diff --git a/config/.env.dev b/config/.env.dev index 6295c57bdf..c1b5361dce 100644 --- a/config/.env.dev +++ b/config/.env.dev @@ -14,7 +14,6 @@ ADMIN_USER_IDS=1 SHOW_CITIES=true PADDLE_VENDOR_AUTH_CODE=895e20d4efaec0575bb857f44b183217b332d9592e76e69b8a PADDLE_VENDOR_ID=3942 -SSO_ENABLED=true SSO_VERIFICATION_NAMESERVERS=0.0.0.0:5354 GOOGLE_CLIENT_ID=875387135161-l8tp53dpt7fdhdg9m1pc3vl42si95rh0.apps.googleusercontent.com diff --git a/config/.env.load b/config/.env.load index 87cfab1031..cb957fe126 100644 --- a/config/.env.load +++ b/config/.env.load @@ -14,7 +14,6 @@ ADMIN_USER_IDS=1 SHOW_CITIES=true PADDLE_VENDOR_AUTH_CODE=895e20d4efaec0575bb857f44b183217b332d9592e76e69b8a PADDLE_VENDOR_ID=3942 -SSO_ENABLED=true GOOGLE_CLIENT_ID=875387135161-l8tp53dpt7fdhdg9m1pc3vl42si95rh0.apps.googleusercontent.com GOOGLE_CLIENT_SECRET=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 diff --git a/config/.env.test b/config/.env.test index a4b073b64b..42a1e85526 100644 --- a/config/.env.test +++ b/config/.env.test @@ -19,7 +19,6 @@ HELP_SCOUT_APP_ID=fake_app_id HELP_SCOUT_APP_SECRET=fake_app_secret HELP_SCOUT_SIGNATURE_KEY=fake_signature_key HELP_SCOUT_VAULT_KEY=ym9ZQg0KPNGCH3C2eD5y6KpL0tFzUqAhwxQO6uEv/ZM= -SSO_ENABLED=true S3_DISABLED=false S3_ACCESS_KEY_ID=minioadmin diff --git a/config/runtime.exs b/config/runtime.exs index e1ccf94ff7..2e0ec97bbf 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -318,8 +318,6 @@ secure_cookie = license_key = get_var_from_path_or_env(config_dir, "LICENSE_KEY", "") -sso_enabled = get_bool_from_path_or_env(config_dir, "SSO_ENABLED", false) - sso_saml_adapter = case get_var_from_path_or_env(config_dir, "SSO_SAML_ADAPTER", "fake") do "fake" -> PlausibleWeb.SSO.FakeSAMLAdapter @@ -353,7 +351,6 @@ config :plausible, license_key: license_key, data_dir: data_dir, session_transfer_dir: session_transfer_dir, - sso_enabled: sso_enabled, sso_saml_adapter: sso_saml_adapter, sso_verification_nameservers: sso_verification_nameservers diff --git a/extra/lib/plausible_web/controllers/sso_controller.ex b/extra/lib/plausible_web/controllers/sso_controller.ex index 033b64f552..dfad5d4f0b 100644 --- a/extra/lib/plausible_web/controllers/sso_controller.ex +++ b/extra/lib/plausible_web/controllers/sso_controller.ex @@ -95,7 +95,7 @@ defmodule PlausibleWeb.SSOController do end def sso_settings(conn, _params) do - if Plausible.Teams.setup?(conn.assigns.current_team) and Plausible.sso_enabled?() and + if Plausible.Teams.setup?(conn.assigns.current_team) and Plausible.Billing.Feature.SSO.check_availability(conn.assigns.current_team) == :ok do render(conn, :sso_settings, layout: {PlausibleWeb.LayoutView, :settings}, diff --git a/extra/lib/plausible_web/plugs/gate_sso.ex b/extra/lib/plausible_web/plugs/gate_sso.ex deleted file mode 100644 index 941858a390..0000000000 --- a/extra/lib/plausible_web/plugs/gate_sso.ex +++ /dev/null @@ -1,22 +0,0 @@ -defmodule PlausibleWeb.Plugs.GateSSO do - @moduledoc """ - Plug for gating access to SSO routes with `SSO_ENABLED` env var. - """ - - @behaviour Plug - import Plug.Conn - - @impl true - def init(opts), do: opts - - @impl true - def call(conn, _) do - if Plausible.sso_enabled?