strapi · Convly · Jan 25, 2023 · Nov 23, 2022 · Nov 24, 2022 · Nov 24, 2022
diff --git a/packages/admin-test-utils/lib/setup/strapi.js b/packages/admin-test-utils/lib/setup/strapi.js
@@ -17,7 +17,6 @@ global.strapi = {
   isEE: false,
   features: {
     SSO: 'sso',
-    allFeatures: [],
     isEnabled: () => false,
   },
   projectType: 'Community',

diff --git a/packages/core/admin/admin/src/index.js b/packages/core/admin/admin/src/index.js
@@ -1,7 +1,7 @@
 import ReactDOM from 'react-dom';
+import appCustomisations from './app';
 import { Components, Fields, Middlewares, Reducers } from './core/apis';
 import { axiosInstance } from './core/utils';
-import appCustomisations from './app';
 // eslint-disable-next-line import/extensions
 import plugins from './plugins';
 import appReducers from './reducers';
@@ -12,7 +12,7 @@ window.strapi = {
   telemetryDisabled: process.env.STRAPI_TELEMETRY_DISABLED ?? false,
   features: {
     SSO: 'sso',
-    auditLogs: 'audit-logs',
+    AUDIT_LOGS: 'audit-logs',
   },
   projectType: 'Community',
 };
@@ -39,8 +39,7 @@ const run = async () => {
     window.strapi.isEE = isEE;
     window.strapi.features = {
       ...window.strapi.features,
-      allFeatures: features,
-      isEnabled: (f) => features.includes(f),
+      isEnabled: (featureName) => features.some((feature) => feature.name === featureName),
     };
 
     window.strapi.projectType = isEE ? 'Enterprise' : 'Community';

diff --git a/packages/core/admin/ee/admin/hooks/useSettingsMenu/utils/customAdminLinks.js b/packages/core/admin/ee/admin/hooks/useSettingsMenu/utils/customAdminLinks.js
@@ -1,6 +1,6 @@
 import adminPermissions from '../../../../../admin/src/permissions';
 
-const auditLogsRoutes = strapi.features.isEnabled(strapi.features.auditLogs)
+const auditLogsRoutes = strapi.features.isEnabled(strapi.features.AUDIT_LOGS)
   ? [
       {
         intlLabel: { id: 'global.auditLogs', defaultMessage: 'Audit Logs' },

diff --git a/packages/core/admin/ee/admin/pages/SettingsPage/utils/customRoutes.js b/packages/core/admin/ee/admin/pages/SettingsPage/utils/customRoutes.js
@@ -14,7 +14,7 @@ if (strapi.features.isEnabled(strapi.features.SSO)) {
   });
 }
 
-if (strapi.features.isEnabled(strapi.features.auditLogs)) {
+if (strapi.features.isEnabled(strapi.features.AUDIT_LOGS)) {
   routes.push({
     async Component() {
       const component = await import(

diff --git a/packages/core/admin/ee/server/bootstrap.js b/packages/core/admin/ee/server/bootstrap.js
@@ -17,5 +17,7 @@ module.exports = async () => {
     await actionProvider.registerMany(actions.auditLogs);
   }
 
+  // TODO: check admin seats
+
   await executeCEBootstrap();
 };
diff --git a/packages/core/admin/ee/server/routes/features-routes.js b/packages/core/admin/ee/server/routes/features-routes.js
diff --git a/packages/core/admin/ee/server/routes/index.js b/packages/core/admin/ee/server/routes/index.js
@@ -1,17 +1,13 @@
 'use strict';
 
-// eslint-disable-next-line node/no-extraneous-require
 const { features } = require('@strapi/strapi/lib/utils/ee');
-const featuresRoutes = require('./features-routes');
 
-const getFeaturesRoutes = () => {
-  return Object.entries(featuresRoutes).flatMap(([featureName, featureRoutes]) => {
-    if (features.isEnabled(featureName)) {
-      return featureRoutes;
-    }
+const enableFeatureMiddleware = (featureName) => (ctx, next) => {
+  if (features.isEnabled(featureName)) {
+    return next();
+  }
 
-    return [];
-  });
+  ctx.status = 404;
 };
 
 module.exports = [
@@ -63,5 +59,93 @@ module.exports = [
       ],
     },
   },
-  ...getFeaturesRoutes(),
+
+  // SSO
+  {
+    method: 'GET',
+    path: '/providers',
+    handler: 'authentication.getProviders',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      auth: false,
+    },
+  },
+  {
+    method: 'GET',
+    path: '/connect/:provider',
+    handler: 'authentication.providerLogin',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      auth: false,
+    },
+  },
+  {
+    method: 'POST',
+    path: '/connect/:provider',
+    handler: 'authentication.providerLogin',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      auth: false,
+    },
+  },
+  {
+    method: 'GET',
+    path: '/providers/options',
+    handler: 'authentication.getProviderLoginOptions',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.read'] } },
+      ],
+    },
+  },
+  {
+    method: 'PUT',
+    path: '/providers/options',
+    handler: 'authentication.updateProviderLoginOptions',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.update'] } },
+      ],
+    },
+  },
+
+  // Audit logs
+  {
+    method: 'GET',
+    path: '/audit-logs',
+    handler: 'auditLogs.findMany',
+    config: {
+      middlewares: [enableFeatureMiddleware('audit-logs')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        {
+          name: 'admin::hasPermissions',
+          config: {
+            actions: ['admin::audit-logs.read'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'GET',
+    path: '/audit-logs/:id',
+    handler: 'auditLogs.findOne',
+    config: {
+      middlewares: [enableFeatureMiddleware('audit-logs')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        {
+          name: 'admin::hasPermissions',
+          config: {
+            actions: ['admin::audit-logs.read'],
+          },
+        },
+      ],
+    },
+  },
 ];
diff --git a/packages/core/admin/ee/server/services/__tests__/audit-logs.test.js b/packages/core/admin/ee/server/services/__tests__/audit-logs.test.js
@@ -97,6 +97,7 @@ describe('Audit logs service', () => {
         features: {
           // We only enabled audit logs
           isEnabled: (feature) => feature === 'audit-logs',
+          get: () => ({ name: 'audit-logs', options: { retentionDays: 90 } }),
         },
       }));
 

