@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization/index.d.ts +1 -1
- package/dist/authorization/index.js +1 -1
- package/dist/authorization/index.js.map +1 -1
- package/dist/client/index.d.ts +1 -2
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +36 -39
- package/dist/client/index.js.map +1 -1
- package/dist/component/client/index.d.ts +1 -2
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/convex.config.d.ts.map +1 -1
- package/dist/component/model.d.ts +5 -5
- package/dist/component/model.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.js.map +1 -1
- package/dist/component/public/enterprise/core.d.ts.map +1 -1
- package/dist/component/public/enterprise/core.js.map +1 -1
- package/dist/component/public/enterprise/domains.d.ts.map +1 -1
- package/dist/component/public/enterprise/domains.js.map +1 -1
- package/dist/component/public/enterprise/scim.d.ts.map +1 -1
- package/dist/component/public/enterprise/scim.js.map +1 -1
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -1
- package/dist/component/public/enterprise/secrets.js.map +1 -1
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -1
- package/dist/component/public/enterprise/webhooks.js.map +1 -1
- package/dist/component/public/factors/devices.d.ts.map +1 -1
- package/dist/component/public/factors/devices.js.map +1 -1
- package/dist/component/public/factors/passkeys.d.ts.map +1 -1
- package/dist/component/public/factors/passkeys.js.map +1 -1
- package/dist/component/public/factors/totp.d.ts.map +1 -1
- package/dist/component/public/factors/totp.js.map +1 -1
- package/dist/component/public/groups/core.js.map +1 -1
- package/dist/component/public/groups/invites.d.ts.map +1 -1
- package/dist/component/public/groups/invites.js.map +1 -1
- package/dist/component/public/groups/members.d.ts.map +1 -1
- package/dist/component/public/groups/members.js.map +1 -1
- package/dist/component/public/identity/accounts.d.ts.map +1 -1
- package/dist/component/public/identity/accounts.js.map +1 -1
- package/dist/component/public/identity/codes.d.ts.map +1 -1
- package/dist/component/public/identity/codes.js.map +1 -1
- package/dist/component/public/identity/sessions.d.ts.map +1 -1
- package/dist/component/public/identity/sessions.js.map +1 -1
- package/dist/component/public/identity/tokens.d.ts.map +1 -1
- package/dist/component/public/identity/tokens.js.map +1 -1
- package/dist/component/public/identity/users.d.ts.map +1 -1
- package/dist/component/public/identity/users.js.map +1 -1
- package/dist/component/public/identity/verifiers.d.ts.map +1 -1
- package/dist/component/public/identity/verifiers.js.map +1 -1
- package/dist/component/public/security/keys.d.ts.map +1 -1
- package/dist/component/public/security/keys.js.map +1 -1
- package/dist/component/public/security/limits.d.ts.map +1 -1
- package/dist/component/public/security/limits.js.map +1 -1
- package/dist/component/schema.d.ts +39 -39
- package/dist/component/server/auth.d.ts +95 -52
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +63 -43
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/core.js +116 -235
- package/dist/component/server/core.js.map +1 -1
- package/dist/component/server/crypto.js +25 -7
- package/dist/component/server/crypto.js.map +1 -1
- package/dist/component/server/device.js +58 -15
- package/dist/component/server/device.js.map +1 -1
- package/dist/component/server/enterprise/domain.js +148 -59
- package/dist/component/server/enterprise/domain.js.map +1 -1
- package/dist/component/server/enterprise/http.js +36 -15
- package/dist/component/server/enterprise/http.js.map +1 -1
- package/dist/component/server/enterprise/oidc.js +1 -1
- package/dist/component/server/http.js +26 -21
- package/dist/component/server/http.js.map +1 -1
- package/dist/component/server/identity.js +5 -2
- package/dist/component/server/identity.js.map +1 -1
- package/dist/component/server/limits.js +21 -30
- package/dist/component/server/limits.js.map +1 -1
- package/dist/component/server/mutations/account.js +12 -10
- package/dist/component/server/mutations/account.js.map +1 -1
- package/dist/component/server/mutations/code.js +5 -2
- package/dist/component/server/mutations/code.js.map +1 -1
- package/dist/component/server/mutations/invalidate.js +1 -1
- package/dist/component/server/mutations/invalidate.js.map +1 -1
- package/dist/component/server/mutations/oauth.js +10 -4
- package/dist/component/server/mutations/oauth.js.map +1 -1
- package/dist/component/server/mutations/refresh.js +2 -2
- package/dist/component/server/mutations/refresh.js.map +1 -1
- package/dist/component/server/mutations/register.js +46 -42
- package/dist/component/server/mutations/register.js.map +1 -1
- package/dist/component/server/mutations/retrieve.js +21 -25
- package/dist/component/server/mutations/retrieve.js.map +1 -1
- package/dist/component/server/mutations/signature.js +10 -4
- package/dist/component/server/mutations/signature.js.map +1 -1
- package/dist/component/server/mutations/signout.js.map +1 -1
