-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core): Add SAML post and test endpoints #5595
feat(core): Add SAML post and test endpoints #5595
Conversation
# Conflicts: # packages/cli/src/sso/saml/middleware/samlEnabledMiddleware.ts # packages/cli/src/sso/saml/samlHelpers.ts
…e-internal-api-endpoints-to-set-up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Just left some minor comments.
*/ | ||
samlControllerProtected.post( | ||
SamlUrls.config, | ||
samlLicensedOwnerMiddleware, | ||
async (req: SamlConfiguration.Update, res: express.Response) => { | ||
if (isSamlPreferences(req.body)) { | ||
const validationResult = await validate(req.body); | ||
if (validationResult.length === 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better to return early?
if (!validationResult) throw new BadRequestError(...)
const result = await SamlService.getInstance().setSamlPreferences(req.body);
return res.send(result);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, validationresult is supposed to be empty (validate() returns an array with the number of errors it found, so ideally length=0)
SamlUrls.configToggleEnabled, | ||
samlLicensedOwnerMiddleware, | ||
async (req: SamlConfiguration.Toggle, res: express.Response) => { | ||
if (req.body.loginEnabled !== undefined) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const { loginEnabled } = req.body;
if (loginEnabled === undefined ) throw new BadRequestError('....')
await SamlService.getInstance().setSamlPreferences({ loginEnabled: req.body.loginEnabled });
res.sendStatus(200);
if (result?.binding === 'redirect') { | ||
// forced client side redirect | ||
return res.send(getInitSSOPostView(result.context)); | ||
// return res.status(301).send(result.context.context); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove comment
samlControllerProtected.get( | ||
SamlUrls.configTest, | ||
async (req: express.Request, res: express.Response) => { | ||
const testResult = await SamlService.getInstance().testSamlConnection(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we handle the case when the testing connection fails? That way, we can let the front end know that there might be an issue with the settings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes this is just a very basic implementation for the moment, until I know how the frontend wants to call it. Right now it's a return of true/false for the test, rather than an exception. The entire test process may change, since it may be better to have the owner go through a full sso flow instead to confirm it is working.
@@ -53,7 +61,7 @@ export class SamlService { | |||
} | |||
|
|||
constructor() { | |||
this.loadSamlPreferences() | |||
this.loadFromDbAndApplySamlPreferences() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it not enough to call loadFromDbAndApplySamlPreferences only in the init method?
i'll make the small changes as part of #5600 which already had many of them... |
Got released with |
* consolidate SSO settings * update saml settings * fix type error * limit user changes when saml is enabled * add test * add toggle endpoint and fetch metadata * rename enabled param * add handling of POST saml login request * add config test endpoint
Github issue / Community forum post (link here to close automatically):