calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-08 16:43:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pull the sso from the policies as well

Browse Source
This commit is contained in:
Owen
2026-06-03 16:16:42 -07:00
parent 1f43713986
commit d00b737412
3 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/db/queries/verifySessionQueries.ts
View File

@@ -46,6 +46,7 @@ export type ResourceWithAuth = {
headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null; headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null;
headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null; headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
applyRules: boolean; applyRules: boolean;
sso: boolean;
org: Org; org: Org;
}; };
@@ -215,14 +216,19 @@ export async function getResourceByDomain(
const effectivePolicyHeaderAuth = hasSharedPolicy const effectivePolicyHeaderAuth = hasSharedPolicy
? result.sharedPolicyHeaderAuth ? result.sharedPolicyHeaderAuth
: (result.defaultPolicyHeaderAuth ?? null); : (result.defaultPolicyHeaderAuth ?? null);
const selectedPolicy = hasSharedPolicy
? result.sharedPolicy
: result.defaultPolicy;
const effectiveApplyRules = const effectiveApplyRules =
(hasSharedPolicy selectedPolicy?.applyRules ?? result.resources.applyRules;
? (result.sharedPolicy?.applyRules ?? false) const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso;
: (result.defaultPolicy?.applyRules ?? false)) ||
result.resources.applyRules;
return { return {
resource: { ...result.resources, applyRules: effectiveApplyRules }, // doing this for backward compatability so the remote nodes get the value as part of the resource struct resource: {
...result.resources,
applyRules: effectiveApplyRules,
sso: effectiveSSO
}, // doing this for backward compatability so the remote nodes get the value as part of the resource struct
pincode: effectivePolicyPincode ?? result.resourcePincode, pincode: effectivePolicyPincode ?? result.resourcePincode,
password: effectivePolicyPassword ?? result.resourcePassword, password: effectivePolicyPassword ?? result.resourcePassword,
headerAuth: effectivePolicyHeaderAuth ?? result.resourceHeaderAuth, headerAuth: effectivePolicyHeaderAuth ?? result.resourceHeaderAuth,
@@ -235,6 +241,7 @@ export async function getResourceByDomain(
} as ResourceHeaderAuthExtendedCompatibility) } as ResourceHeaderAuthExtendedCompatibility)
: result.resourceHeaderAuthExtendedCompatibility, : result.resourceHeaderAuthExtendedCompatibility,
applyRules: effectiveApplyRules, applyRules: effectiveApplyRules,
sso: effectiveSSO,
org: result.orgs org: result.orgs
}; };
} }

12
server/private/routers/hybrid.ts
View File

@@ -681,16 +681,18 @@ hybridRouter.get(
const effectivePolicyHeaderAuth = hasSharedPolicy const effectivePolicyHeaderAuth = hasSharedPolicy
? result.sharedPolicyHeaderAuth ? result.sharedPolicyHeaderAuth
: (result.defaultPolicyHeaderAuth ?? null); : (result.defaultPolicyHeaderAuth ?? null);
const selectedPolicy = hasSharedPolicy
? result.sharedPolicy
: result.defaultPolicy;
const effectiveApplyRules = const effectiveApplyRules =
(hasSharedPolicy selectedPolicy?.applyRules ?? result.resources.applyRules;
? (result.sharedPolicy?.applyRules ?? false) const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso;
: (result.defaultPolicy?.applyRules ?? false)) ||
result.resources.applyRules;
const resourceWithAuth: ResourceWithAuth = { const resourceWithAuth: ResourceWithAuth = {
resource: { resource: {
...result.resources, ...result.resources,
applyRules: effectiveApplyRules applyRules: effectiveApplyRules,
sso: effectiveSSO
}, },
pincode: effectivePolicyPincode ?? result.resourcePincode, pincode: effectivePolicyPincode ?? result.resourcePincode,
password: effectivePolicyPassword ?? result.resourcePassword, password: effectivePolicyPassword ?? result.resourcePassword,

4
server/routers/badger/verifySession.ts
View File

@@ -145,6 +145,7 @@ export async function verifyResourceSession(
| null; | null;
headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null; headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
applyRules: boolean; applyRules: boolean;
sso: boolean;
org: Org; org: Org;
} }
| undefined = localCache.get(resourceCacheKey); | undefined = localCache.get(resourceCacheKey);
@@ -177,6 +178,7 @@ export async function verifyResourceSession(
const { const {
resource, resource,
applyRules, applyRules,
sso,
pincode, pincode,
password, password,
headerAuth, headerAuth,
@@ -201,7 +203,7 @@ export async function verifyResourceSession(
return notAllowed(res); return notAllowed(res);
} }
const { sso, blockAccess, mode } = resource; const { blockAccess, mode } = resource;
const dontStripSession = ["ssh", "rdp", "vnc"].includes(mode); const dontStripSession = ["ssh", "rdp", "vnc"].includes(mode);
if (blockAccess) { if (blockAccess) {