directus 9.19.2 → 9.20.1

package/dist/auth/drivers/index.d.ts

@@ -2,3 +2,4 @@ export * from './local';
 export * from './oauth2';
 export * from './openid';
 export * from './ldap';
+export * from './saml';

package/dist/auth/drivers/index.js

@@ -18,3 +18,4 @@ __exportStar(require("./local"), exports);
 __exportStar(require("./oauth2"), exports);
 __exportStar(require("./openid"), exports);
 __exportStar(require("./ldap"), exports);
+__exportStar(require("./saml"), exports);

package/dist/auth/drivers/oauth2.js

@@ -1,4 +1,27 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -6,7 +29,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOAuth2AuthRouter = exports.OAuth2AuthDriver = void 0;
 const exceptions_1 = require("@directus/shared/exceptions");
 const utils_1 = require("@directus/shared/utils");
-const express_1 = require("express");
+const express_1 = __importStar(require("express"));
 const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const ms_1 = __importDefault(require("ms"));
@@ -81,8 +104,8 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         return user === null || user === void 0 ? void 0 : user.id;
     }
     async getUserID(payload) {
-        if (!payload.code || !payload.codeVerifier) {
-            logger_1.default.trace('[OAuth2] No code or codeVerifier in payload');
+        if (!payload.code || !payload.codeVerifier || !payload.state) {
+            logger_1.default.warn('[OAuth2] No code, codeVerifier or state in payload');
             throw new exceptions_2.InvalidCredentialsException();
         }
         let tokenSet;
@@ -116,7 +139,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         }
         // Is public registration allowed?
         if (!allowPublicRegistration) {
-            logger_1.default.trace(`[OAuth2] User doesn't exist, and public registration not allowed for provider "${provider}"`);
+            logger_1.default.warn(`[OAuth2] User doesn't exist, and public registration not allowed for provider "${provider}"`);
             throw new exceptions_2.InvalidCredentialsException();
         }
         try {
@@ -207,6 +230,9 @@ function createOAuth2AuthRouter(providerName) {
         });
         return res.redirect(provider.generateAuthUrl(codeVerifier, prompt));
     }, respond_1.respond);
+    router.post('/callback', express_1.default.urlencoded({ extended: false }), (req, res) => {
+        res.redirect(303, `./callback?${new URLSearchParams(req.body)}`);
+    }, respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
         var _a;
         let tokenData;
@@ -230,9 +256,6 @@ function createOAuth2AuthRouter(providerName) {
         let authResponse;
         try {
             res.clearCookie(`oauth2.${providerName}`);
-            if (!req.query.code || !req.query.state) {
-                logger_1.default.warn(`[OAuth2] Couldn't extract OAuth2 code or state from query: ${JSON.stringify(req.query)}`);
-            }
             authResponse = await authenticationService.login(providerName, {
                 code: req.query.code,
                 codeVerifier: verifier,

