From 4ee9375a8d441c7bc453a615e047d43b73713282 Mon Sep 17 00:00:00 2001 From: = Date: Wed, 22 Jan 2025 20:43:28 +0530 Subject: [PATCH 1/4] fix: resolved min and max ttl to be zero --- .../routes/v1/identity-aws-iam-auth-router.ts | 19 ++---------- .../routes/v1/identity-azure-auth-router.ts | 13 ++------ .../routes/v1/identity-gcp-auth-router.ts | 19 ++---------- .../routes/v1/identity-jwt-auth-router.ts | 30 +++---------------- .../v1/identity-kubernetes-auth-router.ts | 13 ++------ .../routes/v1/identity-oidc-auth-router.ts | 19 +++--------- .../routes/v1/identity-token-auth-router.ts | 13 ++------ .../v1/identity-universal-auth-router.ts | 13 ++------ .../identity-aws-auth-service.ts | 12 ++++---- .../identity-azure-auth-service.ts | 12 ++++---- .../identity-gcp-auth-service.ts | 12 ++++---- .../identity-jwt-auth-service.ts | 12 ++++---- .../identity-kubernetes-auth-service.ts | 12 ++++---- .../identity-oidc-auth-service.ts | 12 ++++---- .../identity-token-auth-service.ts | 12 ++++---- .../identity-ua/identity-ua-service.ts | 12 ++++---- 16 files changed, 74 insertions(+), 161 deletions(-) diff --git a/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts b/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts index 9199c21f14..f39f6d031a 100644 --- a/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts +++ b/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts @@ -99,20 +99,15 @@ export const registerIdentityAwsAuthRouter = async (server: FastifyZodProvider) accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(AWS_AUTH.ATTACH.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(1) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(AWS_AUTH.ATTACH.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(AWS_AUTH.ATTACH.accessTokenNumUsesLimit) @@ -186,15 +181,7 @@ export const registerIdentityAwsAuthRouter = async (server: FastifyZodProvider) .describe(AWS_AUTH.UPDATE.accessTokenTrustedIps), accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(AWS_AUTH.UPDATE.accessTokenTTL), accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(AWS_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z - .number() - .int() - .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) - .optional() - .describe(AWS_AUTH.UPDATE.accessTokenMaxTTL) + accessTokenMaxTTL: z.number().int().max(315360000).min(0).optional().describe(AWS_AUTH.UPDATE.accessTokenMaxTTL) }), response: { 200: z.object({ diff --git a/backend/src/server/routes/v1/identity-azure-auth-router.ts b/backend/src/server/routes/v1/identity-azure-auth-router.ts index 6aee4504f5..21cc0cde62 100644 --- a/backend/src/server/routes/v1/identity-azure-auth-router.ts +++ b/backend/src/server/routes/v1/identity-azure-auth-router.ts @@ -91,20 +91,15 @@ export const registerIdentityAzureAuthRouter = async (server: FastifyZodProvider accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(AZURE_AUTH.ATTACH.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(AZURE_AUTH.ATTACH.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(AZURE_AUTH.ATTACH.accessTokenNumUsesLimit) @@ -183,9 +178,7 @@ export const registerIdentityAzureAuthRouter = async (server: FastifyZodProvider .number() .int() .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) + .min(0) .optional() .describe(AZURE_AUTH.UPDATE.accessTokenMaxTTL) }), diff --git a/backend/src/server/routes/v1/identity-gcp-auth-router.ts b/backend/src/server/routes/v1/identity-gcp-auth-router.ts index 88c5af45fa..c5fedb5877 100644 --- a/backend/src/server/routes/v1/identity-gcp-auth-router.ts +++ b/backend/src/server/routes/v1/identity-gcp-auth-router.ts @@ -90,20 +90,15 @@ export const registerIdentityGcpAuthRouter = async (server: FastifyZodProvider) accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(GCP_AUTH.ATTACH.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(GCP_AUTH.ATTACH.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(GCP_AUTH.ATTACH.accessTokenNumUsesLimit) @@ -179,15 +174,7 @@ export const registerIdentityGcpAuthRouter = async (server: FastifyZodProvider) .describe(GCP_AUTH.UPDATE.accessTokenTrustedIps), accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(GCP_AUTH.UPDATE.accessTokenTTL), accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(GCP_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z - .number() - .int() - .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) - .optional() - .describe(GCP_AUTH.UPDATE.accessTokenMaxTTL) + accessTokenMaxTTL: z.number().int().min(0).max(315360000).optional().describe(GCP_AUTH.UPDATE.accessTokenMaxTTL) }), response: { 200: z.object({ diff --git a/backend/src/server/routes/v1/identity-jwt-auth-router.ts b/backend/src/server/routes/v1/identity-jwt-auth-router.ts index d60bb969da..2950fc72da 100644 --- a/backend/src/server/routes/v1/identity-jwt-auth-router.ts +++ b/backend/src/server/routes/v1/identity-jwt-auth-router.ts @@ -34,23 +34,12 @@ const CreateBaseSchema = z.object({ .min(1) .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) .describe(JWT_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(1) - .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) - .default(2592000) - .describe(JWT_AUTH.ATTACH.accessTokenTTL), + accessTokenTTL: z.number().int().min(0).max(315360000).default(2592000).describe(JWT_AUTH.ATTACH.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(JWT_AUTH.ATTACH.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(JWT_AUTH.ATTACH.accessTokenNumUsesLimit) @@ -70,23 +59,12 @@ const UpdateBaseSchema = z .min(1) .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) .describe(JWT_AUTH.UPDATE.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(1) - .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) - .default(2592000) - .describe(JWT_AUTH.UPDATE.accessTokenTTL), + accessTokenTTL: z.number().int().min(0).max(315360000).default(2592000).describe(JWT_AUTH.UPDATE.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(JWT_AUTH.UPDATE.