1UUrGxjVHCx8/mn6nf2or0AtsSNoFPGugU1z
-hSqHk3SmEC8uSBVCLZuyIG496OE0RYIC7KG7Lg3X3UHCBHngpCKoA+V1z5P5kPg3
-CPpNvQOuNIEpOEUPgjjbxbVDHsvZH7ix8OZ31K8ioEs9SvXXAW3fSnHxqEBe2LjN
-zHHBiQEJSyL1u4Nx/NahJtP22DUfF6uHdHtpdhxEKVW6GvhNcw==
------END CERTIFICATE-----

From af7bddcf22d3674c0bbcf65cdb554921c24b6ec9 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Tue, 12 Oct 2021 19:49:34 +0100
Subject: [PATCH 3/5] platform logout function

---
 packages/auth/src/utils.js                      | 17 ++++++++++++-----
 .../worker/src/api/controllers/global/auth.js   |  7 ++-----
 .../worker/src/api/controllers/global/users.js  | 13 +++++++++++--
 3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/packages/auth/src/utils.js b/packages/auth/src/utils.js
index 13728e1c13..328b8047b3 100644
--- a/packages/auth/src/utils.js
+++ b/packages/auth/src/utils.js
@@ -243,19 +243,26 @@ exports.saveUser = async (
 /**
  * Logs a user out from budibase. Re-used across account portal and builder.
  */
-exports.logout = async ({ ctx, userId, sessionId, keepActiveSession }) => {
+exports.platformLogout = async ({
+  ctx,
+  userId,
+  sessionId,
+  keepActiveSession,
+}) => {
   let sessions = await getSessionsForUser(userId)
 
   if (keepActiveSession) {
     sessions = sessions.filter(session => session.sessionId !== sessionId)
+  } else {
+    if (ctx) {
+      // clear cookies
+      this.clearCookie(ctx, Cookies.Auth)
+      this.clearCookie(ctx, Cookies.CurrentApp)
+    }
   }
 
   await invalidateSessions(
     userId,
     sessions.map(({ sessionId }) => sessionId)
   )
-
-  // clear cookies
-  this.clearCookie(ctx, Cookies.Auth)
-  this.clearCookie(ctx, Cookies.CurrentApp)
 }
diff --git a/packages/worker/src/api/controllers/global/auth.js b/packages/worker/src/api/controllers/global/auth.js
index 2c9d4c7278..dd1765e68b 100644
--- a/packages/worker/src/api/controllers/global/auth.js
+++ b/packages/worker/src/api/controllers/global/auth.js
@@ -14,7 +14,7 @@ const {
   isMultiTenant,
 } = require("@budibase/auth/tenancy")
 const env = require("../../../environment")
-const { endSession } = require("../../../../../auth/sessions")
+const { platformLogout } = require("../../../../../auth/src/utils")
 
 function googleCallbackUrl(config) {
   // incase there is a callback URL from before
@@ -122,10 +122,7 @@ exports.resetUpdate = async ctx => {
 }
 
 exports.logout = async ctx => {
-  const authCookie = getCookie(ctx, Cookies.Auth)
-  clearCookie(ctx, Cookies.Auth)
-  clearCookie(ctx, Cookies.CurrentApp)
-  await endSession(authCookie.sessionId)
+  await platformLogout({ ctx, userId: ctx.user._id })
   ctx.body = { message: "User logged out." }
 }
 
diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js
index 6b2a81ad66..0e50a9fcd0 100644
--- a/packages/worker/src/api/controllers/global/users.js
+++ b/packages/worker/src/api/controllers/global/users.js
@@ -3,7 +3,9 @@ const {
   StaticDatabases,
   generateNewUsageQuotaDoc,
 } = require("@budibase/auth/db")
-const { hash, getGlobalUserByEmail, saveUser } = require("@budibase/auth").utils
+const { hash, getGlobalUserByEmail, saveUser, platformLogout, getCookie } =
+  require("@budibase/auth").utils
+const { Cookies } = require("@budibase/auth").constants
 const { EmailTemplatePurpose } = require("../../../constants")
 const { checkInviteCode } = require("../../../utilities/redis")
 const { sendEmail } = require("../../../utilities/email")
@@ -175,7 +177,14 @@ exports.updateSelf = async ctx => {
   if (ctx.request.body.password) {
     // changing password
     ctx.request.body.password = await hash(ctx.request.body.password)
-    await invalidateSessions(ctx.user._id)
+    // Log all other sessions out apart from the current one
+    const authCookie = getCookie(ctx, Cookies.Auth)
+    await platformLogout({
+      ctx,
+      userId: ctx.user._id,
+      sessionId: authCookie.sessionId,
+      keepActiveSession: true,
+    })
   }
   // don't allow sending up an ID/Rev, always use the existing one
   delete ctx.request.body._id

From 11e64b0ffea7f9c4f716f0f888869a2b2770b876 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Tue, 12 Oct 2021 20:19:32 +0100
Subject: [PATCH 4/5] tidy up

