calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-05 23:28:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pull the sso from the policies as well

Browse Source
This commit is contained in:
Owen
2026-06-03 16:16:42 -07:00
parent 1f43713986
commit d00b737412
3 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/db/queries/verifySessionQueries.ts
View File

@@ -46,6 +46,7 @@ export type ResourceWithAuth = {
headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null;
headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
applyRules: boolean;
sso: boolean;
org: Org;
};
@@ -215,14 +216,19 @@ export async function getResourceByDomain(
const effectivePolicyHeaderAuth = hasSharedPolicy
? result.sharedPolicyHeaderAuth
: (result.defaultPolicyHeaderAuth ?? null);
const selectedPolicy = hasSharedPolicy
? result.sharedPolicy
: result.defaultPolicy;
const effectiveApplyRules =
(hasSharedPolicy
? (result.sharedPolicy?.applyRules ?? false)
: (result.defaultPolicy?.applyRules ?? false)) ||
result.resources.applyRules;
selectedPolicy?.applyRules ?? result.resources.applyRules;
const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso;
return {
resource: { ...result.resources, applyRules: effectiveApplyRules }, // doing this for backward compatability so the remote nodes get the value as part of the resource struct
resource: {
...result.resources,
applyRules: effectiveApplyRules,
sso: effectiveSSO
}, // doing this for backward compatability so the remote nodes get the value as part of the resource struct
pincode: effectivePolicyPincode ?? result.resourcePincode,
password: effectivePolicyPassword ?? result.resourcePassword,
headerAuth: effectivePolicyHeaderAuth ?? result.resourceHeaderAuth,
@@ -235,6 +241,7 @@ export async function getResourceByDomain(
} as ResourceHeaderAuthExtendedCompatibility)
: result.resourceHeaderAuthExtendedCompatibility,
applyRules: effectiveApplyRules,
sso: effectiveSSO,
org: result.orgs
};
}

12
server/private/routers/hybrid.ts
View File

@@ -681,16 +681,18 @@ hybridRouter.get(
const effectivePolicyHeaderAuth = hasSharedPolicy
? result.sharedPolicyHeaderAuth
: (result.defaultPolicyHeaderAuth ?? null);
const selectedPolicy = hasSharedPolicy
? result.sharedPolicy
: result.defaultPolicy;
const effectiveApplyRules =
(hasSharedPolicy
? (result.sharedPolicy?.applyRules ?? false)
: (result.defaultPolicy?.applyRules ?? false)) ||
result.resources.applyRules;
selectedPolicy?.applyRules ?? result.resources.applyRules;
const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso;
const resourceWithAuth: ResourceWithAuth = {
resource: {
...result.resources,
applyRules: effectiveApplyRules
applyRules: effectiveApplyRules,
sso: effectiveSSO
},
pincode: effectivePolicyPincode ?? result.resourcePincode,
password: effectivePolicyPassword ?? result.resourcePassword,

4
server/routers/badger/verifySession.ts
View File

@@ -145,6 +145,7 @@ export async function verifyResourceSession(
| null;
headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
applyRules: boolean;
sso: boolean;
org: Org;
}
| undefined = localCache.get(resourceCacheKey);
@@ -177,6 +178,7 @@ export async function verifyResourceSession(
const {
resource,
applyRules,
sso,
pincode,
password,
headerAuth,
@@ -201,7 +203,7 @@ export async function verifyResourceSession(
return notAllowed(res);
}
const { sso, blockAccess, mode } = resource;
const { blockAccess, mode } = resource;
const dontStripSession = ["ssh", "rdp", "vnc"].includes(mode);
if (blockAccess) {