calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-17 21:01:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow default IdP validation in global mode policies

Browse Source
This commit is contained in:
copilot-swe-agent[bot]
2026-06-16 23:43:36 +00:00
committed by GitHub
parent fec0fea766
commit ad1c8113ea
3 changed files with 63 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
server/lib/blueprints/resourcePolicies.ts
View File

@@ -74,13 +74,7 @@ export async function updateResourcePolicies(
const [provider] = await trx
.select()
.from(idp)
.innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
.where(
and(
eq(idp.idpId, policyData["auto-login-idp"]),
eq(idpOrg.orgId, orgId)
)
)
.where(eq(idp.idpId, policyData["auto-login-idp"]))
.limit(1);
if (!provider) {
@@ -88,6 +82,25 @@ export async function updateResourcePolicies(
`Identity provider not found for policy '${policyNiceId}' in this organization`
);
}
if (process.env.IDENTITY_PROVIDER_MODE === "org") {
const [providerOrg] = await trx
.select()
.from(idpOrg)
.where(
and(
eq(idpOrg.idpId, policyData["auto-login-idp"]),
eq(idpOrg.orgId, orgId)
)
)
.limit(1);
if (!providerOrg) {
throw new Error(
`Identity provider not found for policy '${policyNiceId}' in this organization`
);
}
}
}
// Look up the admin role