* [typings] OIDC provider clientId/secret is non optional
* try/catch and trace the errors ...
* Fix error message inside `resolveConnection`
* Default for error_description, trace error should be either error or fallback to description
* Attach traceId to OAuth error response
* Add more context to the traces
* [fed-saml] Add relayState to trace context
* Tenant/product can be traced from session.request in case connection is not resolved
* Minor change
* [npm] Rename `saml-tracer` -> `sso-tracer`
* [Admin UI/API] Rename `saml-tracer` -> `sso-tracer`
* [v1 API] Rename `saml-traces` -> `sso-traces` with alias to old path
* Fix assertion type display with fallback to `-`
* Update swagger spec
* Scroll in case text overflows
* display toast and adjust the width of the content
* customize the branding for setup links
* use the branding in setup links page
* Admin Branding WIP
* Update settings
* Move to ee folder
* If the licence is not valid, return the default branding
* update translation
* Add logo to the idp selection page
* add license check to the API
* read default branding from a common place
* add LicenseRequired
* cleanup
* Add License check to NPM
* Fix
* Add --pf css variable
* fix the idp selection page
* use default branding if value is not set
* Fixes
* Improved the store and keys
* Infer the return type
* Whitelabeling the IdP selection screen per tenant and product
* Fix the param type
* Fix the unit tests
* Fix mismatch in server/client rendering
* Switch to radio button look and feel
* Use rounded border only for textual inputs
* Cleanup import
* Move routing to `useEffect`
* Fix server render mismatch
* fixed merge conflict
* fixed merge conflict
---------
Co-authored-by: Aswin V <vaswin91@gmail.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* `SAMLTracer` bootstrap
* Pass `db` handle
* Expect `null` when license is void
* Skeleton - WIP
* Add `Trace` type
* Hook into `samlTracer`
* Secondary index and other changes
* Remove secondary index, support pagination
* Remove TTL on tracer store, add secondary indices
* Add `traceId` alongside payload value
* Implement `cleanUpStaleTraces`
* Trace any error in response parsing stage
* Move `setInterval` to constructor, also run at start
* Use arithmetic
* Make method `public`
* `await` on delete op
* Fix logic: store `concat` result in `traces`
* Unit tests
* Switch `randomUUID` to `generateMnemonic`
* Tweak const name
* Typo fix
* SAML Tracer to the sidebar
* Api routes and pages
* i18n
* SAML Tracer instance and type updates
* Page and api route for admin portal
* Update comment
* Rename variable
* Enhance types, make `timestamp` optional
* prefix `traceId` to error_description
* Assert traceId pattern and return value
* Add translations for traces list table
* Updates for SAML Tracer viewer
* Format the `error_description`
* Implement `getByTraceId`
* keycheck instead of falsiness check
* Use status `403` and minor tweaks
* Api route for getting single trace by `traceId`
* Trace Inspector view
* Move SAMLTracer out of `ee`
* Remove license check
* Placeholder for parsing rawResponse
* Trace inspect page
* Tweak description
* Wrap `samlResponse` in try catch
* Refactor and style changes, display more context
* Rethrow error for SAMLFederation without
redirecting
* Add `issuer`,`profile` to context
* Switch to `<span>` inside `<p>`
* Format profile display and fix issuer term
* Add TODO comment
* Use empty string if `issuer` turns out to be empty
* Package lock changes
* Tweak the comment
* Handle error with no op within saveTrace
* Wrap SAML error points in `authorize` with tracer
* Sync lock file
* Redirect to jackson error page for federated sso
