From 6d09ae09dc19ee54cd32f7e1072cacbea3094386 Mon Sep 17 00:00:00 2001 From: Pavel Denisjuk Date: Wed, 2 Oct 2024 21:51:42 +0200 Subject: [PATCH] fix(api-security-okta): make getGroupSlug optional --- .../src/createGroupAuthorizer.ts | 19 +++++++++++++------ packages/api-security-okta/src/createOkta.ts | 11 ++++++++--- packages/api-security-okta/src/types.ts | 8 ++++++++ 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/packages/api-security-okta/src/createGroupAuthorizer.ts b/packages/api-security-okta/src/createGroupAuthorizer.ts index c50c67f8d3e..38e342c4bb9 100644 --- a/packages/api-security-okta/src/createGroupAuthorizer.ts +++ b/packages/api-security-okta/src/createGroupAuthorizer.ts @@ -1,4 +1,4 @@ -import { SecurityContext, SecurityIdentity } from "@webiny/api-security/types"; +import { SecurityContext } from "@webiny/api-security/types"; import { ContextPlugin } from "@webiny/api"; import { TenancyContext } from "@webiny/api-tenancy/types"; import { I18NContext } from "@webiny/api-i18n/types"; @@ -6,16 +6,20 @@ import { getPermissionsFromSecurityGroupsForLocale } from "@webiny/api-security" type Context = TenancyContext & SecurityContext & I18NContext; -export interface GroupAuthorizerConfig { +export type GroupSlug = string | undefined; + +export interface GroupAuthorizerConfig { // Specify an `identityType` if you want to only run this authorizer for specific identities. identityType?: string; // Get a group slug to load permissions from. - getGroupSlug(context: Context): SecurityIdentity["group"]; + getGroupSlug?: (context: TContext) => Promise | GroupSlug; } -export const createGroupAuthorizer = (config: GroupAuthorizerConfig) => { - return new ContextPlugin(context => { +export const createGroupAuthorizer = ( + config: GroupAuthorizerConfig +) => { + return new ContextPlugin(context => { const { security } = context; security.addAuthorizer(async () => { const identity = security.getIdentity(); @@ -35,7 +39,10 @@ export const createGroupAuthorizer = (config: GroupAuthorizerConfig) => { return null; } - const groupSlug = config.getGroupSlug(context); + const groupSlug = config.getGroupSlug + ? await config.getGroupSlug(context) + : identity.group; + if (!groupSlug) { return null; } diff --git a/packages/api-security-okta/src/createOkta.ts b/packages/api-security-okta/src/createOkta.ts index 8e5cd5dde6e..21d0772c630 100644 --- a/packages/api-security-okta/src/createOkta.ts +++ b/packages/api-security-okta/src/createOkta.ts @@ -3,12 +3,17 @@ import { createGroupAuthorizer, GroupAuthorizerConfig } from "~/createGroupAutho import { createIdentityType } from "~/createIdentityType"; import { extendTenancy } from "./extendTenancy"; import { createAdminUsersHooks } from "./createAdminUsersHooks"; +import { Context } from "~/types"; -export interface CreateOktaConfig extends AuthenticatorConfig, GroupAuthorizerConfig { +export interface CreateOktaConfig + extends AuthenticatorConfig, + GroupAuthorizerConfig { graphQLIdentityType?: string; } -export const createOkta = (config: CreateOktaConfig) => { +export const createOkta = ( + config: CreateOktaConfig +) => { const identityType = config.identityType || "admin"; const graphQLIdentityType = config.graphQLIdentityType || "OktaIdentity"; @@ -17,7 +22,7 @@ export const createOkta = (config: CreateOktaConfig) => { issuer: config.issuer, getIdentity: config.getIdentity }), - createGroupAuthorizer({ + createGroupAuthorizer({ identityType, getGroupSlug: config.getGroupSlug }), diff --git a/packages/api-security-okta/src/types.ts b/packages/api-security-okta/src/types.ts index ae9745e8963..ca9144be4f8 100644 --- a/packages/api-security-okta/src/types.ts +++ b/packages/api-security-okta/src/types.ts @@ -1,7 +1,15 @@ import "@webiny/api-tenancy/types"; +import { SecurityContext } from "@webiny/api-security/types"; +import { TenancyContext } from "@webiny/api-tenancy/types"; +import { I18NContext } from "@webiny/api-i18n/types"; declare module "@webiny/api-tenancy/types" { interface TenantSettings { appClientId: string; } } + +/** + * @internal + */ +export type Context = TenancyContext & SecurityContext & I18NContext;