---
 packages/auth/src/utils.js                                 | 7 ++-----
 .../backend/DataTable/modals/CreateEditColumn.svelte       | 4 ++--
 packages/server/src/integrations/postgres.ts               | 1 -
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/packages/auth/src/utils.js b/packages/auth/src/utils.js
index 328b8047b3..2f24657ed3 100644
--- a/packages/auth/src/utils.js
+++ b/packages/auth/src/utils.js
@@ -19,10 +19,7 @@ const accounts = require("./cloud/accounts")
 const { hash } = require("./hashing")
 const userCache = require("./cache/user")
 const env = require("./environment")
-const {
-  getSessionsForUser,
-  invalidateSessions,
-} = require("./security/sessions")
+const { getUserSessions, invalidateSessions } = require("./security/sessions")
 
 const APP_PREFIX = DocumentTypes.APP + SEPARATOR
 
@@ -249,7 +246,7 @@ exports.platformLogout = async ({
   sessionId,
   keepActiveSession,
 }) => {
-  let sessions = await getSessionsForUser(userId)
+  let sessions = await getUserSessions(userId)
 
   if (keepActiveSession) {
     sessions = sessions.filter(session => session.sessionId !== sessionId)
diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
index c2c872fe9c..cd437bcad2 100644
--- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
+++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
@@ -32,7 +32,7 @@
   const FORMULA_TYPE = FIELDS.FORMULA.type
   const LINK_TYPE = FIELDS.LINK.type
   const dispatch = createEventDispatcher()
-  const PROHIBITED_COLUMN_NAMES = ["type", "_id", "_rev"]
+  const PROHIBITED_COLUMN_NAMES = ["type", "_id", "_rev", "tableId"]
   const { hide } = getContext(Context.Modal)
   let fieldDefinitions = cloneDeep(FIELDS)
 
@@ -206,7 +206,7 @@
     bind:value={field.name}
     disabled={uneditable || (linkEditDisabled && field.type === LINK_TYPE)}
     error={columnNameInvalid
-      ? "type, _id and _rev are disallowed as column names"
+      ? `${PROHIBITED_COLUMN_NAMES.join(", ")} are not allowed as column names`
       : ""}
   />
 
diff --git a/packages/server/src/integrations/postgres.ts b/packages/server/src/integrations/postgres.ts
index 64344773e8..abd1fa9286 100644
--- a/packages/server/src/integrations/postgres.ts
+++ b/packages/server/src/integrations/postgres.ts
@@ -156,7 +156,6 @@ module PostgresModule {
 
       let newConfig = {
         ...this.config,
-        // ssl: this.config.ssl ? { rejectUnauthorized: true } : undefined,
         ssl: this.config.ssl
           ? {
               rejectUnauthorized: this.config.rejectUnauthorized,

From 74c74d78f29f2fa18a85253f4c2e939dddaf6e40 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Wed, 13 Oct 2021 12:26:26 +0100
Subject: [PATCH 5/5] encapsulate global logout function

---
 packages/auth/src/utils.js                    | 22 +++++++++----------
 .../src/api/controllers/global/users.js       |  5 +----
 2 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/packages/auth/src/utils.js b/packages/auth/src/utils.js
index 2f24657ed3..823fd06322 100644
--- a/packages/auth/src/utils.js
+++ b/packages/auth/src/utils.js
@@ -240,22 +240,20 @@ exports.saveUser = async (
 /**
  * Logs a user out from budibase. Re-used across account portal and builder.
  */
-exports.platformLogout = async ({
-  ctx,
-  userId,
-  sessionId,
-  keepActiveSession,
-}) => {
+exports.platformLogout = async ({ ctx, userId, keepActiveSession }) => {
+  if (!ctx) throw new Error("Koa context must be supplied to logout.")
+
+  const currentSession = this.getCookie(ctx, Cookies.Auth)
   let sessions = await getUserSessions(userId)
 
   if (keepActiveSession) {
-    sessions = sessions.filter(session => session.sessionId !== sessionId)
+    sessions = sessions.filter(
+      session => session.sessionId !== currentSession.sessionId
+    )
   } else {
-    if (ctx) {
-      // clear cookies
-      this.clearCookie(ctx, Cookies.Auth)
-      this.clearCookie(ctx, Cookies.CurrentApp)
-    }
+    // clear cookies
+    this.clearCookie(ctx, Cookies.Auth)
+    this.clearCookie(ctx, Cookies.CurrentApp)
   }
 
   await invalidateSessions(
diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js
index 0e50a9fcd0..ed70d6122e 100644
--- a/packages/worker/src/api/controllers/global/users.js
+++ b/packages/worker/src/api/controllers/global/users.js
@@ -3,9 +3,8 @@ const {
   StaticDatabases,
   generateNewUsageQuotaDoc,
 } = require("@budibase/auth/db")
-const { hash, getGlobalUserByEmail, saveUser, platformLogout, getCookie } =
+const { hash, getGlobalUserByEmail, saveUser, platformLogout } =
   require("@budibase/auth").utils
-const { Cookies } = require("@budibase/auth").constants
 const { EmailTemplatePurpose } = require("../../../constants")
 const { checkInviteCode } = require("../../../utilities/redis")
 const { sendEmail } = require("../../../utilities/email")
@@ -178,11 +177,9 @@ exports.updateSelf = async ctx => {
     // changing password
     ctx.request.body.password = await hash(ctx.request.body.password)
     // Log all other sessions out apart from the current one
-    const authCookie = getCookie(ctx, Cookies.Auth)
     await platformLogout({
       ctx,
       userId: ctx.user._id,
-      sessionId: authCookie.sessionId,
       keepActiveSession: true,
     })
   }