feat: automatically provisioning users should be working

server/actions/sso.js

@@ -34,7 +34,7 @@ export function validateSAMLResponse(samlResp, certificate) {
   const certificateElement = xml.getElementsByTagName("ds:X509Certificate")[0];
   const certificateStr = certificateElement.textContent.replace(/\s/g, "");
   if (certificateStr !== certificate)
-    return { error: "Could verify authenticity of response" };
+    return { error: "Could not verify authenticity of response" };
 
   const statusElement = xml.getElementsByTagName("saml2p:StatusCode")[0];
   const statusStr = statusElement.getAttribute("Value");
@@ -44,14 +44,17 @@ export function validateSAMLResponse(samlResp, certificate) {
   const attributes = xml.getElementsByTagName("saml2:Attribute");
   let userId;
   let permissionLevel;
+  let username;
   for (let attribute of attributes) {
     if (attribute.getAttribute("Name") === "userId")
       userId = attribute.textContent.trim();
     if (attribute.getAttribute("Name") === "NetlifyPermissionLevel")
       permissionLevel = attribute.textContent.trim();
+    if (attribute.getAttribute("Name") ===  "username")
+      username = attribute.textContent.trim();
   }
 
   if (!userId) return { error: "Could not find user ID" };
 
-  return { userId, permissionLevel };
+  return { userId, permissionLevel, username };
 }

server/mongodb/actions/User.js

@@ -26,7 +26,8 @@ export async function login({ username, password }) {
   };
 }
 
-export async function signUp({ username, password, isAdmin, salesforceUserId }) {
+export const signUp = async ( username, password, isAdmin, salesforceUserId ) => {
+  console.log(username);
   if (username == null) {
     throw new Error("All parameters must be provided!");
   }
@@ -86,18 +87,18 @@ export const getUserFromId = async (id) => {
   }
 };
 
-export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLevel) => {
+export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLevel, username) => {
   await mongoDB();
   try {
     let user;
     user = await User.findOne({ salesforceUserId });
     if (!user) {
       // We create the user only if they have the correct NetlifyPermissionLevel
       if (permissionLevel == "General") {
-        user = await signUp("Salesforce User", null, false, salesforceUserId);
+        user = await signUp(username, undefined, false, salesforceUserId);
       }
       else if (permissionLevel == "Administrator") {
-        user = await signUp("Salesforce User", null, true, salesforceUserId);
+        user = await signUp(username, undefined, true, salesforceUserId);
       }else {
         return null;
       }
@@ -108,6 +109,7 @@ export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLe
       isAdmin: user.isAdmin,
     };
   } catch (e) {
+    console.log(e);
     throw new Error("Invalid token!");
   }
 };

src/pages/api/user/sso/callback.js

@@ -15,10 +15,10 @@ if (!SALESFORCE_CERTIFICATE && process.env["NODE_ENV"] === "production")
 // @access  Public
 const handler = async (req, res) => {
   const { SAMLResponse: encodedSAMLResp } = req.body;
-
   let result;
+  let val = Buffer.from(encodedSAMLResp, 'utf-8');
   try {
-    const decodedSAMLResp = decodeSAMLResponse(encodedSAMLResp);
+    const decodedSAMLResp = decodeSAMLResponse(val);
     result = validateSAMLResponse(decodedSAMLResp, SALESFORCE_CERTIFICATE);
   } catch (e) {
     console.error(e);
@@ -32,7 +32,7 @@ const handler = async (req, res) => {
     });
   }
 
-  const user = await getUserFromSalesforceUserId(result.userId, result.permissionLevel);
+  const user = await getUserFromSalesforceUserId(result.userId, result.permissionLevel, result.username);
   if (!user)
     return res.status(404).json({
       success: result.permissionLevel,