Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: sso implementation #2523

Open
wants to merge 83 commits into
base: sso
Choose a base branch
from
Open

feat: sso implementation #2523

wants to merge 83 commits into from

Conversation

huglx
Copy link
Collaborator

@huglx huglx commented Oct 6, 2024

What I have done:

  • adding SSO providers
  • logging via SSO
  • New users now become a member of the organization that issued the SSO provider
  • customized login page for self-hosted instances
  • started writing tests

What I plan to add:

  • collect the user's role that the organization set for them and grant these roles to the user
  • more test coverage
  • simplify adding a provider (there is a URL that calls .../well-known/openid-configuration, and through this URL, I can fetch all needed URLs)

tbc

@huglx
feat: create dynamic client registration
a52e18e
@huglx
feat: Add a tenant to configure the dynamic configuration of providers.
278aa62
@huglx
feat: Add a controller to fetch callbacks from the provider and retur…
140c6df 
…n a JWT token for login.
@huglx
feat: Add a controller to dynamically configure providers
b5e75b9
@huglx
feat: add sso login to FE
f7b8c0a
@huglx
fix: move auth logic from controller to service
4a14242
@huglx
feat: add custom exceptions
8302d33
@huglx
fix: add component annotation
10a70b7
@huglx
feat: save domain with port if presents
ac291db
@huglx
fix: change url
1143485
@huglx
fix: add more properties CreateProviderRequest
d8dfdb8
@huglx
fix: The function wasn't marked as a transaction, so it caused a data…
e6a8cd3 
… integrity exception.
@huglx
feat: add an ability to accept invitation code to backend part
fccbe74
@huglx
feat: add properties to enable custom logo & button text
de3cd3c
@huglx
feat: add create sso provider route
8d285fa
@huglx
feat: add an ability to set custom login logo to FE
e866ebb
@huglx
feat: add create sso provider links
10f4022
@huglx
feat: pass invitationCode to BE
c468f2c
@huglx
feat: display saved provider on FE
bf60293
@huglx
feat: verify id token to improve security
b7297a0
@huglx
feat: disable/enable sso provider FE
45acdfe
@huglx
feat: also set jwk uri in ClientRegistration
f1e4999
@huglx
feat: now a new user logged in via sso is a member of the organizatio…
0477f25 
…n that issued the sso provider
@huglx
feat: refactor login form FE
8a83e52
@huglx
feat: enable/disable provider
0cc553d
@huglx
feat: add function to add user to the org.
d21a845
@huglx
feat: throw if sso provider is disabled
c906b4e
@huglx
fix: code clean up
40e444d
@huglx
chore: test
e494b5c
@huglx
feat: configuration to parse jwt token
fdfa217
@huglx
Copy link
Collaborator Author

huglx commented Oct 11, 2024

I have gone through all the change requests. I just have a question about the validation schema. I created SSO_PROVIDER in GlobalValidationSchema and added it to the form. Is this the correct way to do it? Or is there another way to do it?

On the weekend, I plan to write tests and documentation, so I hope it will be ready by Monday.

@JanCizmar
Copy link
Contributor

I have gone through all the change requests. I just have a question about the validation schema. I created SSO_PROVIDER in GlobalValidationSchema and added it to the form. Is this the correct way to do it? Or is there another way to do it?

On the weekend, I plan to write tests and documentation, so I hope it will be ready by Monday.

yes, that's correct approach.

@JanCizmar JanCizmar self-requested a review October 17, 2024 14:48
JanCizmar
JanCizmar requested changes Oct 17, 2024
View reviewed changes
backend/data/src/main/kotlin/io/tolgee/configuration/tolgee/AuthenticationProperties.kt
)
var customLogoUrl: String? =
"https://user-images.githubusercontent.com/18496315/188628892-33fcc282-26f1-4035-8105-95952bd93de9.svg",
"/favicon.svg",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should not be Tolgee Logo.

e2e/cypress/common/apiCalls/common.ts
@@ -195,6 +195,26 @@ export const setTranslations = (
method: 'POST',
});

export const setSsoProvider = () => {
const sql = `insert into ee.tenant (id, organization_id, domain, client_id, client_secret, authorization_uri,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't you create test data for this?

e2e/cypress/e2e/security/login.cy.ts
@@ -31,6 +35,22 @@ context('Login', () => {
cy.gcy('global-language-menu').should('be.visible');
});

context('Test Suite for SSO Login', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
context('Test Suite for SSO Login', () => {
context('SSO Login', () => {

ee/backend/app/src/main/kotlin/io/tolgee/ee/service/OAuthService.kt
@@ -163,7 +152,7 @@ class OAuthService(
domain = tenant.domain,
organizationId = tenant.organizationId,
)
val user = oAuthUserHandler.findOrCreateUser(userData, invitationCode, tenant.domain)
val user = oAuthUserHandler.findOrCreateUser(userData, invitationCode, "sso")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Search only for users with the same SSO domain.

ee/backend/tests/src/test/kotlin/io/tolgee/ee/OAuthTest.kt
val response = oAuthMultiTenantsMocks.authorize("registrationId")
assertThat(response.response.status).isEqualTo(200)
val result = jacksonObjectMapper().readValue(response.response.contentAsString, HashMap::class.java)
Assertions.assertThat(result["accessToken"]).isNotNull
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use result["accessToken"].assert.isNotNull syntax

ee/backend/tests/src/test/kotlin/io/tolgee/ee/utils/OAuthMultiTenantsMocks.kt
).thenReturn(defaultTokenResponse)
).thenReturn(tokenResponse)

// mock parsing of jwt
mockJwk()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be called mockJwt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JanCizmar JanCizmar JanCizmar requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add SSO feature to Cloud and Self-hosted
2 participants
@huglx @JanCizmar