selfhosted
/
jackson
mirror of https://github.com/boxyhq/jackson.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
jackson/npm/src/controller/utils.ts

388 lines
11 KiB
TypeScript
Raw Normal View History

Federated SAML (#685) * Add alert component * Add a loading state component * Now Emptystate accept an optional prop description * SAML federation create app controller * Add the UI to create and list SAML federation apps * Create SAML federation app and metadata * wip * wip * wip * Cleanup * Fix the return values * Delete the session after the SAML response is sent to the user * wip * Revert the changes to the ConnectionAPIController * wip - IdP selection, session fixes * Fix the flow * Refactor * Refactor * wip * Refactor the idp selection page - wip * Refactor * Refactor the resolve connection * Refactor the idp selection * Refactor the idp/app selection and other fixes * wip * Refactor * Refactor the SAML response handling to merge the logic * Rename the methods * Move the saml federation to /ee folder * Fix the imported types * wip * wip /ee * Move the federated SAML UI to /ee * Move to /ee folder * wip admin portal * Delete the SAML federation app * Rename the controllers * Add the translation * Add the proper license check * Add the unit tests * tweaks to test * tweaks to test * Changes to the controller and other cleanup * Fix API routes headers * Use new toast * Add button to download cert * Tweaks * log cleanup * saml federation is part of enterprise sso * entityID now contains the unique hash needed for each tenant + product combination * cleanup * cleanup * we don't need a unique entityID * text tweaks Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-12-16 15:38:59 +00:00
import crypto from 'crypto';
import * as jose from 'jose';
import { Client, TokenSet } from 'openid-client';
Use cert from metadata to validate response (#1908) * Use public cert from metadata if present else use thumbprint for backward compatibility * Type updates * Surface up more error detail * updated saml20 --------- Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-11-10 11:54:24 +00:00
import saml from '@boxyhq/saml20';
Federated SAML (#685) * Add alert component * Add a loading state component * Now Emptystate accept an optional prop description * SAML federation create app controller * Add the UI to create and list SAML federation apps * Create SAML federation app and metadata * wip * wip * wip * Cleanup * Fix the return values * Delete the session after the SAML response is sent to the user * wip * Revert the changes to the ConnectionAPIController * wip - IdP selection, session fixes * Fix the flow * Refactor * Refactor * wip * Refactor the idp selection page - wip * Refactor * Refactor the resolve connection * Refactor the idp selection * Refactor the idp/app selection and other fixes * wip * Refactor * Refactor the SAML response handling to merge the logic * Rename the methods * Move the saml federation to /ee folder * Fix the imported types * wip * wip /ee * Move the federated SAML UI to /ee * Move to /ee folder * wip admin portal * Delete the SAML federation app * Rename the controllers * Add the translation * Add the proper license check * Add the unit tests * tweaks to test * tweaks to test * Changes to the controller and other cleanup * Fix API routes headers * Use new toast * Add button to download cert * Tweaks * log cleanup * saml federation is part of enterprise sso * entityID now contains the unique hash needed for each tenant + product combination * cleanup * cleanup * we don't need a unique entityID * text tweaks Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-12-16 15:38:59 +00:00
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
import * as dbutils from '../db/utils';
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
import type {
ConnectionType,
OAuthErrorHandlerParams,
SAMLSSOConnectionWithEncodedMetadata,
SAMLSSOConnectionWithRawMetadata,
Fallback for OIDC discovery (#926) * Support `metadata` in `OIDCSSORecord` * Helper to create oidc issuer instance * Use helper to create `Issuer` * Sync lock file * Support `oidcMetadata` in pre-loaded connections * Augment typings for OIDC SSO Connections * Use helper and pass metadata * Update validation to consider metadata * Support for OIDC metadata * Test fixes for types and error message * Fix swagger array type * Update swagger spec * Util to transform OIDC metadata JSON * Fix typings * Augment validation for oidc metadata fields * Add `oidcMetadataParse` to admin apis * Add `oidcMetadataParse` to setup link apis * Remove previously set discoveryUrl or metadata if any * Type updates admin portal * initialState seeding for `object` type * Add and place at bottom of the form * Type the catalog list * use to set the fields for the object type * Type updates * Gaurd against parentKey value * Add missing guard to `formatForDisplay` * Link like button * Support for fallback field * Util function to check if value is `{}` * Fix premature setting of metadata * Exclude fallback from form display Activate fallback on switch interaction * Fix settings view state setting * Sync lock file * Tweak error message * Add e2e for SSO connection add via metadata * Tweak switch * Refactor - Parameterize the e2e test * Cleanup * text tweaks * fixed test * Update comments * Use `data-testid` instead of button name * Source `data-testid`s from catalog * Refactor `hidden` className setting * Switch from `locator` to `getByTestId` * Apply hidden className to checkbox input --------- Co-authored-by: Kiran K <kiran@boxyhq.com> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-02-24 07:13:58 +00:00
OIDCSSOConnectionWithDiscoveryUrl,
OIDCSSOConnectionWithMetadata,
Federated SAML (#685) * Add alert component * Add a loading state component * Now Emptystate accept an optional prop description * SAML federation create app controller * Add the UI to create and list SAML federation apps * Create SAML federation app and metadata * wip * wip * wip * Cleanup * Fix the return values * Delete the session after the SAML response is sent to the user * wip * Revert the changes to the ConnectionAPIController * wip - IdP selection, session fixes * Fix the flow * Refactor * Refactor * wip * Refactor the idp selection page - wip * Refactor * Refactor the resolve connection * Refactor the idp selection * Refactor the idp/app selection and other fixes * wip * Refactor * Refactor the SAML response handling to merge the logic * Rename the methods * Move the saml federation to /ee folder * Fix the imported types * wip * wip /ee * Move the federated SAML UI to /ee * Move to /ee folder * wip admin portal * Delete the SAML federation app * Rename the controllers * Add the translation * Add the proper license check * Add the unit tests * tweaks to test * tweaks to test * Changes to the controller and other cleanup * Fix API routes headers * Use new toast * Add button to download cert * Tweaks * log cleanup * saml federation is part of enterprise sso * entityID now contains the unique hash needed for each tenant + product combination * cleanup * cleanup * we don't need a unique entityID * text tweaks Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-12-16 15:38:59 +00:00
Profile,
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
SAMLSSORecord,
Dynamodb support (#980) * added dynamodb-local to docker-compose * [WIP] Add DynamoDB data source (#947) wip Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> * WIP * fixed put, get and delete * store secondary index * implemented getAll and delete * revert changes to test file * revert test script changes * added dynamodb-local for testing * WIP: pagination for DynamoDB * dynamodb pagination cannot take offset and limit * fixes for the change from Array to Records type so we can handle pageToken for DynamoDB * fixed github actions * trying options instead of command * try default dynamodb-local command * lint * region for dynamodb * added dummy aws creds * lint * getAll can be paginated using pageLimit * tweaked comments * Track `pageToken` with `pageOffset`. * Track the (next)pageToken with offset * Use the pageToken (from prev page) to get the connection list * Comment * Pass along the pageToken * Type fix * Relay the `pageToken` header to the response * Update type for SWR ApiSuccess data * Remove `marshall` * Support pageToken for DS * Support pageToken for SAML Fed * Fix test * Support pageToken for SAML Tracer * Fix test * Fix test for tracer * Remove `marshall` in getByIndex * Support `pageToken` for SetupLinks * added dynamodb dev script * move dynamodb options to it's own namespace * added config for read/write capacity units --------- Co-authored-by: Michael McDermott <michael.g.mcdermott@gmail.com> Co-authored-by: Aswin V <vaswin91@gmail.com>
2023-03-16 21:42:36 +00:00
OIDCSSORecord,
add ability to activate/deactivate the sso and directory sync connections (#1049) * add support to activate and deactivate SSO connections * add unit tests for sso.deactivated and sso.activated * prevent sso login with deactivated connection * add deactivate key for directory sync * update the Badge component to extend react-daisyui * restructure the status toggle button * update the connection toggle for directory connection * wip * tweak variables * wip * cleanup * delete the connection after each test * ask for confirmation before sending the request * use PATCH method * fix the default value for toggle * stop sending webhook if connection is disabled * add the key deactivated to connection object * fix the unit test * attempt to fix the test * update * allow passing data-testid to ConfirmationModal * revert the changes * cleanup * remove the console.log * remove unused imports * sync the state after the status change * Sync lock file --------- Co-authored-by: Aswin V <vaswin91@gmail.com>
