feat(sso): allow to use OIDC and SAML (#7246)

## What it does ### Backend - [x] Add a mutation to create OIDC and SAML configuration - [x] Add a mutation to delete an SSO config - [x] Add a feature flag to toggle SSO - [x] Add a mutation to activate/deactivate an SSO config - [x] Add a mutation to delete an SSO config - [x] Add strategy to use OIDC or SAML - [ ] Improve error management ### Frontend - [x] Add section "security" in settings - [x] Add page to list SSO configurations - [x] Add page and forms to create OIDC or SAML configuration - [x] Add field to "connect with SSO" in the signin/signup process - [x] Trigger auth when a user switch to a workspace with SSO enable - [x] Add an option on the security page to activate/deactivate the global invitation link - [ ] Add new Icons for SSO Identity Providers (okta, Auth0, Azure, Microsoft) --------- Co-authored-by: Félix Malfait <felix@twenty.com> Co-authored-by: Charles Bochet <charles@twenty.com>
2024-10-21 20:07:08 +02:00
parent 11c3f1c399
commit 0f0a7966b1
132 changed files with 5245 additions and 306 deletions
--- a/packages/twenty-front/src/modules/ui/input/button/components/MainButton.tsx
+++ b/packages/twenty-front/src/modules/ui/input/button/components/MainButton.tsx
@ -77,6 +77,7 @@ const StyledButton = styled.button<
  justify-content: center;
  outline: none;
  padding: ${({ theme }) => theme.spacing(2)} ${({ theme }) => theme.spacing(3)};
+  max-height: ${({ theme }) => theme.spacing(8)};
  width: ${({ fullWidth, width }) =>
    fullWidth ? '100%' : width ? `${width}px` : 'auto'};
  ${({ theme, variant, disabled }) => {
--- a/packages/twenty-front/src/modules/ui/input/components/Toggle.tsx
+++ b/packages/twenty-front/src/modules/ui/input/components/Toggle.tsx
@ -39,7 +39,7 @@ const StyledCircle = styled(motion.span)<{
 export type ToggleProps = {
  id?: string;
  value?: boolean;
-  onChange?: (value: boolean) => void;
+  onChange?: (value: boolean, e?: React.MouseEvent<HTMLDivElement>) => void;
  color?: string;
  toggleSize?: ToggleSize;
  className?: string;
--- a/packages/twenty-front/src/modules/ui/navigation/navigation-drawer/hooks/useWorkspaceSwitching.ts
+++ b/packages/twenty-front/src/modules/ui/navigation/navigation-drawer/hooks/useWorkspaceSwitching.ts
@ -6,11 +6,24 @@ import { AppPath } from '@/types/AppPath';
 import { useGenerateJwtMutation } from '~/generated/graphql';
 import { isDefined } from '~/utils/isDefined';
 import { sleep } from '~/utils/sleep';
+import { useSSO } from '@/auth/sign-in-up/hooks/useSSO';
+import {
+  SignInUpStep,
+  signInUpStepState,
+} from '@/auth/states/signInUpStepState';
+import { availableSSOIdentityProvidersState } from '@/auth/states/availableWorkspacesForSSO';
+import { useAuth } from '@/auth/hooks/useAuth';

 export const useWorkspaceSwitching = () => {
  const setTokenPair = useSetRecoilState(tokenPairState);
  const [generateJWT] = useGenerateJwtMutation();
+  const { redirectToSSOLoginPage } = useSSO();
  const currentWorkspace = useRecoilValue(currentWorkspaceState);
+  const setAvailableWorkspacesForSSOState = useSetRecoilState(
+    availableSSOIdentityProvidersState,
+  );
+  const setSignInUpStep = useSetRecoilState(signInUpStepState);
+  const { signOut } = useAuth();

  const switchWorkspace = async (workspaceId: string) => {
    if (currentWorkspace?.id === workspaceId) return;
@ -28,10 +41,34 @@ export const useWorkspaceSwitching = () => {
      throw new Error('could not create token');
    }

-    const { tokens } = jwt.data.generateJWT;
-    setTokenPair(tokens);
-    await sleep(0); // This hacky workaround is necessary to ensure the tokens stored in the cookie are updated correctly.
-    window.location.href = AppPath.Index;
+    if (
+      jwt.data.generateJWT.reason === 'WORKSPACE_USE_SSO_AUTH' &&
+      'availableSSOIDPs' in jwt.data.generateJWT
+    ) {
+      if (jwt.data.generateJWT.availableSSOIDPs.length === 1) {
+        redirectToSSOLoginPage(jwt.data.generateJWT.availableSSOIDPs[0].id);
+      }
+
+      if (jwt.data.generateJWT.availableSSOIDPs.length > 1) {
+        await signOut();
+        setAvailableWorkspacesForSSOState(
+          jwt.data.generateJWT.availableSSOIDPs,
+        );
+        setSignInUpStep(SignInUpStep.SSOWorkspaceSelection);
+      }
+
+      return;
+    }
+
+    if (
+      jwt.data.generateJWT.reason !== 'WORKSPACE_USE_SSO_AUTH' &&
+      'authTokens' in jwt.data.generateJWT
+    ) {
+      const { tokens } = jwt.data.generateJWT.authTokens;
+      setTokenPair(tokens);
+      await sleep(0); // This hacky workaround is necessary to ensure the tokens stored in the cookie are updated correctly.
+      window.location.href = AppPath.Index;
+    }
  };

  return { switchWorkspace };