* WIP
* updated swagger file
* renamed routes
* renamed test folder
* separate section for Identity Federation
* sso-tracer -> sso-traces
* don't change ACS url for SAML federation
* SAMLFederation -> IdentityFederation
* SAMLFederation -> IdentityFederation
* keep api/federated-saml but move to api/identity-federation
* test old route as well
* fixed test
* fixed test
* retry tests 3 times
* updated deployment
* WIP create SAML Fed app
(cherry picked from commit 3d15b20a2d)
* Add Admin Portal SSO via SAML Fed
* Minor tweaks
* Use fixture and login using federated connection
* Cleanup SAML fed connection after test, disable failing assertion for now
* Remove only
* Use MockSAML endpoint from env
* Cleanup SSO connections mapped to SAML Fed
* OIDC Fed spec
* Try with higher timeout
* Mutate on page load
* Put back assertion
* Remove assertion and mutate for now
* SAML Fed App + 2 SAML Providers
* Take in optional tenant/product for fixture method
* SAML Fed + 2 OIDC providers
* SAML Fed test cases for single provider
* Tweak title
* Replace swr with fetch
* Remove only
* Bump up timeout to 100s
* Add more test cases for OIDC Fed
* Refactor fetch with hooks
* locale tweaks
* Also try with the other provider
* Fixture support SAML add via raw metadata
* Add second SAML connection using raw metadata
* Revert "Add second SAML connection using raw metadata"
* Revert "Fixture support SAML add via raw metadata"
---------
Co-authored-by: ukrocks007 <ukrocks.mehta@gmail.com>
Co-authored-by: Aswin V <vaswin91@gmail.com>
* `offset` -> `pageOffset`, `limit`-> `pageLimit`
* Be backward compatible in API
* Cleanup types and handle pagination qs
* Cleanup unused code
* Import type
* Cleanup and fix lint error
* Align params for sso-tracer
* Move parsing to a common util function
* pageLimit shouldn't be optional
* Cap pageLimit to max value, split the boolean
* Revert typings and assert non null
* Refactor var name
* Use util function to normalize pagination params across getAll and getByIndex
* Normalize offset/limit for dynamo/mongo
* Update query params in `FederatedSAMLApps`
* Cap to max limit if passed limit is 0
* Sync lock file
* Add a 3rd record and supply opts.pageLimit
* Normalize offset/limit for mem/redis
* Save the 3rd record in the store
* Fix getAll tests
* Give precedence to standard params over legacy
* Use util function
* Parse using util function
* Refactor
* Standardise pagination for `api/v1/dsync/events`
* Standardise pagination for api/admin/connections
* Standardise pagination for api/admin/directory-sync
* Standardise pagination for `api/v1/dsync/groups`
* Standardise pagination for `v1/dsync/users`, `v1/dsync/product`
* Standardise pagination in fetchByProduct APIs
* Update swagger for groups
* Fix pagination params definition, add the params for users api
* More swagger updates
* Swagger spec update for dsync events
* Add pagination params to apis fetching by product
* Update qs in internal-ui
* Remove type assertion
* [Swagger WIP] Fix response format for paginated APIs
* Add dsync events to swagger spec
* Fix swagger spec for sso tracer
* Fix swagger spec for federated-saml apps of a product
* Update pageLimit to 50
* Use pageLimit value from internal-ui
* Update UI SDK
* Cleanup local pagination component
* Update swagger version
* Remove unused keys from locale
* Fix tag for trace api spec
* Fix param name for swagger
* Fix swagger tag for trace
* updated package-lock
* updated package-lock
---------
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* add WellKnownURLs
* Fix translation keys
* Update dependencies and add IdP Configuration
* Update common.json with new translations
* wip
* Update @boxyhq/internal-ui version to 0.0.5
* add internal ui folder
* Fix imports and build
* Refactor internal-ui package structure
* wip shared UI
* Fix the build
* Add new components and hooks for directory sync