* Pass `samlTracer` to Federated SSO class
* Trace the error and rethrow to caller
* Refactor
* Expand `context` type
* Gaurd for absent context fields
* Disable word-wrap for timestamp
* Display additional context
* `await` to catch errors inside promise
* Use tenant/product from app instead of connection
* Use translation and minor fix
* More translations
* More translations
* Remove "unlikely request" capturing
* Copy to clipboard button
* `await` inside try catch block
* cleanup
* Expand `try` to include jackson init
* Add `requestedOIDCFlow`
* Filter out empty indices
* Make `samlTracer` internal to jackson
* Use `AdminController` to get trace data
* Default to 0 for pagination
* Add comment
* Add IdP login flag to context
* Move the assignment before IdP flow check to populate context
* Add `relayState` to context
* Add `redirectUri` to context
* env, login button & translations
* added setting in sidebar
Added login with sso button
Added connection create form in settings
* added new pages for Self SSO connection CRUD
* Fixed Self SSO issue
* Use @boxyhq/react-ui component for SSO
* `await` on method instead of class
* Fix import
* Set fields to non-editable for settings view
* Tweak for settings view
* Add link for settings in sidebar
* Take in admin SSO defaults from env
* Tweak edit page for settings view
* Remove `NEXT_PUBLIC` prefix
* Switch back to getSSP from getStaticProps
* Sync lock file
* Set defaults in env
* Filter out admin sso tenant/product
* Load admin SSO tenant/product
* Update heading
* Fix back link
* Use latest published version
* Set `clientId` to dummy in provider init
* Use the defaults from env
* Fix redirectUrl after savingConnection for settingsView
* Use `isLoading` from SWR
* Fix settings view url for mutation and redirect in Edit
* Replace api route path
* Use rewrite instead of router.push and other tweaks
* Reuse `ConnectionList` for settings
* Use pagination query params in settings api
* Import styles from sdk
* Fix failing build
* Use latest version
* - Display badge for system sso connections
- Reuse admin connection for retrieving system sso
connections
* Tweak styling
* Construct profile in updateUser as done previously
* Update react-ui
* Remove extra truthy check
* Hide pagination buttons for settings view
* Install @boxyhq/react-ui as symlink to local
* Tweak badge size
* Rename admin portal sso envs
* Fix the edit redirection for system sso
Co-authored-by: ukrocks007 <ukrocks.mehta@gmail.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Kiran K <kiran@boxyhq.com>
* Merged
* Revert the changes
* changes
* dropdown working
* fixes
* added custom classes for log viewer
* Create Project & styling fixes
* Update package-lock.json
* fixed react datepicker css issues
* Showing apis keys after project is created
* View tokens page
* minor changes
* masking for tokens
* warning fixes
* Fix the sidebar active state
* wip
* wip
* wip
* Showing publisher api url
* Fixed create new projects and list projects
* Improved the ProjectInfo page
* Fix the copy to clipboard button
* Add the codesnippet
* wip
* wip UI
* Improve the code snippet
* Fixes and improve the UIs
* Replace the product logos
* Set the group null
* Fix the conflicts
* Fix the heroicons
* Remove the unused method
* Make the ProjectDetails 2 columns
* Fix the logs-viewer not displaying
* read event log from admin-ui
* Jackson docker compose file & retraced integration related changes
* minor fix
* fixes for created key of audit log
* fixed the expiry for self signed certificate
* using node forge for self signed certs
* Revert "using node forge for self signed certs"
This reverts commit c027b5b7ce.
