Merge pull request #2775 from penpot/niwinz-bugfixes-1

🐛 Several backend bugfixes

backend/src/app/config.clj

@@ -106,9 +106,6 @@
 (s/def ::file-change-snapshot-every ::us/integer)
 (s/def ::file-change-snapshot-timeout ::dt/duration)
 
-(s/def ::setup-admin-email ::us/email)
-(s/def ::setup-admin-password ::us/not-empty-string)
-
 (s/def ::default-executor-parallelism ::us/integer)
 (s/def ::scheduled-executor-parallelism ::us/integer)
 
@@ -314,9 +311,6 @@
                    ::srepl-host
                    ::srepl-port
 
-                   ::setup-admin-email
-                   ::setup-admin-password
-
                    ::assets-storage-backend
                    ::storage-assets-fs-directory
                    ::storage-assets-s3-bucket
@@ -332,8 +326,7 @@
   [:enable-backend-api-doc
    :enable-backend-worker
    :enable-secure-session-cookies
-   :enable-email-verification
+   :enable-email-verification])
-   :enable-quotes])
 
 (defn- parse-flags
   [config]

backend/src/app/http.clj

@@ -91,9 +91,7 @@
               (let [params  (:path-params match)
                     result  (:result match)
                     handler (or (:handler result) not-found-handler)
-                    request (-> request
+                    request (assoc request :path-params params)]
-                                (assoc :path-params params)
-                                (update :params merge params))]
                 (handler request respond raise))
               (not-found-handler request respond raise)))
 

backend/src/app/main.clj

@@ -408,9 +408,6 @@
    {:port (cf/get :srepl-port)
     :host (cf/get :srepl-host)}
 
-   :app.setup/initial-profile
-   {::db/pool (ig/ref ::db/pool)}
-
    :app.setup/builtin-templates
    {::http.client/client (ig/ref ::http.client/client)}
 

backend/src/app/migrations.clj

@@ -299,9 +299,6 @@
    {:name "0096-del-storage-pending-table"
     :fn (mg/resource "app/migrations/sql/0096-del-storage-pending-table.sql")}
 
-   {:name "0097-mod-profile-table"
-    :fn (mg/resource "app/migrations/sql/0097-mod-profile-table.sql")}
-
    {:name "0098-add-quotes-table"
     :fn (mg/resource "app/migrations/sql/0098-add-quotes-table.sql")}
 

backend/src/app/migrations/sql/0097-mod-profile-table.sql

@@ -1,2 +0,0 @@
-ALTER TABLE profile
-  ADD COLUMN is_admin boolean DEFAULT false;

backend/src/app/rpc.clj

@@ -71,8 +71,8 @@
 (defn- rpc-query-handler
   "Ring handler that dispatches query requests and convert between
   internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
+  [methods {:keys [profile-id session-id path-params params] :as request} respond raise]
-  (let [type   (keyword (:type params))
+  (let [type   (keyword (:type path-params))
         data   (-> params
                    (assoc ::request-at (dt/now))
                    (assoc ::http/request request))
@@ -94,8 +94,8 @@
 (defn- rpc-mutation-handler
   "Ring handler that dispatches mutation requests and convert between
   internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
+  [methods {:keys [profile-id session-id path-params params] :as request} respond raise]
-  (let [type   (keyword (:type params))
+  (let [type   (keyword (:type path-params))
         data   (-> params
                    (assoc ::request-at (dt/now))
                    (assoc ::http/request request))
@@ -116,8 +116,8 @@
 (defn- rpc-command-handler
   "Ring handler that dispatches cmd requests and convert between
   internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
+  [methods {:keys [profile-id session-id path-params params] :as request} respond raise]
-  (let [cmd    (keyword (:type params))
+  (let [cmd    (keyword (:type path-params))
         etag   (yrq/get-header request "if-none-match")
 
         data   (-> params
@@ -290,7 +290,6 @@
   (let [cfg (assoc cfg ::type "command" ::metrics-id :rpc-command-timing)]
     (->> (sv/scan-ns 'app.rpc.commands.binfile
                      'app.rpc.commands.comments
-                     'app.rpc.commands.profile
                      'app.rpc.commands.management
                      'app.rpc.commands.verify-token
                      'app.rpc.commands.search

backend/src/app/rpc/commands/auth.clj

@@ -69,7 +69,7 @@
 ;; ---- COMMAND: login with password
 
 (defn login-with-password
-  [{:keys [::db/pool session] :as cfg} {:keys [email password scope] :as params}]
+  [{:keys [::db/pool session] :as cfg} {:keys [email password] :as params}]
 
