1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-12-01 12:24:28 +01:00

(feat) add sp certificate for saml provider

This commit is contained in:
Du Peng 2024-03-27 14:41:30 +01:00
parent 584f3bc4a8
commit 407c0173ab
20 changed files with 100 additions and 14 deletions

View File

@ -4,6 +4,7 @@
- improvement: add loader for create/delete availability slot - improvement: add loader for create/delete availability slot
- improvement: allow admin configure memeber's profile gender/birthday as required - improvement: allow admin configure memeber's profile gender/birthday as required
- improvement: add sp certificate for saml provider
- Fix a bug: unable to update a space with a deleted machine - Fix a bug: unable to update a space with a deleted machine
- Fix a bug: unable to get invoice payment details if the account code is same for card/transfer payment method - Fix a bug: unable to get invoice payment details if the account code is same for card/transfer payment method
- updates translations - updates translations

View File

@ -108,7 +108,8 @@ class API::AuthProvidersController < API::APIController
elsif params['auth_provider']['providable_type'] == SamlProvider.name elsif params['auth_provider']['providable_type'] == SamlProvider.name
params.require(:auth_provider) params.require(:auth_provider)
.permit(:id, :name, :providable_type, .permit(:id, :name, :providable_type,
providable_attributes: [:id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url], providable_attributes: %i[id sp_entity_id idp_sso_service_url profile_url idp_cert_fingerprint idp_cert
idp_slo_service_url authn_requests_signed want_assertions_signed sp_certificate sp_private_key],
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type, auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
:_destroy, { transformation: [:type, :format, :true_value, :false_value, :_destroy, { transformation: [:type, :format, :true_value, :false_value,
{ mapping: %i[from to] }] }]) { mapping: %i[from to] }] }])

View File

@ -118,7 +118,7 @@ export const ProviderForm: React.FC<ProviderFormProps> = ({ action, provider, on
currentFormValues={output.providable_attributes as OpenIdConnectProvider} currentFormValues={output.providable_attributes as OpenIdConnectProvider}
formState={formState} formState={formState}
setValue={setValue} />} setValue={setValue} />}
{providableType === 'SamlProvider' && <SamlForm register={register} strategyName={strategyName} formState={formState} />} {providableType === 'SamlProvider' && <SamlForm register={register} control={control} strategyName={strategyName} formState={formState} />}
{providableType && providableType !== 'DatabaseProvider' && <DataMappingForm register={register} {providableType && providableType !== 'DatabaseProvider' && <DataMappingForm register={register}
control={control} control={control}
formState={formState} formState={formState}

