Merge pull request #714 from openstad/fix/switch-auth-types

Fix/switch auth types

apps/admin-server/src/pages/projects/[project]/authentication/index.tsx

@@ -91,7 +91,7 @@ export default function ProjectAuthentication() {
 
   async function onSubmit(values: z.infer<typeof formSchema>) {
     try {
-      const project = await updateProject({
+      const updatedConfig = {
         auth: {
           provider: {
             openstad: {
@@ -109,8 +109,12 @@ export default function ProjectAuthentication() {
             }
           }
         }
-      });
-      if (project) {
+      }
+
+      const project = await updateProject(updatedConfig);
+      const doubleSave = await updateProject(updatedConfig);
+
+      if (doubleSave && project) {
         toast.success('Project aangepast!');
       } else {
         toast.error('Er is helaas iets mis gegaan.')

apps/admin-server/src/pages/projects/[project]/settings/alloweddomains.tsx

@@ -57,10 +57,14 @@ export default function ProjectSettingsWidgets() {
     });
 
     try {
-      const project = await updateProject({
+      const newProjectConf = {
         allowedDomains: out
-      });
-      if (project) {
+      };
+
+      const project = await updateProject(newProjectConf);
+      const doubleSave = await updateProject(newProjectConf);
+
+      if (project && doubleSave) {
         toast.success('Project aangepast!');
       } else {
         toast.error('Er is helaas iets mis gegaan.')

apps/api-server/src/routes/api/project.js

@@ -604,17 +604,28 @@ router.route('/:projectId') //(\\d+)
     try {
       let providers = await authSettings.providers({ project });
       const configData = req.body.config?.auth?.provider?.openstad?.config || {};
+      const allowedDomains = req.body.config?.allowedDomains || false;
 
       for (let provider of providers) {
-        if ( Object.keys(configData).length === 0 ) continue;
+        if (
+            Object.keys(configData).length === 0
+            && !(!!allowedDomains && Object.keys(configData).length === 0)
+        ) {
+          continue;
+        }
 
         let authConfig = await authSettings.config({ project, useAuth: provider });
         let adapter = await authSettings.adapter({ authConfig });
+
+        if (!!allowedDomains) {
+          authConfig.allowedDomains = allowedDomains;
+        }
+
         if (adapter.service.updateClient) {
           let merged = merge.recursive({}, authConfig, {config: configData});
           await adapter.service.updateClient({ authConfig: merged, project });
-          delete req.body.config?.auth?.provider?.[authConfig.provider]?.authTypes;
-          delete req.body.config?.auth?.provider?.[authConfig.provider]?.twoFactorRoles;
+          // delete req.body.config?.auth?.provider?.[authConfig.provider]?.authTypes;
+          // delete req.body.config?.auth?.provider?.[authConfig.provider]?.twoFactorRoles;
           delete req.body.config?.auth?.provider?.[authConfig.provider]?.requiredUserFields;
           delete req.body.config?.auth?.provider?.[authConfig.provider]?.config;
         }

apps/auth-server/controllers/auth/url.js

@@ -24,6 +24,7 @@ const setNoCachHeadersMw = (req, res, next) => {
 exports.login = [setNoCachHeadersMw, (req, res) => {
     const config = req.client.config ? req.client.config : {};
     const configAuthType = config.authTypes && config.authTypes[authType] ? config.authTypes[authType] : {};
+    const priviligedRoute = (req.query && req.query.priviligedRoute && req.query.priviligedRoute === 'admin') || false;
 
     res.render('auth/url/login', {
         clientId: req.query.clientId,
@@ -34,6 +35,7 @@ exports.login = [setNoCachHeadersMw, (req, res) => {
         label: configAuthType && configAuthType.label ? configAuthType.label : false,
         helpText: configAuthType && configAuthType.helpText ? configAuthType.helpText : false,
         buttonText: configAuthType && configAuthType.buttonText ? configAuthType.buttonText : false,
+        isPriviligedRoute: priviligedRoute
     });
 }];
 