package/dist/auth/drivers/openid.js

@@ -1,4 +1,27 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -6,7 +29,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOpenIDAuthRouter = exports.OpenIDAuthDriver = void 0;
 const exceptions_1 = require("@directus/shared/exceptions");
 const utils_1 = require("@directus/shared/utils");
-const express_1 = require("express");
+const express_1 = __importStar(require("express"));
 const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const ms_1 = __importDefault(require("ms"));
@@ -91,8 +114,8 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         return user === null || user === void 0 ? void 0 : user.id;
     }
     async getUserID(payload) {
-        if (!payload.code || !payload.codeVerifier) {
-            logger_1.default.trace('[OpenID] No code or codeVerifier in payload');
+        if (!payload.code || !payload.codeVerifier || !payload.state) {
+            logger_1.default.warn('[OpenID] No code, codeVerifier or state in payload');
             throw new exceptions_2.InvalidCredentialsException();
         }
         let tokenSet;
@@ -134,7 +157,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         const isEmailVerified = !requireVerifiedEmail || userInfo.email_verified;
         // Is public registration allowed?
         if (!allowPublicRegistration || !isEmailVerified) {
-            logger_1.default.trace(`[OpenID] User doesn't exist, and public registration not allowed for provider "${provider}"`);
+            logger_1.default.warn(`[OpenID] User doesn't exist, and public registration not allowed for provider "${provider}"`);
             throw new exceptions_2.InvalidCredentialsException();
         }
         try {
@@ -226,6 +249,9 @@ function createOpenIDAuthRouter(providerName) {
         });
         return res.redirect(await provider.generateAuthUrl(codeVerifier, prompt));
     }), respond_1.respond);
+    router.post('/callback', express_1.default.urlencoded({ extended: false }), (req, res) => {
+        res.redirect(303, `./callback?${new URLSearchParams(req.body)}`);
+    }, respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
         var _a;
         let tokenData;
@@ -249,9 +275,6 @@ function createOpenIDAuthRouter(providerName) {
         let authResponse;
         try {
             res.clearCookie(`openid.${providerName}`);
-            if (!req.query.code || !req.query.state) {
-                logger_1.default.warn(`[OpenID] Couldn't extract OpenID code or state from query: ${JSON.stringify(req.query)}`);
-            }
             authResponse = await authenticationService.login(providerName, {
                 code: req.query.code,
                 codeVerifier: verifier,

package/dist/auth/drivers/saml.d.ts

@@ -0,0 +1,14 @@
+import { UsersService } from '../../services';
+import { AuthDriverOptions, User } from '../../types';
+import { LocalAuthDriver } from './local';
+export declare class SAMLAuthDriver extends LocalAuthDriver {
+    idp: any;
+    sp: any;
+    usersService: UsersService;
+    config: Record<string, any>;
+    constructor(options: AuthDriverOptions, config: Record<string, any>);
+    fetchUserID(identifier: string): Promise<any>;
+    getUserID(payload: Record<string, any>): Promise<any>;
+    login(_user: User): Promise<void>;
+}
+export declare function createSAMLAuthRouter(providerName: string): import("express-serve-static-core").Router;