- package/dist/component/server/mutations/store.js +9 -24
- package/dist/component/server/mutations/store.js.map +1 -1
- package/dist/component/server/mutations/verifier.js.map +1 -1
- package/dist/component/server/mutations/verify.js +1 -1
- package/dist/component/server/mutations/verify.js.map +1 -1
- package/dist/component/server/oauth.js +53 -16
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +115 -31
- package/dist/component/server/passkey.js.map +1 -1
- package/dist/component/server/redirects.js +9 -3
- package/dist/component/server/redirects.js.map +1 -1
- package/dist/component/server/refresh.js +10 -7
- package/dist/component/server/refresh.js.map +1 -1
- package/dist/component/server/runtime.d.ts +3 -3
- package/dist/component/server/runtime.d.ts.map +1 -1
- package/dist/component/server/runtime.js +62 -20
- package/dist/component/server/runtime.js.map +1 -1
- package/dist/component/server/signin.js +34 -10
- package/dist/component/server/signin.js.map +1 -1
- package/dist/component/server/totp.js +79 -19
- package/dist/component/server/totp.js.map +1 -1
- package/dist/component/server/types.d.ts +12 -20
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/types.js.map +1 -1
- package/dist/component/server/users.js +6 -3
- package/dist/component/server/users.js.map +1 -1
- package/dist/component/server/utils.js +10 -4
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +14 -22
- package/dist/core/types.d.ts.map +1 -1
- package/dist/factors/device.js +8 -9
- package/dist/factors/device.js.map +1 -1
- package/dist/factors/passkey.js +18 -21
- package/dist/factors/passkey.js.map +1 -1
- package/dist/providers/password.js +66 -81
- package/dist/providers/password.js.map +1 -1
- package/dist/runtime/invite.js +2 -8
- package/dist/runtime/invite.js.map +1 -1
- package/dist/server/auth.d.ts +95 -52
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +63 -43
- package/dist/server/auth.js.map +1 -1
- package/dist/server/core.d.ts +71 -159
- package/dist/server/core.d.ts.map +1 -1
- package/dist/server/core.js +116 -235
- package/dist/server/core.js.map +1 -1
- package/dist/server/crypto.d.ts.map +1 -1
- package/dist/server/crypto.js +25 -7
- package/dist/server/crypto.js.map +1 -1
- package/dist/server/device.js +58 -15
- package/dist/server/device.js.map +1 -1
- package/dist/server/enterprise/domain.d.ts +0 -8
- package/dist/server/enterprise/domain.d.ts.map +1 -1
- package/dist/server/enterprise/domain.js +148 -59
- package/dist/server/enterprise/domain.js.map +1 -1
- package/dist/server/enterprise/http.d.ts.map +1 -1
- package/dist/server/enterprise/http.js +35 -14
- package/dist/server/enterprise/http.js.map +1 -1
- package/dist/server/http.d.ts +2 -2
- package/dist/server/http.d.ts.map +1 -1
- package/dist/server/http.js +25 -20
- package/dist/server/http.js.map +1 -1
- package/dist/server/identity.js +5 -2
- package/dist/server/identity.js.map +1 -1
- package/dist/server/index.d.ts +2 -2
- package/dist/server/limits.js +21 -30
- package/dist/server/limits.js.map +1 -1
- package/dist/server/mounts.d.ts +26 -64
- package/dist/server/mounts.d.ts.map +1 -1
- package/dist/server/mounts.js +45 -106
- package/dist/server/mounts.js.map +1 -1
- package/dist/server/mutations/account.d.ts +8 -9
- package/dist/server/mutations/account.d.ts.map +1 -1
- package/dist/server/mutations/account.js +11 -9
- package/dist/server/mutations/account.js.map +1 -1
- package/dist/server/mutations/code.d.ts +13 -13
- package/dist/server/mutations/code.d.ts.map +1 -1
- package/dist/server/mutations/code.js +5 -2
- package/dist/server/mutations/code.js.map +1 -1
- package/dist/server/mutations/invalidate.d.ts +4 -4
- package/dist/server/mutations/invalidate.d.ts.map +1 -1
- package/dist/server/mutations/invalidate.js.map +1 -1
- package/dist/server/mutations/oauth.d.ts +12 -10
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/oauth.js +9 -3
- package/dist/server/mutations/oauth.js.map +1 -1
- package/dist/server/mutations/refresh.d.ts +3 -3
- package/dist/server/mutations/refresh.d.ts.map +1 -1
- package/dist/server/mutations/refresh.js +1 -1
- package/dist/server/mutations/refresh.js.map +1 -1
- package/dist/server/mutations/register.d.ts +11 -11
- package/dist/server/mutations/register.d.ts.map +1 -1
- package/dist/server/mutations/register.js +45 -41
- package/dist/server/mutations/register.js.map +1 -1
- package/dist/server/mutations/retrieve.d.ts +6 -6
- package/dist/server/mutations/retrieve.d.ts.map +1 -1
- package/dist/server/mutations/retrieve.js +20 -24
- package/dist/server/mutations/retrieve.js.map +1 -1
- package/dist/server/mutations/signature.d.ts +6 -7
- package/dist/server/mutations/signature.d.ts.map +1 -1
- package/dist/server/mutations/signature.js +9 -3
- package/dist/server/mutations/signature.js.map +1 -1
- package/dist/server/mutations/signin.d.ts +5 -5
- package/dist/server/mutations/signin.d.ts.map +1 -1
- package/dist/server/mutations/signout.js.map +1 -1
- package/dist/server/mutations/store.d.ts +97 -97
