mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-01 03:55:22 +02:00
feat(sso): update SAML registration dialog and settings for improved metadata handling
- Added support for IdP metadata XML in the SAML registration dialog, allowing users to paste full metadata for configuration. - Updated the callback URL and audience handling to dynamically incorporate the base URL. - Refactored the SSO settings to enable SAML provider registration and improved the display of callback URLs based on provider details. - Enhanced trusted origins configuration in the authentication logic to include additional domains for development and production environments.
This commit is contained in:
@@ -25,7 +25,7 @@ export const { handler, api } = betterAuth({
|
||||
schema: schema,
|
||||
}),
|
||||
disabledPaths: [
|
||||
"/sso/register",
|
||||
// "/sso/register",
|
||||
"/organization/create",
|
||||
"/organization/update",
|
||||
"/organization/delete",
|
||||
@@ -44,30 +44,35 @@ export const { handler, api } = betterAuth({
|
||||
logger: {
|
||||
disabled: process.env.NODE_ENV === "production",
|
||||
},
|
||||
...(!IS_CLOUD && {
|
||||
async trustedOrigins() {
|
||||
const settings = await getWebServerSettings();
|
||||
if (!settings) {
|
||||
return [];
|
||||
}
|
||||
// ...(!IS_CLOUD && {
|
||||
async trustedOrigins() {
|
||||
const settings = await getWebServerSettings();
|
||||
if (!settings) {
|
||||
return [];
|
||||
}
|
||||
|
||||
const providers = await getSSOProviders();
|
||||
const domains = providers.map((provider) => provider.issuer);
|
||||
return [
|
||||
...(settings?.serverIp ? [`http://${settings?.serverIp}:3000`] : []),
|
||||
...(settings?.host ? [`https://${settings?.host}`] : []),
|
||||
...domains.map((domain) => domain),
|
||||
...(process.env.NODE_ENV === "development"
|
||||
? [
|
||||
"http://localhost:3000",
|
||||
"https://absolutely-handy-falcon.ngrok-free.app",
|
||||
"https://dev-pee8hhc3qbjlqedb.us.auth0.com",
|
||||
"https://trial-2804699.okta.com",
|
||||
]
|
||||
: []),
|
||||
];
|
||||
},
|
||||
}),
|
||||
const providers = await getSSOProviders();
|
||||
const issuerOrigins = providers.map((provider) => provider.issuer);
|
||||
|
||||
return [
|
||||
...(settings?.serverIp ? [`http://${settings?.serverIp}:3000`] : []),
|
||||
...(settings?.host ? [`https://${settings?.host}`] : []),
|
||||
...issuerOrigins,
|
||||
...(process.env.NODE_ENV === "development"
|
||||
? [
|
||||
"http://localhost:3000",
|
||||
"https://absolutely-handy-falcon.ngrok-free.app",
|
||||
"https://dev-pee8hhc3qbjlqedb.us.auth0.com",
|
||||
"https://trial-2804699.okta.com",
|
||||
"https://login.microsoftonline.com",
|
||||
"https://graph.microsoft.com",
|
||||
]
|
||||
: []),
|
||||
];
|
||||
},
|
||||
// Untrusted OIDC discovery URL: The main discovery endpoint "https://login.microsoftonline.com/9f26c287-38e9-4731-9d1d-506365a6cc8e/.well-known/openid-configuration" is not trusted by your trusted origins configuration.
|
||||
|
||||
// }),
|
||||
emailVerification: {
|
||||
sendOnSignUp: true,
|
||||
autoSignInAfterVerification: true,
|
||||
@@ -120,7 +125,7 @@ export const { handler, api } = betterAuth({
|
||||
});
|
||||
}
|
||||
} else {
|
||||
const isSSORequest = context?.path.includes("/sso/callback");
|
||||
const isSSORequest = context?.path.includes("/sso");
|
||||
if (isSSORequest) {
|
||||
return;
|
||||
}
|
||||
@@ -136,7 +141,7 @@ export const { handler, api } = betterAuth({
|
||||
}
|
||||
},
|
||||
after: async (user, context) => {
|
||||
const isSSORequest = context?.path.includes("/sso/callback");
|
||||
const isSSORequest = context?.path.includes("/sso");
|
||||
const isAdminPresent = await db.query.member.findFirst({
|
||||
where: eq(schema.member.role, "owner"),
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user