   (when-not (or (contains? cf/flags :login)
                 (contains? cf/flags :login-with-password))
@@ -119,17 +119,8 @@
             ;; accept invitation with other email
             response   (if (and (some? invitation) (= (:id profile) (:member-id invitation)))
                          {:invitation-token (:invitation-token params)}
-                         (update profile :is-admin (fn [admin?]
+                         (assoc profile :is-admin (let [admins (cf/get :admins)]
-                                                     (or admin?
+                                                    (contains? admins (:email profile)))))]
-                                                         (let [admins (cf/get :admins)]
-                                                           (contains? admins (:email profile)))))))]
-
-        (when (and (nil? (:default-team-id profile))
-                   (not= scope "admin"))
-          (ex/raise :type :restriction
-                    :code :admin-only-profile
-                    :hint "can't login with admin-only profile"))
-
         (-> response
             (rph/with-transform (session/create-fn session (:id profile)))
             (rph/with-meta {::audit/props (audit/profile->props profile)

backend/src/app/rpc/commands/profile.clj

@@ -1,75 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.commands.profile
-  (:require
-   [app.auth :as auth]
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.rpc :as-alias rpc]
-   [app.rpc.climit :as-alias climit]
-   [app.rpc.doc :as-alias doc]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-;; --- MUTATION: Set profile password
-
-(declare update-profile-password!)
-
-(s/def ::profile-id ::us/uuid)
-(s/def ::password ::us/not-empty-string)
-
-(s/def ::get-derived-password
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::password]))
-
-(sv/defmethod ::get-derived-password
-  "Get derived password, only ADMINS allowed to call this RPC
-  methods. Designed for administration pannel integration."
-  {::climit/queue :auth
-   ::climit/key-fn ::rpc/profile-id
-   ::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id password]}]
-  (db/with-atomic [conn pool]
-    (let [admins  (cf/get :admins)
-          profile (db/get-by-id conn :profile profile-id)]
-
-      (if (or (:is-admin profile)
-              (contains? admins (:email profile)))
-        {:password (auth/derive-password password)}
-        (ex/raise :type :authentication
-                  :code :only-admins-allowed
-                  :hint "only admins allowed to call this RPC method")))))
-
-;; --- MUTATION: Check profile password
-
-(s/def ::attempt ::us/not-empty-string)
-(s/def ::check-profile-password
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::profile-id ::password]))
-
-(sv/defmethod ::check-profile-password
-  "Check profile password, only ADMINS allowed to call this RPC
-  methods. Designed for administration pannel integration."
-  {::climit/queue :auth
-   ::climit/key-fn ::rpc/profile-id
-   ::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [profile-id password] :as params}]
-  (db/with-atomic [conn pool]
-    (let [admins  (cf/get :admins)
-          profile (db/get-by-id pool :profile (::rpc/profile-id params))]
-
-      (if (or (:is-admin profile)
-              (contains? admins (:email profile)))
-        (let [profile (if (not= (::rpc/profile-id params) profile-id)
-                        (db/get-by-id conn :profile profile-id)
-                        profile)]
-          (auth/verify-password password (:password profile)))
-        (ex/raise :type :authentication
-                  :code :only-admins-allowed
-                  :hint "only admins allowed to call this RPC method")))))

backend/src/app/rpc/commands/webhooks.clj

@@ -29,7 +29,6 @@
 (s/def ::is-active ::us/boolean)
 (s/def ::mtype
   #{"application/json"
-    "application/x-www-form-urlencoded"
     "application/transit+json"})
 
 (s/def ::create-webhook

backend/src/app/setup.clj

@@ -13,7 +13,6 @@
    [app.db :as db]
    [app.main :as-alias main]
    [app.setup.builtin-templates]
-   [app.setup.initial-user]
    [app.setup.keys :as keys]
    [buddy.core.codecs :as bc]
    [buddy.core.nonce :as bn]
@@ -69,5 +68,5 @@
     (let [secret (or key (generate-random-key))]
       (-> (retrieve-all conn)
           (assoc :secret-key secret)
-          (assoc :tokens-key (keys/derive secret :salt "tokens" :size 32))
+          (assoc :tokens-key (keys/derive secret :salt "tokens"))
           (update :instance-id handle-instance-id conn (db/read-only? pool))))))

