From 1cb01e8dd2d24840381495171099bdc22639da09 Mon Sep 17 00:00:00 2001 From: Vikrant Gupta Date: Wed, 28 May 2025 18:21:35 +0530 Subject: [PATCH] fix(saml): do not fetch the claims and use orgID from domain (#8086) * fix(saml): do not fetch the claims and use orgID from domain * fix(saml): do not fetch the claims and use orgID from domain --- ee/query-service/app/api/auth.go | 35 +++++++++++++------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/ee/query-service/app/api/auth.go b/ee/query-service/app/api/auth.go index 329d4bb793..fb248e50b1 100644 --- a/ee/query-service/app/api/auth.go +++ b/ee/query-service/app/api/auth.go @@ -9,9 +9,7 @@ import ( "go.uber.org/zap" - "github.com/SigNoz/signoz/pkg/http/render" "github.com/SigNoz/signoz/pkg/query-service/constants" - "github.com/SigNoz/signoz/pkg/types/authtypes" "github.com/SigNoz/signoz/pkg/valuer" ) @@ -25,29 +23,11 @@ func handleSsoError(w http.ResponseWriter, r *http.Request, redirectURL string) // receiveSAML completes a SAML request and gets user logged in func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) { - claims, err := authtypes.ClaimsFromContext(r.Context()) - if err != nil { - render.Error(w, err) - return - } - orgID, err := valuer.NewUUID(claims.OrgID) - if err != nil { - render.Error(w, err) - return - } - // this is the source url that initiated the login request redirectUri := constants.GetDefaultSiteURL() ctx := context.Background() - _, err = ah.Signoz.Licensing.GetActive(ctx, orgID) - if err != nil { - zap.L().Error("[receiveSAML] sso requested but feature unavailable in org domain") - http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently) - return - } - - err = r.ParseForm() + err := r.ParseForm() if err != nil { zap.L().Error("[receiveSAML] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r)) handleSsoError(w, r, redirectUri) @@ -76,6 +56,19 @@ func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) { return } + orgID, err := valuer.NewUUID(domain.OrgID) + if err != nil { + handleSsoError(w, r, redirectUri) + return + } + + _, err = ah.Signoz.Licensing.GetActive(ctx, orgID) + if err != nil { + zap.L().Error("[receiveSAML] sso requested but feature unavailable in org domain") + http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently) + return + } + sp, err := domain.PrepareSamlRequest(parsedState) if err != nil { zap.L().Error("[receiveSAML] failed to prepare saml request for domain", zap.String("domain", domain.String()), zap.Error(err))