refactor(auth/sso): rename GetAuthorizationUrl for clarity (#10173)

- Rename `GetAuthorizationUrl` to `GetAuthorizationUrlForSSO` - Move `GetAuthorizationUrlForSSO` from `sso.resolver.ts` to `auth.resolver.ts` to avoid the permission guard and let users use an SSO provider. - Fix an issue in OIDC guard that breaks the connection if you have multiple SSO providers + add tests for OIDC guard.
2025-02-13 11:15:22 +01:00
parent d7b84de1b5
commit 77d72e9b1c
16 changed files with 214 additions and 66 deletions
--- a/packages/twenty-server/src/engine/core-modules/sso/dtos/get-authorization-url.input.ts
+++ b/packages/twenty-server/src/engine/core-modules/sso/dtos/get-authorization-url.input.ts
@ -1,17 +0,0 @@
-/* @license Enterprise */
-
-import { Field, InputType } from '@nestjs/graphql';
-
-import { IsOptional, IsString } from 'class-validator';
-
-@InputType()
-export class GetAuthorizationUrlInput {
-  @Field(() => String)
-  @IsString()
-  identityProviderId: string;
-
-  @Field(() => String, { nullable: true })
-  @IsString()
-  @IsOptional()
-  workspaceInviteHash?: string;
-}
--- a/packages/twenty-server/src/engine/core-modules/sso/dtos/get-authorization-url.output.ts
+++ b/packages/twenty-server/src/engine/core-modules/sso/dtos/get-authorization-url.output.ts
@ -1,17 +0,0 @@
-/* @license Enterprise */
-
-import { Field, ObjectType } from '@nestjs/graphql';
-
-import { SSOConfiguration } from 'src/engine/core-modules/sso/types/SSOConfigurations.type';
-
-@ObjectType()
-export class GetAuthorizationUrlOutput {
-  @Field(() => String)
-  authorizationURL: string;
-
-  @Field(() => String)
-  type: SSOConfiguration['type'];
-
-  @Field(() => String)
-  id: string;
-}
--- a/packages/twenty-server/src/engine/core-modules/sso/services/sso.service.ts
+++ b/packages/twenty-server/src/engine/core-modules/sso/services/sso.service.ts
@ -198,7 +198,7 @@ export class SSOService {
    });
  }

-  async getAuthorizationUrl(
+  async getAuthorizationUrlForSSO(
    identityProviderId: string,
    searchParams: Record<string, string | boolean>,
  ) {
--- a/packages/twenty-server/src/engine/core-modules/sso/sso.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/sso/sso.resolver.ts
@ -3,7 +3,6 @@
 import { UseFilters, UseGuards } from '@nestjs/common';
 import { Args, Mutation, Query, Resolver } from '@nestjs/graphql';

-import omit from 'lodash.omit';
 import { SettingsFeatures } from 'twenty-shared';

 import { EnterpriseFeaturesEnabledGuard } from 'src/engine/core-modules/auth/guards/enterprise-features-enabled.guard';
@ -12,8 +11,6 @@ import { DeleteSsoOutput } from 'src/engine/core-modules/sso/dtos/delete-sso.out
 import { EditSsoInput } from 'src/engine/core-modules/sso/dtos/edit-sso.input';
 import { EditSsoOutput } from 'src/engine/core-modules/sso/dtos/edit-sso.output';
 import { FindAvailableSSOIDPOutput } from 'src/engine/core-modules/sso/dtos/find-available-SSO-IDP.output';
-import { GetAuthorizationUrlInput } from 'src/engine/core-modules/sso/dtos/get-authorization-url.input';
-import { GetAuthorizationUrlOutput } from 'src/engine/core-modules/sso/dtos/get-authorization-url.output';
 import {
  SetupOIDCSsoInput,
  SetupSAMLSsoInput,
@ -53,14 +50,6 @@ export class SSOResolver {
    return this.sSOService.listSSOIdentityProvidersByWorkspaceId(workspaceId);
  }

-  @Mutation(() => GetAuthorizationUrlOutput)
-  async getAuthorizationUrl(@Args('input') params: GetAuthorizationUrlInput) {
-    return await this.sSOService.getAuthorizationUrl(
-      params.identityProviderId,
-      omit(params, ['identityProviderId']),
-    );
-  }
-
  @UseGuards(WorkspaceAuthGuard, EnterpriseFeaturesEnabledGuard)
  @Mutation(() => SetupSsoOutput)
  async createSAMLIdentityProvider(