2023-04-10 12:56:26 +00:00
Directory,
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
} from '../typings';
Validate urls in the config api request (#138) * Validate both defaultRedirectUrl and redirectUrl * Conditionally validate to make it usable for PATCH * Add tests * Extract and then validate * Use for..of over forEach * Set the limit to 100 * Fix incorrect handling of redirectUrl in PATCH
2022-03-31 11:18:00 +00:00
import { JacksonError } from './error';
OAuth 2.0 Error handling (#198) * helper utils for OAuthErrorResponse * Return back to redirect_uri with error and desc * return OAuthError inside samlResponse for SP flow * Fix test * Remove punctuation * Add new tests * Add test for absent binding in config * Add test for samlResponse OAuth error * Test for OAuth error in saml request creation failure * Rename mock metadata to fixture * Refactor * Refactor fixture * Update comment * Update type for `Profile` * Add fixture for token_req * Assert for requested in userinfo * Refactor body for tokenReq to fixture * Sync package lock * Return error response for SP/IdP flow - IdP flow can use the defaultRedirectUrl
2022-05-16 11:46:30 +00:00
import * as redirect from './oauth/redirect';
Validate urls in the config api request (#138) * Validate both defaultRedirectUrl and redirectUrl * Conditionally validate to make it usable for PATCH * Add tests * Extract and then validate * Use for..of over forEach * Set the limit to 100 * Fix incorrect handling of redirectUrl in PATCH
2022-03-31 11:18:00 +00:00
wip
2021-12-23 11:33:26 +00:00
export enum IndexNames {
EntityID = 'entityID',
- updated libs - added ts files to lint-staged - configured nodemon to run ts files during dev
2021-12-24 19:35:48 +00:00
TenantProduct = 'tenantProduct',
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
OIDCProviderClientID = 'OIDCProviderClientID',
SAML Tracer (#945) * `SAMLTracer` bootstrap * Pass `db` handle * Expect `null` when license is void * Skeleton - WIP * Add `Trace` type * Hook into `samlTracer` * Secondary index and other changes * Remove secondary index, support pagination * Remove TTL on tracer store, add secondary indices * Add `traceId` alongside payload value * Implement `cleanUpStaleTraces` * Trace any error in response parsing stage * Move `setInterval` to constructor, also run at start * Use arithmetic * Make method `public` * `await` on delete op * Fix logic: store `concat` result in `traces` * Unit tests * Switch `randomUUID` to `generateMnemonic` * Tweak const name * Typo fix * SAML Tracer to the sidebar * Api routes and pages * i18n * SAML Tracer instance and type updates * Page and api route for admin portal * Update comment * Rename variable * Enhance types, make `timestamp` optional * prefix `traceId` to error_description * Assert traceId pattern and return value * Add translations for traces list table * Updates for SAML Tracer viewer * Format the `error_description` * Implement `getByTraceId` * keycheck instead of falsiness check * Use status `403` and minor tweaks * Api route for getting single trace by `traceId` * Trace Inspector view * Move SAMLTracer out of `ee` * Remove license check * Placeholder for parsing rawResponse * Trace inspect page * Tweak description * Wrap `samlResponse` in try catch * Refactor and style changes, display more context * Rethrow error for SAMLFederation without redirecting * Add `issuer`,`profile` to context * Switch to `<span>` inside `<p>` * Format profile display and fix issuer term * Add TODO comment * Use empty string if `issuer` turns out to be empty * Package lock changes * Tweak the comment * Handle error with no op within saveTrace * Wrap SAML error points in `authorize` with tracer * Sync lock file * Redirect to jackson error page for federated sso * Pass `samlTracer` to Federated SSO class * Trace the error and rethrow to caller * Refactor * Expand `context` type * Gaurd for absent context fields * Disable word-wrap for timestamp * Display additional context * `await` to catch errors inside promise * Use tenant/product from app instead of connection * Use translation and minor fix * More translations * More translations * Remove "unlikely request" capturing * Copy to clipboard button * `await` inside try catch block * cleanup * Expand `try` to include jackson init * Add `requestedOIDCFlow` * Filter out empty indices * Make `samlTracer` internal to jackson * Use `AdminController` to get trace data * Default to 0 for pagination * Add comment * Add IdP login flag to context * Move the assignment before IdP flow check to populate context * Add `relayState` to context * Add `redirectUri` to context
2023-03-07 22:36:13 +00:00
SSOClientID = 'SSOClientID',
Add API to fetch SSO connections by product (#1236) * add secondary index on product * add getConnectionsByProduct * add unit test * add API * remove unused import * update comment
2023-06-26 09:28:48 +00:00
Product = 'product',
Setup links APIs (#1339) * Validate setup link service * wip `/api/v1/setup-links` * Remove getByService * add api endpoints * add open API spec * api/v1/connections/setup-links * /api/v1/directory-sync * Update API * Update API * Update the test * Update Swagger specification * Fix the lint issue * Tweak the comment * Update Swagger specs * Update tags * Rename setup-links with setuplinks * Move setuplink to new path * Update API endpoints * Tweak swagger specs --------- Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-08-02 14:13:39 +00:00
// For Setup link
Service = 'service',
SetupToken = 'token',
ProductService = 'productService',
TenantProductService = 'tenantProductService',
- updated libs - added ts files to lint-staged - configured nodemon to run ts files during dev
2021-12-24 19:35:48 +00:00
}
Add support for HTTP-POST binding (#82) * Add support for http-post * send authorize_form as html * package lock update * fixed POST for Azure * tweak * Fix the unit test * This seems like a better fix * redirectUrl/authorizeForm can be undefined Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-02-17 19:02:03 +00:00
Directory Sync (#202) * SCIM Config API - / POST * SCIM wip * Add SCIM Webhook * Send webhoo event, and add signature * SCIM Group wip * wip * SCIM wip * User store wip * wip * wip * SCIM - Groups management * Add the params validation * Cleanup * Create user API, return the created user * Replace the nanoid with crypto .randomBytes * Improve the transform methods * Fix the events APIs * Fix * Wip - Testing with OneLogin SCIM * wip * Make changes to SCIM APIs * wip * Add the method createRandomSecret * wip * wip * wip * wip * wip * wip * wip * refactor wip * refactor wip * wip * Users finished * Group finished * Group fix * Fix the types * Fix the types * wip webhook events * Fix the config API * wip * wip * wip * wip * Improve the methods * wip * wip * wip webhook * Refactor the code * Add some comments * Fix the API * wip SCIM * Fix the pk * Return the all the groups * Fix * Improve the code * Final changes * wip APIs * Rename variables * Rename the classes * Fix the APIs * wip * Admin UI - wip * Add SCIM config screen * Admin UI wip * Admin UI wip * Admin UI wip * Fix the Admin UI * Add tabs * Add tabs * Add user screens * Add EmptyState * Add users, groups info screen * Add JSON syntax highlighter * Fix the config details screen * Add authentication to the APIs * wip * Add types * Add webhook event logs * Add type to directory * Display the event log details * Fix the missing arg * Ability to configure the logging enable/disable * Display alert if webhook logging is disabled * Fix the SCIM * Applied prettier * Search users by userName * Fix the section width * Add pagination for /users /groups in admin UI * Add pagination for directory listing * Fix the issues with list() * Add APIs * Add Next.js middleware for authentication * Fix the TS issue * Add pagination for SCIM /users * Add pagination for SCIM /users * Moved the tests into sub folders * Add unit tests for directories, users * wip * wip - unit tests * wip - unit tests * Some improvments * wip * Finished the SCIM unit tests * Some fixes * Fixes * Rename methods * Fix the TS * Many fixes * Fixes * Fixes * SCIM Fixes * SCIM updates * Fix the unit tests * Fix the unit tests * Fix the unit tests * Improve the unit tests * A fix * File renamed as per JS standard * Fix * Updates * Fix the SCIM APIs * Fix the tests * Added the Base class * Some fixes * Some fixes * Some fixes * Fix the events * Renamed to directorySyncController for consistency * Moved the createId to Base class * Moved the createId to Base class * Remove the Next.js middleware and add authentication to each routes * Change the text * Merged * Revert the changes * Improved the response of the SDK and APIs * Fix the return value * Azure related changes * Add the middleware back * Infer the types from getServerSideProps * givenName and familyName can be empty depends on the mapping * Fix the issue with update * API changes * Fixes * Fix the types * Revert the change * Improving the Webhooks and Callback * Added the event callback and changed the implementation for Webhook * Fix the SCIM API * Fix the events.ts file * wip * Cleanup and improve the request handler * Revert the package.json changes * Make the directory name optional. * Add a generic scim provider to the type * wip * Remove supabase UI * Update package-lock.json * Update the UI with DaisyUI * UI fixes * Final changes to the UI * Standardize the Input theme Co-authored-by: Kiran <kiran@Kirans-MacBook-Pro.local> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-09-08 14:36:18 +00:00
