mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-12 05:17:28 -08:00
feat(core): Limit user invites when SAML is enabled (#5761)
limit user invites when saml is enabled
This commit is contained in:
parent
b0cfd69f2b
commit
57748b71e5
|
@ -13,7 +13,6 @@ import {
|
|||
getInstanceBaseUrl,
|
||||
hashPassword,
|
||||
isEmailSetUp,
|
||||
isUserManagementEnabled,
|
||||
sanitizeUser,
|
||||
validatePassword,
|
||||
withFeatureFlags,
|
||||
|
@ -35,6 +34,8 @@ import type {
|
|||
import type { ActiveWorkflowRunner } from '@/ActiveWorkflowRunner';
|
||||
import { AuthIdentity } from '@db/entities/AuthIdentity';
|
||||
import type { PostHogClient } from '@/posthog';
|
||||
import { userManagementEnabledMiddleware } from '../middlewares/userManagementEnabled';
|
||||
import { isSamlLicensedAndEnabled } from '../sso/saml/samlHelpers';
|
||||
|
||||
@RestController('/users')
|
||||
export class UsersController {
|
||||
|
@ -98,14 +99,15 @@ export class UsersController {
|
|||
/**
|
||||
* Send email invite(s) to one or multiple users and create user shell(s).
|
||||
*/
|
||||
@Post('/')
|
||||
@Post('/', { middlewares: [userManagementEnabledMiddleware] })
|
||||
async sendEmailInvites(req: UserRequest.Invite) {
|
||||
// TODO: this should be checked in the middleware rather than here
|
||||
if (!isUserManagementEnabled()) {
|
||||
if (isSamlLicensedAndEnabled()) {
|
||||
this.logger.debug(
|
||||
'Request to send email invite(s) to user(s) failed because user management is disabled',
|
||||
'SAML is enabled, so users are managed by the Identity Provider and cannot be added through invites',
|
||||
);
|
||||
throw new BadRequestError(
|
||||
'SAML is enabled, so users are managed by the Identity Provider and cannot be added through invites',
|
||||
);
|
||||
throw new BadRequestError('User management is disabled');
|
||||
}
|
||||
|
||||
if (!this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {
|
||||
|
|
12
packages/cli/src/middlewares/userManagementEnabled.ts
Normal file
12
packages/cli/src/middlewares/userManagementEnabled.ts
Normal file
|
@ -0,0 +1,12 @@
|
|||
import type { RequestHandler } from 'express';
|
||||
import { LoggerProxy } from 'n8n-workflow';
|
||||
import { isUserManagementEnabled } from '../UserManagement/UserManagementHelper';
|
||||
|
||||
export const userManagementEnabledMiddleware: RequestHandler = (req, res, next) => {
|
||||
if (isUserManagementEnabled()) {
|
||||
next();
|
||||
} else {
|
||||
LoggerProxy.debug('Request failed because user management is disabled');
|
||||
res.status(400).json({ status: 'error', message: 'User management is disabled' });
|
||||
}
|
||||
};
|
Loading…
Reference in a new issue