Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enterprise SSO will not redirect properly and allow users to login #20219

Open
derrickmehaffy opened this issue Apr 26, 2024 · 0 comments · Fixed by #20238
Open

Enterprise SSO will not redirect properly and allow users to login #20219

derrickmehaffy opened this issue Apr 26, 2024 · 0 comments · Fixed by #20238
Assignees
@joshuaellis
Labels
flag: EE Issues correlates to internal EE ticket issue: bug Issue reporting a bug severity: critical If the issue has a security impact or breaks core usage of the product source: core:admin Source is core/admin package status: confirmed Confirmed by a Strapi Team member or multiple community members version: 4 Issue related to v4

Comments

@derrickmehaffy
Copy link
Member

Bug report

Required System information

  • Node.js version: 20.11.1
  • Yarn version: 1.22.22
  • Strapi version: 4.24.0
  • Database: SQLite
  • Operating system: Linux Mint 21.3
  • Is your project Javascript or Typescript: Javascript

Strapi report info:

$ strapi report --all
Launched In: 282 ms
Environment: development
OS: linux-x64
Strapi Version: 4.24.0
Node/Yarn Version: yarn/1.22.22 npm/? node/v20.11.1 linux x64
Edition: Enterprise
Database: sqlite
UUID: 02f807bc-204f-43ae-963d-8b3be826d65d
Dependencies: {
  "@strapi/plugin-cloud": "4.24.0",
  "@strapi/plugin-i18n": "4.24.0",
  "@strapi/plugin-users-permissions": "4.24.0",
  "@strapi/strapi": "4.24.0",
  "better-sqlite3": "8.6.0",
  "passport-discord": "^0.1.4",
  "react": "^18.0.0",
  "react-dom": "^18.0.0",
  "react-router-dom": "5.3.4",
  "styled-components": "5.3.3"
}
Dev Dependencies: {}

Describe the bug

Redirects on admin auth page are broken causing the error page to not show and/or not redirecting after successful login. Refreshing page after successful login does not work either. Effectively: SSO is broken completely for most users, randomly will work for a few others after several tries.

Steps to reproduce the behavior

  1. Configure SSO with any provider
  2. Enable SSO
  3. Try to login with SSO
  4. See error

Reproduction video:

https://www.loom.com/share/0e77ba46bfee4805921a8b6c15795a59?sid=3bf8cd13-8985-4510-9cc6-e147e65a3579

Expected behavior

Should allow login or show error page and handle redirects properly

Screenshots

N/A

Code snippets

// path: ./config/admin.js

const DiscordStrategy = require("passport-discord");

module.exports = ({ env }) => ({
  auth: {
    secret: env("ADMIN_JWT_SECRET"),
    providers: [
      {
        uid: "discord",
        displayName: "Discord",
        icon: "https://cdn0.iconfinder.com/data/icons/free-social-media-set/24/discord-512.png",
        createStrategy: (strapi) =>
          new DiscordStrategy(
            {
              clientID: env("DISCORD_CLIENT_ID"),
              clientSecret: env("DISCORD_SECRET"),
              callbackURL:
                strapi.admin.services.passport.getStrategyCallbackURL(
                  "discord"
                ),
              scope: ["identify", "email"],
            },
            (accessToken, refreshToken, profile, done) => {
              done(null, {
                email: profile.email,
                username: `${profile.username}#${profile.discriminator}`,
              });
            }
          ),
      },
    ],
  },
  apiToken: {
    salt: env("API_TOKEN_SALT"),
  },
  transfer: {
    token: {
      salt: env("TRANSFER_TOKEN_SALT"),
    },
  },
  flags: {
    nps: env.bool("FLAG_NPS", false),
    promoteEE: env.bool("FLAG_PROMOTE_EE", false),
  },
});
// path: ./config/middlewares.js

module.exports = [
  "strapi::logger",
  "strapi::errors",
  {
    name: "strapi::security",
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          "connect-src": ["'self'", "https:"],
          "img-src": [
            "'self'",
            "data:",
            "blob:",
            "market-assets.strapi.io",
            "cdn0.iconfinder.com",
          ],
          "media-src": [
            "'self'",
            "data:",
            "blob:",
            "market-assets.strapi.io",
            "upload.wikimedia.org",
            "cdn0.iconfinder.com",
          ],
          upgradeInsecureRequests: null,
        },
      },
    },
  },
  "strapi::cors",
  "strapi::poweredBy",
  "strapi::query",
  "strapi::body",
  "strapi::session",
  "strapi::favicon",
  "strapi::public",
];

Additional context

Related to ticket ID 6597, would normally be high but raised to critical as part of escalation process
@derrickmehaffy derrickmehaffy added issue: bug Issue reporting a bug severity: critical If the issue has a security impact or breaks core usage of the product status: confirmed Confirmed by a Strapi Team member or multiple community members source: core:admin Source is core/admin package version: 4 Issue related to v4 flag: EE Issues correlates to internal EE ticket labels Apr 26, 2024
@joshuaellis joshuaellis mentioned this issue May 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joshuaellis joshuaellis

Labels
flag: EE Issues correlates to internal EE ticket issue: bug Issue reporting a bug severity: critical If the issue has a security impact or breaks core usage of the product source: core:admin Source is core/admin package status: confirmed Confirmed by a Strapi Team member or multiple community members version: 4 Issue related to v4
Projects
Developer Experience Squad
Status: In progress
Support team
Status: Reproducible on v4
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(admin): if were in EE mode wait for the EE routes to be loaded before rendering strapi/strapi
3 participants
@derrickmehaffy @christiancp100 @joshuaellis