From 63946ad777b237d98c208fc5fa6e575e15985eb2 Mon Sep 17 00:00:00 2001
From: Taha Yassine Kraiem <tahayk2@gmail.com>
Date: Fri, 3 Dec 2021 18:24:50 +0100
Subject: [PATCH] feat(api): add role to SSO assertion

---
 ee/api/chalicelib/blueprints/bp_saml.py | 14 +++++++++++---
 ee/api/chalicelib/core/roles.py         | 19 ++++++++++++++++++-
 ee/api/chalicelib/core/users.py         |  8 ++++----
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/ee/api/chalicelib/blueprints/bp_saml.py b/ee/api/chalicelib/blueprints/bp_saml.py
index 79adde8c7..76e73b3b7 100644
--- a/ee/api/chalicelib/blueprints/bp_saml.py
+++ b/ee/api/chalicelib/blueprints/bp_saml.py
@@ -12,7 +12,7 @@ from chalicelib.utils.helper import environ
 from onelogin.saml2.auth import OneLogin_Saml2_Logout_Request
 
 from chalice import Response
-from chalicelib.core import users, tenants
+from chalicelib.core import users, tenants, roles
 
 
 @app.route('/sso/saml2', methods=['GET'], authorizer=None)
@@ -63,13 +63,21 @@ def process_sso_assertion():
         if t is None:
             print("invalid tenantKey, please copy the correct value from Preferences > Account")
             return {"errors": ["invalid tenantKey, please copy the correct value from Preferences > Account"]}
-
+    print(user_data)
+    role_name = user_data.get("role", [])
+    if len(role_name) == 0:
+        print("No role specified, setting role to member")
+        role_name = ["member"]
+    role_name = role_name[0]
+    role = roles.get_role_by_name(tenant_id=t['tenantId'], name=role_name)
+    if role is None:
+        return {"errors": [f"role {role_name}  not found, please create it in openreplay first"]}
     if existing is None:
         print("== new user ==")
         users.create_sso_user(tenant_id=t['tenantId'], email=email, admin=True,
                               origin=SAML2_helper.get_saml2_provider(),
                               name=" ".join(user_data.get("firstName", []) + user_data.get("lastName", [])),
-                              internal_id=internal_id)
+                              internal_id=internal_id, role_id=role["roleId"])
     else:
         if t['tenantId'] != existing["tenantId"]:
             print("user exists for a different tenant")
diff --git a/ee/api/chalicelib/core/roles.py b/ee/api/chalicelib/core/roles.py
index 0a32d9d5e..8ba62091a 100644
--- a/ee/api/chalicelib/core/roles.py
+++ b/ee/api/chalicelib/core/roles.py
@@ -46,7 +46,7 @@ def create(tenant_id, user_id, name, description, permissions):
                            RETURNING *;""",
                         {"tenant_id": tenant_id, "name": name, "description": description, "permissions": permissions})
         )
-        row=cur.fetchone()
+        row = cur.fetchone()
         row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
     return helper.dict_to_camel_case(row)
 
@@ -67,6 +67,23 @@ def get_roles(tenant_id):
     return helper.list_to_camel_case(rows)
 
 
+def get_role_by_name(tenant_id, name):
+    with pg_client.PostgresClient() as cur:
+        cur.execute(
+            cur.mogrify("""SELECT *
+                    FROM public.roles
+                    where tenant_id =%(tenant_id)s
+                        AND deleted_at IS NULL
+                        AND name ILIKE %(name)s
+                    ;""",
+                        {"tenant_id": tenant_id, "name": name})
+        )
+        row = cur.fetchone()
+        if row is not None:
+            row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
+    return helper.dict_to_camel_case(row)
+
+
 def delete(tenant_id, user_id, role_id):
     admin = users.get(user_id=user_id, tenant_id=tenant_id)
 
diff --git a/ee/api/chalicelib/core/users.py b/ee/api/chalicelib/core/users.py
index b3353f2fc..ad757c9c8 100644
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@@ -690,12 +690,12 @@ def authenticate_sso(email, internal_id, exp=None):
     return None
 
 
-def create_sso_user(tenant_id, email, admin, name, origin, internal_id=None):
+def create_sso_user(tenant_id, email, admin, name, origin, role_id, internal_id=None):
     with pg_client.PostgresClient() as cur:
         query = cur.mogrify(f"""\
                     WITH u AS (
-                        INSERT INTO public.users (tenant_id, email, role, name, data, origin, internal_id)
-                            VALUES (%(tenantId)s, %(email)s, %(role)s, %(name)s, %(data)s, %(origin)s, %(internal_id)s)
+                        INSERT INTO public.users (tenant_id, email, role, name, data, origin, internal_id, role_id)
+                            VALUES (%(tenantId)s, %(email)s, %(role)s, %(name)s, %(data)s, %(origin)s, %(internal_id)s, %(role_id)s)
                             RETURNING *
                     ),
                     au AS (
@@ -715,7 +715,7 @@ def create_sso_user(tenant_id, email, admin, name, origin, internal_id=None):
                     FROM u;""",
                             {"tenantId": tenant_id, "email": email, "internal_id": internal_id,
                              "role": "admin" if admin else "member", "name": name, "origin": origin,
-                             "data": json.dumps({"lastAnnouncementView": TimeUTC.now()})})
+                             "role_id": role_id, "data": json.dumps({"lastAnnouncementView": TimeUTC.now()})})
         cur.execute(
             query
         )