mirror of
https://github.com/MisskeyIO/misskey
synced 2024-11-23 22:56:49 +09:00
fix(SSO): MisskeyIO#519 の一部API・データのフォーマットの問題を修正 (MisskeyIO#520)
This commit is contained in:
parent
8c1db331e7
commit
13ae8e155b
@ -125,7 +125,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||||||
name: ps.name ? ps.name : null,
|
name: ps.name ? ps.name : null,
|
||||||
type: ps.type,
|
type: ps.type,
|
||||||
issuer: ps.issuer,
|
issuer: ps.issuer,
|
||||||
audience: ps.audience,
|
audience: ps.audience?.filter(i => !!i),
|
||||||
acsUrl: ps.acsUrl,
|
acsUrl: ps.acsUrl,
|
||||||
publicKey: publicKey,
|
publicKey: publicKey,
|
||||||
privateKey: privateKey,
|
privateKey: privateKey,
|
||||||
|
@ -25,17 +25,17 @@ export const meta = {
|
|||||||
export const paramDef = {
|
export const paramDef = {
|
||||||
type: 'object',
|
type: 'object',
|
||||||
properties: {
|
properties: {
|
||||||
id: { type: 'string' },
|
id: { type: 'string', nullable: false },
|
||||||
name: { type: 'string' },
|
name: { type: 'string', nullable: true },
|
||||||
issuer: { type: 'string' },
|
issuer: { type: 'string', nullable: false },
|
||||||
audience: { type: 'array', items: { type: 'string', nullable: false } },
|
audience: { type: 'array', items: { type: 'string', nullable: false } },
|
||||||
acsUrl: { type: 'string' },
|
acsUrl: { type: 'string', nullable: false },
|
||||||
signatureAlgorithm: { type: 'string' },
|
signatureAlgorithm: { type: 'string', nullable: false },
|
||||||
cipherAlgorithm: { type: 'string' },
|
cipherAlgorithm: { type: 'string', nullable: true },
|
||||||
wantAuthnRequestsSigned: { type: 'boolean' },
|
wantAuthnRequestsSigned: { type: 'boolean', nullable: false },
|
||||||
wantAssertionsSigned: { type: 'boolean' },
|
wantAssertionsSigned: { type: 'boolean', nullable: false },
|
||||||
regenerateCertificate: { type: 'boolean' },
|
regenerateCertificate: { type: 'boolean', nullable: true },
|
||||||
secret: { type: 'string' },
|
secret: { type: 'string', nullable: true },
|
||||||
},
|
},
|
||||||
required: ['id'],
|
required: ['id'],
|
||||||
} as const;
|
} as const;
|
||||||
@ -64,7 +64,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||||||
await this.singleSignOnServiceProviderRepository.update(service.id, {
|
await this.singleSignOnServiceProviderRepository.update(service.id, {
|
||||||
name: ps.name !== '' ? ps.name : null,
|
name: ps.name !== '' ? ps.name : null,
|
||||||
issuer: ps.issuer,
|
issuer: ps.issuer,
|
||||||
audience: ps.audience,
|
audience: ps.audience?.filter(i => !!i),
|
||||||
acsUrl: ps.acsUrl,
|
acsUrl: ps.acsUrl,
|
||||||
publicKey: publicKey,
|
publicKey: publicKey,
|
||||||
privateKey: privateKey,
|
privateKey: privateKey,
|
||||||
|
@ -526,7 +526,7 @@ export class OAuth2ProviderService {
|
|||||||
email: user?.email,
|
email: user?.email,
|
||||||
email_verified: user?.emailVerified,
|
email_verified: user?.emailVerified,
|
||||||
mfa_enabled: user?.twoFactorEnabled,
|
mfa_enabled: user?.twoFactorEnabled,
|
||||||
updated_at: (accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000,
|
updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000),
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -184,7 +184,7 @@ export class JWTIdentifyProviderService {
|
|||||||
email: profile.email,
|
email: profile.email,
|
||||||
email_verified: profile.emailVerified,
|
email_verified: profile.emailVerified,
|
||||||
mfa_enabled: profile.twoFactorEnabled,
|
mfa_enabled: profile.twoFactorEnabled,
|
||||||
updated_at: (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
|
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
|
||||||
admin: isAdministrator,
|
admin: isAdministrator,
|
||||||
moderator: isModerator,
|
moderator: isModerator,
|
||||||
roles: roles.filter(r => r.isPublic).map(r => r.id),