package/dist/auth/drivers/saml.js

@@ -0,0 +1,166 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSAMLAuthRouter = exports.SAMLAuthDriver = void 0;
+const validator = __importStar(require("@authenio/samlify-node-xmllint"));
+const exceptions_1 = require("@directus/shared/exceptions");
+const express_1 = __importStar(require("express"));
+const samlify = __importStar(require("samlify"));
+const auth_1 = require("../../auth");
+const constants_1 = require("../../constants");
+const env_1 = __importDefault(require("../../env"));
+const exceptions_2 = require("../../exceptions");
+const record_not_unique_1 = require("../../exceptions/database/record-not-unique");
+const logger_1 = __importDefault(require("../../logger"));
+const respond_1 = require("../../middleware/respond");
+const services_1 = require("../../services");
+const async_handler_1 = __importDefault(require("../../utils/async-handler"));
+const get_config_from_env_1 = require("../../utils/get-config-from-env");
+const local_1 = require("./local");
+// tell samlify to use validator...
+samlify.setSchemaValidator(validator);
+class SAMLAuthDriver extends local_1.LocalAuthDriver {
+    constructor(options, config) {
+        super(options, config);
+        this.config = config;
+        this.usersService = new services_1.UsersService({ knex: this.knex, schema: this.schema });
+        this.sp = samlify.ServiceProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_SP`));
+        this.idp = samlify.IdentityProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_IDP`));
+    }
+    async fetchUserID(identifier) {
+        const user = await this.knex
+            .select('id')
+            .from('directus_users')
+            .whereRaw('LOWER(??) = ?', ['external_identifier', identifier.toLowerCase()])
+            .first();
+        return user === null || user === void 0 ? void 0 : user.id;
+    }
+    async getUserID(payload) {
+        const { provider, emailKey, identifierKey, givenNameKey, familyNameKey, allowPublicRegistration } = this.config;
+        const email = payload[emailKey !== null && emailKey !== void 0 ? emailKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'];
+        const identifier = payload[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'];
+        const userID = await this.fetchUserID(identifier);
+        if (userID)
+            return userID;
+        if (!allowPublicRegistration) {
+            logger_1.default.trace(`[SAML] User doesn't exist, and public registration not allowed for provider "${provider}"`);
+            throw new exceptions_2.InvalidCredentialsException();
+        }
+        const firstName = payload[givenNameKey !== null && givenNameKey !== void 0 ? givenNameKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'];
+        const lastName = payload[familyNameKey !== null && familyNameKey !== void 0 ? familyNameKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'];
+        try {
+            return await this.usersService.createOne({
+                provider,
+                first_name: firstName,
+                last_name: lastName,
+                email: email,
+                external_identifier: identifier.toLowerCase(),
+                role: this.config.defaultRoleId,
+            });
+        }
+        catch (error) {
+            if (error instanceof record_not_unique_1.RecordNotUniqueException) {
+                logger_1.default.warn(error, '[SAML] Failed to register user. User not unique');
+                throw new exceptions_2.InvalidProviderException();
+            }
+            throw error;
+        }
+    }
+    // There's no local checks to be done when the user is authenticated in the IDP
+    async login(_user) {
+        return;
+    }
+}
+exports.SAMLAuthDriver = SAMLAuthDriver;
+function createSAMLAuthRouter(providerName) {
+    const router = (0, express_1.Router)();
+    router.get('/metadata', (0, async_handler_1.default)(async (_req, res) => {
+        const { sp } = (0, auth_1.getAuthProvider)(providerName);
+        return res.header('Content-Type', 'text/xml').send(sp.getMetadata());
+    }));
+    router.get('/', (0, async_handler_1.default)(async (req, res) => {
+        const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
+        const { context: url } = await sp.createLoginRequest(idp, 'redirect');
+        const parsedUrl = new URL(url);
+        if (req.query.redirect) {
+            parsedUrl.searchParams.append('RelayState', req.query.redirect);
+        }
+        return res.redirect(parsedUrl.toString());
+    }));
+    router.post('/logout', (0, async_handler_1.default)(async (req, res) => {
+        const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
+        const { context } = await sp.createLogoutRequest(idp, 'redirect', req.body);
+        const authService = new services_1.AuthenticationService({ accountability: req.accountability, schema: req.schema });
+        if (req.cookies[env_1.default.REFRESH_TOKEN_COOKIE_NAME]) {
+            const currentRefreshToken = req.cookies[env_1.default.REFRESH_TOKEN_COOKIE_NAME];
+            if (currentRefreshToken) {
+                await authService.logout(currentRefreshToken);
+                res.clearCookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, constants_1.COOKIE_OPTIONS);
+            }
+        }
+        return res.redirect(context);
+    }));
+    router.post('/acs', express_1.default.urlencoded({ extended: false }), (0, async_handler_1.default)(async (req, res, next) => {
+        var _a;
+        const relayState = (_a = req.body) === null || _a === void 0 ? void 0 : _a.RelayState;
+        try {
+            const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
+            const { extract } = await sp.parseLoginResponse(idp, 'post', req);
+            const authService = new services_1.AuthenticationService({ accountability: req.accountability, schema: req.schema });
+            const { accessToken, refreshToken, expires } = await authService.login(providerName, extract.attributes);
+            res.locals.payload = {
+                data: {
+                    access_token: accessToken,
+                    refresh_token: refreshToken,
+                    expires,
+                },
+            };
+            if (relayState) {
+                res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_1.COOKIE_OPTIONS);
+                return res.redirect(relayState);
+            }
+            return next();
+        }
+        catch (error) {
+            if (relayState) {
+                let reason = 'UNKNOWN_EXCEPTION';
+                if (error instanceof exceptions_1.BaseException) {
+                    reason = error.code;
+                }
+                else {
+                    logger_1.default.warn(error, `[SAML] Unexpected error during SAML login`);
+                }
+                return res.redirect(`${relayState.split('?')[0]}?reason=${reason}`);
+            }
+            logger_1.default.warn(error, `[SAML] Unexpected error during SAML login`);
+            throw error;
+        }
+    }), respond_1.respond);
+    return router;
+}
+exports.createSAMLAuthRouter = createSAMLAuthRouter;

