diff --git a/migrations/20220426060528-make-apps-sso-consistent.js b/migrations/20220426060528-make-apps-sso-consistent.js new file mode 100644 index 000000000..eca598114 --- /dev/null +++ b/migrations/20220426060528-make-apps-sso-consistent.js @@ -0,0 +1,22 @@ +'use strict'; + +const async = require('async'); + +exports.up = function(db, callback) { + db.all('SELECT * FROM apps', function (error, apps) { + if (error) return callback(error); + + async.eachSeries(apps, function (app, iteratorDone) { + const manifest = JSON.parse(app.manifestJson); + const hasSso = !!manifest.addons['proxyAuth'] || !!manifest.addons['ldap']; + if (hasSso || !app.sso) return iteratorDone(); + + console.log(`Unsetting sso flag of ${app.id}`); + db.runSql('UPDATE apps SET sso=? WHERE id=?', [ 0, app.id ], iteratorDone); + }, callback); + }); +}; + +exports.down = function(db, callback) { + callback(); +}; diff --git a/src/apps.js b/src/apps.js index ff7edb5d8..86b854ef3 100644 --- a/src/apps.js +++ b/src/apps.js @@ -1284,7 +1284,7 @@ async function install(data, auditSource) { let sso = 'sso' in data ? data.sso : null; if ('sso' in data && !('optionalSso' in manifest)) throw new BoxError(BoxError.BAD_FIELD, 'sso can only be specified for apps with optionalSso'); // if sso was unspecified, enable it by default if possible - if (sso === null) sso = !!manifest.addons['ldap'] || !!manifest.addons['proxyAuth']; + if (sso === null) sso = !!manifest.addons?.ldap || !!manifest.addons?.proxyAuth; error = validateEnv(env); if (error) throw error; @@ -1850,6 +1850,9 @@ async function updateApp(app, data, auditSource) { values.mailboxDomain = app.domain; } + const hasSso = !!updateConfig.manifest.addons?.proxyAuth || !!updateConfig.manifest.addons?.ldap; + if (!hasSso && app.sso) values.sso = false; // turn off sso flag, if the update removes sso options + const task = { args: { updateConfig }, values