Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(sso): disable slug edit if sso enabled #3621

Merged
merged 3 commits into from
Dec 3, 2024
Merged

fix(sso): disable slug edit if sso enabled #3621

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
06a7e71
fix(sso): disable slug edit if sso enabled
cdriesler Dec 3, 2024
be43973
fix(sso): guard on backend
cdriesler Dec 3, 2024
6716916
chore(sso): more test fixes
cdriesler Dec 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 15 additions & 6 deletions packages/frontend-2/components/settings/workspaces/General.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@
label="Short ID"
name="shortId"
:help="slugHelp"
:disabled="!isAdmin || needsSsoLogin"
:disabled="disableSlugInput"
show-label
label-position="left"
:tooltip-text="disabledTooltipText"
:tooltip-text="disabledSlugTooltipText"
read-only
:right-icon="isAdmin || needsSsoLogin ? IconEdit : undefined"
right-icon-title="Edit short ID"
@right-icon-click="openSlugEditDialog"
:right-icon="disableSlugInput ? undefined : IconEdit"
:right-icon-title="disableSlugInput ? undefined : 'Edit short ID'"
@right-icon-click="disableSlugInput ? undefined : openSlugEditDialog"
/>
<hr class="my-4 border-outline-3" />
<FormTextInput
Expand Down Expand Up @@ -210,7 +210,7 @@ const { result: workspaceResult, onResult } = useQuery(
})
)
const config = useRuntimeConfig()
const { needsSsoLogin } = useWorkspaceSsoStatus({
const { hasSsoEnabled, needsSsoLogin } = useWorkspaceSsoStatus({
workspaceSlug: computed(() => workspaceResult.value?.workspace?.slug || '')
})

Expand Down Expand Up @@ -319,7 +319,16 @@ const disabledTooltipText = computed(() => {
return undefined
})

const disableSlugInput = computed(() => !isAdmin.value || hasSsoEnabled.value)

const disabledSlugTooltipText = computed(() => {
return hasSsoEnabled.value
? 'Short ID cannot be changed while SSO is enabled.'
: disabledTooltipText.value
})

const openSlugEditDialog = () => {
if (hasSsoEnabled.value) return
showEditSlugDialog.value = true
}

Expand Down
8 changes: 8 additions & 0 deletions packages/server/modules/workspaces/graph/resolvers/workspaces.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -517,6 +517,10 @@ export = FF_WORKSPACES_MODULE_ENABLED
getWorkspaceBySlug: getWorkspaceBySlugFactory({ db })
}),
getWorkspace: getWorkspaceWithDomainsFactory({ db }),
getWorkspaceSsoProviderRecord: getWorkspaceSsoProviderFactory({
db,
decrypt: getDecryptor()
}),
upsertWorkspace: upsertWorkspaceFactory({ db }),
emitWorkspaceEvent: getEventBus().emit
})
Expand Down Expand Up @@ -620,6 +624,10 @@ export = FF_WORKSPACES_MODULE_ENABLED
getWorkspaceBySlug: getWorkspaceBySlugFactory({ db })
}),
getWorkspace: getWorkspaceWithDomainsFactory({ db }),
getWorkspaceSsoProviderRecord: getWorkspaceSsoProviderFactory({
db,
decrypt: getDecryptor()
}),
upsertWorkspace: upsertWorkspaceFactory({ db }),
emitWorkspaceEvent: getEventBus().emit
})
Expand Down
16 changes: 14 additions & 2 deletions packages/server/modules/workspaces/services/management.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,10 @@ import { userEmailsCompliantWithWorkspaceDomains } from '@/modules/workspaces/do
import { workspaceRoles as workspaceRoleDefinitions } from '@/modules/workspaces/roles'
import { blockedDomains } from '@speckle/shared'
import { DeleteStreamRecord } from '@/modules/core/domain/streams/operations'
import { DeleteSsoProvider } from '@/modules/workspaces/domain/sso/operations'
import {
DeleteSsoProvider,
GetWorkspaceSsoProviderRecord
} from '@/modules/workspaces/domain/sso/operations'