|
roles: roles.filter(r => r.isPublic).map(r => r.id),
|
||||||
|
@ -56,7 +56,10 @@ export class SAMLIdentifyProviderService {
|
|||||||
provider: MiSingleSignOnServiceProvider,
|
provider: MiSingleSignOnServiceProvider,
|
||||||
): Promise<string> {
|
): Promise<string> {
|
||||||
const today = new Date();
|
const today = new Date();
|
||||||
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
|
const publicKey = await jose
|
||||||
|
.importJWK(JSON.parse(provider.publicKey))
|
||||||
|
.then(k => jose.exportSPKI(k as jose.KeyLike))
|
||||||
|
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
|
||||||
|
|
||||||
const nodes = {
|
const nodes = {
|
||||||
'md:EntityDescriptor': {
|
'md:EntityDescriptor': {
|
||||||
@ -103,7 +106,10 @@ export class SAMLIdentifyProviderService {
|
|||||||
provider: MiSingleSignOnServiceProvider,
|
provider: MiSingleSignOnServiceProvider,
|
||||||
): Promise<string> {
|
): Promise<string> {
|
||||||
const today = new Date();
|
const today = new Date();
|
||||||
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
|
const publicKey = await jose
|
||||||
|
.importJWK(JSON.parse(provider.publicKey))
|
||||||
|
.then(k => jose.exportSPKI(k as jose.KeyLike))
|
||||||
|
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
|
||||||
|
|
||||||
const keyDescriptor: unknown[] = [
|
const keyDescriptor: unknown[] = [
|
||||||
{
|
{
|
||||||
@ -230,7 +236,8 @@ export class SAMLIdentifyProviderService {
|
|||||||
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
||||||
privateKey: await jose
|
privateKey: await jose
|
||||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
||||||
.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
|
.then(k => jose.exportPKCS8(k as jose.KeyLike))
|
||||||
|
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
|
||||||
});
|
});
|
||||||
|
|
||||||
const sp = saml.ServiceProvider({
|
const sp = saml.ServiceProvider({
|
||||||
@ -364,7 +371,8 @@ export class SAMLIdentifyProviderService {
|
|||||||
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
||||||
privateKey: await jose
|
privateKey: await jose
|
||||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
||||||
.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
|
.then(k => jose.exportPKCS8(k as jose.KeyLike))
|
||||||
|
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
|
||||||
loginResponseTemplate: { context: 'ignored' },
|
loginResponseTemplate: { context: 'ignored' },
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -557,7 +565,7 @@ export class SAMLIdentifyProviderService {
|
|||||||
'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
||||||
'saml:AttributeValue': {
|
'saml:AttributeValue': {
|
||||||
'@xsi:type': 'xs:integer',
|
'@xsi:type': 'xs:integer',
|
||||||
'#text': (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
|
'#text': Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -10539,16 +10539,16 @@ export type operations = {
|
|||||||
content: {
|
content: {
|
||||||
'application/json': {
|
'application/json': {
|
||||||
id: string;
|
id: string;
|
||||||
name?: string;
|
name?: string | null;
|
||||||
issuer?: string;
|
issuer?: string;
|
||||||
audience?: string[];
|
audience?: string[];
|
||||||
acsUrl?: string;
|
acsUrl?: string;
|
||||||
signatureAlgorithm?: string;
|
signatureAlgorithm?: string;
|
||||||
cipherAlgorithm?: string;
|
cipherAlgorithm?: string | null;
|
||||||
wantAuthnRequestsSigned?: boolean;
|
wantAuthnRequestsSigned?: boolean;
|
||||||
wantAssertionsSigned?: boolean;
|
wantAssertionsSigned?: boolean;
|
||||||
regenerateCertificate?: boolean;
|
regenerateCertificate?: boolean | null;
|
||||||
secret?: string;
|
secret?: string | null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user