package/dist/auth.js

@@ -63,5 +63,7 @@ function getProviderInstance(driver, options, config = {}) {
             return new drivers_1.OpenIDAuthDriver(options, config);
         case 'ldap':
             return new drivers_1.LDAPAuthDriver(options, config);
+        case 'saml':
+            return new drivers_1.SAMLAuthDriver(options, config);
     }
 }

package/dist/cli/index.test.js

@@ -1,5 +1,9 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = __importDefault(require("path"));
 const index_1 = require("./index");
 jest.mock('../../src/env', () => ({
     ...jest.requireActual('../../src/env').default,
@@ -16,7 +20,8 @@ jest.mock('@directus/shared/utils/node/get-extensions', () => ({
     getPackageExtensions: jest.fn(() => Promise.resolve([])),
     getLocalExtensions: jest.fn(() => Promise.resolve([customCliExtension])),
 }));
-jest.mock(`/hooks/custom-cli/index.js`, () => customCliHook, { virtual: true });
+const customHookPath = path_1.default.resolve('/hooks/custom-cli', 'index.js');
+jest.doMock(customHookPath, () => customCliHook, { virtual: true });
 const customCliExtension = {
     path: `/hooks/custom-cli`,
     name: 'custom-cli',

package/dist/controllers/auth.js

@@ -32,6 +32,9 @@ for (const authProvider of authProviders) {
         case 'ldap':
             authRouter = (0, drivers_1.createLDAPAuthRouter)(authProvider.name);
             break;
+        case 'saml':
+            authRouter = (0, drivers_1.createSAMLAuthRouter)(authProvider.name);
+            break;
     }
     if (!authRouter) {
         logger_1.default.warn(`Couldn't create login router for auth provider "${authProvider.name}"`);

package/dist/controllers/files.js

@@ -101,9 +101,6 @@ const multipartHandler = (req, res, next) => {
 };
 exports.multipartHandler = multipartHandler;
 router.post('/', (0, async_handler_1.default)(exports.multipartHandler), (0, async_handler_1.default)(async (req, res, next) => {
-    if (req.is('multipart/form-data') === false) {
-        throw new exceptions_1.UnsupportedMediaTypeException(`Unsupported Content-Type header`);
-    }
     const service = new services_1.FilesService({
         accountability: req.accountability,
         schema: req.schema,

package/dist/database/system-data/fields/settings.yaml

@@ -9,9 +9,6 @@ fields:
     options:
       iconRight: title
       placeholder: $t:field_options.directus_settings.project_name_placeholder
-    translations:
-      language: en-US
-      translations: Name
     width: half
 
   - field: project_descriptor
@@ -19,9 +16,6 @@ fields:
     options:
       iconRight: title
       placeholder: $t:field_options.directus_settings.project_name_placeholder
-    translations:
-      language: en-US
-      translations: Name
     width: half
 
   - field: project_url
@@ -29,9 +23,6 @@ fields:
     options:
       iconRight: link
       placeholder: https://example.com
-    translations:
-      language: en-US
-      translations: Website
     width: half
 
   - field: default_language
@@ -39,9 +30,6 @@ fields:
     options:
       iconRight: language
       placeholder: en-US
-    translations:
-      language: en-US
-      translations: Default Language
     width: half
 
