diff --git a/server/actions/sso.js b/server/actions/sso.js index c9dc460..9457cdf 100644 --- a/server/actions/sso.js +++ b/server/actions/sso.js @@ -34,7 +34,7 @@ export function validateSAMLResponse(samlResp, certificate) { const certificateElement = xml.getElementsByTagName("ds:X509Certificate")[0]; const certificateStr = certificateElement.textContent.replace(/\s/g, ""); if (certificateStr !== certificate) - return { error: "Could verify authenticity of response" }; + return { error: "Could not verify authenticity of response" }; const statusElement = xml.getElementsByTagName("saml2p:StatusCode")[0]; const statusStr = statusElement.getAttribute("Value"); @@ -44,14 +44,17 @@ export function validateSAMLResponse(samlResp, certificate) { const attributes = xml.getElementsByTagName("saml2:Attribute"); let userId; let permissionLevel; + let username; for (let attribute of attributes) { if (attribute.getAttribute("Name") === "userId") userId = attribute.textContent.trim(); if (attribute.getAttribute("Name") === "NetlifyPermissionLevel") permissionLevel = attribute.textContent.trim(); + if (attribute.getAttribute("Name") === "username") + username = attribute.textContent.trim(); } if (!userId) return { error: "Could not find user ID" }; - return { userId, permissionLevel }; + return { userId, permissionLevel, username }; } diff --git a/server/mongodb/actions/User.js b/server/mongodb/actions/User.js index 064a4ad..57301bf 100644 --- a/server/mongodb/actions/User.js +++ b/server/mongodb/actions/User.js @@ -26,7 +26,8 @@ export async function login({ username, password }) { }; } -export async function signUp({ username, password, isAdmin, salesforceUserId }) { +export const signUp = async ( username, password, isAdmin, salesforceUserId ) => { + console.log(username); if (username == null) { throw new Error("All parameters must be provided!"); } @@ -86,7 +87,7 @@ export const getUserFromId = async (id) => { } }; -export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLevel) => { +export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLevel, username) => { await mongoDB(); try { let user; @@ -94,10 +95,10 @@ export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLe if (!user) { // We create the user only if they have the correct NetlifyPermissionLevel if (permissionLevel == "General") { - user = await signUp("Salesforce User", null, false, salesforceUserId); + user = await signUp(username, undefined, false, salesforceUserId); } else if (permissionLevel == "Administrator") { - user = await signUp("Salesforce User", null, true, salesforceUserId); + user = await signUp(username, undefined, true, salesforceUserId); }else { return null; } @@ -108,6 +109,7 @@ export const getUserFromSalesforceUserId = async (salesforceUserId, permissionLe isAdmin: user.isAdmin, }; } catch (e) { + console.log(e); throw new Error("Invalid token!"); } }; diff --git a/src/pages/api/user/sso/callback.js b/src/pages/api/user/sso/callback.js index e0ccb19..f5c4406 100644 --- a/src/pages/api/user/sso/callback.js +++ b/src/pages/api/user/sso/callback.js @@ -15,10 +15,10 @@ if (!SALESFORCE_CERTIFICATE && process.env["NODE_ENV"] === "production") // @access Public const handler = async (req, res) => { const { SAMLResponse: encodedSAMLResp } = req.body; - let result; + let val = Buffer.from(encodedSAMLResp, 'utf-8'); try { - const decodedSAMLResp = decodeSAMLResponse(encodedSAMLResp); + const decodedSAMLResp = decodeSAMLResponse(val); result = validateSAMLResponse(decodedSAMLResp, SALESFORCE_CERTIFICATE); } catch (e) { console.error(e); @@ -32,7 +32,7 @@ const handler = async (req, res) => { }); } - const user = await getUserFromSalesforceUserId(result.userId, result.permissionLevel); + const user = await getUserFromSalesforceUserId(result.userId, result.permissionLevel, result.username); if (!user) return res.status(404).json({ success: result.permissionLevel,