- package/dist/server/mutations/store.d.ts.map +1 -1
- package/dist/server/mutations/store.js +8 -23
- package/dist/server/mutations/store.js.map +1 -1
- package/dist/server/mutations/verifier.js.map +1 -1
- package/dist/server/mutations/verify.d.ts +10 -10
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/mutations/verify.js.map +1 -1
- package/dist/server/oauth.js +53 -16
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +2 -2
- package/dist/server/passkey.d.ts.map +1 -1
- package/dist/server/passkey.js +114 -30
- package/dist/server/passkey.js.map +1 -1
- package/dist/server/redirects.js +9 -3
- package/dist/server/redirects.js.map +1 -1
- package/dist/server/refresh.js +10 -7
- package/dist/server/refresh.js.map +1 -1
- package/dist/server/runtime.d.ts +14 -14
- package/dist/server/runtime.d.ts.map +1 -1
- package/dist/server/runtime.js +61 -19
- package/dist/server/runtime.js.map +1 -1
- package/dist/server/signin.js +34 -10
- package/dist/server/signin.js.map +1 -1
- package/dist/server/ssr.d.ts.map +1 -1
- package/dist/server/ssr.js +175 -184
- package/dist/server/ssr.js.map +1 -1
- package/dist/server/totp.js +78 -18
- package/dist/server/totp.js.map +1 -1
- package/dist/server/types.d.ts +13 -21
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js.map +1 -1
- package/dist/server/users.js +6 -3
- package/dist/server/users.js.map +1 -1
- package/dist/server/utils.js +10 -4
- package/dist/server/utils.js.map +1 -1
- package/package.json +2 -6
- package/src/authorization/index.ts +1 -1
- package/src/cli/index.ts +1 -1
- package/src/client/core/types.ts +14 -14
- package/src/client/factors/device.ts +10 -12
- package/src/client/factors/passkey.ts +23 -26
- package/src/client/index.ts +54 -64
- package/src/client/runtime/invite.ts +5 -7
- package/src/component/index.ts +1 -0
- package/src/component/public/enterprise/audit.ts +6 -1
- package/src/component/public/enterprise/core.ts +1 -0
- package/src/component/public/enterprise/domains.ts +5 -1
- package/src/component/public/enterprise/scim.ts +1 -0
- package/src/component/public/enterprise/secrets.ts +1 -0
- package/src/component/public/enterprise/webhooks.ts +1 -0
- package/src/component/public/factors/devices.ts +1 -0
- package/src/component/public/factors/passkeys.ts +1 -0
- package/src/component/public/factors/totp.ts +1 -0
- package/src/component/public/groups/core.ts +1 -1
- package/src/component/public/groups/invites.ts +7 -1
- package/src/component/public/groups/members.ts +1 -0
- package/src/component/public/identity/accounts.ts +1 -0
- package/src/component/public/identity/codes.ts +1 -0
- package/src/component/public/identity/sessions.ts +1 -0
- package/src/component/public/identity/tokens.ts +1 -0
- package/src/component/public/identity/users.ts +1 -0
- package/src/component/public/identity/verifiers.ts +1 -0
- package/src/component/public/security/keys.ts +1 -0
- package/src/component/public/security/limits.ts +1 -0
- package/src/providers/password.ts +89 -110
- package/src/server/auth.ts +177 -111
- package/src/server/core.ts +197 -233
- package/src/server/crypto.ts +31 -29
- package/src/server/device.ts +65 -32
- package/src/server/enterprise/domain.ts +158 -170
- package/src/server/enterprise/http.ts +46 -39
- package/src/server/http.ts +36 -30
- package/src/server/identity.ts +5 -5
- package/src/server/index.ts +2 -0
- package/src/server/limits.ts +53 -80
- package/src/server/mounts.ts +47 -74
- package/src/server/mutations/account.ts +22 -36
- package/src/server/mutations/code.ts +6 -6
- package/src/server/mutations/invalidate.ts +1 -1
- package/src/server/mutations/oauth.ts +14 -8
- package/src/server/mutations/refresh.ts +5 -4
- package/src/server/mutations/register.ts +87 -132
- package/src/server/mutations/retrieve.ts +44 -44
- package/src/server/mutations/signature.ts +13 -6
- package/src/server/mutations/signout.ts +1 -1
- package/src/server/mutations/store.ts +16 -31
- package/src/server/mutations/verifier.ts +1 -1
- package/src/server/mutations/verify.ts +3 -5
- package/src/server/oauth.ts +60 -69
- package/src/server/passkey.ts +567 -517
- package/src/server/redirects.ts +10 -6
- package/src/server/refresh.ts +14 -18
- package/src/server/runtime.ts +70 -55
- package/src/server/signin.ts +44 -37
- package/src/server/ssr.ts +390 -407
- package/src/server/totp.ts +85 -35
- package/src/server/types.ts +19 -22
- package/src/server/users.ts +7 -6
- package/src/server/utils.ts +10 -12
- package/dist/component/server/authError.js +0 -34
- package/dist/component/server/authError.js.map +0 -1
- package/dist/component/server/errors.d.ts +0 -1
- package/dist/component/server/errors.js +0 -137
- package/dist/component/server/errors.js.map +0 -1
- package/dist/server/authError.d.ts +0 -46
- package/dist/server/authError.d.ts.map +0 -1
- package/dist/server/authError.js +0 -34
- package/dist/server/authError.js.map +0 -1
- package/dist/server/errors.d.ts +0 -177
- package/dist/server/errors.d.ts.map +0 -1
- package/dist/server/errors.js +0 -212
- package/dist/server/errors.js.map +0 -1