View File

@ -1,12 +1,13 @@
import { FormInput } from '../form/form-input'; import { FormInput } from '../form/form-input';
import { UseFormRegister, FormState } from 'react-hook-form'; import { FormSwitch } from '../form/form-switch';
import { UseFormRegister, FormState, Control } from 'react-hook-form';
import { FieldValues } from 'react-hook-form/dist/types/fields'; import { FieldValues } from 'react-hook-form/dist/types/fields';
import { useTranslation } from 'react-i18next'; import { useTranslation } from 'react-i18next';
import { FabOutputCopy } from '../base/fab-output-copy'; import { FabOutputCopy } from '../base/fab-output-copy';
import ValidationLib from '../../lib/validation';
interface SamlFormProps<TFieldValues> { interface SamlFormProps<TFieldValues, TContext extends object> {
register: UseFormRegister<TFieldValues>, register: UseFormRegister<TFieldValues>,
control: Control<TFieldValues, TContext>,
formState: FormState<TFieldValues>, formState: FormState<TFieldValues>,
strategyName?: string, strategyName?: string,
} }
@ -14,7 +15,7 @@ interface SamlFormProps<TFieldValues> {
/** /**
* Partial form to fill the OAuth2 settings for a new/existing authentication provider. * Partial form to fill the OAuth2 settings for a new/existing authentication provider.
*/ */
export const SamlForm = <TFieldValues extends FieldValues>({ register, strategyName, formState }: SamlFormProps<TFieldValues>) => { export const SamlForm = <TFieldValues extends FieldValues, TContext extends object>({ register, strategyName, formState, control }: SamlFormProps<TFieldValues, TContext>) => {
const { t } = useTranslation('admin'); const { t } = useTranslation('admin');
/** /**
@ -39,7 +40,7 @@ export const SamlForm = <TFieldValues extends FieldValues>({ register, strategyN
placeholder="https://sso.example.net..." placeholder="https://sso.example.net..."
label={t('app.admin.authentication.saml_form.idp_sso_service_url')} label={t('app.admin.authentication.saml_form.idp_sso_service_url')}
tooltip={t('app.admin.authentication.saml_form.idp_sso_service_url_help')} tooltip={t('app.admin.authentication.saml_form.idp_sso_service_url_help')}
rules={{ required: true, pattern: ValidationLib.urlRegex }} rules={{ required: true }}
formState={formState} /> formState={formState} />
<FormInput id="providable_attributes.idp_cert_fingerprint" <FormInput id="providable_attributes.idp_cert_fingerprint"
register={register} register={register}
@ -56,14 +57,29 @@ export const SamlForm = <TFieldValues extends FieldValues>({ register, strategyN
placeholder="https://exemple.net/user..." placeholder="https://exemple.net/user..."
label={t('app.admin.authentication.saml_form.profile_edition_url')} label={t('app.admin.authentication.saml_form.profile_edition_url')}
tooltip={t('app.admin.authentication.saml_form.profile_edition_url_help')} tooltip={t('app.admin.authentication.saml_form.profile_edition_url_help')}
rules={{ required: true, pattern: ValidationLib.urlRegex }} rules={{ required: true }}
formState={formState} /> formState={formState} />
<FormInput id="providable_attributes.idp_slo_service_url" <FormInput id="providable_attributes.idp_slo_service_url"
register={register} register={register}
placeholder="https://sso.exemple.net..." placeholder="https://sso.exemple.net..."
label={t('app.admin.authentication.saml_form.idp_slo_service_url')} label={t('app.admin.authentication.saml_form.idp_slo_service_url')}
tooltip={t('app.admin.authentication.saml_form.idp_slo_service_url_help')} tooltip={t('app.admin.authentication.saml_form.idp_slo_service_url_help')}
rules={{ pattern: ValidationLib.urlRegex }} formState={formState} />
<FormSwitch id="providable_attributes.authn_requests_signed" control={control}
formState={formState}
label={t('app.admin.authentication.saml_form.authn_requests_signed')} />
<FormSwitch id="providable_attributes.want_assertions_signed" control={control}
formState={formState}
label={t('app.admin.authentication.saml_form.want_assertions_signed')} />
<FormInput id="providable_attributes.sp_certificate"
register={register}
placeholder="-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----"
label={t('app.admin.authentication.saml_form.sp_certificate')}
formState={formState} />
<FormInput id="providable_attributes.sp_private_key"
register={register}
placeholder="-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----"
label={t('app.admin.authentication.saml_form.sp_private_key')}
formState={formState} /> formState={formState} />
</div> </div>
); );

View File

@ -73,6 +73,10 @@ export interface SamlProvider {
idp_cert: string, idp_cert: string,
profile_url: string, profile_url: string,
idp_slo_service_url: string, idp_slo_service_url: string,
sp_certificate: string,
sp_private_key: string,
authn_requests_signed: boolean,
want_assertions_signed: boolean
} }
export interface MappingFields { export interface MappingFields {