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(JWT_AUTH.UPDATE.accessTokenNumUsesLimit) diff --git a/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts b/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts index 3a71ba7a24..a5e5dcc3a7 100644 --- a/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts +++ b/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts @@ -105,20 +105,15 @@ export const registerIdentityKubernetesRouter = async (server: FastifyZodProvide accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(KUBERNETES_AUTH.ATTACH.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(KUBERNETES_AUTH.ATTACH.accessTokenMaxTTL), accessTokenNumUsesLimit: z @@ -214,10 +209,8 @@ export const registerIdentityKubernetesRouter = async (server: FastifyZodProvide accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .optional() .describe(KUBERNETES_AUTH.UPDATE.accessTokenMaxTTL) }), diff --git a/backend/src/server/routes/v1/identity-oidc-auth-router.ts b/backend/src/server/routes/v1/identity-oidc-auth-router.ts index 280dbc5d5d..ddb2453992 100644 --- a/backend/src/server/routes/v1/identity-oidc-auth-router.ts +++ b/backend/src/server/routes/v1/identity-oidc-auth-router.ts @@ -105,20 +105,15 @@ export const registerIdentityOidcAuthRouter = async (server: FastifyZodProvider) accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(OIDC_AUTH.ATTACH.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(OIDC_AUTH.ATTACH.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(OIDC_AUTH.ATTACH.accessTokenNumUsesLimit) @@ -202,23 +197,17 @@ export const registerIdentityOidcAuthRouter = async (server: FastifyZodProvider) accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(OIDC_AUTH.UPDATE.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(OIDC_AUTH.UPDATE.accessTokenMaxTTL), - accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(OIDC_AUTH.UPDATE.accessTokenNumUsesLimit) }) .partial(), diff --git a/backend/src/server/routes/v1/identity-token-auth-router.ts b/backend/src/server/routes/v1/identity-token-auth-router.ts index f367e60334..bc810d8eef 100644 --- a/backend/src/server/routes/v1/identity-token-auth-router.ts +++ b/backend/src/server/routes/v1/identity-token-auth-router.ts @@ -38,20 +38,15 @@ export const registerIdentityTokenAuthRouter = async (server: FastifyZodProvider accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(TOKEN_AUTH.ATTACH.accessTokenTTL), accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(TOKEN_AUTH.ATTACH.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(TOKEN_AUTH.ATTACH.accessTokenNumUsesLimit) @@ -124,10 +119,8 @@ export const registerIdentityTokenAuthRouter = async (server: FastifyZodProvider accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .optional() .describe(TOKEN_AUTH.UPDATE.accessTokenMaxTTL) }), diff --git a/backend/src/server/routes/v1/identity-universal-auth-router.ts b/backend/src/server/routes/v1/identity-universal-auth-router.ts index f103a39e0c..e295f6ea31 100644 --- a/backend/src/server/routes/v1/identity-universal-auth-router.ts +++ b/backend/src/server/routes/v1/identity-universal-auth-router.ts @@ -106,20 +106,15 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => { accessTokenTTL: z .number() .int() - .min(1) + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenTTL must have a non zero number" - }) .default(2592000) .describe(UNIVERSAL_AUTH.ATTACH.accessTokenTTL), // 30 days accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .default(2592000) .describe(UNIVERSAL_AUTH.ATTACH.accessTokenMaxTTL), // 30 days accessTokenNumUsesLimit: z @@ -214,10 +209,8 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => { accessTokenMaxTTL: z .number() .int() + .min(0) .max(315360000) - .refine((value) => value !== 0, { - message: "accessTokenMaxTTL must have a non zero number" - }) .optional() .describe(UNIVERSAL_AUTH.UPDATE.accessTokenMaxTTL) }), diff --git a/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts b/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts index 9f791fd74e..7a80938b05 100644 --- a/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts +++ b/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts @@ -126,12 +126,12 @@ export const identityAwsAuthServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityAwsAuth, identityAccessToken, identityMembershipOrg }; diff --git a/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts b/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts index 6275aa0faf..5dca4509dd 100644 --- a/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts +++ b/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts @@ -99,12 +99,12 @@ export const identityAzureAuthServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityAzureAuth, identityAccessToken, identityMembershipOrg }; diff --git a/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts b/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts index a81b0cd017..277cf73e8a 100644 --- a/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts +++ b/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts @@ -138,12 +138,12 @@ export const identityGcpAuthServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityGcpAuth, identityAccessToken, identityMembershipOrg }; diff --git a/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts b/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts index 5f8fc5ff6c..a48ce4664c 100644 --- a/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts +++ b/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts @@ -212,12 +212,12 @@ export const identityJwtAuthServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityJwtAuth, identityAccessToken, identityMembershipOrg }; diff --git a/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts b/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts index b62f3e8f53..9d3a2a72a0 100644 --- a/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts +++ b/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts @@ -229,12 +229,12 @@ export const identityKubernetesAuthServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityKubernetesAuth, identityAccessToken, identityMembershipOrg }; diff --git a/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts b/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts index dc3b1baa3f..a0c1a7d92c 100644 --- a/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts +++ b/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts @@ -194,12 +194,12 @@ export const identityOidcAuthServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityOidcAuth, identityAccessToken, identityMembershipOrg }; diff --git a/backend/src/services/identity-token-auth/identity-token-auth-service.ts b/backend/src/services/identity-token-auth/identity-token-auth-service.ts index 847030d762..aeb1faf127 100644 --- a/backend/src/services/identity-token-auth/identity-token-auth-service.ts +++ b/backend/src/services/identity-token-auth/identity-token-auth-service.ts @@ -328,12 +328,12 @@ export const identityTokenAuthServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityTokenAuth, identityAccessToken, identityMembershipOrg }; diff --git a/backend/src/services/identity-ua/identity-ua-service.ts b/backend/src/services/identity-ua/identity-ua-service.ts index b456c16477..b244656b60 100644 --- a/backend/src/services/identity-ua/identity-ua-service.ts +++ b/backend/src/services/identity-ua/identity-ua-service.ts @@ -129,12 +129,12 @@ export const identityUaServiceFactory = ({ authTokenType: AuthTokenType.IDENTITY_ACCESS_TOKEN } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, - { - expiresIn: - Number(identityAccessToken.accessTokenMaxTTL) === 0 - ? undefined - : Number(identityAccessToken.accessTokenMaxTTL) - } + // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error + Number(identityAccessToken.accessTokenMaxTTL) === 0 + ? undefined + : { + expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + } ); return { accessToken, identityUa, validClientSecretInfo, identityAccessToken, identityMembershipOrg }; From 811dc8dd7566177d68536d6237ad7c6678205603 Mon Sep 17 00:00:00 2001 From: = Date: Tue, 28 Jan 2025 01:37:34 +0530 Subject: [PATCH 2/4] fix: changed accessTokenMaxTTL in expireAt to accessTokenTTL --- .../services/identity-aws-auth/identity-aws-auth-service.ts | 4 ++-- .../identity-azure-auth/identity-azure-auth-service.ts | 4 ++-- .../services/identity-gcp-auth/identity-gcp-auth-service.ts | 4 ++-- .../services/identity-jwt-auth/identity-jwt-auth-service.ts | 4 ++-- .../identity-kubernetes-auth-service.ts | 4 ++-- .../services/identity-oidc-auth/identity-oidc-auth-service.ts | 4 ++-- .../identity-token-auth/identity-token-auth-service.ts | 4 ++-- backend/src/services/identity-ua/identity-ua-service.ts | 4 ++-- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts b/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts index 7a80938b05..ff202f225d 100644 --- a/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts +++ b/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts @@ -127,10 +127,10 @@ export const identityAwsAuthServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); diff --git a/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts b/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts index 5dca4509dd..01d013734e 100644 --- a/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts +++ b/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts @@ -100,10 +100,10 @@ export const identityAzureAuthServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); diff --git a/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts b/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts index 277cf73e8a..5e404ca20e 100644 --- a/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts +++ b/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts @@ -139,10 +139,10 @@ export const identityGcpAuthServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); diff --git a/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts b/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts index a48ce4664c..6757b0b846 100644 --- a/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts +++ b/backend/src/services/identity-jwt-auth/identity-jwt-auth-service.ts @@ -213,10 +213,10 @@ export const identityJwtAuthServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); diff --git a/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts b/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts index 9d3a2a72a0..4508a255da 100644 --- a/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts +++ b/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts @@ -230,10 +230,10 @@ export const identityKubernetesAuthServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); diff --git a/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts b/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts index a0c1a7d92c..a1dbed46b3 100644 --- a/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts +++ b/backend/src/services/identity-oidc-auth/identity-oidc-auth-service.ts @@ -195,10 +195,10 @@ export const identityOidcAuthServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); diff --git a/backend/src/services/identity-token-auth/identity-token-auth-service.ts b/backend/src/services/identity-token-auth/identity-token-auth-service.ts index aeb1faf127..bf38c5fa1e 100644 --- a/backend/src/services/identity-token-auth/identity-token-auth-service.ts +++ b/backend/src/services/identity-token-auth/identity-token-auth-service.ts @@ -329,10 +329,10 @@ export const identityTokenAuthServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); diff --git a/backend/src/services/identity-ua/identity-ua-service.ts b/backend/src/services/identity-ua/identity-ua-service.ts index b244656b60..b9837265aa 100644 --- a/backend/src/services/identity-ua/identity-ua-service.ts +++ b/backend/src/services/identity-ua/identity-ua-service.ts @@ -130,10 +130,10 @@ export const identityUaServiceFactory = ({ } as TIdentityAccessTokenJwtPayload, appCfg.AUTH_SECRET, // akhilmhdh: for non-expiry tokens you should not even set the value, including undefined. Even for undefined jsonwebtoken throws error - Number(identityAccessToken.accessTokenMaxTTL) === 0 + Number(identityAccessToken.accessTokenTTL) === 0 ? undefined : { - expiresIn: Number(identityAccessToken.accessTokenMaxTTL) + expiresIn: Number(identityAccessToken.accessTokenTTL) } ); From 91f2d0384e3dc4059fa87b4cdd3b095919fd061d Mon Sep 17 00:00:00 2001 From: = Date: Tue, 28 Jan 2025 01:55:27 +0530 Subject: [PATCH 3/4] feat: updated router to validate max ttl and ttl --- .../routes/v1/identity-aws-iam-auth-router.ts | 114 ++++++------ .../routes/v1/identity-azure-auth-router.ts | 124 ++++++++------ .../routes/v1/identity-gcp-auth-router.ts | 108 +++++++----- .../v1/identity-kubernetes-auth-router.ts | 154 +++++++++-------- .../routes/v1/identity-oidc-auth-router.ts | 73 ++++---- .../routes/v1/identity-token-auth-router.ts | 108 +++++++----- .../v1/identity-universal-auth-router.ts | 162 ++++++++++-------- 7 files changed, 472 insertions(+), 371 deletions(-) diff --git a/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts b/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts index f39f6d031a..414f8534c5 100644 --- a/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts +++ b/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts @@ -79,39 +79,44 @@ export const registerIdentityAwsAuthRouter = async (server: FastifyZodProvider) params: z.object({ identityId: z.string().trim().describe(AWS_AUTH.ATTACH.identityId) }), - body: z.object({ - stsEndpoint: z - .string() - .trim() - .min(1) - .default("https://sts.amazonaws.com/") - .describe(AWS_AUTH.ATTACH.stsEndpoint), - allowedPrincipalArns: validatePrincipalArns.describe(AWS_AUTH.ATTACH.allowedPrincipalArns), - allowedAccountIds: validateAccountIds.describe(AWS_AUTH.ATTACH.allowedAccountIds), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(AWS_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(AWS_AUTH.ATTACH.accessTokenTTL), - accessTokenMaxTTL: z - .number() - .int() - .min(1) - .max(315360000) - .default(2592000) - .describe(AWS_AUTH.ATTACH.accessTokenMaxTTL), - accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(AWS_AUTH.ATTACH.accessTokenNumUsesLimit) - }), + body: z + .object({ + stsEndpoint: z + .string() + .trim() + .min(1) + .default("https://sts.amazonaws.com/") + .describe(AWS_AUTH.ATTACH.stsEndpoint), + allowedPrincipalArns: validatePrincipalArns.describe(AWS_AUTH.ATTACH.allowedPrincipalArns), + allowedAccountIds: validateAccountIds.describe(AWS_AUTH.ATTACH.allowedAccountIds), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(AWS_AUTH.ATTACH.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(AWS_AUTH.ATTACH.accessTokenTTL), + accessTokenMaxTTL: z + .number() + .int() + .min(1) + .max(315360000) + .default(2592000) + .describe(AWS_AUTH.ATTACH.accessTokenMaxTTL), + accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(AWS_AUTH.ATTACH.accessTokenNumUsesLimit) + }) + .refine( + (val) => val.accessTokenTTL <= val.accessTokenMaxTTL, + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityAwsAuth: IdentityAwsAuthsSchema @@ -167,22 +172,33 @@ export const registerIdentityAwsAuthRouter = async (server: FastifyZodProvider) params: z.object({ identityId: z.string().describe(AWS_AUTH.UPDATE.identityId) }), - body: z.object({ - stsEndpoint: z.string().trim().min(1).optional().describe(AWS_AUTH.UPDATE.stsEndpoint), - allowedPrincipalArns: validatePrincipalArns.describe(AWS_AUTH.UPDATE.allowedPrincipalArns), - allowedAccountIds: validateAccountIds.describe(AWS_AUTH.UPDATE.allowedAccountIds), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .optional() - .describe(AWS_AUTH.UPDATE.accessTokenTrustedIps), - accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(AWS_AUTH.UPDATE.accessTokenTTL), - accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(AWS_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z.number().int().max(315360000).min(0).optional().describe(AWS_AUTH.UPDATE.accessTokenMaxTTL) - }), + body: z + .object({ + stsEndpoint: z.string().trim().min(1).optional().describe(AWS_AUTH.UPDATE.stsEndpoint), + allowedPrincipalArns: validatePrincipalArns.describe(AWS_AUTH.UPDATE.allowedPrincipalArns), + allowedAccountIds: validateAccountIds.describe(AWS_AUTH.UPDATE.allowedAccountIds), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .optional() + .describe(AWS_AUTH.UPDATE.accessTokenTrustedIps), + accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(AWS_AUTH.UPDATE.accessTokenTTL), + accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(AWS_AUTH.UPDATE.accessTokenNumUsesLimit), + accessTokenMaxTTL: z + .number() + .int() + .max(315360000) + .min(0) + .optional() + .describe(AWS_AUTH.UPDATE.accessTokenMaxTTL) + }) + .refine( + (val) => (val.accessTokenMaxTTL && val.accessTokenTTL ? val.accessTokenTTL <= val.accessTokenMaxTTL : true), + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityAwsAuth: IdentityAwsAuthsSchema diff --git a/backend/src/server/routes/v1/identity-azure-auth-router.ts b/backend/src/server/routes/v1/identity-azure-auth-router.ts index 21cc0cde62..f46fb57ca6 100644 --- a/backend/src/server/routes/v1/identity-azure-auth-router.ts +++ b/backend/src/server/routes/v1/identity-azure-auth-router.ts @@ -76,34 +76,44 @@ export const registerIdentityAzureAuthRouter = async (server: FastifyZodProvider params: z.object({ identityId: z.string().trim().describe(AZURE_AUTH.LOGIN.identityId) }), - body: z.object({ - tenantId: z.string().trim().describe(AZURE_AUTH.ATTACH.tenantId), - resource: z.string().trim().describe(AZURE_AUTH.ATTACH.resource), - allowedServicePrincipalIds: validateAzureAuthField.describe(AZURE_AUTH.ATTACH.allowedServicePrincipalIds), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(AZURE_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(AZURE_AUTH.ATTACH.accessTokenTTL), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(AZURE_AUTH.ATTACH.accessTokenMaxTTL), - accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(AZURE_AUTH.ATTACH.accessTokenNumUsesLimit) - }), + body: z + .object({ + tenantId: z.string().trim().describe(AZURE_AUTH.ATTACH.tenantId), + resource: z.string().trim().describe(AZURE_AUTH.ATTACH.resource), + allowedServicePrincipalIds: validateAzureAuthField.describe(AZURE_AUTH.ATTACH.allowedServicePrincipalIds), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(AZURE_AUTH.ATTACH.