Merge pull request #2054 from automatisch/aut-1224

Split UpsertSamlAuthProvider mutation into two endpoints

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.js

@@ -0,0 +1,43 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import SamlAuthProvider from '../../../../../models/saml-auth-provider.ee.js';
+
+export default async (request, response) => {
+  const samlAuthProvider = await SamlAuthProvider.query().insert(
+    samlAuthProviderParams(request)
+  );
+
+  renderObject(response, samlAuthProvider, {
+    serializer: 'AdminSamlAuthProvider',
+    status: 201,
+  });
+};
+
+const samlAuthProviderParams = (request) => {
+  const {
+    name,
+    certificate,
+    signatureAlgorithm,
+    issuer,
+    entryPoint,
+    firstnameAttributeName,
+    surnameAttributeName,
+    emailAttributeName,
+    roleAttributeName,
+    defaultRoleId,
+    active,
+  } = request.body;
+
+  return {
+    name,
+    certificate,
+    signatureAlgorithm,
+    issuer,
+    entryPoint,
+    firstnameAttributeName,
+    surnameAttributeName,
+    emailAttributeName,
+    roleAttributeName,
+    defaultRoleId,
+    active,
+  };
+};

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.test.js

@@ -0,0 +1,78 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import createSamlAuthProviderMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('POST /api/v1/admin/saml-auth-provider', () => {
+  let currentUser, token, role;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    role = await createRole({ key: 'admin' });
+    currentUser = await createUser({ roleId: role.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return the created saml auth provider', async () => {
+    const samlAuthProviderPayload = {
+      active: true,
+      name: 'Name',
+      issuer: 'theclientid',
+      certificate: 'dummycert',
+      entryPoint: 'http://localhost:8080/realms/automatisch/protocol/saml',
+      signatureAlgorithm: 'sha256',
+      defaultRoleId: role.id,
+      firstnameAttributeName: 'urn:oid:2.5.4.42',
+      surnameAttributeName: 'urn:oid:2.5.4.4',
+      emailAttributeName: 'urn:oid:1.2.840.113549.1.9.1',
+      roleAttributeName: 'Role',
+    };
+
+    const response = await request(app)
+      .post('/api/v1/admin/saml-auth-providers')
+      .set('Authorization', token)
+      .send(samlAuthProviderPayload)
+      .expect(201);
+
+    const expectedPayload = await createSamlAuthProviderMock({
+      id: response.body.data.id,
+      ...samlAuthProviderPayload,
+    });
+
+    expect(response.body).toStrictEqual(expectedPayload);
+  });
+
+  it('should return unprocessable entity response for invalid data', async () => {
+    const response = await request(app)
+      .post('/api/v1/admin/saml-auth-providers')
+      .set('Authorization', token)
+      .send({
+        active: true,
+        name: 'Name',
+        issuer: 'theclientid',
+        signatureAlgorithm: 'invalid',
+        firstnameAttributeName: 'urn:oid:2.5.4.42',
+        surnameAttributeName: 'urn:oid:2.5.4.4',
+        emailAttributeName: 'urn:oid:1.2.840.113549.1.9.1',
+        roleAttributeName: 123,
+      })
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        certificate: ["must have required property 'certificate'"],
+        entryPoint: ["must have required property 'entryPoint'"],
+        defaultRoleId: ["must have required property 'defaultRoleId'"],
+        signatureAlgorithm: ['must be equal to one of the allowed values'],
+        roleAttributeName: ['must be string'],
+      },
+      meta: { type: 'ModelValidation' },
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-saml-auth-provider.ee.js

@@ -0,0 +1,45 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import SamlAuthProvider from '../../../../../models/saml-auth-provider.ee.js';
+
+export default async (request, response) => {
+  const samlAuthProvider = await SamlAuthProvider.query()
+    .patchAndFetchById(
+      request.params.samlAuthProviderId,
+      samlAuthProviderParams(request)
+    )
+    .throwIfNotFound();
+
+  renderObject(response, samlAuthProvider, {
+    serializer: 'AdminSamlAuthProvider',
+  });
+};
+
+const samlAuthProviderParams = (request) => {
+  const {
+    name,
+    certificate,
+    signatureAlgorithm,
+    issuer,
+    entryPoint,
+    firstnameAttributeName,
+    surnameAttributeName,
+    emailAttributeName,
+    roleAttributeName,
+    defaultRoleId,
+    active,
+  } = request.body;
+
+  return {
+    name,
+    certificate,
+    signatureAlgorithm,
+    issuer,
+    entryPoint,
+    firstnameAttributeName,
+    surnameAttributeName,
+    emailAttributeName,
+    roleAttributeName,
+    defaultRoleId,
+    active,
+  };
+};

