fix: review - suggested changes

tolgee · Feb 7, 2025 · a744b10 · a744b10
1 parent d732b49
commit a744b10
Show file tree

Hide file tree

Showing 13 changed files with 224 additions and 224 deletions.
diff --git a/backend/api/src/main/kotlin/io/tolgee/controllers/AuthProviderChangeController.kt b/backend/api/src/main/kotlin/io/tolgee/controllers/AuthProviderChangeController.kt
@@ -3,6 +3,7 @@ package io.tolgee.controllers
 import io.swagger.v3.oas.annotations.Operation
 import io.tolgee.dtos.response.AuthProviderDto
 import io.tolgee.exceptions.NotFoundException
+import io.tolgee.openApiDocs.OpenApiHideFromPublicDocs
 import io.tolgee.security.authentication.AllowApiAccess
 import io.tolgee.security.authentication.AuthTokenType
 import io.tolgee.security.authentication.AuthenticationFacade
@@ -20,8 +21,9 @@ import org.springframework.web.bind.annotation.RestController
 
 @RestController
 @CrossOrigin(origins = ["*"])
-@RequestMapping("/api/auth_provider") // TODO: I should probably use the v2
+@RequestMapping("/v2/auth-provider") // TODO: I should probably use the v2
 @AuthenticationTag
+@OpenApiHideFromPublicDocs
 class AuthProviderChangeController(
   private val authenticationFacade: AuthenticationFacade,
   private val authProviderChangeService: AuthProviderChangeService,

diff --git a/backend/api/src/main/kotlin/io/tolgee/hateoas/ee/SsoTenantModel.kt b/backend/api/src/main/kotlin/io/tolgee/hateoas/ee/SsoTenantModel.kt
@@ -13,6 +13,9 @@ class SsoTenantModel(
   override val clientId: String,
   override val clientSecret: String,
   override val tokenUri: String,
+  /**
+   * When true, users with an email matching the organization's domain must sign in using SSO
+   */
   override val force: Boolean,
   override val domain: String,
 ) : ISsoTenant,

diff --git a/backend/api/src/main/kotlin/io/tolgee/security/thirdParty/GithubOAuthDelegate.kt b/backend/api/src/main/kotlin/io/tolgee/security/thirdParty/GithubOAuthDelegate.kt
@@ -85,7 +85,7 @@ class GithubOAuthDelegate(
         )?.email
           ?: throw AuthenticationException(Message.THIRD_PARTY_AUTH_NO_EMAIL)
 
-      val userAccount = findAccount(githubEmail, userResponse!!, invitationCode)
+      val userAccount = findOrCreateAccount(githubEmail, userResponse!!, invitationCode)
 
       tenantService.checkSsoNotRequiredOrAuthProviderChangeActive(userAccount)
 
@@ -103,7 +103,7 @@ class GithubOAuthDelegate(
     throw AuthenticationException(Message.THIRD_PARTY_AUTH_UNKNOWN_ERROR)
   }
 
-  fun findAccount(
+  fun findOrCreateAccount(
     githubEmail: String,
     userResponse: GithubUserResponse,
     invitationCode: String?,

diff --git a/backend/api/src/main/kotlin/io/tolgee/security/thirdParty/GoogleOAuthDelegate.kt b/backend/api/src/main/kotlin/io/tolgee/security/thirdParty/GoogleOAuthDelegate.kt
@@ -87,7 +87,7 @@ class GoogleOAuthDelegate(
           }
         }
 
-        val userAccount = findAccount(userResponse, invitationCode)
+        val userAccount = findOrCreateAccount(userResponse, invitationCode)
 
         tenantService.checkSsoNotRequiredOrAuthProviderChangeActive(userAccount)
 
@@ -107,7 +107,7 @@ class GoogleOAuthDelegate(
     }
   }
 
-  private fun findAccount(
+  private fun findOrCreateAccount(
     userResponse: GoogleUserResponse,
     invitationCode: String?,
   ): UserAccount {

diff --git a/backend/data/src/main/kotlin/io/tolgee/api/ISsoTenant.kt b/backend/data/src/main/kotlin/io/tolgee/api/ISsoTenant.kt
@@ -6,6 +6,10 @@ interface ISsoTenant {
   val authorizationUri: String
   val domain: String
   val tokenUri: String
+
+  /**
+   * When true, users with an email matching the organization's domain must sign in using SSO
+   */
   val force: Boolean
   val global: Boolean
 }
diff --git a/backend/data/src/main/kotlin/io/tolgee/configuration/tolgee/SsoGlobalProperties.kt b/backend/data/src/main/kotlin/io/tolgee/configuration/tolgee/SsoGlobalProperties.kt
@@ -26,7 +26,7 @@ class SsoGlobalProperties : ISsoTenant {
   @DocProperty(description = "Enables SSO authentication on global level - as a login method for the whole server")
   var enabled: Boolean = false
 
