@boxyhq/saml-jackson 0.2.0-beta.149 → 0.2.0-beta.151

package/README.md

@@ -236,6 +236,8 @@ https://localhost:5000/oauth/authorize
 
 - response_type=code: This is the only supported type for now but maybe extended in the future
 - client_id: Use the client_id returned by the SAML config API or use `tenant=<tenantID>&product=<productID>` to use the tenant and product IDs instead. **Note:** Please don't forget to URL encode the query parameters including `client_id`.
+- tenant: Optionally you can provide a dummy `client_id` and specify the `tenant` and `product` custom attributes (if your OAuth 2.0 library allows it).
+- product: Should be specified if specifying `tenant` above
 - redirect_uri: This is where the user will be taken back once the authorization flow is complete
 - state: Use a randomly generated string as the state, this will be echoed back as a query parameter when taking the user back to the `redirect_uri` above. You should validate the state to prevent XSRF attacks
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.0-beta.149",
+  "version": "0.2.0-beta.151",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "src/index.js",
@@ -17,9 +17,9 @@
   "scripts": {
     "start": "cross-env IDP_ENABLED=true node src/jackson.js",
     "dev": "cross-env IDP_ENABLED=true nodemon src/jackson.js",
-    "mongo": "cross-env DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
-    "pre-loaded": "cross-env DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
-    "pre-loaded-db": "cross-env PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
+    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
+    "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
+    "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
     "test": "tap --timeout=100 src/**/*.test.js",
     "dev-dbs": "docker-compose -f ./_dev/docker-compose.yml up -d",
     "dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans"
@@ -64,4 +64,4 @@
     "*.js": "eslint --cache --fix",
     "*.{js,css,md}": "prettier --write"
   }
-}
+}

package/src/controller/oauth.js

@@ -61,7 +61,19 @@ const authorize = async (body) => {
 
   let samlConfig;
 
-  if (
+  if (tenant && product) {
+    const samlConfigs = await configStore.getByIndex({
+      name: indexNames.tenantProduct,
+      value: dbutils.keyFromParts(tenant, product),
+    });
+
+    if (!samlConfigs || samlConfigs.length === 0) {
+      throw new JacksonError('SAML configuration not found.', 403);
+    }
+
+    // TODO: Support multiple matches
+    samlConfig = samlConfigs[0];
+  } else if (
     client_id &&
     client_id !== '' &&
     client_id !== 'undefined' &&
@@ -85,17 +97,10 @@ const authorize = async (body) => {
       samlConfig = await configStore.get(client_id);
     }
   } else {
-    const samlConfigs = await configStore.getByIndex({
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    });
-
-    if (!samlConfigs || samlConfigs.length === 0) {
-      throw new JacksonError('SAML configuration not found.', 403);
-    }
-
-    // TODO: Support multiple matches
-    samlConfig = samlConfigs[0];
+    throw new JacksonError(
+      'You need to specify client_id or tenant & product',
+      403
+    );
   }
 
   if (!samlConfig) {