mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-01-12 05:17:28 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(core): Report missing SAML attributes early with an actionable error message (#9316)

Browse source
This commit is contained in:
Danny Martini 2024-05-07 10:27:44 +02:00 committed by GitHub
parent ff317490a2
commit 225fdbb379
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 54 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
packages/cli/src/sso/saml/saml.service.ee.ts
View file

@ -359,7 +359,7 @@ export class SamlService {
if (!attributes) {
throw new AuthError('SAML Authentication failed. Invalid SAML response.');
}
if (!attributes.email && missingAttributes.length > 0) {
if (missingAttributes.length > 0) {
throw new AuthError(
`SAML Authentication failed. Invalid SAML response (missing attributes: ${missingAttributes.join(
', ',

53
packages/cli/test/unit/sso/saml/saml.service.ee.test.ts Normal file
View file

@ -0,0 +1,53 @@
import { mock } from 'jest-mock-extended';
import type express from 'express';
import { SamlService } from '@/sso/saml/saml.service.ee';
import { mockInstance } from '../../../shared/mocking';
import { UrlService } from '@/services/url.service';
import { Logger } from '@/Logger';
import type { IdentityProviderInstance, ServiceProviderInstance } from 'samlify';
import * as samlHelpers from '@/sso/saml/samlHelpers';
describe('SamlService', () => {
const logger = mockInstance(Logger);
const urlService = mockInstance(UrlService);
const samlService = new SamlService(logger, urlService);
describe('getAttributesFromLoginResponse', () => {
test('throws when any attribute is missing', async () => {
//
// ARRANGE
//
jest
.spyOn(samlService, 'getIdentityProviderInstance')
.mockReturnValue(mock<IdentityProviderInstance>());
const serviceProviderInstance = mock<ServiceProviderInstance>();
serviceProviderInstance.parseLoginResponse.mockResolvedValue({
samlContent: '',
extract: {},
});
jest
.spyOn(samlService, 'getServiceProviderInstance')
.mockReturnValue(serviceProviderInstance);
jest.spyOn(samlHelpers, 'getMappedSamlAttributesFromFlowResult').mockReturnValue({
attributes: {} as never,
missingAttributes: [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn',
],
});
//
// ACT & ASSERT
//
await expect(
samlService.getAttributesFromLoginResponse(mock<express.Request>(), 'post'),
).rejects.toThrowError(
'SAML Authentication failed. Invalid SAML response (missing attributes: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn).',
);
});
});
});