() do - conn - else - conn - |> Phoenix.Controller.redirect(to: "/") - |> halt() - end - end -end diff --git a/lib/plausible.ex b/lib/plausible.ex index 4e62aaf276..39b39aa66a 100644 --- a/lib/plausible.ex +++ b/lib/plausible.ex @@ -12,11 +12,6 @@ defmodule Plausible do end end - @spec sso_enabled?() :: boolean() - def sso_enabled?() do - Application.fetch_env!(:plausible, :sso_enabled) - end - defmacro on_ee(clauses) do do_on_ee(clauses) end diff --git a/lib/plausible_web/controllers/auth_controller.ex b/lib/plausible_web/controllers/auth_controller.ex index 41f39bbfcc..650be1e0ba 100644 --- a/lib/plausible_web/controllers/auth_controller.ex +++ b/lib/plausible_web/controllers/auth_controller.ex @@ -245,11 +245,7 @@ defmodule PlausibleWeb.AuthController do case {login_preference, params["prefer"], error} do {"sso", nil, nil} -> - if Plausible.sso_enabled?() do - redirect(conn, to: Routes.sso_path(conn, :login_form, return_to: params["return_to"])) - else - render(conn, "login_form.html") - end + redirect(conn, to: Routes.sso_path(conn, :login_form, return_to: params["return_to"])) _ -> render(conn, "login_form.html") diff --git a/lib/plausible_web/router.ex b/lib/plausible_web/router.ex index 813f5a1d05..555646e52f 100644 --- a/lib/plausible_web/router.ex +++ b/lib/plausible_web/router.ex @@ -176,14 +176,14 @@ defmodule PlausibleWeb.Router do end scope "/sso", PlausibleWeb do - pipe_through [PlausibleWeb.Plugs.GateSSO, :browser, :csrf] + pipe_through [:browser, :csrf] get "/login", SSOController, :login_form post "/login", SSOController, :login end scope "/sso/saml", PlausibleWeb do - pipe_through [PlausibleWeb.Plugs.GateSSO, :sso_saml] + pipe_through [:sso_saml] scope [] do pipe_through :sso_saml_auth diff --git a/lib/plausible_web/templates/auth/login_form.html.heex b/lib/plausible_web/templates/auth/login_form.html.heex index 1a5d459d2e..a22fff47dd 100644 --- a/lib/plausible_web/templates/auth/login_form.html.heex +++ b/lib/plausible_web/templates/auth/login_form.html.heex @@ -49,7 +49,7 @@ instead. - <:item :if={ee?() and Plausible.sso_enabled?()}> + <:item :if={ee?()}> <%= on_ee do %> Have a Single Sign-on account? <.styled_link href={ diff --git a/lib/plausible_web/views/layout_view.ex b/lib/plausible_web/views/layout_view.ex index ff1fdbbba4..986894b413 100644 --- a/lib/plausible_web/views/layout_view.ex +++ b/lib/plausible_web/views/layout_view.ex @@ -125,7 +125,7 @@ defmodule PlausibleWeb.LayoutView do do: %{key: "API Keys", value: "api-keys", icon: :key} ), if( - Plausible.sso_enabled?() and current_team_role == :owner and + ee?() and current_team_role == :owner and Plausible.Billing.Feature.SSO.check_availability(current_team) == :ok, do: %{ key: "Single Sign-On", @@ -137,8 +137,7 @@ defmodule PlausibleWeb.LayoutView do } ), if( - Plausible.sso_enabled?() and - Plausible.Billing.Feature.SSO.check_availability(current_team) != :ok, + ee?