diff --git a/server/actions/sso.js b/server/actions/sso.js index 902f7a6..c9dc460 100644 --- a/server/actions/sso.js +++ b/server/actions/sso.js @@ -43,12 +43,15 @@ export function validateSAMLResponse(samlResp, certificate) { const attributes = xml.getElementsByTagName("saml2:Attribute"); let userId; + let permissionLevel; for (let attribute of attributes) { if (attribute.getAttribute("Name") === "userId") userId = attribute.textContent.trim(); + if (attribute.getAttribute("Name") === "NetlifyPermissionLevel") + permissionLevel = attribute.textContent.trim(); } if (!userId) return { error: "Could not find user ID" }; - return { userId }; + return { userId, permissionLevel }; } diff --git a/server/mongodb/actions/User.js b/server/mongodb/actions/User.js index 4fa82cf..064a4ad 100644 --- a/server/mongodb/actions/User.js +++ b/server/mongodb/actions/User.js @@ -26,29 +26,43 @@ export async function login({ username, password }) { }; } -export async function signUp({ username, password, isAdmin }) { - if (username == null || password == null) { +export async function signUp({ username, password, isAdmin, salesforceUserId }) { + if (username == null) { throw new Error("All parameters must be provided!"); } await mongoDB(); - - return bcrypt - .hash(password, 10) - .then((hashedPassword) => - User.create({ - username, - password: hashedPassword, - isAdmin: isAdmin || false, - }) - ) - .then((user) => { - return { - id: user._id, - isAdmin: user.isAdmin, - password: user.password, - }; - }); + if (password == null) { + return User.create({ + username, + salesforceUserId: salesforceUserId, + isAdmin: isAdmin || false, + }) + .then((user) => { + return { + id: user._id, + isAdmin: user.isAdmin, + salesforceUserId: user.salesforceUserId, + }; + }); + } else { + return bcrypt + .hash(password, 10) + .then((hashedPassword) => + User.create({ + username, + password: hashedPassword, + isAdmin: isAdmin || false, + }) + ) + .then((user) => { + return { + id: user._id, + isAdmin: user.isAdmin, + password: user.password, + }; + }); + } } export const getUserFromId = async (id) => { @@ -72,11 +86,22 @@ export const getUserFromId = async (id) => { } }; -export const getUserFromSalesforceUserId = async (salesforceUserId) => { +export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLevel) => { await mongoDB(); try { - const user = await User.findOne({ salesforceUserId }); - if (!user) return null; + let user; + user = await User.findOne({ salesforceUserId }); + if (!user) { + // We create the user only if they have the correct NetlifyPermissionLevel + if (permissionLevel == "General") { + user = await signUp("Salesforce User", null, false, salesforceUserId); + } + else if (permissionLevel == "Administrator") { + user = await signUp("Salesforce User", null, true, salesforceUserId); + }else { + return null; + } + } return { id: user._id, diff --git a/server/mongodb/models/User.js b/server/mongodb/models/User.js index e24fc45..edc5ae0 100644 --- a/server/mongodb/models/User.js +++ b/server/mongodb/models/User.js @@ -11,7 +11,7 @@ const UserSchema = new Schema({ }, password: { type: String, - required: true, + required: false, }, isAdmin: { type: Boolean, diff --git a/src/pages/api/user/sso/callback.js b/src/pages/api/user/sso/callback.js index 316e59d..e0ccb19 100644 --- a/src/pages/api/user/sso/callback.js +++ b/src/pages/api/user/sso/callback.js @@ -32,10 +32,10 @@ const handler = async (req, res) => { }); } - const user = await getUserFromSalesforceUserId(result.userId); + const user = await getUserFromSalesforceUserId(result.userId, result.permissionLevel); if (!user) return res.status(404).json({ - success: false, + success: result.permissionLevel, message: "A Southface user has not been provisioned for this user yet", });