fix(SSO): MisskeyIO#519 の一部API・データのフォーマットの問題を修正 (MisskeyIO#520)

This commit is contained in:
まっちゃとーにゅ 2024-03-15 04:29:10 +09:00 committed by GitHub
parent 8c1db331e7
commit 13ae8e155b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 31 additions and 23 deletions

View file

@ -125,7 +125,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
name: ps.name ? ps.name : null,
type: ps.type,
issuer: ps.issuer,
audience: ps.audience,
audience: ps.audience?.filter(i => !!i),
acsUrl: ps.acsUrl,
publicKey: publicKey,
privateKey: privateKey,

View file

@ -25,17 +25,17 @@ export const meta = {
export const paramDef = {
type: 'object',
properties: {
id: { type: 'string' },
name: { type: 'string' },
issuer: { type: 'string' },
id: { type: 'string', nullable: false },
name: { type: 'string', nullable: true },
issuer: { type: 'string', nullable: false },
audience: { type: 'array', items: { type: 'string', nullable: false } },
acsUrl: { type: 'string' },
signatureAlgorithm: { type: 'string' },
cipherAlgorithm: { type: 'string' },
wantAuthnRequestsSigned: { type: 'boolean' },
wantAssertionsSigned: { type: 'boolean' },
regenerateCertificate: { type: 'boolean' },
secret: { type: 'string' },
acsUrl: { type: 'string', nullable: false },
signatureAlgorithm: { type: 'string', nullable: false },
cipherAlgorithm: { type: 'string', nullable: true },
wantAuthnRequestsSigned: { type: 'boolean', nullable: false },
wantAssertionsSigned: { type: 'boolean', nullable: false },
regenerateCertificate: { type: 'boolean', nullable: true },
secret: { type: 'string', nullable: true },
},
required: ['id'],
} as const;
@ -64,7 +64,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
await this.singleSignOnServiceProviderRepository.update(service.id, {
name: ps.name !== '' ? ps.name : null,
issuer: ps.issuer,
audience: ps.audience,
audience: ps.audience?.filter(i => !!i),
acsUrl: ps.acsUrl,
publicKey: publicKey,
privateKey: privateKey,

View file

@ -526,7 +526,7 @@ export class OAuth2ProviderService {
email: user?.email,
email_verified: user?.emailVerified,
mfa_enabled: user?.twoFactorEnabled,
updated_at: (accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000,
updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000),
};
});
}

View file

@ -184,7 +184,7 @@ export class JWTIdentifyProviderService {
email: profile.email,
email_verified: profile.emailVerified,
mfa_enabled: profile.twoFactorEnabled,
updated_at: (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
admin: isAdministrator,
moderator: isModerator,
roles: roles.filter(r => r.isPublic).map(r => r.id),

View file

@ -56,7 +56,10 @@ export class SAMLIdentifyProviderService {
provider: MiSingleSignOnServiceProvider,
): Promise<string> {
const today = new Date();
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
const publicKey = await jose
.importJWK(JSON.parse(provider.publicKey))
.then(k => jose.exportSPKI(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
const nodes = {
'md:EntityDescriptor': {
@ -103,7 +106,10 @@ export class SAMLIdentifyProviderService {
provider: MiSingleSignOnServiceProvider,
): Promise<string> {
const today = new Date();
const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
const publicKey = await jose
.importJWK(JSON.parse(provider.publicKey))
.then(k => jose.exportSPKI(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
const keyDescriptor: unknown[] = [
{
@ -230,7 +236,8 @@ export class SAMLIdentifyProviderService {
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
privateKey: await jose
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
.then(k => jose.exportPKCS8(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
});
const sp = saml.ServiceProvider({
@ -364,7 +371,8 @@ export class SAMLIdentifyProviderService {
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
privateKey: await jose
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
.then(k => jose.exportPKCS8(k as jose.KeyLike))
.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
loginResponseTemplate: { context: 'ignored' },
});
@ -557,7 +565,7 @@ export class SAMLIdentifyProviderService {
'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
'saml:AttributeValue': {
'@xsi:type': 'xs:integer',
'#text': (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
'#text': Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
},
},
{

View file

@ -10539,16 +10539,16 @@ export type operations = {
content: {
'application/json': {
id: string;
name?: string;
name?: string | null;
issuer?: string;
audience?: string[];
acsUrl?: string;
signatureAlgorithm?: string;
cipherAlgorithm?: string;
cipherAlgorithm?: string | null;
wantAuthnRequestsSigned?: boolean;
wantAssertionsSigned?: boolean;
regenerateCertificate?: boolean;
secret?: string;
regenerateCertificate?: boolean | null;
secret?: string | null;
};
};
};