testing user sign up

server/actions/sso.js

@@ -43,12 +43,15 @@ export function validateSAMLResponse(samlResp, certificate) {
 
   const attributes = xml.getElementsByTagName("saml2:Attribute");
   let userId;
+  let permissionLevel;
   for (let attribute of attributes) {
     if (attribute.getAttribute("Name") === "userId")
       userId = attribute.textContent.trim();
+    if (attribute.getAttribute("Name") === "NetlifyPermissionLevel")
+      permissionLevel = attribute.textContent.trim();
   }
 
   if (!userId) return { error: "Could not find user ID" };
 
-  return { userId };
+  return { userId, permissionLevel };
 }

server/mongodb/actions/User.js

@@ -26,29 +26,43 @@ export async function login({ username, password }) {
   };
 }
 
-export async function signUp({ username, password, isAdmin }) {
-  if (username == null || password == null) {
+export async function signUp({ username, password, isAdmin, salesforceUserId }) {
+  if (username == null) {
     throw new Error("All parameters must be provided!");
   }
 
   await mongoDB();
-
-  return bcrypt
-    .hash(password, 10)
-    .then((hashedPassword) =>
-      User.create({
-        username,
-        password: hashedPassword,
-        isAdmin: isAdmin || false,
-      })
-    )
-    .then((user) => {
-      return {
-        id: user._id,
-        isAdmin: user.isAdmin,
-        password: user.password,
-      };
-    });
+  if (password == null) {
+    return User.create({
+          username,
+          salesforceUserId: salesforceUserId,
+          isAdmin: isAdmin || false,
+        })
+        .then((user) => {
+        return {
+          id: user._id,
+          isAdmin: user.isAdmin,
+          salesforceUserId: user.salesforceUserId,
+        };
+      });
+  } else {
+    return bcrypt
+      .hash(password, 10)
+      .then((hashedPassword) =>
+        User.create({
+          username,
+          password: hashedPassword,
+          isAdmin: isAdmin || false,
+        })
+      )
+      .then((user) => {
+        return {
+          id: user._id,
+          isAdmin: user.isAdmin,
+          password: user.password,
+        };
+      });
+  }
 }
 
 export const getUserFromId = async (id) => {
@@ -72,11 +86,22 @@ export const getUserFromId = async (id) => {
   }
 };
 
-export const getUserFromSalesforceUserId = async (salesforceUserId) => {
+export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLevel) => {
   await mongoDB();
   try {
-    const user = await User.findOne({ salesforceUserId });
-    if (!user) return null;
+    let user;
+    user = await User.findOne({ salesforceUserId });
+    if (!user) {
+      // We create the user only if they have the correct NetlifyPermissionLevel
+      if (permissionLevel == "General") {
+        user = await signUp("Salesforce User", null, false, salesforceUserId);
+      }
+      else if (permissionLevel == "Administrator") {
+        user = await signUp("Salesforce User", null, true, salesforceUserId);
+      }else {
+        return null;
+      }
+    } 
 
     return {
       id: user._id,

server/mongodb/models/User.js

@@ -11,7 +11,7 @@ const UserSchema = new Schema({
   },
   password: {
     type: String,
-    required: true,
+    required: false,
   },
   isAdmin: {
     type: Boolean,

src/pages/api/user/sso/callback.js

@@ -32,10 +32,10 @@ const handler = async (req, res) => {
     });
   }
 
-  const user = await getUserFromSalesforceUserId(result.userId);
+  const user = await getUserFromSalesforceUserId(result.userId, result.permissionLevel);
   if (!user)
     return res.status(404).json({
-      success: false,
+      success: result.permissionLevel,
       message: "A Southface user has not been provisioned for this user yet",
     });