// The namespace prefix for the database store
export const storeNamespacePrefix = {
dsync: {
config: 'dsync:config',
logs: 'dsync:logs',
users: 'dsync:users',
groups: 'dsync:groups',
members: 'dsync:members',
Google Directory API Integration (#1158) * Add Google Group API * Restructure the Group interface * Rename the methods * wip * temp change * Revert the changes * Fix the groups from Google * wip fetch users * Skip directory check * Convert to SCIM schema * Updates to users sync * Fix the unit test * Rename folder and merge the files * add raw to the user payload * Fix the unit tests * Optimize the Group sync create ops * Reorder import * Remove unused imports * Add type safety to SCIM Schema * Fix the users and groups update * try fixing unit tests * Fix the file extension * Delete groups that are not in the directory anymore * Fix the group update * Compare and find the delete users * Add and update group members * cleanup the test * Fix the test (temp) * dont throw error * Add secondary index if the directory type is `google` * Rename the file * wip * Export functions inline * Hide the SCIM endpoint and token for non-scim provider * Update the `dsync` option key to allow multiple providers * Restructure the folders * Update folder structure * Cleanup * Revert the callback changes * Fix the type * Fix the type * Fix existing unit tests * add callback * Fix the internal callback * Fix the method call * merge the type files * add console.info for testing * Fix the Google OAuth client usage * Reactor the update method * Handle no users or group cases * Refactor the sync method * Fix the pagination * Cleanup * Finish the pagination * Fix the unit tests * Fix the lint errors * Fix the build issues * Pass directory id to the method * Pass directoryId while fetching * apply changes to the UI * display the Google auth URL * Fix the type * add unit tests * add unit test for syncing users * add unit tests * Pass operation to SCIM payload * unit tests wip 1 * updated * Test the events deleted * Test group.user_added events * Finish the tests * Revert and cleanup * update map.js * Revert * update the e2e test * Cleanup * Revert * label tweak * Remove unused import * Protect the cron job using apiKey --------- Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-06-15 13:31:38 +00:00
providers: 'dsync:providers',
Send dsync events as a batch to the webhooks (#1579) * store the events in the database * wip DirectoryEvents * wip * Update package-lock.json * wip - bulk sending events * Batch events * Remove status DELIVERED * wip * add unit tests * Update package-lock.json * Fix no-constant-condition * add process locking * rearrange files * Fix imports * log the webhook events * Fix the test * Fix the logs table * Rename the endpoint * Fix * Cleanup * Tweak * clear Interval * validate api key * Correct sort order * Updates * Add unit tests * Add more test cases * Move files * Update package-lock.json * Fix the import * Tweak * Send otel * Remove unused import * Prevent parallel processing * updated package-lock --------- Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-11-13 23:06:06 +00:00
events: 'dsync:events',
lock: 'dsync:lock',
Directory Sync (#202) * SCIM Config API - / POST * SCIM wip * Add SCIM Webhook * Send webhoo event, and add signature * SCIM Group wip * wip * SCIM wip * User store wip * wip * wip * SCIM - Groups management * Add the params validation * Cleanup * Create user API, return the created user * Replace the nanoid with crypto .randomBytes * Improve the transform methods * Fix the events APIs * Fix * Wip - Testing with OneLogin SCIM * wip * Make changes to SCIM APIs * wip * Add the method createRandomSecret * wip * wip * wip * wip * wip * wip * wip * refactor wip * refactor wip * wip * Users finished * Group finished * Group fix * Fix the types * Fix the types * wip webhook events * Fix the config API * wip * wip * wip * wip * Improve the methods * wip * wip * wip webhook * Refactor the code * Add some comments * Fix the API * wip SCIM * Fix the pk * Return the all the groups * Fix * Improve the code * Final changes * wip APIs * Rename variables * Rename the classes * Fix the APIs * wip * Admin UI - wip * Add SCIM config screen * Admin UI wip * Admin UI wip * Admin UI wip * Fix the Admin UI * Add tabs * Add tabs * Add user screens * Add EmptyState * Add users, groups info screen * Add JSON syntax highlighter * Fix the config details screen * Add authentication to the APIs * wip * Add types * Add webhook event logs * Add type to directory * Display the event log details * Fix the missing arg * Ability to configure the logging enable/disable * Display alert if webhook logging is disabled * Fix the SCIM * Applied prettier * Search users by userName * Fix the section width * Add pagination for /users /groups in admin UI * Add pagination for directory listing * Fix the issues with list() * Add APIs * Add Next.js middleware for authentication * Fix the TS issue * Add pagination for SCIM /users * Add pagination for SCIM /users * Moved the tests into sub folders * Add unit tests for directories, users * wip * wip - unit tests * wip - unit tests * Some improvments * wip * Finished the SCIM unit tests * Some fixes * Fixes * Rename methods * Fix the TS * Many fixes * Fixes * Fixes * SCIM Fixes * SCIM updates * Fix the unit tests * Fix the unit tests * Fix the unit tests * Improve the unit tests * A fix * File renamed as per JS standard * Fix * Updates * Fix the SCIM APIs * Fix the tests * Added the Base class * Some fixes * Some fixes * Some fixes * Fix the events * Renamed to directorySyncController for consistency * Moved the createId to Base class * Moved the createId to Base class * Remove the Next.js middleware and add authentication to each routes * Change the text * Merged * Revert the changes * Improved the response of the SDK and APIs * Fix the return value * Azure related changes * Add the middleware back * Infer the types from getServerSideProps * givenName and familyName can be empty depends on the mapping * Fix the issue with update * API changes * Fixes * Fix the types * Revert the change * Improving the Webhooks and Callback * Added the event callback and changed the implementation for Webhook * Fix the SCIM API * Fix the events.ts file * wip * Cleanup and improve the request handler * Revert the package.json changes * Make the directory name optional. * Add a generic scim provider to the type * wip * Remove supabase UI * Update package-lock.json * Update the UI with DaisyUI * UI fixes * Final changes to the UI * Standardize the Input theme Co-authored-by: Kiran <kiran@Kirans-MacBook-Pro.local> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-09-08 14:36:18 +00:00
},
saml: {
config: 'saml:config',
},
};
Move saml related functionality to saml20-maintained (#144) * Moved saml into saml20-maintain * fixed import * added test script * use * import to standardise * crash fix * fixed sinon mocking in tests * use createPostForm from saml20 * signout -> logout * updated saml20 to the beta version * tweaks * use saml.sign * switch completely to saml20 * removed duplicate prettier config file * updated saml20 Co-authored-by: Vishal Lodha <vishal@boxyhq.com>
2022-04-26 17:01:55 +00:00
export const relayStatePrefix = 'boxyhq_jackson_';
New OIDC fed (#2336) * add WellKnownURLs * Fix translation keys * Update dependencies and add IdP Configuration * Update common.json with new translations * wip * Update @boxyhq/internal-ui version to 0.0.5 * add internal ui folder * Fix imports and build * Refactor internal-ui package structure * wip shared UI * Fix the build * WIP * Add new components and hooks for directory sync * WIP * lint fix * updated swr * WIP * users * Refactor shared components and fix API endpoints*** ***Update directory user page and add new federated SAML app * Fix lint * wip * Add new files and update existing files * Refactor DirectoryGroups and DirectoryInfo components * Update localization strings for directory UI * Update Google Auth URL description in common.json * Refactor directory tab and add delete functionality to webhook logs * IdP selection screen changes * Delete unused files and update dependencies * Fix column declaration * Add internal-ui/dist to .gitignore * Update page limit and add new dependencies * wip * Refactor directory search in user API endpoint * wip * Refactor directory retrieval logic in user and group API handlers * Add API endpoints for retrieving webhook events * check app's redirectUrl, TODO: save app info into session to read later * Add query parameters to API URLs in DirectoryGroups * working saml login via IdP select. TODO: oidc login via IdP select and saml + oidc login with 1 connection * oidc IdP working with selection * working oidc fed -> saml flow * Add Google authorization status badge and handle pagination in FederatedSAMLApps * Add router prop to AppsList component and update page header titles * UI changes * updated peer-deps * Add new files and export functions * Remove unused router prop * Add PencilIcon to FederatedSAMLApps * updated federated app creation page * updated federated app edit page * Refactor FederatedSAMLApps and NewFederatedSAMLApp components * lint fix * lint fix * updated package-lock * add jose npm to dev dep * added missing strings * added missing strings * locale strings fix * locale strings cleanup * tweaks to icon imports * replaced textarea with list of inputs for Federated Apps redirect url * update package-lock * Add prepublish step * Build and publish npm and internal ui * Refactor install step * Run npm install (for local) inside internal ui automatically using prepare * Remove eslint setup for internal-ui * updated package-lock * Add `--legacy-peer-deps` to prevent installing peer dependencies * Fix the types import path * wip * wip * Fix the types * Format * Update package-lock * Cleanup * Try adding jose library version 5.2.2 * allow selective subdomain globbing * removed duplicate jose lib * updated package-lock * updated swagger doc * SAML Federation -> Identity Federation * fixed locale strings * turn off autocomplete for tags input --------- Co-authored-by: Kiran K <mailtokirankk@gmail.com> Co-authored-by: Aswin V <vaswin91@gmail.com>
