From 5572d6898e5430da2827cca0e3d1edd255c17d3a Mon Sep 17 00:00:00 2001 From: Nitendra Bhosle Date: Tue, 17 Dec 2024 17:53:57 +0530 Subject: [PATCH 1/6] Added DISABLE_SSO_TRACE flag to control logging to sso trace --- .env.example | 5 +- npm/src/controller/oauth.ts | 184 ++++++++++++++++++++---------------- 2 files changed, 105 insertions(+), 84 deletions(-) diff --git a/.env.example b/.env.example index ad2181518..86dad24df 100644 --- a/.env.example +++ b/.env.example @@ -115,4 +115,7 @@ ENTERPRISE_ORY_PROJECT_ID= #OPENID_REQUEST_PROFILE_SCOPE=false # Uncomment below if you wish to forward the OpenID params (https://openid.net/specs/openid-connect-core-1_0-errata2.html#AuthRequest) to the OpenID IdP -#OPENID_REQUEST_FORWARD_PARAMS=true \ No newline at end of file +#OPENID_REQUEST_FORWARD_PARAMS=true + +# disable logging into sso trace +# DISABLE_SSO_TRACE=true \ No newline at end of file diff --git a/npm/src/controller/oauth.ts b/npm/src/controller/oauth.ts index 87142fa39..0dcf363a4 100644 --- a/npm/src/controller/oauth.ts +++ b/npm/src/controller/oauth.ts @@ -48,6 +48,7 @@ import { SSOHandler } from './sso-handler'; import { ValidateOption, extractSAMLResponseAttributes } from '../saml/lib'; import { oidcClientConfig } from './oauth/oidc-client'; import { App } from '../ee/identity-federation/app'; +import { error } from 'console'; const deflateRawAsync = promisify(deflateRaw); @@ -595,6 +596,8 @@ export class OAuthController implements IOAuthController { let redirect_uri: string | undefined; const { SAMLResponse, idp_hint, RelayState = '' } = body; + const should_disable_sso_trace = process.env.DISABLE_SSO_TRACE === 'true'; + try { isIdPFlow = !RelayState.startsWith(relayStatePrefix); rawResponse = Buffer.from(SAMLResponse, 'base64').toString(); @@ -708,29 +711,31 @@ export class OAuthController implements IOAuthController { if (session && session.id) { validateOpts['inResponseTo'] = session.id; } - redirect_uri = ((session && session.redirect_uri) as string) || connection.defaultRedirectUrl; } catch (err: unknown) { // Save the error trace - await this.ssoTraces.saveTrace({ - error: getErrorMessage(err), - context: { - samlResponse: rawResponse, - tenant: session?.requested?.tenant || connection?.tenant, - product: session?.requested?.product || connection?.product, - clientID: session?.requested?.client_id || connection?.clientID, - providerName: connection?.idpMetadata?.provider, - redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, - issuer, - isSAMLFederated, - isOIDCFederated, - isIdPFlow, - requestedOIDCFlow: !!session?.requested?.oidc, - acsUrl: session?.requested?.acsUrl, - entityId: session?.requested?.entityId, - relayState: RelayState, - }, - }); + if (!should_disable_sso_trace) { + await this.ssoTraces.saveTrace({ + error: getErrorMessage(err), + context: { + samlResponse: rawResponse, + tenant: session?.requested?.tenant || connection?.tenant, + product: session?.requested?.product || connection?.product, + clientID: session?.requested?.client_id || connection?.clientID, + providerName: connection?.idpMetadata?.provider, + redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, + issuer, + isSAMLFederated, + isOIDCFederated, + isIdPFlow, + requestedOIDCFlow: !!session?.requested?.oidc, + acsUrl: session?.requested?.acsUrl, + entityId: session?.requested?.entityId, + relayState: RelayState, + }, + }); + } + throw err; // Rethrow the error } let profile: SAMLProfile | undefined; @@ -763,26 +768,30 @@ export class OAuthController implements IOAuthController { } catch (err: unknown) { const error_description = getErrorMessage(err); // Trace the error - const traceId = await this.ssoTraces.saveTrace({ - error: error_description, - context: { - samlResponse: rawResponse, - tenant: connection.tenant, - product: connection.product, - clientID: connection.clientID, - providerName: connection?.idpMetadata?.provider, - redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, - isSAMLFederated, - isOIDCFederated, - isIdPFlow, - acsUrl: session?.requested?.acsUrl, - entityId: session?.requested?.entityId, - requestedOIDCFlow: !!session?.requested?.oidc, - relayState: RelayState, - issuer, - profile, - }, - }); + let traceId: string | undefined; + + if (!should_disable_sso_trace) { + traceId = await this.ssoTraces.saveTrace({ + error: error_description, + context: { + samlResponse: rawResponse, + tenant: connection.tenant, + product: connection.product, + clientID: connection.clientID, + providerName: connection?.idpMetadata?.provider, + redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, + isSAMLFederated, + isOIDCFederated, + isIdPFlow, + acsUrl: session?.requested?.acsUrl, + entityId: session?.requested?.entityId, + requestedOIDCFlow: !!session?.requested?.oidc, + relayState: RelayState, + issuer, + profile, + }, + }); + } if (isSAMLFederated) { throw err; @@ -811,6 +820,8 @@ export class OAuthController implements IOAuthController { const callbackParams = body; + const should_disable_sso_trace = process.env.DISABLE_SSO_TRACE === 'true'; + let RelayState = callbackParams.state || ''; try { if (!RelayState) { @@ -849,23 +860,26 @@ export class OAuthController implements IOAuthController { } } } catch (err) { - await this.ssoTraces.saveTrace({ - error: getErrorMessage(err), - context: { - tenant: session?.requested?.tenant || oidcConnection?.tenant, - product: session?.requested?.product || oidcConnection?.product, - clientID: session?.requested?.client_id || oidcConnection?.clientID, - providerName: oidcConnection?.oidcProvider?.provider, - acsUrl: session?.requested?.acsUrl, - entityId: session?.requested?.entityId, - redirectUri: redirect_uri, - relayState: RelayState, - isSAMLFederated, - isOIDCFederated, - requestedOIDCFlow: !!session?.requested?.oidc, - oidcIdPRequest: session?.requested?.oidcIdPRequest, - }, - }); + if (!should_disable_sso_trace) { + await this.ssoTraces.saveTrace({ + error: getErrorMessage(err), + context: { + tenant: session?.requested?.tenant || oidcConnection?.tenant, + product: session?.requested?.product || oidcConnection?.product, + clientID: session?.requested?.client_id || oidcConnection?.clientID, + providerName: oidcConnection?.oidcProvider?.provider, + acsUrl: session?.requested?.acsUrl, + entityId: session?.requested?.entityId, + redirectUri: redirect_uri, + relayState: RelayState, + isSAMLFederated, + isOIDCFederated, + requestedOIDCFlow: !!session?.requested?.oidc, + oidcIdPRequest: session?.requested?.oidcIdPRequest, + }, + }); + } + // Rethrow err and redirect to Jackson error page throw err; } @@ -929,36 +943,40 @@ export class OAuthController implements IOAuthController { } await this.sessionStore.delete(RelayState); - return { redirect_url: redirect.success(redirect_uri!, params) }; } catch (err: any) { const { error, error_description, error_uri, session_state, scope, stack } = err; const error_message = error_description || getErrorMessage(err); - const traceId = await this.ssoTraces.saveTrace({ - error: error_message, - context: { - tenant: oidcConnection.tenant, - product: oidcConnection.product, - clientID: oidcConnection.clientID, - providerName: oidcConnection.oidcProvider.provider, - redirectUri: redirect_uri, - relayState: RelayState, - isSAMLFederated, - isOIDCFederated, - acsUrl: session.requested.acsUrl, - entityId: session.requested.entityId, - requestedOIDCFlow: !!session.requested.oidc, - oidcIdPRequest: session?.requested?.oidcIdPRequest, - profile, - error, - error_description, - error_uri, - session_state_from_op_error: session_state, - scope_from_op_error: scope, - stack, - oidcTokenSet: { id_token: tokens?.id_token, access_token: tokens?.access_token }, - }, - }); + let traceId: string | undefined; + + if (!should_disable_sso_trace) { + traceId = await this.ssoTraces.saveTrace({ + error: error_message, + context: { + tenant: oidcConnection.tenant, + product: oidcConnection.product, + clientID: oidcConnection.clientID, + providerName: oidcConnection.oidcProvider.provider, + redirectUri: redirect_uri, + relayState: RelayState, + isSAMLFederated, + isOIDCFederated, + acsUrl: session.requested.acsUrl, + entityId: session.requested.entityId, + requestedOIDCFlow: !!session.requested.oidc, + oidcIdPRequest: session?.requested?.oidcIdPRequest, + profile, + error, + error_description, + error_uri, + session_state_from_op_error: session_state, + scope_from_op_error: scope, + stack, + oidcTokenSet: { id_token: tokens?.id_token, access_token: tokens?.access_token }, + }, + }); + } + if (isSAMLFederated) { throw err; } From 956cbb7141829faf247e20c9a957e881524cdff8 Mon Sep 17 00:00:00 2001 From: Nitendra Bhosle Date: Tue, 17 Dec 2024 18:06:12 +0530 Subject: [PATCH 2/6] Fixed liniting issue --- npm/src/controller/oauth.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/npm/src/controller/oauth.ts b/npm/src/controller/oauth.ts index 0dcf363a4..ab7ffe70e 100644 --- a/npm/src/controller/oauth.ts +++ b/npm/src/controller/oauth.ts @@ -48,7 +48,6 @@ import { SSOHandler } from './sso-handler'; import { ValidateOption, extractSAMLResponseAttributes } from '../saml/lib'; import { oidcClientConfig } from './oauth/oidc-client'; import { App } from '../ee/identity-federation/app'; -import { error } from 'console'; const deflateRawAsync = promisify(deflateRaw); From 48b31b9f45893032f97f83e659137bf5bdf5651d Mon Sep 17 00:00:00 2001 From: Nitendra Bhosle Date: Tue, 17 Dec 2024 19:09:33 +0530 Subject: [PATCH 3/6] Added DISABLE_SSO_TRACE env to jackson options , so that could be used in npm package --- lib/env.ts | 2 ++ npm/src/controller/oauth.ts | 12 ++++++------ npm/src/typings.ts | 1 + 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/env.ts b/lib/env.ts index 61f35d568..e6e3a086f 100644 --- a/lib/env.ts +++ b/lib/env.ts @@ -10,6 +10,7 @@ const hostUrl = process.env.HOST_URL || 'localhost'; const hostPort = Number(process.env.PORT || '5225'); const externalUrl = process.env.EXTERNAL_URL || 'http://' + hostUrl + ':' + hostPort; const apiKeys = (process.env.JACKSON_API_KEYS || '').split(','); +const shouldDisableSsoTrace = process.env.DISABLE_SSO_TRACE === 'true'; let ssl; if (process.env.DB_SSL === 'true') { @@ -117,6 +118,7 @@ const jacksonOptions: JacksonOption = { projectId: process.env.ENTERPRISE_ORY_PROJECT_ID, sdkToken: process.env.ENTERPRISE_ORY_SDK_TOKEN, }, + shouldDisableSsoTrace, }; const adminPortalSSODefaults = { diff --git a/npm/src/controller/oauth.ts b/npm/src/controller/oauth.ts index ab7ffe70e..53965fcae 100644 --- a/npm/src/controller/oauth.ts +++ b/npm/src/controller/oauth.ts @@ -595,7 +595,7 @@ export class OAuthController implements IOAuthController { let redirect_uri: string | undefined; const { SAMLResponse, idp_hint, RelayState = '' } = body; - const should_disable_sso_trace = process.env.DISABLE_SSO_TRACE === 'true'; + const shouldDisableSsoTrace = this.opts.shouldDisableSsoTrace; try { isIdPFlow = !RelayState.startsWith(relayStatePrefix); @@ -713,7 +713,7 @@ export class OAuthController implements IOAuthController { redirect_uri = ((session && session.redirect_uri) as