* lint fix
* updated swr
* users
* Refactor shared components and fix API endpoints***
***Update directory user page and add new federated SAML app
* Fix lint
* wip
* Add new files and update existing files
* Refactor DirectoryGroups and DirectoryInfo components
* Update localization strings for directory UI
* Update Google Auth URL description in common.json
* Refactor directory tab and add delete functionality to webhook logs
* Delete unused files and update dependencies
* Fix column declaration
* Add internal-ui/dist to .gitignore
* Update page limit and add new dependencies
* wip
* Refactor directory search in user API endpoint
* wip
* Refactor directory retrieval logic in user and group API handlers
* Add API endpoints for retrieving webhook events
* Add query parameters to API URLs in DirectoryGroups
* Add Google authorization status badge and handle pagination in FederatedSAMLApps
* Add router prop to AppsList component and update page header titles
* UI changes
* Add new files and export functions
* Remove unused router prop
* Add PencilIcon to FederatedSAMLApps
* Refactor FederatedSAMLApps and NewFederatedSAMLApp components
* lint fix
* add jose npm to dev dep
* added missing strings
* locale strings fix
* locale strings cleanup
* update package-lock
* Add prepublish step
* Build and publish npm and internal ui
* Refactor install step
* Run npm install (for local) inside internal ui automatically using prepare
* Remove eslint setup for internal-ui
* wip
* Add `--legacy-peer-deps` to prevent installing peer dependencies
* wip
* Fix the types import path
* wip
* wip
* Fix the types
* Format
* Update package-lock
* Cleanup
* Try adding jose library version 5.2.2
* Add new dependencies for @next/swc package
* Fix translation keys and import types
* Update SSOTracers component and common.json localization
* COPY internal-ui before npm install
* COPY internal-ui in builder stage
* fixed sort order for jose
* wip
* wip setuplink
* Add delete link
* Add exclusion for node_modules in files.exclude
* Add error handling and additional functionality to SetupLinks component
* Refactor SetupLinks component and add missing translations
* Add missing translations and update setup link messages
* Remove comment
* update localization strings
* Remove unused key
* Update SSOTracerInfo component title
* Refactor ConfirmationModal component button styling
* Update package.json and ConfirmationModal.tsx
* Update dep
* Refactor setup links API and UI to use query parameters for pagination
* Refactor deleteLink API endpoint and SetupLinks component
* Update package.json paths
* Update dep
* Refactor setup link forms and add new fields
* Update dep
* Update import paths and add new setup links tests
* wip
* Refactor CreateDirectory and DirectoryInfo components
* Add new fields to setup link and directory sync APIs
* Cleanup
* Update package-lock
* Fix link regeneration
* updated package-lock
* Fix and add e2e tests
* Update API documentation with new parameters for setup link creation and update
* Revert
* Update postcss.config.js and SSOForm.tsx
---------
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Aswin V <vaswin91@gmail.com>
* Control the order of connections in the IdP selection list
* Remove unused import statement
* Fix the sortOrder
* Type fix
* Fix TS error
* Fix build
* Update API version and add sortOrder parameter
* Update swagger specs
* Update swagger
* Add tests
* Add `sortOrder` to GET spec
* Refactor connection retrieval logic and add sorting option
* Fix connection sorting issue
* Fix connection sorting issue
* Update the validation
* Fix the tests
* Filter out connections that are not enabled
---------
Co-authored-by: Aswin V <vaswin91@gmail.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* [typings] OIDC provider clientId/secret is non optional
* try/catch and trace the errors ...