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(AZURE_AUTH.ATTACH.accessTokenTTL), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(AZURE_AUTH.ATTACH.accessTokenMaxTTL), + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .default(0) + .describe(AZURE_AUTH.ATTACH.accessTokenNumUsesLimit) + }) + .refine( + (val) => val.accessTokenTTL <= val.accessTokenMaxTTL, + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityAzureAuth: IdentityAzureAuthsSchema @@ -158,30 +168,40 @@ export const registerIdentityAzureAuthRouter = async (server: FastifyZodProvider params: z.object({ identityId: z.string().trim().describe(AZURE_AUTH.UPDATE.identityId) }), - body: z.object({ - tenantId: z.string().trim().optional().describe(AZURE_AUTH.UPDATE.tenantId), - resource: z.string().trim().optional().describe(AZURE_AUTH.UPDATE.resource), - allowedServicePrincipalIds: validateAzureAuthField - .optional() - .describe(AZURE_AUTH.UPDATE.allowedServicePrincipalIds), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .optional() - .describe(AZURE_AUTH.UPDATE.accessTokenTrustedIps), - accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(AZURE_AUTH.UPDATE.accessTokenTTL), - accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(AZURE_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z - .number() - .int() - .max(315360000) - .min(0) - .optional() - .describe(AZURE_AUTH.UPDATE.accessTokenMaxTTL) - }), + body: z + .object({ + tenantId: z.string().trim().optional().describe(AZURE_AUTH.UPDATE.tenantId), + resource: z.string().trim().optional().describe(AZURE_AUTH.UPDATE.resource), + allowedServicePrincipalIds: validateAzureAuthField + .optional() + .describe(AZURE_AUTH.UPDATE.allowedServicePrincipalIds), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .optional() + .describe(AZURE_AUTH.UPDATE.accessTokenTrustedIps), + accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(AZURE_AUTH.UPDATE.accessTokenTTL), + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .optional() + .describe(AZURE_AUTH.UPDATE.accessTokenNumUsesLimit), + accessTokenMaxTTL: z + .number() + .int() + .max(315360000) + .min(0) + .optional() + .describe(AZURE_AUTH.UPDATE.accessTokenMaxTTL) + }) + .refine( + (val) => (val.accessTokenMaxTTL && val.accessTokenTTL ? val.accessTokenTTL <= val.accessTokenMaxTTL : true), + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityAzureAuth: IdentityAzureAuthsSchema diff --git a/backend/src/server/routes/v1/identity-gcp-auth-router.ts b/backend/src/server/routes/v1/identity-gcp-auth-router.ts index c5fedb5877..057458bb2c 100644 --- a/backend/src/server/routes/v1/identity-gcp-auth-router.ts +++ b/backend/src/server/routes/v1/identity-gcp-auth-router.ts @@ -74,35 +74,40 @@ export const registerIdentityGcpAuthRouter = async (server: FastifyZodProvider) params: z.object({ identityId: z.string().trim().describe(GCP_AUTH.ATTACH.identityId) }), - body: z.object({ - type: z.enum(["iam", "gce"]), - allowedServiceAccounts: validateGcpAuthField.describe(GCP_AUTH.ATTACH.allowedServiceAccounts), - allowedProjects: validateGcpAuthField.describe(GCP_AUTH.ATTACH.allowedProjects), - allowedZones: validateGcpAuthField.describe(GCP_AUTH.ATTACH.allowedZones), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(GCP_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(GCP_AUTH.ATTACH.accessTokenTTL), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(GCP_AUTH.ATTACH.accessTokenMaxTTL), - accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(GCP_AUTH.ATTACH.accessTokenNumUsesLimit) - }), + body: z + .object({ + type: z.enum(["iam", "gce"]), + allowedServiceAccounts: validateGcpAuthField.describe(GCP_AUTH.ATTACH.allowedServiceAccounts), + allowedProjects: validateGcpAuthField.describe(GCP_AUTH.ATTACH.allowedProjects), + allowedZones: validateGcpAuthField.describe(GCP_AUTH.ATTACH.allowedZones), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(GCP_AUTH.ATTACH.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(GCP_AUTH.ATTACH.accessTokenTTL), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(GCP_AUTH.ATTACH.accessTokenMaxTTL), + accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(GCP_AUTH.ATTACH.accessTokenNumUsesLimit) + }) + .refine( + (val) => val.accessTokenTTL <= val.accessTokenMaxTTL, + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityGcpAuth: IdentityGcpAuthsSchema @@ -159,23 +164,34 @@ export const registerIdentityGcpAuthRouter = async (server: FastifyZodProvider) params: z.object({ identityId: z.string().trim().describe(GCP_AUTH.UPDATE.identityId) }), - body: z.object({ - type: z.enum(["iam", "gce"]).optional(), - allowedServiceAccounts: validateGcpAuthField.optional().describe(GCP_AUTH.UPDATE.allowedServiceAccounts), - allowedProjects: validateGcpAuthField.optional().describe(GCP_AUTH.UPDATE.allowedProjects), - allowedZones: validateGcpAuthField.optional().describe(GCP_AUTH.UPDATE.allowedZones), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .optional() - .describe(GCP_AUTH.UPDATE.accessTokenTrustedIps), - accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(GCP_AUTH.UPDATE.accessTokenTTL), - accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(GCP_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z.number().int().min(0).max(315360000).optional().describe(GCP_AUTH.UPDATE.accessTokenMaxTTL) - }), + body: z + .object({ + type: z.enum(["iam", "gce"]).optional(), + allowedServiceAccounts: validateGcpAuthField.optional().describe(GCP_AUTH.UPDATE.allowedServiceAccounts), + allowedProjects: validateGcpAuthField.optional().describe(GCP_AUTH.UPDATE.allowedProjects), + allowedZones: validateGcpAuthField.optional().describe(GCP_AUTH.UPDATE.allowedZones), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .optional() + .describe(GCP_AUTH.UPDATE.accessTokenTrustedIps), + accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(GCP_AUTH.UPDATE.accessTokenTTL), + accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(GCP_AUTH.UPDATE.accessTokenNumUsesLimit), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .optional() + .describe(GCP_AUTH.UPDATE.accessTokenMaxTTL) + }) + .refine( + (val) => (val.accessTokenMaxTTL && val.accessTokenTTL ? val.accessTokenTTL <= val.accessTokenMaxTTL : true), + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityGcpAuth: IdentityGcpAuthsSchema diff --git a/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts b/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts index a5e5dcc3a7..3b30251794 100644 --- a/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts +++ b/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts @@ -87,42 +87,47 @@ export const registerIdentityKubernetesRouter = async (server: FastifyZodProvide params: z.object({ identityId: z.string().trim().describe(KUBERNETES_AUTH.ATTACH.identityId) }), - body: z.object({ - kubernetesHost: z.string().trim().min(1).describe(KUBERNETES_AUTH.ATTACH.kubernetesHost), - caCert: z.string().trim().default("").describe(KUBERNETES_AUTH.ATTACH.caCert), - tokenReviewerJwt: z.string().trim().min(1).describe(KUBERNETES_AUTH.ATTACH.tokenReviewerJwt), - allowedNamespaces: z.string().describe(KUBERNETES_AUTH.ATTACH.allowedNamespaces), // TODO: validation - allowedNames: z.string().describe(KUBERNETES_AUTH.ATTACH.allowedNames), - allowedAudience: z.string().describe(KUBERNETES_AUTH.ATTACH.allowedAudience), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(KUBERNETES_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(KUBERNETES_AUTH.ATTACH.accessTokenTTL), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(KUBERNETES_AUTH.ATTACH.accessTokenMaxTTL), - accessTokenNumUsesLimit: z - .number() - .int() - .min(0) - .default(0) - .describe(KUBERNETES_AUTH.ATTACH.accessTokenNumUsesLimit) - }), + body: z + .object({ + kubernetesHost: z.string().trim().min(1).describe(KUBERNETES_AUTH.ATTACH.kubernetesHost), + caCert: z.string().trim().default("").describe(KUBERNETES_AUTH.ATTACH.caCert), + tokenReviewerJwt: z.string().trim().min(1).describe(KUBERNETES_AUTH.ATTACH.tokenReviewerJwt), + allowedNamespaces: z.string().describe(KUBERNETES_AUTH.ATTACH.allowedNamespaces), // TODO: validation + allowedNames: z.string().describe(KUBERNETES_AUTH.ATTACH.allowedNames), + allowedAudience: z.string().describe(KUBERNETES_AUTH.ATTACH.allowedAudience), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(KUBERNETES_AUTH.ATTACH.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(KUBERNETES_AUTH.ATTACH.accessTokenTTL), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(KUBERNETES_AUTH.ATTACH.accessTokenMaxTTL), + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .default(0) + .describe(KUBERNETES_AUTH.ATTACH.accessTokenNumUsesLimit) + }) + .refine( + (val) => val.accessTokenTTL <= val.accessTokenMaxTTL, + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityKubernetesAuth: IdentityKubernetesAuthResponseSchema @@ -178,42 +183,47 @@ export const registerIdentityKubernetesRouter = async (server: FastifyZodProvide params: z.object({ identityId: z.string().describe(KUBERNETES_AUTH.UPDATE.identityId) }), - body: z.object({ - kubernetesHost: z.string().trim().min(1).optional().describe(KUBERNETES_AUTH.UPDATE.kubernetesHost), - caCert: z.string().trim().optional().describe(KUBERNETES_AUTH.UPDATE.caCert), - tokenReviewerJwt: z.string().trim().min(1).optional().describe(KUBERNETES_AUTH.UPDATE.tokenReviewerJwt), - allowedNamespaces: z.string().optional().describe(KUBERNETES_AUTH.UPDATE.allowedNamespaces), // TODO: validation - allowedNames: z.string().optional().describe(KUBERNETES_AUTH.UPDATE.allowedNames), - allowedAudience: z.string().optional().describe(KUBERNETES_AUTH.UPDATE.allowedAudience), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .optional() - .describe(KUBERNETES_AUTH.UPDATE.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .optional() - .describe(KUBERNETES_AUTH.UPDATE.accessTokenTTL), - accessTokenNumUsesLimit: z - .number() - .int() - .min(0) - .optional() - .describe(KUBERNETES_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .optional() - .describe(KUBERNETES_AUTH.UPDATE.accessTokenMaxTTL) - }), + body: z + .object({ + kubernetesHost: z.string().trim().min(1).optional().describe(KUBERNETES_AUTH.UPDATE.kubernetesHost), + caCert: z.string().trim().optional().describe(KUBERNETES_AUTH.UPDATE.caCert), + tokenReviewerJwt: z.string().trim().min(1).optional().describe(KUBERNETES_AUTH.UPDATE.tokenReviewerJwt), + allowedNamespaces: z.string().optional().describe(KUBERNETES_AUTH.UPDATE.allowedNamespaces), // TODO: validation + allowedNames: z.string().optional().describe(KUBERNETES_AUTH.UPDATE.allowedNames), + allowedAudience: z.string().optional().describe(KUBERNETES_AUTH.UPDATE.allowedAudience), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .optional() + .describe(KUBERNETES_AUTH.UPDATE.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .optional() + .describe(KUBERNETES_AUTH.UPDATE.accessTokenTTL), + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .optional() + .describe(KUBERNETES_AUTH.UPDATE.accessTokenNumUsesLimit), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .optional() + .describe(KUBERNETES_AUTH.UPDATE.accessTokenMaxTTL) + }) + .refine( + (val) => (val.accessTokenMaxTTL && val.accessTokenTTL ? val.accessTokenTTL <= val.accessTokenMaxTTL : true), + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityKubernetesAuth: IdentityKubernetesAuthResponseSchema diff --git a/backend/src/server/routes/v1/identity-oidc-auth-router.ts b/backend/src/server/routes/v1/identity-oidc-auth-router.ts index ddb2453992..431ed3f4f4 100644 --- a/backend/src/server/routes/v1/identity-oidc-auth-router.ts +++ b/backend/src/server/routes/v1/identity-oidc-auth-router.ts @@ -87,37 +87,42 @@ export const registerIdentityOidcAuthRouter = async (server: FastifyZodProvider) params: z.object({ identityId: z.string().trim().describe(OIDC_AUTH.ATTACH.identityId) }), - body: z.object({ - oidcDiscoveryUrl: z.string().url().min(1).describe(OIDC_AUTH.ATTACH.oidcDiscoveryUrl), - caCert: z.string().trim().default("").describe(OIDC_AUTH.ATTACH.caCert), - boundIssuer: z.string().min(1).describe(OIDC_AUTH.ATTACH.boundIssuer), - boundAudiences: validateOidcAuthAudiencesField.describe(OIDC_AUTH.ATTACH.boundAudiences), - boundClaims: validateOidcBoundClaimsField.describe(OIDC_AUTH.ATTACH.boundClaims), - boundSubject: z.string().optional().default("").describe(OIDC_AUTH.ATTACH.boundSubject), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(OIDC_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(OIDC_AUTH.ATTACH.accessTokenTTL), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(OIDC_AUTH.ATTACH.accessTokenMaxTTL), - accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(OIDC_AUTH.ATTACH.accessTokenNumUsesLimit) - }), + body: z + .object({ + oidcDiscoveryUrl: z.string().url().min(1).describe(OIDC_AUTH.ATTACH.oidcDiscoveryUrl), + caCert: z.string().trim().default("").describe(OIDC_AUTH.ATTACH.caCert), + boundIssuer: z.string().min(1).describe(OIDC_AUTH.ATTACH.boundIssuer), + boundAudiences: validateOidcAuthAudiencesField.describe(OIDC_AUTH.ATTACH.boundAudiences), + boundClaims: validateOidcBoundClaimsField.describe(OIDC_AUTH.ATTACH.boundClaims), + boundSubject: z.string().optional().default("").describe(OIDC_AUTH.ATTACH.boundSubject), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(OIDC_AUTH.ATTACH.