* fix
* package lock changes
* installed missing dependancies and added new packages
* minor fixes
* fixes
* added missing translations for retraced pages
* - pin deps
- removed react-copy-to-clipboard, react-host-toast
* fixed typo
* cleanup
* tweak
* switched to ButtonIcon
* switch to button components and added back buttons where needed
* checking npm ci
* simplified env vars for Retraced
* tweaks
* If Retraced host is not specified then show a message
* added audit logs logo
* - added admin_token to bypass user and project specific queries
- fixed project details view to read any length for environments
* switched to daisyui Select
* fixed auth check for api routes, get email for claims from the jwt
* updated package-lock
* switched to clipboard component
* tweaks to CodeSnippet
* padding tweaks
* updated package-lock
* updated package-lock
* fixed z-index for modal in logs-viewer
* select -> Select
Co-authored-by: Kiran <kiran@boxyhq.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Update
* Fix the sidebar active state
* Add back button to the missing pages
* Use the translation keys
* Fix the type
* Remove old pagination component
* Fix the pagination for SSO connections
* Change the extension to .ts
* Add pagination to the directories listing
* Add the space between the buttons
* Add pagination for SAML Federation Apps
* Add missing pagination
* Fix the back buttons
* Add the pagination for webhook events
* Tweaks
* Fix the issue
* Fix the tests
* Fix the failing tests
* Fix the failing tests
* added hover state for table rows
* aligned SAML federation page with rest
* optimised imports from heroicons
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* API to list the directories
* Add the API to get the directory info
* Add missing APIs
* Use useDirectory hook
* Fix the link active condition
* Update
* Add alert component
* Add a loading state component
* Now Emptystate accept an optional prop description
* SAML federation create app controller
* Add the UI to create and list SAML federation apps
* Create SAML federation app and metadata
* wip
* wip
* wip
* Cleanup
* Fix the return values
* Delete the session after the SAML response is sent to the user
* wip
* Revert the changes to the ConnectionAPIController
* wip - IdP selection, session fixes
* Fix the flow
* Refactor
* Refactor
* wip
* Refactor the idp selection page - wip
* Refactor
* Refactor the resolve connection
* Refactor the idp selection
* Refactor the idp/app selection and other fixes
* wip
* Refactor
* Refactor the SAML response handling to merge the logic
* Rename the methods
* Move the saml federation to /ee folder
* Fix the imported types
* wip
* wip /ee
* Move the federated SAML UI to /ee
* Move to /ee folder
* wip admin portal
* Delete the SAML federation app
* Rename the controllers
* Add the translation
* Add the proper license check
* Add the unit tests
* tweaks to test
* tweaks to test
* Changes to the controller and other cleanup
* Fix API routes headers
* Use new toast
* Add button to download cert
* Tweaks
* log cleanup
* saml federation is part of enterprise sso
* entityID now contains the unique hash needed for each tenant + product combination
* cleanup
* cleanup
* we don't need a unique entityID
* text tweaks
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Share setup link related changes
1. Setup link creation for saml connection
2. Setup link creation for Directory sync
3. Regeneration of Setup link
4. Ability to open setup link without login
5. Setup link opens up SAML connection page
6. Saml Connection page hides Tenant & Product fields
* Saving SAML and OIDC configuration
* showing the connection list on setup page
* Connections CRUD
* UI changes for Setup layout
* semantics changes connection -> sso-connection
* directory sync support for share link
* showing only current tenant product directories
* fixes mentioned in commnets by Aswin
* prettier formatting
* 1. checking entityID against existing configs
2. Failing saml config creation if tenant/product does not match
with existing config with same entityID
3. returning boxyhqEntityID with saml config
which is combination of SAML_AUDIENCE env variable & clientID
* fixed route
* minor fixes
* reverting connection get api changes
* added getEntityID api added
* getEntityID api added
* Fix the layout rendering for the /setup routes
* showing entityID on setup page
added api to getEntityID under setup
* handling jumpcloud case for validation
* minor fixes
* Bump up @boxyhq/saml20 version