* Fix error message inside `resolveConnection`
* Default for error_description, trace error should be either error or fallback to description
* Attach traceId to OAuth error response
* Add more context to the traces
* [fed-saml] Add relayState to trace context
* Tenant/product can be traced from session.request in case connection is not resolved
* Minor change
* [npm] Rename `saml-tracer` -> `sso-tracer`
* [Admin UI/API] Rename `saml-tracer` -> `sso-tracer`
* [v1 API] Rename `saml-traces` -> `sso-traces` with alias to old path
* Fix assertion type display with fallback to `-`
* Update swagger spec
* Scroll in case text overflows
* Make entity ID read-only
* Update swagger.json
* Add validation to check if an app with the same tenant and product already exists
* Fix error message for duplicate app creation
* Get Federated SAML apps by product
* move to /ee
* Rename method
* Fix APIs
* delete app by tenant + product
* get app by tenant and product
* Fix the params
* Fix the params
* Change API path to /saml-federation
* Update the paths
* use /federated-saml
* Revert
* Add swagger specs
* Fix tests
* Support `metadata` in `OIDCSSORecord`
* Helper to create oidc issuer instance
* Use helper to create `Issuer`
* Sync lock file
* Support `oidcMetadata` in pre-loaded connections
* Augment typings for OIDC SSO Connections
* Use helper and pass metadata
* Update validation to consider metadata
* Support for OIDC metadata
* Test fixes for types and error message
* Fix swagger array type
* Update swagger spec
* Util to transform OIDC metadata JSON
* Fix typings
* Augment validation for oidc metadata fields
* Add `oidcMetadataParse` to admin apis
* Add `oidcMetadataParse` to setup link apis
* Remove previously set discoveryUrl or metadata
if any
* Type updates admin portal
* initialState seeding for `object` type
* Add and place at bottom of the form
* Type the catalog list
* use to set the fields for the object type
* Type updates
* Gaurd against parentKey value
* Add missing guard to `formatForDisplay`
* Link like button
* Support for fallback field
* Util function to check if value is `{}`
* Fix premature setting of metadata
* Exclude fallback from form display
Activate fallback on switch interaction
* Fix settings view state setting
* Sync lock file
* Tweak error message
* Add e2e for SSO connection add via metadata
* Tweak switch
* Refactor - Parameterize the e2e test
* Cleanup
* text tweaks
* fixed test
* Update comments
* Use `data-testid` instead of button name
* Source `data-testid`s from catalog
* Refactor `hidden` className setting
* Switch from `locator` to `getByTestId`
* Apply hidden className to checkbox input
---------
Co-authored-by: Kiran K <kiran@boxyhq.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* wip: updated otel libs but it isn't sending events
* cleanup
* grpc works
* simplified counter creation
* Support process.env.OTEL_EXPORTER_OTLP_ENDPOINT as well
* exportIntervalMillis of 60 seconds should be sufficient
* support http and grpc as well
* tweak to OTEL_EXPORTER_DEBUG
* unregister logger before setting it
* Replace Admin UI with Admin Portal
* Create a default certificate
* Use the default certs instead of per connection certificate
* Revert the changes
* refactored to encapsulate all logic inside x509.ts
* added certs to sp-metadata
* Cache the certificate before return
* Fix the type
* added expiry check to cached certificate
* added url to download public cert
* added instructions to encrypt assertion
* bumped up version
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* parse role and group
* convert group to an array if there's one element
* added role and groups to types and api docs
* array mapping for roles as wel
* Throw error if `entityID` is missing
* Use `JacksonError` instead of Error
* Type enhancements - use `SAMLSSORecord`
* Better typing with `OIDCSSORecord`
* Add types for response
* Update swagger
* Sync package lock
* Assert connection record type in tests
* Mark `@deprecated` for config methods
* Mark `openid` as optional
* Gaurd against nullish
* Fix test
* Add entityID check for update op, add tests
* Cleanup `t.end()`, not required for `async` tests
