refactor(core): Enforce authorization by default on all routes (no-changelog) (#8762)
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
committed by
GitHub
GitHub
parent
2811f77798
commit
db4a419c8d
@@ -3,8 +3,7 @@ import { validate } from 'class-validator';
|
||||
import type { PostBindingContext } from 'samlify/types/src/entity';
|
||||
import url from 'url';
|
||||
|
||||
import { Authorized, Get, NoAuthRequired, Post, RestController, GlobalScope } from '@/decorators';
|
||||
|
||||
import { Get, Post, RestController, GlobalScope } from '@/decorators';
|
||||
import { AuthService } from '@/auth/auth.service';
|
||||
import { AuthenticatedRequest } from '@/requests';
|
||||
import { InternalHooks } from '@/InternalHooks';
|
||||
@@ -31,7 +30,6 @@ import { SamlService } from '../saml.service.ee';
|
||||
import { SamlConfiguration } from '../types/requests';
|
||||
import { getInitSSOFormView } from '../views/initSsoPost';
|
||||
|
||||
@Authorized()
|
||||
@RestController('/sso/saml')
|
||||
export class SamlController {
|
||||
constructor(
|
||||
@@ -41,8 +39,7 @@ export class SamlController {
|
||||
private readonly internalHooks: InternalHooks,
|
||||
) {}
|
||||
|
||||
@NoAuthRequired()
|
||||
@Get(SamlUrls.metadata)
|
||||
@Get(SamlUrls.metadata, { skipAuth: true })
|
||||
async getServiceProviderMetadata(_: express.Request, res: express.Response) {
|
||||
return res
|
||||
.header('Content-Type', 'text/xml')
|
||||
@@ -53,7 +50,6 @@ export class SamlController {
|
||||
* GET /sso/saml/config
|
||||
* Return SAML config
|
||||
*/
|
||||
@Authorized('any')
|
||||
@Get(SamlUrls.config, { middlewares: [samlLicensedMiddleware] })
|
||||
async configGet() {
|
||||
const prefs = this.samlService.samlPreferences;
|
||||
@@ -101,8 +97,7 @@ export class SamlController {
|
||||
* GET /sso/saml/acs
|
||||
* Assertion Consumer Service endpoint
|
||||
*/
|
||||
@NoAuthRequired()
|
||||
@Get(SamlUrls.acs, { middlewares: [samlLicensedMiddleware] })
|
||||
@Get(SamlUrls.acs, { middlewares: [samlLicensedMiddleware], skipAuth: true })
|
||||
async acsGet(req: SamlConfiguration.AcsRequest, res: express.Response) {
|
||||
return await this.acsHandler(req, res, 'redirect');
|
||||
}
|
||||
@@ -111,8 +106,7 @@ export class SamlController {
|
||||
* POST /sso/saml/acs
|
||||
* Assertion Consumer Service endpoint
|
||||
*/
|
||||
@NoAuthRequired()
|
||||
@Post(SamlUrls.acs, { middlewares: [samlLicensedMiddleware] })
|
||||
@Post(SamlUrls.acs, { middlewares: [samlLicensedMiddleware], skipAuth: true })
|
||||
async acsPost(req: SamlConfiguration.AcsRequest, res: express.Response) {
|
||||
return await this.acsHandler(req, res, 'post');
|
||||
}
|
||||
@@ -177,8 +171,7 @@ export class SamlController {
|
||||
* Access URL for implementing SP-init SSO
|
||||
* This endpoint is available if SAML is licensed and enabled
|
||||
*/
|
||||
@NoAuthRequired()
|
||||
@Get(SamlUrls.initSSO, { middlewares: [samlLicensedAndEnabledMiddleware] })
|
||||
@Get(SamlUrls.initSSO, { middlewares: [samlLicensedAndEnabledMiddleware], skipAuth: true })
|
||||
async initSsoGet(req: express.Request, res: express.Response) {
|
||||
let redirectUrl = '';
|
||||
try {
|
||||
|
||||
Reference in New Issue
Block a user