string) || connection.defaultRedirectUrl; } catch (err: unknown) { // Save the error trace - if (!should_disable_sso_trace) { + if (!shouldDisableSsoTrace) { await this.ssoTraces.saveTrace({ error: getErrorMessage(err), context: { @@ -769,7 +769,7 @@ export class OAuthController implements IOAuthController { // Trace the error let traceId: string | undefined; - if (!should_disable_sso_trace) { + if (!shouldDisableSsoTrace) { traceId = await this.ssoTraces.saveTrace({ error: error_description, context: { @@ -819,7 +819,7 @@ export class OAuthController implements IOAuthController { const callbackParams = body; - const should_disable_sso_trace = process.env.DISABLE_SSO_TRACE === 'true'; + const shouldDisableSsoTrace = this.opts.shouldDisableSsoTrace; let RelayState = callbackParams.state || ''; try { @@ -859,7 +859,7 @@ export class OAuthController implements IOAuthController { } } } catch (err) { - if (!should_disable_sso_trace) { + if (!shouldDisableSsoTrace) { await this.ssoTraces.saveTrace({ error: getErrorMessage(err), context: { @@ -948,7 +948,7 @@ export class OAuthController implements IOAuthController { const error_message = error_description || getErrorMessage(err); let traceId: string | undefined; - if (!should_disable_sso_trace) { + if (!shouldDisableSsoTrace) { traceId = await this.ssoTraces.saveTrace({ error: error_message, context: { diff --git a/npm/src/typings.ts b/npm/src/typings.ts index 8ae721fbf..e98ae7f07 100644 --- a/npm/src/typings.ts +++ b/npm/src/typings.ts @@ -508,6 +508,7 @@ export interface JacksonOption { projectId: string | undefined; sdkToken: string | undefined; }; + shouldDisableSsoTrace?: boolean; } export interface SLORequestParams { From 9caa7313280ad38aae56778920c211acfa38c116 Mon Sep 17 00:00:00 2001 From: Nitendra Bhosle Date: Wed, 18 Dec 2024 15:27:20 +0530 Subject: [PATCH 4/6] Refactored code for disabling sso tracing --- lib/env.ts | 4 +- npm/src/controller/oauth.ts | 178 +++++++++++++---------------- npm/src/index.ts | 2 +- npm/src/sso-traces/index.ts | 10 +- npm/src/typings.ts | 2 +- npm/test/sso-traces/tracer.test.ts | 3 +- 6 files changed, 95 insertions(+), 104 deletions(-) diff --git a/lib/env.ts b/lib/env.ts index e6e3a086f..8dee4b500 100644 --- a/lib/env.ts +++ b/lib/env.ts @@ -10,7 +10,7 @@ const hostUrl = process.env.HOST_URL || 'localhost'; const hostPort = Number(process.env.PORT || '5225'); const externalUrl = process.env.EXTERNAL_URL || 'http://' + hostUrl + ':' + hostPort; const apiKeys = (process.env.JACKSON_API_KEYS || '').split(','); -const shouldDisableSsoTrace = process.env.DISABLE_SSO_TRACE === 'true'; +const disableSSOTrace = process.env.DISABLE_SSO_TRACE === 'true'; let ssl; if (process.env.DB_SSL === 'true') { @@ -118,7 +118,7 @@ const jacksonOptions: JacksonOption = { projectId: process.env.ENTERPRISE_ORY_PROJECT_ID, sdkToken: process.env.ENTERPRISE_ORY_SDK_TOKEN, }, - shouldDisableSsoTrace, + disableSSOTrace, }; const adminPortalSSODefaults = { diff --git a/npm/src/controller/oauth.ts b/npm/src/controller/oauth.ts index 53965fcae..8e1b632e3 100644 --- a/npm/src/controller/oauth.ts +++ b/npm/src/controller/oauth.ts @@ -595,8 +595,6 @@ export class OAuthController implements IOAuthController { let redirect_uri: string | undefined; const { SAMLResponse, idp_hint, RelayState = '' } = body; - const shouldDisableSsoTrace = this.opts.shouldDisableSsoTrace; - try { isIdPFlow = !RelayState.startsWith(relayStatePrefix); rawResponse = Buffer.from(SAMLResponse, 'base64').toString(); @@ -713,27 +711,25 @@ export class OAuthController implements IOAuthController { redirect_uri = ((session && session.redirect_uri) as string) || connection.defaultRedirectUrl; } catch (err: unknown) { // Save the error trace - if (!shouldDisableSsoTrace) { - await this.ssoTraces.saveTrace({ - error: getErrorMessage(err), - context: { - samlResponse: rawResponse, - tenant: session?.requested?.tenant || connection?.tenant, - product: session?.requested?.product || connection?.product, - clientID: session?.requested?.client_id || connection?.clientID, - providerName: connection?.idpMetadata?.provider, - redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, - issuer, - isSAMLFederated, - isOIDCFederated, - isIdPFlow, - requestedOIDCFlow: !!session?.requested?.oidc, - acsUrl: session?.requested?.acsUrl, - entityId: session?.requested?.entityId, - relayState: RelayState, - }, - }); - } + await this.ssoTraces.saveTrace({ + error: getErrorMessage(err), + context: { + samlResponse: rawResponse, + tenant: session?.requested?.tenant || connection?.tenant, + product: session?.requested?.product || connection?.product, + clientID: session?.requested?.client_id || connection?.clientID, + providerName: connection?.idpMetadata?.provider, + redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, + issuer, + isSAMLFederated, + isOIDCFederated, + isIdPFlow, + requestedOIDCFlow: !!session?.requested?.oidc, + acsUrl: session?.requested?.acsUrl, + entityId: session?.requested?.entityId, + relayState: RelayState, + }, + }); throw err; // Rethrow the error } @@ -767,30 +763,26 @@ export class OAuthController implements IOAuthController { } catch (err: unknown) { const error_description = getErrorMessage(err); // Trace the error - let traceId: string | undefined; - - if (!shouldDisableSsoTrace) { - traceId = await this.ssoTraces.saveTrace({ - error: error_description, - context: { - samlResponse: rawResponse, - tenant: connection.tenant, - product: connection.product, - clientID: connection.clientID, - providerName: connection?.idpMetadata?.provider, - redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, - isSAMLFederated, - isOIDCFederated, - isIdPFlow, - acsUrl: session?.requested?.acsUrl, - entityId: session?.requested?.entityId, - requestedOIDCFlow: !!session?.requested?.oidc, - relayState: RelayState, - issuer, - profile, - }, - }); - } + const traceId = await this.ssoTraces.saveTrace({ + error: error_description, + context: { + samlResponse: rawResponse, + tenant: connection.tenant, + product: connection.product, + clientID: connection.clientID, + providerName: connection?.idpMetadata?.provider, + redirectUri: isIdPFlow ? connection?.defaultRedirectUrl : session?.redirect_uri, + isSAMLFederated, + isOIDCFederated, + isIdPFlow, + acsUrl: session?.requested?.acsUrl, + entityId: session?.requested?.entityId, + requestedOIDCFlow: !!session?.requested?.oidc, + relayState: RelayState, + issuer, + profile, + }, + }); if (isSAMLFederated) { throw err; @@ -819,8 +811,6 @@ export class OAuthController implements IOAuthController { const callbackParams = body; - const shouldDisableSsoTrace = this.opts.shouldDisableSsoTrace; - let RelayState = callbackParams.state || ''; try { if (!RelayState) { @@ -859,25 +849,23 @@ export class OAuthController implements IOAuthController { } } } catch (err) { - if (!shouldDisableSsoTrace) { - await this.ssoTraces.saveTrace({ - error: getErrorMessage(err), - context: { - tenant: session?.requested?.tenant || oidcConnection?.tenant, - product: session?.requested?.product || oidcConnection?.product, - clientID: session?.requested?.client_id || oidcConnection?.clientID, - providerName: oidcConnection?.oidcProvider?.provider, - acsUrl: session?.requested?.acsUrl, - entityId: session?.requested?.entityId, - redirectUri: redirect_uri, - relayState: RelayState, - isSAMLFederated, - isOIDCFederated, - requestedOIDCFlow: !!session?.requested?.oidc, - oidcIdPRequest: session?.requested?.oidcIdPRequest, - }, - }); - } + await this.ssoTraces.saveTrace({ + error: getErrorMessage(err), + context: { + tenant: session?.requested?.tenant || oidcConnection?.tenant, + product: session?.requested?.product || oidcConnection?.product, + clientID: session?.requested?.client_id || oidcConnection?.clientID, + providerName: oidcConnection?.oidcProvider?.provider, + acsUrl: session?.requested?.acsUrl, + entityId: session?.requested?.entityId, + redirectUri: redirect_uri, + relayState: RelayState, + isSAMLFederated, + isOIDCFederated, + requestedOIDCFlow: !!session?.requested?.oidc, + oidcIdPRequest: session?.requested?.oidcIdPRequest, + }, + }); // Rethrow err and redirect to Jackson error page throw err; @@ -946,35 +934,31 @@ export class OAuthController implements IOAuthController { } catch (err: any) { const { error, error_description, error_uri, session_state, scope, stack } = err; const error_message = error_description || getErrorMessage(err); - let traceId: string | undefined; - - if (!shouldDisableSsoTrace) { - traceId = await this.ssoTraces.saveTrace({ - error: error_message, - context: { - tenant: oidcConnection.tenant, - product: oidcConnection.product, - clientID: oidcConnection.clientID, - providerName: oidcConnection.oidcProvider.provider, - redirectUri: redirect_uri, - relayState: RelayState, - isSAMLFederated, - isOIDCFederated, - acsUrl: session.requested.acsUrl, - entityId: session.requested.entityId, - requestedOIDCFlow: !!session.requested.oidc, - oidcIdPRequest: session?.requested?.oidcIdPRequest, - profile, - error, - error_description, - error_uri, - session_state_from_op_error: session_state, - scope_from_op_error: scope, - stack, - oidcTokenSet: { id_token: tokens?.id_token, access_token: tokens?.access_token }, - }, - }); - } + const traceId = await this.ssoTraces.saveTrace({ + error: error_message, + context: { + tenant: oidcConnection.tenant, + product: oidcConnection.product, + clientID: oidcConnection.clientID, + providerName: oidcConnection.oidcProvider.provider, + redirectUri: redirect_uri, + relayState: RelayState, + isSAMLFederated, + isOIDCFederated, + acsUrl: session.requested.acsUrl, + entityId: session.requested.entityId, + requestedOIDCFlow: !!session.requested.oidc, + oidcIdPRequest: session?.requested?.oidcIdPRequest, + profile, + error, + error_description, + error_uri, + session_state_from_op_error: session_state, + scope_from_op_error: scope, + stack, + oidcTokenSet: { id_token: tokens?.id_token, access_token: tokens?.access_token }, + }, + }); if (isSAMLFederated) { throw err; diff --git a/npm/src/index.ts b/npm/src/index.ts index 19d490ff6..220f4fc64 100644 --- a/npm/src/index.ts +++ b/npm/src/index.ts @@ -92,7 +92,7 @@ export const controllers = async ( const productStore = db.store('product:config'); const tracesStore = db.store('saml:tracer', tracesTTL); - const ssoTraces = new SSOTraces({ tracesStore }); + const ssoTraces = new SSOTraces({ tracesStore, opts }); const eventController = new EventController({ opts }); const productController = new ProductController({ productStore, opts }); diff --git a/npm/src/sso-traces/index.ts b/npm/src/sso-traces/index.ts index fd0e0a57e..cff0c4ec4 100644 --- a/npm/src/sso-traces/index.ts +++ b/npm/src/sso-traces/index.ts @@ -1,4 +1,4 @@ -import { GetByProductParams, Records, Storable } from '../typings'; +import { GetByProductParams, Records, Storable, JacksonOption } from '../typings'; import { generateMnemonic } from '@boxyhq/error-code-mnemonic'; import { IndexNames } from '../controller/utils'; import { keyFromParts } from '../db/utils'; @@ -56,9 +56,11 @@ const INTERVAL_1_DAY_MS = 24 * 60 * 60 * 1000; */ class SSOTraces { tracesStore: Storable; + opts: JacksonOption; - constructor({ tracesStore }) { + constructor({ tracesStore, opts }) { this.tracesStore = tracesStore; + this.opts = opts; // Clean up stale traces at the start this.cleanUpStaleTraces(); // Set timer to run every day @@ -68,6 +70,10 @@ class SSOTraces { } public async saveTrace(payload: SSOTrace) { + if (this.opts.disableSSOTrace) { + return ''; + } + try { const { context } = payload; // Friendly trace id diff --git a/npm/src/typings.ts b/npm/src/typings.ts index e98ae7f07..2e2712029 100644 --- a/npm/src/typings.ts +++ b/npm/src/typings.ts @@ -508,7 +508,7 @@ export interface JacksonOption { projectId: string | undefined; sdkToken: string | undefined; }; - shouldDisableSsoTrace?: boolean; + disableSSOTrace?: boolean; } export interface SLORequestParams { diff --git a/npm/test/sso-traces/tracer.test.ts b/npm/test/sso-traces/tracer.test.ts index d9baa9bc3..36cba6f94 100644 --- a/npm/test/sso-traces/tracer.test.ts +++ b/npm/test/sso-traces/tracer.test.ts @@ -8,9 +8,10 @@ const INTERVAL_1_WEEK_MS = 7 * 24 * 60 * 60 * 1000; tap.before(async () => { const { db: dbOptions } = jacksonOptions; + const opts = jacksonOptions; const db = await DB.new(dbOptions); const tracesStore = db.store('saml:tracer'); - ssoTraces = new SSOTraces({ tracesStore }); + ssoTraces = new SSOTraces({ tracesStore, opts }); }); tap.test('SSOTraces', async () => { From 4f2c47f2818eae5a13c29e5ef256e73ca46f6155 Mon Sep 17 00:00:00 2001 From: Nitendra Bhosle Date: Wed, 18 Dec 2024 20:17:08 +0530 Subject: [PATCH 5/6] Change return value of traceId from empty string to undefined --- npm/src/sso-traces/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npm/src/sso-traces/index.ts b/npm/src/sso-traces/index.ts index cff0c4ec4..b57ffa437 100644 --- a/npm/src/sso-traces/index.ts +++ b/npm/src/sso-traces/index.ts @@ -71,7 +71,7 @@ class SSOTraces { public async saveTrace(payload: SSOTrace) { if (this.opts.disableSSOTrace) { - return ''; + return; } try { From 3b800530cc0f11e9e146d2a639cf68f7f89e9cc0 Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Wed, 18 Dec 2024 20:17:35 +0000 Subject: [PATCH 6/6] revert unnecessary line breaks --- npm/src/controller/oauth.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/npm/src/controller/oauth.ts b/npm/src/controller/oauth.ts index 8e1b632e3..87142fa39 100644 --- a/npm/src/controller/oauth.ts +++ b/npm/src/controller/oauth.ts @@ -708,6 +708,7 @@ export class OAuthController implements IOAuthController { if (session && session.id) { validateOpts['inResponseTo'] = session.id; } + redirect_uri = ((session && session.redirect_uri) as string) || connection.defaultRedirectUrl; } catch (err: unknown) { // Save the error trace @@ -730,7 +731,6 @@ export class OAuthController implements IOAuthController { relayState: RelayState, }, }); - throw err; // Rethrow the error } let profile: SAMLProfile | undefined; @@ -866,7 +866,6 @@ export class OAuthController implements IOAuthController { oidcIdPRequest: session?.requested?.oidcIdPRequest, }, }); - // Rethrow err and redirect to Jackson error page throw err; } @@ -930,6 +929,7 @@ export class OAuthController implements IOAuthController { } await this.sessionStore.delete(RelayState); + return { redirect_url: redirect.success(redirect_uri!, params) }; } catch (err: any) { const { error, error_description, error_uri, session_state, scope, stack } = err; @@ -959,7 +959,6 @@ export class OAuthController implements IOAuthController { oidcTokenSet: { id_token: tokens?.id_token, access_token: tokens?.access_token }, }, }); - if (isSAMLFederated) { throw err; }