Merge pull request #11694 from JimMoen/fix-saml-callback

fix: saml callback should check saml state
2023-09-27 21:28:28 +08:00 · 2023-09-27 21:28:28 +08:00 · 2a39b6b8da
parent 1f8985d09e c9194cd6b2
commit 2a39b6b8da
3 changed files with 11 additions and 9 deletions
--- a/apps/emqx_dashboard_sso/rebar.config
+++ b/apps/emqx_dashboard_sso/rebar.config
@ -4,5 +4,5 @@
 {deps, [
        {emqx_ldap, {path, "../../apps/emqx_ldap"}},
        {emqx_dashboard, {path, "../../apps/emqx_dashboard"}},
-        {esaml, {git, "https://github.com/emqx/esaml", {tag, "v1.1.1"}}}
+        {esaml, {git, "https://github.com/emqx/esaml", {tag, "v1.1.2"}}}
 ]}.
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl
@ -100,6 +100,8 @@ desc(_) ->
 %% APIs
 %%------------------------------------------------------------------------------

+create(#{enable := false} = _Config) ->
+    {ok, undefined};
 create(#{sp_sign_request := true} = Config) ->
    try
        do_create(ensure_cert_and_key(Config))
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl
@ -82,19 +82,17 @@ schema("/sso/saml/metadata") ->

 sp_saml_metadata(get, _Req) ->
    case emqx_dashboard_sso_manager:lookup_state(saml) of
-        undefined ->
-            {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}};
-        #{sp := SP} = _State ->
+        #{enable := true, sp := SP} = _State ->
            SignedXml = esaml_sp:generate_metadata(SP),
            Metadata = xmerl:export([SignedXml], xmerl_xml),
-            {200, #{<<"Content-Type">> => <<"text/xml">>}, erlang:iolist_to_binary(Metadata)}
+            {200, #{<<"Content-Type">> => <<"text/xml">>}, erlang:iolist_to_binary(Metadata)};
+        _ ->
+            {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}}
    end.

 sp_saml_callback(post, Req) ->
    case emqx_dashboard_sso_manager:lookup_state(saml) of
-        undefined ->
-            {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}};
-        State ->
+        State = #{enable := true} ->
            case (provider(saml)):callback(Req, State) of
                {redirect, Redirect} ->
                    Redirect;
@ -105,7 +103,9 @@ sp_saml_callback(post, Req) ->
                        reason => Reason
                    }),
                    {403, #{code => <<"UNAUTHORIZED">>, message => Reason}}
-            end
+            end;
+        _ ->
+            {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}}
    end.

 %%--------------------------------------------------------------------