@tachybase/plugin-auth-saml 0.23.8

package/dist/server/actions/redirect.js

@@ -0,0 +1,49 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var redirect_exports = {};
+__export(redirect_exports, {
+  redirect: () => redirect
+});
+module.exports = __toCommonJS(redirect_exports);
+var import_server = require("@tachybase/server");
+const redirect = async (ctx, next) => {
+  const { authenticator, __appName: appName } = ctx.action.params || {};
+  const { RelayState: redirect2 } = ctx.action.params.values || {};
+  let prefix = process.env.APP_PUBLIC_PATH || "";
+  if (appName && appName !== "main") {
+    const appSupervisor = import_server.AppSupervisor.getInstance();
+    if ((appSupervisor == null ? void 0 : appSupervisor.runningMode) !== "single") {
+      prefix += `/apps/${appName}`;
+    }
+  }
+  const auth = await ctx.app.authManager.get(authenticator, ctx);
+  if (prefix.endsWith("/")) {
+    prefix = prefix.slice(0, -1);
+  }
+  try {
+    const { token } = await auth.signIn();
+    ctx.redirect(`${prefix}${redirect2 || "/admin"}?authenticator=${authenticator}&token=${token}`);
+  } catch (error) {
+    ctx.redirect(`${prefix}/signin?authenticator=${authenticator}&error=${error.message}&redirect=${redirect2}`);
+  }
+  await next();
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  redirect
+});

package/dist/server/index.d.ts

@@ -0,0 +1 @@
+export { default } from './plugin';

package/dist/server/index.js

@@ -0,0 +1,33 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var server_exports = {};
+__export(server_exports, {
+  default: () => import_plugin.default
+});
+module.exports = __toCommonJS(server_exports);
+var import_plugin = __toESM(require("./plugin"));

package/dist/server/migrations/20231008112900-update-autosignup.d.ts

@@ -0,0 +1,6 @@
+import { Migration } from '@tachybase/server';
+export default class UpdateAutoSignupMigration extends Migration {
+    appVersion: string;
+    up(): Promise<void>;
+    down(): Promise<void>;
+}

package/dist/server/migrations/20231008112900-update-autosignup.js

@@ -0,0 +1,52 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var update_autosignup_exports = {};
+__export(update_autosignup_exports, {
+  default: () => UpdateAutoSignupMigration
+});
+module.exports = __toCommonJS(update_autosignup_exports);
+var import_server = require("@tachybase/server");
+var import_constants = require("../../constants");
+class UpdateAutoSignupMigration extends import_server.Migration {
+  appVersion = "<0.14.0-alpha.8";
+  async up() {
+    const result = await this.app.version.satisfies("<=0.14.0-alpha.8");
+    if (!result) {
+      return;
+    }
+    const r = this.db.getRepository("authenticators");
+    const items = await r.find({
+      filter: {
+        authType: import_constants.authType
+      }
+    });
+    await this.db.sequelize.transaction(async (transaction) => {
+      for (const item of items) {
+        let options = item.options;
+        options = {
+          public: { autoSignup: true, ...options.public },
+          saml: { userBindField: "email", ...options.saml }
+        };
+        item.set("options", options);
+        await item.save({ transaction });
+      }
+    });
+  }
+  async down() {
+  }
+}

package/dist/server/plugin.d.ts

@@ -0,0 +1,11 @@
+import { InstallOptions, Plugin } from '@tachybase/server';
+export declare class SAMLPlugin extends Plugin {
+    afterAdd(): void;
+    beforeLoad(): void;
+    load(): Promise<void>;
+    install(options?: InstallOptions): Promise<void>;
+    afterEnable(): Promise<void>;
+    afterDisable(): Promise<void>;
+    remove(): Promise<void>;
+}
+export default SAMLPlugin;

