misc: added license checks for oidc sso

Infisical · Jun 17, 2024 · d79ffbe · d79ffbe
1 parent 2c237ee
commit d79ffbe
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 17 deletions.
diff --git a/backend/src/ee/services/license/licence-fns.ts b/backend/src/ee/services/license/licence-fns.ts
@@ -27,6 +27,7 @@ export const getDefaultOnPremFeatures = (): TFeatureSet => ({
   auditLogStreams: false,
   auditLogStreamLimit: 3,
   samlSSO: false,
+  oidcSSO: false,
   scim: false,
   ldap: false,
   groups: false,

diff --git a/backend/src/ee/services/license/license-types.ts b/backend/src/ee/services/license/license-types.ts
@@ -44,6 +44,7 @@ export type TFeatureSet = {
   auditLogStreams: false;
   auditLogStreamLimit: 3;
   samlSSO: false;
+  oidcSSO: false;
   scim: false;
   ldap: false;
   groups: false;

diff --git a/backend/src/ee/services/oidc/oidc-config-service.ts b/backend/src/ee/services/oidc/oidc-config-service.ts
@@ -196,9 +196,6 @@ export const oidcConfigServiceFactory = ({
       }
     );
 
-    // TODO: Sheen update oidc config
-    // await samlConfigDAL.update({ orgId }, { lastUsed: new Date() });
-
     if (user.email && !user.isEmailVerified) {
       const token = await tokenService.createTokenForUser({
         type: TokenType.TOKEN_EMAIL_VERIFICATION,
@@ -315,12 +312,20 @@ export const oidcConfigServiceFactory = ({
     const org = await orgDAL.findOne({
       slug: orgSlug
     });
+
     if (!org) {
       throw new BadRequestError({
         message: "Organization not found"
       });
     }
 
+    const plan = await licenseService.getPlan(org.id);
+    if (!plan.oidcSSO)
+      throw new BadRequestError({
+        message:
+          "Failed to update OIDC SSO configuration due to plan restriction. Upgrade plan to update SSO configuration."
+      });
+
     const { permission } = await permissionService.getOrgPermission(
       actor,
       actorId,
@@ -396,6 +401,13 @@ export const oidcConfigServiceFactory = ({
       });
     }
 
+    const plan = await licenseService.getPlan(org.id);
+    if (!plan.oidcSSO)
+      throw new BadRequestError({
+        message:
+          "Failed to create OIDC SSO configuration due to plan restriction. Upgrade plan to update SSO configuration."
+      });
+
     const { permission } = await permissionService.getOrgPermission(
       actor,
       actorId,

diff --git a/frontend/src/hooks/api/subscriptions/types.ts b/frontend/src/hooks/api/subscriptions/types.ts
@@ -21,18 +21,19 @@ export type SubscriptionPlan = {
   workspacesUsed: number;
   environmentLimit: number;
   samlSSO: boolean;
+  oidcSSO: boolean;
   scim: boolean;
   ldap: boolean;
   groups: boolean;
   status:
-  | "incomplete"
-  | "incomplete_expired"
-  | "trialing"
-  | "active"
-  | "past_due"
-  | "canceled"
-  | "unpaid"
-  | null;
+    | "incomplete"
+    | "incomplete_expired"
+    | "trialing"
+    | "active"
+    | "past_due"
+    | "canceled"
+    | "unpaid"
+    | null;
   trial_end: number | null;
   has_used_trial: boolean;
 };
diff --git a/frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/OrgOIDCSection.tsx b/frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/OrgOIDCSection.tsx
@@ -1,7 +1,12 @@
 import { createNotification } from "@app/components/notifications";
 import { OrgPermissionCan } from "@app/components/permissions";
-import { Button, Switch } from "@app/components/v2";
-import { OrgPermissionActions, OrgPermissionSubjects, useOrganization } from "@app/context";
+import { Button, Switch, UpgradePlanModal } from "@app/components/v2";
+import {
+  OrgPermissionActions,
+  OrgPermissionSubjects,
+  useOrganization,
+  useSubscription
+} from "@app/context";
 import { useGetOIDCConfig } from "@app/hooks/api";
 import { useUpdateOIDCConfig } from "@app/hooks/api/oidcConfig/mutations";
 import { usePopUp } from "@app/hooks/usePopUp";
@@ -10,17 +15,24 @@ import { OIDCModal } from "./OIDCModal";
 
 export const OrgOIDCSection = (): JSX.Element => {
   const { currentOrg } = useOrganization();
+  const { subscription } = useSubscription();
 
   const { data, isLoading } = useGetOIDCConfig(currentOrg?.slug ?? "");
   const { mutateAsync } = useUpdateOIDCConfig();
   const { popUp, handlePopUpOpen, handlePopUpClose, handlePopUpToggle } = usePopUp([
-    "addOIDC"
+    "addOIDC",
+    "upgradePlan"
   ] as const);
 
   const handleOIDCToggle = async (value: boolean) => {
     try {
       if (!currentOrg?.id) return;
 
+      if (!subscription?.oidcSSO) {
+        handlePopUpOpen("upgradePlan");
+        return;
+      }
+
       await mutateAsync({
         orgSlug: currentOrg?.slug,
         isActive: value
@@ -40,10 +52,10 @@ export const OrgOIDCSection = (): JSX.Element => {
   };
 
   const addOidcButtonClick = async () => {
-    try {
+    if (subscription?.oidcSSO && currentOrg) {
       handlePopUpOpen("addOIDC");
-    } catch (err) {
-      console.error(err);
+    } else {
+      handlePopUpOpen("upgradePlan");
     }
   };
 
@@ -96,6 +108,11 @@ export const OrgOIDCSection = (): JSX.Element => {
         handlePopUpClose={handlePopUpClose}
         handlePopUpToggle={handlePopUpToggle}
       />
+      <UpgradePlanModal
+        isOpen={popUp.upgradePlan.isOpen}
+        onOpenChange={(isOpen) => handlePopUpToggle("upgradePlan", isOpen)}
+        text="You can use OIDC SSO if you switch to Infisical's Pro plan."
+      />
     </>
   );
 };