mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Add initial scope checks via decorators (#7737)

Browse Source
This commit is contained in:
Val
2023-11-28 11:41:34 +00:00
committed by GitHub
parent 753cbc1e96
commit a37f1cb0ba
22 changed files with 233 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
packages/cli/src/sso/saml/routes/saml.controller.ee.ts
View File

@@ -1,7 +1,14 @@
import express from 'express';
import { Container, Service } from 'typedi';
import { getInstanceBaseUrl } from '@/UserManagement/UserManagementHelper';
import { Authorized, Get, NoAuthRequired, Post, RestController } from '@/decorators';
import {
Authorized,
Get,
NoAuthRequired,
Post,
RestController,
RequireGlobalScope,
} from '@/decorators';
import { SamlUrls } from '../constants';
import {
samlLicensedAndEnabledMiddleware,
@@ -30,6 +37,7 @@ import { BadRequestError } from '@/errors/response-errors/bad-request.error';
import { AuthError } from '@/errors/response-errors/auth.error';
@Service()
@Authorized()
@RestController('/sso/saml')
export class SamlController {
constructor(private samlService: SamlService) {}
@@ -61,8 +69,8 @@ export class SamlController {
* POST /sso/saml/config
* Set SAML config
*/
@Authorized(['global', 'owner'])
@Post(SamlUrls.config, { middlewares: [samlLicensedMiddleware] })
@RequireGlobalScope('saml:manage')
async configPost(req: SamlConfiguration.Update) {
const validationResult = await validate(req.body);
if (validationResult.length === 0) {
@@ -80,8 +88,8 @@ export class SamlController {
* POST /sso/saml/config/toggle
* Set SAML config
*/
@Authorized(['global', 'owner'])
@Post(SamlUrls.configToggleEnabled, { middlewares: [samlLicensedMiddleware] })
@RequireGlobalScope('saml:manage')
async toggleEnabledPost(req: SamlConfiguration.Toggle, res: express.Response) {
if (req.body.loginEnabled === undefined) {
throw new BadRequestError('Body should contain a boolean "loginEnabled" property');
@@ -196,8 +204,8 @@ export class SamlController {
* Test SAML config
* This endpoint is available if SAML is licensed and the requestor is an instance owner
*/
@Authorized(['global', 'owner'])
@Get(SamlUrls.configTest, { middlewares: [samlLicensedMiddleware] })
@RequireGlobalScope('saml:manage')
async configTestGet(req: AuthenticatedRequest, res: express.Response) {
return this.handleInitSSO(res, getServiceProviderConfigTestReturnUrl());
}