2024-03-05 16:57:02 +00:00
export const clientIDFederatedPrefix = 'fed_';
export const clientIDOIDCPrefix = 'oidc_';
Validate urls in the config api request (#138) * Validate both defaultRedirectUrl and redirectUrl * Conditionally validate to make it usable for PATCH * Add tests * Extract and then validate * Use for..of over forEach * Set the limit to 100 * Fix incorrect handling of redirectUrl in PATCH
2022-03-31 11:18:00 +00:00
export const validateAbsoluteUrl = (url, message) => {
try {
new URL(url);
} catch (err) {
throw new JacksonError(message ? message : 'Invalid url', 400);
}
};
OAuth 2.0 Error handling (#198) * helper utils for OAuthErrorResponse * Return back to redirect_uri with error and desc * return OAuthError inside samlResponse for SP flow * Fix test * Remove punctuation * Add new tests * Add test for absent binding in config * Add test for samlResponse OAuth error * Test for OAuth error in saml request creation failure * Rename mock metadata to fixture * Refactor * Refactor fixture * Update comment * Update type for `Profile` * Add fixture for token_req * Assert for requested in userinfo * Refactor body for tokenReq to fixture * Sync package lock * Return error response for SP/IdP flow - IdP flow can use the defaultRedirectUrl
2022-05-16 11:46:30 +00:00
Include state in OAuth error response (#344) * Sync package lock * Add state to the query params * Include `state` in type * Pass state from original request * Add `state` to failing tests
2022-07-06 03:12:43 +00:00
export const OAuthErrorResponse = ({
error,
error_description,
redirect_uri,
state,
}: OAuthErrorHandlerParams) => {
return redirect.success(redirect_uri, { error, error_description, state });
OAuth 2.0 Error handling (#198) * helper utils for OAuthErrorResponse * Return back to redirect_uri with error and desc * return OAuthError inside samlResponse for SP flow * Fix test * Remove punctuation * Add new tests * Add test for absent binding in config * Add test for samlResponse OAuth error * Test for OAuth error in saml request creation failure * Rename mock metadata to fixture * Refactor * Refactor fixture * Update comment * Update type for `Profile` * Add fixture for token_req * Assert for requested in userinfo * Refactor body for tokenReq to fixture * Sync package lock * Return error response for SP/IdP flow - IdP flow can use the defaultRedirectUrl
2022-05-16 11:46:30 +00:00
};
// https://kentcdodds.com/blog/get-a-catch-block-error-message-with-typescript
export function getErrorMessage(error: unknown) {
Use cert from metadata to validate response (#1908) * Use public cert from metadata if present else use thumbprint for backward compatibility * Type updates * Surface up more error detail * updated saml20 --------- Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-11-10 11:54:24 +00:00
if (error instanceof saml.WrapError) {
return error.message + ' ' + error.inner.message;
}
Planetscale support (#243) * WIP * apply foreign key cascading in app code * separate out the planetscale implementation for now, we'll see how to combine them later * updated typeorm.ts config file for migrations * added planetscale to unit tests * pass through PLANETSCALE_URL for the tests * pass PLANETSCALE_URL to the unit tests * one more attempt * added ssl option * try a different order * one more try * testing with planetscale tests turned off * try to name the db connection * testing without mysql * testing only planetscale * trying ttl 2 * combined sql.ts and planetscale.ts * added scripts for planetscale * Run every Mon and Thu so that PlanetScale db doesn't sleep
2022-07-15 20:35:02 +00:00
if (error instanceof Error) {
return error.message;
}
OAuth 2.0 Error handling (#198) * helper utils for OAuthErrorResponse * Return back to redirect_uri with error and desc * return OAuthError inside samlResponse for SP flow * Fix test * Remove punctuation * Add new tests * Add test for absent binding in config * Add test for samlResponse OAuth error * Test for OAuth error in saml request creation failure * Rename mock metadata to fixture * Refactor * Refactor fixture * Update comment * Update type for `Profile` * Add fixture for token_req * Assert for requested in userinfo * Refactor body for tokenReq to fixture * Sync package lock * Return error response for SP/IdP flow - IdP flow can use the defaultRedirectUrl
2022-05-16 11:46:30 +00:00
return String(error);
}
Support for OIDC flow (#306) * Support 'POST' at authorization endpoint * handle additional scope params * handle additional claims param * Try with `legacy-peer-deps` true * Fix logic * Set legacy-peer-deps to `true` * Remove `.npmrc` files and sync packages from main * Resolve conflicts * Load jwtSigningKeys into env * Return id_token for OIDC flow * Support `nonce` * Add type for `nonce` * Set `nonce` only if present in request * Expose OpenId provider metadata * Update metadata * Tweak path remove dot, map jwks * Add jwsAlg and source keys using base64 * Source jose from root package.json too * JWS utils * Serve jwks_uri * Load private key for signing * Fix authz endpoint * Format example env * Fix claims * Format discovery and add missing metadata * Include the basic profile in id_token * Fix claims access * Remove console log * Sync package lock * Cleanup * Support for claims is optional * cleanup type * Set `Content-Type` header * Remove default from env * Handle jwt env * oidc fixture * Test for oidc flow, check id_token in response * Add jwt envs * Fix for undefined * Remove keys check in controller init * Runtime check for JWS keys * check if id_token is absent * Check for claims and verify signature * Snapshot test oidc discovery page * Add snapshot for linux to work in CI * Test with a fontless screenshot * test with this one * add a debug step * Get the entire dir for snapshot * Test with this * Comment out debug step * snapshot test jwks * Update env * Upload screenshot for linux * Add debug step * Update snapshot * Sync package lock * Remove local testing snapshots * Assert using api request * Update to use api test for jwks endpoint * Set `JWS_ALG` env * Prefix openid vars * Fix env access * Fix e2e test * Fix options in tests * Fix env var access * Use ttl from env * Simplify exp value setting * oidc discovery controller * Fix typing * Handle case where signing keys are not set * return `oidcDiscoveryController` * Throw a JacksonError like object * Use controllers and cleanup * throw JacksonError like object * Minor formatting * Fix typing and add check for undefined * Keep order of packages same as in main * Update key generation comment * Initialise `openid` correctly in npm * Cleanup * Set `sub` claim * Set 'sub' only for oidc flow
2022-07-23 17:04:55 +00:00
Directory Sync (#202) * SCIM Config API - / POST * SCIM wip * Add SCIM Webhook * Send webhoo event, and add signature * SCIM Group wip * wip * SCIM wip * User store wip * wip * wip * SCIM - Groups management * Add the params validation * Cleanup * Create user API, return the created user * Replace the nanoid with crypto .randomBytes * Improve the transform methods * Fix the events APIs * Fix * Wip - Testing with OneLogin SCIM * wip * Make changes to SCIM APIs * wip * Add the method createRandomSecret * wip * wip * wip * wip * wip * wip * wip * refactor wip * refactor wip * wip * Users finished * Group finished * Group fix * Fix the types * Fix the types * wip webhook events * Fix the config API * wip * wip * wip * wip * Improve the methods * wip * wip * wip webhook * Refactor the code * Add some comments * Fix the API * wip SCIM * Fix the pk * Return the all the groups * Fix * Improve the code * Final changes * wip APIs * Rename variables * Rename the classes * Fix the APIs * wip * Admin UI - wip * Add SCIM config screen * Admin UI wip * Admin UI wip * Admin UI wip * Fix the Admin UI * Add tabs * Add tabs * Add user screens * Add EmptyState * Add users, groups info screen * Add JSON syntax highlighter * Fix the config details screen * Add authentication to the APIs * wip * Add types * Add webhook event logs * Add type to directory * Display the event log details * Fix the missing arg * Ability to configure the logging enable/disable * Display alert if webhook logging is disabled * Fix the SCIM * Applied prettier * Search users by userName * Fix the section width * Add pagination for /users /groups in admin UI * Add pagination for directory listing * Fix the issues with list() * Add APIs * Add Next.js middleware for authentication * Fix the TS issue * Add pagination for SCIM /users * Add pagination for SCIM /users * Moved the tests into sub folders * Add unit tests for directories, users * wip * wip - unit tests * wip - unit tests * Some improvments * wip * Finished the SCIM unit tests * Some fixes * Fixes * Rename methods * Fix the TS * Many fixes * Fixes * Fixes * SCIM Fixes * SCIM updates * Fix the unit tests * Fix the unit tests * Fix the unit tests * Improve the unit tests * A fix * File renamed as per JS standard * Fix * Updates * Fix the SCIM APIs * Fix the tests * Added the Base class * Some fixes * Some fixes * Some fixes * Fix the events * Renamed to directorySyncController for consistency * Moved the createId to Base class * Moved the createId to Base class * Remove the Next.js middleware and add authentication to each routes * Change the text * Merged * Revert the changes * Improved the response of the SDK and APIs * Fix the return value * Azure related changes * Add the middleware back * Infer the types from getServerSideProps * givenName and familyName can be empty depends on the mapping * Fix the issue with update * API changes * Fixes * Fix the types * Revert the change * Improving the Webhooks and Callback * Added the event callback and changed the implementation for Webhook * Fix the SCIM API * Fix the events.ts file * wip * Cleanup and improve the request handler * Revert the package.json changes * Make the directory name optional. * Add a generic scim provider to the type * wip * Remove supabase UI * Update package-lock.json * Update the UI with DaisyUI * UI fixes * Final changes to the UI * Standardize the Input theme Co-authored-by: Kiran <kiran@Kirans-MacBook-Pro.local> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-09-08 14:36:18 +00:00
