fix(SSO): #519 の一部API・データのフォーマットの問題を修正 (#520)

MisskeyIO · Mar 14, 2024 · 13ae8e1 · 13ae8e1
1 parent 8c1db33
commit 13ae8e1
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 23 deletions.
diff --git a/packages/backend/src/server/api/endpoints/admin/sso/create.ts b/packages/backend/src/server/api/endpoints/admin/sso/create.ts
@@ -125,7 +125,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				name: ps.name ? ps.name : null,
 				type: ps.type,
 				issuer: ps.issuer,
-				audience: ps.audience,
+				audience: ps.audience?.filter(i => !!i),
 				acsUrl: ps.acsUrl,
 				publicKey: publicKey,
 				privateKey: privateKey,

diff --git a/packages/backend/src/server/api/endpoints/admin/sso/update.ts b/packages/backend/src/server/api/endpoints/admin/sso/update.ts
@@ -25,17 +25,17 @@ export const meta = {
 export const paramDef = {
 	type: 'object',
 	properties: {
-		id: { type: 'string' },
-		name: { type: 'string' },
-		issuer: { type: 'string' },
+		id: { type: 'string', nullable: false },
+		name: { type: 'string', nullable: true },
+		issuer: { type: 'string', nullable: false },
 		audience: { type: 'array', items: { type: 'string', nullable: false } },
-		acsUrl: { type: 'string' },
-		signatureAlgorithm: { type: 'string' },
-		cipherAlgorithm: { type: 'string' },
-		wantAuthnRequestsSigned: { type: 'boolean' },
-		wantAssertionsSigned: { type: 'boolean' },
-		regenerateCertificate: { type: 'boolean' },
-		secret: { type: 'string' },
+		acsUrl: { type: 'string', nullable: false },
+		signatureAlgorithm: { type: 'string', nullable: false },
+		cipherAlgorithm: { type: 'string', nullable: true },
+		wantAuthnRequestsSigned: { type: 'boolean', nullable: false },
+		wantAssertionsSigned: { type: 'boolean', nullable: false },
+		regenerateCertificate: { type: 'boolean', nullable: true },
+		secret: { type: 'string', nullable: true },
 	},
 	required: ['id'],
 } as const;
@@ -64,7 +64,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			await this.singleSignOnServiceProviderRepository.update(service.id, {
 				name: ps.name !== '' ? ps.name : null,
 				issuer: ps.issuer,
-				audience: ps.audience,
+				audience: ps.audience?.filter(i => !!i),
 				acsUrl: ps.acsUrl,
 				publicKey: publicKey,
 				privateKey: privateKey,

diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
@@ -526,7 +526,7 @@ export class OAuth2ProviderService {
 				email: user?.email,
 				email_verified: user?.emailVerified,
 				mfa_enabled: user?.twoFactorEnabled,
-				updated_at: (accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000,
+				updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000),
 			};
 		});
 	}

diff --git a/packages/backend/src/server/sso/JWTIdentifyProviderService.ts b/packages/backend/src/server/sso/JWTIdentifyProviderService.ts
@@ -184,7 +184,7 @@ export class JWTIdentifyProviderService {
 				email: profile.email,
 				email_verified: profile.emailVerified,
 				mfa_enabled: profile.twoFactorEnabled,
-				updated_at: (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
+				updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
 				admin: isAdministrator,
 				moderator: isModerator,
 				roles: roles.filter(r => r.isPublic).map(r => r.id),

diff --git a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts
@@ -56,7 +56,10 @@ export class SAMLIdentifyProviderService {
 		provider: MiSingleSignOnServiceProvider,
 	): Promise<string> {
 		const today = new Date();
-		const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
+		const publicKey = await jose
+			.importJWK(JSON.parse(provider.publicKey))
+			.then(k => jose.exportSPKI(k as jose.KeyLike))
+			.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
 
 		const nodes = {
 			'md:EntityDescriptor': {
@@ -103,7 +106,10 @@ export class SAMLIdentifyProviderService {
 		provider: MiSingleSignOnServiceProvider,
 	): Promise<string> {
 		const today = new Date();
-		const publicKey = await jose.importJWK(JSON.parse(provider.publicKey)).then((r) => jose.exportSPKI(r as jose.KeyLike));
+		const publicKey = await jose
+			.importJWK(JSON.parse(provider.publicKey))
+			.then(k => jose.exportSPKI(k as jose.KeyLike))
+			.then(k => k.replace(/-----(?:BEGIN|END) PUBLIC KEY-----|\s/g, ''));
 
 		const keyDescriptor: unknown[] = [
 			{
@@ -230,7 +236,8 @@ export class SAMLIdentifyProviderService {
 				metadata: await this.createIdPMetadataXml(ssoServiceProvider),
 				privateKey: await jose
 					.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
-					.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
+					.then(k => jose.exportPKCS8(k as jose.KeyLike))
+					.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
 			});
 
 			const sp = saml.ServiceProvider({
@@ -364,7 +371,8 @@ export class SAMLIdentifyProviderService {
 					metadata: await this.createIdPMetadataXml(ssoServiceProvider),
 					privateKey: await jose
 						.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
-						.then((r) => jose.exportPKCS8(r as jose.KeyLike)),
+						.then(k => jose.exportPKCS8(k as jose.KeyLike))
+						.then(k => k.replace(/-----(?:BEGIN|END) PRIVATE KEY-----|\s/g, '')),
 					loginResponseTemplate: { context: 'ignored' },
 				});
 
@@ -557,7 +565,7 @@ export class SAMLIdentifyProviderService {
 													'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
 												'saml:AttributeValue': {
 													'@xsi:type': 'xs:integer',
-													'#text': (user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000,
+													'#text': Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
 												},
 											},
 											{

diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts
@@ -10539,16 +10539,16 @@ export type operations = {
       content: {
         'application/json': {
           id: string;
-          name?: string;
+          name?: string | null;
           issuer?: string;
           audience?: string[];
           acsUrl?: string;
           signatureAlgorithm?: string;
-          cipherAlgorithm?: string;
+          cipherAlgorithm?: string | null;
           wantAuthnRequestsSigned?: boolean;
           wantAssertionsSigned?: boolean;
-          regenerateCertificate?: boolean;
-          secret?: string;
+          regenerateCertificate?: boolean | null;
+          secret?: string | null;
         };
       };
     };