admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor(auth/sso): rename GetAuthorizationUrl for clarity (#10173)

Browse Source 
- Rename `GetAuthorizationUrl` to `GetAuthorizationUrlForSSO`
- Move `GetAuthorizationUrlForSSO` from `sso.resolver.ts` to
`auth.resolver.ts` to avoid the permission guard and let users use an
SSO provider.
- Fix an issue in OIDC guard that breaks the connection if you have
multiple SSO providers + add tests for OIDC guard.
This commit is contained in:
Antoine Moreaux
2025-02-13 11:15:22 +01:00
committed by GitHub
parent d7b84de1b5
commit 77d72e9b1c
16 changed files with 214 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
packages/twenty-front/src/generated-metadata/graphql.ts
View File

@ -648,13 +648,13 @@ export type FullName = {
lastName: Scalars['String']['output'];
};
export type GetAuthorizationUrlInput = {
export type GetAuthorizationUrlForSsoInput = {
identityProviderId: Scalars['String']['input'];
workspaceInviteHash?: InputMaybe<Scalars['String']['input']>;
};
export type GetAuthorizationUrlOutput = {
__typename?: 'GetAuthorizationUrlOutput';
export type GetAuthorizationUrlForSsoOutput = {
__typename?: 'GetAuthorizationUrlForSSOOutput';
authorizationURL: Scalars['String']['output'];
id: Scalars['String']['output'];
type: Scalars['String']['output'];
@ -840,7 +840,7 @@ export type Mutation = {
generateApiKeyToken: ApiKeyToken;
generateTransientToken: TransientToken;
getAuthTokensFromLoginToken: AuthTokens;
getAuthorizationUrl: GetAuthorizationUrlOutput;
getAuthorizationUrlForSSO: GetAuthorizationUrlForSsoOutput;
getLoginTokenFromCredentials: LoginToken;
getLoginTokenFromEmailVerificationToken: LoginToken;
impersonate: ImpersonateOutput;
@ -1031,8 +1031,8 @@ export type MutationGetAuthTokensFromLoginTokenArgs = {
};
export type MutationGetAuthorizationUrlArgs = {
input: GetAuthorizationUrlInput;
export type MutationGetAuthorizationUrlForSsoArgs = {
input: GetAuthorizationUrlForSsoInput;
};

