diff --git a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java index 5d84c442f7..0c913a901d 100644 --- a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java @@ -1,14 +1,19 @@ package com.akto.action; import com.akto.dao.UsersDao; +import com.akto.dto.Config; import com.akto.dto.User; +import com.akto.dto.sso.SAMLConfig; import com.akto.listener.InitializerListener; import com.akto.utils.*; import com.akto.util.DashboardMode; +import com.akto.utils.sso.CustomSamlSettings; import com.auth0.AuthorizeUrl; import com.auth0.SessionUtils; import com.mongodb.BasicDBObject; import com.mongodb.client.model.Filters; +import com.onelogin.saml2.authn.AuthnRequest; +import com.onelogin.saml2.settings.Saml2Settings; import com.opensymphony.xwork2.Action; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; @@ -20,9 +25,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.ByteArrayOutputStream; +import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.Map; +import java.util.zip.Deflater; +import java.util.zip.DeflaterOutputStream; import static com.akto.action.SignupAction.*; import static com.akto.filter.UserDetailsFilter.LOGIN_URI; @@ -50,14 +59,38 @@ public String verifyEmail(){ public String execute() { servletRequest.setAttribute("isSaas", InitializerListener.isSaas); - if (GithubLogin.getClientId() != null) { - servletRequest.setAttribute("githubClientId", new String(Base64.getEncoder().encode(GithubLogin.getClientId().getBytes()))); - } - if (GithubLogin.getGithubUrl() != null) { - servletRequest.setAttribute("githubUrl", GithubLogin.getGithubUrl()); - } - if(DashboardMode.isOnPremDeployment() && OktaLogin.getAuthorisationUrl() != null){ - servletRequest.setAttribute("oktaAuthUrl", new String(Base64.getEncoder().encode(OktaLogin.getAuthorisationUrl().getBytes()))); + if(DashboardMode.isOnPremDeployment()) { + if (GithubLogin.getGithubUrl() != null) { + servletRequest.setAttribute("githubAuthUrl", GithubLogin.getGithubUrl() + "/login/oauth/authorize?client_id=" + GithubLogin.getClientId() + "&scope=user&state=1000000"); + servletRequest.setAttribute("activeSso", Config.ConfigType.GITHUB); + } else if (OktaLogin.getAuthorisationUrl() != null) { + servletRequest.setAttribute("oktaAuthUrl", OktaLogin.getAuthorisationUrl()); + servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA); + } else if (Config.AzureConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { + try { + SAMLConfig samlConfig = Config.AzureConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.AZURE); + Saml2Settings samlSettings = CustomSamlSettings.getSamlSettings(samlConfig); + String samlRequestXml = new AuthnRequest(samlSettings).getAuthnRequestXml(); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + Deflater deflater = new Deflater(Deflater.DEFLATED, true); + DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater); + deflaterOutputStream.write(samlRequestXml.getBytes(StandardCharsets.UTF_8)); + deflaterOutputStream.close(); + String base64Encoded = Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()); + String urlEncoded = URLEncoder.encode(base64Encoded, "UTF-8"); + + servletRequest.setAttribute("azureAuthUrl", samlConfig.getLoginUrl() + "?SAMLRequest=" + urlEncoded + "&RelayState=" + 1000000); + servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); + } catch (Exception e) { + e.printStackTrace(); + logger.error(e.getMessage()); + } + } else if (Config.GoogleConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { + Config.GoogleConfig googleSamlConfig = (Config.GoogleConfig) Config.GoogleConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML); + servletRequest.setAttribute("googleSamlAuthUrl", googleSamlConfig.getAuthURI()); + servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML); + } } if (InitializerListener.aktoVersion != null && InitializerListener.aktoVersion.contains("akto-release-version")) { servletRequest.setAttribute("AktoVersionGlobal", ""); diff --git a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java index 816139f502..f30f81663c 