From 8f66f9ca59eed0802011086066a5d8c438cc516e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=82=E3=82=8F=E3=82=8F=E3=82=8F=E3=81=A8=E3=83=BC?=
 =?UTF-8?q?=E3=81=AB=E3=82=85?=
 <17376330+u1-liquid@users.noreply.github.com>
Date: Sun, 20 Oct 2024 07:33:27 +0900
Subject: [PATCH] =?UTF-8?q?enhance(SSO):=20=E3=83=A6=E3=83=BC=E3=82=B6?=
 =?UTF-8?q?=E3=83=BC=E3=81=AB=E5=AF=BE=E8=A9=B1=E5=9E=8B=E3=83=97=E3=83=AD?=
 =?UTF-8?q?=E3=83=B3=E3=83=97=E3=83=88=E3=81=8C=E8=A1=A8=E7=A4=BA=E3=81=95?=
 =?UTF-8?q?=E3=82=8C=E3=81=AA=E3=81=84=E3=82=88=E3=81=86=E3=81=AB=E8=A8=AD?=
 =?UTF-8?q?=E5=AE=9A=E3=81=A7=E3=81=8D=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB?=
 =?UTF-8?q?=20(MisskeyIO#759)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../backend/src/server/sso/JWTIdentifyProviderService.ts | 6 ++++--
 .../src/server/sso/SAMLIdentifyProviderService.ts        | 6 ++++--
 packages/backend/src/server/web/views/sso.pug            | 1 +
 packages/frontend/src/pages/sso.vue                      | 9 ++++++++-
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts
index bb21a8e98..63e412ff1 100644
--- a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts
+++ b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts
@@ -64,11 +64,12 @@ export class JWTIdentifyProviderService {
 
 		fastify.all<{
 			Params: { serviceId: string };
-			Querystring?: { serviceurl?: string, return_to?: string };
-			Body?: { serviceurl?: string, return_to?: string };
+			Querystring?: { serviceurl?: string, return_to?: string, prompt?: string };
+			Body?: { serviceurl?: string, return_to?: string, prompt?: string };
 		}>('/:serviceId', async (request, reply) => {
 			const serviceId = request.params.serviceId;
 			const returnTo = request.query?.return_to ?? request.query?.serviceurl ?? request.body?.return_to ?? request.body?.serviceurl;
+			const prompt = request.query?.prompt ?? request.body?.prompt ?? 'consent';
 
 			const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'jwt' });
 			if (!ssoServiceProvider) {
@@ -101,6 +102,7 @@ export class JWTIdentifyProviderService {
 				transactionId: transactionId,
 				serviceName: ssoServiceProvider.name ?? ssoServiceProvider.issuer,
 				kind: 'jwt',
+				prompt: prompt,
 			});
 		});
 
diff --git a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts
index 2412f0357..60ce37d8e 100644
--- a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts
+++ b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts
@@ -201,13 +201,14 @@ export class SAMLIdentifyProviderService {
 
 		fastify.all<{
 			Params: { serviceId: string };
-			Querystring?: { SAMLRequest?: string; RelayState?: string };
-			Body?: { SAMLRequest?: string; RelayState?: string };
+			Querystring?: { SAMLRequest?: string; RelayState?: string, prompt?: string };
+			Body?: { SAMLRequest?: string; RelayState?: string, prompt?: string };
 		}>('/:serviceId', async (request, reply) => {
 			const serviceId = request.params.serviceId;
 			const binding = request.query?.SAMLRequest ? 'redirect' : 'post';
 			const samlRequest = request.query?.SAMLRequest ?? request.body?.SAMLRequest;
 			const relayState = request.query?.RelayState ?? request.body?.RelayState;
+			const prompt = request.query?.prompt ?? request.body?.prompt ?? 'consent';
 
 			const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'saml', privateKey: Not(IsNull()) });
 			if (!ssoServiceProvider) {
@@ -268,6 +269,7 @@ export class SAMLIdentifyProviderService {
 					transactionId: transactionId,
 					serviceName: ssoServiceProvider.name ?? ssoServiceProvider.issuer,
 					kind: 'saml',
+					prompt: prompt,
 				});
 			} catch (err) {
 				this.#logger.error('Failed to parse SAML request', { error: err });
diff --git a/packages/backend/src/server/web/views/sso.pug b/packages/backend/src/server/web/views/sso.pug
index bc1248127..d929c9721 100644
--- a/packages/backend/src/server/web/views/sso.pug
+++ b/packages/backend/src/server/web/views/sso.pug
@@ -4,3 +4,4 @@ block meta
 	meta(name='misskey:sso:transaction-id' content=transactionId)
 	meta(name='misskey:sso:service-name' content=serviceName)
 	meta(name='misskey:sso:kind' content=kind)
+	meta(name='misskey:sso:prompt' content=prompt)
diff --git a/packages/frontend/src/pages/sso.vue b/packages/frontend/src/pages/sso.vue
index d47688bd9..d113f0712 100644
--- a/packages/frontend/src/pages/sso.vue
+++ b/packages/frontend/src/pages/sso.vue
@@ -33,7 +33,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 </template>
 
 <script lang="ts" setup>
-import { ref, nextTick } from 'vue';
+import { ref, nextTick, onMounted } from 'vue';
 import MkSignin from '@/components/MkSignin.vue';
 import MkButton from '@/components/MkButton.vue';
 import { $i, login } from '@/account.js';
@@ -47,6 +47,7 @@ if (transactionIdMeta) {
 }
 const name = document.querySelector<HTMLMetaElement>('meta[name="misskey:sso:service-name"]')?.content;
 const kind = document.querySelector<HTMLMetaElement>('meta[name="misskey:sso:kind"]')?.content;
+const prompt = document.querySelector<HTMLMetaElement>('meta[name="misskey:sso:prompt"]')?.content;
 
 const loading = ref(false);
 const postBindingForm = ref<HTMLFormElement | null>(null);
@@ -90,6 +91,12 @@ async function authorize(): Promise<void> {
 	}
 }
 
+onMounted(() => {
+	if ($i && prompt === 'none') {
+		onAccept();
+	}
+});
+
 definePageMetadata(() => ({
 	title: 'Single Sign-On',
 	icon: 'ti ti-apps',