Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sso): protect access with sso sessions #3441

Merged
merged 64 commits into from
Nov 5, 2024
Merged

feat(sso): protect access with sso sessions #3441

merged 64 commits into from
Nov 5, 2024

Conversation

cdriesler
Copy link
Member

@cdriesler cdriesler commented Nov 5, 2024
edited
Loading

Description & motivation

  • We now have SSO and the concept of a "valid SSO session" for a given user and workspace
  • We intend to use this to block access as well. There will be a number of frontend provisions, but this has to be enforced by the backend.

Changes:

  • Listens to WorkspaceEvents.Authorized to, if a given workspace asset is requested:
    • Check if the workspace has SSO enabled
    • Check if the user should have a valid session
    • Check if they have that session
  • If any checks fail, provides a specific error with redirect information to SSO sign in
  • Lots of tests for this

gjedlicska and others added 30 commits September 23, 2024 17:44
@gjedlicska
feat(workspaces): add workspace sso feature flag
b38133e
@gjedlicska
Merge branch 'main' of github.com:specklesystems/speckle-server into …
2486e5c 
…gergo/web-1926-test-app-api
@gjedlicska
feat(workspaceSso): wip validate sso
29d6bdc
@gjedlicska
Merge branch 'main' of github.com:specklesystems/speckle-server into …
8b8b9e6 
…gergo/web-1926-test-app-api
@gjedlicska
Merge branch 'main' of github.com:specklesystems/speckle-server into …
1c8f16e 
…gergo/web-1926-test-app-api
@gjedlicska
feat(workspaces): validate and add sso provider to the workspace with…
7da225b 
… user sso sessions
@gjedlicska
feat(workspaces): validate and add sso provider to the workspace with…
6149b9e 
… user sso sessions
@Mikehrn
WIP
57295b9
@cdriesler
fix(sso): restructure to handle all branches at end of flow
36944b5
@cdriesler
fix(sso): add and validate emails used for sso
a6e6307
@Mikehrn
Merged main
19a834d
@cdriesler
fix(sso): park progress
a78e9d3
@gjedlicska
chore(workspaces): review sso login/valdate
a014c10
@Mikehrn
Merge branch 'main' into mike/sso
6f48668
@cdriesler
fix(sso): adjust validate url
b8726bf
@cdriesler
chore(sso): auth header puzzle
b0d2bbf
@cdriesler
fix(sso): happy-path config
49bc0a4
@cdriesler
Merge branch 'main' of github.com:specklesystems/speckle-server into …
54e0450 
…mike/sso
@cdriesler
chore(gql): gqlgen
3063d33
@cdriesler
Merge branch 'mike/sso' into charles/more-sso-validation
db041b9
@cdriesler
Merge branch 'main' into charles/more-sso-validation
c98a783
@cdriesler
fix(sso): almost almost
3df52df
@cdriesler
fix(sso): auth endpoint
27ac047
@cdriesler
a lil more terse
7a7424b
@cdriesler
fix(sso): light at the end of the tunnel
4566840
@cdriesler
fix(sso): improve catch block error messages
7dae4a7
@cdriesler
fix(sso): session lifespan => validUntil
355aaa7
@cdriesler
fix(sso): I think we've got it
0abc084
@cdriesler
feat(sso): limited workspace values for public sso login
6011280
@cdriesler
fix(sso): use factory functions
2fc11a7
@cdriesler
fix(sso): stencil final shape I'm sleepy
ea42192
@cdriesler
fix(sso): more factories more factories
d4c7d26
@cdriesler
fix(sso): on to final boss of factories
5e296fc
@cdriesler
fix(sso): needs a haircut but she works
5225752
@cdriesler
Merge remote-tracking branch 'origin' into charles/more-sso-validation
b7811c7
@cdriesler
fix(sso): init rest w function, not side-effects
786da16
@cdriesler
fix(sso): /authn => /sso
fe29fc7
@cdriesler
chore(sso): errors
af24a3f
@cdriesler
chore(sso): test test test
441e39d
@cdriesler
chore(sso): test all the corners
b4ecd16
@cdriesler
Merge branch 'main' of github.com:specklesystems/speckle-server into …
1b80b41 
…charles/more-sso-validation
@cdriesler
feat(sso): list workspace sso memberships
d72808a
@cdriesler
chore(sso): tests, expose in rest
78cceac
@cdriesler
fix(sso): sketch active user auth
c9e9a2c
@cdriesler
Merge remote-tracking branch 'origin' into charles/tryFindWorkspace
8e5018a
@cdriesler
fix(sso): expose search via gql
7b97821
@cdriesler
Merge remote-tracking branch 'origin' into charles/tryFindWorkspace
e294be9
@cdriesler
Merge branch 'charles/tryFindWorkspace' into charles/activeUserSso
2e05b86
@cdriesler
fix(sso): active user session information
f5ff307
@cdriesler
Merge branch 'main' into charles/activeUserSso
3757eb3
@cdriesler
chore(sso): sso session test utils
df1e40e
@cdriesler
chore(sso): test sso session repo/services
4f59462
@cdriesler
chore(sso): gqlgen
e4f502d
@cdriesler
feat(sso): throw error on missing or expired sso session
e775f9e
@cdriesler
Merge branch 'main' of github.com:specklesystems/speckle-server into …
8d1fac2 
…charles/ssoBlockAccess
@cdriesler
chore(sso): tests for SSO access protection
640f756
@cdriesler cdriesler marked this pull request as ready for review November 5, 2024 14:16
@gjedlicska gjedlicska merged commit d42bf7c into main Nov 5, 2024
23 of 25 checks passed
@gjedlicska gjedlicska deleted the charles/ssoBlockAccess branch November 5, 2024 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gjedlicska gjedlicska gjedlicska approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cdriesler @gjedlicska @Mikehrn