type WorkspaceCreateArgs = {
userId: string
Expand Down Expand Up @@ -230,11 +233,13 @@ const sanitizeInput = (input: Partial<Workspace>) => {
export const updateWorkspaceFactory =
({
getWorkspace,
getWorkspaceSsoProviderRecord,
validateSlug,
upsertWorkspace,
emitWorkspaceEvent
}: {
getWorkspace: GetWorkspaceWithDomains
getWorkspaceSsoProviderRecord: GetWorkspaceSsoProviderRecord
validateSlug: ValidateWorkspaceSlug
upsertWorkspace: UpsertWorkspace
emitWorkspaceEvent: EventBus['emit']
Expand All @@ -253,7 +258,14 @@ export const updateWorkspaceFactory =
throw new WorkspaceInvalidUpdateError()
}

if (workspaceInput.slug) await validateSlug({ slug: workspaceInput.slug })
if (workspaceInput.slug) {
const ssoProvider = await getWorkspaceSsoProviderRecord({ workspaceId })
if (ssoProvider)
throw new WorkspaceInvalidUpdateError(
'Cannot update workspace slug if SSO is configured.'
)
await validateSlug({ slug: workspaceInput.slug })
}

const workspace = {
...omit(currentWorkspace, 'domains'),
Expand Down
1 change: 1 addition & 0 deletions packages/server/modules/workspaces/tests/helpers/creation.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ export const createTestWorkspace = async (
getWorkspaceBySlug: getWorkspaceBySlugFactory({ db })
}),
getWorkspace: getWorkspaceWithDomainsFactory({ db }),
getWorkspaceSsoProviderRecord: getWorkspaceSsoProviderRecordFactory({ db }),
upsertWorkspace: upsertWorkspaceFactory({ db }),
emitWorkspaceEvent: (...args) => getEventBus().emit(...args)
})
Expand Down
38 changes: 38 additions & 0 deletions packages/server/modules/workspaces/tests/unit/services/management.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,7 @@ describe('Workspace services', () => {
const err = await expectToThrow(async () => {
await updateWorkspaceFactory({
getWorkspace: async () => null,
getWorkspaceSsoProviderRecord: async () => null,
validateSlug: async () => {
expect.fail()
},
Expand All @@ -292,6 +293,7 @@ describe('Workspace services', () => {
const err = await expectToThrow(async () => {
await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => null,
emitWorkspaceEvent: async () => {
expect.fail()
},
Expand All @@ -315,6 +317,7 @@ describe('Workspace services', () => {
const err = await expectToThrow(async () => {
await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => null,
emitWorkspaceEvent: async () => {
expect.fail()
},
Expand All @@ -338,6 +341,7 @@ describe('Workspace services', () => {
const err = await expectToThrow(async () => {
await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => null,
emitWorkspaceEvent: async () => {
expect.fail()
},
Expand All @@ -361,6 +365,7 @@ describe('Workspace services', () => {
const err = await expectToThrow(async () => {
await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => null,
emitWorkspaceEvent: async () => {
expect.fail()
},
Expand All @@ -383,6 +388,7 @@ describe('Workspace services', () => {
const err = await expectToThrow(async () => {
await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => null,
emitWorkspaceEvent: async () => {
expect.fail()
},
Expand All @@ -406,6 +412,7 @@ describe('Workspace services', () => {
let newWorkspaceName
await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => null,
emitWorkspaceEvent: async () => {},
validateSlug: async () => {},

Expand All @@ -418,6 +425,36 @@ describe('Workspace services', () => {
})
expect(newWorkspaceName).to.be.equal(workspace.name)
})

it('does not allow updating the workspace slug if SSO is enabled', async () => {
const workspace = createTestWorkspaceWithDomainsData()

const err = await expectToThrow(async () => {
await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => ({
workspaceId: 'foo',
providerId: 'bar'
}),
emitWorkspaceEvent: async () => {
expect.fail()
},
validateSlug: async () => {},
upsertWorkspace: async () => {
expect.fail()
}
})({
workspaceId: workspace.id,
workspaceInput: {
slug: 'new-slug'
}
})
})
expect(err.message).to.be.equal(
'Cannot update workspace slug if SSO is configured.'
)
})

it('updates the workspace and emits the correct event payload', async () => {
const workspaceId = cryptoRandomString({ length: 10 })
const workspace = createTestWorkspaceWithDomainsData({
Expand All @@ -444,6 +481,7 @@ describe('Workspace services', () => {

await updateWorkspaceFactory({
getWorkspace: async () => workspace,
getWorkspaceSsoProviderRecord: async () => null,
emitWorkspaceEvent: async () => {},
validateSlug: async () => {},
upsertWorkspace: async ({ workspace }) => {
Expand Down