Remove Business Portal, add SSO configuration models (#506)

angular/src/components/environment.component.ts

@@ -6,7 +6,6 @@ import {
 
 import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
 import { I18nService } from 'jslib-common/abstractions/i18n.service';
-import { NotificationsService } from 'jslib-common/abstractions/notifications.service';
 import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
 
 @Directive()
@@ -20,7 +19,6 @@ export class EnvironmentComponent {
     notificationsUrl: string;
     baseUrl: string;
     showCustom = false;
-    enterpriseUrl: string;
 
     constructor(protected platformUtilsService: PlatformUtilsService, protected environmentService: EnvironmentService,
         protected i18nService: I18nService) {
@@ -33,7 +31,6 @@ export class EnvironmentComponent {
         this.identityUrl = urls.identity || '';
         this.iconsUrl = urls.icons || '';
         this.notificationsUrl = urls.notifications || '';
-        this.enterpriseUrl = urls.enterprise || '';
     }
 
     async submit() {
@@ -44,7 +41,6 @@ export class EnvironmentComponent {
             webVault: this.webVaultUrl,
             icons: this.iconsUrl,
             notifications: this.notificationsUrl,
-            enterprise: this.enterpriseUrl,
         });
 
         // re-set urls since service can change them, ex: prefixing https://
@@ -54,7 +50,6 @@ export class EnvironmentComponent {
         this.webVaultUrl = resUrls.webVault;
         this.iconsUrl = resUrls.icons;
         this.notificationsUrl = resUrls.notifications;
-        this.enterpriseUrl = resUrls.enterprise;
 
         this.platformUtilsService.showToast('success', null, this.i18nService.t('environmentSaved'));
         this.saved();

common/src/abstractions/api.service.ts

@@ -1,6 +1,5 @@
 import { PolicyType } from '../enums/policyType';
 
-import { EnvironmentUrls } from '../models/domain/environmentUrls';
 import { AttachmentRequest } from '../models/request/attachmentRequest';
 
 import { BitPayInvoiceRequest } from '../models/request/bitPayInvoiceRequest';
@@ -30,6 +29,7 @@ import { ImportDirectoryRequest } from '../models/request/importDirectoryRequest
 import { ImportOrganizationCiphersRequest } from '../models/request/importOrganizationCiphersRequest';
 import { KdfRequest } from '../models/request/kdfRequest';
 import { KeysRequest } from '../models/request/keysRequest';
+import { OrganizationSsoRequest } from '../models/request/organization/organizationSsoRequest';
 import { OrganizationCreateRequest } from '../models/request/organizationCreateRequest';
 import { OrganizationImportRequest } from '../models/request/organizationImportRequest';
 import { OrganizationKeysRequest } from '../models/request/organizationKeysRequest';
@@ -115,6 +115,7 @@ import { IdentityCaptchaResponse } from '../models/response/identityCaptchaRespo
 import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
 import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
 import { ListResponse } from '../models/response/listResponse';
+import { OrganizationSsoResponse } from '../models/response/organization/organizationSsoResponse';
 import { OrganizationAutoEnrollStatusResponse } from '../models/response/organizationAutoEnrollStatusResponse';
 import { OrganizationKeysResponse } from '../models/response/organizationKeysResponse';
 import { OrganizationResponse } from '../models/response/organizationResponse';
@@ -191,7 +192,6 @@ export abstract class ApiService {
     postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise<any>;
     postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise<any>;
     postAccountKdf: (request: KdfRequest) => Promise<any>;
-    getEnterprisePortalSignInToken: () => Promise<string>;
     postUserApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
     postUserRotateApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
     putUpdateTempPassword: (request: UpdateTempPasswordRequest) => Promise<any>;
@@ -373,6 +373,7 @@ export abstract class ApiService {
     getOrganizationLicense: (id: string, installationId: string) => Promise<any>;
     getOrganizationTaxInfo: (id: string) => Promise<TaxInfoResponse>;
     getOrganizationAutoEnrollStatus: (identifier: string) => Promise<OrganizationAutoEnrollStatusResponse>;
+    getOrganizationSso: (id: string) => Promise<OrganizationSsoResponse>;
     postOrganization: (request: OrganizationCreateRequest) => Promise<OrganizationResponse>;
     putOrganization: (id: string, request: OrganizationUpdateRequest) => Promise<OrganizationResponse>;
     putOrganizationTaxInfo: (id: string, request: OrganizationTaxInfoUpdateRequest) => Promise<any>;
@@ -381,6 +382,7 @@ export abstract class ApiService {
     postOrganizationLicenseUpdate: (id: string, data: FormData) => Promise<any>;
     postOrganizationApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
     postOrganizationRotateApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
+    postOrganizationSso: (id: string, request: OrganizationSsoRequest) => Promise<OrganizationSsoResponse>;
     postOrganizationUpgrade: (id: string, request: OrganizationUpgradeRequest) => Promise<PaymentResponse>;
     postOrganizationUpdateSubscription: (id: string, request: OrganizationSubscriptionUpdateRequest) => Promise<void>;
     postOrganizationSeat: (id: string, request: SeatRequest) => Promise<PaymentResponse>;

