Skip to content

Commit

Permalink
Merge pull request #1911 from akto-api-security/hotfix/fix_okta_sso_i…
Browse files Browse the repository at this point in the history 
…ntegration

moving okta-sso for new id
  • Loading branch information
@notshivansh
notshivansh authored Jan 3, 2025
2 parents 3818f32 + b321ba6 commit fc80e09
Show file tree
Hide file tree
Showing 6 changed files with 68 additions and 27 deletions.
32 changes: 13 additions & 19 deletions apps/dashboard/src/main/java/com/akto/action/user/OktaSsoAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,16 @@

import java.util.ArrayList;

import org.bson.conversions.Bson;

import com.akto.action.UserAction;
import com.akto.dao.ConfigsDao;
import com.akto.dao.UsersDao;
import com.akto.dao.context.Context;
import com.akto.dto.Config;
import com.akto.dto.User;
import com.akto.dto.Config.OktaConfig;
import com.akto.util.Constants;
import com.akto.util.DashboardMode;
import com.akto.utils.sso.SsoUtils;
import com.mongodb.BasicDBObject;
Expand All @@ -29,7 +33,9 @@ public String addOktaSso() {
return ERROR.toUpperCase();
}

Config.OktaConfig oktaConfig = new Config.OktaConfig();
int accountId = Context.accountId.get();

Config.OktaConfig oktaConfig = new Config.OktaConfig(accountId);
oktaConfig.setClientId(clientId);
oktaConfig.setClientSecret(clientSecret);
oktaConfig.setAuthorisationServerId(authorisationServerId);
Expand All @@ -47,17 +53,9 @@ public String addOktaSso() {
}

public String deleteOktaSso() {
DeleteResult result;
if(DashboardMode.isOnPremDeployment()) {
result = ConfigsDao.instance.deleteAll(Filters.eq("_id", "OKTA-ankush"));
} else {
result = ConfigsDao.instance.deleteAll(
Filters.and(
Filters.eq("_id", "OKTA-ankush"),
Filters.eq(Config.OktaConfig.ACCOUNT_ID, Context.accountId.get())
)
);
}
int accountId = Context.accountId.get();
Bson idFilter = Filters.eq(Constants.ID, OktaConfig.getOktaId(accountId));
DeleteResult result = ConfigsDao.instance.deleteAll(idFilter);

if (result.getDeletedCount() > 0) {
for (Object obj : UsersDao.instance.getAllUsersInfoForTheAccount(Context.accountId.get())) {
Expand All @@ -72,13 +70,9 @@ public String deleteOktaSso() {

@Override
public String execute() throws Exception {
Config.OktaConfig oktaConfig;
if(DashboardMode.isOnPremDeployment()) {
oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne("_id", "OKTA-ankush");
} else {
String email = getSUser().getLogin();
oktaConfig = Config.getOktaConfig(email);
}
int accountId = Context.accountId.get();
Config.OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(accountId));

if (SsoUtils.isAnySsoActive() && oktaConfig == null) {
addActionError("A different SSO Integration already exists.");
return ERROR.toUpperCase();
Expand Down
24 changes: 24 additions & 0 deletions apps/dashboard/src/main/java/com/akto/listener/InitializerListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import com.akto.dto.ApiCollectionUsers.CollectionType;
import com.akto.dto.Config.AzureConfig;
import com.akto.dto.Config.ConfigType;
import com.akto.dto.Config.OktaConfig;
import com.akto.dto.RBAC.Role;
import com.akto.dto.User.AktoUIMode;
import com.akto.dto.data_types.Conditions;
Expand Down Expand Up @@ -136,6 +137,7 @@
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSASigner.stdDSA;
import org.bson.conversions.Bson;
import org.bson.types.ObjectId;
import org.checkerframework.checker.units.qual.C;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -2922,6 +2924,27 @@ private static void deleteOptionsAPIs(BackwardCompatibility backwardCompatibilit
}
}

private static void moveOktaOidcSSO(BackwardCompatibility backwardCompatibility){
if(backwardCompatibility.getMoveOktaOidcSSO() == 0){
String saltId = ConfigType.OKTA.name() + Config.CONFIG_SALT;
Config.OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(
Filters.eq(Constants.ID, saltId)
);
if(oktaConfig != null){
int accountId = Context.accountId.get();
oktaConfig.setId(OktaConfig.getOktaId(accountId));
ConfigsDao.instance.insertOne(oktaConfig);
ConfigsDao.instance.deleteAll(
Filters.eq(Constants.ID, saltId)
);
}
BackwardCompatibilityDao.instance.updateOne(
Filters.eq("_id", backwardCompatibility.getId()),
Updates.set(BackwardCompatibility.MOVE_OKTA_OIDC_SSO, Context.now())
);
}
}

public static void setBackwardCompatibilities(BackwardCompatibility backwardCompatibility){
if (DashboardMode.isMetered()) {
initializeOrganizationAccountBelongsTo(backwardCompatibility);
Expand Down Expand Up @@ -2953,6 +2976,7 @@ public static void setBackwardCompatibilities(BackwardCompatibility backwardComp
dropSpecialCharacterApiCollections(backwardCompatibility);
addDefaultAdvancedFilters(backwardCompatibility);
moveAzureSamlConfig(backwardCompatibility);
moveOktaOidcSSO(backwardCompatibility);
}