   - field: branding_divider
@@ -57,31 +45,20 @@ fields:
   - field: project_color
     interface: select-color
     note: $t:field_options.directus_settings.project_color_note
-    translations:
-      language: en-US
-      translations: Brand Color
     width: half
 
   - field: project_logo
     interface: file
     note: $t:field_options.directus_settings.project_logo_note
-    translations:
-      language: en-US
-      translations: Brand Logo
     width: half
 
   - field: public_foreground
     interface: file
-    translations:
-      language: en-US
-      translations: Login Foreground
     width: half
 
   - field: public_background
     interface: file
     translations:
-      language: en-US
-      translations: Login Background
     width: half
 
   - field: public_note

package/dist/env.js

@@ -140,6 +140,8 @@ const allowedEnvironmentVars = [
     'AUTH_.+_GROUP_DN',
     'AUTH_.+_GROUP_ATTRIBUTE',
     'AUTH_.+_GROUP_SCOPE',
+    'AUTH_.+_IDP.+',
+    'AUTH_.+_SP.+',
     // extensions
     'EXTENSIONS_PATH',
     'EXTENSIONS_AUTO_RELOAD',

package/dist/services/authorization.js

@@ -290,8 +290,10 @@ class AuthorizationService {
                     for (const field of requiredPermissions[collection]) {
                         if (field.startsWith('$FOLLOW'))
                             continue;
-                        if (!allowedFields.includes(field))
+                        const fieldName = (0, strip_function_1.stripFunction)(field);
+                        if (!allowedFields.includes(fieldName)) {
                             throw new exceptions_2.ForbiddenException();
+                        }
                     }
                 }
             }

package/dist/services/fields.js

@@ -303,6 +303,11 @@ class FieldsService {
             const record = field.meta
                 ? await this.knex.select('id').from('directus_fields').where({ collection, field: field.field }).first()
                 : null;
+            if ((hookAdjustedField.type === 'alias' ||
+                this.schema.collections[collection].fields[field.field].type === 'alias') &&
+                hookAdjustedField.type !== this.schema.collections[collection].fields[field.field].type) {
+                throw new exceptions_1.InvalidPayloadException('Alias type cannot be changed');
+            }
             if (hookAdjustedField.schema) {
                 const existingColumn = await this.schemaInspector.columnInfo(collection, hookAdjustedField.field);
                 if (!(0, lodash_1.isEqual)(existingColumn, hookAdjustedField.schema)) {
@@ -390,7 +395,10 @@ class FieldsService {
                     // If the current field is a m2o, delete the related o2m if it exists and remove the relationship
                     if (isM2O) {
                         await relationsService.deleteOne(collection, field);
-                        if (relation.related_collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field)) {
+                        if (relation.related_collection &&
+                            ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) &&
+                            relation.related_collection !== collection &&
+                            relation.meta.one_field !== field) {
                             await fieldsService.deleteField(relation.related_collection, relation.meta.one_field);
                         }
                     }

package/dist/services/files.d.ts

@@ -18,6 +18,11 @@ export declare class FilesService extends ItemsService {
      * Import a single file from an external URL
      */
     importOne(importURL: string, body: Partial<File>): Promise<PrimaryKey>;
+    /**
+     * Create a file (only applicable when it is not a multipart/data POST request)
+     * Useful for associating metadata with existing file in storage
+     */
+    createOne(data: Partial<File>, opts?: MutationOptions): Promise<PrimaryKey>;
     /**
      * Delete a file
      */

package/dist/services/files.js

@@ -251,6 +251,17 @@ class FilesService extends items_1.ItemsService {
         };
         return await this.uploadOne(fileResponse.data, payload);
     }
+    /**
+     * Create a file (only applicable when it is not a multipart/data POST request)
+     * Useful for associating metadata with existing file in storage
+     */
+    async createOne(data, opts) {
+        if (!data.type) {
+            throw new exceptions_1.InvalidPayloadException(`"type" is required`);
+        }
+        const key = await super.createOne(data, opts);
+        return key;
+    }
     /**
      * Delete a file
      */

