Merge pull request #3790 from RedisInsight/release/2.56.0

Release/2.56.0

Author: vlad-dargel

.circleci/build/release-docker.sh

@@ -2,7 +2,7 @@
 set -e
 
 HELP="Args:
--v - Semver (2.54.0)
+-v - Semver (2.56.0)
 -d - Build image repository (Ex: -d redisinsight)
 -r - Target repository (Ex: -r redis/redisinsight)
 "

configs/webpack.config.main.prod.ts

@@ -56,7 +56,7 @@ export default merge(baseConfig, {
       DEBUG_PROD: false,
       START_MINIMIZED: false,
       RI_APP_TYPE: 'electron',
-      RI_AUTO_BOOTSTRAP: false,
+      RI_AUTO_BOOTSTRAP: 'false',
       RI_SERVER_TLS_CERT: process.env.RI_SERVER_TLS_CERT || '',
       RI_SERVER_TLS_KEY: process.env.RI_SERVER_TLS_KEY || '',
       RI_SERVE_STATICS: false,

redisinsight/api/config/default.ts

@@ -80,7 +80,7 @@ export default {
     migrateOldFolders: process.env.RI_MIGRATE_OLD_FOLDERS ? process.env.RI_MIGRATE_OLD_FOLDERS === 'true' : true,
     autoBootstrap: process.env.RI_AUTO_BOOTSTRAP ? process.env.RI_AUTO_BOOTSTRAP === 'true' : true,
     buildType: process.env.RI_BUILD_TYPE || 'DOCKER_ON_PREMISE',
-    appVersion: process.env.RI_APP_VERSION || '2.54.0',
+    appVersion: process.env.RI_APP_VERSION || '2.56.0',
     requestTimeout: parseInt(process.env.RI_REQUEST_TIMEOUT, 10) || 25000,
     excludeRoutes: [],
     excludeAuthRoutes: [],
@@ -266,6 +266,16 @@ export default {
         redirectUri: process.env.RI_CLOUD_IDP_GH_REDIRECT_URI || process.env.RI_CLOUD_IDP_REDIRECT_URI,
         idp: process.env.RI_CLOUD_IDP_GH_ID,
       },
+      sso: {
+        authorizeUrl: process.env.RI_CLOUD_IDP_SSO_AUTHORIZE_URL || process.env.RI_CLOUD_IDP_AUTHORIZE_URL,
+        tokenUrl: process.env.RI_CLOUD_IDP_SSO_TOKEN_URL || process.env.RI_CLOUD_IDP_TOKEN_URL,
+        revokeTokenUrl: process.env.RI_CLOUD_IDP_SSO_REVOKE_TOKEN_URL || process.env.RI_CLOUD_IDP_REVOKE_TOKEN_URL,
+        issuer: process.env.RI_CLOUD_IDP_SSO_ISSUER || process.env.RI_CLOUD_IDP_ISSUER,
+        clientId: process.env.RI_CLOUD_IDP_SSO_CLIENT_ID || process.env.RI_CLOUD_IDP_CLIENT_ID,
+        redirectUri: process.env.RI_CLOUD_IDP_SSO_REDIRECT_URI || process.env.RI_CLOUD_IDP_REDIRECT_URI,
+        emailVerificationUri: process.env.RI_CLOUD_IDP_SSO_EMAIL_VERIFICATION_URI || 'saml/okta_idp_id',
+        idp: process.env.RI_CLOUD_IDP_SSO_ID,
+      },
     },
   },
   ai: {

redisinsight/api/config/swagger.ts

@@ -5,7 +5,7 @@ const SWAGGER_CONFIG: Omit<OpenAPIObject, 'paths'> = {
   info: {
     title: 'Redis Insight Backend API',
     description: 'Redis Insight Backend API',
-    version: '2.54.0',
+    version: '2.56.0',
   },
   tags: [],
 };

redisinsight/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "redisinsight-api",
-  "version": "2.54.0",
+  "version": "2.56.0",
   "description": "Redis Insight API",
   "private": true,
   "author": {

redisinsight/api/src/__mocks__/cloud-auth.ts

@@ -1,4 +1,6 @@
-import { CloudAuthRequest, CloudAuthResponse, CloudAuthStatus } from 'src/modules/cloud/auth/models';
+import {
+  CloudAuthIdpType, CloudAuthRequest, CloudAuthResponse, CloudAuthStatus,
+} from 'src/modules/cloud/auth/models';
 import { mockSessionMetadata } from 'src/__mocks__/common';
 
 export const mockCloudAuthCode = 'ac_p6vA6A5tF36Jf6twH2cBOqtt7n';
@@ -43,6 +45,12 @@ export const mockCloudAuthGithubTokenParams = {
   idpType: 'github',
 };
 