common/src/abstractions/environment.service.ts

@@ -8,7 +8,6 @@ export type Urls = {
     icons?: string;
     notifications?: string;
     events?: string;
-    enterprise?: string;
 };
 
 export type PayPalConfig = {
@@ -21,7 +20,6 @@ export abstract class EnvironmentService {
 
     hasBaseUrl: () => boolean;
     getNotificationsUrl: () => string;
-    getEnterpriseUrl: () => string;
     getWebVaultUrl: () => string;
     getSendUrl: () => string;
     getIconsUrl: () => string;

common/src/enums/permissions.ts

@@ -1,27 +1,27 @@
 export enum Permissions {
-    AccessBusinessPortal = 0,
-    AccessEventLogs = 1,
-    AccessImportExport = 2,
-    AccessReports = 3,
+    AccessEventLogs,
+    AccessImportExport,
+    AccessReports,
     /**
      * @deprecated Sep 29 2021: This permission has been split out to `createNewCollections`, `editAnyCollection`, and
      * `deleteAnyCollection`. It exists here for backwards compatibility with Server versions <= 1.43.0
      */
-    ManageAllCollections = 4,
+    ManageAllCollections,
     /**
      * @deprecated Sep 29 2021: This permission has been split out to `editAssignedCollections` and
      * `deleteAssignedCollections`. It exists here for backwards compatibility with Server versions <= 1.43.0
      */
-    ManageAssignedCollections = 5,
-    ManageGroups = 6,
-    ManageOrganization = 7,
-    ManagePolicies = 8,
-    ManageProvider = 9,
-    ManageUsers = 10,
-    ManageUsersPassword = 11,
-    CreateNewCollections = 12,
-    EditAnyCollection = 13,
-    DeleteAnyCollection = 14,
-    EditAssignedCollections = 15,
-    DeleteAssignedCollections = 16,
+    ManageAssignedCollections,
+    ManageGroups,
+    ManageOrganization ,
+    ManagePolicies,
+    ManageProvider,
+    ManageUsers,
+    ManageUsersPassword,
+    CreateNewCollections,
+    EditAnyCollection,
+    DeleteAnyCollection,
+    EditAssignedCollections,
+    DeleteAssignedCollections,
+    ManageSso,
 }

common/src/models/api/permissionsApi.ts

@@ -1,7 +1,6 @@
 import { BaseResponse } from '../response/baseResponse';
 
 export class PermissionsApi extends BaseResponse {
-    accessBusinessPortal: boolean;
     accessEventLogs: boolean;
     accessImportExport: boolean;
     accessReports: boolean;
@@ -32,7 +31,6 @@ export class PermissionsApi extends BaseResponse {
         if (data == null) {
             return this;
         }
-        this.accessBusinessPortal = this.getResponseProperty('AccessBusinessPortal');
         this.accessEventLogs = this.getResponseProperty('AccessEventLogs');
         this.accessImportExport = this.getResponseProperty('AccessImportExport');
         this.accessReports = this.getResponseProperty('AccessReports');