package/dist/services/files.test.js

@@ -7,6 +7,7 @@ const exifr_1 = __importDefault(require("exifr"));
 const knex_1 = __importDefault(require("knex"));
 const knex_mock_client_1 = require("knex-mock-client");
 const _1 = require(".");
+const exceptions_1 = require("../exceptions");
 jest.mock('exifr');
 jest.mock('../../src/database/index', () => {
     return { getDatabaseClient: jest.fn().mockReturnValue('postgres') };
@@ -21,8 +22,43 @@ describe('Integration Tests', () => {
     });
     afterEach(() => {
         tracker.reset();
+        jest.clearAllMocks();
     });
     describe('Services / Files', () => {
+        describe('createOne', () => {
+            let service;
+            let superCreateOne;
+            beforeEach(() => {
+                service = new _1.FilesService({
+                    knex: db,
+                    schema: { collections: {}, relations: [] },
+                });
+                superCreateOne = jest.spyOn(_1.ItemsService.prototype, 'createOne').mockImplementation(jest.fn());
+            });
+            it('throws InvalidPayloadException when "type" is not provided', async () => {
+                try {
+                    await service.createOne({
+                        title: 'Test File',
+                        storage: 'local',
+                        filename_download: 'test_file',
+                    });
+                }
+                catch (err) {
+                    expect(err).toBeInstanceOf(exceptions_1.InvalidPayloadException);
+                    expect(err.message).toBe('"type" is required');
+                }
+                expect(superCreateOne).not.toHaveBeenCalled();
+            });
+            it('creates a file entry when "type" is provided', async () => {
+                await service.createOne({
+                    title: 'Test File',
+                    storage: 'local',
+                    filename_download: 'test_file',
+                    type: 'application/octet-stream',
+                });
+                expect(superCreateOne).toHaveBeenCalled();
+            });
+        });
         describe('getMetadata', () => {
             let service;
             let exifrParseSpy;

package/dist/services/graphql/index.js

@@ -51,6 +51,7 @@ const string_or_float_1 = require("./types/string-or-float");
 const void_1 = require("./types/void");
 const add_path_to_validation_error_1 = require("./utils/add-path-to-validation-error");
 const hash_1 = require("./types/hash");
+const bigint_1 = require("./types/bigint");
 const validationRules = Array.from(graphql_1.specifiedRules);
 if (env_1.default.GRAPHQL_INTROSPECTION === false) {
     validationRules.push(graphql_1.NoSchemaIntrospectionCustomRule);
@@ -668,6 +669,7 @@ class GraphQLService {
                             case graphql_1.GraphQLBoolean:
                                 filterOperatorType = BooleanFilterOperators;
                                 break;
+                            case bigint_1.GraphQLBigInt:
                             case graphql_1.GraphQLInt:
                             case graphql_1.GraphQLFloat:
                                 filterOperatorType = NumberFilterOperators;
@@ -717,6 +719,7 @@ class GraphQLService {
                     fields: Object.values(collection.fields).reduce((acc, field) => {
                         const graphqlType = (0, get_graphql_type_1.getGraphQLType)(field.type, field.special);
                         switch (graphqlType) {
+                            case bigint_1.GraphQLBigInt:
                             case graphql_1.GraphQLInt:
                             case graphql_1.GraphQLFloat:
                                 acc[field.field] = {

package/dist/services/graphql/types/bigint.d.ts

@@ -0,0 +1,2 @@
+import { GraphQLScalarType } from 'graphql';
+export declare const GraphQLBigInt: GraphQLScalarType<string | number, string>;

