fix: Do not show actively disabled auth providers in self-hosted install (#4794)

* fix: Do not show actively disabled auth providers in self-hosted installation * self review * Refactor for easier mocking
2023-01-28 10:02:25 -08:00
parent aac495fa58
commit 075555a867
17 changed files with 95 additions and 62 deletions
--- a/server/models/Team.ts
+++ b/server/models/Team.ts
@@ -24,7 +24,6 @@ import { CollectionPermission, TeamPreference } from "@shared/types";
 import { getBaseDomain, RESERVED_SUBDOMAINS } from "@shared/utils/domains";
 import env from "@server/env";
 import DeleteAttachmentTask from "@server/queues/tasks/DeleteAttachmentTask";
-import isCloudHosted from "@server/utils/isCloudHosted";
 import parseAttachmentIds from "@server/utils/parseAttachmentIds";
 import Attachment from "./Attachment";
 import AuthenticationProvider from "./AuthenticationProvider";
@@ -67,9 +66,9 @@ class Team extends ParanoidModel {
  @Unique
  @Length({
    min: 2,
-    max: isCloudHosted ? 32 : 255,
+    max: env.isCloudHosted() ? 32 : 255,
    msg: `subdomain must be between 2 and ${
-      isCloudHosted ? 32 : 255
+      env.isCloudHosted() ? 32 : 255
    } characters`,
  })
  @Is({
--- a/server/models/TeamDomain.ts
+++ b/server/models/TeamDomain.ts
@@ -10,8 +10,8 @@ import {
  BeforeCreate,
 } from "sequelize-typescript";
 import { TeamValidation } from "@shared/validations";
+import env from "@server/env";
 import { ValidationError } from "@server/errors";
-import isCloudHosted from "@server/utils/isCloudHosted";
 import Team from "./Team";
 import User from "./User";
 import IdModel from "./base/IdModel";
@@ -23,7 +23,7 @@ import Length from "./validators/Length";
@Fix
 class TeamDomain extends IdModel {
  @NotIn({
-    args: isCloudHosted ? [emailProviders] : [],
+    args: env.isCloudHosted() ? [emailProviders] : [],
    msg: "You chose a restricted domain, please try another.",
  })
  @NotEmpty
--- a/server/models/helpers/AuthenticationHelper.ts
+++ b/server/models/helpers/AuthenticationHelper.ts
@@ -0,0 +1,42 @@
+import { find } from "lodash";
+import env from "@server/env";
+import Team from "@server/models/Team";
+import providerConfigs from "../../routes/auth/providers";
+
+export default class AuthenticationHelper {
+  /**
+   * Returns the enabled authentication provider configurations for a team,
+   * if given otherwise all enabled providers are returned.
+   *
+   * @param team The team to get enabled providers for
+   * @returns A list of authentication providers
+   */
+  static providersForTeam(team?: Team) {
+    const isCloudHosted = env.isCloudHosted();
+
+    return providerConfigs
+      .sort((config) => (config.id === "email" ? 1 : -1))
+      .filter((config) => {
+        // guest sign-in is an exception as it does not have an authentication
+        // provider using passport, instead it exists as a boolean option on the team
+        if (config.id === "email") {
+          return team?.emailSigninEnabled;
+        }
+        if (!team) {
+          return true;
+        }
+
+        const authProvider = find(team.authenticationProviders, {
+          name: config.id,
+        });
+
+        // If cloud hosted then the auth provider must be enabled for the team,
+        // If self-hosted then it must not be actively disabled, otherwise all
+        // providers are considered.
+        return (
+          (!isCloudHosted && authProvider?.enabled !== false) ||
+          (isCloudHosted && authProvider?.enabled)
+        );
+      });
+  }
+}