- package/src/server/authError.ts +0 -44
- package/src/server/errors.ts +0 -290
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
2
|
-
|
|
3
1
|
import { Fx } from "@robelest/fx";
|
|
2
|
+
import { Cv } from "@robelest/fx/convex";
|
|
3
|
+
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
4
4
|
|
|
5
|
-
import { AuthError } from "../authError";
|
|
6
5
|
import type { EnterprisePolicyPatch } from "../types";
|
|
7
6
|
|
|
8
7
|
type ComponentCtx = Pick<
|
|
@@ -105,7 +104,7 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
105
104
|
config?: Record<string, unknown>;
|
|
106
105
|
extend?: Record<string, unknown>;
|
|
107
106
|
},
|
|
108
|
-
): Promise<{
|
|
107
|
+
): Promise<{ enterpriseId: string; groupId: string }> => {
|
|
109
108
|
const enterpriseId = (await ctx.runMutation(
|
|
110
109
|
config.component.public.enterpriseCreate,
|
|
111
110
|
{
|
|
@@ -114,7 +113,6 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
114
113
|
},
|
|
115
114
|
)) as string;
|
|
116
115
|
return {
|
|
117
|
-
ok: true,
|
|
118
116
|
enterpriseId,
|
|
119
117
|
groupId: data.groupId,
|
|
120
118
|
};
|
|
@@ -171,13 +169,13 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
171
169
|
enterpriseId,
|
|
172
170
|
data,
|
|
173
171
|
});
|
|
174
|
-
return {
|
|
172
|
+
return { enterpriseId };
|
|
175
173
|
},
|
|
176
174
|
delete: async (ctx: ComponentCtx, enterpriseId: string) => {
|
|
177
175
|
await ctx.runMutation(config.component.public.enterpriseDelete, {
|
|
178
176
|
enterpriseId,
|
|
179
177
|
});
|
|
180
|
-
return {
|
|
178
|
+
return { enterpriseId };
|
|
181
179
|
},
|
|
182
180
|
/**
|
|
183
181
|
* Aggregate readiness status across all configured protocols for an
|
|
@@ -193,10 +191,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
193
191
|
{ enterpriseId },
|
|
194
192
|
);
|
|
195
193
|
if (!enterprise) {
|
|
196
|
-
throw
|
|
197
|
-
"INVALID_PARAMETERS",
|
|
198
|
-
enterpriseNotFoundError,
|
|
199
|
-
)
|
|
194
|
+
throw Cv.error({
|
|
195
|
+
code: "INVALID_PARAMETERS",
|
|
196
|
+
message: enterpriseNotFoundError,
|
|
197
|
+
});
|
|
200
198
|
}
|
|
201
199
|
const policy = getPolicyFromEnterprise(enterprise);
|
|
202
200
|
const protocols = enterprise.config?.protocols ?? {};
|
|
@@ -293,10 +291,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
293
291
|
{ enterpriseId },
|
|
294
292
|
);
|
|
295
293
|
if (enterprise === null) {
|
|
296
|
-
throw
|
|
297
|
-
"INVALID_PARAMETERS",
|
|
298
|
-
enterpriseNotFoundError,
|
|
299
|
-
)
|
|
294
|
+
throw Cv.error({
|
|
295
|
+
code: "INVALID_PARAMETERS",
|
|
296
|
+
message: enterpriseNotFoundError,
|
|
297
|
+
});
|
|
300
298
|
}
|
|
301
299
|
|
|
302
300
|
const domains = await ctx.runQuery(
|
|
@@ -366,10 +364,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
366
364
|
entry.domain === normalizedDomain,
|
|
367
365
|
);
|
|
368
366
|
if (!domain) {
|
|
369
|
-
throw
|
|
370
|
-
"INVALID_PARAMETERS",
|
|
371
|
-
"Domain is not attached to this enterprise.",
|
|
372
|
-
)
|
|
367
|
+
throw Cv.error({
|
|
368
|
+
code: "INVALID_PARAMETERS",
|
|
369
|
+
message: "Domain is not attached to this enterprise.",
|
|
370
|
+
});
|
|
373
371
|
}
|
|
374
372
|
|
|
375
373
|
const requestedAt = Date.now();
|
|
@@ -405,7 +403,6 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
405
403
|
});
|
|
406
404
|
|
|
407
405
|
return {
|
|
408
|
-
ok: true as const,
|
|
409
406
|
enterpriseId: enterprise._id,
|
|
410
407
|
domain: normalizedDomain,
|
|
411
408
|
requestedAt,
|
|
@@ -435,10 +432,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
435
432
|
entry.domain === normalizedDomain,
|
|
436
433
|
);
|
|
437
434
|
if (!domain) {
|
|
438
|
-
throw
|
|
439
|
-
"INVALID_PARAMETERS",
|
|
440
|
-
"Domain is not attached to this enterprise.",
|
|
441
|
-
)
|
|
435
|
+
throw Cv.error({
|
|
436
|
+
code: "INVALID_PARAMETERS",
|
|
437
|
+
message: "Domain is not attached to this enterprise.",
|
|
438
|
+
});
|
|
442
439
|
}
|
|
443
440
|
|
|
444
441
|
if (domain.verifiedAt !== undefined) {
|
|
@@ -503,12 +500,13 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
503
500
|
try {
|
|
504
501
|
txtValues = await resolveTxtValues(verification.recordName);
|
|
505
502
|
} catch (error) {
|
|
506
|
-
throw
|
|
507
|
-
"INTERNAL_ERROR",
|
|
508
|
-
|
|
509
|
-
|
|
510
|
-
|
|
511
|
-
|
|
503
|
+
throw Cv.error({
|
|
504
|
+
code: "INTERNAL_ERROR",
|
|
505
|
+
message:
|
|
506
|
+
error instanceof Error
|
|
507
|
+
? error.message
|
|
508
|
+
: "Failed to resolve DNS TXT records.",
|
|
509
|
+
});
|
|
512
510
|
}
|
|
513
511
|
|
|
514
512
|
checks.push({
|
|
@@ -605,16 +603,17 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
605
603
|
enterpriseId: data.enterpriseId,
|
|
606
604
|
}),
|
|
607
605
|
err: () =>
|
|
608
|
-
|
|
606
|
+
Cv.error({
|
|
607
|
+
code: "INTERNAL_ERROR",
|
|
608
|
+
message: "Failed to load enterprise.",
|
|
609
|
+
}),
|
|
609
610
|
}).pipe(
|
|
610
611
|
Fx.chain((ent) =>
|
|
611
612
|
ent === null
|
|
612
|
-
?
