mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-01-13 05:47:31 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

feat(core): Limit user invites when SAML is enabled (#5761)

Browse source 
limit user invites when saml is enabled
This commit is contained in:
Michael Auerswald 2023-03-23 15:12:19 +01:00 committed by GitHub
parent b0cfd69f2b
commit 57748b71e5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
packages/cli/src/controllers/users.controller.ts
View file

@ -13,7 +13,6 @@ import {
getInstanceBaseUrl, getInstanceBaseUrl,
hashPassword, hashPassword,
isEmailSetUp, isEmailSetUp,
isUserManagementEnabled,
sanitizeUser, sanitizeUser,
validatePassword, validatePassword,
withFeatureFlags, withFeatureFlags,
@ -35,6 +34,8 @@ import type {
import type { ActiveWorkflowRunner } from '@/ActiveWorkflowRunner'; import type { ActiveWorkflowRunner } from '@/ActiveWorkflowRunner';
import { AuthIdentity } from '@db/entities/AuthIdentity'; import { AuthIdentity } from '@db/entities/AuthIdentity';
import type { PostHogClient } from '@/posthog'; import type { PostHogClient } from '@/posthog';
import { userManagementEnabledMiddleware } from '../middlewares/userManagementEnabled';
import { isSamlLicensedAndEnabled } from '../sso/saml/samlHelpers';
@RestController('/users') @RestController('/users')
export class UsersController { export class UsersController {
@ -98,14 +99,15 @@ export class UsersController {
/** /**
* Send email invite(s) to one or multiple users and create user shell(s). * Send email invite(s) to one or multiple users and create user shell(s).
*/ */
@Post('/') @Post('/', { middlewares: [userManagementEnabledMiddleware] })
async sendEmailInvites(req: UserRequest.Invite) { async sendEmailInvites(req: UserRequest.Invite) {
// TODO: this should be checked in the middleware rather than here if (isSamlLicensedAndEnabled()) {
if (!isUserManagementEnabled()) {
this.logger.debug( this.logger.debug(
'Request to send email invite(s) to user(s) failed because user management is disabled', 'SAML is enabled, so users are managed by the Identity Provider and cannot be added through invites',
);
throw new BadRequestError(
'SAML is enabled, so users are managed by the Identity Provider and cannot be added through invites',
); );
throw new BadRequestError('User management is disabled');
} }
if (!this.config.getEnv('userManagement.isInstanceOwnerSetUp')) { if (!this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {

12
packages/cli/src/middlewares/userManagementEnabled.ts Normal file
View file

@ -0,0 +1,12 @@
import type { RequestHandler } from 'express';
import { LoggerProxy } from 'n8n-workflow';
import { isUserManagementEnabled } from '../UserManagement/UserManagementHelper';
export const userManagementEnabledMiddleware: RequestHandler = (req, res, next) => {
if (isUserManagementEnabled()) {
next();
} else {
LoggerProxy.debug('Request failed because user management is disabled');
res.status(400).json({ status: 'error', message: 'User management is disabled' });
}
};