common/src/models/api/ssoConfigApi.ts

@@ -0,0 +1,112 @@
+import { BaseResponse } from '../response/baseResponse';
+
+enum SsoType {
+    OpenIdConnect = 1,
+    Saml2 = 2,
+}
+
+enum OpenIdConnectRedirectBehavior {
+    RedirectGet = 0,
+    FormPost = 1,
+}
+
+enum Saml2BindingType {
+    HttpRedirect = 1,
+    HttpPost = 2,
+    Artifact = 4,
+}
+
+enum Saml2NameIdFormat {
+    NotConfigured = 0,
+    Unspecified = 1,
+    EmailAddress = 2,
+    X509SubjectName = 3,
+    WindowsDomainQualifiedName = 4,
+    KerberosPrincipalName = 5,
+    EntityIdentifier = 6,
+    Persistent = 7,
+    Transient = 8,
+}
+
+enum Saml2SigningBehavior {
+    IfIdpWantAuthnRequestsSigned = 0,
+    Always = 1,
+    Never = 3,
+}
+
+export class SsoConfigApi extends BaseResponse {
+    configType: SsoType;
+
+    // OpenId
+    authority: string;
+    clientId: string;
+    clientSecret: string;
+    metadataAddress: string;
+    redirectBehavior: OpenIdConnectRedirectBehavior;
+    getClaimsFromUserInfoEndpoint: boolean;
+    additionalScopes: string;
+    additionalUserIdClaimTypes: string;
+    additionalEmailClaimTypes: string;
+    additionalNameClaimTypes: string;
+    acrValues: string;
+    expectedReturnAcrValue: string;
+
+    // SAML
+    spNameIdFormat: Saml2NameIdFormat;
+    spOutboundSigningAlgorithm: string;
+    spSigningBehavior: Saml2SigningBehavior;
+    spMinIncomingSigningAlgorithm: boolean;
+    spWantAssertionsSigned: boolean;
+    spValidateCertificates: boolean;
+
+    idpEntityId: string;
+    idpBindingType: Saml2BindingType;
+    idpSingleSignOnServiceUrl: string;
+    idpSingleLogoutServiceUrl: string;
+    idpArtifactResolutionServiceUrl: string;
+    idpX509PublicCert: string;
+    idpOutboundSigningAlgorithm: string;
+    idpAllowUnsolicitedAuthnResponse: boolean;
+    idpDisableOutboundLogoutRequests: boolean;
+    idpWantAuthnRequestsSigned: boolean;
+
+    constructor(data: any = null) {
+        super(data);
+        if (data == null) {
+            return;
+        }
+
+        this.configType = this.getResponseProperty('ConfigType');
+
+        this.authority = this.getResponseProperty('Authority');
+        this.clientId = this.getResponseProperty('ClientId');
+        this.clientSecret = this.getResponseProperty('ClientSecret');
+        this.metadataAddress = this.getResponseProperty('MetadataAddress');
+        this.redirectBehavior = this.getResponseProperty('RedirectBehavior');
+        this.getClaimsFromUserInfoEndpoint = this.getResponseProperty('GetClaimsFromUserInfoEndpoint');
+        this.additionalScopes = this.getResponseProperty('AdditionalScopes');
+        this.additionalUserIdClaimTypes = this.getResponseProperty('AdditionalUserIdClaimTypes');
+        this.additionalEmailClaimTypes = this.getResponseProperty('AdditionalEmailClaimTypes');
+        this.additionalNameClaimTypes = this.getResponseProperty('AdditionalNameClaimTypes');
+        this.acrValues = this.getResponseProperty('AcrValues');
+        this.expectedReturnAcrValue = this.getResponseProperty('ExpectedReturnAcrValue');
+
+        this.spNameIdFormat = this.getResponseProperty('SpNameIdFormat');
+        this.spOutboundSigningAlgorithm = this.getResponseProperty('SpOutboundSigningAlgorithm');
+        this.spSigningBehavior = this.getResponseProperty('SpSigningBehavior');
+        this.spMinIncomingSigningAlgorithm = this.getResponseProperty('SpMinIncomingSigningAlgorithm');
+        this.spWantAssertionsSigned = this.getResponseProperty('SpWantAssertionsSigned');
+        this.spValidateCertificates = this.getResponseProperty('SpValidateCertificates');
+
+        this.idpEntityId = this.getResponseProperty('IdpEntityId');
+        this.idpBindingType = this.getResponseProperty('IdpBindingType');
+        this.idpSingleSignOnServiceUrl = this.getResponseProperty('IdpSingleSignOnServiceUrl');
+        this.idpSingleLogoutServiceUrl = this.getResponseProperty('IdpSingleLogoutServiceUrl');
+        this.idpArtifactResolutionServiceUrl = this.getResponseProperty('IdpArtifactResolutionServiceUrl');
+        this.idpX509PublicCert = this.getResponseProperty('IdpX509PublicCert');
+        this.idpOutboundSigningAlgorithm = this.getResponseProperty('IdpOutboundSigningAlgorithm');
+        this.idpAllowUnsolicitedAuthnResponse = this.getResponseProperty('IdpAllowUnsolicitedAuthnResponse');
+        this.idpDisableOutboundLogoutRequests = this.getResponseProperty('IdpDisableOutboundLogoutRequests');
+        this.idpWantAuthnRequestsSigned = this.getResponseProperty('IdpWantAuthnRequestsSigned');
+    }
+}