* Remove oidcPath check in defaultOpts
* Return error if `oidcPath` is empty in authorize for OIDC Connection
* Add missing `async`
* Fail connection add/update if `oidcPath` is not set
* Type alignment
* Update swagger spec
* Fix type for `oidcPath`
* Cleanup
* Add missing return types and fix type for `getConfig`
* Bump up version
* Update swagger spec
* Remove uffizzi from ignore file
Co-authored-by: Kiran <kiran@boxyhq.com>
* Support connection dynamic param in route
* Pass `connection`
* Fix tests
* Accept oidc params and validate the same
* Rename `connection` --> `strategy`
* Use saml for preLoadedConfig for now
* Rename `apiController` --> `apiConfigController`
* Flatten the params
* Validate passed config
* Backward compatibility for embed setup
* Impl for oidc config save
* index addition for oidc clientId
* Remove param, defaults to saml
* Validation will be done inside controller
* Zap secondary index on clientId, not required
* Rename `APIConfigController` --> `ConfigAPIController`
* Update swagger
* Fix name
* Fix name elsewhere
* Revert filter
* Split `saml` and `oidc` create/update logic
* Route `saml` and `oidc`
* Test update
* Update swagger
* Update swagger
* Use tenant/product from stored config
in lieu of params
* Validate passed OIDC clientId using hash
* Update swagger annotations
* Handlers for getting OIDC/SAML configs
* Validate tenant/product in update
* Typo fix
* Fix test
* Default to empty string, validation is done
to check if the params are not empty
* Extract provider name just like saml
* OIDC Connection support
*delta for authorize*
- Renamed samlConfig(s) → connection(s)
- Renamed resolvedSamlConfig -> resolvedConnection
- Detect connection is SAML or OIDC
- Perform Issuer discovery and oidc client init
- Tweak error responses
- Persist oidc client metadata in session
* Test type fix
* Test fix
* openid-client dependency
* Sync package locks
* Fix return type
- Remove `undefined` from return type
- Return `OAuthErrorResponse` for else case
* Handle OIDC Authorization response
* Persist OIDC code_verifier
* Remove scope check for OIDC connection
* Normalize scope before relaying
* Method name update
* Extract user profile from id token and userinfo
* Handle error response from OIDC Provider
* Update type
* Type update with OIDC specific error codes
* Bug fix : typo
* Cleanup
* OIDC callback route
* Bug fix: return profile and parameter fix
* Rename `config` -> `connection`
* Use `Link` and add oidc connection nav item
* Use `strategy` from query param
* Delta ↴
- Reorganised api routes
- Removed Admin controller filtering methods for saml/oidc
* Fix page link in e2e test
* Changes:
- Handle oidc connection fields
- Rename component file path
* Remove slug for save/update connection
* Fix keyname in update operation
* Import path update
* Radio select connection type for new connection
* Update lock file
* Sync lock file
* Sync package lock
* Fix connectionType detection for new connection
* Fix error message
* Add comment
* Tweak comment
* Use the correct state and directly from session
* Sync lock file
* Remove `provider` from OAuthReqBody
* Remove duplicate scopes
* Pass recent param additions to idpSelection page
* Add badge for Provider type
* Style tweak
* Style IdP type selection
* Add test for oidc provider
* Comment
* Check for empty state
* Add test for oidcAuthzResponse
* Add test for oidcAuthzResponse
* Add test for error response from OP
* Error message tweak
* Test the happy path
* Remove unused import
* Fix assertion
* - Fix types
- add createOIDCConfig` test for missing params
* Test happy path for `createOIDCConfig`
* Param validation tests for `createOIDCConfig`
* Test for `updateOIDCConfig`
* Tests for `updateOIDCConfig`
* Male `oidcPath` required like `samlPath`
* Bump `openid-client` version
* Refactor
* Update test coverage map
* Tweak label
* Split openid/oauth tests
* call `t.end`
* Fix file name in comment
* Add test teardown
* Improve coverage and rename test files
* For backwards compatibility
* Minor formatting
* Add api paths for /connection
* Zap config path for admin ui
* Update swagger spec
