85 lines
2.5 KiB
JavaScript
85 lines
2.5 KiB
JavaScript
const { SystemSettings } = require("../../models/systemSettings");
|
|
|
|
/**
|
|
* Checks if simple SSO is enabled for issuance of temporary auth tokens.
|
|
* Note: This middleware must be called after `validApiKey`.
|
|
* @param {import("express").Request} request
|
|
* @param {import("express").Response} response
|
|
* @param {import("express").NextFunction} next
|
|
* @returns {void}
|
|
*/
|
|
async function simpleSSOEnabled(_, response, next) {
|
|
if (!("SIMPLE_SSO_ENABLED" in process.env)) {
|
|
return response
|
|
.status(403)
|
|
.send(
|
|
"Simple SSO is not enabled. It must be enabled to validate or issue temporary auth tokens."
|
|
);
|
|
}
|
|
|
|
// If the multi-user mode response local is not set, we need to check if it's enabled.
|
|
if (!("multiUserMode" in response.locals)) {
|
|
const multiUserMode = await SystemSettings.isMultiUserMode();
|
|
response.locals.multiUserMode = multiUserMode;
|
|
}
|
|
|
|
if (!response.locals.multiUserMode) {
|
|
return response
|
|
.status(403)
|
|
.send(
|
|
"Multi-User mode is not enabled. It must be enabled to use Simple SSO."
|
|
);
|
|
}
|
|
|
|
next();
|
|
}
|
|
|
|
/**
|
|
* Checks if simple SSO login is disabled by checking if the
|
|
* SIMPLE_SSO_NO_LOGIN environment variable is set as well as
|
|
* SIMPLE_SSO_ENABLED is set.
|
|
*
|
|
* This check should only be run when in multi-user mode when used.
|
|
* @returns {boolean}
|
|
*/
|
|
function simpleSSOLoginDisabled() {
|
|
return (
|
|
"SIMPLE_SSO_ENABLED" in process.env && "SIMPLE_SSO_NO_LOGIN" in process.env
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Middleware that checks if simple SSO login is disabled by checking if the
|
|
* SIMPLE_SSO_NO_LOGIN environment variable is set as well as
|
|
* SIMPLE_SSO_ENABLED is set.
|
|
*
|
|
* This middleware will 403 if SSO is enabled and no login is allowed and
|
|
* the system is in multi-user mode. Otherwise, it will call next.
|
|
*
|
|
* @param {import("express").Request} request
|
|
* @param {import("express").Response} response
|
|
* @param {import("express").NextFunction} next
|
|
* @returns {void}
|
|
*/
|
|
async function simpleSSOLoginDisabledMiddleware(_, response, next) {
|
|
if (!("multiUserMode" in response.locals)) {
|
|
const multiUserMode = await SystemSettings.isMultiUserMode();
|
|
response.locals.multiUserMode = multiUserMode;
|
|
}
|
|
|
|
if (response.locals.multiUserMode && simpleSSOLoginDisabled()) {
|
|
response.status(403).json({
|
|
success: false,
|
|
error: "Login via credentials has been disabled by the administrator.",
|
|
});
|
|
return;
|
|
}
|
|
next();
|
|
}
|
|
|
|
module.exports = {
|
|
simpleSSOEnabled,
|
|
simpleSSOLoginDisabled,
|
|
simpleSSOLoginDisabledMiddleware,
|
|
};
|