* review changes
* package lock changes
* package json and lock changes
* removed xmlbuilder
* package lock changes
* removed api call from ConnectionList component
* Back button link fix
* test fixes
* intermediate changes for Setup link list feature
* setup link list related changes
* UI fixes and actions
* removed unwanted import
* setup link list action hooked with correct functions
* path rewrites, styling changes, toast
regenerate & delete setup links
* fixes for mutate
* fixed samlAudience
* minor tweaks to clipboard icon
* minor tweaks to clipboard icon
* updated package-lock
* updated package-lock
* formatting changes
* formatting changes
* removed console log
* Added cusor pointer for action for LinkList component
Removed unused variable & validation of empty token
Removed redundent validation code
linting fixes
* Auto redirect in setup link page for sso-connection create form
Delete icon on setup link list page on hover red color & tooltips
* removed redirect and used isValidating
* fixes for router replace
* toast for setup links
* fixes for dsync apis
* redirect related change
* removing redirect for sso-connection
* fallback to error.message
* casting changes for boxyhqEntityID
* showing IDP Entity Id on create sso-connection page
Rename entityId to IDP entity id
* text tweak
* converted string to translations
* fixed unique key warning for lists
* added description for setup link
* aligned API calls to return the same consistent structure
* fixed build
* fixed api structure
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Kiran <kiran@boxyhq.com>
* Share setup link related changes
1. Setup link creation for saml connection
2. Setup link creation for Directory sync
3. Regeneration of Setup link
4. Ability to open setup link without login
5. Setup link opens up SAML connection page
6. Saml Connection page hides Tenant & Product fields
* Saving SAML and OIDC configuration
* showing the connection list on setup page
* Connections CRUD
* UI changes for Setup layout
* semantics changes connection -> sso-connection
* directory sync support for share link
* showing only current tenant product directories
* fixes mentioned in commnets by Aswin
* prettier formatting
* fixed route
* minor fixes
* Fix the layout rendering for the /setup routes
* minor fixes
* review changes
* package lock changes
* package json and lock changes
* removed xmlbuilder
* package lock changes
* removed api call from ConnectionList component
* Back button link fix
* intermediate changes for Setup link list feature
* setup link list related changes
* UI fixes and actions
* removed unwanted import
* setup link list action hooked with correct functions
* path rewrites, styling changes, toast
regenerate & delete setup links
* fixes for mutate
* minor tweaks to clipboard icon
* updated package-lock
* formatting changes
* removed console log
* Added cusor pointer for action for LinkList component
Removed unused variable & validation of empty token
Removed redundent validation code
linting fixes
* Auto redirect in setup link page for sso-connection create form
Delete icon on setup link list page on hover red color & tooltips
* removed redirect and used isValidating
* fixes for router replace
* toast for setup links
* fixes for dsync apis
* redirect related change
* removing redirect for sso-connection
* fallback to error.message
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Kiran <kiran@boxyhq.com>
* Add a new UI for the login screen
* Update the error page UI
* text tweak, fixed active element in menu bar, updated logo to generic one
* text tweaks
* fixed unauth route, it needs to be the original one, not the redirected one
* Display the list of well-known URLs on login screen
* Display the well-known URLs on the dashboard
* added description to links
* tweak to login page
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Support connection dynamic param in route
* Pass `connection`
* Fix tests
* Accept oidc params and validate the same
* Rename `connection` --> `strategy`
* Use saml for preLoadedConfig for now
* Rename `apiController` --> `apiConfigController`
* Flatten the params
* Validate passed config
* Backward compatibility for embed setup
* Impl for oidc config save
* index addition for oidc clientId
* Remove param, defaults to saml
* Validation will be done inside controller
* Zap secondary index on clientId, not required
* Rename `APIConfigController` --> `ConfigAPIController`
* Update swagger
* Fix name
* Fix name elsewhere
* Revert filter
