Merge branch 'dev' into alerting-rules

2026-05-04 11:34:19 +00:00 · 2026-04-20 16:54:20 -07:00
parent b2d5a1ffdf 54adcd2c56
commit bf1787acd5
115 changed files with 2189 additions and 473 deletions
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -42,7 +42,9 @@ import {
    verifyRoleAccess,
    verifyUserAccess,
    verifyUserCanSetUserOrgRoles,
-    verifySiteProvisioningKeyAccess
+    verifySiteProvisioningKeyAccess,
+    verifyIsLoggedInUser,
+    verifyAdmin
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
 import {
@@ -89,6 +91,7 @@ authenticated.put(
    "/org/:orgId/idp/oidc",
    verifyValidLicense,
    verifyValidSubscription(tierMatrix.orgOidc),
+    orgIdp.requireOrgIdentityProviderMode,
    verifyOrgAccess,
    verifyLimits,
    verifyUserHasAction(ActionsEnum.createIdp),
@@ -96,10 +99,23 @@ authenticated.put(
    orgIdp.createOrgOidcIdp
 );

+authenticated.post(
+    "/org/:orgId/idp/:idpId/import",
+    verifyValidLicense,
+    verifyValidSubscription(tierMatrix.orgOidc),
+    orgIdp.requireOrgIdentityProviderMode,
+    verifyOrgAccess,
+    verifyLimits,
+    verifyAdmin,
+    logActionAudit(ActionsEnum.createIdp),
+    orgIdp.importOrgIdp
+);
+
 authenticated.post(
    "/org/:orgId/idp/:idpId/oidc",
    verifyValidLicense,
    verifyValidSubscription(tierMatrix.orgOidc),
+    orgIdp.requireOrgIdentityProviderMode,
    verifyOrgAccess,
    verifyIdpAccess,
    verifyLimits,
@@ -111,6 +127,7 @@ authenticated.post(
 authenticated.delete(
    "/org/:orgId/idp/:idpId",
    verifyValidLicense,
+    orgIdp.requireOrgIdentityProviderMode,
    verifyOrgAccess,
    verifyIdpAccess,
    verifyUserHasAction(ActionsEnum.deleteIdp),
@@ -118,6 +135,17 @@ authenticated.delete(
    orgIdp.deleteOrgIdp
 );

+authenticated.delete(
+    "/org/:orgId/idp/:idpId/association",
+    verifyValidLicense,
+    orgIdp.requireOrgIdentityProviderMode,
+    verifyOrgAccess,
+    verifyIdpAccess,
+    verifyUserHasAction(ActionsEnum.deleteIdp),
+    logActionAudit(ActionsEnum.deleteIdp),
+    orgIdp.unassociateOrgIdp
+);
+
 authenticated.get(
    "/org/:orgId/idp/:idpId",
    verifyValidLicense,
@@ -127,16 +155,14 @@ authenticated.get(
    orgIdp.getOrgIdp
 );

-authenticated.get(
-    "/org/:orgId/idp",
-    verifyValidLicense,
-    verifyOrgAccess,
-    verifyUserHasAction(ActionsEnum.listIdps),
-    orgIdp.listOrgIdps
-);
-
 authenticated.get("/org/:orgId/idp", orgIdp.listOrgIdps); // anyone can see this; it's just a list of idp names and ids

+authenticated.get(
+    "/user/:userId/admin-org-idps",
+    verifyIsLoggedInUser,
+    orgIdp.listUserAdminOrgIdps
+);
+
 authenticated.get(
    "/org/:orgId/certificate/:domainId/:domain",
    verifyValidLicense,