() and Plausible.Billing.Feature.SSO.check_availability(current_team) != :ok, do: %{ key: "Single Sign-On", value: "sso/info", diff --git a/test/plausible_web/controllers/sso_controller_sync_test.exs b/test/plausible_web/controllers/sso_controller_sync_test.exs index 09d04f7ffa..48481f7c94 100644 --- a/test/plausible_web/controllers/sso_controller_sync_test.exs +++ b/test/plausible_web/controllers/sso_controller_sync_test.exs @@ -10,90 +10,6 @@ defmodule PlausibleWeb.SSOControllerSyncTest do alias Plausible.Auth.SSO alias Plausible.Repo - describe "sso_enabled = false" do - setup do - patch_env(:sso_enabled, false) - end - - test "standard login form does not show link to SSO login", %{conn: conn} do - conn = get(conn, Routes.auth_path(conn, :login_form)) - - assert html = html_response(conn, 200) - - refute html =~ Routes.sso_path(conn, :login_form) - refute html =~ "Single Sign-on" - end - - test "sso_settings/2 are guarded by the env var", %{conn: conn} do - user = new_user() - team = new_site(owner: user).team |> Plausible.Teams.complete_setup() - {:ok, ctx} = log_in(%{conn: conn, user: user}) - conn = ctx[:conn] - conn = set_current_team(conn, team) - - conn = get(conn, Routes.sso_path(conn, :sso_settings)) - - assert redirected_to(conn, 302) == "/sites" - end - - test "sso team settings item is guarded by the env var", %{conn: conn} do - user = - new_user() |> subscribe_to_enterprise_plan(features: [Plausible.Billing.Feature.SSO]) - - team = new_site(owner: user).team |> Plausible.Teams.complete_setup() - {:ok, ctx} = log_in(%{conn: conn, user: user}) - conn = ctx[:conn] - conn = set_current_team(conn, team) - - conn = get(conn, Routes.settings_path(conn, :team_general)) - - assert html = html_response(conn, 200) - - refute html =~ "Single Sign-On" - end - - test "login_form/2 is guarded by the env var", %{conn: conn} do - conn = get(conn, Routes.sso_path(conn, :login_form)) - - assert redirected_to(conn, 302) == "/" - end - - test "login/2 is guarded by the env var", %{conn: conn} do - conn = post(conn, Routes.sso_path(conn, :login), %{"email" => "some@example.com"}) - - assert redirected_to(conn, 302) == "/" - end - - test "saml_signin/2 is guarded by the env var", %{conn: conn} do - conn = - get( - conn, - Routes.sso_path(conn, :saml_signin, Ecto.UUID.generate(), - email: "some@example.com", - return_to: "/sites" - ) - ) - - assert redirected_to(conn, 302) == "/" - end - - test "saml_consume/2 is guarded by the env var", %{conn: conn} do - conn = - post(conn, Routes.sso_path(conn, :saml_consume, Ecto.UUID.generate()), %{ - "email" => "some@example.com", - "return_to" => "/sites" - }) - - assert redirected_to(conn, 302) == "/" - end - - test "csp_report/2 is guarded by the env var", %{conn: conn} do - conn = post(conn, Routes.sso_path(conn, :csp_report), %{}) - - assert redirected_to(conn, 302) == "/" - end - end - @cert_pem """ -----BEGIN CERTIFICATE----- MIICmjCCAYICCQDX5sKPsYV3+jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0 diff --git a/test/plausible_web/live/verification_v2_test.exs b/test/plausible_web/live/verification_v2_test.exs index d64e8df140..7a67c26041 100644 --- a/test/plausible_web/live/verification_v2_test.exs +++ b/test/plausible_web/live/verification_v2_test.exs @@ -1,4 +1,4 @@ -defmodule PlausibleWeb.Live.VerificationTest do +defmodule PlausibleWeb.Live.VerificationV2Test do use PlausibleWeb.ConnCase, async: true use Plausible.Test.Support.DNS