diff --git a/packages/core/admin/ee/server/services/__tests__/passport.test.js b/packages/core/admin/ee/server/services/__tests__/passport.test.js
@@ -13,13 +13,13 @@ describe('Passport', () => {
   afterEach(() => {
     // Reset the mock on passport.use.toHaveBeenCalledTimes
     jest.resetAllMocks();
-    // Reset the mock on strapi/lib/utils/ee so we can change its behavior
+    // Reset the mock on strapi/ee so we can change its behavior
     jest.resetModules();
   });
 
   describe('Init (SSO disabled)', () => {
     beforeAll(() => {
-      jest.mock('@strapi/strapi/lib/utils/ee', () => ({
+      jest.mock('@strapi/strapi/ee', () => ({
         features: {
           // Disable the SSO feature
           isEnabled: (feature) => feature !== 'sso',
@@ -57,7 +57,7 @@ describe('Passport', () => {
 
   describe('Init (SSO enabled)', () => {
     beforeAll(() => {
-      jest.mock('@strapi/strapi/lib/utils/ee', () => ({
+      jest.mock('@strapi/strapi/ee', () => ({
         features: {
           // Enable all the features (including SSO)
           isEnabled: () => true,

diff --git a/packages/core/admin/ee/server/services/__tests__/sso.test.js b/packages/core/admin/ee/server/services/__tests__/sso.test.js
@@ -1,21 +1,15 @@
 'use strict';
 
-jest.mock('@strapi/strapi/lib/utils/ee', () => {
-  const eeModule = () => true;
-
-  Object.assign(eeModule, {
-    features: {
-      isEnabled() {
-        return true;
-      },
-      getEnabled() {
-        return ['sso'];
-      },
+jest.mock('@strapi/strapi/ee', () => ({
+  features: {
+    isEnabled() {
+      return true;
     },
-  });
-
-  return eeModule;
-});
+    list() {
+      return [{ name: 'sso' }];
+    },
+  },
+}));
 
 const {
   syncProviderRegistryWithConfig,

diff --git a/packages/core/admin/ee/server/services/audit-logs.js b/packages/core/admin/ee/server/services/audit-logs.js
@@ -2,8 +2,9 @@
 
 const localProvider = require('@strapi/provider-audit-logs-local');
 const { scheduleJob } = require('node-schedule');
+const { features } = require('@strapi/strapi/lib/utils/ee');
 
-const RETENTION_DAYS = 90;
+const DEFAULT_RETENTION_DAYS = 90;
 
 const defaultEvents = [
   'entry.create',
@@ -88,10 +89,12 @@ const createAuditLogsService = (strapi) => {
 
   return {
     async register() {
+      const retentionDays =
+        features.get('audit-logs')?.options.retentionDays ?? DEFAULT_RETENTION_DAYS;
       this._provider = await localProvider.register({ strapi });
       this._eventHubUnsubscribe = strapi.eventHub.subscribe(handleEvent.bind(this));
       this._deleteExpiredJob = scheduleJob('0 0 * * *', () => {
-        const expirationDate = new Date(Date.now() - RETENTION_DAYS * 24 * 60 * 60 * 1000);
+        const expirationDate = new Date(Date.now() - retentionDays * 24 * 60 * 60 * 1000);
         this._provider.deleteExpiredEvents(expirationDate);
       });
 

diff --git a/packages/core/admin/ee/server/services/passport.js b/packages/core/admin/ee/server/services/passport.js
@@ -25,8 +25,5 @@ const getPassportStrategies = () => {
 
 module.exports = {
   getPassportStrategies,
+  ...sso,
 };
-
-if (features.isEnabled('sso')) {
-  Object.assign(module.exports, sso);
-}
diff --git a/packages/core/admin/ee/server/services/passport/sso.js b/packages/core/admin/ee/server/services/passport/sso.js
@@ -1,13 +1,25 @@
 'use strict';
 
+const ee = require('@strapi/strapi/ee');
 const { authEventsMapper } = require('../../../../server/services/passport');
 const createProviderRegistry = require('./provider-registry');
 
 const providerRegistry = createProviderRegistry();
+const errorMessage = 'SSO is disabled. Its functionnalities cannot be accessed.';
 
-const getStrategyCallbackURL = (providerName) => `/admin/connect/${providerName}`;
+const getStrategyCallbackURL = (providerName) => {
+  if (!ee.features.isEnabled('sso')) {
+    throw new Error(errorMessage);
+  }
+
+  return `/admin/connect/${providerName}`;
+};
 
 const syncProviderRegistryWithConfig = () => {
+  if (!ee.features.isEnabled('sso')) {
+    throw new Error(errorMessage);
+  }
+
   const { providers = [] } = strapi.config.get('admin.auth', {});
 
   providerRegistry.registerMany(providers);

diff --git a/packages/core/admin/server/controllers/__tests__/admin.test.js b/packages/core/admin/server/controllers/__tests__/admin.test.js
@@ -8,7 +8,7 @@ jest.mock('@strapi/strapi/lib/utils/ee', () => {
       isEnabled() {
         return false;
       },
-      getEnabled() {
+      list() {
         return [];
       },
     },