package/dist/server/plugin.js

@@ -0,0 +1,70 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var plugin_exports = {};
+__export(plugin_exports, {
+  SAMLPlugin: () => SAMLPlugin,
+  default: () => plugin_default
+});
+module.exports = __toCommonJS(plugin_exports);
+var import_path = require("path");
+var import_server = require("@tachybase/server");
+var import_constants = require("../constants");
+var import_getAuthUrl = require("./actions/getAuthUrl");
+var import_metadata = require("./actions/metadata");
+var import_redirect = require("./actions/redirect");
+var import_saml_auth = require("./saml-auth");
+class SAMLPlugin extends import_server.Plugin {
+  afterAdd() {
+  }
+  beforeLoad() {
+  }
+  async load() {
+    this.db.addMigrations({
+      namespace: "auth",
+      directory: (0, import_path.resolve)(__dirname, "migrations"),
+      context: {
+        plugin: this
+      }
+    });
+    this.app.authManager.registerTypes(import_constants.authType, {
+      auth: import_saml_auth.SAMLAuth
+    });
+    this.app.resource({
+      name: "saml",
+      actions: {
+        redirect: import_redirect.redirect,
+        metadata: import_metadata.metadata,
+        getAuthUrl: import_getAuthUrl.getAuthUrl
+      }
+    });
+    this.app.acl.allow("saml", "*", "public");
+  }
+  async install(options) {
+  }
+  async afterEnable() {
+  }
+  async afterDisable() {
+  }
+  async remove() {
+  }
+}
+var plugin_default = SAMLPlugin;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  SAMLPlugin
+});

package/dist/server/saml-auth.d.ts

@@ -0,0 +1,8 @@
+import { AuthConfig, BaseAuth } from '@tachybase/auth';
+import { SamlConfig } from '@node-saml/node-saml';
+export { Model } from '@tachybase/database';
+export declare class SAMLAuth extends BaseAuth {
+    constructor(config: AuthConfig);
+    getOptions(): SamlConfig;
+    validate(): Promise<import("@tachybase/database").Model<any, any>>;
+}

package/dist/server/saml-auth.js

@@ -0,0 +1,110 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var saml_auth_exports = {};
+__export(saml_auth_exports, {
+  Model: () => import_database.Model,
+  SAMLAuth: () => SAMLAuth
+});
+module.exports = __toCommonJS(saml_auth_exports);
+var import_auth = require("@tachybase/auth");
+var import_node_saml = require("@node-saml/node-saml");
+var import_database = require("@tachybase/database");
+class SAMLAuth extends import_auth.BaseAuth {
+  constructor(config) {
+    const { ctx } = config;
+    super({
+      ...config,
+      userCollection: ctx.db.getCollection("users")
+    });
+  }
+  getOptions() {
+    var _a;
+    const ctx = this.ctx;
+    const { ssoUrl, certificate, idpIssuer, http } = ((_a = this.options) == null ? void 0 : _a.saml) || {};
+    const name = this.authenticator.get("name");
+    const protocol = http ? "http" : "https";
+    return {
+      callbackUrl: `${protocol}://${ctx.host}${process.env.API_BASE_PATH}saml:redirect?authenticator=${name}&__appName=${ctx.app.name}`,
+      entryPoint: ssoUrl,
+      issuer: name,
+      cert: certificate,
+      idpIssuer,
+      wantAssertionsSigned: false
+    };
+  }
+  async validate() {
+    var _a, _b;
+    const ctx = this.ctx;
+    const {
+      params: { values: samlResponse }
+    } = ctx.action;
+    const saml = new import_node_saml.SAML(this.getOptions());
+    const { profile } = await saml.validatePostResponseAsync(samlResponse);
+    const { nameID, nickname, firstName, lastName, phone } = profile;
+    let { email, username } = profile;
+    const isEmail = nameID.match(/^.+@.+\..+$/);
+    if (!email && isEmail) {
+      email = nameID;
+    }
+    if (!username && !isEmail) {
+      username = nameID;
+    }
+    const authenticator = this.authenticator;
+    let user = await authenticator.findUser(nameID);
+    if (user) {
+      return user;
+    }
+    const { userBindField = "email" } = ((_a = this.options) == null ? void 0 : _a.saml) || {};
+    if (userBindField === "email" && email) {
+      user = await this.userRepository.findOne({
+        filter: { email }
+      });
+    } else if (userBindField === "username" && username) {
+      user = await this.userRepository.findOne({
+        filter: { username }
+      });
+    }
+    if (user) {
+      await this.authenticator.addUser(user.id, {
+        through: {
+          uuid: nameID
+        }
+      });
+      return user;
+    }
+    const { autoSignup } = ((_b = this.options) == null ? void 0 : _b.public) || {};
+    if (!autoSignup) {
+      throw new Error("User not found");
+    }
+    if (username && !this.validateUsername(username)) {
+      throw new Error(`Username must be 2-16 characters in length (excluding @.<>"'/)`);
+    }
+    const fullName = firstName && lastName && `${firstName} ${lastName}`;
+    return await authenticator.newUser(nameID, {
+      username: username ?? null,
+      nickname: nickname || fullName || username || nameID,
+      email: email ?? null,
+      phone: phone ?? null
+    });
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Model,
+  SAMLAuth
+});

