Chuck Driesler
d42bf7c3f9
* feat(workspaces): add workspace sso feature flag * feat(workspaceSso): wip validate sso * feat(workspaces): validate and add sso provider to the workspace with user sso sessions * feat(workspaces): validate and add sso provider to the workspace with user sso sessions * WIP * fix(sso): restructure to handle all branches at end of flow * fix(sso): add and validate emails used for sso * fix(sso): park progress * chore(workspaces): review sso login/valdate * fix(sso): adjust validate url * chore(sso): auth header puzzle * fix(sso): happy-path config * chore(gql): gqlgen * fix(sso): almost almost * fix(sso): auth endpoint * a lil more terse * fix(sso): light at the end of the tunnel * fix(sso): improve catch block error messages * fix(sso): session lifespan => validUntil * fix(sso): I think we've got it * feat(sso): limited workspace values for public sso login * fix(sso): use factory functions * fix(sso): til decrypt is single-use * fix(sso): correct usage of access codes * fix(sso): use finalize middleware in all routes * chore(sso): cheeky tweak * fix(sso): move some types around * fix(sso): stencil final shape I'm sleepy * fix(sso): more factories more factories * fix(sso): on to final boss of factories * fix(sso): needs a haircut but she works * fix(sso): init rest w function, not side-effects * fix(sso): /authn => /sso * chore(sso): errors * chore(sso): test test test * chore(sso): test all the corners * feat(sso): list workspace sso memberships * chore(sso): tests, expose in rest * fix(sso): sketch active user auth * fix(sso): expose search via gql * fix(sso): active user session information * chore(sso): sso session test utils * chore(sso): test sso session repo/services * chore(sso): gqlgen * feat(sso): throw error on missing or expired sso session * chore(sso): tests for SSO access protection --------- Co-authored-by: Gergő Jedlicska <gergo@jedlicska.com> Co-authored-by: Mike Tasset <mike.tasset@gmail.com>
74 lines
2.7 KiB
TypeScript
74 lines
2.7 KiB
TypeScript
import { BaseError } from '@/modules/shared/errors/base'
|
|
|
|
export class SsoSessionMissingOrExpiredError extends BaseError {
|
|
static defaultMessage =
|
|
'No valid SSO session found for the given workspace. Please sign in.'
|
|
static code = 'SSO_SESSION_MISSING_OR_EXPIRED_ERROR'
|
|
static statusCode = 401
|
|
}
|
|
|
|
export class SsoVerificationCodeMissingError extends BaseError {
|
|
static defaultMessage = 'Cannot find verification token. Restart authentication flow.'
|
|
static code = 'SSO_VERIFICATION_CODE_MISSING_ERROR'
|
|
}
|
|
|
|
export class SsoProviderTypeNotSupportedError extends BaseError {
|
|
static defaultMessage = 'SSO provider type not supported.'
|
|
static code = 'SSO_PROVIDER_TYPE_NOT_SUPPORTED'
|
|
static statusCode = 500
|
|
}
|
|
|
|
export class SsoProviderExistsError extends BaseError {
|
|
static defaultMessage =
|
|
'SSO provider already configured for workspace. Delete it to reconfigure.'
|
|
static code = 'SSO_PROVIDER_EXISTS_ERROR'
|
|
}
|
|
|
|
export class SsoProviderMissingError extends BaseError {
|
|
static defaultMessage = 'No SSO provider registered for the given workspace.'
|
|
static code = 'SSO_PROVIDER_MISSING_ERROR'
|
|
}
|
|
|
|
export class SsoProviderProfileMissingError extends BaseError {
|
|
static defaultMessage = 'Failed to get user profile from SSO provider.'
|
|
static code = 'SSO_PROVIDER_PROFILE_MISSING_ERROR'
|
|
}
|
|
|
|
export class SsoProviderProfileInvalidError extends BaseError {
|
|
static defaultMessage = 'SSO provider user profile is invalid.'
|
|
static code = 'SSO_PROVIDER_PROFILE_INVALID_ERROR'
|
|
}
|
|
|
|
export class SsoGenericAuthenticationError extends BaseError {
|
|
static defaultMessage = 'Unhandled failure signing in with SSO.'
|
|
static code = 'SSO_GENERIC_AUTHENTICATION_ERROR'
|
|
}
|
|
|
|
export class SsoGenericProviderValidationError extends BaseError {
|
|
static defaultMessage = 'Unhandled failure configuring SSo for the given workspace.'
|
|
static code = 'SSO_GENERIC_PROVIDER_VALIDATION_ERROR'
|
|
}
|
|
|
|
export class SsoUserEmailUnverifiedError extends BaseError {
|
|
static defaultMessage = 'Cannot sign in with SSO using unverified email.'
|
|
static code = 'SSO_USER_EMAIL_UNVERIFIED_ERROR'
|
|
}
|
|
|
|
export class SsoUserClaimedError extends BaseError {
|
|
static defaultMessage =
|
|
'OIDC provider user already associated with another Speckle account.'
|
|
static code = 'SSO_USER_ALREADY_CLAIMED_ERROR'
|
|
}
|
|
|
|
export class SsoUserInviteRequiredError extends BaseError {
|
|
static defaultMessage = 'Cannot sign up with SSO without a valid workspace invite.'
|
|
static code = 'SSO_USER_INVITE_REQUIRED_ERROR'
|
|
static statusCode = 400
|
|
}
|
|
|
|
export class OidcProviderMissingGrantTypeError extends BaseError {
|
|
static defaultMessage = 'OIDC issuer does not support authorization_code grant type'
|
|
static code = 'SSO_OIDC_PROVIDER_MISSING_GRANT_TYPE'
|
|
static statusCode = 400
|
|
}
|