feat(chalice): override enforce_SSO if SAML is not configured

feat(chalice): allow superAdmin to change password with enforce_SSO
2023-01-24 16:59:09 +01:00 · 2023-01-24 16:59:09 +01:00 · d0b8a53e83
commit d0b8a53e83
parent 0c7aee1f95
3 changed files with 6 additions and 3 deletions
--- a/ee/api/chalicelib/core/custom_metrics.py
+++ b/ee/api/chalicelib/core/custom_metrics.py
@ -483,7 +483,7 @@ def get_card(metric_id, project_id, user_id, flatten=True, include_data: bool =
        query = cur.mogrify(
            f"""SELECT metric_id, project_id, user_id, name, is_public, created_at, deleted_at, edited_at, metric_type, 
                        view_type, metric_of, metric_value, metric_format, is_pinned, predefined_key, default_config, 
-                        thumbnail, default_config AS config,
+                        thumbnail, DEFAULT_CONFIG AS config,
                        series, dashboards, owner_email {',data' if include_data else ''}
                FROM metrics
                         LEFT JOIN LATERAL (SELECT COALESCE(jsonb_agg(metric_series.* ORDER BY index),'[]'::jsonb) AS series
--- a/ee/api/chalicelib/core/reset_password.py
+++ b/ee/api/chalicelib/core/reset_password.py
@ -17,7 +17,7 @@ def reset(data: schemas.ForgetPasswordPayloadSchema):
        # ---FOR SSO
        if a_user.get("origin") is not None and a_user.get("hasPassword", False) is False:
            return {"errors": ["Please use your SSO to login"]}
-        if config("enforce_SSO", cast=bool, default=False) and not a_user["superAdmin"]:
+        if config("enforce_SSO", cast=bool, default=False) and not a_user["superAdmin"] and helper.is_saml2_available():
            return {"errors": ["Please use your SSO to login, enforced by admin"]}
        # ----------
        invitation_link = users.generate_new_invitation(user_id=a_user["id"])
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@ -543,6 +543,9 @@ def change_password(tenant_id, user_id, email, old_password, new_password):
    item = get(tenant_id=tenant_id, user_id=user_id)
    if item is None:
        return {"errors": ["access denied"]}
+    if item["origin"] is not None and config("enforce_SSO", cast=bool, default=False) \
+            and not item["superAdmin"] and helper.is_saml2_available():
+        return {"errors": ["Please use your SSO to change your password, enforced by admin"]}
    if item["origin"] is not None and item["hasPassword"] is False:
        return {"errors": ["cannot change your password because you are logged-in from an SSO service"]}
    if old_password == new_password:
@ -741,7 +744,7 @@ def authenticate(email, password, for_change_password=False):
        if for_change_password:
            return True
        r = helper.dict_to_camel_case(r)
-        if config("enforce_SSO", cast=bool, default=False) and not r["superAdmin"]:
+        if config("enforce_SSO", cast=bool, default=False) and not r["superAdmin"] and helper.is_saml2_available():
            return {"errors": ["must sign-in with SSO, enforced by admin"]}

        jwt_iat = change_jwt_iat(r['userId'])