export const createRandomSecret = async (length: number) => {
return crypto
.randomBytes(length)
.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=/g, '');
};
Support for OIDC flow (#306) * Support 'POST' at authorization endpoint * handle additional scope params * handle additional claims param * Try with `legacy-peer-deps` true * Fix logic * Set legacy-peer-deps to `true` * Remove `.npmrc` files and sync packages from main * Resolve conflicts * Load jwtSigningKeys into env * Return id_token for OIDC flow * Support `nonce` * Add type for `nonce` * Set `nonce` only if present in request * Expose OpenId provider metadata * Update metadata * Tweak path remove dot, map jwks * Add jwsAlg and source keys using base64 * Source jose from root package.json too * JWS utils * Serve jwks_uri * Load private key for signing * Fix authz endpoint * Format example env * Fix claims * Format discovery and add missing metadata * Include the basic profile in id_token * Fix claims access * Remove console log * Sync package lock * Cleanup * Support for claims is optional * cleanup type * Set `Content-Type` header * Remove default from env * Handle jwt env * oidc fixture * Test for oidc flow, check id_token in response * Add jwt envs * Fix for undefined * Remove keys check in controller init * Runtime check for JWS keys * check if id_token is absent * Check for claims and verify signature * Snapshot test oidc discovery page * Add snapshot for linux to work in CI * Test with a fontless screenshot * test with this one * add a debug step * Get the entire dir for snapshot * Test with this * Comment out debug step * snapshot test jwks * Update env * Upload screenshot for linux * Add debug step * Update snapshot * Sync package lock * Remove local testing snapshots * Assert using api request * Update to use api test for jwks endpoint * Set `JWS_ALG` env * Prefix openid vars * Fix env access * Fix e2e test * Fix options in tests * Fix env var access * Use ttl from env * Simplify exp value setting * oidc discovery controller * Fix typing * Handle case where signing keys are not set * return `oidcDiscoveryController` * Throw a JacksonError like object * Use controllers and cleanup * throw JacksonError like object * Minor formatting * Fix typing and add check for undefined * Keep order of packages same as in main * Update key generation comment * Initialise `openid` correctly in npm * Cleanup * Set `sub` claim * Set 'sub' only for oidc flow
2022-07-23 17:04:55 +00:00
export async function loadJWSPrivateKey(key: string, alg: string): Promise<jose.KeyLike> {
const pkcs8 = Buffer.from(key, 'base64').toString('ascii');
const privateKey = await jose.importPKCS8(pkcs8, alg);
return privateKey;
}
export function isJWSKeyPairLoaded(jwsKeyPair: { private: string; public: string }) {
if (!jwsKeyPair.private || !jwsKeyPair.public) {
return false;
}
return true;
}
export const importJWTPublicKey = async (key: string, jwsAlg: string): Promise<jose.KeyLike> => {
const spki = Buffer.from(key, 'base64').toString('ascii');
const publicKey = await jose.importSPKI(spki, jwsAlg);
return publicKey;
};
export const exportPublicKeyJWK = async (key: jose.KeyLike): Promise<jose.JWK> => {
const publicJWK = await jose.exportJWK(key);
return publicJWK;
};
export const generateJwkThumbprint = async (jwk: jose.JWK): Promise<string> => {
const thumbprint = await jose.calculateJwkThumbprint(jwk);
return thumbprint;
};
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
export const validateSSOConnection = (
Fallback for OIDC discovery (#926) * Support `metadata` in `OIDCSSORecord` * Helper to create oidc issuer instance * Use helper to create `Issuer` * Sync lock file * Support `oidcMetadata` in pre-loaded connections * Augment typings for OIDC SSO Connections * Use helper and pass metadata * Update validation to consider metadata * Support for OIDC metadata * Test fixes for types and error message * Fix swagger array type * Update swagger spec * Util to transform OIDC metadata JSON * Fix typings * Augment validation for oidc metadata fields * Add `oidcMetadataParse` to admin apis * Add `oidcMetadataParse` to setup link apis * Remove previously set discoveryUrl or metadata if any * Type updates admin portal * initialState seeding for `object` type * Add and place at bottom of the form * Type the catalog list * use to set the fields for the object type * Type updates * Gaurd against parentKey value * Add missing guard to `formatForDisplay` * Link like button * Support for fallback field * Util function to check if value is `{}` * Fix premature setting of metadata * Exclude fallback from form display Activate fallback on switch interaction * Fix settings view state setting * Sync lock file * Tweak error message * Add e2e for SSO connection add via metadata * Tweak switch * Refactor - Parameterize the e2e test * Cleanup * text tweaks * fixed test * Update comments * Use `data-testid` instead of button name * Source `data-testid`s from catalog * Refactor `hidden` className setting * Switch from `locator` to `getByTestId` * Apply hidden className to checkbox input --------- Co-authored-by: Kiran K <kiran@boxyhq.com> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-02-24 07:13:58 +00:00
body:
| SAMLSSOConnectionWithRawMetadata
| SAMLSSOConnectionWithEncodedMetadata
| OIDCSSOConnectionWithDiscoveryUrl
| OIDCSSOConnectionWithMetadata,
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
strategy: ConnectionType
): void => {
const { defaultRedirectUrl, redirectUrl, tenant, product, description } = body;
const encodedRawMetadata = 'encodedRawMetadata' in body ? body.encodedRawMetadata : undefined;
const rawMetadata = 'rawMetadata' in body ? body.rawMetadata : undefined;
const oidcDiscoveryUrl = 'oidcDiscoveryUrl' in body ? body.oidcDiscoveryUrl : undefined;
Fallback for OIDC discovery (#926) * Support `metadata` in `OIDCSSORecord` * Helper to create oidc issuer instance * Use helper to create `Issuer` * Sync lock file * Support `oidcMetadata` in pre-loaded connections * Augment typings for OIDC SSO Connections * Use helper and pass metadata * Update validation to consider metadata * Support for OIDC metadata * Test fixes for types and error message * Fix swagger array type * Update swagger spec * Util to transform OIDC metadata JSON * Fix typings * Augment validation for oidc metadata fields * Add `oidcMetadataParse` to admin apis * Add `oidcMetadataParse` to setup link apis * Remove previously set discoveryUrl or metadata if any * Type updates admin portal * initialState seeding for `object` type * Add and place at bottom of the form * Type the catalog list * use to set the fields for the object type * Type updates * Gaurd against parentKey value * Add missing guard to `formatForDisplay` * Link like button * Support for fallback field * Util function to check if value is `{}` * Fix premature setting of metadata * Exclude fallback from form display Activate fallback on switch interaction * Fix settings view state setting * Sync lock file * Tweak error message * Add e2e for SSO connection add via metadata * Tweak switch * Refactor - Parameterize the e2e test * Cleanup * text tweaks * fixed test * Update comments * Use `data-testid` instead of button name * Source `data-testid`s from catalog * Refactor `hidden` className setting * Switch from `locator` to `getByTestId` * Apply hidden className to checkbox input --------- Co-authored-by: Kiran K <kiran@boxyhq.com> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-02-24 07:13:58 +00:00
const oidcMetadata = 'oidcMetadata' in body ? body.oidcMetadata : undefined;
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
const oidcClientId = 'oidcClientId' in body ? body.oidcClientId : undefined;
const oidcClientSecret = 'oidcClientSecret' in body ? body.oidcClientSecret : undefined;
Read xml metadata from a url when setting the config (#661) Co-authored-by: gitstart-boxyhq <boxyhq@gitstart.com> Co-authored-by: Nitesh Singh <nitesh.singh@gitstart.dev> Co-authored-by: gitstart-boxyhq <gitstart@users.noreply.github.com> Co-authored-by: Thiago Nascimbeni <tnascimbeni@gmail.com> Co-authored-by: RubensRafael <rubensrafael2@live.com> Co-authored-by: gitstart-boxyhq <gitstart@users.noreply.github.com> Co-authored-by: Nitesh Singh <nitesh.singh@gitstart.dev> Co-authored-by: Thiago Nascimbeni <tnascimbeni@gmail.com> Co-authored-by: RubensRafael <rubensrafael2@live.com> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-11-11 12:36:03 +00:00
