enhance(SSO): ユーザーに対話型プロンプトが表示されないように設定できるように (MisskeyIO#759)

2024-10-20 07:33:27 +09:00 · 2024-10-20 07:33:27 +09:00 · 8f66f9ca59
commit 8f66f9ca59
parent a73a09a999
4 changed files with 17 additions and 5 deletions
--- a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts
+++ b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts
@ -64,11 +64,12 @@ export class JWTIdentifyProviderService {

 		fastify.all<{
 			Params: { serviceId: string };
-			Querystring?: { serviceurl?: string, return_to?: string };
-			Body?: { serviceurl?: string, return_to?: string };
+			Querystring?: { serviceurl?: string, return_to?: string, prompt?: string };
+			Body?: { serviceurl?: string, return_to?: string, prompt?: string };
 		}>('/:serviceId', async (request, reply) => {
 			const serviceId = request.params.serviceId;
 			const returnTo = request.query?.return_to ?? request.query?.serviceurl ?? request.body?.return_to ?? request.body?.serviceurl;
+			const prompt = request.query?.prompt ?? request.body?.prompt ?? 'consent';

 			const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'jwt' });
 			if (!ssoServiceProvider) {
@ -101,6 +102,7 @@ export class JWTIdentifyProviderService {
 				transactionId: transactionId,
 				serviceName: ssoServiceProvider.name ?? ssoServiceProvider.issuer,
 				kind: 'jwt',
+				prompt: prompt,
 			});
 		});

--- a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts
+++ b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts
@ -201,13 +201,14 @@ export class SAMLIdentifyProviderService {

 		fastify.all<{
 			Params: { serviceId: string };
-			Querystring?: { SAMLRequest?: string; RelayState?: string };
-			Body?: { SAMLRequest?: string; RelayState?: string };
+			Querystring?: { SAMLRequest?: string; RelayState?: string, prompt?: string };
+			Body?: { SAMLRequest?: string; RelayState?: string, prompt?: string };
 		}>('/:serviceId', async (request, reply) => {
 			const serviceId = request.params.serviceId;
 			const binding = request.query?.SAMLRequest ? 'redirect' : 'post';
 			const samlRequest = request.query?.SAMLRequest ?? request.body?.SAMLRequest;
 			const relayState = request.query?.RelayState ?? request.body?.RelayState;
+			const prompt = request.query?.prompt ?? request.body?.prompt ?? 'consent';

 			const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.findOneBy({ id: serviceId, type: 'saml', privateKey: Not(IsNull()) });
 			if (!ssoServiceProvider) {
@ -268,6 +269,7 @@ export class SAMLIdentifyProviderService {
 					transactionId: transactionId,
 					serviceName: ssoServiceProvider.name ?? ssoServiceProvider.issuer,
 					kind: 'saml',
+					prompt: prompt,
 				});
 			} catch (err) {
 				this.#logger.error('Failed to parse SAML request', { error: err });
--- a/packages/backend/src/server/web/views/sso.pug
+++ b/packages/backend/src/server/web/views/sso.pug
@ -4,3 +4,4 @@ block meta
 	meta(name='misskey:sso:transaction-id' content=transactionId)
 	meta(name='misskey:sso:service-name' content=serviceName)
 	meta(name='misskey:sso:kind' content=kind)
+	meta(name='misskey:sso:prompt' content=prompt)