+export const mockCloudAuthSsoTokenParams = {
+  ...mockCloudAuthGoogleTokenParams,
+  state: 'state_p6vA6A5tF36Jf6twH2cBOqtt7ssp',
+  idpType: 'sso',
+};
+
 export const mockCloudAuthGoogleRequest = Object.assign(new CloudAuthRequest(), {
   ...mockCloudAuthGoogleTokenParams,
   sessionMetadata: {
@@ -52,6 +60,15 @@ export const mockCloudAuthGoogleRequest = Object.assign(new CloudAuthRequest(),
   createdAt: new Date(),
 });
 
+export const mockCloudAuthSsoRequest = Object.assign(new CloudAuthRequest(), {
+  ...mockCloudAuthGoogleRequest,
+  ...mockCloudAuthSsoTokenParams,
+  tokenManager: { storage: {} },
+  createdAt: new Date(),
+  idpType: CloudAuthIdpType.Sso,
+  idp: 'idp_p6vA6A5tF36Jf6twH2cBOqtSSO',
+});
+
 export const mockCloudAuthGoogleAuthUrl = `${mockCloudAuthGoogleRequest.issuer}`
   + `/${mockCloudAuthGoogleRequest.authorizeUrl}`
   + `?client_id=${mockCloudAuthGoogleRequest.clientId}`
@@ -66,6 +83,20 @@ export const mockCloudAuthGoogleAuthUrl = `${mockCloudAuthGoogleRequest.issuer}`
   + `&${new URLSearchParams({ scope: mockCloudAuthGoogleRequest.scopes.join(' ') }).toString()}`
   + '&prompt=login';
 
+export const mockCloudAuthSsoAuthUrl = `${mockCloudAuthSsoRequest.issuer}`
+  + `/${mockCloudAuthSsoRequest.authorizeUrl}`
+  + `?client_id=${mockCloudAuthSsoRequest.clientId}`
+  + `&${new URLSearchParams({ redirect_uri: mockCloudAuthSsoRequest.redirectUri }).toString()}`
+  + `&response_type=${mockCloudAuthSsoRequest.responseType}`
+  + `&response_mode=${mockCloudAuthSsoRequest.responseMode}`
+  + `&idp=${mockCloudAuthSsoRequest.idp}`
+  + `&state=${mockCloudAuthSsoRequest.state}`
+  + `&nonce=${mockCloudAuthSsoRequest.nonce}`
+  + `&code_challenge_method=${mockCloudAuthSsoRequest.codeChallengeMethod}`
+  + `&code_challenge=${mockCloudAuthSsoRequest.codeChallenge}`
+  + `&${new URLSearchParams({ scope: mockCloudAuthSsoRequest.scopes.join(' ') }).toString()}`
+  + '&prompt=login';
+
 export const mockCloudAuthGoogleTokenUrl = `${mockCloudAuthGoogleRequest.issuer}`
   + `/${mockCloudAuthGoogleRequest.tokenUrl}`
   + `?client_id=${mockCloudAuthGoogleRequest.clientId}`
@@ -83,6 +114,12 @@ export const mockCloudAuthGoogleRevokeTokenUrl = `${mockCloudAuthGoogleRequest.i
   + `&token_type_hint=${mockCloudRevokeRefreshTokenHint}`
   + `&token=${mockCloudRefreshToken}`;
 