const metadataUrl = 'metadataUrl' in body ? body.metadataUrl : undefined;
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
if (strategy !== 'saml' && strategy !== 'oidc') {
throw new JacksonError(`Strategy: ${strategy} not supported`, 400);
}
if (strategy === 'saml') {
Read xml metadata from a url when setting the config (#661) Co-authored-by: gitstart-boxyhq <boxyhq@gitstart.com> Co-authored-by: Nitesh Singh <nitesh.singh@gitstart.dev> Co-authored-by: gitstart-boxyhq <gitstart@users.noreply.github.com> Co-authored-by: Thiago Nascimbeni <tnascimbeni@gmail.com> Co-authored-by: RubensRafael <rubensrafael2@live.com> Co-authored-by: gitstart-boxyhq <gitstart@users.noreply.github.com> Co-authored-by: Nitesh Singh <nitesh.singh@gitstart.dev> Co-authored-by: Thiago Nascimbeni <tnascimbeni@gmail.com> Co-authored-by: RubensRafael <rubensrafael2@live.com> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-11-11 12:36:03 +00:00
if (!rawMetadata && !encodedRawMetadata && !metadataUrl) {
throw new JacksonError('Please provide rawMetadata or encodedRawMetadata or metadataUrl', 400);
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
}
}
if (strategy === 'oidc') {
if (!oidcClientId) {
throw new JacksonError('Please provide the clientId from OpenID Provider', 400);
}
if (!oidcClientSecret) {
throw new JacksonError('Please provide the clientSecret from OpenID Provider', 400);
}
Fallback for OIDC discovery (#926) * Support `metadata` in `OIDCSSORecord` * Helper to create oidc issuer instance * Use helper to create `Issuer` * Sync lock file * Support `oidcMetadata` in pre-loaded connections * Augment typings for OIDC SSO Connections * Use helper and pass metadata * Update validation to consider metadata * Support for OIDC metadata * Test fixes for types and error message * Fix swagger array type * Update swagger spec * Util to transform OIDC metadata JSON * Fix typings * Augment validation for oidc metadata fields * Add `oidcMetadataParse` to admin apis * Add `oidcMetadataParse` to setup link apis * Remove previously set discoveryUrl or metadata if any * Type updates admin portal * initialState seeding for `object` type * Add and place at bottom of the form * Type the catalog list * use to set the fields for the object type * Type updates * Gaurd against parentKey value * Add missing guard to `formatForDisplay` * Link like button * Support for fallback field * Util function to check if value is `{}` * Fix premature setting of metadata * Exclude fallback from form display Activate fallback on switch interaction * Fix settings view state setting * Sync lock file * Tweak error message * Add e2e for SSO connection add via metadata * Tweak switch * Refactor - Parameterize the e2e test * Cleanup * text tweaks * fixed test * Update comments * Use `data-testid` instead of button name * Source `data-testid`s from catalog * Refactor `hidden` className setting * Switch from `locator` to `getByTestId` * Apply hidden className to checkbox input --------- Co-authored-by: Kiran K <kiran@boxyhq.com> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2023-02-24 07:13:58 +00:00
if (!oidcDiscoveryUrl && !oidcMetadata) {
throw new JacksonError(
'Please provide the discoveryUrl or issuer metadata for the OpenID Provider',
400
);
}
if (!oidcDiscoveryUrl && oidcMetadata) {
const { issuer, authorization_endpoint, token_endpoint, userinfo_endpoint, jwks_uri } = oidcMetadata;
if (!issuer) {
throw new JacksonError('"issuer" missing in the metadata for the OpenID Provider', 400);
}
if (!authorization_endpoint) {
throw new JacksonError(
'"authorization_endpoint" missing in the metadata for the OpenID Provider',
400
);
}
if (!token_endpoint) {
throw new JacksonError('"token_endpoint" missing in the metadata for the OpenID Provider', 400);
}
if (!userinfo_endpoint) {
throw new JacksonError('"userinfo_endpoint" missing in the metadata for the OpenID Provider', 400);
}
if (!jwks_uri) {
throw new JacksonError('"jwks_uri" missing in the metadata for the OpenID Provider', 400);
}
Support for OIDC Identity Providers (#385) * Support connection dynamic param in route * Pass `connection` * Fix tests * Accept oidc params and validate the same * Rename `connection` --> `strategy` * Use saml for preLoadedConfig for now * Rename `apiController` --> `apiConfigController` * Flatten the params * Validate passed config * Backward compatibility for embed setup * Impl for oidc config save * index addition for oidc clientId * Remove param, defaults to saml * Validation will be done inside controller * Zap secondary index on clientId, not required * Rename `APIConfigController` --> `ConfigAPIController` * Update swagger * Fix name * Fix name elsewhere * Revert filter * Split `saml` and `oidc` create/update logic * Route `saml` and `oidc` * Test update * Update swagger * Update swagger * Use tenant/product from stored config in lieu of params * Validate passed OIDC clientId using hash * Update swagger annotations * Handlers for getting OIDC/SAML configs * Validate tenant/product in update * Typo fix * Fix test * Default to empty string, validation is done to check if the params are not empty * Extract provider name just like saml * OIDC Connection support *delta for authorize* - Renamed samlConfig(s) → connection(s) - Renamed resolvedSamlConfig -> resolvedConnection - Detect connection is SAML or OIDC - Perform Issuer discovery and oidc client init - Tweak error responses - Persist oidc client metadata in session * Test type fix * Test fix * openid-client dependency * Sync package locks * Fix return type - Remove `undefined` from return type - Return `OAuthErrorResponse` for else case * Handle OIDC Authorization response * Persist OIDC code_verifier * Remove scope check for OIDC connection * Normalize scope before relaying * Method name update * Extract user profile from id token and userinfo * Handle error response from OIDC Provider * Update type * Type update with OIDC specific error codes * Bug fix : typo * Cleanup * OIDC callback route * Bug fix: return profile and parameter fix * Rename `config` -> `connection` * Use `Link` and add oidc connection nav item * Use `strategy` from query param * Delta ↴ - Reorganised api routes - Removed Admin controller filtering methods for saml/oidc * Fix page link in e2e test * Changes: - Handle oidc connection fields - Rename component file path * Remove slug for save/update connection * Fix keyname in update operation * Import path update * Radio select connection type for new connection * Update lock file * Sync lock file * Sync package lock * Fix connectionType detection for new connection * Fix error message * Add comment * Tweak comment * Use the correct state and directly from session * Sync lock file * Remove `provider` from OAuthReqBody * Remove duplicate scopes * Pass recent param additions to idpSelection page * Add badge for Provider type * Style tweak * Style IdP type selection * Add test for oidc provider * Comment * Check for empty state * Add test for oidcAuthzResponse * Add test for oidcAuthzResponse * Add test for error response from OP * Error message tweak * Test the happy path * Remove unused import * Fix assertion * - Fix types - add createOIDCConfig` test for missing params * Test happy path for `createOIDCConfig` * Param validation tests for `createOIDCConfig` * Test for `updateOIDCConfig` * Tests for `updateOIDCConfig` * Male `oidcPath` required like `samlPath` * Bump `openid-client` version * Refactor * Update test coverage map * Tweak label * Split openid/oauth tests * call `t.end` * Fix file name in comment * Add test teardown * Improve coverage and rename test files * For backwards compatibility * Minor formatting * Add api paths for /connection * Zap config path for admin ui * Update swagger spec * Rename `configAPIController` → `connectionAPIController` * Rename `IdPConfig` → `IdPConnection` * Rename `validateIdPConfig` → `validateIdPConnection` * Rename `createSAMLConfig` → `createSAMLConnection` * Rename `createOIDCConfig` → `createOIDCConnection` * Update swagger spec * Rename `updateSAMLConfig` → `updateSAMLConnection`, `updateOIDCConfig` → `updateOIDCConnection` * Make `clientID`/`clientSecret` readOnly * Rename `configStore` → `connectionStore` * Update swagger spec * Add `getConnection` + `deleteConnection` * Remove `/api/v1/oidc/config` and keep `api/v1/saml/config` * Rename `getAllConfig` → `getAllConnection` * Rename `readConfig` → `loadConnection` * Rename `deleteConfiguration` → `deleteConnection` * Add `preLoadedConnection` env * Update map and cli * Refactor api tests and rename config to connection * Rename `configList` → `connectionList` * Rename `samlConfig` → `samlConnection` * Rename config -> connection * Rename `config` → `connection` * Rename counters for otl * Sync package lock * Remove api key validation from api route * Update Admin ui title * Update swagger * Update otl metric descriptions * Update var naming to connection * Add strategy validation * Add tests for invalid strategy * Sync package lock * Upgrade and pin version * Update saml config api with deprecated * Updated swagger spec for deprecated config api * Bump package version * Fix label * - removed strategy for `get` and `delete` - Type update * Type updates * getConnection -> getConnections, deleteConnection -> deleteConnections * Update swagger spec * Use only for saml connection * Remove slug from api routes * API path updates * Type updates * Helper util for api routes to check strategy * Type updates and api changes * `OAuthReq` typings enhancement * Narrowed down types for `OAuthTokenReq` and `OIDCAuthzResponsePayload` * `IdPConnection` -> `SSOConnection` * Update cookie name to avoid clash * Handle the uncaught case to prevent req hanging