* Rename `configAPIController`
→ `connectionAPIController`
* Rename `IdPConfig` → `IdPConnection`
* Rename `validateIdPConfig` → `validateIdPConnection`
* Rename `createSAMLConfig` → `createSAMLConnection`
* Rename `createOIDCConfig` → `createOIDCConnection`
* Update swagger spec
* Rename `updateSAMLConfig` → `updateSAMLConnection`,
`updateOIDCConfig` → `updateOIDCConnection`
* Make `clientID`/`clientSecret` readOnly
* Rename `configStore` → `connectionStore`
* Update swagger spec
* Add `getConnection` + `deleteConnection`
* Remove `/api/v1/oidc/config`
and keep `api/v1/saml/config`
* Rename `getAllConfig` → `getAllConnection`
* Rename `readConfig` → `loadConnection`
* Rename `deleteConfiguration` → `deleteConnection`
* Add `preLoadedConnection` env
* Update map and cli
* Refactor api tests and rename config to connection
* Rename `configList` → `connectionList`
* Rename `samlConfig` → `samlConnection`
* Rename config -> connection
* Rename `config` → `connection`
* Rename counters for otl
* Sync package lock
* Remove api key validation from api route
* Update Admin ui title
* Update swagger
* Update otl metric descriptions
* Update var naming to connection
* Add strategy validation
* Add tests for invalid strategy
* Sync package lock
* Upgrade and pin version
* Update saml config api with deprecated
* Updated swagger spec for deprecated config api
* Bump package version
* Fix label
* - removed strategy for `get` and `delete`
- Type update
* Type updates
* getConnection -> getConnections,
deleteConnection -> deleteConnections
* Update swagger spec
* Use only for saml connection
* Remove slug from api routes
* API path updates
* Type updates
* Helper util for api routes to check strategy
* Type updates and api changes
* `OAuthReq` typings enhancement
* Narrowed down types for `OAuthTokenReq` and
`OIDCAuthzResponsePayload`
* `IdPConnection` -> `SSOConnection`
* Update cookie name to avoid clash
* Handle the uncaught case to prevent req hanging
* NextAuth + users providers
* Add a temporary fix for verification token - don't use it in production
* Admin ui files
* Admin controller
* getAll db apis
* IdP provider page and api route
* Fix padding
* Style fixes
* middleware to check session
* Loading state handling
* fetcher better response handling
* Add new provider form and api route
* Tab panel in client add form
* Tab switching plus new fields
* Flowbite config
* darkMode with flowbite
* Save config
* Update route path to saml
* Reusable component for add/edit
* cleanup
* Set Secret in NextAuth options
* Prettier lint changes
* Support for delete operation
* Link update
* PopUp Modal reusable component
* Popup confirm before delete
* disable SWR revalidation on focus
* Display IdP metadata, clientID,secret
* Header fixed positioning and style fixes
* Filter raw XML in edit mode
* Add name field to config
* - Edit/New form delta
- Split by newline
- Route back after POST
* Remove flowbite
* Remove flowbite [cleanup]
* Add description field
* updateConfig implementation
* Route PATCH to updateConfig
* Naming change
* Naming Client -> Connection
* AddEdit component updates
* Omit provider, returns full config
* Destructure session first
* Change to domain ACL
* Delete unused component
* Support glob and list of emails for ACL
* Delete unused CSS
* Update package lock
* Remove flowbite from content source
* Redirect to admin route
* Check session in Layout and redirect to login
* Logout in dropdown
* vertical alignment
* Show status message on save (edit)
* Consolidate fields to one long vertical column
* GetAll function for SQL and Add CreationDate and Modification Date for Mongo and SQL
* Add name as header
* Styling and opacity transition for status
* Configure button style fix
* overflow for smaller viewports and rounded border
* Fallback to default behavior of useSession
* Store, use and dispose (after signIn)
verification token in db
* Remove unused class
* Rename Connections ➡ Configurations
* Handle getAll and getConfig using slug
* Better naming
* Update fetch paths
* Refactor getAllConfig ➡ getConfig (By Id)
* Better naming
* Rename saml ➡ samlconf
