Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 60

Allow short IdP name in server validation (#4077)

Browse source 
A customer encountered an error when setting the value to "SSO" which
seems quite reasonable.
This commit is contained in:
Zach Wasserman 2022-02-13 19:35:59 -08:00 committed by GitHub
parent 67827474c2
commit 1e843f3b89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changes/allow-short-idp-name Normal file
View file

@ -0,0 +1 @@
* Allow IdP name to be configured to a value shorter than 4 characters.

7
server/service/appconfig.go
View file

@ -210,10 +210,6 @@ func validateSSOSettings(p fleet.AppConfig, existing *fleet.AppConfig, invalid *
if existing.SSOSettings.IDPName == "" {
invalid.Append("idp_name", "required")
}
} else {
if len(p.SSOSettings.IDPName) < 4 {
invalid.Append("idp_name", "must be 4 or more characters")
}
}
}
}
@ -365,7 +361,8 @@ func connectTLS(ctx context.Context, serverURL *url.URL) (*tls.Conn, error) {
// if that fails, use insecure
dial := func(insecure bool) (*tls.Conn, error) {
conn, err := tls.Dial("tcp", hostport, &tls.Config{
InsecureSkipVerify: insecure})
InsecureSkipVerify: insecure,
})
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "dial tls")
}

17
server/service/appconfig_test.go
View file

@ -227,7 +227,6 @@ func TestSSONotPresent(t *testing.T) {
var p fleet.AppConfig
validateSSOSettings(p, &fleet.AppConfig{}, invalid)
assert.False(t, invalid.HasErrors())
}
func TestNeedFieldsPresent(t *testing.T) {
@ -245,6 +244,22 @@ func TestNeedFieldsPresent(t *testing.T) {
assert.False(t, invalid.HasErrors())
}
func TestShortIDPName(t *testing.T) {
invalid := &fleet.InvalidArgumentError{}
config := fleet.AppConfig{
SSOSettings: fleet.SSOSettings{
EnableSSO: true,
EntityID: "fleet",
IssuerURI: "http://issuer.idp.com",
MetadataURL: "http://isser.metadata.com",
// A customer once found the Fleet server erroring when they used "SSO" for their IdP name.
IDPName: "SSO",
},
}
validateSSOSettings(config, &fleet.AppConfig{}, invalid)
assert.False(t, invalid.HasErrors())
}
func TestMissingMetadata(t *testing.T) {
invalid := &fleet.InvalidArgumentError{}
config := fleet.AppConfig{