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(OIDC_AUTH.ATTACH.accessTokenTTL), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(OIDC_AUTH.ATTACH.accessTokenMaxTTL), + accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(OIDC_AUTH.ATTACH.accessTokenNumUsesLimit) + }) + .refine( + (val) => val.accessTokenTTL <= val.accessTokenMaxTTL, + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityOidcAuth: IdentityOidcAuthResponseSchema @@ -210,7 +215,11 @@ export const registerIdentityOidcAuthRouter = async (server: FastifyZodProvider) .describe(OIDC_AUTH.UPDATE.accessTokenMaxTTL), accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(OIDC_AUTH.UPDATE.accessTokenNumUsesLimit) }) - .partial(), + .partial() + .refine( + (val) => (val.accessTokenMaxTTL && val.accessTokenTTL ? val.accessTokenTTL <= val.accessTokenMaxTTL : true), + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityOidcAuth: IdentityOidcAuthResponseSchema diff --git a/backend/src/server/routes/v1/identity-token-auth-router.ts b/backend/src/server/routes/v1/identity-token-auth-router.ts index bc810d8eef..3d331403ac 100644 --- a/backend/src/server/routes/v1/identity-token-auth-router.ts +++ b/backend/src/server/routes/v1/identity-token-auth-router.ts @@ -26,31 +26,41 @@ export const registerIdentityTokenAuthRouter = async (server: FastifyZodProvider params: z.object({ identityId: z.string().trim().describe(TOKEN_AUTH.ATTACH.identityId) }), - body: z.object({ - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(TOKEN_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(TOKEN_AUTH.ATTACH.accessTokenTTL), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(TOKEN_AUTH.ATTACH.accessTokenMaxTTL), - accessTokenNumUsesLimit: z.number().int().min(0).default(0).describe(TOKEN_AUTH.ATTACH.accessTokenNumUsesLimit) - }), + body: z + .object({ + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(TOKEN_AUTH.ATTACH.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(TOKEN_AUTH.ATTACH.accessTokenTTL), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(TOKEN_AUTH.ATTACH.accessTokenMaxTTL), + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .default(0) + .describe(TOKEN_AUTH.ATTACH.accessTokenNumUsesLimit) + }) + .refine( + (val) => val.accessTokenTTL <= val.accessTokenMaxTTL, + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityTokenAuth: IdentityTokenAuthsSchema @@ -105,25 +115,35 @@ export const registerIdentityTokenAuthRouter = async (server: FastifyZodProvider params: z.object({ identityId: z.string().trim().describe(TOKEN_AUTH.UPDATE.identityId) }), - body: z.object({ - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .optional() - .describe(TOKEN_AUTH.UPDATE.accessTokenTrustedIps), - accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(TOKEN_AUTH.UPDATE.accessTokenTTL), - accessTokenNumUsesLimit: z.number().int().min(0).optional().describe(TOKEN_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .optional() - .describe(TOKEN_AUTH.UPDATE.accessTokenMaxTTL) - }), + body: z + .object({ + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .optional() + .describe(TOKEN_AUTH.UPDATE.accessTokenTrustedIps), + accessTokenTTL: z.number().int().min(0).max(315360000).optional().describe(TOKEN_AUTH.UPDATE.accessTokenTTL), + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .optional() + .describe(TOKEN_AUTH.UPDATE.accessTokenNumUsesLimit), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .optional() + .describe(TOKEN_AUTH.UPDATE.accessTokenMaxTTL) + }) + .refine( + (val) => (val.accessTokenMaxTTL && val.accessTokenTTL ? val.accessTokenTTL <= val.accessTokenMaxTTL : true), + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityTokenAuth: IdentityTokenAuthsSchema diff --git a/backend/src/server/routes/v1/identity-universal-auth-router.ts b/backend/src/server/routes/v1/identity-universal-auth-router.ts index e295f6ea31..e48e1f442e 100644 --- a/backend/src/server/routes/v1/identity-universal-auth-router.ts +++ b/backend/src/server/routes/v1/identity-universal-auth-router.ts @@ -86,44 +86,49 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => { params: z.object({ identityId: z.string().trim().describe(UNIVERSAL_AUTH.ATTACH.identityId) }), - body: z.object({ - clientSecretTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(UNIVERSAL_AUTH.ATTACH.clientSecretTrustedIps), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) - .describe(UNIVERSAL_AUTH.ATTACH.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(UNIVERSAL_AUTH.ATTACH.accessTokenTTL), // 30 days - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .default(2592000) - .describe(UNIVERSAL_AUTH.ATTACH.accessTokenMaxTTL), // 30 days - accessTokenNumUsesLimit: z - .number() - .int() - .min(0) - .default(0) - .describe(UNIVERSAL_AUTH.ATTACH.accessTokenNumUsesLimit) - }), + body: z + .object({ + clientSecretTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(UNIVERSAL_AUTH.ATTACH.clientSecretTrustedIps), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]) + .describe(UNIVERSAL_AUTH.ATTACH.