-  @DocProperty(description = "Force sso authentication for all users using matching e-mail domain")
+  @DocProperty(description = "When true, users with an email matching the organization's domain must sign in using SSO")
   override val force: Boolean = false
 
   @DocProperty(description = "Unique identifier for an application")

diff --git a/backend/data/src/main/kotlin/io/tolgee/dtos/request/auth/AuthProviderChangeData.kt b/backend/data/src/main/kotlin/io/tolgee/dtos/request/auth/AuthProviderChangeData.kt
@@ -1,10 +1,7 @@
 package io.tolgee.dtos.request.auth
 
-import io.tolgee.model.AuthProviderChangeRequest
 import io.tolgee.model.UserAccount
 import io.tolgee.model.enums.ThirdPartyAuthType
-import org.apache.commons.lang3.time.DateUtils
-import java.util.Calendar
 import java.util.Date
 
 data class AuthProviderChangeData(
@@ -15,17 +12,4 @@ data class AuthProviderChangeData(
   var ssoDomain: String? = null,
   var ssoRefreshToken: String? = null,
   var ssoExpiration: Date? = null,
-) {
-  fun asAuthProviderChangeRequest(expirationDate: Date): AuthProviderChangeRequest {
-    return AuthProviderChangeRequest().also {
-      it.userAccount = this.userAccount
-      it.expirationDate = DateUtils.truncate(expirationDate, Calendar.SECOND)
-      it.accountType = this.accountType
-      it.authType = this.authType
-      it.authId = this.authId
-      it.ssoDomain = this.ssoDomain
-      it.ssoRefreshToken = this.ssoRefreshToken
-      it.ssoExpiration = this.ssoExpiration
-    }
-  }
-}
+)
diff --git a/backend/data/src/main/kotlin/io/tolgee/dtos/sso/SsoTenantConfig.kt b/backend/data/src/main/kotlin/io/tolgee/dtos/sso/SsoTenantConfig.kt
@@ -9,6 +9,9 @@ data class SsoTenantConfig(
   override val authorizationUri: String,
   override val domain: String,
   override val tokenUri: String,
+  /**
+   * When true, users with an email matching the organization's domain must sign in using SSO
+   */
   override val force: Boolean,
   override val global: Boolean,
   val organization: Organization? = null,

diff --git a/backend/data/src/main/kotlin/io/tolgee/dtos/sso/SsoTenantDto.kt b/backend/data/src/main/kotlin/io/tolgee/dtos/sso/SsoTenantDto.kt
@@ -5,6 +5,9 @@ import io.tolgee.model.SsoTenant
 
 data class SsoTenantDto(
   val enabled: Boolean,
+  /**
+   * When true, users with an email matching the organization's domain must sign in using SSO
+   */
   override val force: Boolean,
   override val authorizationUri: String,
   override val clientId: String,

diff --git a/backend/data/src/main/kotlin/io/tolgee/service/security/AuthProviderChangeService.kt b/backend/data/src/main/kotlin/io/tolgee/service/security/AuthProviderChangeService.kt
@@ -14,10 +14,12 @@ import io.tolgee.repository.AuthProviderChangeRequestRepository
 import io.tolgee.service.TenantService
 import io.tolgee.service.organization.OrganizationRoleService
 import io.tolgee.util.addMinutes
+import org.apache.commons.lang3.time.DateUtils
 import org.springframework.context.annotation.Lazy
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Propagation
 import org.springframework.transaction.annotation.Transactional
+import java.util.Calendar
 
