cacf275a99
* Prevent SSO users from setting / resetting a password * Add support for ENABLE_SSO_MAINTENANCE_MODE * Add typing to self api and build out user update sdk * Integrate sso checks with user sdk. Integrate user sdk with self api * Test fixes * Move self update into SDK * Lock down maintenance mode to admin user * Fix typo * Add health status response and return type signature to accounts.getStatus * Remove some unnecessary comments * Make sso save user function non optional * Remove redundant check on sso auth details provider * Update syncProfilePicture function name to getProfilePictureUrl * Update packages/worker/src/sdk/users/events.ts Co-authored-by: Adria Navarro <adria@revityapp.com> * Add ENABLE_EMAIL_TEST_MODE flag * Fix for logging in as sso user when existing user has password already * Hide password update and force reset from ui for sso users * Always disable sso maintenance mode in cloud --------- Co-authored-by: Adria Navarro <adria@revityapp.com>
100 lines
2 KiB
TypeScript
100 lines
2 KiB
TypeScript
import {
|
|
GoogleInnerConfig,
|
|
JwtClaims,
|
|
OIDCInnerConfig,
|
|
OIDCWellKnownConfig,
|
|
SSOAuthDetails,
|
|
SSOProfile,
|
|
SSOProviderType,
|
|
User,
|
|
} from "@budibase/types"
|
|
import { uuid, generator, users, email } from "./index"
|
|
import _ from "lodash"
|
|
|
|
export function providerType(): SSOProviderType {
|
|
return _.sample(Object.values(SSOProviderType)) as SSOProviderType
|
|
}
|
|
|
|
export function ssoProfile(user?: User): SSOProfile {
|
|
if (!user) {
|
|
user = users.user()
|
|
}
|
|
return {
|
|
id: user._id!,
|
|
name: {
|
|
givenName: user.firstName,
|
|
familyName: user.lastName,
|
|
},
|
|
_json: {
|
|
email: user.email,
|
|
picture: "http://test.com",
|
|
},
|
|
provider: generator.string(),
|
|
}
|
|
}
|
|
|
|
export function authDetails(user?: User): SSOAuthDetails {
|
|
if (!user) {
|
|
user = users.user()
|
|
}
|
|
|
|
const userId = user._id || uuid()
|
|
const provider = generator.string()
|
|
|
|
const profile = ssoProfile(user)
|
|
profile.provider = provider
|
|
profile.id = userId
|
|
|
|
return {
|
|
email: user.email,
|
|
oauth2: {
|
|
refreshToken: generator.string(),
|
|
accessToken: generator.string(),
|
|
},
|
|
profile,
|
|
provider,
|
|
providerType: providerType(),
|
|
userId,
|
|
}
|
|
}
|
|
|
|
// OIDC
|
|
|
|
export function oidcConfig(): OIDCInnerConfig {
|
|
return {
|
|
uuid: uuid(),
|
|
activated: true,
|
|
logo: "",
|
|
name: generator.string(),
|
|
configUrl: "http://someconfigurl",
|
|
clientID: generator.string(),
|
|
clientSecret: generator.string(),
|
|
}
|
|
}
|
|
|
|
// response from .well-known/openid-configuration
|
|
export function oidcWellKnownConfig(): OIDCWellKnownConfig {
|
|
return {
|
|
issuer: generator.string(),
|
|
authorization_endpoint: generator.url(),
|
|
token_endpoint: generator.url(),
|
|
userinfo_endpoint: generator.url(),
|
|
}
|
|
}
|
|
|
|
export function jwtClaims(): JwtClaims {
|
|
return {
|
|
email: email(),
|
|
preferred_username: email(),
|
|
}
|
|
}
|
|
|
|
// GOOGLE
|
|
|
|
export function googleConfig(): GoogleInnerConfig {
|
|
return {
|
|
activated: true,
|
|
clientID: generator.string(),
|
|
clientSecret: generator.string(),
|
|
}
|
|
}
|