+export const mockCloudAuthSsoRevokeTokenUrl = `${mockCloudAuthSsoRequest.issuer}`
+  + `/${mockCloudAuthGoogleIdpConfig.revokeTokenUrl}`
+  + `?client_id=${mockCloudAuthSsoRequest.clientId}`
+  + `&token_type_hint=${mockCloudRevokeRefreshTokenHint}`
+  + `&token=${mockCloudRefreshToken}`;
+
 export const mockCloudAuthGoogleRenewTokenUrl = `${mockCloudAuthGoogleRequest.issuer}`
   + `/${mockCloudAuthGoogleIdpConfig.tokenUrl}`
   + `?client_id=${mockCloudAuthGoogleRequest.clientId}`
@@ -91,6 +128,14 @@ export const mockCloudAuthGoogleRenewTokenUrl = `${mockCloudAuthGoogleRequest.is
   + `&${new URLSearchParams({ scope: mockCloudAuthGoogleRequest.scopes.join(' ') }).toString()}`
   + `&refresh_token=${mockCloudRefreshToken}`;
 
+export const mockCloudAuthSsoRenewTokenUrl = `${mockCloudAuthSsoRequest.issuer}`
+  + `/${mockCloudAuthGoogleIdpConfig.tokenUrl}`
+  + `?client_id=${mockCloudAuthSsoRequest.clientId}`
+  + '&grant_type=refresh_token'
+  + `&${new URLSearchParams({ redirect_uri: mockCloudAuthSsoRequest.redirectUri }).toString()}`
+  + `&${new URLSearchParams({ scope: mockCloudAuthSsoRequest.scopes.join(' ') }).toString()}`
+  + `&refresh_token=${mockCloudRefreshToken}`;
+
 export const mockCloudAuthGithubRequest = Object.assign(new CloudAuthRequest(), {
   ...mockCloudAuthGithubTokenParams,
   sessionMetadata: {
@@ -160,6 +205,12 @@ export const mockGoogleIdpCloudAuthStrategy = jest.fn(() => ({
   generateRenewTokensUrl: jest.fn().mockReturnValue(new URL(mockCloudAuthGoogleRenewTokenUrl)),
 }));
 
+export const mockSsoIdpCloudAuthStrategy = jest.fn(() => ({
+  generateAuthRequest: jest.fn().mockResolvedValue(mockCloudAuthSsoRequest),
+  generateRevokeTokensUrl: jest.fn().mockReturnValue(new URL(mockCloudAuthSsoRevokeTokenUrl)),
+  generateRenewTokensUrl: jest.fn().mockReturnValue(new URL(mockCloudAuthSsoRenewTokenUrl)),
+}));
+
 export const mockCloudAuthService = jest.fn(() => ({
   renewTokens: jest.fn().mockResolvedValue(undefined),
 }));

redisinsight/api/src/constants/custom-error-codes.ts

@@ -14,6 +14,7 @@ export enum CustomErrorCodes {
   CloudOauthUnexpectedError = 11_008,
   CloudOauthMissedRequiredData = 11_009,
   CloudOauthCanceled = 11_010,
+  CloudOauthSsoUnsupportedEmail = 11_011,
   CloudCapiUnauthorized = 11_021,
   CloudCapiKeyUnauthorized = 11_022,
   CloudCapiKeyNotFound = 11_023,

redisinsight/api/src/constants/error-messages.ts

@@ -89,6 +89,7 @@ export default {
   CLOUD_OAUTH_CANCELED: 'Authorization request was canceled.',
   CLOUD_OAUTH_MISCONFIGURATION: 'Authorization server misconfiguration.',
   CLOUD_OAUTH_GITHUB_EMAIL_PERMISSION: 'Unable to get an email from the GitHub account. Make sure that it is available.',
+  CLOUD_OAUTH_SSO_UNSUPPORTED_EMAIL: 'Invalid email.',
   CLOUD_OAUTH_MISSED_REQUIRED_DATA: 'Unable to get required data from the user profile.',
   CLOUD_OAUTH_UNKNOWN_AUTHORIZATION_REQUEST: 'Unknown authorization request.',
   CLOUD_OAUTH_UNEXPECTED_ERROR: 'Unexpected error.',