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
),
|
|
617
|
-
)
|
|
613
|
+
? Cv.fail({
|
|
614
|
+
code: "INVALID_PARAMETERS",
|
|
615
|
+
message: enterpriseNotFoundError,
|
|
616
|
+
})
|
|
618
617
|
: Fx.succeed(ent),
|
|
619
618
|
),
|
|
620
619
|
);
|
|
@@ -633,12 +632,13 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
633
632
|
return await response.text();
|
|
634
633
|
},
|
|
635
634
|
err: (error) =>
|
|
636
|
-
|
|
637
|
-
"INVALID_PARAMETERS",
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
635
|
+
Cv.error({
|
|
636
|
+
code: "INVALID_PARAMETERS",
|
|
637
|
+
message:
|
|
638
|
+
error instanceof Error
|
|
639
|
+
? error.message
|
|
640
|
+
: "Failed to fetch SAML metadata",
|
|
641
|
+
}),
|
|
642
642
|
}),
|
|
643
643
|
).pipe(
|
|
644
644
|
Fx.timeout(10_000),
|
|
@@ -649,30 +649,28 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
649
649
|
),
|
|
650
650
|
),
|
|
651
651
|
Fx.recover((error) =>
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
652
|
+
Cv.fail({
|
|
653
|
+
code: "INVALID_PARAMETERS",
|
|
654
|
+
message:
|
|
655
655
|
error instanceof Error
|
|
656
656
|
? error.message
|
|
657
657
|
: "Failed to fetch SAML metadata",
|
|
658
|
-
|
|
659
|
-
),
|
|
658
|
+
}),
|
|
660
659
|
),
|
|
661
660
|
)
|
|
662
|
-
:
|
|
663
|
-
|
|
664
|
-
|
|
661
|
+
: Cv.fail({
|
|
662
|
+
code: "INVALID_PARAMETERS",
|
|
663
|
+
message:
|
|
665
664
|
"SAML registration requires metadataXml or metadataUrl.",
|
|
666
|
-
|
|
667
|
-
);
|
|
665
|
+
});
|
|
668
666
|
|
|
669
667
|
const parsed = yield* Fx.from({
|
|
670
668
|
ok: () => parseSamlIdpMetadata(metadataXml),
|
|
671
669
|
err: () =>
|
|
672
|
-
|
|
673
|
-
"INVALID_PARAMETERS",
|
|
674
|
-
"Failed to parse SAML metadata.",
|
|
675
|
-
),
|
|
670
|
+
Cv.error({
|
|
671
|
+
code: "INVALID_PARAMETERS",
|
|
672
|
+
message: "Failed to parse SAML metadata.",
|
|
673
|
+
}),
|
|
676
674
|
});
|
|
677
675
|
|
|
678
676
|
const baseConfig = upsertProtocolConfig(enterprise.config, "saml", {
|
|
@@ -701,10 +699,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
701
699
|
},
|
|
702
700
|
}),
|
|
703
701
|
err: () =>
|
|
704
|
-
|
|
705
|
-
"INTERNAL_ERROR",
|
|
706
|
-
"Failed to persist SAML registration.",
|
|
707
|
-
),
|
|
702
|
+
Cv.error({
|
|
703
|
+
code: "INTERNAL_ERROR",
|
|
704
|
+
message: "Failed to persist SAML registration.",
|
|
705
|
+
}),
|
|
708
706
|
});
|
|
709
707
|
|
|
710
708
|
if (normalizedDomains) {
|
|
@@ -721,10 +719,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
721
719
|
},
|
|
722
720
|
),
|
|
723
721
|
err: () =>
|
|
724
|
-
|
|
725
|
-
"INTERNAL_ERROR",
|
|
726
|
-
"Failed to persist enterprise domain.",
|
|
727
|
-
),
|
|
722
|
+
Cv.error({
|
|
723
|
+
code: "INTERNAL_ERROR",
|
|
724
|
+
message: "Failed to persist enterprise domain.",
|
|
725
|
+
}),
|
|
728
726
|
});
|
|
729
727
|
}
|
|
730
728
|
}
|
|
@@ -745,18 +743,17 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
745
743
|
},
|
|
746
744
|
}),
|
|
747
745
|
err: () =>
|
|
748
|
-
|
|
749
|
-
"INTERNAL_ERROR",
|
|
750
|
-
"Failed to record SAML registration audit event.",
|
|
751
|
-
),
|
|
746
|
+
Cv.error({
|
|
747
|
+
code: "INTERNAL_ERROR",
|
|
748
|
+
message: "Failed to record SAML registration audit event.",
|
|
749
|
+
}),
|
|
752
750
|
});
|
|
753
751
|
|
|
754
752
|
return {
|
|
755
|
-
ok: true as const,
|
|
756
753
|
enterpriseId: enterprise._id,
|
|
757
754
|
groupId: enterprise.groupId,
|
|
758
755
|
};
|
|
759
|
-
}).pipe(Fx.recover((e) => Fx.fatal(e
|
|
756
|
+
}).pipe(Fx.recover((e) => Fx.fatal(e))),
|
|
760
757
|
);
|
|
761
758
|
},
|
|
762
759
|
metadata: async <DataModel extends GenericDataModel>(
|
|
@@ -775,10 +772,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
775
772
|
},
|
|
776
773
|
);
|
|
777
774
|
if (!enterprise) {
|
|
778
|
-
throw
|
|
779
|
-
"INVALID_PARAMETERS",
|
|
780
|
-
"Enterprise not found.",
|
|
781
|
-
)
|
|
775
|
+
throw Cv.error({
|
|
776
|
+
code: "INVALID_PARAMETERS",
|
|
777
|
+
message: "Enterprise not found.",
|
|
778
|
+
});
|
|
782
779
|
}
|
|
783
780
|
|
|
784
781
|
return createServiceProviderMetadata(
|
|
@@ -981,12 +978,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
981
