diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4218bc8d..b83aa527 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,7 +60,7 @@ jobs: cache: yarn - run: yarn --frozen-lockfile - name: Run audit-ci - run: yarn audit-ci --high + run: yarn audit-ci --moderate build: runs-on: ubuntu-24.04 diff --git a/package.json b/package.json index e8fdb6ea..bf6a95e7 100644 --- a/package.json +++ b/package.json @@ -113,11 +113,14 @@ "@types/koa": "3.0.1", "@smithy/node-http-handler": "4.4.16", "**/lodash": "4.18.1", - "protobufjs": "8.4.1", + "protobufjs": "8.6.0", "uuid": "11.1.1", "@grpc/grpc-js": "1.12.7", "tmp": "0.2.7", - "ws": "8.21.0" + "ws": "8.21.0", + "sigstore": "4.1.1", + "js-yaml": "4.2.0", + "tar": "7.5.16" }, "engines": { "node": ">=22.22.0 <23.0.0" diff --git a/packages/server/src/sdk/users/tests/utils.spec.ts b/packages/server/src/sdk/users/tests/utils.spec.ts index b774c9b6..cb1aa580 100644 --- a/packages/server/src/sdk/users/tests/utils.spec.ts +++ b/packages/server/src/sdk/users/tests/utils.spec.ts @@ -203,20 +203,20 @@ describe("syncGlobalUsers", () => { [config.getProdWorkspaceId()]: roles.BUILTIN_ROLE_IDS.BASIC, }, }) - // Add SSO fields via direct DB update - const db = context.getWorkspaceDB() - await db.put({ - ...user, - oauth2: { accessToken: "access", refreshToken: "refresh" }, - provider: "google", - providerType: "google", - profile: { displayName: "SSO User" }, - thirdPartyProfile: { id: "external" }, - ssoId: "sso-user", - forceResetPassword: false, - }) await config.doInContext(config.devWorkspaceId, async () => { + const workspaceDb = context.getWorkspaceDB() + await workspaceDb.put({ + ...user, + oauth2: { accessToken: "access", refreshToken: "refresh" }, + provider: "google", + providerType: "google", + profile: { displayName: "SSO User" }, + thirdPartyProfile: { id: "external" }, + ssoId: "sso-user", + forceResetPassword: false, + }) + await syncGlobalUsers() const metadata = await fetchMetadata() @@ -251,20 +251,20 @@ describe("syncGlobalUsers", () => { [config.getProdWorkspaceId()]: roles.BUILTIN_ROLE_IDS.BASIC, }, }) - // Add SSO fields via direct DB update - const db = context.getWorkspaceDB() - await db.put({ - ...user, - oauth2: { accessToken: "access", refreshToken: "refresh" }, - provider: "google", - providerType: "google", - profile: { displayName: "SSO User" }, - thirdPartyProfile: { id: "external" }, - ssoId: "sso-user", - forceResetPassword: false, - }) await config.doInContext(config.devWorkspaceId, async () => { + const workspaceDb = context.getWorkspaceDB() + await workspaceDb.put({ + ...user, + oauth2: { accessToken: "access", refreshToken: "refresh" }, + provider: "google", + providerType: "google", + profile: { displayName: "SSO User" }, + thirdPartyProfile: { id: "external" }, + ssoId: "sso-user", + forceResetPassword: false, + }) + const found = await getGlobalUser(db.generateUserMetadataID(user._id!)) expect(found).toEqual( diff --git a/packages/server/src/sdk/users/utils.ts b/packages/server/src/sdk/users/utils.ts index 6cb3cbd2..adebf31e 100644 --- a/packages/server/src/sdk/users/utils.ts +++ b/packages/server/src/sdk/users/utils.ts @@ -16,6 +16,7 @@ import { } from "../../db/utils" import { getGlobalUsers } from "../../utilities/global" import { stripSensitiveUserFields } from "../../utilities/sensitiveUserFields" +import { getUserFullName } from "../../utilities/users" export function combineMetadataAndUser( user: ContextUser, @@ -83,12 +84,16 @@ export async function fetchMetadata(): Promise { const info = metadata.find((meta) => meta._id!.includes(user._id!)) const strippedInfo = info && stripSensitiveUserFields({ ...info }) // remove these props, not for the correct DB - users.push({ + const mergedUser = { ...user, ...strippedInfo, tableId: InternalTables.USER_METADATA, // make sure the ID is always a local ID, not a global one _id: generateUserMetadataID(user._id!), + } + users.push({ + ...mergedUser, + fullName: getUserFullName(mergedUser), }) } return users diff --git a/packages/server/src/utilities/users.ts b/packages/server/src/utilities/users.ts index 2c8252dd..3a9c435b 100644 --- a/packages/server/src/utilities/users.ts +++ b/packages/server/src/utilities/users.ts @@ -4,6 +4,17 @@ import { InternalTables } from "../db/utils" import { getGlobalUser } from "./global" import { stripSensitiveUserFields } from "./sensitiveUserFields" +export function getUserFullName(user: { firstName?: string; lastName?: string; email?: string }) { + const firstName = user.firstName?.trim() + const lastName = user.lastName?.trim() + + if (firstName && lastName) { + return `${firstName} ${lastName}` + } + + return firstName || lastName || undefined +} + export async function getFullUser(userId: string): Promise { const global = await getGlobalUser(userId) let metadata: UserMetadata | undefined diff --git a/yarn.lock b/yarn.lock index 7452df04..4f8bf019 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3948,17 +3948,17 @@ dependencies: "@sigstore/protobuf-specs" "^0.5.0" -"@sigstore/core@^3.1.0", "@sigstore/core@^3.2.0": - version "3.2.0" - resolved "https://registry.yarnpkg.com/@sigstore/core/-/core-3.2.0.tgz#beaea6ea4d7d4caadadb7453168e35636b78830e" - integrity sha512-kxHrDQ9YgfrWUSXU0cjsQGv8JykOFZQ9ErNKbFPWzk3Hgpwu8x2hHrQ9IdA8yl+j9RTLTC3sAF3Tdq1IQCP4oA== +"@sigstore/core@^3.2.0", "@sigstore/core@^3.2.1": + version "3.2.1" + resolved "https://registry.yarnpkg.com/@sigstore/core/-/core-3.2.1.tgz#4efd4ab0f59e768b6daf65612024ba925787de72" + integrity sha512-qRsxPnCrbC/puegGxKuynfnxgLiHqWStrSjxkoB4YKqq3Z3s4cyZyj42ZdWFAEblNP65C+rBH8EuREHIXoi83g== "@sigstore/protobuf-specs@^0.5.0": version "0.5.0" resolved "https://registry.yarnpkg.com/@sigstore/protobuf-specs/-/protobuf-specs-0.5.0.tgz#e5f029edcb3a4329853a09b603011e61043eb005" integrity sha512-MM8XIwUjN2bwvCg1QvrMtbBmpcSHrkhFSCu1D11NyPvDQ25HEc4oG5/OcQfd/Tlf/OxmKWERDj0zGE23jQaMwA== -"@sigstore/sign@^4.1.0": +"@sigstore/sign@^4.1.1": version "4.1.1" resolved "https://registry.yarnpkg.com/@sigstore/sign/-/sign-4.1.1.tgz#34765fe4a190d693340c0771a3d150a397bcfc55" integrity sha512-Hf4xglukg0XXQ2RiD5vSoLjdPe8OBUPA8XeVjUObheuDcWdYWrnH/BNmxZCzkAy68MzmNCxXLeurJvs6hcP2OQ== @@ -3970,7 +3970,7 @@ make-fetch-happen "^15.0.4" proc-log "^6.1.0" -"@sigstore/tuf@^4.0.1": +"@sigstore/tuf@^4.0.2": version "4.0.2" resolved "https://registry.yarnpkg.com/@sigstore/tuf/-/tuf-4.0.2.tgz#7d2fa2abcd5afa5baf752671d14a1c6ed0ed3196" integrity sha512-TCAzTy0xzdP79EnxSjq9KQ3eaR7+FmudLC6eRKknVKZbV7ZNlGLClAAQb/HMNJ5n2OBNk2GT1tEmU0xuPr+SLQ== @@ -3978,13 +3978,13 @@ "@sigstore/protobuf-specs" "^0.5.0" tuf-js "^4.1.0" -"@sigstore/verify@^3.1.0": - version "3.1.0" - resolved "https://registry.yarnpkg.com/@sigstore/verify/-/verify-3.1.0.tgz#4046d4186421db779501fe87fa5acaa5d4d21b08" - integrity sha512-mNe0Iigql08YupSOGv197YdHpPPr+EzDZmfCgMc7RPNaZTw5aLN01nBl6CHJOh3BGtnMIj83EeN4butBchc8Ag== +"@sigstore/verify@^3.1.1": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@sigstore/verify/-/verify-3.1.1.tgz#13c1c1cff28fe81f662de29d85ba5ae048fcbd8d" + integrity sha512-qv7+G3J2cc6wwFj3yKvXOamzqhMwSk1ogPGmhpS8iXllcPrJaIIBA+4HbttlHVu1pqWTdmaCH/WE7UOC51kdoA== dependencies: "@sigstore/bundle" "^4.0.0" - "@sigstore/core" "^3.1.0" + "@sigstore/core" "^3.2.1" "@sigstore/protobuf-specs" "^0.5.0" "@sinclair/typebox@^0.27.8": @@ -8493,11 +8493,6 @@ esm@^3.2.25, "esm@npm:esm-wallaby@3.2.35": resolved "https://registry.yarnpkg.com/esm-wallaby/-/esm-wallaby-3.2.35.tgz#166d024b112038216d46547632ce401a99ad7c91" integrity sha512-6MQi8f7N2FSyWFFnL5yHUzzbfraMHuxhRnuH40bGtA7LmuxPdw+e2+nv9RV7QVm/exkLlPMbvf/ORXPYCadd5A== -esprima@^4.0.0: - version "4.0.1" - resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71" - integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A== - esrap@^2.2.4: version "2.2.8" resolved "https://registry.yarnpkg.com/esrap/-/esrap-2.2.8.tgz#bdde89ef7aac4c5b934cf9b508403291267d351b" @@ -10945,28 +10940,13 @@ js-tokens@^4.0.0: resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== -js-yaml@4.1.1: - version "4.1.1" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.1.tgz#854c292467705b699476e1a2decc0c8a3458806b" - integrity sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA== - dependencies: - argparse "^2.0.1" - -js-yaml@4.2.0, js-yaml@^4.1.0: +js-yaml@4.1.1, js-yaml@4.2.0, js-yaml@^3.10.0, js-yaml@^3.13.1, js-yaml@^4.1.0: version "4.2.0" resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.2.0.tgz#2bd9e85682dd91bd469afb809d816043b3d49524" integrity sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw== dependencies: argparse "^2.0.1" -js-yaml@^3.10.0, js-yaml@^3.13.1: - version "3.14.2" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.2.tgz#77485ce1dd7f33c061fd1b16ecea23b55fcb04b0" - integrity sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg== - dependencies: - argparse "^1.0.7" - esprima "^4.0.0" - jsdom@^24.1.1: version "24.1.3" resolved "https://registry.yarnpkg.com/jsdom/-/jsdom-24.1.3.tgz#88e4a07cb9dd21067514a619e9f17b090a394a9f" @@ -13799,10 +13779,10 @@ proto3-json-serializer@3.0.4: dependencies: protobufjs "^7.4.0" -protobufjs@8.4.1, protobufjs@^7.2.5, protobufjs@^7.3.2, protobufjs@^7.4.0, protobufjs@^7.5.3, protobufjs@^7.5.4: - version "8.4.1" - resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-8.4.1.tgz#3ba4b27e50e1f6ef901455e747224f86c32c6aea" - integrity sha512-oXf2UgIty8jnwfN4yvL1x79VLhL5uiKjZJbSGXGCIUmHmItTP4eS/UIlWDCeNx3seg+ujfn9vDlPMSrsh7wO+Q== +protobufjs@8.6.0, protobufjs@^7.2.5, protobufjs@^7.3.2, protobufjs@^7.4.0, protobufjs@^7.5.3, protobufjs@^7.5.4: + version "8.6.0" + resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-8.6.0.tgz#e00025013abd8f5eb69f9a43b06641066fdeb168" + integrity sha512-PIOO89BMGMXGz2333TVv/OqPNVWm7w30ll/4FtLbtLBaonzJMYwTbAZSSlobjIy9MoUgIAxSVUpK7aP7EpTtkg== dependencies: long "^5.3.2" @@ -14768,17 +14748,17 @@ signal-exit@^4.0.1, signal-exit@^4.1.0: resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-4.1.0.tgz#952188c1cbd546070e2dd20d0f41c0ae0530cb04" integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== -sigstore@^4.0.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/sigstore/-/sigstore-4.1.0.tgz#d34b92a544a05e003a2430209d26d8dfafd805a0" - integrity sha512-/fUgUhYghuLzVT/gaJoeVehLCgZiUxPCPMcyVNY0lIf/cTCz58K/WTI7PefDarXxp9nUKpEwg1yyz3eSBMTtgA== +sigstore@4.1.1, sigstore@^4.0.0: + version "4.1.1" + resolved "https://registry.yarnpkg.com/sigstore/-/sigstore-4.1.1.tgz#2959993dbf978c759a5d23d854cbd3729b6dcd97" + integrity sha512-endqECJkfhozrXMK5ngu/UAA0xVcVEFdnHJCElGaExypjW+HK5i6zu3NteLoaX/iFbRUbC3+DjttQs0GARr+5w== dependencies: "@sigstore/bundle" "^4.0.0" - "@sigstore/core" "^3.1.0" + "@sigstore/core" "^3.2.1" "@sigstore/protobuf-specs" "^0.5.0" - "@sigstore/sign" "^4.1.0" - "@sigstore/tuf" "^4.0.1" - "@sigstore/verify" "^3.1.0" + "@sigstore/sign" "^4.1.1" + "@sigstore/tuf" "^4.0.2" + "@sigstore/verify" "^3.1.1" simple-concat@^1.0.0: version "1.0.1" @@ -15584,18 +15564,7 @@ tar-stream@^3.0.0, tar-stream@^3.1.5: fast-fifo "^1.2.0" streamx "^2.15.0" -tar@7.5.11: - version "7.5.11" - resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.11.tgz#1250fae45d98806b36d703b30973fa8e0a6d8868" - integrity sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ== - dependencies: - "@isaacs/fs-minipass" "^4.0.0" - chownr "^3.0.0" - minipass "^7.1.2" - minizlib "^3.1.0" - yallist "^5.0.0" - -tar@7.5.16, tar@^7.4.3, tar@^7.5.4: +tar@7.5.11, tar@7.5.16, tar@^7.4.3, tar@^7.5.4: version "7.5.16" resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.16.tgz#f11e063afed4554f758049d082909e37d6b53ced" integrity sha512-56adEpPMouktRlBLXiaYFFzZ/3+JXa8P9n7WbR+ibIjtviN55mEaOkiysCnPnWm+7kkui1Dn8J9l+g6zV8731w==