Merge branch 'master' into node-337-our-help-link-from-the-schedule-n…

…ode-is
n8n-io · Mar 30, 2023 · d92dc81 · d92dc81
2 parents 8795840 + 2216455
commit d92dc81
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 18 deletions.
diff --git a/.github/workflows/ci-master.yml b/.github/workflows/ci-master.yml
@@ -13,7 +13,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [14.x, 16.x]
+        node-version: [16.x]
 
     steps:
       - uses: actions/checkout@v3

diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml
@@ -51,22 +51,10 @@ jobs:
     secrets:
       CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
 
-  run-e2e-tests-node-14:
-    name: E2E [Electron/Node 14]
-    uses: ./.github/workflows/e2e-reusable.yml
-    if: ${{ github.event_name == 'schedule' }}
-    with:
-      branch: ${{ github.event.inputs.branch || 'master' }}
-      user: ${{ github.event.inputs.user || 'schedule' }}
-      spec: ${{ github.event.inputs.spec || 'e2e/*' }}
-      run-env: base:14.21.1
-    secrets:
-      CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
-
   calls-success-url-notify:
     name: Calls success URL and notifies
     runs-on: ubuntu-latest
-    needs: [run-e2e-tests, run-e2e-tests-node-14]
+    needs: [run-e2e-tests]
     if: ${{ github.event.inputs.success-url != '' }}
     steps:
       - name: Notify Slack on failure

diff --git a/packages/cli/BREAKING-CHANGES.md b/packages/cli/BREAKING-CHANGES.md
@@ -2,6 +2,20 @@
 
 This list shows all the versions which include breaking changes and how to upgrade.
 
+## 0.223.0
+
+### What changed?
+
+The minimum Node.js version required for n8n is now v16.
+
+### When is action necessary?
+
+If you're using n8n via npm or PM2 or if you're contributing to n8n.
+
+### How to upgrade:
+
+Update the Node.js version to v16 or above.
+
 ## 0.214.0
 
 ### What changed?

diff --git a/packages/cli/bin/n8n b/packages/cli/bin/n8n
@@ -21,10 +21,10 @@ if (process.argv.length === 2) {
 const nodeVersion = process.versions.node;
 const nodeVersionMajor = require('semver').major(nodeVersion);
 
-if (![14, 16, 18].includes(nodeVersionMajor)) {
+if (![16, 18].includes(nodeVersionMajor)) {
 	console.log(`
 	Your Node.js version (${nodeVersion}) is currently not supported by n8n.
-	Please use Node.js v14, v16 (recommended), or v18 instead!
+	Please use Node.js v16 (recommended), or v18 instead!
 	`);
 	process.exit(1);
 }

diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -54,7 +54,7 @@
     "workflow"
   ],
   "engines": {
-    "node": ">=14.0.0"
+    "node": ">=16.9"
   },
   "files": [
     "bin",

diff --git a/packages/cli/src/controllers/passwordReset.controller.ts b/packages/cli/src/controllers/passwordReset.controller.ts
@@ -7,6 +7,7 @@ import {
 	BadRequestError,
 	InternalServerError,
 	NotFoundError,
+	UnauthorizedError,
 	UnprocessableRequestError,
 } from '@/ResponseHelper';
 import {
@@ -24,6 +25,7 @@ import { PasswordResetRequest } from '@/requests';
 import type { IDatabaseCollections, IExternalHooksClass, IInternalHooksClass } from '@/Interfaces';
 import { issueCookie } from '@/auth/jwt';
 import { isLdapEnabled } from '@/Ldap/helpers';
+import { isSamlCurrentAuthenticationMethod } from '../sso/ssoHelpers';
 
 @RestController()
 export class PasswordResetController {
@@ -100,9 +102,18 @@ export class PasswordResetController {
 				email,
 				password: Not(IsNull()),
 			},
-			relations: ['authIdentities'],
+			relations: ['authIdentities', 'globalRole'],
 		});
 
+		if (isSamlCurrentAuthenticationMethod() && user?.globalRole.name !== 'owner') {
+			this.logger.debug(
+				'Request to send password reset email failed because login is handled by SAML',
+			);
+			throw new UnauthorizedError(
+				'Login is handled by SAML. Please contact your Identity Provider to reset your password.',
+			);
+		}
+
 		const ldapIdentity = user?.authIdentities?.find((i) => i.providerType === 'ldap');
 
 		if (!user?.password || (ldapIdentity && user.disabled)) {

diff --git a/packages/cli/test/integration/passwordReset.api.test.ts b/packages/cli/test/integration/passwordReset.api.test.ts
@@ -14,6 +14,7 @@ import {
 	randomValidPassword,
 } from './shared/random';
 import * as testDb from './shared/testDb';
+import { setCurrentAuthenticationMethod } from '@/sso/ssoHelpers';
 
 jest.mock('@/UserManagement/email/NodeMailer');
 
@@ -74,6 +75,35 @@ describe('POST /forgot-password', () => {
 		expect(storedOwner.resetPasswordToken).toBeNull();
 	});
 
+	test('should fail if SAML is authentication method', async () => {
+		await setCurrentAuthenticationMethod('saml');
+		config.set('userManagement.emails.mode', 'smtp');
+		const member = await testDb.createUser({
+			email: '[email protected]',
+			globalRole: globalMemberRole,
+		});
+
+		await authlessAgent.post('/forgot-password').send({ email: member.email }).expect(403);
+
+		const storedOwner = await Db.collections.User.findOneByOrFail({ email: member.email });
+		expect(storedOwner.resetPasswordToken).toBeNull();
+		await setCurrentAuthenticationMethod('email');
+	});
+
+	test('should succeed if SAML is authentication method and requestor is owner', async () => {
+		await setCurrentAuthenticationMethod('saml');
+		config.set('userManagement.emails.mode', 'smtp');
+
+		const response = await authlessAgent.post('/forgot-password').send({ email: owner.email });
+
+		expect(response.statusCode).toBe(200);
+		expect(response.body).toEqual({});
+
+		const storedOwner = await Db.collections.User.findOneByOrFail({ email: owner.email });
+		expect(storedOwner.resetPasswordToken).not.toBeNull();
+		await setCurrentAuthenticationMethod('email');
+	});
+
 	test('should fail with invalid inputs', async () => {
 		config.set('userManagement.emails.mode', 'smtp');