feat(api): changed SSO assertion handler

feat(api): changed members list to support SSO users
2021-12-02 20:08:07 +01:00 · 2021-12-02 20:08:07 +01:00 · f5cf205188
commit f5cf205188
parent 1216ed74ad
4 changed files with 7 additions and 11 deletions
--- a/ee/api/.gitignore
+++ b/ee/api/.gitignore
@ -236,7 +236,7 @@ Pipfile
 /chalicelib/utils/TimeUTC.py
 /chalicelib/core/heatmaps.py
 /entrypoint.bundle.sh
-#/entrypoint.sh
+/entrypoint.sh
 /env_handler.py
 /chalicelib/blueprints/app/v1_api.py
 /build.sh
--- a/ee/api/chalicelib/blueprints/bp_saml.py
+++ b/ee/api/chalicelib/blueprints/bp_saml.py
@ -72,13 +72,13 @@ def process_sso_assertion():
                              name=" ".join(user_data.get("firstName", []) + user_data.get("lastName", [])),
                              internal_id=internal_id)
    else:
-        if existing.get("origin") is None:
-            print(f"== migrating user to {SAML2_helper.get_saml2_provider()} ==")
-            users.update(tenant_id=t['tenantId'], user_id=existing[0]["id"],
-                         changes={"origin": SAML2_helper.get_saml2_provider(), "internal_id": internal_id})
-        elif t['tenantId'] != existing["tenantId"]:
+        if t['tenantId'] != existing["tenantId"]:
            print("user exists for a different tenant")
            return {"errors": ["user exists for a different tenant"]}
+        if existing.get("origin") is None:
+            print(f"== migrating user to {SAML2_helper.get_saml2_provider()} ==")
+            users.update(tenant_id=t['tenantId'], user_id=existing["id"],
+                         changes={"origin": SAML2_helper.get_saml2_provider(), "internal_id": internal_id})

    return users.authenticate_sso(email=email, internal_id=internal_id, exp=auth.get_session_expiration())

--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@ -388,7 +388,7 @@ def get_members(tenant_id):
                        (CASE WHEN users.role = 'member' THEN TRUE ELSE FALSE END) AS member,
                        DATE_PART('day',timezone('utc'::text, now()) \
                            - COALESCE(basic_authentication.invited_at,'2000-01-01'::timestamp ))>=1 AS expired_invitation,
-                        basic_authentication.password IS NOT NULL AS joined,
+                        basic_authentication.password IS NOT NULL OR users.origin IS NOT NULL AS joined,
                        invitation_token,
                        role_id,
                        roles.name AS role_name
--- a/ee/api/entrypoint.sh
+++ b/ee/api/entrypoint.sh
@ -1,4 +0,0 @@
-#!/bin/bash
-python env_handler.py
-#chalice local --no-autoreload --host 0.0.0.0 --stage ${ENTERPRISE_BUILD}
-chalice local --host 0.0.0.0 --stage ${ENTERPRISE_BUILD}