2022-09-30 10:37:21 +00:00
}
}
if (!defaultRedirectUrl) {
throw new JacksonError('Please provide a defaultRedirectUrl', 400);
}
if (!redirectUrl) {
throw new JacksonError('Please provide redirectUrl', 400);
}
if (!tenant) {
throw new JacksonError('Please provide tenant', 400);
}
if (!product) {
throw new JacksonError('Please provide product', 400);
}
if (description && description.length > 100) {
throw new JacksonError('Description should not exceed 100 characters', 400);
}
};
export const validateRedirectUrl = ({ redirectUrlList, defaultRedirectUrl }) => {
if (redirectUrlList) {
if (redirectUrlList.length > 100) {
throw new JacksonError('Exceeded maximum number of allowed redirect urls', 400);
}
for (const url of redirectUrlList) {
validateAbsoluteUrl(url, 'redirectUrl is invalid');
}
}
if (defaultRedirectUrl) {
validateAbsoluteUrl(defaultRedirectUrl, 'defaultRedirectUrl is invalid');
}
};
export const extractRedirectUrls = (urls: string[] | string): string[] => {
if (!urls) {
return [];
}
if (typeof urls === 'string') {
if (urls.startsWith('[')) {
// redirectUrl is a stringified array
return JSON.parse(urls);
}
// redirectUrl is a single URL
return [urls];
}
// redirectUrl is an array of URLs
return urls;
};
export const extractHostName = (url: string): string | null => {
try {
const pUrl = new URL(url);
if (pUrl.hostname.startsWith('www.')) {
return pUrl.hostname.substring(4);
}
return pUrl.hostname;
} catch (err) {
return null;
}
};
Validate the tenant and product to prevent the namespace collision (#717) * Validate the tenant and product to prevent the name collision * Refactor: Use the indexOf * Update the error message
2022-12-05 05:16:57 +00:00
Federated SAML (#685) * Add alert component * Add a loading state component * Now Emptystate accept an optional prop description * SAML federation create app controller * Add the UI to create and list SAML federation apps * Create SAML federation app and metadata * wip * wip * wip * Cleanup * Fix the return values * Delete the session after the SAML response is sent to the user * wip * Revert the changes to the ConnectionAPIController * wip - IdP selection, session fixes * Fix the flow * Refactor * Refactor * wip * Refactor the idp selection page - wip * Refactor * Refactor the resolve connection * Refactor the idp selection * Refactor the idp/app selection and other fixes * wip * Refactor * Refactor the SAML response handling to merge the logic * Rename the methods * Move the saml federation to /ee folder * Fix the imported types * wip * wip /ee * Move the federated SAML UI to /ee * Move to /ee folder * wip admin portal * Delete the SAML federation app * Rename the controllers * Add the translation * Add the proper license check * Add the unit tests * tweaks to test * tweaks to test * Changes to the controller and other cleanup * Fix API routes headers * Use new toast * Add button to download cert * Tweaks * log cleanup * saml federation is part of enterprise sso * entityID now contains the unique hash needed for each tenant + product combination * cleanup * cleanup * we don't need a unique entityID * text tweaks Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-12-16 15:38:59 +00:00
export const extractOIDCUserProfile = async (tokenSet: TokenSet, oidcClient: Client) => {
const idTokenClaims = tokenSet.claims();
const userinfo = await oidcClient.userinfo(tokenSet);
const profile: { claims: Partial<Profile & { raw: Record<string, unknown> }> } = { claims: {} };
profile.claims.id = idTokenClaims.sub;
profile.claims.email = idTokenClaims.email ?? userinfo.email;
profile.claims.firstName = idTokenClaims.given_name ?? userinfo.given_name;
profile.claims.lastName = idTokenClaims.family_name ?? userinfo.family_name;
profile.claims.roles = idTokenClaims.roles ?? (userinfo.roles as any);
profile.claims.groups = idTokenClaims.groups ?? (userinfo.groups as any);
profile.claims.raw = userinfo;
return profile;
};
export const getScopeValues = (scope?: string): string[] => {
return typeof scope === 'string' ? scope.split(' ').filter((s) => s.length > 0) : [];
};
export const getEncodedTenantProduct = (
param: string
): { tenant: string | null; product: string | null } | null => {
try {
const sp = new URLSearchParams(param);
const tenant = sp.get('tenant');
const product = sp.get('product');
if (tenant && product) {
return {
tenant: sp.get('tenant'),
product: sp.get('product'),
};
}
return null;
} catch (err) {
return null;
}
};
Validate the tenant and product to prevent the namespace collision (#717) * Validate the tenant and product to prevent the name collision * Refactor: Use the indexOf * Update the error message
2022-12-05 05:16:57 +00:00
export const validateTenantAndProduct = (tenant: string, product: string) => {
if (tenant.indexOf(':') !== -1) {
Standardize the /api/admin API response and display the error on the UI (#733) * Standardize the API response and display the error on the UI * wip * Custom toast with dismiss button * Update the SSO Connections component and pages * Update the response * Add missing translation * tweaks to Toast, made duration Infinity * teaked how custom toasts are called, avoid duplicate toasts and set a duration of 5s for success toasts * Remove the extra data property * cleanup * Use .remove() Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-12-07 19:02:27 +00:00
throw new JacksonError('tenant cannot contain the character :', 400);
Validate the tenant and product to prevent the namespace collision (#717) * Validate the tenant and product to prevent the name collision * Refactor: Use the indexOf * Update the error message
2022-12-05 05:16:57 +00:00
}
if (product.indexOf(':') !== -1) {
Standardize the /api/admin API response and display the error on the UI (#733) * Standardize the API response and display the error on the UI * wip * Custom toast with dismiss button * Update the SSO Connections component and pages * Update the response * Add missing translation * tweaks to Toast, made duration Infinity * teaked how custom toasts are called, avoid duplicate toasts and set a duration of 5s for success toasts * Remove the extra data property * cleanup * Use .remove() Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-12-07 19:02:27 +00:00
throw new JacksonError('product cannot contain the character :', 400);
Validate the tenant and product to prevent the namespace collision (#717) * Validate the tenant and product to prevent the name collision * Refactor: Use the indexOf * Update the error message
2022-12-05 05:16:57 +00:00
}
};
Federated SAML (#685) * Add alert component * Add a loading state component * Now Emptystate accept an optional prop description * SAML federation create app controller * Add the UI to create and list SAML federation apps * Create SAML federation app and metadata * wip * wip * wip * Cleanup * Fix the return values * Delete the session after the SAML response is sent to the user * wip * Revert the changes to the ConnectionAPIController * wip - IdP selection, session fixes * Fix the flow * Refactor * Refactor * wip * Refactor the idp selection page - wip * Refactor * Refactor the resolve connection * Refactor the idp selection * Refactor the idp/app selection and other fixes * wip * Refactor * Refactor the SAML response handling to merge the logic * Rename the methods * Move the saml federation to /ee folder * Fix the imported types * wip * wip /ee * Move the federated SAML UI to /ee * Move to /ee folder * wip admin portal * Delete the SAML federation app * Rename the controllers * Add the translation * Add the proper license check * Add the unit tests * tweaks to test * tweaks to test * Changes to the controller and other cleanup * Fix API routes headers * Use new toast * Add button to download cert * Tweaks * log cleanup * saml federation is part of enterprise sso * entityID now contains the unique hash needed for each tenant + product combination * cleanup * cleanup * we don't need a unique entityID * text tweaks Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-12-16 15:38:59 +00:00
export const appID = (tenant: string, product: string) => {
return dbutils.keyDigest(dbutils.keyFromParts(tenant, product));
};
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
