fix(SSO): MisskeyIO#519 の一部API・データのフォーマットの問題を修正 (MisskeyIO#520)

This commit is contained in:
まっちゃとーにゅ 2024-03-15 04:29:10 +09:00 committed by GitHub
parent 8c1db331e7
commit 13ae8e155b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 31 additions and 23 deletions

View file

@ -125,7 +125,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
name: ps.name ? ps.name : null, name: ps.name ? ps.name : null,
type: ps.type, type: ps.type,
issuer: ps.issuer, issuer: ps.issuer,
audience: ps.audience, audience: ps.audience?.filter(i => !!i),
acsUrl: ps.acsUrl, acsUrl: ps.acsUrl,
publicKey: publicKey, publicKey: publicKey,
privateKey: privateKey, privateKey: privateKey,

View file

@ -25,17 +25,17 @@ export const meta = {
export const paramDef = { export const paramDef = {
type: 'object', type: 'object',
properties: { properties: {
id: { type: 'string' }, id: { type: 'string', nullable: false },
name: { type: 'string' }, name: { type: 'string', nullable: true },
issuer: { type: 'string' }, issuer: { type: 'string', nullable: false },
audience: { type: 'array', items: { type: 'string', nullable: false } }, audience: { type: 'array', items: { type: 'string', nullable: false } },
acsUrl: { type: 'string' }, acsUrl: { type: 'string', nullable: false },
signatureAlgorithm: { type: 'string' }, signatureAlgorithm: { type: 'string', nullable: false },
cipherAlgorithm: { type: 'string' }, cipherAlgorithm: { type: 'string', nullable: true },
wantAuthnRequestsSigned: { type: 'boolean' }, wantAuthnRequestsSigned: { type: 'boolean', nullable: false },
wantAssertionsSigned: { type: 'boolean' }, wantAssertionsSigned: { type: 'boolean', nullable: false },
regenerateCertificate: { type: 'boolean' }, regenerateCertificate: { type: 'boolean', nullable: true },
secret: { type: 'string' }, secret: { type: 'string', nullable: true },
}, },
required: ['id'], required: ['id'],
} as const; } as const;
@ -64,7 +64,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
await this.singleSignOnServiceProviderRepository.update(service.id, { await this.singleSignOnServiceProviderRepository.update(service.id, {
name: ps.name !== '' ? ps.name : null, name: ps.name !== '' ? ps.name : null,
issuer: ps.issuer, issuer: ps.issuer,
audience: ps.audience, audience: ps.audience?.filter(i => !!i),
acsUrl: ps.acsUrl, acsUrl: ps.acsUrl,
publicKey: publicKey, publicKey: publicKey,
privateKey: privateKey, privateKey: privateKey,

View file

@ -526,7 +526,7 @@ export class OAuth2ProviderService {
email: user?.email, email: user?.email,
email_verified: user?.emailVerified, email_verified: user?.emailVerified,
mfa_enabled: user?.twoFactorEnabled, mfa_enabled: user?.twoFactorEnabled,
updated_at: (accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000, updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000),
}; };
}); });
} }

View file

@ -184,7 +184,7 @@ export class JWTIdentifyProviderService {
email: profile.email, email: profile.email,
email_verified: profile.emailVerified, email_verified: profile.emailVerified,
mfa_enabled: profile.twoFactorEnabled, mfa_enabled: profile.twoFactorEnabled,
updated_at: (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000, updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
admin: isAdministrator, admin: isAdministrator,
moderator: isModerator, moderator: isModerator,
roles: roles.filter(r => r.isPublic).map(r => r.id), roles: roles.filter(r => r.isPublic).map(r => r.id),

View file

@ -56,7 +56,10 @@ export class SAMLIdentifyProviderService {
provider: MiSingleSignOnServiceProvider, provider: MiSingleSignOnServiceProvider,
): Promise<string> { ): Promise<string> {
const today = new Date(); const today = new Date();
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike)); const publicKey = await jose
.importJWK(JSON.parse(provider.publicKey))
.then(k => jose.exportSPKI(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
const nodes = { const nodes = {
'md:EntityDescriptor': { 'md:EntityDescriptor': {
@ -103,7 +106,10 @@ export class SAMLIdentifyProviderService {
provider: MiSingleSignOnServiceProvider, provider: MiSingleSignOnServiceProvider,
): Promise<string> { ): Promise<string> {
const today = new Date(); const today = new Date();
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike)); const publicKey = await jose
.importJWK(JSON.parse(provider.publicKey))
.then(k => jose.exportSPKI(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
const keyDescriptor: unknown[] = [ const keyDescriptor: unknown[] = [
{ {
@ -230,7 +236,8 @@ export class SAMLIdentifyProviderService {
metadata: await this.createIdPMetadataXml(ssoServiceProvider), metadata: await this.createIdPMetadataXml(ssoServiceProvider),
privateKey: await jose privateKey: await jose
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}')) .importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
.then((r) => jose.exportPKCS8(r as jose.KeyLike)), .then(k => jose.exportPKCS8(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
}); });
const sp = saml.ServiceProvider({ const sp = saml.ServiceProvider({
@ -364,7 +371,8 @@ export class SAMLIdentifyProviderService {
metadata: await this.createIdPMetadataXml(ssoServiceProvider), metadata: await this.createIdPMetadataXml(ssoServiceProvider),
privateKey: await jose privateKey: await jose
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}')) .importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
.then((r) => jose.exportPKCS8(r as jose.KeyLike)), .then(k => jose.exportPKCS8(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
loginResponseTemplate: { context: 'ignored' }, loginResponseTemplate: { context: 'ignored' },
}); });
@ -557,7 +565,7 @@ export class SAMLIdentifyProviderService {
'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
'saml:AttributeValue': { 'saml:AttributeValue': {
'@xsi:type': 'xs:integer', '@xsi:type': 'xs:integer',
'#text': (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000, '#text': Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
}, },
}, },
{ {

View file

@ -10539,16 +10539,16 @@ export type operations = {
content: { content: {
'application/json': { 'application/json': {
id: string; id: string;
name?: string; name?: string | null;
issuer?: string; issuer?: string;
audience?: string[]; audience?: string[];
acsUrl?: string; acsUrl?: string;
signatureAlgorithm?: string; signatureAlgorithm?: string;
cipherAlgorithm?: string; cipherAlgorithm?: string | null;
wantAuthnRequestsSigned?: boolean; wantAuthnRequestsSigned?: boolean;
wantAssertionsSigned?: boolean; wantAssertionsSigned?: boolean;
regenerateCertificate?: boolean; regenerateCertificate?: boolean | null;
secret?: string; secret?: string | null;
}; };
}; };
}; };