From 13ae8e155ba1ee4b5f9e53a087d4d8f567e5e0e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=81=BE=E3=81=A3=E3=81=A1=E3=82=83=E3=81=A8=E3=83=BC?= =?UTF-8?q?=E3=81=AB=E3=82=85?= <17376330+u1-liquid@users.noreply.github.com> Date: Fri, 15 Mar 2024 04:29:10 +0900 Subject: [PATCH] =?UTF-8?q?fix(SSO):=20MisskeyIO#519=20=E3=81=AE=E4=B8=80?= =?UTF-8?q?=E9=83=A8API=E3=83=BB=E3=83=87=E3=83=BC=E3=82=BF=E3=81=AE?= =?UTF-8?q?=E3=83=95=E3=82=A9=E3=83=BC=E3=83=9E=E3=83=83=E3=83=88=E3=81=AE?= =?UTF-8?q?=E5=95=8F=E9=A1=8C=E3=82=92=E4=BF=AE=E6=AD=A3=20(MisskeyIO#520)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../server/api/endpoints/admin/sso/create.ts | 2 +- .../server/api/endpoints/admin/sso/update.ts | 22 +++++++++---------- .../src/server/oauth/OAuth2ProviderService.ts | 2 +- .../server/sso/JWTIdentifyProviderService.ts | 2 +- .../server/sso/SAMLIdentifyProviderService.ts | 18 ++++++++++----- packages/misskey-js/src/autogen/types.ts | 8 +++---- 6 files changed, 31 insertions(+), 23 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/admin/sso/create.ts b/packages/backend/src/server/api/endpoints/admin/sso/create.ts index dc71bc4ac6..9ebb7b1c80 100644 --- a/packages/backend/src/server/api/endpoints/admin/sso/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/sso/create.ts @@ -125,7 +125,7 @@ export default class extends Endpoint { // eslint- name: ps.name ? ps.name : null, type: ps.type, issuer: ps.issuer, - audience: ps.audience, + audience: ps.audience?.filter(i => !!i), acsUrl: ps.acsUrl, publicKey: publicKey, privateKey: privateKey, diff --git a/packages/backend/src/server/api/endpoints/admin/sso/update.ts b/packages/backend/src/server/api/endpoints/admin/sso/update.ts index d186e28641..909f4add6a 100644 --- a/packages/backend/src/server/api/endpoints/admin/sso/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/sso/update.ts @@ -25,17 +25,17 @@ export const meta = { export const paramDef = { type: 'object', properties: { - id: { type: 'string' }, - name: { type: 'string' }, - issuer: { type: 'string' }, + id: { type: 'string', nullable: false }, + name: { type: 'string', nullable: true }, + issuer: { type: 'string', nullable: false }, audience: { type: 'array', items: { type: 'string', nullable: false } }, - acsUrl: { type: 'string' }, - signatureAlgorithm: { type: 'string' }, - cipherAlgorithm: { type: 'string' }, - wantAuthnRequestsSigned: { type: 'boolean' }, - wantAssertionsSigned: { type: 'boolean' }, - regenerateCertificate: { type: 'boolean' }, - secret: { type: 'string' }, + acsUrl: { type: 'string', nullable: false }, + signatureAlgorithm: { type: 'string', nullable: false }, + cipherAlgorithm: { type: 'string', nullable: true }, + wantAuthnRequestsSigned: { type: 'boolean', nullable: false }, + wantAssertionsSigned: { type: 'boolean', nullable: false }, + regenerateCertificate: { type: 'boolean', nullable: true }, + secret: { type: 'string', nullable: true }, }, required: ['id'], } as const; @@ -64,7 +64,7 @@ export default class extends Endpoint { // eslint- await this.singleSignOnServiceProviderRepository.update(service.id, { name: ps.name !== '' ? ps.name : null, issuer: ps.issuer, - audience: ps.audience, + audience: ps.audience?.filter(i => !!i), acsUrl: ps.acsUrl, publicKey: publicKey, privateKey: privateKey, diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index 453ed60a87..5350e7cf37 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -526,7 +526,7 @@ export class OAuth2ProviderService { email: user?.email, email_verified: user?.emailVerified, mfa_enabled: user?.twoFactorEnabled, - updated_at: (accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000, + updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000), }; }); } diff --git a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts index 248fe94f3a..36b8e811ec 100644 --- a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts +++ b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts @@ -184,7 +184,7 @@ export class JWTIdentifyProviderService { email: profile.email, email_verified: profile.emailVerified, mfa_enabled: profile.twoFactorEnabled, - updated_at: (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000, + updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000), admin: isAdministrator, moderator: isModerator, roles: roles.filter(r => r.isPublic).map(r => r.id), diff --git a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts index 87be0af298..4cdc828ab8 100644 --- a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts +++ b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts @@ -56,7 +56,10 @@ export class SAMLIdentifyProviderService { provider: MiSingleSignOnServiceProvider, ): Promise { const today = new Date(); - const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike)); + const publicKey = await jose + .importJWK(JSON.parse(provider.publicKey)) + .then(k => jose.exportSPKI(k as jose.KeyLike)) + .then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, '')); const nodes = { 'md:EntityDescriptor': { @@ -103,7 +106,10 @@ export class SAMLIdentifyProviderService { provider: MiSingleSignOnServiceProvider, ): Promise { const today = new Date(); - const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike)); + const publicKey = await jose + .importJWK(JSON.parse(provider.publicKey)) + .then(k => jose.exportSPKI(k as jose.KeyLike)) + .then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, '')); const keyDescriptor: unknown[] = [ { @@ -230,7 +236,8 @@ export class SAMLIdentifyProviderService { metadata: await this.createIdPMetadataXml(ssoServiceProvider), privateKey: await jose .importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}')) - .then((r) => jose.exportPKCS8(r as jose.KeyLike)), + .then(k => jose.exportPKCS8(k as jose.KeyLike)) + .then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')), }); const sp = saml.ServiceProvider({ @@ -364,7 +371,8 @@ export class SAMLIdentifyProviderService { metadata: await this.createIdPMetadataXml(ssoServiceProvider), privateKey: await jose .importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}')) - .then((r) => jose.exportPKCS8(r as jose.KeyLike)), + .then(k => jose.exportPKCS8(k as jose.KeyLike)) + .then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')), loginResponseTemplate: { context: 'ignored' }, }); @@ -557,7 +565,7 @@ export class SAMLIdentifyProviderService { 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', 'saml:AttributeValue': { '@xsi:type': 'xs:integer', - '#text': (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000, + '#text': Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000), }, }, { diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts index e7c227e09a..46bccde7f9 100644 --- a/packages/misskey-js/src/autogen/types.ts +++ b/packages/misskey-js/src/autogen/types.ts @@ -10539,16 +10539,16 @@ export type operations = { content: { 'application/json': { id: string; - name?: string; + name?: string | null; issuer?: string; audience?: string[]; acsUrl?: string; signatureAlgorithm?: string; - cipherAlgorithm?: string; + cipherAlgorithm?: string | null; wantAuthnRequestsSigned?: boolean; wantAssertionsSigned?: boolean; - regenerateCertificate?: boolean; - secret?: string; + regenerateCertificate?: boolean | null; + secret?: string | null; }; }; };