jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(chalice): changed SSO and added logs (#2155)

Browse source 
(cherry picked from commit 046e850a65)
This commit is contained in:
Kraiem Taha Yassine 2024-05-02 14:02:04 +02:00 committed by Taha Yassine Kraiem
parent 1725152676
commit 9dcd8a4d15
2 changed files with 28 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ee/api/chalicelib/core/users.py
View file

@ -1,4 +1,5 @@
import json import json
import logging
import secrets import secrets
from decouple import config from decouple import config
@ -7,12 +8,14 @@ from starlette import status
import schemas import schemas
from chalicelib.core import authorizers, metadata, projects from chalicelib.core import authorizers, metadata, projects
from chalicelib.core import roles
from chalicelib.core import tenants, assist from chalicelib.core import tenants, assist
from chalicelib.utils import email_helper, smtp from chalicelib.utils import email_helper, smtp
from chalicelib.utils import helper from chalicelib.utils import helper
from chalicelib.utils import pg_client from chalicelib.utils import pg_client
from chalicelib.utils.TimeUTC import TimeUTC from chalicelib.utils.TimeUTC import TimeUTC
from chalicelib.core import roles
logger = logging.getLogger(__name__)
def __generate_invitation_token(): def __generate_invitation_token():
@ -861,7 +864,7 @@ def authenticate_sso(email, internal_id, exp=None):
jwt_jti=jwt_r_jti), jwt_jti=jwt_r_jti),
"refreshTokenMaxAge": config("JWT_REFRESH_EXPIRATION", cast=int), "refreshTokenMaxAge": config("JWT_REFRESH_EXPIRATION", cast=int),
} }
logger.warning(f"SSO user not found with email: {email} and internal_id: {internal_id}")
return None return None

25
ee/api/routers/saml.py
View file

@ -137,8 +137,29 @@ async def process_sso_assertion_tk(tenantKey: str, request: Request):
session = req["cookie"]["session"] session = req["cookie"]["session"]
auth = init_saml_auth(req) auth = init_saml_auth(req)
redirect_to_link2 = json.loads(req.get("post_data", {}) \ post_data = req.get("post_data")
.get('RelayState', '{}')).get("iFrame") if post_data is None:
post_data = {}
elif isinstance(post_data, str):
post_data = json.loads(post_data)
elif not isinstance(post_data, dict):
logger.error("Received invalid post_data")
logger.error("type: {}".format(type(post_data)))
logger.error(post_data)
post_data = {}
redirect_to_link2 = None
relay_state = post_data.get('RelayState')
if relay_state:
if isinstance(relay_state, str):
relay_state = json.loads(relay_state)
elif not isinstance(relay_state, dict):
logger.error("Received invalid relay_state")
logger.error("type: {}".format(type(relay_state)))
logger.error(relay_state)
relay_state = {}
redirect_to_link2 = relay_state.get("iFrame")
request_id = None request_id = None
if 'AuthNRequestID' in session: if 'AuthNRequestID' in session:
request_id = session['AuthNRequestID'] request_id = session['AuthNRequestID']