View File

@ -6,7 +6,8 @@ json.partial! 'api/auth_providers/auth_provider', auth_provider: @provider
if @provider.providable_type == OAuth2Provider.name if @provider.providable_type == OAuth2Provider.name
json.providable_attributes do json.providable_attributes do
json.extract! @provider.providable, :id, :base_url, :token_endpoint, :authorization_endpoint, :profile_url, :client_id, :client_secret, :scopes json.extract! @provider.providable, :id, :base_url, :token_endpoint, :authorization_endpoint, :profile_url, :client_id, :client_secret,
:scopes
end end
end end
@ -22,6 +23,7 @@ end
if @provider.providable_type == SamlProvider.name if @provider.providable_type == SamlProvider.name
json.providable_attributes do json.providable_attributes do
json.extract! @provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url json.extract! @provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url,
:authn_requests_signed, :want_assertions_signed, :sp_certificate, :sp_private_key
end end
end end

View File

@ -23,6 +23,7 @@ end
if provider.providable_type == 'SamlProvider' if provider.providable_type == 'SamlProvider'
json.providable_attributes do json.providable_attributes do
json.extract! provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url json.extract! provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url,
:authn_requests_signed, :want_assertions_signed, :sp_certificate, :sp_private_key
end end
end end

View File

@ -253,6 +253,12 @@ Devise.setup do |config|
idp_slo_service_url: active_provider.providable.idp_slo_service_url, idp_slo_service_url: active_provider.providable.idp_slo_service_url,
idp_cert: active_provider.providable.idp_cert, idp_cert: active_provider.providable.idp_cert,
idp_cert_fingerprint: active_provider.providable.idp_cert_fingerprint, idp_cert_fingerprint: active_provider.providable.idp_cert_fingerprint,
certificate: active_provider.providable.sp_certificate,
private_key: active_provider.providable.sp_private_key,
security: OneLogin::RubySaml::Settings::DEFAULTS[:security].merge({
authn_requests_signed: active_provider.providable.authn_requests_signed,
want_assertions_signed: active_provider.providable.want_assertions_signed
}),
strategy_class: OmniAuth::Strategies::SsoSamlProvider strategy_class: OmniAuth::Strategies::SsoSamlProvider
end end
end end

View File

@ -1571,6 +1571,10 @@ de:
profile_edition_url_help: "The URL of the page where the user can edit his profile." profile_edition_url_help: "The URL of the page where the user can edit his profile."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Name" name: "Name"
authentication_type: "Authentifizierungsart" authentication_type: "Authentifizierungsart"

View File

@ -1571,6 +1571,10 @@ en:
profile_edition_url_help: "The URL of the page where the user can edit his profile." profile_edition_url_help: "The URL of the page where the user can edit his profile."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Name" name: "Name"
authentication_type: "Authentication type" authentication_type: "Authentication type"

View File

@ -1571,6 +1571,10 @@ es-MX:
profile_edition_url_help: "The URL of the page where the user can edit his profile." profile_edition_url_help: "The URL of the page where the user can edit his profile."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Nombre" name: "Nombre"
authentication_type: "Tipo de autenticación" authentication_type: "Tipo de autenticación"

View File

@ -1571,6 +1571,10 @@ es:
profile_edition_url_help: "The URL of the page where the user can edit his profile." profile_edition_url_help: "The URL of the page where the user can edit his profile."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Nombre" name: "Nombre"
authentication_type: "Tipo de autenticación" authentication_type: "Tipo de autenticación"

View File

@ -1571,6 +1571,10 @@ fr:
profile_edition_url_help: "L'URL de la page où l'utilisateur peut modifier son profil." profile_edition_url_help: "L'URL de la page où l'utilisateur peut modifier son profil."
idp_slo_service_url: "URL de demande de déconnexion" idp_slo_service_url: "URL de demande de déconnexion"
idp_slo_service_url_help: "L'URL à laquelle la requête d'authentification doit être envoyée. Cela serait sur le fournisseur d'identité." idp_slo_service_url_help: "L'URL à laquelle la requête d'authentification doit être envoyée. Cela serait sur le fournisseur d'identité."
authn_requests_signed: "Demandes d'authentification signées"
want_assertions_signed: "Exiger des Assertions signées"
sp_certificate: "Certificat du SP"
sp_private_key: "Clé privée du SP"
provider_form: provider_form:
name: "Nom" name: "Nom"
authentication_type: "Type d'authentification" authentication_type: "Type d'authentification"

