Bypass password onboarding for enforced sso (#9851)

2023-03-01 21:56:30 +00:00 · 2023-03-01 21:56:30 +00:00 · 4c43ba2943
parent 2127717987
commit 4c43ba2943
7 changed files with 159 additions and 130 deletions
--- a/packages/builder/src/constants/index.js
+++ b/packages/builder/src/constants/index.js
@ -62,3 +62,8 @@ export const PluginSource = {
  GITHUB: "Github",
  FILE: "File Upload",
 }
+
+export const OnboardingType = {
+  EMAIL: "email",
+  PASSWORD: "password",
+}
--- a/packages/builder/src/pages/builder/invite/index.svelte
+++ b/packages/builder/src/pages/builder/invite/index.svelte
@ -13,6 +13,7 @@
  let formData = {}
  let onboarding = false
  let errors = {}
+  let loaded = false

  $: company = $organisation.company || "Budibase"

@ -39,6 +40,11 @@
      if (invite?.email) {
        formData.email = invite?.email
      }
+      if ($organisation.isSSOEnforced) {
+        // auto accept invite and redirect to login
+        await users.acceptInvite(inviteCode)
+        $goto("../auth")
+      }
    } catch (error) {
      notifications.error(error.message)
    }
@ -61,12 +67,14 @@
    try {
      await organisation.init()
      await getInvite()
+      loaded = true
    } catch (error) {
      notifications.error("Error getting invite config")
    }
  })
 </script>

+{#if loaded}
  <TestimonialPage>
    <Layout gap="M" noPadding>
      <img alt="logo" src={$organisation.logoUrl || Logo} />
@ -115,6 +123,7 @@
            }}
            disabled={onboarding}
          />
+          {#if !$organisation.isSSOEnforced}
            <FancyInput
              label="Password"
              value={formData.password}
@ -171,6 +180,7 @@
              error={errors.confirmationPassword}
              disabled={onboarding}
            />
+          {/if}
        </FancyForm>
      </Layout>
      <div>
@ -185,6 +195,7 @@
      </div>
    </Layout>
  </TestimonialPage>
+{/if}

 <style>
  img {
--- a/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
@ -1,9 +1,8 @@
 <script>
  import { ModalContent, Body, Layout, Icon } from "@budibase/bbui"
+  import { OnboardingType } from "../../../../../../constants"

  export let chooseCreationType
-  let emailOnboardingKey = "emailOnboarding"
-  let basicOnboaridngKey = "basicOnboarding"

  let selectedOnboardingType
 </script>
@ -20,9 +19,9 @@
  <Layout noPadding gap="S">
    <div
      class="onboarding-type item"
-      class:selected={selectedOnboardingType == emailOnboardingKey}
+      class:selected={selectedOnboardingType == OnboardingType.EMAIL}
      on:click={() => {
-        selectedOnboardingType = emailOnboardingKey
+        selectedOnboardingType = OnboardingType.EMAIL
      }}
    >
      <div class="content onboarding-type-wrap">
@ -32,7 +31,7 @@
        </div>
      </div>
      <div style="color: var(--spectrum-global-color-green-600); float: right">
-        {#if selectedOnboardingType == emailOnboardingKey}
+        {#if selectedOnboardingType == OnboardingType.EMAIL}
          <div class="checkmark-spacing">
            <Icon size="S" name="CheckmarkCircle" />
          </div>
@ -42,9 +41,9 @@

    <div
      class="onboarding-type item"
-      class:selected={selectedOnboardingType == basicOnboaridngKey}
+      class:selected={selectedOnboardingType == OnboardingType.PASSWORD}
      on:click={() => {
-        selectedOnboardingType = basicOnboaridngKey
+        selectedOnboardingType = OnboardingType.PASSWORD
      }}
    >
      <div class="content onboarding-type-wrap">
@ -54,7 +53,7 @@
        </div>
      </div>
      <div style="color: var(--spectrum-global-color-green-600); float: right">
-        {#if selectedOnboardingType == basicOnboaridngKey}
+        {#if selectedOnboardingType == OnboardingType.PASSWORD}
          <div class="checkmark-spacing">
            <Icon size="S" name="CheckmarkCircle" />
          </div>
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@ -13,7 +13,7 @@
    Divider,
  } from "@budibase/bbui"
  import AddUserModal from "./_components/AddUserModal.svelte"
-  import { users, groups, auth, licensing } from "stores/portal"
+  import { users, groups, auth, licensing, organisation } from "stores/portal"
  import { onMount } from "svelte"
  import DeleteRowsButton from "components/backend/DataTable/buttons/DeleteRowsButton.svelte"
  import GroupsTableRenderer from "./_components/GroupsTableRenderer.svelte"
@ -27,6 +27,7 @@
  import { get } from "svelte/store"
  import { Constants, Utils, fetchData } from "@budibase/frontend-core"
  import { API } from "api"
+  import { OnboardingType } from "../../../../../constants"

  const fetch = fetchData({
    API,
@ -105,11 +106,19 @@
  const debouncedUpdateFetch = Utils.debounce(updateFetch, 250)

  const showOnboardingTypeModal = async addUsersData => {
+    // no-op if users already exist
    userData = await removingDuplicities(addUsersData)
-    if (!userData?.users?.length) return
+    if (!userData?.users?.length) {
+      return
+    }

+    if ($organisation.isSSOEnforced) {
+      // bypass the onboarding type selection of sso is enforced
+      await chooseCreationType(OnboardingType.EMAIL)
+    } else {
      onboardingTypeModal.show()
    }
+  }

  async function createUserFlow() {
    const payload = userData?.users?.map(user => ({
@ -181,7 +190,7 @@
  }

  async function chooseCreationType(onboardingType) {
-    if (onboardingType === "emailOnboarding") {
+    if (onboardingType === OnboardingType.EMAIL) {
      await createUserFlow()
    } else {
      await createUsers()
--- a/packages/worker/src/api/routes/global/users.ts
+++ b/packages/worker/src/api/routes/global/users.ts
@ -50,8 +50,8 @@ function buildInviteAcceptValidation() {
  // prettier-ignore
  return auth.joiValidator.body(Joi.object({
    inviteCode: Joi.string().required(),
-    password: Joi.string().required(),
-    firstName: Joi.string().required(),
+    password: Joi.string().optional(),
+    firstName: Joi.string().optional(),
    lastName: Joi.string().optional(),
  }).required().unknown(true))
 }
--- a/packages/worker/src/sdk/users/users.ts
+++ b/packages/worker/src/sdk/users/users.ts
@ -140,7 +140,12 @@ const buildUser = async (
    hashedPassword = opts.hashPassword ? await utils.hash(password) : password
  } else if (dbUser) {
    hashedPassword = dbUser.password
-  } else if (opts.requirePassword) {
+  }
+
+  // passwords are never required if sso is enforced
+  const requirePasswords =
+    opts.requirePassword && !(await pro.features.isSSOEnforced())
+  if (!hashedPassword && requirePasswords) {
    throw "Password must be specified."
  }

--- a/packages/worker/src/utilities/redis.ts
+++ b/packages/worker/src/utilities/redis.ts
@ -47,7 +47,7 @@ async function getACode(db: string, code: string, deleteCode = true) {
  const client = await getClient(db)
  const value = await client.get(code)
  if (!value) {
-    throw "Invalid code."
+    throw new Error("Invalid code.")
  }
  if (deleteCode) {
    await client.delete(code)