Block inviting members to organization if SAML SSO is configured

2026-05-02 03:02:03 -04:00 · 2023-07-23 13:05:37 +07:00
parent 5b36227321
commit 39ba795604
4 changed files with 47 additions and 4 deletions
--- a/backend/src/controllers/v1/membershipOrgController.ts
+++ b/backend/src/controllers/v1/membershipOrgController.ts
@@ -1,6 +1,7 @@
 import { Types } from "mongoose";
 import { Request, Response } from "express";
 import { MembershipOrg, Organization, User } from "../../models";
+import { SSOConfig } from "../../ee/models";
 import { deleteMembershipOrg as deleteMemberFromOrg } from "../../helpers/membershipOrg";
 import { createToken } from "../../helpers/auth";
 import { updateSubscriptionOrgQuantity } from "../../helpers/organization";
@@ -110,6 +111,18 @@ export const inviteUserToOrganization = async (req: Request, res: Response) => {
  }

  const plan = await EELicenseService.getPlan(organizationId);
+  
+  const ssoConfig = await SSOConfig.findOne({
+    organization: new Types.ObjectId(organizationId)
+  });
+
+  if (ssoConfig && ssoConfig.isActive) {
+    // case: SAML SSO is enabled for the organization
+    return res.status(400).send({
+      message:
+        "Failed to invite member due to SAML SSO configured for organization"
+    }); 
+  }

  if (plan.memberLimit !== null) {
    // case: limit imposed on number of members allowed
--- a/backend/src/ee/controllers/v1/ssoController.ts
+++ b/backend/src/ee/controllers/v1/ssoController.ts
@@ -10,6 +10,7 @@ import { getSSOConfigHelper } from "../../helpers/organizations";
 import { client } from "../../../config";
 import { ResourceNotFoundError } from "../../../utils/errors";
 import { getSiteURL } from "../../../config";
+import { EELicenseService } from "../../services";

 /**
 * Redirect user to appropriate SSO endpoint after successful authentication
@@ -58,6 +59,12 @@ export const updateSSOConfig = async (req: Request, res: Response) => {
        cert,
        audience
    } = req.body;
+
+    const plan = await EELicenseService.getPlan(organizationId);
+    
+    if (!plan.samlSSO) return res.status(400).send({
+        message: "Failed to update SAML SSO configuration due to plan restriction. Upgrade plan to update SSO configuration."
+    });
    
    interface PatchUpdate {
        authProvider?: string;
@@ -203,6 +210,12 @@ export const createSSOConfig = async (req: Request, res: Response) => {
        cert,
        audience
    } = req.body;
+
+    const plan = await EELicenseService.getPlan(organizationId);
+    
+    if (!plan.samlSSO) return res.status(400).send({
+        message: "Failed to create SAML SSO configuration due to plan restriction. Upgrade plan to add SSO configuration."
+    });
    
    const key = await BotOrgService.getSymmetricKey(
        new Types.ObjectId(organizationId)
--- a/frontend/src/pages/project/[id]/members/index.tsx
+++ b/frontend/src/pages/project/[id]/members/index.tsx
@@ -183,7 +183,9 @@ export default function Users() {
        <div className="ml-2 flex min-w-max flex-row items-start justify-start">
          <Button
            text={String(t("section.members.add-member"))}
-            onButtonPressed={openAddModal}
+            onButtonPressed={() => {
+              openAddModal();
+            }}
            color="mineshaft"
            size="md"
            icon={faPlus}
--- a/frontend/src/views/Org/MembersPage/components/OrgMembersTable/OrgMembersTable.tsx
+++ b/frontend/src/views/Org/MembersPage/components/OrgMembersTable/OrgMembersTable.tsx
@@ -6,6 +6,7 @@ import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { yupResolver } from "@hookform/resolvers/yup";
 import * as yup from "yup";

+import { useNotificationContext } from "@app/components/context/Notifications/NotificationProvider";
 import {
  Button,
  DeleteActionModal,
@@ -26,9 +27,11 @@ import {
  Th,
  THead,
  Tr,
-  UpgradePlanModal} from "@app/components/v2";
-import { useWorkspace } from "@app/context";
+  UpgradePlanModal
+} from "@app/components/v2";
+import { useOrganization , useWorkspace } from "@app/context";
 import { usePopUp, useToggle } from "@app/hooks";
+import { useGetSSOConfig } from "@app/hooks/api";
 import { useFetchServerStatus } from "@app/hooks/api/serverDetails";
 import { OrgUser, Workspace } from "@app/hooks/api/types";

@@ -69,6 +72,9 @@ export const OrgMembersTable = ({
  setCompleteInviteLink
 }: Props) => {
  const router = useRouter();
+  const { createNotification } = useNotificationContext();
+  const { currentOrg } = useOrganization();
+  const { data: ssoConfig, isLoading: isLoadingSSOConfig } = useGetSSOConfig(currentOrg?._id ?? "");
  const [searchMemberFilter, setSearchMemberFilter] = useState("");
  const {data: serverDetails } = useFetchServerStatus()
  const { workspaces } = useWorkspace();
@@ -79,7 +85,7 @@ export const OrgMembersTable = ({
    "upgradePlan",
    "setUpEmail"
  ] as const);
-
+  
  useEffect(() => {
    if (router.query.action === "invite") {
      handlePopUpOpen("addMember");
@@ -152,6 +158,15 @@ export const OrgMembersTable = ({
        <Button
          leftIcon={<FontAwesomeIcon icon={faPlus} />}
          onClick={() => {
+            if (!isLoadingSSOConfig && ssoConfig && ssoConfig.isActive) {
+              createNotification({
+                text: "You cannot invite users when SAML SSO is configured for your organization",
+                type: "error"
+              });
+              
+              return;
+            }
+            
            if (isMoreUserNotAllowed) {
              handlePopUpOpen("upgradePlan");
            } else {