New OIDC fed (#2336) * add WellKnownURLs * Fix translation keys * Update dependencies and add IdP Configuration * Update common.json with new translations * wip * Update @boxyhq/internal-ui version to 0.0.5 * add internal ui folder * Fix imports and build * Refactor internal-ui package structure * wip shared UI * Fix the build * WIP * Add new components and hooks for directory sync * WIP * lint fix * updated swr * WIP * users * Refactor shared components and fix API endpoints*** ***Update directory user page and add new federated SAML app * Fix lint * wip * Add new files and update existing files * Refactor DirectoryGroups and DirectoryInfo components * Update localization strings for directory UI * Update Google Auth URL description in common.json * Refactor directory tab and add delete functionality to webhook logs * IdP selection screen changes * Delete unused files and update dependencies * Fix column declaration * Add internal-ui/dist to .gitignore * Update page limit and add new dependencies * wip * Refactor directory search in user API endpoint * wip * Refactor directory retrieval logic in user and group API handlers * Add API endpoints for retrieving webhook events * check app's redirectUrl, TODO: save app info into session to read later * Add query parameters to API URLs in DirectoryGroups * working saml login via IdP select. TODO: oidc login via IdP select and saml + oidc login with 1 connection * oidc IdP working with selection * working oidc fed -> saml flow * Add Google authorization status badge and handle pagination in FederatedSAMLApps * Add router prop to AppsList component and update page header titles * UI changes * updated peer-deps * Add new files and export functions * Remove unused router prop * Add PencilIcon to FederatedSAMLApps * updated federated app creation page * updated federated app edit page * Refactor FederatedSAMLApps and NewFederatedSAMLApp components * lint fix * lint fix * updated package-lock * add jose npm to dev dep * added missing strings * added missing strings * locale strings fix * locale strings cleanup * tweaks to icon imports * replaced textarea with list of inputs for Federated Apps redirect url * update package-lock * Add prepublish step * Build and publish npm and internal ui * Refactor install step * Run npm install (for local) inside internal ui automatically using prepare * Remove eslint setup for internal-ui * updated package-lock * Add `--legacy-peer-deps` to prevent installing peer dependencies * Fix the types import path * wip * wip * Fix the types * Format * Update package-lock * Cleanup * Try adding jose library version 5.2.2 * allow selective subdomain globbing * removed duplicate jose lib * updated package-lock * updated swagger doc * SAML Federation -> Identity Federation * fixed locale strings * turn off autocomplete for tags input --------- Co-authored-by: Kiran K <mailtokirankk@gmail.com> Co-authored-by: Aswin V <vaswin91@gmail.com>
2024-03-05 16:57:02 +00:00
export const fedAppID = (tenant: string, product: string, type?: string) => {
return (type === 'oidc' ? clientIDOIDCPrefix : '') + appID(tenant, product);
};
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
// List of well known providers
const wellKnownProviders = {
'okta.com': 'Okta',
'sts.windows.net': 'Azure AD',
'mocksaml.com': 'MockSAML',
'onelogin.com': 'OneLogin',
'keycloak.com': 'Keycloak',
'jumpcloud.com': 'JumpCloud',
'google.com': 'Google',
'auth0.com': 'Auth0',
'pingone.com': 'PingOne',
} as const;
// Find the friendly name of the provider from the entityID
Webhook events for SSO and DSync connection operations (#1018)
2023-03-27 15:36:44 +00:00
export const findFriendlyProviderName = (providerName: string): keyof typeof wellKnownProviders | 'null' => {
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
const provider = Object.keys(wellKnownProviders).find((provider) => providerName.includes(provider));
return provider ? wellKnownProviders[provider] : null;
};
Dynamodb support (#980) * added dynamodb-local to docker-compose * [WIP] Add DynamoDB data source (#947) wip Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> * WIP * fixed put, get and delete * store secondary index * implemented getAll and delete * revert changes to test file * revert test script changes * added dynamodb-local for testing * WIP: pagination for DynamoDB * dynamodb pagination cannot take offset and limit * fixes for the change from Array to Records type so we can handle pageToken for DynamoDB * fixed github actions * trying options instead of command * try default dynamodb-local command * lint * region for dynamodb * added dummy aws creds * lint * getAll can be paginated using pageLimit * tweaked comments * Track `pageToken` with `pageOffset`. * Track the (next)pageToken with offset * Use the pageToken (from prev page) to get the connection list * Comment * Pass along the pageToken * Type fix * Relay the `pageToken` header to the response * Update type for SWR ApiSuccess data * Remove `marshall` * Support pageToken for DS * Support pageToken for SAML Fed * Fix test * Support pageToken for SAML Tracer * Fix test * Fix test for tracer * Remove `marshall` in getByIndex * Support `pageToken` for SetupLinks * added dynamodb dev script * move dynamodb options to it's own namespace * added config for read/write capacity units --------- Co-authored-by: Michael McDermott <michael.g.mcdermott@gmail.com> Co-authored-by: Aswin V <vaswin91@gmail.com>
2023-03-16 21:42:36 +00:00
export const transformConnections = (connections: Array<SAMLSSORecord | OIDCSSORecord>) => {
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
if (connections.length === 0) {
return connections;
}
Webhook events for SSO and DSync connection operations (#1018)
2023-03-27 15:36:44 +00:00
return connections.map(transformConnection);
};
export const transformConnection = (connection: SAMLSSORecord | OIDCSSORecord) => {
if ('idpMetadata' in connection) {
connection.idpMetadata.friendlyProviderName = findFriendlyProviderName(connection.idpMetadata.provider);
}
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
Attach friendlyProviderName to OIDC (#1965) Attach friendlyProviderName to OIDC/type tweaks
2023-11-24 16:26:25 +00:00
if ('oidcProvider' in connection) {
connection.oidcProvider.friendlyProviderName = findFriendlyProviderName(connection.oidcProvider.provider);
}
add ability to activate/deactivate the sso and directory sync connections (#1049) * add support to activate and deactivate SSO connections * add unit tests for sso.deactivated and sso.activated * prevent sso login with deactivated connection * add deactivate key for directory sync * update the Badge component to extend react-daisyui * restructure the status toggle button * update the connection toggle for directory connection * wip * tweak variables * wip * cleanup * delete the connection after each test * ask for confirmation before sending the request * use PATCH method * fix the default value for toggle * stop sending webhook if connection is disabled * add the key deactivated to connection object * fix the unit test * attempt to fix the test * update * allow passing data-testid to ConfirmationModal * revert the changes * cleanup * remove the console.log * remove unused imports * sync the state after the status change * Sync lock file --------- Co-authored-by: Aswin V <vaswin91@gmail.com>
2023-04-10 12:56:26 +00:00
if (!('deactivated' in connection)) {
connection.deactivated = false;
}
Webhook events for SSO and DSync connection operations (#1018)
2023-03-27 15:36:44 +00:00
return connection;
add friendly mappings to well known Providers (#860) * display toast and adjust the width of the content * Add friendly mappings to well known Providers * ignore the OIDC connections in transformConnections * Update utils.ts
2023-01-20 15:59:13 +00:00
};
E2E test for IdP initiated SAML login to admin portal (#865) * Add back the env sourcing for local e2e test runs * Add mocksaml service * Add e2e test for idp initiated login * Tweaks * Tweaks and added console log to debug * Allow http url for local and test environments * Remove debug log * Check for localhost and https urls * Remove validation from UI * Package fixes for type dependencies * Tweak comment * Sync lock file * Sync lock file
2023-01-25 04:54:28 +00:00
export const isLocalhost = (url: string) => {
let givenURL: URL;
try {
givenURL = new URL(url);
} catch (error) {
return false;
}
return givenURL.hostname === 'localhost' || givenURL.hostname === '127.0.0.1';
};
add ability to activate/deactivate the sso and directory sync connections (#1049) * add support to activate and deactivate SSO connections * add unit tests for sso.deactivated and sso.activated * prevent sso login with deactivated connection * add deactivate key for directory sync * update the Badge component to extend react-daisyui * restructure the status toggle button * update the connection toggle for directory connection * wip * tweak variables * wip * cleanup * delete the connection after each test * ask for confirmation before sending the request * use PATCH method * fix the default value for toggle * stop sending webhook if connection is disabled * add the key deactivated to connection object * fix the unit test * attempt to fix the test * update * allow passing data-testid to ConfirmationModal * revert the changes * cleanup * remove the console.log * remove unused imports * sync the state after the status change * Sync lock file --------- Co-authored-by: Aswin V <vaswin91@gmail.com>
2023-04-10 12:56:26 +00:00
export const isConnectionActive = (connection: SAMLSSORecord | OIDCSSORecord | Directory) => {
if ('deactivated' in connection) {
return connection.deactivated === false;
}
return true;
};
Add `sortOrder` to sso connection to control the order of connections (#2231) * Control the order of connections in the IdP selection list * Remove unused import statement * Fix the sortOrder * Type fix * Fix TS error * Fix build * Update API version and add sortOrder parameter * Update swagger specs * Update swagger * Add tests * Add `sortOrder` to GET spec * Refactor connection retrieval logic and add sorting option * Fix connection sorting issue * Fix connection sorting issue * Update the validation * Fix the tests * Filter out connections that are not enabled --------- Co-authored-by: Aswin V <vaswin91@gmail.com> Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2024-02-08 15:14:14 +00:00
export const validateSortOrder = (sortOrder: unknown) => {
if (sortOrder === null || sortOrder === '') {
return;
}
const _sortOrder = parseInt(sortOrder as string);
if (isNaN(_sortOrder)) {
throw new JacksonError('The field `sortOrder` must be a number.', 400);
}
if (_sortOrder < 0) {
throw new JacksonError('The field `sortOrder` must be a number greater than or equal to 0.', 400);
}
};