Allow for prefix/suffix to SSO GroupNames #4902

hardillb · 2024-12-11T14:01:12Z

Description

Allows a prefix and suffix length to be defined for SSO group names, this works for both SAML and LDAP.

e.g.

ff requires groupnames in the following format ff-teamslug-role, this allows an arbitrary number of characters to be before and after this format. e.g.

with prefix and suffix length set to 5 the following group would match

test_ff-teamslug-role_test

Related Issue(s)

#4768

Checklist

I have read the contribution guidelines
Suitable unit/system level tests have been added and they pass
Documentation has been updated
- Upgrade instructions
- Configuration details
- Concepts
Changes flowforge.yml?
- Issue/PR raised on FlowFuse/helm to update ConfigMap Template
- Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production

Labels

Includes a DB migration? -> add the area:migration label

fixes #4768

hardillb · 2024-12-11T14:01:21Z

~~Needs a doc update~~

codecov · 2024-12-11T14:22:48Z

Codecov Report

Attention: Patch coverage is 53.84615% with 6 lines in your changes missing coverage. Please review.

Project coverage is 78.69%. Comparing base (b545283) to head (9d3306b).
Report is 36 commits behind head on main.

Files with missing lines	Patch %	Lines
forge/ee/lib/sso/index.js	53.84%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4902      +/-   ##
==========================================
- Coverage   78.74%   78.69%   -0.06%     
==========================================
  Files         323      323              
  Lines       15221    15242      +21     
  Branches     3496     3504       +8     
==========================================
+ Hits        11986    11994       +8     
- Misses       3235     3248      +13

Flag	Coverage Δ
backend	`78.69% <53.84%> (-0.06%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

hardillb · 2024-12-11T15:52:03Z

Tests for SAML pattern, the LDAP function needs a functional LDAP server to run against.

I did test both against my local KeyCloak and LDAP system

docs/admin/sso/ldap.md

docs/admin/sso/saml.md

frontend/src/pages/admin/Settings/SSO/createEditProvider.vue

test/unit/forge/ee/lib/sso/index_spec.js

knolleary

Approved, but some doc/text/updates to apply first.

Co-authored-by: Nick O'Leary <nick.oleary@gmail.com>

hardillb added 2 commits December 11, 2024 11:51

Allow for prefix/suffix to SSO GroupNames

89b7dcf

fixes #4768

Add a bit of logging

23538ce

hardillb self-assigned this Dec 11, 2024

hardillb added 2 commits December 11, 2024 14:02

fix lint

0c40c13

Add docs

f2c3869

hardillb requested a review from knolleary December 11, 2024 14:12

hardillb temporarily deployed to staging December 11, 2024 14:18 — with GitHub Actions Inactive

Add test

36b01f3

hardillb temporarily deployed to staging December 11, 2024 15:23 — with GitHub Actions Inactive

remove only from tests

9713666

hardillb temporarily deployed to staging December 11, 2024 16:31 — with GitHub Actions Inactive