100644 --- a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java @@ -457,6 +457,7 @@ public String registerViaGithub() { params.put("client_id", githubConfig.getClientId()); params.put("client_secret", githubConfig.getClientSecret()); params.put("code", this.code); + params.put("scope", "user"); logger.info("Github code length: {}", this.code.length()); try { String githubUrl = githubConfig.getGithubUrl(); @@ -491,12 +492,17 @@ public String registerViaGithub() { int refreshTokenExpiry = (int) Double.parseDouble(tokenData.getOrDefault("refresh_token_expires_in", "0").toString()); Map userData = CustomHttpRequest.getRequest(githubApiUrl + "/user", "Bearer " + accessToken); logger.info("Get request to {} success", githubApiUrl); - String company = "sso"; - String username = userData.get("login").toString() + "@" + company; + + List> emailResp = GithubLogin.getEmailRequest(accessToken); + String username = userData.get("name").toString(); + String email = GithubLogin.getPrimaryGithubEmail(emailResp); + if(email == null || email.isEmpty()) { + email = username + "@sso"; + } logger.info("username {}", username); - SignupInfo.GithubSignupInfo ghSignupInfo = new SignupInfo.GithubSignupInfo(accessToken, refreshToken, refreshTokenExpiry, username); + SignupInfo.GithubSignupInfo ghSignupInfo = new SignupInfo.GithubSignupInfo(accessToken, refreshToken, refreshTokenExpiry, email, username); shouldLogin = "true"; - createUserAndRedirect(username, username, ghSignupInfo, 1000000, Config.ConfigType.GITHUB.toString()); + createUserAndRedirectWithDefaultRole(email, username, ghSignupInfo, 1000000, Config.ConfigType.GITHUB.toString()); code = ""; logger.info("Executed registerViaGithub"); @@ -551,14 +557,8 @@ public String registerViaOkta() throws IOException{ String username = userInfo.get("preferred_username").toString(); SignupInfo.OktaSignupInfo oktaSignupInfo= new SignupInfo.OktaSignupInfo(accessToken, username); - - String defaultRole = RBAC.Role.MEMBER.name(); - if (UsageMetricCalculator.isRbacFeatureAvailable(accountId)) { - defaultRole = fetchDefaultInviteRole(accountId, RBAC.Role.GUEST.name()); - } - shouldLogin = "true"; - createUserAndRedirect(email, username, oktaSignupInfo, accountId, Config.ConfigType.OKTA.toString(), defaultRole); + createUserAndRedirectWithDefaultRole(email, username, oktaSignupInfo, accountId, Config.ConfigType.OKTA.toString()); code = ""; } catch (Exception e) { loggerMaker.errorAndAddToDb("Error while signing in via okta sso \n" + e.getMessage(), LogDb.DASHBOARD); @@ -587,7 +587,7 @@ public String fetchDefaultInviteRole(int accountId, String fallbackDefault){ public String sendRequestToSamlIdP() throws IOException{ String queryString = servletRequest.getQueryString(); String emailId = Util.getValueFromQueryString(queryString, "email"); - if(emailId.isEmpty()){ + if(!DashboardMode.isOnPremDeployment() && emailId.isEmpty()){ code = "Error, user email cannot be empty"; logger.error(code); servletResponse.sendRedirect("/login"); @@ -595,7 +595,12 @@ public String sendRequestToSamlIdP() throws IOException{ } logger.info("Trying to sign in for: " + emailId); setUserEmail(emailId); - SAMLConfig samlConfig = SSOConfigsDao.instance.getSSOConfig(userEmail); + SAMLConfig samlConfig = null; + if(userEmail != null && !userEmail.isEmpty()) { + samlConfig = SSOConfigsDao.instance.getSSOConfig(userEmail); + } else if(!DashboardMode.isOnPremDeployment()) { + samlConfig = Config.AzureConfig.getSSOConfigByAccountId(1000000, ConfigType.AZURE); + } if(samlConfig == null) { code = "Error, cannot login via SSO, trying to login with okta sso"; logger.error(code); @@ -681,12 +686,7 @@ public String registerViaAzure() throws Exception{ logger.info("Successful signing with Azure Idp for: "+ useremail); SignupInfo.SamlSsoSignupInfo signUpInfo = new SignupInfo.SamlSsoSignupInfo(username, useremail, Config.ConfigType.AZURE); - String defaultRole = RBAC.Role.MEMBER.name(); - if (UsageMetricCalculator.isRbacFeatureAvailable(this.accountId)) { - defaultRole = fetchDefaultInviteRole(this.accountId,RBAC.Role.GUEST.name()); - } - - createUserAndRedirect(useremail, username, signUpInfo, this.accountId, Config.ConfigType.AZURE.toString(), defaultRole); + createUserAndRedirectWithDefaultRole(useremail, username, signUpInfo, this.accountId, Config.ConfigType.AZURE.toString()); } catch (Exception e1) { loggerMaker.errorAndAddToDb("Error while signing in via azure sso \n" + e1.getMessage(), LogDb.DASHBOARD); servletResponse.sendRedirect("/login"); @@ -736,12 +736,7 @@ public String registerViaGoogleSamlSso() throws IOException{ shouldLogin = "true"; SignupInfo.SamlSsoSignupInfo signUpInfo = new SignupInfo.SamlSsoSignupInfo(username, userEmail, Config.ConfigType.GOOGLE_SAML); - String defaultRole = RBAC.Role.MEMBER.name(); - if (UsageMetricCalculator.isRbacFeatureAvailable(this.accountId)) { - defaultRole = fetchDefaultInviteRole(this.accountId, RBAC.Role.GUEST.name()); - } - - createUserAndRedirect(userEmail, username, signUpInfo, this.accountId, Config.ConfigType.GOOGLE_SAML.toString(), defaultRole); + createUserAndRedirectWithDefaultRole(userEmail, username, signUpInfo, this.accountId, Config.ConfigType.GOOGLE_SAML.toString()); } catch (Exception e1) { loggerMaker.errorAndAddToDb("Error while signing in via google workspace sso \n" + e1.getMessage(), LogDb.DASHBOARD); servletResponse.sendRedirect("/login"); @@ -828,6 +823,15 @@ private void createUserAndRedirect(String userEmail, String username, SignupInfo createUserAndRedirect(userEmail, username, signupInfo, invitationToAccount, method, null); } + private void createUserAndRedirectWithDefaultRole(String userEmail, String username, SignupInfo signupInfo, + int invitationToAccount, String method) throws IOException { + String defaultRole = RBAC.Role.MEMBER.name(); + if (UsageMetricCalculator.isRbacFeatureAvailable(invitationToAccount)) { + defaultRole = fetchDefaultInviteRole(invitationToAccount, RBAC.Role.GUEST.name()); + } + createUserAndRedirect(userEmail, username, signupInfo, invitationToAccount, method, defaultRole); + } + private void createUserAndRedirect(String userEmail, String username, SignupInfo signupInfo, int invitationToAccount, String method, String invitedRole) throws IOException { loggerMaker.infoAndAddToDb("createUserAndRedirect called"); diff --git a/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java b/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java index cdd7197be0..6e8f90822a 100644 --- a/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java @@ -41,7 +41,7 @@ private SAMLConfig getConfig(ConfigType configType, String domain){ public String addSamlSsoInfo(){ String userLogin = getSUser().getLogin(); String domain = userLogin.split("@")[1]; - if (SsoUtils.isAnySsoActive(Context.accountId.get())) { + if (SsoUtils.isAnySsoActive()) { addActionError("A SSO Integration already exists."); return ERROR.toUpperCase(); } @@ -79,7 +79,7 @@ public String execute() throws Exception { Filters.eq("configType", configType.name()) ) ); - if (SsoUtils.isAnySsoActive(Context.accountId.get()) && samlConfig == null) { + if (SsoUtils.isAnySsoActive() && samlConfig == null) { addActionError("A different SSO Integration already exists."); return ERROR.toUpperCase(); } diff --git a/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java b/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java index 7637b81959..bb9a05bcad 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java +++ b/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java @@ -4,6 +4,13 @@ import com.akto.dao.context.Context; import com.akto.dto.Config; import com.akto.dto.Config.GithubConfig; +import com.akto.dto.OriginalHttpRequest; +import com.akto.dto.OriginalHttpResponse; +import com.akto.testing.ApiExecutor; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.ObjectMapper; + +import java.util.