redisinsight/api/src/modules/cloud/auth/auth-strategy/cloud-auth.strategy.ts

@@ -1,5 +1,5 @@
 import { Injectable } from '@nestjs/common';
-import { CloudAuthRequest } from 'src/modules/cloud/auth/models/cloud-auth-request';
+import { CloudAuthRequest, CloudAuthRequestOptions } from 'src/modules/cloud/auth/models/cloud-auth-request';
 import { SessionMetadata } from 'src/common/models';
 import { OktaAuth } from '@okta/okta-auth-js';
 import { plainToClass } from 'class-transformer';
@@ -11,7 +11,10 @@ export abstract class CloudAuthStrategy {
   /**
    * Create and store auth request params
    */
-  async generateAuthRequest(sessionMetadata: SessionMetadata): Promise<CloudAuthRequest> {
+  async generateAuthRequest(
+    sessionMetadata: SessionMetadata,
+    _options?: CloudAuthRequestOptions,
+  ): Promise<CloudAuthRequest> {
     const authClient = new OktaAuth(this.config);
     const tokenParams = await authClient.token.prepareTokenParams(this.config);
 

redisinsight/api/src/modules/cloud/auth/auth-strategy/sso-idp.cloud.auth-strategy.spec.ts

@@ -0,0 +1,66 @@
+import axios from 'axios';
+import { Test, TestingModule } from '@nestjs/testing';
+import { EventEmitter2 } from '@nestjs/event-emitter';
+import { mockSessionMetadata } from 'src/__mocks__';
+import { mockCloudAuthSsoRequest, mockCloudAuthSsoTokenParams, mockOktaAuthClient } from 'src/__mocks__/cloud-auth';
+import { OktaAuth } from '@okta/okta-auth-js';
+import { SsoIdpCloudAuthStrategy } from 'src/modules/cloud/auth/auth-strategy/sso-idp.cloud.auth-strategy';
+import { CloudAuthIdpType } from 'src/modules/cloud/auth/models';
+import {
+  CloudOauthSsoUnsupportedEmailException
+} from 'src/modules/cloud/auth/exceptions/cloud-oauth.sso-unsupported-email.exception';
+
+jest.mock('@okta/okta-auth-js');
+const mockedAxios = axios as jest.Mocked<typeof axios>;
+jest.mock('axios');
+
+describe('CloudAuthStrategy', () => {
+  let ssoStrategy: SsoIdpCloudAuthStrategy;
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    jest.mock('axios', () => mockedAxios);
+    (OktaAuth as any).mockReturnValueOnce(mockOktaAuthClient);
+
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        EventEmitter2,
+        SsoIdpCloudAuthStrategy,
+      ],
+    }).compile();
+
+    ssoStrategy = await module.get(SsoIdpCloudAuthStrategy);
+  });
+
+  describe('generateAuthRequest', () => {
+    it('Check that Sso auth request is generated', async () => {
+      mockOktaAuthClient.token.prepareTokenParams.mockResolvedValueOnce(mockCloudAuthSsoTokenParams);
+      mockedAxios.get.mockResolvedValue({ data: mockCloudAuthSsoRequest.idp });
+
+      expect(await ssoStrategy.generateAuthRequest(mockSessionMetadata, {
+        strategy: CloudAuthIdpType.Sso,
+        data: {
+          email: '[email protected]',
+        },
+      })).toEqual({
+        ...mockCloudAuthSsoRequest,
+        createdAt: expect.anything(),
+      });
+    });
+    it('should throw CloudOauthSsoUnsupportedEmailException in case of idp check error ', async () => {
+      mockOktaAuthClient.token.prepareTokenParams.mockResolvedValueOnce(mockCloudAuthSsoTokenParams);
+      mockedAxios.get.mockRejectedValueOnce(new Error());
+
+      await expect(ssoStrategy.generateAuthRequest(mockSessionMetadata, {
+        strategy: CloudAuthIdpType.Sso,
+      })).rejects.toThrow(CloudOauthSsoUnsupportedEmailException);
+    });
+    it('should throw CloudOauthSsoUnsupportedEmailException in case of idp check error ', async () => {
+      mockOktaAuthClient.token.prepareTokenParams.mockResolvedValueOnce(mockCloudAuthSsoTokenParams);
+      mockedAxios.get.mockRejectedValueOnce(new Error());
+
+      await expect(ssoStrategy.generateAuthRequest(mockSessionMetadata))
+        .rejects.toThrow(CloudOauthSsoUnsupportedEmailException);
+    });
+  });
+});