public static void printMultipleHosts(int apiCollectionId) {
Expand Down
3 changes: 2 additions & 1 deletion apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import com.akto.dao.context.Context;
import com.akto.dto.Config;
import com.akto.dto.Config.OktaConfig;
import com.akto.util.Constants;
import com.akto.utils.sso.SsoUtils;

public class OktaLogin {
Expand All @@ -23,7 +24,7 @@ public static OktaLogin getInstance() {
}

if (shouldProbeAgain) {
OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne("_id", "OKTA-ankush");
OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(Context.accountId.get()));
if (instance == null) {
instance = new OktaLogin();
}
Expand Down
7 changes: 4 additions & 3 deletions apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,18 +35,19 @@ public static boolean isAnySsoActive(int accountId){
}

public static boolean isAnySsoActive(){
int accountId = Context.accountId.get();
String oktaIdString = OktaConfig.getOktaId(accountId);
if(DashboardMode.isMetered() && !DashboardMode.isOnPremDeployment()){
int accountId = Context.accountId.get();
if(!isAnySsoActive(accountId)){
return ConfigsDao.instance.count(Filters.and(
Filters.eq(Constants.ID, "OKTA-ankush"),
Filters.eq(Constants.ID, oktaIdString),
Filters.eq(OktaConfig.ACCOUNT_ID, accountId)
)) > 0;
}else{
return true;
}
}else{
List<String> ssoList = Arrays.asList("OKTA-ankush", "GITHUB-ankush", "AZURE-ankush");
List<String> ssoList = Arrays.asList(oktaIdString, "GITHUB-ankush", "AZURE-ankush");
Bson filter = Filters.in("_id", ssoList);
return ConfigsDao.instance.count(filter) > 0;
}
Expand Down
14 changes: 13 additions & 1 deletion libs/dao/src/main/java/com/akto/dto/BackwardCompatibility.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,9 @@ public class BackwardCompatibility {
public static final String DELETE_OPTIONS_API = "deleteOptionsAPIs";
private int deleteOptionsAPIs;

public static final String MOVE_OKTA_OIDC_SSO = "moveOktaOidcSSO";
private int moveOktaOidcSSO;

public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTypeInfoCount, int dropWorkflowTestResult,
int readyForNewTestingFramework,int addAktoDataTypes, boolean deploymentStatusUpdated,
int authMechanismData, boolean mirroringLambdaTriggered, int deleteAccessListFromApiToken,
Expand All @@ -109,7 +112,7 @@ public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTy
int loginSignupGroups, int vulnerableApiUpdationVersionV1, int riskScoreGroups,
int deactivateCollections, int disableAwsSecretPii, int apiCollectionAutomatedField,
int automatedApiGroups, int addAdminRoleIfAbsent, int dropSpecialCharacterApiCollections, int fixApiAccessType,
int addDefaultFilters, int moveAzureSamlToNormalSaml, int deleteOptionsAPIs) {
int addDefaultFilters, int moveAzureSamlToNormalSaml, int deleteOptionsAPIs, int moveOktaOidcSSO) {
this.id = id;
this.dropFilterSampleData = dropFilterSampleData;
this.resetSingleTypeInfoCount = resetSingleTypeInfoCount;
Expand Down Expand Up @@ -141,6 +144,7 @@ public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTy
this.fixApiAccessType = fixApiAccessType;
this.moveAzureSamlToNormalSaml = moveAzureSamlToNormalSaml;
this.deleteOptionsAPIs = deleteOptionsAPIs;
this.moveOktaOidcSSO = moveOktaOidcSSO;
}

public BackwardCompatibility() {
Expand Down Expand Up @@ -425,4 +429,12 @@ public int getDeleteOptionsAPIs() {
public void setDeleteOptionsAPIs(int deleteOptionsAPIs) {
this.deleteOptionsAPIs = deleteOptionsAPIs;
}

public int getMoveOktaOidcSSO() {
return moveOktaOidcSSO;
}

public void setMoveOktaOidcSSO(int moveOktaOidcSSO) {
this.moveOktaOidcSSO = moveOktaOidcSSO;
}
}
15 changes: 12 additions & 3 deletions libs/dao/src/main/java/com/akto/dto/Config.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,9 +365,17 @@ public static class OktaConfig extends Config {

public static final String CONFIG_ID = ConfigType.OKTA.name() + CONFIG_SALT;

public OktaConfig() {
public OktaConfig(){
this.configType = ConfigType.OKTA;
this.id = CONFIG_ID;
}

public static String getOktaId(int accountId){
return CONFIG_ID + "_" + accountId;
}

public OktaConfig(int id) {
this.configType = ConfigType.OKTA;
this.id = CONFIG_ID + "_" + id;
}

public String getClientId() {
Expand Down Expand Up @@ -686,9 +694,10 @@ public static boolean isConfigSSOType(ConfigType configType){
}

public static OktaConfig getOktaConfig(int accountId) {
String id = OktaConfig.getOktaId(accountId);
OktaConfig config = (OktaConfig) ConfigsDao.instance.findOne(
Filters.and(
Filters.eq("_id", "OKTA-ankush"),
Filters.eq("_id", id),
Filters.eq(OktaConfig.ACCOUNT_ID, accountId)
)
);
Expand Down

0 comments on commit fc80e09

Please sign in to comment.