*; public class GithubLogin { @@ -11,6 +18,7 @@ public class GithubLogin { private static GithubLogin instance = null; private GithubConfig githubConfig = null; private int lastProbeTs = 0; + public static final String GET_GITHUB_EMAILS_URL = "https://api.github.com/user/emails"; public static GithubLogin getInstance() { boolean shouldProbeAgain = true; @@ -52,6 +60,36 @@ public static String getGithubUrl() { return githubUrl; } + public static List> getEmailRequest(String accessToken){ + ObjectMapper objectMapper = new ObjectMapper(); + Map> headers = new HashMap<>(); + headers.put("Content-Type", Collections.singletonList("application/vnd.github+json")); + headers.put("Authorization", Collections.singletonList("Bearer " + accessToken)); + headers.put("X-GitHub-Api-Version", Collections.singletonList("2022-11-28")); + + OriginalHttpRequest request = new OriginalHttpRequest(GET_GITHUB_EMAILS_URL, "", "GET", null, headers, ""); + OriginalHttpResponse response = null; + try { + response = ApiExecutor.sendRequest(request, false, null, false, new ArrayList<>()); + return objectMapper.readValue(response.getBody(), new TypeReference>>() {}); + }catch(Exception e){ + return null; + } + } + + public static String getPrimaryGithubEmail(List> emailResp){ + if(emailResp == null){ + return ""; + }else{ + for (Map entryMap : emailResp) { + if(entryMap.get("primary").equals("true")){ + return entryMap.get("email"); + } + } + } + return null; + } + private GithubLogin() { } diff --git a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java index 320040d9fa..a89d3bcbc3 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java +++ b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java @@ -24,7 +24,7 @@ public static OktaLogin getInstance() { } if (shouldProbeAgain) { - OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(Context.accountId.get())); + OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(1000000)); if (instance == null) { instance = new OktaLogin(); } @@ -47,7 +47,7 @@ public static String getAuthorisationUrl() { paramMap.put("redirect_uri",oktaConfig.getRedirectUri()); paramMap.put("response_type", "code"); paramMap.put("scope", "openid%20email%20profile"); - paramMap.put("state", "login"); + paramMap.put("state", String.valueOf(oktaConfig.getAccountId())); String queryString = SsoUtils.getQueryString(paramMap); diff --git a/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java b/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java index b2e4b89254..1a131fd586 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java +++ b/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java @@ -49,7 +49,7 @@ public static boolean isAnySsoActive(){ }else{ List ssoList = Arrays.asList(oktaIdString, "GITHUB-ankush", "AZURE-ankush"); Bson filter = Filters.in("_id", ssoList); - return ConfigsDao.instance.count(filter) > 0; + return ConfigsDao.instance.count(filter) > 0 || isAnySsoActive(1000000); } } diff --git a/apps/dashboard/web/pages/login.jsp b/apps/dashboard/web/pages/login.jsp index 817493ed68..2a38088e38 100644 --- a/apps/dashboard/web/pages/login.jsp +++ b/apps/dashboard/web/pages/login.jsp @@ -72,7 +72,11 @@ window.TIME_ZONE = '${requestScope.currentTimeZone}' window.USER_FULL_NAME = '${requestScope.userFullName}' window.ORGANIZATION_NAME = '${requestScope.organizationName}' - window.GOOGLE_SSO_URL=atob('${requestScope.googleSsoUrl}') + window.GOOGLE_SAML_AUTH_URL=atob('${requestScope.googleSamlAuthUrl}') + window.OKTA_AUTH_URL = '${requestScope.oktaAuthUrl}' + window.AZURE_AUTH_URL = '${requestScope.azureAuthUrl}' + window.GITHUB_AUTH_URL = '${requestScope.githubAuthUrl}' + window.ACTIVE_SSO = '${requestScope.activeSso}' window.STIGG_IS_OVERAGE='${requestScope.stiggIsOverage}' window.USAGE_PAUSED=JSON.parse('${requestScope.usagePaused}' || '{}'); diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx index a13631a2c4..47fdef50a0 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx @@ -13,7 +13,7 @@ function GithubSso() { const [showGithubSsoModal, setShowGithubSsoModal] = useState(false) const [githubPresent, setGithubPresent] = useState("") const [componentType, setComponentType] = useState(0) ; - const [nextButtonActive,setNextButtonActive] = useState(window.DASHBOARD_MODE === "ON_PREM"); + const [nextButtonActive,setNextButtonActive] = useState(); const [githubUrl, setGithubUrl] = useState("https://github.com") const [githubApiUrl, setGithubApiUrl] = useState("https://api.github.com") @@ -61,6 +61,7 @@ function GithubSso() { setGithubClientId(githubClientId) if (githubUrl) setGithubUrl(githubUrl) if (githubApiUrl) setGithubApiUrl(githubApiUrl) + setNextButtonActive(true) } catch (error) { setNextButtonActive(false) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx index 3ef51af866..1865e7af94 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx @@ -15,6 +15,7 @@ function AzureSso() { const [loginUrl, setLoginUrl] = useState('') const [azureIdentity, setAzureIdentity] = useState('') + const [nextButtonActive, setNextButtonActive] = useState() const cardContent = "Enable Login via Azure AD on your Akto dashboard"; @@ -62,10 +63,12 @@ function AzureSso() { await settingRequests.fetchAzureSso("AZURE").then((resp)=> { setLoginUrl(resp.loginUrl) setAzureIdentity(resp.ssoEntityId) + setNextButtonActive(true) }) setLoading(false) } catch (error) { setLoading(false) + setNextButtonActive(false) } } @@ -92,6 +95,7 @@ function AzureSso() { pageTitle={"Azure AD SSO SAML"} loading={loading} certificateName={"Federation Metadata XML"} + isButtonActive={nextButtonActive} /> ) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx index d34d18399e..c28756fab7 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx @@ -9,7 +9,7 @@ import func from "@/util/func" import Details from '../components/Details'; import { CancelMajor } from "@shopify/polaris-icons" -function CustomSamlSso({ssoType,entityTitle, entityId, loginURL,pageTitle, signinUrl, integrationSteps, cardContent, handleSubmitOutSide, handleDeleteOutside, samlUrlDocs, loading, showCustomInputs, certificateName}) { +function CustomSamlSso({ssoType,entityTitle, entityId, loginURL,pageTitle, signinUrl, integrationSteps, cardContent, handleSubmitOutSide, handleDeleteOutside, samlUrlDocs, loading, showCustomInputs, certificateName, isButtonActive}) { const [componentType, setComponentType] = useState(0) ; const [showDeleteModal, setShowDeleteModal] = useState(false); const [files, setFiles] = useState(null) @@ -17,7 +17,7 @@ function CustomSamlSso({ssoType,entityTitle, entityId, loginURL,pageTitle, signi const [identifier, setIdentifier] = useState('') const stepsComponent = ( - setComponentType(1)} buttonActive={true}/> + setComponentType(1)} buttonActive={isButtonActive}/> ) const setFilesCheck = (file) => { diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx index 6b9f776a67..7111c07eec 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx @@ -15,6 +15,7 @@ function GoogleSamlSso() { const [loginUrl, setLoginUrl] = useState('') const [ssoIdentity, setSsoIdentity] = useState('') + const [nextButtonActive, setNextButtonActive] = useState() const cardContent = "Enable Login via Google Workspace on your Akto dashboard"; @@ -60,10 +61,12 @@ function GoogleSamlSso() { await settingRequests.fetchAzureSso("GOOGLE_SAML").then((resp)=> { setLoginUrl(resp.loginUrl) setSsoIdentity(resp.ssoEntityId) + setNextButtonActive(true) }) setLoading(false) } catch (error) { setLoading(false) + setNextButtonActive(false) } } @@ -91,6 +94,7 @@ function GoogleSamlSso() { showCustomInputs={true} certificateName={"X509 certificate"} signinUrl={AcsUrl} + isButtonActive={nextButtonActive} /> ) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx index 8434ea93bd..35cabca907 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx @@ -35,34 +35,49 @@ function SignUp() { })) } - const oktaUrl = window.OKTA_AUTH_URL - const githubId = window.GITHUB_CLIENT_ID - const githubUrl = window.GITHUB_URL ? window.GITHUB_URL : "https://github.com" + const activeSSO = window.ACTIVE_SSO + const githubAuthUrl = window.GITHUB_AUTH_URL + const oktaAuthUrl = window.OKTA_AUTH_URL + const azureAuthUrl = window.AZURE_AUTH_URL const resetAll = PersistStore(state => state.resetAll) const { clearPollingInterval } = usePolling(); const githubAuthObj = { logo: '/public/github_icon.svg', text: 'Continue with Github SSO', - onClickFunc: () => { window.location.href = (githubUrl + "/login/oauth/authorize?client_id=" + githubId); } + onClickFunc: () => { window.location.href = githubAuthUrl } } const oktaAuthObj = { logo: '/public/okta_logo.svg', text: 'Continue with Okta SSO', - onClickFunc: () => { window.location.href = oktaUrl } + onClickFunc: () => { window.location.href = oktaAuthUrl } + } + + const azureAuthObj = { + logo: '/public/azure_logo.svg', + text: 'Continue with Azure SSO', + onClickFunc: () => { window.location.href = azureAuthUrl } + } + + const googleSamlAuthObj = { + logo: '/public/gcp.svg', + text: 'Continue with Google SAML SSO', + onClickFunc: () => { window.location.href = "" } } useEffect(() => { resetAll() clearPollingInterval() let copySsoList = [] - if (githubId !== undefined && githubId.length > 0) { + if (activeSSO?.toLowerCase() === "github" && githubAuthUrl?.length > 0) { copySsoList.push(githubAuthObj) - } - - if (oktaUrl !== undefined && oktaUrl.length > 0) { + } else if(activeSSO?.toLowerCase() === "okta" && oktaAuthUrl?.length > 0) { copySsoList.push(oktaAuthObj) + } else if(activeSSO?.toLowerCase() === "azure" && azureAuthUrl?.length > 0) { + copySsoList.push(azureAuthObj) + } else if(activeSSO?.toLowerCase() === "google_saml") { + copySsoList.push(googleSamlAuthObj) } setSsoList(copySsoList) diff --git a/libs/dao/src/main/java/com/akto/dto/Config.java b/libs/dao/src/main/java/com/akto/dto/Config.java index 63c67da9da..41af492eb4 100644 --- a/libs/dao/src/main/java/com/akto/dto/Config.java +++ b/libs/dao/src/main/java/com/akto/dto/Config.java @@ -5,6 +5,9 @@ import java.util.Set; import com.akto.dao.ConfigsDao; +import com.akto.dao.SSOConfigsDao; +import com.akto.dto.sso.SAMLConfig; +import com.akto.util.Constants; import com.mongodb.client.model.Filters; import org.bson.codecs.pojo.annotations.BsonDiscriminator; @@ -101,6 +104,16 @@ public GoogleConfig() { this.id = configType.name()+"-ankush"; } + public static Config getSSOConfigByAccountId(int accountId, ConfigType configType) { + return ConfigsDao.instance.findOne( + Filters.and( + Filters.eq(Constants.ID, configType.name()+CONFIG_SALT), + Filters.eq(OktaConfig.ACCOUNT_ID, accountId), + Filters.eq("configType", configType.name()) + ) + ); + } + public String getClientId() { return clientId; } @@ -539,6 +552,15 @@ public AzureConfig() { this.id = CONFIG_ID; } + public static SAMLConfig getSSOConfigByAccountId(int accountId, ConfigType configType) { + return SSOConfigsDao.instance.findOne( + Filters.and( + Filters.eq(Constants.ID, String.valueOf(accountId)), + Filters.eq("configType", configType.name()) + ) + ); + } + public String getX509Certificate() { return x509Certificate; } diff --git a/libs/dao/src/main/java/com/akto/dto/SignupInfo.java b/libs/dao/src/main/java/com/akto/dto/SignupInfo.java index 15024de460..722e4e35f9 100644 --- a/libs/dao/src/main/java/com/akto/dto/SignupInfo.java +++ b/libs/dao/src/main/java/com/akto/dto/SignupInfo.java @@ -389,16 +389,18 @@ public static class GithubSignupInfo extends SignupInfo { private String accessToken; private String refreshToken; private int refreshTokenExpiry; + private String email; private String username; public GithubSignupInfo() { } - public GithubSignupInfo(String accessToken, String refreshToken, int refreshTokenExpiry, String username) { + public GithubSignupInfo(String accessToken, String refreshToken, int refreshTokenExpiry, String username, String email) { this.accessToken = accessToken; this.refreshToken = refreshToken; this.refreshTokenExpiry = refreshTokenExpiry; + this.email = email; this.username = username; this.configType = Config.ConfigType.GITHUB; this.key = this.configType.name(); @@ -435,6 +437,14 @@ public String getUsername() { public void setUsername(String username) { this.username = username; } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } } public static class OktaSignupInfo extends SignupInfo {