978
|
Fx.gen(function* () {
|
|
982
979
|
yield* Fx.guard(
|
|
983
980
|
data.issuer === undefined && data.discoveryUrl === undefined,
|
|
984
|
-
|
|
985
|
-
|
|
986
|
-
|
|
987
|
-
|
|
988
|
-
),
|
|
989
|
-
),
|
|
981
|
+
Cv.fail({
|
|
982
|
+
code: "INVALID_PARAMETERS",
|
|
983
|
+
message: "OIDC registration requires issuer or discoveryUrl.",
|
|
984
|
+
}),
|
|
990
985
|
);
|
|
991
986
|
|
|
992
987
|
const enterprise = yield* Fx.from({
|
|
@@ -995,16 +990,17 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
995
990
|
enterpriseId: data.enterpriseId,
|
|
996
991
|
}),
|
|
997
992
|
err: () =>
|
|
998
|
-
|
|
993
|
+
Cv.error({
|
|
994
|
+
code: "INTERNAL_ERROR",
|
|
995
|
+
message: "Failed to load enterprise.",
|
|
996
|
+
}),
|
|
999
997
|
}).pipe(
|
|
1000
998
|
Fx.chain((ent) =>
|
|
1001
999
|
ent === null
|
|
1002
|
-
?
|
|
1003
|
-
|
|
1004
|
-
|
|
1005
|
-
|
|
1006
|
-
),
|
|
1007
|
-
)
|
|
1000
|
+
? Cv.fail({
|
|
1001
|
+
code: "INVALID_PARAMETERS",
|
|
1002
|
+
message: enterpriseNotFoundError,
|
|
1003
|
+
})
|
|
1008
1004
|
: Fx.succeed(ent),
|
|
1009
1005
|
),
|
|
1010
1006
|
);
|
|
@@ -1027,20 +1023,20 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1027
1023
|
data: { config: nextConfig },
|
|
1028
1024
|
}),
|
|
1029
1025
|
err: () =>
|
|
1030
|
-
|
|
1031
|
-
"INTERNAL_ERROR",
|
|
1032
|
-
"Failed to persist OIDC registration.",
|
|
1033
|
-
),
|
|
1026
|
+
Cv.error({
|
|
1027
|
+
code: "INTERNAL_ERROR",
|
|
1028
|
+
message: "Failed to persist OIDC registration.",
|
|
1029
|
+
}),
|
|
1034
1030
|
});
|
|
1035
1031
|
|
|
1036
1032
|
if (data.clientSecret !== undefined) {
|
|
1037
1033
|
const ciphertext = yield* Fx.from({
|
|
1038
1034
|
ok: () => encryptSecret(data.clientSecret!),
|
|
1039
1035
|
err: () =>
|
|
1040
|
-
|
|
1041
|
-
"INTERNAL_ERROR",
|
|
1042
|
-
"Failed to encrypt OIDC client secret.",
|
|
1043
|
-
),
|
|
1036
|
+
Cv.error({
|
|
1037
|
+
code: "INTERNAL_ERROR",
|
|
1038
|
+
message: "Failed to encrypt OIDC client secret.",
|
|
1039
|
+
}),
|
|
1044
1040
|
});
|
|
1045
1041
|
yield* Fx.from({
|
|
1046
1042
|
ok: () =>
|
|
@@ -1055,10 +1051,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1055
1051
|
},
|
|
1056
1052
|
),
|
|
1057
1053
|
err: () =>
|
|
1058
|
-
|
|
1059
|
-
"INTERNAL_ERROR",
|
|
1060
|
-
"Failed to persist OIDC client secret.",
|
|
1061
|
-
),
|
|
1054
|
+
Cv.error({
|
|
1055
|
+
code: "INTERNAL_ERROR",
|
|
1056
|
+
message: "Failed to persist OIDC client secret.",
|
|
1057
|
+
}),
|
|
1062
1058
|
});
|
|
1063
1059
|
}
|
|
1064
1060
|
|
|
@@ -1078,10 +1074,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1078
1074
|
},
|
|
1079
1075
|
}),
|
|
1080
1076
|
err: () =>
|
|
1081
|
-
|
|
1082
|
-
"INTERNAL_ERROR",
|
|
1083
|
-
"Failed to record OIDC registration audit event.",
|
|
1084
|
-
),
|
|
1077
|
+
Cv.error({
|
|
1078
|
+
code: "INTERNAL_ERROR",
|
|
1079
|
+
message: "Failed to record OIDC registration audit event.",
|
|
1080
|
+
}),
|
|
1085
1081
|
});
|
|
1086
1082
|
|
|
1087
1083
|
const secret = yield* Fx.from({
|
|
@@ -1092,17 +1088,17 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1092
1088
|
ENTERPRISE_OIDC_CLIENT_SECRET_KIND,
|
|
1093
1089
|
),
|
|
1094
1090
|
err: () =>
|
|
1095
|
-
|
|
1096
|
-
"INTERNAL_ERROR",
|
|
1097
|
-
"Failed to load OIDC secret metadata.",
|
|
1098
|
-
),
|
|
1091
|
+
Cv.error({
|
|
1092
|
+
code: "INTERNAL_ERROR",
|
|
1093
|
+
message: "Failed to load OIDC secret metadata.",
|
|
1094
|
+
}),
|
|
1099
1095
|
});
|
|
1100
1096
|
|
|
1101
1097
|
return withOidcSecretState(
|
|
1102
1098
|
getPublicOidcConfig(nextConfig),
|
|
1103
1099
|
secret !== null,
|
|
1104
1100
|
);
|
|
1105
|
-
}).pipe(Fx.recover((e) => Fx.fatal(e
|
|
1101
|
+
}).pipe(Fx.recover((e) => Fx.fatal(e))),
|
|
1106
1102
|
);
|
|
1107
1103
|
},
|
|
1108
1104
|
/**
|
|
@@ -1116,16 +1112,17 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1116
1112
|
enterpriseId,
|
|
1117
1113
|
}),
|
|
1118
1114
|
err: () =>
|
|
1119
|
-
|
|
1115
|
+
Cv.error({
|
|
1116
|
+
code: "INTERNAL_ERROR",
|
|
1117
|
+
message: "Failed to load enterprise.",
|
|
1118
|
+
}),
|
|
1120
1119
|
}).pipe(
|
|
1121
1120
|
Fx.chain((ent) =>
|
|
1122
1121
|
ent === null
|
|
1123
|
-
?