* Use light theme by not defaulting to system theme
* Path update /samlconf ➡ /saml/config
* Fix path
* Revert manual changes
* getall funcationality and migration script
* message
* Updating migration file formating
* message
* Pull and fix package.json and lock file
* correcting the migration script formatting
* remove file
* add new migration files
* e2e with playwright
* Better naming
* Remove comment
* Make headless
* Run npm install from root
* Add e2e steps in workflow
* try with separate npm installs
* Move higher in the pipeline to test
* Fix quote
* Rely on npx
* fixed migration script formatting
* spelling correction
* headless for CI but false for local
* Use secret
* Type fixes for mongo
* [skip ci] Swagger annotation for getConfig
* Adding migration scriptis for all db's
* added migration script to prettierignore
* unformat migration script
* removing postgress migration files
* generate new migration files
* remove wrong migration files
* Add new migration files for mysql and mariadb
* [skip ci] Swagger annotation for updateConfig
* Return empty for update op
* Update swagger spec
* Fix type
* Wait for mongo to start
* Fix db_engine
* Test with pg
* Test with POSTGRES_DB env to auto create db
* Swap install-deps with install
* Use prod build
* enable @ts-ignore
* Test some fixes
* Can be omitted in next-auth v4, uses secret
* Move env to playwright config
* authDbSeed script needs the db and other secrets
* Typo
* Bad typo day 😅
* Again typo
* Set NEXTAUTH_URL
* Use prod build in CI
* Prefix the env for seeding
* Try with inline
* tidying up migration scripts
* fixed migration scripts
* Set env in actions yml
* Remove comma
* Target chromium
* Prefix the env
* Try inline in playwright
* print env
* Move build to action step
* Remove console log
* Let env sit on the job level
* Add ACL
* Fix attribute check
* Add name field
* add name in metadata preload config
* Use postgres
* Remove unneeded secret
* Remove env/options from mongo service
* Fix swagger
* Update swagger spec
* [skip ci] Fix eslint warning
* Add updateConfig test
* Add description to preloaded config
* [skip ci] cleanup
* minor fix
* Update comment
* Expose PATCH in config api
* Added missing validation for clientSecret
* Update swagger spec
* updated example postgres url, updated deps
* Redirect to saml config route
* Remove unused pages/routes
* Update in package lock
* Add primary and secondary colors to tailwind
* Swap icon
* Remove text-color and apply default theme
* Use the primary color from theme
* Reusable custom class for btn-primary
* Add link-primary reusable class
* Use primary secondary colors for main logo
* Show error status & color align with primary color
* Show product if name is absent
* Simplify required attribute setting,
'description' is not required
* Make description optional
* Fix placeholder text
* Swagger updates
* Add validation for description
* Swagger - add missing status codes & descriptions
* Update swagger artifact
* Fix styling for status message
* revalidate config on successful save
* style text highlight globally
* Fix cancel button style
* Set the main height to 100%-headerHeight,
add overflow
* removed default ACL, if someone forgets to change it then we might have Tony Stark logging into everyones instances :)
* print the arch/platform
* Collect platform info
* Disable swc and remove platform query steps
* Try with custom babel config to disable swc
* Add next.js build cache
* Refactor step
* trying swc
* Make name parameter optional
* Update form state from backend after save
* port 5000 -> 5225
* Handle empty value case for ACL
* bumped up version
Co-authored-by: Kiran <kiran@boxyhq.com>
Co-authored-by: Vishal Lodha <vishal@boxyhq.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Utkarsh Mehta <ukrocks.mehta@gmail.com>
* Add Swagger - wip
* Add OpenAPI Spec
* Add OpenAPI Spec
* APi Doc
* Add the api paths
* Add auth block
* Moved into swagger 2.0
* Fix the Swagger spec
* Revert the changes to middleware
* Remove the sample files
* Add jsdoc
* Add swagger spec
* Remove the package pako
* Pin the version
* Pin the version
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>