mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(core): Improve ldap/saml toggle and tests (#5771)

Browse Source 
* improve ldap/saml toggle and tests

* import cleanup

* reject regular login users when saml is enabled

* lint fix
This commit is contained in:
Michael Auerswald
2023-03-24 17:46:06 +01:00
committed by GitHub
parent 30aeeb70b4
commit 47ee357059
9 changed files with 186 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
packages/cli/src/sso/saml/samlHelpers.ts
View File

@@ -16,6 +16,7 @@ import {
isSamlCurrentAuthenticationMethod,
setCurrentAuthenticationMethod,
} from '../ssoHelpers';
import { LoggerProxy } from 'n8n-workflow';
/**
* Check whether the SAML feature is licensed and enabled in the instance
*/
@@ -29,14 +30,19 @@ export function getSamlLoginLabel(): string {
// can only toggle between email and saml, not directly to e.g. ldap
export async function setSamlLoginEnabled(enabled: boolean): Promise<void> {
if (enabled) {
if (isEmailCurrentAuthenticationMethod()) {
config.set(SAML_LOGIN_ENABLED, true);
await setCurrentAuthenticationMethod('saml');
}
} else {
if (config.get(SAML_LOGIN_ENABLED) === enabled) {
return;
}
if (enabled && isEmailCurrentAuthenticationMethod()) {
config.set(SAML_LOGIN_ENABLED, true);
await setCurrentAuthenticationMethod('saml');
} else if (!enabled && isSamlCurrentAuthenticationMethod()) {
config.set(SAML_LOGIN_ENABLED, false);
await setCurrentAuthenticationMethod('email');
} else {
LoggerProxy.warn(
'Cannot switch SAML login enabled state when an authentication method other than email is active',
);
}
}

46
packages/cli/src/sso/ssoHelpers.ts
View File

@@ -2,22 +2,12 @@ import config from '@/config';
import * as Db from '@/Db';
import type { AuthProviderType } from '@/databases/entities/AuthIdentity';
export function isSamlCurrentAuthenticationMethod(): boolean {
return config.getEnv('userManagement.authenticationMethod') === 'saml';
}
export function isEmailCurrentAuthenticationMethod(): boolean {
return config.getEnv('userManagement.authenticationMethod') === 'email';
}
export function isSsoJustInTimeProvisioningEnabled(): boolean {
return config.getEnv('sso.justInTimeProvisioning');
}
export function doRedirectUsersFromLoginToSsoFlow(): boolean {
return config.getEnv('sso.redirectLoginToSso');
}
/**
* Only one authentication method can be active at a time. This function sets the current authentication method
* and saves it to the database.
* SSO methods should only switch to email and then to another method. Email can switch to any method.
* @param authenticationMethod
*/
export async function setCurrentAuthenticationMethod(
authenticationMethod: AuthProviderType,
): Promise<void> {
@@ -28,3 +18,27 @@ export async function setCurrentAuthenticationMethod(
loadOnStartup: true,
});
}
export function getCurrentAuthenticationMethod(): AuthProviderType {
return config.getEnv('userManagement.authenticationMethod');
}
export function isSamlCurrentAuthenticationMethod(): boolean {
return getCurrentAuthenticationMethod() === 'saml';
}
export function isLdapCurrentAuthenticationMethod(): boolean {
return getCurrentAuthenticationMethod() === 'ldap';
}
export function isEmailCurrentAuthenticationMethod(): boolean {
return getCurrentAuthenticationMethod() === 'email';
}
export function isSsoJustInTimeProvisioningEnabled(): boolean {
return config.getEnv('sso.justInTimeProvisioning');
}
export function doRedirectUsersFromLoginToSsoFlow(): boolean {
return config.getEnv('sso.redirectLoginToSso');
}