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-saml-auth-provider.ee.test.js

@@ -0,0 +1,119 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import Crypto from 'crypto';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
+import createSamlAuthProviderMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('PATCH /api/v1/admin/saml-auth-provider/:samlAuthProviderId', () => {
+  let currentUser, token, role;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    role = await createRole({ key: 'admin' });
+    currentUser = await createUser({ roleId: role.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return the updated saml auth provider', async () => {
+    const samlAuthProviderPayload = {
+      active: true,
+      name: 'Name',
+      issuer: 'theclientid',
+      certificate: 'dummycert',
+      entryPoint: 'http://localhost:8080/realms/automatisch/protocol/saml',
+      signatureAlgorithm: 'sha256',
+      defaultRoleId: role.id,
+      firstnameAttributeName: 'urn:oid:2.5.4.42',
+      surnameAttributeName: 'urn:oid:2.5.4.4',
+      emailAttributeName: 'urn:oid:1.2.840.113549.1.9.1',
+      roleAttributeName: 'Role',
+    };
+
+    const samlAuthProvider = await createSamlAuthProvider(
+      samlAuthProviderPayload
+    );
+
+    const response = await request(app)
+      .patch(`/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}`)
+      .set('Authorization', token)
+      .send({
+        active: false,
+        name: 'Archived',
+      })
+      .expect(200);
+
+    const refetchedSamlAuthProvider = await samlAuthProvider.$query();
+
+    const expectedPayload = await createSamlAuthProviderMock({
+      ...refetchedSamlAuthProvider,
+      name: 'Archived',
+      active: false,
+    });
+
+    expect(response.body).toStrictEqual(expectedPayload);
+  });
+
+  it('should return unprocessable entity response for invalid data', async () => {
+    const samlAuthProviderPayload = {
+      active: true,
+      name: 'Name',
+      issuer: 'theclientid',
+      certificate: 'dummycert',
+      entryPoint: 'http://localhost:8080/realms/automatisch/protocol/saml',
+      signatureAlgorithm: 'sha256',
+      defaultRoleId: role.id,
+      firstnameAttributeName: 'urn:oid:2.5.4.42',
+      surnameAttributeName: 'urn:oid:2.5.4.4',
+      emailAttributeName: 'urn:oid:1.2.840.113549.1.9.1',
+      roleAttributeName: 'Role',
+    };
+
+    const samlAuthProvider = await createSamlAuthProvider(
+      samlAuthProviderPayload
+    );
+
+    const response = await request(app)
+      .patch(`/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}`)
+      .set('Authorization', token)
+      .send({
+        active: 'true',
+        name: 123,
+        roleAttributeName: 123,
+      })
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        name: ['must be string'],
+        active: ['must be boolean'],
+        roleAttributeName: ['must be string'],
+      },
+      meta: { type: 'ModelValidation' },
+    });
+  });
+
+  it('should return not found response for not existing SAML auth provider UUID', async () => {
+    const notExistingSamlAuthProviderUUID = Crypto.randomUUID();
+
+    await request(app)
+      .patch(
+        `/api/v1/admin/saml-auth-providers/${notExistingSamlAuthProviderUUID}`
+      )
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return bad request response for invalid UUID', async () => {
+    await request(app)
+      .patch('/api/v1/admin/saml-auth-providers/invalidSamlAuthProviderUUID')
+      .set('Authorization', token)
+      .expect(400);
+  });
+});

packages/backend/src/graphql/mutation-resolvers.js

@@ -14,7 +14,6 @@ import updateCurrentUser from './mutations/update-current-user.js';
 import updateFlowStatus from './mutations/update-flow-status.js';
 import updateRole from './mutations/update-role.ee.js';
 import updateStep from './mutations/update-step.js';
-import upsertSamlAuthProvider from './mutations/upsert-saml-auth-provider.ee.js';
 import upsertSamlAuthProvidersRoleMappings from './mutations/upsert-saml-auth-providers-role-mappings.ee.js';
 