common/src/models/data/organizationData.ts

@@ -17,7 +17,6 @@ export class OrganizationData {
     useTotp: boolean;
     use2fa: boolean;
     useApi: boolean;
-    useBusinessPortal: boolean;
     useSso: boolean;
     useResetPassword: boolean;
     selfHost: boolean;
@@ -48,7 +47,6 @@ export class OrganizationData {
         this.useTotp = response.useTotp;
         this.use2fa = response.use2fa;
         this.useApi = response.useApi;
-        this.useBusinessPortal = response.useBusinessPortal;
         this.useSso = response.useSso;
         this.useResetPassword = response.useResetPassword;
         this.selfHost = response.selfHost;

common/src/models/domain/organization.ts

@@ -18,7 +18,6 @@ export class Organization {
     useTotp: boolean;
     use2fa: boolean;
     useApi: boolean;
-    useBusinessPortal: boolean;
     useSso: boolean;
     useResetPassword: boolean;
     selfHost: boolean;
@@ -53,7 +52,6 @@ export class Organization {
         this.useTotp = obj.useTotp;
         this.use2fa = obj.use2fa;
         this.useApi = obj.useApi;
-        this.useBusinessPortal = obj.useBusinessPortal;
         this.useSso = obj.useSso;
         this.useResetPassword = obj.useResetPassword;
         this.selfHost = obj.selfHost;
@@ -92,10 +90,6 @@ export class Organization {
         return this.type === OrganizationUserType.Owner || this.isProviderUser;
     }
 
-    get canAccessBusinessPortal() {
-        return this.isAdmin || this.permissions.accessBusinessPortal;
-    }
-
     get canAccessEventLogs() {
         return this.isAdmin || this.permissions.accessEventLogs;
     }

common/src/models/request/organization/organizationSsoRequest.ts

@@ -0,0 +1,6 @@
+import { SsoConfigApi } from '../../api/ssoConfigApi';
+
+export class OrganizationSsoRequest {
+    enabled: boolean = false;
+    data: SsoConfigApi;
+}

common/src/models/response/organization/organizationSsoResponse.ts

@@ -0,0 +1,23 @@
+import { SsoConfigApi } from '../../api/ssoConfigApi';
+import { BaseResponse } from '../baseResponse';
+
+export class OrganizationSsoResponse extends BaseResponse {
+    enabled: boolean;
+    data: SsoConfigApi;
+    urls: SsoUrls;
+
+    constructor(response: any) {
+        super(response);
+        this.enabled = this.getResponseProperty('Enabled');
+        this.data = new SsoConfigApi(this.getResponseProperty('Data'));
+        this.urls = this.getResponseProperty('Urls');
+    }
+}
+
+type SsoUrls = {
+    callbackPath: string;
+    signedOutCallbackPath: string;
+    spEntityId: string;
+    spMetadataUrl: string;
+    spAcsUrl: string;
+};

common/src/models/response/profileOrganizationResponse.ts

@@ -14,7 +14,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
     useTotp: boolean;
     use2fa: boolean;
     useApi: boolean;
-    useBusinessPortal: boolean;
     useSso: boolean;
     useResetPassword: boolean;
     selfHost: boolean;
@@ -46,7 +45,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
         this.useTotp = this.getResponseProperty('UseTotp');
         this.use2fa = this.getResponseProperty('Use2fa');
         this.useApi = this.getResponseProperty('UseApi');
-        this.useBusinessPortal = this.getResponseProperty('UseBusinessPortal');
         this.useSso = this.getResponseProperty('UseSso');
         this.useResetPassword = this.getResponseProperty('UseResetPassword');
         this.selfHost = this.getResponseProperty('SelfHost');

common/src/models/response/profileProviderOrganizationResponse.ts

@@ -14,7 +14,6 @@ export class ProfileProviderOrganizationResponse extends BaseResponse {
     useTotp: boolean;
     use2fa: boolean;
     useApi: boolean;
-    useBusinessPortal: boolean;
     useSso: boolean;
     useResetPassword: boolean;
     selfHost: boolean;
@@ -46,7 +45,6 @@ export class ProfileProviderOrganizationResponse extends BaseResponse {
         this.useTotp = this.getResponseProperty('UseTotp');
         this.use2fa = this.getResponseProperty('Use2fa');
         this.useApi = this.getResponseProperty('UseApi');
-        this.useBusinessPortal = this.getResponseProperty('UseBusinessPortal');
         this.useSso = this.getResponseProperty('UseSso');
         this.useResetPassword = this.getResponseProperty('UseResetPassword');
         this.selfHost = this.getResponseProperty('SelfHost');