feat(core): Add SAML login setup (#5515)

* initial commit with sample data * basic saml setup * cleanup console logs * limit saml endpoints through middleware * basic login and token issue * saml service and cleanup * refactor and create user * get/set saml prefs * fix authentication issue * redirect to user details * merge fix * add generated password to saml user * update user from attributes where possible * refactor and fix creating new user * rename saml prefs key * minor cleanup * Update packages/cli/src/config/schema.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * Update packages/cli/src/config/schema.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * Update packages/cli/src/controllers/auth.controller.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * code review changes * fix default saml enabled * remove console.log * fix isSamlLicensed --------- Co-authored-by: Omar Ajoue <krynble@gmail.com>
2025-12-22 04:10:01 +00:00 · 2023-02-24 20:37:19 +01:00
parent d09ca875ec
commit 40a934bbb4
24 changed files with 745 additions and 21 deletions
--- a/packages/cli/src/sso/saml/middleware/samlEnabledMiddleware.ts
+++ b/packages/cli/src/sso/saml/middleware/samlEnabledMiddleware.ts
@@ -0,0 +1,24 @@
+import type { RequestHandler } from 'express';
+import type { AuthenticatedRequest } from '../../../requests';
+import { isSamlCurrentAuthenticationMethod } from '../../ssoHelpers';
+import { isSamlEnabled, isSamlLicensed } from '../samlHelpers';
+
+export const samlLicensedOwnerMiddleware: RequestHandler = (
+	req: AuthenticatedRequest,
+	res,
+	next,
+) => {
+	if (isSamlLicensed() && req.user?.globalRole.name === 'owner') {
+		next();
+	} else {
+		res.status(401).json({ status: 'error', message: 'Unauthorized' });
+	}
+};
+
+export const samlLicensedAndEnabledMiddleware: RequestHandler = (req, res, next) => {
+	if (isSamlEnabled() && isSamlLicensed() && isSamlCurrentAuthenticationMethod()) {
+		next();
+	} else {
+		res.status(401).json({ status: 'error', message: 'Unauthorized' });
+	}
+};