* Split `saml` and `oidc` create/update logic
* Route `saml` and `oidc`
* Test update
* Update swagger
* Update swagger
* Use tenant/product from stored config
in lieu of params
* Validate passed OIDC clientId using hash
* Update swagger annotations
* Handlers for getting OIDC/SAML configs
* Validate tenant/product in update
* Typo fix
* Fix test
* Default to empty string, validation is done
to check if the params are not empty
* Extract provider name just like saml
* OIDC Connection support
*delta for authorize*
- Renamed samlConfig(s) → connection(s)
- Renamed resolvedSamlConfig -> resolvedConnection
- Detect connection is SAML or OIDC
- Perform Issuer discovery and oidc client init
- Tweak error responses
- Persist oidc client metadata in session
* Test type fix
* Test fix
* openid-client dependency
* Sync package locks
* Fix return type
- Remove `undefined` from return type
- Return `OAuthErrorResponse` for else case
* Handle OIDC Authorization response
* Persist OIDC code_verifier
* Remove scope check for OIDC connection
* Normalize scope before relaying
* Method name update
* Extract user profile from id token and userinfo
* Handle error response from OIDC Provider
* Update type
* Type update with OIDC specific error codes
* Bug fix : typo
* Cleanup
* OIDC callback route
* Bug fix: return profile and parameter fix
* Rename `config` -> `connection`
* Use `Link` and add oidc connection nav item
* Use `strategy` from query param
* Delta ↴
- Reorganised api routes
- Removed Admin controller filtering methods for saml/oidc
* Fix page link in e2e test
* Changes:
- Handle oidc connection fields
- Rename component file path
* Remove slug for save/update connection
* Fix keyname in update operation
* Import path update
* Radio select connection type for new connection
* Update lock file
* Sync lock file
* Sync package lock
* Fix connectionType detection for new connection
* Fix error message
* Add comment
* Tweak comment
* Use the correct state and directly from session
* Sync lock file
* Remove `provider` from OAuthReqBody
* Remove duplicate scopes
* Pass recent param additions to idpSelection page
* Add badge for Provider type
* Style tweak
* Style IdP type selection
* Add test for oidc provider
* Comment
* Check for empty state
* Add test for oidcAuthzResponse
* Add test for oidcAuthzResponse
* Add test for error response from OP
* Error message tweak
* Test the happy path
* Remove unused import
* Fix assertion
* - Fix types
- add createOIDCConfig` test for missing params
* Test happy path for `createOIDCConfig`
* Param validation tests for `createOIDCConfig`
* Test for `updateOIDCConfig`
* Tests for `updateOIDCConfig`
* Male `oidcPath` required like `samlPath`
* Bump `openid-client` version
* Refactor
* Update test coverage map
* Tweak label
* Split openid/oauth tests
* call `t.end`
* Fix file name in comment
* Add test teardown
* Improve coverage and rename test files
* For backwards compatibility
* Minor formatting
* Add api paths for /connection
* Zap config path for admin ui
* Update swagger spec
* Rename `configAPIController`
→ `connectionAPIController`
* Rename `IdPConfig` → `IdPConnection`
* Rename `validateIdPConfig` → `validateIdPConnection`
* Rename `createSAMLConfig` → `createSAMLConnection`
* Rename `createOIDCConfig` → `createOIDCConnection`
* Update swagger spec
* Rename `updateSAMLConfig` → `updateSAMLConnection`,
`updateOIDCConfig` → `updateOIDCConnection`
* Make `clientID`/`clientSecret` readOnly
* Rename `configStore` → `connectionStore`
* Update swagger spec
* Add `getConnection` + `deleteConnection`
* Remove `/api/v1/oidc/config`
and keep `api/v1/saml/config`
* Rename `getAllConfig` → `getAllConnection`
* Rename `readConfig` → `loadConnection`
* Rename `deleteConfiguration` → `deleteConnection`
* Add `preLoadedConnection` env
* Update map and cli
* Refactor api tests and rename config to connection
* Rename `configList` → `connectionList`
* Rename `samlConfig` → `samlConnection`
* Rename config -> connection
* Rename `config` → `connection`
* Rename counters for otl
* Sync package lock
* Remove api key validation from api route
* Update Admin ui title
* Update swagger
* Update otl metric descriptions
* Update var naming to connection
* Add strategy validation
* Add tests for invalid strategy
* Sync package lock
* Upgrade and pin version
* Update saml config api with deprecated
* Updated swagger spec for deprecated config api
* Bump package version
* Fix label
* - removed strategy for `get` and `delete`
- Type update
* Type updates