backend/src/app/setup/initial_user.clj

@@ -1,40 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.setup.initial-user
-  "Initial data setup of instance."
-  (:require
-   [app.auth :as auth]
-   [app.common.logging :as l]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.setup :as-alias setup]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]))
-
-(def ^:private sql:insert-profile
-  "insert into profile (id, fullname, email, password, is_active, is_admin, created_at, modified_at)
-   values ('00000000-0000-0000-0000-000000000000', 'Admin', ?, ?, true, true, now(), now())
-       on conflict (id)
-       do update set email = ?, password = ?")
-
-(defmethod ig/pre-init-spec ::setup/initial-profile [_]
-  (s/keys :req [::db/pool]))
-
-(defmethod ig/init-key ::setup/initial-profile
-  [_ {:keys [::db/pool]}]
-  (let [email    (cf/get :setup-admin-email)
-        password (cf/get :setup-admin-password)]
-    (when (and email password)
-      (db/with-atomic [conn pool]
-        (let [pwd (auth/derive-password password)]
-          (db/exec-one! conn [sql:insert-profile email pwd email pwd])
-          (l/info :hint "setting initial user (admin)"
-                  :email email
-                  :password "********"))))
-    nil))
-
-

backend/src/app/setup/keys.clj

@@ -11,9 +11,10 @@
    [app.common.spec :as us]
    [buddy.core.kdf :as bk]))
 
+
 (defn derive
   "Derive a key from secret-key"
-  [secret-key & {:keys [salt size]}]
+  [secret-key & {:keys [salt size] :or {size 32}}]
   (us/assert! ::us/not-empty-string secret-key)
   (let [engine (bk/engine {:key secret-key
                            :salt salt

common/src/app/common/logging.cljc

@@ -175,14 +175,15 @@
 #?(:clj
    (defn get-error-context
      [error]
-     (when-let [data (ex-data error)]
+     (merge
-       (merge
+      {:hint (ex-message error)}
-        {:hint          (ex-message error)
+      (when-let [data (ex-data error)]
-         :spec-problems (some->> data ::s/problems (take 10) seq vec)
+        (merge
-         :spec-value    (some->> data ::s/value)
+         {:spec-problems (some->> data ::s/problems (take 10) seq vec)
-         :data          (some-> data (dissoc ::s/problems ::s/value ::s/spec))}
+          :spec-value    (some->> data ::s/value)
-        (when-let [explain (ex/explain data)]
+          :data          (some-> data (dissoc ::s/problems ::s/value ::s/spec))}
-          {:spec-explain explain})))))
+         (when-let [explain (ex/explain data)]
+           {:spec-explain explain}))))))
 
 (defmacro log
   [& props]

docker/images/docker-compose.yaml

@@ -137,15 +137,6 @@ services:
     environment:
       - PENPOT_FLAGS=enable-registration enable-login disable-email-verification enable-smtp
 
-      ## Setup initial administration user, uncommit only if you are
-      ## going to use the penpot-admin; Once uncommented, the special
-      ## user will be created on application start. This user can only
-      ## be used for access admin, you will not be able to login with
-      ## it on penpot application.
-
-      # - PENPOT_SETUP_ADMIN_EMAIL=admin@example.com
-      # - PENPOT_SETUP_ADMIN_PASSWORD=password
-
       ## Public URI. If you are going to expose this instance to the
       ## internet, or use it under different domain than 'localhost'
       ## consider using traefik and set the
@@ -240,32 +231,6 @@ services:
     networks:
       - penpot
 
-  ## An optional admin application for pentpot. It allows manage
-  ## users, teams and inspect some parts of the database. You can read
-  ## more about it on: https://github.com/penpot/penpot-admin
-  ##
-  ## Status: EXPERIMENTAL
-
-  # penpot-admin:
-  #   image: "penpotapp/admin:alpha"
-  #   networks:
-  #     - penpot
-  #
-  #   depends_on:
-  #     - penpot-postgres
-  #     - penpot-backend
-  #
-  #   environment:
-  #     - PENPOT_PUBLIC_URI=http://localhost:9001
-  #     - PENPOT_API_URI=http://penpot-frontend/
-  #
-  #     - PENPOT_DATABASE_HOST=penpot-postgres
-  #     - PENPOT_DATABASE_NAME=penpot
-  #     - PENPOT_DATABASE_USERNAME=penpot
-  #     - PENPOT_DATABASE_PASSWORD=penpot
-  #     - PENPOT_REDIS_URI=redis://penpot-redis/0
-  #     - PENPOT_DEBUG="false"
-
   ## A mailcatch service, used as temporal SMTP server. You can access
   ## via HTTP to the port 1080 for read all emails the penpot platform
   ## has sent. Should be only used as a temporal solution meanwhile

frontend/src/app/main/ui/dashboard/team.cljs

@@ -626,7 +626,6 @@
 
 (def valid-webhook-mtypes
   [{:label "application/json" :value "application/json"}
-   {:label "application/x-www-form-urlencoded" :value "application/x-www-form-urlencoded"}
    {:label "application/transit+json" :value "application/transit+json"}])
 
 (defn- extract-status