44
packages/twenty-front/src/generated/graphql.tsx
View File

@ -573,13 +573,13 @@ export type FullName = {
lastName: Scalars['String'];
};
export type GetAuthorizationUrlInput = {
export type GetAuthorizationUrlForSsoInput = {
identityProviderId: Scalars['String'];
workspaceInviteHash?: InputMaybe<Scalars['String']>;
};
export type GetAuthorizationUrlOutput = {
__typename?: 'GetAuthorizationUrlOutput';
export type GetAuthorizationUrlForSsoOutput = {
__typename?: 'GetAuthorizationUrlForSSOOutput';
authorizationURL: Scalars['String'];
id: Scalars['String'];
type: Scalars['String'];
@ -761,7 +761,7 @@ export type Mutation = {
generateApiKeyToken: ApiKeyToken;
generateTransientToken: TransientToken;
getAuthTokensFromLoginToken: AuthTokens;
getAuthorizationUrl: GetAuthorizationUrlOutput;
getAuthorizationUrlForSSO: GetAuthorizationUrlForSsoOutput;
getLoginTokenFromCredentials: LoginToken;
getLoginTokenFromEmailVerificationToken: LoginToken;
impersonate: ImpersonateOutput;
@ -918,8 +918,8 @@ export type MutationGetAuthTokensFromLoginTokenArgs = {
};
export type MutationGetAuthorizationUrlArgs = {
input: GetAuthorizationUrlInput;
export type MutationGetAuthorizationUrlForSsoArgs = {
input: GetAuthorizationUrlForSsoInput;
};
@ -2090,12 +2090,12 @@ export type GetAuthTokensFromLoginTokenMutationVariables = Exact<{
export type GetAuthTokensFromLoginTokenMutation = { __typename?: 'Mutation', getAuthTokensFromLoginToken: { __typename?: 'AuthTokens', tokens: { __typename?: 'AuthTokenPair', accessToken: { __typename?: 'AuthToken', token: string, expiresAt: string }, refreshToken: { __typename?: 'AuthToken', token: string, expiresAt: string } } } };
export type GetAuthorizationUrlMutationVariables = Exact<{
input: GetAuthorizationUrlInput;
export type GetAuthorizationUrlForSsoMutationVariables = Exact<{
input: GetAuthorizationUrlForSsoInput;
}>;
export type GetAuthorizationUrlMutation = { __typename?: 'Mutation', getAuthorizationUrl: { __typename?: 'GetAuthorizationUrlOutput', id: string, type: string, authorizationURL: string } };
export type GetAuthorizationUrlForSsoMutation = { __typename?: 'Mutation', getAuthorizationUrlForSSO: { __typename?: 'GetAuthorizationUrlForSSOOutput', id: string, type: string, authorizationURL: string } };
export type GetLoginTokenFromCredentialsMutationVariables = Exact<{
email: Scalars['String'];
@ -3072,41 +3072,41 @@ export function useGetAuthTokensFromLoginTokenMutation(baseOptions?: Apollo.Muta
export type GetAuthTokensFromLoginTokenMutationHookResult = ReturnType<typeof useGetAuthTokensFromLoginTokenMutation>;
export type GetAuthTokensFromLoginTokenMutationResult = Apollo.MutationResult<GetAuthTokensFromLoginTokenMutation>;
export type GetAuthTokensFromLoginTokenMutationOptions = Apollo.BaseMutationOptions<GetAuthTokensFromLoginTokenMutation, GetAuthTokensFromLoginTokenMutationVariables>;
export const GetAuthorizationUrlDocument = gql`
mutation GetAuthorizationUrl($input: GetAuthorizationUrlInput!) {
getAuthorizationUrl(input: $input) {
export const GetAuthorizationUrlForSsoDocument = gql`
mutation GetAuthorizationUrlForSSO($input: GetAuthorizationUrlForSSOInput!) {
getAuthorizationUrlForSSO(input: $input) {
id
type
authorizationURL
}
}
`;
export type GetAuthorizationUrlMutationFn = Apollo.MutationFunction<GetAuthorizationUrlMutation, GetAuthorizationUrlMutationVariables>;
export type GetAuthorizationUrlForSsoMutationFn = Apollo.MutationFunction<GetAuthorizationUrlForSsoMutation, GetAuthorizationUrlForSsoMutationVariables>;
/**
* __useGetAuthorizationUrlMutation__
* __useGetAuthorizationUrlForSsoMutation__
*
* To run a mutation, you first call `useGetAuthorizationUrlMutation` within a React component and pass it any options that fit your needs.
* When your component renders, `useGetAuthorizationUrlMutation` returns a tuple that includes:
* To run a mutation, you first call `useGetAuthorizationUrlForSsoMutation` within a React component and pass it any options that fit your needs.
* When your component renders, `useGetAuthorizationUrlForSsoMutation` returns a tuple that includes:
* - A mutate function that you can call at any time to execute the mutation
* - An object with fields that represent the current status of the mutation's execution
*
* @param baseOptions options that will be passed into the mutation, supported options are listed on: https://www.apollographql.com/docs/react/api/react-hooks/#options-2;
*
* @example
* const [getAuthorizationUrlMutation, { data, loading, error }] = useGetAuthorizationUrlMutation({
* const [getAuthorizationUrlForSsoMutation, { data, loading, error }] = useGetAuthorizationUrlForSsoMutation({
* variables: {
* input: // value for 'input'
* },
* });
*/
export function useGetAuthorizationUrlMutation(baseOptions?: Apollo.MutationHookOptions<GetAuthorizationUrlMutation, GetAuthorizationUrlMutationVariables>) {
export function useGetAuthorizationUrlForSsoMutation(baseOptions?: Apollo.MutationHookOptions<GetAuthorizationUrlForSsoMutation, GetAuthorizationUrlForSsoMutationVariables>) {
const options = {...defaultOptions, ...baseOptions}
return Apollo.useMutation<GetAuthorizationUrlMutation, GetAuthorizationUrlMutationVariables>(GetAuthorizationUrlDocument, options);
return Apollo.useMutation<GetAuthorizationUrlForSsoMutation, GetAuthorizationUrlForSsoMutationVariables>(GetAuthorizationUrlForSsoDocument, options);
}
export type GetAuthorizationUrlMutationHookResult = ReturnType<typeof useGetAuthorizationUrlMutation>;
export type GetAuthorizationUrlMutationResult = Apollo.MutationResult<GetAuthorizationUrlMutation>;
export type GetAuthorizationUrlMutationOptions = Apollo.BaseMutationOptions<GetAuthorizationUrlMutation, GetAuthorizationUrlMutationVariables>;
export type GetAuthorizationUrlForSsoMutationHookResult = ReturnType<typeof useGetAuthorizationUrlForSsoMutation>;
export type GetAuthorizationUrlForSsoMutationResult = Apollo.MutationResult<GetAuthorizationUrlForSsoMutation>;
export type GetAuthorizationUrlForSsoMutationOptions = Apollo.BaseMutationOptions<GetAuthorizationUrlForSsoMutation, GetAuthorizationUrlForSsoMutationVariables>;
export const GetLoginTokenFromCredentialsDocument = gql`
mutation GetLoginTokenFromCredentials($email: String!, $password: String!, $captchaToken: String) {
getLoginTokenFromCredentials(