|
|
1124
|
-
|
|
1125
|
-
|
|
1126
|
-
|
|
1127
|
-
),
|
|
1128
|
-
)
|
|
1122
|
+
? Cv.fail({
|
|
1123
|
+
code: "INVALID_PARAMETERS",
|
|
1124
|
+
message: enterpriseNotFoundError,
|
|
1125
|
+
})
|
|
1129
1126
|
: Fx.succeed(ent),
|
|
1130
1127
|
),
|
|
1131
1128
|
Fx.chain((enterprise) =>
|
|
@@ -1142,13 +1139,13 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1142
1139
|
);
|
|
1143
1140
|
},
|
|
1144
1141
|
err: () =>
|
|
1145
|
-
|
|
1146
|
-
"INTERNAL_ERROR",
|
|
1147
|
-
"Failed to load OIDC secret metadata.",
|
|
1148
|
-
),
|
|
1142
|
+
Cv.error({
|
|
1143
|
+
code: "INTERNAL_ERROR",
|
|
1144
|
+
message: "Failed to load OIDC secret metadata.",
|
|
1145
|
+
}),
|
|
1149
1146
|
}),
|
|
1150
1147
|
),
|
|
1151
|
-
Fx.recover((e) => Fx.fatal(e
|
|
1148
|
+
Fx.recover((e) => Fx.fatal(e)),
|
|
1152
1149
|
),
|
|
1153
1150
|
);
|
|
1154
1151
|
},
|
|
@@ -1175,19 +1172,17 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1175
1172
|
enterpriseId: data.enterpriseId,
|
|
1176
1173
|
}),
|
|
1177
1174
|
err: () =>
|
|
1178
|
-
|
|
1179
|
-
"INTERNAL_ERROR",
|
|
1180
|
-
"Failed to load enterprise.",
|
|
1181
|
-
),
|
|
1175
|
+
Cv.error({
|
|
1176
|
+
code: "INTERNAL_ERROR",
|
|
1177
|
+
message: "Failed to load enterprise.",
|
|
1178
|
+
}),
|
|
1182
1179
|
}).pipe(
|
|
1183
1180
|
Fx.chain((ent) =>
|
|
1184
1181
|
ent === null
|
|
1185
|
-
?
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
1189
|
-
),
|
|
1190
|
-
)
|
|
1182
|
+
? Cv.fail({
|
|
1183
|
+
code: "INVALID_PARAMETERS",
|
|
1184
|
+
message: enterpriseNotFoundError,
|
|
1185
|
+
})
|
|
1191
1186
|
: Fx.succeed(ent),
|
|
1192
1187
|
),
|
|
1193
1188
|
)
|
|
@@ -1199,55 +1194,49 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1199
1194
|
{
|
|
1200
1195
|
domain: normalizeDomain(
|
|
1201
1196
|
data.domain ??
|
|
1202
|
-
String(data.email).split("@").
|
|
1197
|
+
String(data.email).split("@").pop() ??