* getConnection -> getConnections,
deleteConnection -> deleteConnections
* Update swagger spec
* Use only for saml connection
* Remove slug from api routes
* API path updates
* Type updates
* Helper util for api routes to check strategy
* Type updates and api changes
* `OAuthReq` typings enhancement
* Narrowed down types for `OAuthTokenReq` and
`OIDCAuthzResponsePayload`
* `IdPConnection` -> `SSOConnection`
* Update cookie name to avoid clash
* Handle the uncaught case to prevent req hanging
* SCIM Config API - / POST
* SCIM wip
* Add SCIM Webhook
* Send webhoo event, and add signature
* SCIM Group wip
* wip
* SCIM wip
* User store wip
* wip
* wip
* SCIM - Groups management
* Add the params validation
* Cleanup
* Create user API, return the created user
* Replace the nanoid with crypto
.randomBytes
* Improve the transform methods
* Fix the events APIs
* Fix
* Wip - Testing with OneLogin SCIM
* wip
* Make changes to SCIM APIs
* wip
* Add the method createRandomSecret
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* refactor wip
* refactor wip
* wip
* Users finished
* Group finished
* Group fix
* Fix the types
* Fix the types
* wip webhook events
* Fix the config API
* wip
* wip
* wip
* wip
* Improve the methods
* wip
* wip
* wip webhook
* Refactor the code
* Add some comments
* Fix the API
* wip SCIM
* Fix the pk
* Return the all the groups
* Fix
* Improve the code
* Final changes
* wip APIs
* Rename variables
* Rename the classes
* Fix the APIs
* wip
* Admin UI - wip
* Add SCIM config screen
* Admin UI wip
* Admin UI wip
* Admin UI wip
* Fix the Admin UI
* Add tabs
* Add tabs
* Add user screens
* Add EmptyState
* Add users, groups info screen
* Add JSON syntax highlighter
* Fix the config details screen
* Add authentication to the APIs
* wip
* Add types
* Add webhook event logs
* Add type to directory
* Display the event log details
* Fix the missing arg
* Ability to configure the logging enable/disable
* Display alert if webhook logging is disabled
* Fix the SCIM
* Applied prettier
* Search users by userName
* Fix the section width
* Add pagination for /users /groups in admin UI
* Add pagination for directory listing
* Fix the issues with list()
* Add APIs
* Add Next.js middleware for authentication
* Fix the TS issue
* Add pagination for SCIM /users
* Add pagination for SCIM /users
* Moved the tests into sub folders
* Add unit tests for directories, users
* wip
* wip - unit tests
* wip - unit tests
* Some improvments
* wip
* Finished the SCIM unit tests
* Some fixes
* Fixes
* Rename methods
* Fix the TS
* Many fixes
* Fixes
* Fixes
* SCIM Fixes
* SCIM updates
* Fix the unit tests
* Fix the unit tests
* Fix the unit tests
* Improve the unit tests
* A fix
* File renamed as per JS standard
* Fix
* Updates
* Fix the SCIM APIs
* Fix the tests
* Added the Base class
* Some fixes
* Some fixes
* Some fixes
* Fix the events
* Renamed to directorySyncController for consistency
* Moved the createId to Base class
* Moved the createId to Base class
* Remove the Next.js middleware and add authentication to each routes
* Change the text
* Merged
* Revert the changes
* Improved the response of the SDK and APIs
* Fix the return value
* Azure related changes
* Add the middleware back
* Infer the types from getServerSideProps
* givenName and familyName can be empty depends on the mapping
* Fix the issue with update
* API changes
* Fixes
* Fix the types
* Revert the change
* Improving the Webhooks and Callback
* Added the event callback and changed the implementation for Webhook
* Fix the SCIM API
* Fix the events.ts file
* wip
* Cleanup and improve the request handler
* Revert the package.json changes
* Make the directory name optional.
* Add a generic scim provider to the type
* wip
* Remove supabase UI
* Update package-lock.json
* Update the UI with DaisyUI
* UI fixes
* Final changes to the UI
* Standardize the Input theme
Co-authored-by: Kiran <kiran@Kirans-MacBook-Pro.local>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Merged
* Revert the changes
* wip
* wip
* wip
* UI improvements
* wip
* Text changes
* Add the cta
* Code cleanup
* Fixes
* Fixing the tests
* Fixing the tests
* Fixing the tests
* Fix the issues with package-lock
* Fix the issues with package-lock
* updated package-lock
* try reverting e2e test changes
* add menu text inside a div so it can be found by e2e tests
* one more attempt
* remove hidden class
* package-lock.json
* Make the test fails
* Fix the e2e test
* Adjust the layout loading
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>