UNPKG

n8n

Version:

n8n Workflow Automation Tool

n8n.io

n8n-io/n8n

164 lines 8.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.isConnectionTestRequest = exports.getMappedSamlAttributesFromFlowResult = exports.updateUserFromSamlAttributes = exports.createUserFromSamlAttributes = exports.generatePassword = exports.isSamlPreferences = exports.isSamlLicensedAndEnabled = exports.isSamlLicensed = exports.setSamlLoginLabel = exports.setSamlLoginEnabled = exports.getSamlLoginLabel = exports.isSamlLoginEnabled = void 0; const typedi_1 = require("typedi"); const config_1 = __importDefault(require("../../config")); const AuthIdentity_1 = require("../../databases/entities/AuthIdentity"); const License_1 = require("../../License"); const password_utility_1 = require("../../services/password.utility"); const constants_1 = require("./constants"); const ssoHelpers_1 = require("../ssoHelpers"); const serviceProvider_ee_1 = require("./serviceProvider.ee"); const user_repository_1 = require("../../databases/repositories/user.repository"); const authIdentity_repository_1 = require("../../databases/repositories/authIdentity.repository"); const internal_server_error_1 = require("../../errors/response-errors/internal-server.error"); const auth_error_1 = require("../../errors/response-errors/auth.error"); function isSamlLoginEnabled() { return config_1.default.getEnv(constants_1.SAML_LOGIN_ENABLED); } exports.isSamlLoginEnabled = isSamlLoginEnabled; function getSamlLoginLabel() { return config_1.default.getEnv(constants_1.SAML_LOGIN_LABEL); } exports.getSamlLoginLabel = getSamlLoginLabel; async function setSamlLoginEnabled(enabled) { if ((0, ssoHelpers_1.isEmailCurrentAuthenticationMethod)() || (0, ssoHelpers_1.isSamlCurrentAuthenticationMethod)()) { if (enabled) { config_1.default.set(constants_1.SAML_LOGIN_ENABLED, true); await (0, ssoHelpers_1.setCurrentAuthenticationMethod)('saml'); } else if (!enabled) { config_1.default.set(constants_1.SAML_LOGIN_ENABLED, false); await (0, ssoHelpers_1.setCurrentAuthenticationMethod)('email'); } } else { throw new internal_server_error_1.InternalServerError(`Cannot switch SAML login enabled state when an authentication method other than email or saml is active (current: ${(0, ssoHelpers_1.getCurrentAuthenticationMethod)()})`); } } exports.setSamlLoginEnabled = setSamlLoginEnabled; function setSamlLoginLabel(label) { config_1.default.set(constants_1.SAML_LOGIN_LABEL, label); } exports.setSamlLoginLabel = setSamlLoginLabel; function isSamlLicensed() { return typedi_1.Container.get(License_1.License).isSamlEnabled(); } exports.isSamlLicensed = isSamlLicensed; function isSamlLicensedAndEnabled() { return isSamlLoginEnabled() && isSamlLicensed() && (0, ssoHelpers_1.isSamlCurrentAuthenticationMethod)(); } exports.isSamlLicensedAndEnabled = isSamlLicensedAndEnabled; const isSamlPreferences = (candidate) => { const o = candidate; return (typeof o === 'object' && typeof o.metadata === 'string' && typeof o.mapping === 'object' && o.mapping !== null && o.loginEnabled !== undefined); }; exports.isSamlPreferences = isSamlPreferences; function generatePassword() { const length = 18; const charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; const charsetNoNumbers = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; const randomNumber = Math.floor(Math.random() * 10); const randomUpper = charset.charAt(Math.floor(Math.random() * charsetNoNumbers.length)); const randomNumberPosition = Math.floor(Math.random() * length); const randomUpperPosition = Math.floor(Math.random() * length); let password = ''; for (let i = 0, n = charset.length; i < length; ++i) { password += charset.charAt(Math.floor(Math.random() * n)); } password = password.substring(0, randomNumberPosition) + randomNumber.toString() + password.substring(randomNumberPosition); password = password.substring(0, randomUpperPosition) + randomUpper + password.substring(randomUpperPosition); return password; } exports.generatePassword = generatePassword; async function createUserFromSamlAttributes(attributes) { return await typedi_1.Container.get(user_repository_1.UserRepository).manager.transaction(async (trx) => { const { user } = await typedi_1.Container.get(user_repository_1.UserRepository).createUserWithProject({ email: attributes.email.toLowerCase(), firstName: attributes.firstName, lastName: attributes.lastName, role: 'global:member', password: await typedi_1.Container.get(password_utility_1.PasswordUtility).hash(generatePassword()), }, trx); await trx.save(trx.create(AuthIdentity_1.AuthIdentity, { providerId: attributes.userPrincipalName, providerType: 'saml', userId: user.id, })); return user; }); } exports.createUserFromSamlAttributes = createUserFromSamlAttributes; async function updateUserFromSamlAttributes(user, attributes) { if (!attributes.email) throw new auth_error_1.AuthError('Email is required to update user'); if (!user) throw new auth_error_1.AuthError('User not found'); let samlAuthIdentity = user === null || user === void 0 ? void 0 : user.authIdentities.find((e) => e.providerType === 'saml'); if (!samlAuthIdentity) { samlAuthIdentity = new AuthIdentity_1.AuthIdentity(); samlAuthIdentity.providerId = attributes.userPrincipalName; samlAuthIdentity.providerType = 'saml'; samlAuthIdentity.user = user; user.authIdentities.push(samlAuthIdentity); } else { samlAuthIdentity.providerId = attributes.userPrincipalName; } await typedi_1.Container.get(authIdentity_repository_1.AuthIdentityRepository).save(samlAuthIdentity, { transaction: false }); user.firstName = attributes.firstName; user.lastName = attributes.lastName; const resultUser = await typedi_1.Container.get(user_repository_1.UserRepository).save(user, { transaction: false }); if (!resultUser) throw new auth_error_1.AuthError('Could not create User'); return resultUser; } exports.updateUserFromSamlAttributes = updateUserFromSamlAttributes; function getMappedSamlAttributesFromFlowResult(flowResult, attributeMapping) { var _a; const result = { attributes: undefined, missingAttributes: [], }; if ((_a = flowResult === null || flowResult === void 0 ? void 0 : flowResult.extract) === null || _a === void 0 ? void 0 : _a.attributes) { const attributes = flowResult.extract.attributes; const email = attributes[attributeMapping.email]; const firstName = attributes[attributeMapping.firstName]; const lastName = attributes[attributeMapping.lastName]; const userPrincipalName = attributes[attributeMapping.userPrincipalName]; result.attributes = { email, firstName, lastName, userPrincipalName, }; if (!email) result.missingAttributes.push(attributeMapping.email); if (!userPrincipalName) result.missingAttributes.push(attributeMapping.userPrincipalName); if (!firstName) result.missingAttributes.push(attributeMapping.firstName); if (!lastName) result.missingAttributes.push(attributeMapping.lastName); } return result; } exports.getMappedSamlAttributesFromFlowResult = getMappedSamlAttributesFromFlowResult; function isConnectionTestRequest(req) { return req.body.RelayState === (0, serviceProvider_ee_1.getServiceProviderConfigTestReturnUrl)(); } exports.isConnectionTestRequest = isConnectionTestRequest; //# sourceMappingURL=samlHelpers.js.map