package/dist/services/graphql/types/bigint.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GraphQLBigInt = void 0;
+const graphql_1 = require("graphql");
+exports.GraphQLBigInt = new graphql_1.GraphQLScalarType({
+    name: 'GraphQLBigInt',
+    description: 'BigInt value',
+    serialize(value) {
+        if (typeof value !== 'number') {
+            throw new Error('Value must be a Number');
+        }
+        return value.toString();
+    },
+    parseValue(value) {
+        if (typeof value !== 'string') {
+            throw new Error('Value must be a String');
+        }
+        return parseNumberValue(value);
+    },
+    parseLiteral(ast) {
+        if (ast.kind !== graphql_1.Kind.STRING) {
+            throw new Error('Value must be a String');
+        }
+        return parseNumberValue(ast.value);
+    },
+});
+function parseNumberValue(input) {
+    if (!/[+-]?([0-9]+[.])?[0-9]+/.test(input))
+        return input;
+    const value = parseInt(input);
+    if (isNaN(value) || value < Number.MIN_SAFE_INTEGER || value > Number.MAX_SAFE_INTEGER) {
+        throw new Error('Invalid GraphQLBigInt');
+    }
+    return value;
+}

package/dist/utils/get-graphql-type.js

@@ -6,6 +6,7 @@ const graphql_compose_1 = require("graphql-compose");
 const date_1 = require("../services/graphql/types/date");
 const geojson_1 = require("../services/graphql/types/geojson");
 const hash_1 = require("../services/graphql/types/hash");
+const bigint_1 = require("../services/graphql/types/bigint");
 function getGraphQLType(localType, special) {
     if (special.includes('conceal')) {
         return hash_1.GraphQLHash;
@@ -14,7 +15,7 @@ function getGraphQLType(localType, special) {
         case 'boolean':
             return graphql_1.GraphQLBoolean;
         case 'bigInteger':
-            return graphql_1.GraphQLString;
+            return bigint_1.GraphQLBigInt;
         case 'integer':
             return graphql_1.GraphQLInt;
         case 'decimal':

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "directus",
-  "version": "9.19.2",
+  "version": "9.20.1",
   "license": "GPL-3.0-only",
   "homepage": "https://github.com/directus/directus#readme",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -65,17 +65,18 @@
     "README.md"
   ],
   "dependencies": {
+    "@authenio/samlify-node-xmllint": "2.0.0",
     "@aws-sdk/client-ses": "3.190.0",
-    "@directus/app": "9.19.2",
-    "@directus/drive": "9.19.2",
-    "@directus/drive-azure": "9.19.2",
-    "@directus/drive-gcs": "9.19.2",
-    "@directus/drive-s3": "9.19.2",
-    "@directus/extensions-sdk": "9.19.2",
+    "@directus/app": "9.20.1",
+    "@directus/drive": "9.20.1",
+    "@directus/drive-azure": "9.20.1",
+    "@directus/drive-gcs": "9.20.1",
+    "@directus/drive-s3": "9.20.0",
+    "@directus/extensions-sdk": "9.20.1",
     "@directus/format-title": "9.15.0",
-    "@directus/schema": "9.19.2",
-    "@directus/shared": "9.19.2",
-    "@directus/specs": "9.19.2",
+    "@directus/schema": "9.20.1",
+    "@directus/shared": "9.20.1",
+    "@directus/specs": "9.20.1",
     "@godaddy/terminus": "4.11.2",
     "@rollup/plugin-alias": "4.0.0",
     "@rollup/plugin-virtual": "3.0.0",
@@ -142,6 +143,7 @@
     "rate-limiter-flexible": "2.3.12",
     "resolve-cwd": "3.0.0",
     "rollup": "3.2.3",
+    "samlify": "2.8.6",
     "sanitize-html": "2.7.2",
     "sharp": "0.31.1",
     "snappy": "7.2.0",
@@ -169,7 +171,6 @@
   "devDependencies": {
     "@otplib/preset-default": "12.0.1",
     "@types/async": "3.2.15",
-    "@types/body-parser": "1.19.2",
     "@types/busboy": "1.5.0",
     "@types/bytes": "3.1.1",
     "@types/cookie-parser": "1.4.3",