feat(core): Add SAML login setup (#5515)

* initial commit with sample data * basic saml setup * cleanup console logs * limit saml endpoints through middleware * basic login and token issue * saml service and cleanup * refactor and create user * get/set saml prefs * fix authentication issue * redirect to user details * merge fix * add generated password to saml user * update user from attributes where possible * refactor and fix creating new user * rename saml prefs key * minor cleanup * Update packages/cli/src/config/schema.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * Update packages/cli/src/config/schema.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * Update packages/cli/src/controllers/auth.controller.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * code review changes * fix default saml enabled * remove console.log * fix isSamlLicensed --------- Co-authored-by: Omar Ajoue <krynble@gmail.com>
2023-02-24 20:37:19 +01:00
parent d09ca875ec
commit 40a934bbb4
24 changed files with 745 additions and 21 deletions
--- a/packages/cli/src/middlewares/auth.ts
+++ b/packages/cli/src/middlewares/auth.ts
@@ -18,6 +18,7 @@ import {
 } from '@/UserManagement/UserManagementHelper';
 import type { Repository } from 'typeorm';
 import type { User } from '@db/entities/User';
+import { SamlUrls } from '../sso/saml/constants';

 const jwtFromRequest = (req: Request) => {
 	// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
@@ -95,6 +96,9 @@ export const setupAuthMiddlewares = (
 			req.url.startsWith(`/${restEndpoint}/change-password`) ||
 			req.url.startsWith(`/${restEndpoint}/oauth2-credential/callback`) ||
 			req.url.startsWith(`/${restEndpoint}/oauth1-credential/callback`) ||
+			req.url.startsWith(`/${restEndpoint}/sso/saml${SamlUrls.metadata}`) ||
+			req.url.startsWith(`/${restEndpoint}/sso/saml${SamlUrls.initSSO}`) ||
+			req.url.startsWith(`/${restEndpoint}/sso/saml${SamlUrls.acs}`) ||
 			isAuthExcluded(req.url, ignoredEndpoints)
 		) {
 			return next();