11
packages/twenty-front/src/modules/auth/graphql/mutations/getAuthorizationUrl.ts
View File

@ -1,11 +0,0 @@
import { gql } from '@apollo/client';
export const GET_AUTHORIZATION_URL = gql`
mutation GetAuthorizationUrl($input: GetAuthorizationUrlInput!) {
getAuthorizationUrl(input: $input) {
id
type
authorizationURL
}
}
`;

11
packages/twenty-front/src/modules/auth/graphql/mutations/getAuthorizationUrlForSSO.ts Normal file
View File

@ -0,0 +1,11 @@
import { gql } from '@apollo/client';
export const GET_AUTHORIZATION_URL_FOR_SSO = gql`
mutation GetAuthorizationUrlForSSO($input: GetAuthorizationUrlForSSOInput!) {
getAuthorizationUrlForSSO(input: $input) {
id
type
authorizationURL
}
}
`;

6
packages/twenty-front/src/modules/auth/sign-in-up/components/SignInUpSSOIdentityProviderSelection.tsx
View File

@ -8,6 +8,7 @@ import { HorizontalSeparator, MainButton } from 'twenty-ui';
import { workspaceAuthProvidersState } from '@/workspace/states/workspaceAuthProvidersState';
import { isDefined } from 'twenty-shared';
import React from 'react';
const StyledContentContainer = styled.div`
margin-bottom: ${({ theme }) => theme.spacing(8)};
@ -24,16 +25,15 @@ export const SignInUpSSOIdentityProviderSelection = () => {
<StyledContentContainer>
{isDefined(workspaceAuthProviders?.sso) &&
workspaceAuthProviders?.sso.map((idp) => (
<>
<React.Fragment key={idp.id}>
<MainButton
key={idp.id}
title={idp.name}
onClick={() => redirectToSSOLoginPage(idp.id)}
Icon={guessSSOIdentityProviderIconByUrl(idp.issuer)}
fullWidth
/>
<HorizontalSeparator visible={false} />
</>
</React.Fragment>
))}
</StyledContentContainer>
</>

8
packages/twenty-front/src/modules/auth/sign-in-up/hooks/__tests__/useSSO.test.tsx
View File

@ -1,4 +1,4 @@
import { GET_AUTHORIZATION_URL } from '@/auth/graphql/mutations/getAuthorizationUrl';
import { GET_AUTHORIZATION_URL_FOR_SSO } from '@/auth/graphql/mutations/getAuthorizationUrlForSSO';
import { useSSO } from '@/auth/sign-in-up/hooks/useSSO';
import { useRedirect } from '@/domain-manager/hooks/useRedirect';
import { useSnackBar } from '@/ui/feedback/snack-bar-manager/hooks/useSnackBar';
@ -23,7 +23,7 @@ const mockRedirect = jest.fn();
const apolloMocks = [
{
request: {
query: GET_AUTHORIZATION_URL,
query: GET_AUTHORIZATION_URL_FOR_SSO,
variables: {
input: {
identityProviderId: 'success-id',
@ -32,13 +32,13 @@ const apolloMocks = [
},
result: {
data: {
getAuthorizationUrl: { authorizationURL: 'http://example.com' },
getAuthorizationUrlForSSO: { authorizationURL: 'http://example.com' },
},
},
},
{
request: {
query: GET_AUTHORIZATION_URL,
query: GET_AUTHORIZATION_URL_FOR_SSO,
variables: {
input: {
identityProviderId: 'error-id',

7
packages/twenty-front/src/modules/auth/sign-in-up/hooks/useSSO.ts
View File

@ -1,6 +1,6 @@
/* @license Enterprise */
import { GET_AUTHORIZATION_URL } from '@/auth/graphql/mutations/getAuthorizationUrl';
import { GET_AUTHORIZATION_URL_FOR_SSO } from '@/auth/graphql/mutations/getAuthorizationUrlForSSO';
import { useRedirect } from '@/domain-manager/hooks/useRedirect';
import { SnackBarVariant } from '@/ui/feedback/snack-bar-manager/components/SnackBar';
import { useSnackBar } from '@/ui/feedback/snack-bar-manager/hooks/useSnackBar';
@ -17,7 +17,7 @@ export const useSSO = () => {
let authorizationUrlForSSOResult;
try {
authorizationUrlForSSOResult = await apolloClient.mutate({
mutation: GET_AUTHORIZATION_URL,
mutation: GET_AUTHORIZATION_URL_FOR_SSO,
variables: {
input: {
identityProviderId,
@ -32,7 +32,8 @@ export const useSSO = () => {
}
redirect(
authorizationUrlForSSOResult.data?.getAuthorizationUrl.authorizationURL,
authorizationUrlForSSOResult.data?.getAuthorizationUrlForSSO
.authorizationURL,
);
};