 @Service
 class AuthProviderChangeService(
@@ -49,13 +51,11 @@ class AuthProviderChangeService(
   @Transactional(propagation = Propagation.REQUIRES_NEW)
   fun saveProviderChange(data: AuthProviderChangeData) {
     authProviderChangeRequestRepository.deleteByUserAccountId(data.userAccount.id)
-    val expirationDate = currentDateProvider.date.addMinutes(30)
-    authProviderChangeRequestRepository.save(data.asAuthProviderChangeRequest(expirationDate))
+    authProviderChangeRequestRepository.save(data.asAuthProviderChangeRequest())
   }
 
   fun acceptProviderChange(data: AuthProviderChangeData) {
-    val expirationDate = currentDateProvider.date.addMinutes(30)
-    val change = data.asAuthProviderChangeRequest(expirationDate)
+    val change = data.asAuthProviderChangeRequest()
     acceptProviderChange(change)
   }
 
@@ -105,4 +105,18 @@ class AuthProviderChangeService(
     }
     return request
   }
+
+  fun AuthProviderChangeData.asAuthProviderChangeRequest(): AuthProviderChangeRequest {
+    val expirationDate = currentDateProvider.date.addMinutes(30)
+    return AuthProviderChangeRequest().also {
+      it.userAccount = this.userAccount
+      it.expirationDate = DateUtils.truncate(expirationDate, Calendar.SECOND)
+      it.accountType = this.accountType
+      it.authType = this.authType
+      it.authId = this.authId
+      it.ssoDomain = this.ssoDomain
+      it.ssoRefreshToken = this.ssoRefreshToken
+      it.ssoExpiration = this.ssoExpiration
+    }
+  }
 }
diff --git a/ee/backend/app/src/main/kotlin/io/tolgee/ee/data/CreateProviderRequest.kt b/ee/backend/app/src/main/kotlin/io/tolgee/ee/data/CreateProviderRequest.kt
@@ -9,6 +9,9 @@ import org.springframework.validation.annotation.Validated
 @Validated
 data class CreateProviderRequest(
   val enabled: Boolean,
+  /**
+   * When true, users with an email matching the organization's domain must sign in using SSO
+   */
   override val force: Boolean,
   @field:NotNull
   @field:Size(max = 255)

diff --git a/webapp/src/component/security/AcceptAuthProviderChangeView.tsx b/webapp/src/component/security/AcceptAuthProviderChangeView.tsx
@@ -53,15 +53,15 @@ const AcceptAuthProviderChangeView: React.FC = () => {
   const authProviderChange = useGlobalContext((c) => c.auth.authProviderChange);
 
   const acceptChange = useApiMutation({
-    url: '/api/auth_provider/changed/accept',
+    url: '/v2/auth-provider/changed/accept',
     method: 'post',
     fetchOptions: {
       disableAutoErrorHandle: true,
     },
   });
 
   const authProviderCurrentInfo = useApiQuery({
-    url: '/api/auth_provider/current',
+    url: '/v2/auth-provider/current',
     method: 'get',
     options: {
       onError(e) {
@@ -73,7 +73,7 @@ const AcceptAuthProviderChangeView: React.FC = () => {
   });
 
   const authProviderChangeInfo = useApiQuery({
-    url: '/api/auth_provider/changed',
+    url: '/v2/auth-provider/changed',
     method: 'get',
     options: {
       onError(e) {
@@ -102,11 +102,6 @@ const AcceptAuthProviderChangeView: React.FC = () => {
     );
   }
 
-  // function handleDecline() {
-  //   setAuthProviderChange(false);
-  //   history.push(LINKS.LOGIN.build());
-  // }
-
   if (!authProviderChangeInfo.data || authProviderCurrentInfo.isLoading) {
     return <FullPageLoading />;
   }
@@ -176,25 +171,12 @@ const AcceptAuthProviderChangeView: React.FC = () => {
                 >
                   {t('accept_auth_provider_change_accept')}
                 </LoadingButton>
-                {/*<Button
-                  variant="outlined"
-                  onClick={handleDecline}
-                  data-cy="accept-auth-provider-change-decline"
-                >
-                  {t('accept_auth_provider_change_decline')}
-                </Button>*/}
               </Box>
             </Box>
           </StyledPaper>
-          {/*<Box display="flex" justifyContent="center">
-            <Link href="https://tolgee.io">
-              {t('accept_auth_provider_change_learn_more')}
-            </Link>
-          </Box>*/}
         </StyledContent>
       </StyledContainer>
     </DashboardPage>
   );
 };
-// TODO: learn more link to docs + handle non-sso cases and allow declining the request for them
 export default AcceptAuthProviderChangeView;