@@ -75,24 +77,35 @@ exports.register = (req, res, next) => {
 }
 
 const handleSending = async (req, res, next) => {
-    try {
-        const ispriviligedRoute = req.params.priviligedRoute === 'admin';
+    let isPriviligedRoute = req.params.priviligedRoute === 'admin';
+
+    if ( !isPriviligedRoute ) {
+        isPriviligedRoute = req?.query?.priviligedRoute === 'admin' || false;
+    }
 
-        if (ispriviligedRoute) {
-            req.user = await authService.validatePrivilegeUser(req.body.email,  req.client.id);
+    try {
+        if (isPriviligedRoute) {
+            req.user = await authService.validatePrivilegeUser(req.body.email, req.client.id);
         }
 
         await verificationService.sendVerification(req.user, req.client, req.redirectUrl);
 
-        req.flash('success', {msg: 'De e-mail is verstuurd naar: ' + req.user.email});
+        req.flash('success', { msg: 'De e-mail is verstuurd naar: ' + req.user.email });
 
         res.redirect('/auth/url/confirmation?clientId=' + req.client.clientId + '&redirect_uri=' + req.redirectUrl || '/login?clientId=' + req.client.clientId + '&redirect_uri=' + req.redirectUrl);
     } catch (err) {
         console.log('e-mail error', err);
-        req.flash('error', {msg: 'Het is niet gelukt om de e-mail te versturen!'});
-        res.redirect('/auth/url/login?clientId=' + req.client.clientId + '&redirect_uri=' + req.redirectUrl);
+        req.flash('error', { msg: 'Het is niet gelukt om de e-mail te versturen!' });
+
+        let redirectUrl = '/auth/url/login?clientId=' + req.client.clientId + '&redirect_uri=' + req.redirectUrl;
+
+        if (isPriviligedRoute) {
+            redirectUrl += '&priviligedRoute=admin';
+        }
+
+        res.redirect(redirectUrl);
     }
-}
+};
 
 //Todo: move these methods to the user service
 const createUser = async (email) => {

apps/auth-server/middleware/client.js

@@ -106,7 +106,11 @@ exports.validate = (req, res, next) => {
 
   const allowedType = authTypes && authTypes.length > 0 ? authTypes.find(option => option.key === req.authType) : false;
 
-  const isPriviligedRoute = req.params.priviligedRoute === 'admin';
+  let isPriviligedRoute = req.params.priviligedRoute === 'admin';
+
+  if ( !isPriviligedRoute ) {
+    isPriviligedRoute = req?.query?.priviligedRoute === 'admin' || false;
+  }
 
   /**
    * Check if any login options are defined for the client, otherwise error!

apps/auth-server/views/auth/choose.html

@@ -11,7 +11,7 @@ <h1>Hoe wil je inloggen?</h1>
 			{% include 'elements/error-flash.html' %}
 
       {% for authType in authTypes %}
-        <a href="{{authType.loginUrl}}?clientId={{clientId}}&redirect_uri={{redirect_uri}}" class="btn btn-primary">
+				<a href="{{authType.loginUrl}}?clientId={{clientId}}&redirect_uri={{redirect_uri}}{% if isPriviligedRoute %}&priviligedRoute=admin{% endif %}" class="btn btn-primary">
           {{authType.label}}
         </a>
 				<hr />

apps/auth-server/views/auth/url/login.html

@@ -21,7 +21,7 @@ <h1 class="">
 	  </p>
 		<form
 		method="post"
-		action="{{loginUrl}}?&clientId={{clientId}}&redirect_uri={{redirectUrl}}"
+		action="{{loginUrl}}?&clientId={{clientId}}&redirect_uri={{redirectUrl}}{% if isPriviligedRoute %}&priviligedRoute=admin{% endif %}"
 		class="validate-form"
 		>
 			<div class="form-group">
@@ -45,6 +45,10 @@ <h1 class="">
 			<input type="hidden" name="_csrf" value="{{csrfToken}}">
 			<input type="hidden" name="clientId" value="{{clientId}}">
 
+			{% if isPriviligedRoute %}
+			<input type="hidden" name="priviligedRoute" value="admin">
+			{% endif %}
+
 			<input type="submit" value="{{ buttonText if buttonText else 'Stuur link' }}" class="btn btn-primary">
 		</form>
 	</div>