Responding with 401 unauthorized http response header for all unauthenticated requests
This ensures that the client can redirect to the login page whenever it receives the http status 401 in the response header. Now, the server is no longer responsible for redirecting to the login page. All server redirects have been disabled.
See merge request theappsmith/internal-tools-server!128
This ensures that the client can redirect to the login page whenever it receives the http status 401 in the response header. Now, the server is no longer responsible for redirecting to the login page. All server redirects have been disabled.
Invite Users
Organization Dropdown
=====================
- User must be able to see
- The organization dropdown in the headers
- The name of the organization in the header
- A list of navigation options on clicking the header; in a dropdown
- Navigate to the organization settings page on clicking "Organization Settings"
- View a list of organizations on clicking "Switch Organization"
Invite Users Form
=================
- User must be able to
- View the Invite Users header
- Go back to the previous page on clicking "Cancel"
- Add a list of email addresses in the User emails field by "Enter", "Space" and ","
- Delete individual email address - by clicking on the close icon, and "Backspace"
- Select a role for the set of emails
- See a validation message for each of the user email fields and role select fields
- Delete an entry of the "role -> emails" set by clicking on the "delete" icon at the end of each sets of fields
- Add another "role -> emails" set by clicking on "Add more"
- Submit the list of sets of " role -> emails" by clicking on Invite Users button
Other changes
=============
- Each of the protected pages will check for login on load
- When logged in and trying to access "/" (base URL), user will be redirected to the applications page
- User can navigate to the invite users page from the "Organization settings" page.
- Add black favicon for scaffolding pages, and orange for editor
See merge request theappsmith/internal-tools-client!203
Adding the invite user flow to invite a new user into the organization.
This includes multiple APIs:
1. Invite user which creates an invite token for the user and then sends it to the new user via email. This token is valid for 1 hour (for now).
2. An endpoint to verify the invite token so that the client can pre-emptively show any errors or expired token messages. This endpoint is publicly accessible and doesn't require a session.
3. An endpoint for the new user to sign up and set their password by providing their invite token. This endpoint is publicly accessible and doesn't require a session.
Also extending the redis session timeout to 1 day instead of 30 mins.
See merge request theappsmith/internal-tools-server!125
On user signup install the default plugins in the user's personal organization
When a user signs up, a personal organization is created for that user. There are a bunch of plugins marked in the DB as with field `defaultInstall` as true. These plugins must be installed for the new organization. This ensures that the user is able to run basic actions such as executing an API, DB query etc.
Also, adding a condition in the `getPlugins` API to return only the plugins installed by the user's organization.
See merge request theappsmith/internal-tools-server!124
Fix#418: Delete and Edit widget controls are functioning properly
- Delete and Edit controls for the selected widget were getting overlapped by the widgetName element, which is now fixed.
See merge request theappsmith/internal-tools-client!201
Handling duplicate email in forgotPassword flow.
Now if the user requests for the reset password token multiple times, we will override the previous token and save the new token against that user.
See merge request theappsmith/internal-tools-server!122
Correcting the HTTP methods in SecurityConfig and acl.rego to fix bug in forgotPassword and resetPassword authorization.
See merge request theappsmith/internal-tools-server!121
Adding a flag to determine if we should send emails for that particular environment
This is to prevent us from sending erroneous emails from our dev/test environments
See merge request theappsmith/internal-tools-server!120
Removing the logic to bind actions to pages when a dynamic binding happens.
This is because when an action is created, it is already bound to that page. This assumption will not change. Also, adding the pageId when searching for an action because the action name and pageId is a unique index. There may be actions with similar names across multiple pages.
See merge request theappsmith/internal-tools-server!119
This is because when an action is created, it is already bound to that page. This assumption will not change. Also, adding the pageId when searching for an action because the action name and pageId is a unique index. There may be actions with similar names across multiple pages.
Fix#413: Adhere widget name and controls to designs
- Widget Name now adheres to designs
- Position and sizes of widget controls now adhere to designs.
See merge request theappsmith/internal-tools-client!198
Selected Option is now available in dropdown widget.
Fixes#383
Added a concept of derived properties for widgets. A derived property is something that is not stored in dsl because it can be evaluated from stored properties. For example: We do not need to store a `selectedOption` for a dropdown because it can be derived from `selectedIndex` and `options`. Similarly we do not need to store `selectedRow` in a table because it can be derived from `tableData` and `selectedRowIndex`.
Such properties are constructed on the fly for their usage in js execution and autocomplete.
To add a derived property to a widget add `getDerivedPropertiesMap` function which returns an object like this:
```
{
<DerivedPropertyName>: (widgetData: FlattenedWidgetProps) => {<<Implements how the derived property is evaluated.>>}
}
```
See merge request theappsmith/internal-tools-client!191
Creating a list of public endpoints that anonymous users can access.
OPA controls access to all endpoints and the list of authenticated resources and public URLs is defined in a single place in that file.
The url_allow function in acl.rego is an overloaded function that replicates the OR condition in Rego. Either the user is authenticated and has permissions to access those resources, or the URL is public and accessible by any user.
See merge request theappsmith/internal-tools-server!117
OPA controls access to all endpoints and the list of authenticated resources and public URLs is defined in a single place in that file.
The url_allow function in acl.rego is an overloaded function that replicates the OR condition in Rego. Either the user is authenticated and has permissions to access those resources, or the URL is public and accessible by any user.