package/dist/swagger/index.d.ts

@@ -0,0 +1,137 @@
+declare const _default: {
+    info: {
+        title: string;
+    };
+    paths: {
+        '/saml:getAuthUrl': {
+            security: any[];
+            get: {
+                description: string;
+                tags: string[];
+                parameters: {
+                    name: string;
+                    description: string;
+                    in: string;
+                    schema: {
+                        type: string;
+                    };
+                    required: boolean;
+                }[];
+                responses: {
+                    200: {
+                        description: string;
+                        content: {
+                            'application/json': {
+                                schema: {
+                                    type: string;
+                                };
+                            };
+                        };
+                    };
+                };
+            };
+        };
+        '/auth:signIn': {
+            security: any[];
+            post: {
+                description: string;
+                tags: string[];
+                parameters: {
+                    name: string;
+                    description: string;
+                    in: string;
+                    schema: {
+                        type: string;
+                    };
+                    required: boolean;
+                }[];
+                requestBody: {
+                    content: {
+                        'application/json': {
+                            schema: {
+                                type: string;
+                                properties: {
+                                    samlResponse: {
+                                        type: string;
+                                    };
+                                };
+                            };
+                        };
+                    };
+                };
+                responses: {
+                    200: {
+                        description: string;
+                        content: {
+                            'application/json': {
+                                schema: {
+                                    type: string;
+                                    properties: {
+                                        user: {
+                                            type: string;
+                                            description: string;
+                                            properties: {
+                                                id: {
+                                                    type: string;
+                                                    description: string;
+                                                };
+                                                nickname: {
+                                                    type: string;
+                                                    description: string;
+                                                };
+                                                email: {
+                                                    type: string;
+                                                    description: string;
+                                                };
+                                                phone: {
+                                                    type: string;
+                                                    description: string;
+                                                };
+                                                appLang: {
+                                                    type: string;
+                                                    description: string;
+                                                };
+                                                systemSettings: {
+                                                    type: string;
+                                                    description: string;
+                                                    properties: {
+                                                        theme: {
+                                                            type: string;
+                                                            description: string;
+                                                        };
+                                                    };
+                                                };
+                                                createdAt: {
+                                                    type: string;
+                                                    format: string;
+                                                    description: string;
+                                                };
+                                                updatedAt: {
+                                                    type: string;
+                                                    format: string;
+                                                    description: string;
+                                                };
+                                                createdById: {
+                                                    type: string;
+                                                    description: string;
+                                                };
+                                                updatedById: {
+                                                    type: string;
+                                                    description: string;
+                                                };
+                                            };
+                                        };
+                                        token: {
+                                            type: string;
+                                        };
+                                    };
+                                };
+                            };
+                        };
+                    };
+                };
+            };
+        };
+    };
+};
+export default _default;