 // Converted mutations
@@ -45,7 +44,6 @@ const mutationResolvers = {
   updateRole,
   updateStep,
   updateUser,
-  upsertSamlAuthProvider,
   upsertSamlAuthProvidersRoleMappings,
   verifyConnection,
 };

packages/backend/src/graphql/mutations/upsert-saml-auth-provider.ee.js

@@ -1,30 +0,0 @@
-import SamlAuthProvider from '../../models/saml-auth-provider.ee.js';
-
-const upsertSamlAuthProvider = async (_parent, params, context) => {
-  context.currentUser.can('create', 'SamlAuthProvider');
-
-  const samlAuthProviderPayload = {
-    ...params.input,
-  };
-
-  const existingSamlAuthProvider = await SamlAuthProvider.query()
-    .limit(1)
-    .first();
-
-  if (!existingSamlAuthProvider) {
-    const samlAuthProvider = await SamlAuthProvider.query().insert(
-      samlAuthProviderPayload
-    );
-
-    return samlAuthProvider;
-  }
-
-  const samlAuthProvider = await SamlAuthProvider.query().patchAndFetchById(
-    existingSamlAuthProvider.id,
-    samlAuthProviderPayload
-  );
-
-  return samlAuthProvider;
-};
-
-export default upsertSamlAuthProvider;

packages/backend/src/graphql/schema.graphql

@@ -22,7 +22,6 @@ type Mutation {
   updateRole(input: UpdateRoleInput): Role
   updateStep(input: UpdateStepInput): Step
   updateUser(input: UpdateUserInput): User
-  upsertSamlAuthProvider(input: UpsertSamlAuthProviderInput): SamlAuthProvider
   upsertSamlAuthProvidersRoleMappings(
     input: UpsertSamlAuthProvidersRoleMappingsInput
   ): [SamlAuthProvidersRoleMapping]
@@ -219,21 +218,6 @@ type Flow {
   status: FlowStatus
 }
 
-type SamlAuthProvider {
-  id: String
-  name: String
-  certificate: String
-  signatureAlgorithm: String
-  issuer: String
-  entryPoint: String
-  firstnameAttributeName: String
-  surnameAttributeName: String
-  emailAttributeName: String
-  roleAttributeName: String
-  active: Boolean
-  defaultRoleId: String
-}
-
 type SamlAuthProvidersRoleMapping {
   id: String
   samlAuthProviderId: String
@@ -265,20 +249,6 @@ input VerifyConnectionInput {
   id: String!
 }
 
-input UpsertSamlAuthProviderInput {
-  name: String!
-  certificate: String!
-  signatureAlgorithm: String!
-  issuer: String!
-  entryPoint: String!
-  firstnameAttributeName: String!
-  surnameAttributeName: String!
-  emailAttributeName: String!
-  roleAttributeName: String!
-  defaultRoleId: String!
-  active: Boolean!
-}
-
 input UpsertSamlAuthProvidersRoleMappingsInput {
   samlAuthProviderId: String!
   samlAuthProvidersRoleMappings: [SamlAuthProviderRoleMappingInput]

packages/backend/src/routes/api/v1/admin/saml-auth-providers.ee.js

@@ -2,6 +2,8 @@ import { Router } from 'express';
 import { authenticateUser } from '../../../../helpers/authentication.js';
 import { authorizeAdmin } from '../../../../helpers/authorization.js';
 import { checkIsEnterprise } from '../../../../helpers/check-is-enterprise.js';
+import createSamlAuthProviderAction from '../../../../controllers/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.js';
+import updateSamlAuthProviderAction from '../../../../controllers/api/v1/admin/saml-auth-providers/update-saml-auth-provider.ee.js';
 import getSamlAuthProvidersAction from '../../../../controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.js';
 import getSamlAuthProviderAction from '../../../../controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.js';
 import getRoleMappingsAction from '../../../../controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js';
@@ -16,6 +18,14 @@ router.get(
   getSamlAuthProvidersAction
 );
 
+router.post(
+  '/',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  createSamlAuthProviderAction
+);
+
 router.get(
   '/:samlAuthProviderId',
   authenticateUser,
@@ -32,4 +42,12 @@ router.get(
   getRoleMappingsAction
 );
 
+router.patch(
+  '/:samlAuthProviderId',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  updateSamlAuthProviderAction
+);
+
 export default router;