|
|
1203
1198
|
"",
|
|
1204
1199
|
),
|
|
1205
1200
|
},
|
|
1206
1201
|
),
|
|
1207
1202
|
err: () =>
|
|
1208
|
-
|
|
1209
|
-
"INTERNAL_ERROR",
|
|
1210
|
-
"Failed to resolve enterprise by domain.",
|
|
1211
|
-
),
|
|
1203
|
+
Cv.error({
|
|
1204
|
+
code: "INTERNAL_ERROR",
|
|
1205
|
+
message: "Failed to resolve enterprise by domain.",
|
|
1206
|
+
}),
|
|
1212
1207
|
}).pipe(
|
|
1213
1208
|
Fx.chain((result) =>
|
|
1214
1209
|
result?.enterprise &&
|
|
1215
1210
|
result.domain?.verifiedAt !== undefined
|
|
1216
1211
|
? Fx.succeed(result.enterprise)
|
|
1217
|
-
:
|
|
1218
|
-
|
|
1219
|
-
|
|
1212
|
+
: Cv.fail({
|
|
1213
|
+
code: "INVALID_PARAMETERS",
|
|
1214
|
+
message:
|
|
1220
1215
|
"No enterprise OIDC connection matched the provided input.",
|
|
1221
|
-
|
|
1222
|
-
),
|
|
1216
|
+
}),
|
|
1223
1217
|
),
|
|
1224
1218
|
)
|
|
1225
|
-
: yield*
|
|
1226
|
-
|
|
1227
|
-
|
|
1219
|
+
: yield* Cv.fail({
|
|
1220
|
+
code: "INVALID_PARAMETERS",
|
|
1221
|
+
message:
|
|
1228
1222
|
"No enterprise OIDC connection matched the provided input.",
|
|
1229
|
-
|
|
1230
|
-
);
|
|
1223
|
+
});
|
|
1231
1224
|
|
|
1232
1225
|
yield* Fx.guard(
|
|
1233
1226
|
enterprise.status !== "active",
|
|
1234
|
-
|
|
1235
|
-
|
|
1236
|
-
|
|
1237
|
-
|
|
1238
|
-
),
|
|
1239
|
-
),
|
|
1227
|
+
Cv.fail({
|
|
1228
|
+
code: "INVALID_PARAMETERS",
|
|
1229
|
+
message: "Enterprise connection is not active.",
|
|
1230
|
+
}),
|
|
1240
1231
|
);
|
|
1241
1232
|
|
|
1242
1233
|
const oidc = getOidcConfig(enterprise.config);
|
|
1243
1234
|
yield* Fx.guard(
|
|
1244
1235
|
oidc.enabled !== true,
|
|
1245
|
-
|
|
1246
|
-
|
|
1247
|
-
|
|
1248
|
-
|
|
1249
|
-
),
|
|
1250
|
-
),
|
|
1236
|
+
Cv.fail({
|
|
1237
|
+
code: "PROVIDER_NOT_CONFIGURED",
|
|
1238
|
+
message: "OIDC is not configured for this enterprise.",
|
|
1239
|
+
}),
|
|
1251
1240
|
);
|
|
1252
1241
|
|
|
1253
1242
|
const urls = getEnterpriseOidcUrls({
|
|
@@ -1261,7 +1250,7 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1261
1250
|
callbackPath: urls.callbackUrl,
|
|
1262
1251
|
redirectTo: data.redirectTo,
|
|
1263
1252
|
};
|
|
1264
|
-
}).pipe(Fx.recover((e) => Fx.fatal(e
|
|
1253
|
+
}).pipe(Fx.recover((e) => Fx.fatal(e))),
|
|
1265
1254
|
);
|
|
1266
1255
|
},
|
|
1267
1256
|
/**
|
|
@@ -1403,10 +1392,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1403
1392
|
},
|
|
1404
1393
|
);
|
|
1405
1394
|
if (enterprise === null) {
|
|
1406
|
-
throw
|
|
1407
|
-
"INVALID_PARAMETERS",
|
|
1408
|
-
"Enterprise not found.",
|
|
1409
|
-
)
|
|
1395
|
+
throw Cv.error({
|
|
1396
|
+
code: "INVALID_PARAMETERS",
|
|
1397
|
+
message: "Enterprise not found.",
|
|
1398
|
+
});
|
|
1410
1399
|
}
|
|
1411
1400
|
const rawToken = generateRandomString(48, INVITE_TOKEN_ALPHABET);
|
|
1412
1401
|
const tokenHash = await sha256(rawToken);
|
|
@@ -1439,7 +1428,6 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1439
1428
|
payload: { enterpriseId: enterprise._id, scimConfigId: configId },
|
|
1440
1429
|
});
|
|
1441
1430
|
return {
|
|
1442
|
-
ok: true as const,
|
|
1443
1431
|
enterpriseId: enterprise._id,
|
|
1444
1432
|
configId,
|
|
1445
1433
|
basePath:
|
|
@@ -1632,10 +1620,10 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1632
1620
|
},
|
|
1633
1621
|
);
|
|
1634
1622
|
if (enterprise === null) {
|
|
1635
|
-
throw
|
|
1636
|
-
"INVALID_PARAMETERS",
|
|
1637
|
-
"Enterprise not found.",
|
|
1638
|
-
)
|
|
1623
|
+
throw Cv.error({
|
|
1624
|
+
code: "INVALID_PARAMETERS",
|
|
1625
|
+
message: "Enterprise not found.",
|
|
1626
|
+
});
|
|
1639
1627
|
}
|
|
1640
1628
|
const secretHash = await sha256(data.secret);
|
|
1641
1629
|
const endpointId = (await ctx.runMutation(
|
|
@@ -1659,7 +1647,7 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1659
1647
|
subjectId: endpointId,
|
|
1660
1648
|
ok: true,
|
|
1661
1649
|
});
|
|
1662
|
-
return {
|
|
1650
|
+
return { endpointId };
|
|
1663
1651
|
},
|
|
1664
1652
|
list: async (ctx: ComponentReadCtx, enterpriseId: string) => {
|
|
1665
1653
|
return await ctx.runQuery(
|
|
@@ -1672,7 +1660,7 @@ export function createEnterpriseDomain(deps: any) {
|
|
|
1672
1660
|
config.component.public.enterpriseWebhookEndpointUpdate,
|
|
1673
1661
|
{ endpointId, data: { status: "disabled" } },
|
|
1674
1662
|
);
|
|
1675
|
-
return {
|
|
1663
|
+
return { endpointId };
|
|
1676
1664
|
},
|
|
1677
1665
|
},
|
|
1678
1666
|
emit: async (
|