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(UNIVERSAL_AUTH.ATTACH.accessTokenTTL), // 30 days + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .default(2592000) + .describe(UNIVERSAL_AUTH.ATTACH.accessTokenMaxTTL), // 30 days + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .default(0) + .describe(UNIVERSAL_AUTH.ATTACH.accessTokenNumUsesLimit) + }) + .refine( + (val) => val.accessTokenTTL <= val.accessTokenMaxTTL, + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityUniversalAuth: IdentityUniversalAuthsSchema @@ -176,44 +181,49 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => { params: z.object({ identityId: z.string().describe(UNIVERSAL_AUTH.UPDATE.identityId) }), - body: z.object({ - clientSecretTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .optional() - .describe(UNIVERSAL_AUTH.UPDATE.clientSecretTrustedIps), - accessTokenTrustedIps: z - .object({ - ipAddress: z.string().trim() - }) - .array() - .min(1) - .optional() - .describe(UNIVERSAL_AUTH.UPDATE.accessTokenTrustedIps), - accessTokenTTL: z - .number() - .int() - .min(0) - .max(315360000) - .optional() - .describe(UNIVERSAL_AUTH.UPDATE.accessTokenTTL), - accessTokenNumUsesLimit: z - .number() - .int() - .min(0) - .optional() - .describe(UNIVERSAL_AUTH.UPDATE.accessTokenNumUsesLimit), - accessTokenMaxTTL: z - .number() - .int() - .min(0) - .max(315360000) - .optional() - .describe(UNIVERSAL_AUTH.UPDATE.accessTokenMaxTTL) - }), + body: z + .object({ + clientSecretTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .optional() + .describe(UNIVERSAL_AUTH.UPDATE.clientSecretTrustedIps), + accessTokenTrustedIps: z + .object({ + ipAddress: z.string().trim() + }) + .array() + .min(1) + .optional() + .describe(UNIVERSAL_AUTH.UPDATE.accessTokenTrustedIps), + accessTokenTTL: z + .number() + .int() + .min(0) + .max(315360000) + .optional() + .describe(UNIVERSAL_AUTH.UPDATE.accessTokenTTL), + accessTokenNumUsesLimit: z + .number() + .int() + .min(0) + .optional() + .describe(UNIVERSAL_AUTH.UPDATE.accessTokenNumUsesLimit), + accessTokenMaxTTL: z + .number() + .int() + .min(0) + .max(315360000) + .optional() + .describe(UNIVERSAL_AUTH.UPDATE.accessTokenMaxTTL) + }) + .refine( + (val) => (val.accessTokenMaxTTL && val.accessTokenTTL ? val.accessTokenTTL <= val.accessTokenMaxTTL : true), + "Access Token TTL cannot be greater than Access Token Max TTL." + ), response: { 200: z.object({ identityUniversalAuth: IdentityUniversalAuthsSchema From 3e0f04273cf69a5eb84b11ba54d83fae0190c8d4 Mon Sep 17 00:00:00 2001 From: = Date: Tue, 28 Jan 2025 02:01:24 +0530 Subject: [PATCH 4/4] feat: resolved merge conflict --- .../components/IdentitySection/IdentityAwsAuthForm.tsx | 4 ++-- .../components/IdentitySection/IdentityAzureAuthForm.tsx | 4 ++-- .../components/IdentitySection/IdentityGcpAuthForm.tsx | 4 ++-- .../components/IdentitySection/IdentityJwtAuthForm.tsx | 4 ++-- .../components/IdentitySection/IdentityKubernetesAuthForm.tsx | 4 ++-- .../components/IdentitySection/IdentityOidcAuthForm.tsx | 4 ++-- .../components/IdentitySection/IdentityTokenAuthForm.tsx | 4 ++-- .../components/IdentitySection/IdentityUniversalAuthForm.tsx | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAwsAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAwsAuthForm.tsx index 7f609305db..ddcc7b2d1d 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAwsAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAwsAuthForm.tsx @@ -259,7 +259,7 @@ export const IdentityAwsAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> @@ -273,7 +273,7 @@ export const IdentityAwsAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAzureAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAzureAuthForm.tsx index 1bfdf27570..cd32ca9dc7 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAzureAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityAzureAuthForm.tsx @@ -255,7 +255,7 @@ export const IdentityAzureAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> @@ -269,7 +269,7 @@ export const IdentityAzureAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityGcpAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityGcpAuthForm.tsx index 2a3fc526df..760bb6ed47 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityGcpAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityGcpAuthForm.tsx @@ -294,7 +294,7 @@ export const IdentityGcpAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> @@ -308,7 +308,7 @@ export const IdentityGcpAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityJwtAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityJwtAuthForm.tsx index 32ad5b6ada..c9d8acccaf 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityJwtAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityJwtAuthForm.tsx @@ -563,7 +563,7 @@ export const IdentityJwtAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> @@ -577,7 +577,7 @@ export const IdentityJwtAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx index 9a65aeebc4..4d25590a1a 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx @@ -305,7 +305,7 @@ export const IdentityKubernetesAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> @@ -320,7 +320,7 @@ export const IdentityKubernetesAuthForm = ({ errorText={error?.message} tooltipText="The maximum lifetime for an access token in seconds. This value will be referenced at renewal time." > - + )} /> diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityOidcAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityOidcAuthForm.tsx index 679e03555a..b1b0739cf3 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityOidcAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityOidcAuthForm.tsx @@ -323,7 +323,7 @@ export const IdentityOidcAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> @@ -337,7 +337,7 @@ export const IdentityOidcAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityTokenAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityTokenAuthForm.tsx index d0e7bc7289..18e832aa82 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityTokenAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityTokenAuthForm.tsx @@ -192,7 +192,7 @@ export const IdentityTokenAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> @@ -206,7 +206,7 @@ export const IdentityTokenAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} /> diff --git a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityUniversalAuthForm.tsx b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityUniversalAuthForm.tsx index 975ef8dbeb..2ebe631fe2 100644 --- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityUniversalAuthForm.tsx +++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityUniversalAuthForm.tsx @@ -224,7 +224,7 @@ export const IdentityUniversalAuthForm = ({ isError={Boolean(error)} errorText={error?.message} > - + )} />