View File

@ -1571,6 +1571,10 @@ it:
profile_edition_url_help: "The URL of the page where the user can edit his profile." profile_edition_url_help: "The URL of the page where the user can edit his profile."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Nome" name: "Nome"
authentication_type: "Tipo di autenticazione" authentication_type: "Tipo di autenticazione"

View File

@ -1571,6 +1571,10 @@
profile_edition_url_help: "The URL of the page where the user can edit his profile." profile_edition_url_help: "The URL of the page where the user can edit his profile."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Name" name: "Name"
authentication_type: "Authentication type" authentication_type: "Authentication type"

View File

@ -1571,6 +1571,10 @@ pt:
profile_edition_url_help: "The URL of the page where the user can edit his profile." profile_edition_url_help: "The URL of the page where the user can edit his profile."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Nome" name: "Nome"
authentication_type: "Tipo de autenticação" authentication_type: "Tipo de autenticação"

View File

@ -1571,6 +1571,10 @@ sv:
profile_edition_url_help: "URL till sidan där användaren kan redigera sin profil." profile_edition_url_help: "URL till sidan där användaren kan redigera sin profil."
idp_slo_service_url: "Single logout request URL" idp_slo_service_url: "Single logout request URL"
idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
authn_requests_signed: "Authentification requests signed"
want_assertions_signed: "Want assertions signed"
sp_certificate: "Service provider certificate"
sp_private_key: "Service provider private key"
provider_form: provider_form:
name: "Namn" name: "Namn"
authentication_type: "Autentiseringstyp" authentication_type: "Autentiseringstyp"

View File

@ -1571,6 +1571,10 @@ zu:
profile_edition_url_help: "crwdns38162:0crwdne38162:0" profile_edition_url_help: "crwdns38162:0crwdne38162:0"
idp_slo_service_url: "crwdns38176:0crwdne38176:0" idp_slo_service_url: "crwdns38176:0crwdne38176:0"
idp_slo_service_url_help: "crwdns38178:0crwdne38178:0" idp_slo_service_url_help: "crwdns38178:0crwdne38178:0"
authn_requests_signed: "crwdns38200:0crwdne38200:0"
want_assertions_signed: "crwdns38202:0crwdne38202:0"
sp_certificate: "crwdns38204:0crwdne38204:0"
sp_private_key: "crwdns38206:0crwdne38206:0"
provider_form: provider_form:
name: "crwdns26204:0crwdne26204:0" name: "crwdns26204:0crwdne26204:0"
authentication_type: "crwdns26206:0crwdne26206:0" authentication_type: "crwdns26206:0crwdne26206:0"

View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
class AddSpCertificateToSamlProvider < ActiveRecord::Migration[7.0]
def change
add_column :saml_providers, :sp_certificate, :string
add_column :saml_providers, :sp_private_key, :string
add_column :saml_providers, :authn_requests_signed, :boolean, default: false
add_column :saml_providers, :want_assertions_signed, :boolean, default: false
end
end

View File

@ -3279,7 +3279,11 @@ CREATE TABLE public.saml_providers (
profile_url character varying, profile_url character varying,
idp_cert character varying, idp_cert character varying,
idp_cert_fingerprint character varying, idp_cert_fingerprint character varying,
idp_slo_service_url character varying idp_slo_service_url character varying,
sp_certificate character varying,
sp_private_key character varying,
authn_requests_signed boolean DEFAULT false,
want_assertions_signed boolean DEFAULT false
); );
@ -9326,6 +9330,7 @@ INSERT INTO "schema_migrations" (version) VALUES
('20240116163703'), ('20240116163703'),
('20240126145351'), ('20240126145351'),
('20240126192110'), ('20240126192110'),
('20240220140225'); ('20240220140225'),
('20240327095614');