mirror of
https://github.com/MisskeyIO/misskey
synced 2024-11-23 14:46:40 +09:00
fix(SSO): MisskeyIO#519 の一部API・データのフォーマットの問題を修正 (MisskeyIO#520)
This commit is contained in:
parent
8c1db331e7
commit
13ae8e155b
@ -125,7 +125,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||
name: ps.name ? ps.name : null,
|
||||
type: ps.type,
|
||||
issuer: ps.issuer,
|
||||
audience: ps.audience,
|
||||
audience: ps.audience?.filter(i => !!i),
|
||||
acsUrl: ps.acsUrl,
|
||||
publicKey: publicKey,
|
||||
privateKey: privateKey,
|
||||
|
@ -25,17 +25,17 @@ export const meta = {
|
||||
export const paramDef = {
|
||||
type: 'object',
|
||||
properties: {
|
||||
id: { type: 'string' },
|
||||
name: { type: 'string' },
|
||||
issuer: { type: 'string' },
|
||||
id: { type: 'string', nullable: false },
|
||||
name: { type: 'string', nullable: true },
|
||||
issuer: { type: 'string', nullable: false },
|
||||
audience: { type: 'array', items: { type: 'string', nullable: false } },
|
||||
acsUrl: { type: 'string' },
|
||||
signatureAlgorithm: { type: 'string' },
|
||||
cipherAlgorithm: { type: 'string' },
|
||||
wantAuthnRequestsSigned: { type: 'boolean' },
|
||||
wantAssertionsSigned: { type: 'boolean' },
|
||||
regenerateCertificate: { type: 'boolean' },
|
||||
secret: { type: 'string' },
|
||||
acsUrl: { type: 'string', nullable: false },
|
||||
signatureAlgorithm: { type: 'string', nullable: false },
|
||||
cipherAlgorithm: { type: 'string', nullable: true },
|
||||
wantAuthnRequestsSigned: { type: 'boolean', nullable: false },
|
||||
wantAssertionsSigned: { type: 'boolean', nullable: false },
|
||||
regenerateCertificate: { type: 'boolean', nullable: true },
|
||||
secret: { type: 'string', nullable: true },
|
||||
},
|
||||
required: ['id'],
|
||||
} as const;
|
||||
@ -64,7 +64,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||
await this.singleSignOnServiceProviderRepository.update(service.id, {
|
||||
name: ps.name !== '' ? ps.name : null,
|
||||
issuer: ps.issuer,
|
||||
audience: ps.audience,
|
||||
audience: ps.audience?.filter(i => !!i),
|
||||
acsUrl: ps.acsUrl,
|
||||
publicKey: publicKey,
|
||||
privateKey: privateKey,
|
||||
|
@ -526,7 +526,7 @@ export class OAuth2ProviderService {
|
||||
email: user?.email,
|
||||
email_verified: user?.emailVerified,
|
||||
mfa_enabled: user?.twoFactorEnabled,
|
||||
updated_at: (accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000,
|
||||
updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000),
|
||||
};
|
||||
});
|
||||
}
|
||||
|
@ -184,7 +184,7 @@ export class JWTIdentifyProviderService {
|
||||
email: profile.email,
|
||||
email_verified: profile.emailVerified,
|
||||
mfa_enabled: profile.twoFactorEnabled,
|
||||
updated_at: (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
|
||||
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
|
||||
admin: isAdministrator,
|
||||
moderator: isModerator,
|
||||
roles: roles.filter(r => r.isPublic).map(r => r.id),
|
||||
|
@ -56,7 +56,10 @@ export class SAMLIdentifyProviderService {
|
||||
provider: MiSingleSignOnServiceProvider,
|
||||
): Promise<string> {
|
||||
const today = new Date();
|
||||
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
|
||||
const publicKey = await jose
|
||||
.importJWK(JSON.parse(provider.publicKey))
|
||||
.then(k => jose.exportSPKI(k as jose.KeyLike))
|
||||
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
|
||||
|
||||
const nodes = {
|
||||
'md:EntityDescriptor': {
|
||||
@ -103,7 +106,10 @@ export class SAMLIdentifyProviderService {
|
||||
provider: MiSingleSignOnServiceProvider,
|
||||
): Promise<string> {
|
||||
const today = new Date();
|
||||
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
|
||||
const publicKey = await jose
|
||||
.importJWK(JSON.parse(provider.publicKey))
|
||||
.then(k => jose.exportSPKI(k as jose.KeyLike))
|
||||
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
|
||||
|
||||
const keyDescriptor: unknown[] = [
|
||||
{
|
||||
@ -230,7 +236,8 @@ export class SAMLIdentifyProviderService {
|
||||
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
||||
privateKey: await jose
|
||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
||||
.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
|
||||
.then(k => jose.exportPKCS8(k as jose.KeyLike))
|
||||
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
|
||||
});
|
||||
|
||||
const sp = saml.ServiceProvider({
|
||||
@ -364,7 +371,8 @@ export class SAMLIdentifyProviderService {
|
||||
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
||||
privateKey: await jose
|
||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
||||
.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
|
||||
.then(k => jose.exportPKCS8(k as jose.KeyLike))
|
||||
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
|
||||
loginResponseTemplate: { context: 'ignored' },
|
||||
});
|
||||
|
||||
@ -557,7 +565,7 @@ export class SAMLIdentifyProviderService {
|
||||
'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
||||
'saml:AttributeValue': {
|
||||
'@xsi:type': 'xs:integer',
|
||||
'#text': (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
|
||||
'#text': Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -10539,16 +10539,16 @@ export type operations = {
|
||||
content: {
|
||||
'application/json': {
|
||||
id: string;
|
||||
name?: string;
|
||||
name?: string | null;
|
||||
issuer?: string;
|
||||
audience?: string[];
|
||||
acsUrl?: string;
|
||||
signatureAlgorithm?: string;
|
||||
cipherAlgorithm?: string;
|
||||
cipherAlgorithm?: string | null;
|
||||
wantAuthnRequestsSigned?: boolean;
|
||||
wantAssertionsSigned?: boolean;
|
||||
regenerateCertificate?: boolean;
|
||||
secret?: string;
|
||||
regenerateCertificate?: boolean | null;
|
||||
secret?: string | null;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user