package/dist/swagger/index.js

@@ -0,0 +1,163 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var swagger_exports = {};
+__export(swagger_exports, {
+  default: () => swagger_default
+});
+module.exports = __toCommonJS(swagger_exports);
+const user = {
+  type: "object",
+  description: "\u7528\u6237",
+  properties: {
+    id: {
+      type: "integer",
+      description: "ID"
+    },
+    nickname: {
+      type: "string",
+      description: "\u6635\u79F0"
+    },
+    email: {
+      type: "string",
+      description: "\u90AE\u7BB1"
+    },
+    phone: {
+      type: "string",
+      description: "\u624B\u673A\u53F7"
+    },
+    appLang: {
+      type: "string",
+      description: "\u7528\u6237\u4F7F\u7528\u8BED\u8A00"
+    },
+    systemSettings: {
+      type: "object",
+      description: "\u5E94\u7528\u914D\u7F6E",
+      properties: {
+        theme: {
+          type: "string",
+          description: "\u7528\u6237\u4F7F\u7528\u4E3B\u9898"
+        }
+      }
+    },
+    createdAt: {
+      type: "string",
+      format: "date-time",
+      description: "\u521B\u5EFA\u65F6\u95F4"
+    },
+    updatedAt: {
+      type: "string",
+      format: "date-time",
+      description: "\u66F4\u65B0\u65F6\u95F4"
+    },
+    createdById: {
+      type: "integer",
+      description: "\u521B\u5EFA\u4EBA"
+    },
+    updatedById: {
+      type: "integer",
+      description: "\u66F4\u65B0\u4EBA"
+    }
+  }
+};
+var swagger_default = {
+  info: {
+    title: "TachyBase API - SAML plugin"
+  },
+  paths: {
+    "/saml:getAuthUrl": {
+      security: [],
+      get: {
+        description: "Get SAML authorization url",
+        tags: ["SAML"],
+        parameters: [
+          {
+            name: "X-Authenticator",
+            description: "\u767B\u5F55\u65B9\u5F0F\u6807\u8BC6",
+            in: "header",
+            schema: {
+              type: "string"
+            },
+            required: true
+          }
+        ],
+        responses: {
+          200: {
+            description: "ok",
+            content: {
+              "application/json": {
+                schema: {
+                  type: "string"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/auth:signIn": {
+      security: [],
+      post: {
+        description: "SAML sign in",
+        tags: ["SAML"],
+        parameters: [
+          {
+            name: "X-Authenticator",
+            description: "\u767B\u5F55\u65B9\u5F0F\u6807\u8BC6",
+            in: "header",
+            schema: {
+              type: "string"
+            },
+            required: true
+          }
+        ],
+        requestBody: {
+          content: {
+            "application/json": {
+              schema: {
+                type: "object",
+                properties: {
+                  samlResponse: {
+                    type: "string"
+                  }
+                }
+              }
+            }
+          }
+        },
+        responses: {
+          200: {
+            description: "ok",
+            content: {
+              "application/json": {
+                schema: {
+                  type: "object",
+                  properties: {
+                    user,
+                    token: {
+                      type: "string"
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+};

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@tachybase/plugin-auth-saml",
+  "displayName": "Auth: SAML 2.0",
+  "version": "0.23.8",
+  "description": "SAML 2.0 authentication.",
+  "keywords": [
+    "Authentication"
+  ],
+  "license": "Apache-2.0",
+  "main": "./dist/server/index.js",
+  "devDependencies": {
+    "@ant-design/icons": "~5.3.7",
+    "@node-saml/node-saml": "^4.0.5",
+    "antd": "5.22.5",
+    "react": "~18.3.1",
+    "react-i18next": "^15.2.0",
+    "react-router-dom": "6.28.1",
+    "@tachybase/schema": "0.23.8"
+  },
+  "peerDependencies": {
+    "@tachybase/module-auth": "0.23.8",
+    "@tachybase/actions": "0.23.8",
+    "@tachybase/auth": "0.23.8",
+    "@tachybase/server": "0.23.8",
+    "@tachybase/test": "0.23.8",
+    "@tachybase/client": "0.23.8",
+    "@tachybase/database": "0.23.8",
+    "@tachybase/sdk": "0.23.8"
+  },
+  "description.zh-CN": "通过 SAML 2.0 协议认证身份。",
+  "displayName.zh-CN": "认证：SAML 2.0",
+  "scripts": {
+    "build": "tachybase-build --no-dts @tachybase/plugin-auth-saml"
+  }
+}

package/server.d.ts

@@ -0,0 +1,2 @@
+export * from './dist/server';
+export { default } from './dist/server';