diff --git a/server/db/queries/verifySessionQueries.ts b/server/db/queries/verifySessionQueries.ts index 88c97abbb..c1122f04c 100644 --- a/server/db/queries/verifySessionQueries.ts +++ b/server/db/queries/verifySessionQueries.ts @@ -46,6 +46,7 @@ export type ResourceWithAuth = { headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null; headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null; applyRules: boolean; + sso: boolean; org: Org; }; @@ -215,14 +216,19 @@ export async function getResourceByDomain( const effectivePolicyHeaderAuth = hasSharedPolicy ? result.sharedPolicyHeaderAuth : (result.defaultPolicyHeaderAuth ?? null); + const selectedPolicy = hasSharedPolicy + ? result.sharedPolicy + : result.defaultPolicy; const effectiveApplyRules = - (hasSharedPolicy - ? (result.sharedPolicy?.applyRules ?? false) - : (result.defaultPolicy?.applyRules ?? false)) || - result.resources.applyRules; + selectedPolicy?.applyRules ?? result.resources.applyRules; + const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso; return { - resource: { ...result.resources, applyRules: effectiveApplyRules }, // doing this for backward compatability so the remote nodes get the value as part of the resource struct + resource: { + ...result.resources, + applyRules: effectiveApplyRules, + sso: effectiveSSO + }, // doing this for backward compatability so the remote nodes get the value as part of the resource struct pincode: effectivePolicyPincode ?? result.resourcePincode, password: effectivePolicyPassword ?? result.resourcePassword, headerAuth: effectivePolicyHeaderAuth ?? result.resourceHeaderAuth, @@ -235,6 +241,7 @@ export async function getResourceByDomain( } as ResourceHeaderAuthExtendedCompatibility) : result.resourceHeaderAuthExtendedCompatibility, applyRules: effectiveApplyRules, + sso: effectiveSSO, org: result.orgs }; } diff --git a/server/private/routers/hybrid.ts b/server/private/routers/hybrid.ts index 88ba8d26b..eecf5063a 100644 --- a/server/private/routers/hybrid.ts +++ b/server/private/routers/hybrid.ts @@ -681,16 +681,18 @@ hybridRouter.get( const effectivePolicyHeaderAuth = hasSharedPolicy ? result.sharedPolicyHeaderAuth : (result.defaultPolicyHeaderAuth ?? null); + const selectedPolicy = hasSharedPolicy + ? result.sharedPolicy + : result.defaultPolicy; const effectiveApplyRules = - (hasSharedPolicy - ? (result.sharedPolicy?.applyRules ?? false) - : (result.defaultPolicy?.applyRules ?? false)) || - result.resources.applyRules; + selectedPolicy?.applyRules ?? result.resources.applyRules; + const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso; const resourceWithAuth: ResourceWithAuth = { resource: { ...result.resources, - applyRules: effectiveApplyRules + applyRules: effectiveApplyRules, + sso: effectiveSSO }, pincode: effectivePolicyPincode ?? result.resourcePincode, password: effectivePolicyPassword ?? result.resourcePassword, diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts index 0b03aef58..e7a358c27 100644 --- a/server/routers/badger/verifySession.ts +++ b/server/routers/badger/verifySession.ts @@ -145,6 +145,7 @@ export async function verifyResourceSession( | null; headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null; applyRules: boolean; + sso: boolean; org: Org; } | undefined = localCache.get(resourceCacheKey); @@ -177,6 +178,7 @@ export async function verifyResourceSession( const { resource, applyRules, + sso, pincode, password, headerAuth, @@ -201,7 +203,7 @@ export async function verifyResourceSession( return notAllowed(res); } - const { sso, blockAccess, mode } = resource; + const { blockAccess, mode } = resource; const dontStripSession = ["ssh", "rdp", "vnc"].includes(mode); if (blockAccess) {