mirror
/
analytics
mirror of https://github.com/plausible/analytics.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove SSO_ENABLED env flag and replace it with ee? checks where needed (#5728) 

* Remove `SSO_ENABLED` env flag and replace it with `ee?` checks where needed

* Fix name of a test module to avoid clash

* Remove unnecessary `ee?()` check from condition in `extra/` code
This commit is contained in:
Adrian Gruntkowski 2025-09-16 16:18:59 +02:00 committed by GitHub
parent 32fa20cfb1
commit 4754e2a3e8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 8 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/.env.dev
View File

@ -14,7 +14,6 @@ ADMIN_USER_IDS=1
SHOW_CITIES=true
PADDLE_VENDOR_AUTH_CODE=895e20d4efaec0575bb857f44b183217b332d9592e76e69b8a
PADDLE_VENDOR_ID=3942
SSO_ENABLED=true
SSO_VERIFICATION_NAMESERVERS=0.0.0.0:5354
GOOGLE_CLIENT_ID=875387135161-l8tp53dpt7fdhdg9m1pc3vl42si95rh0.apps.googleusercontent.com

1
config/.env.load
View File

@ -14,7 +14,6 @@ ADMIN_USER_IDS=1
SHOW_CITIES=true
PADDLE_VENDOR_AUTH_CODE=895e20d4efaec0575bb857f44b183217b332d9592e76e69b8a
PADDLE_VENDOR_ID=3942
SSO_ENABLED=true
GOOGLE_CLIENT_ID=875387135161-l8tp53dpt7fdhdg9m1pc3vl42si95rh0.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=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

1
config/.env.test
View File

@ -19,7 +19,6 @@ HELP_SCOUT_APP_ID=fake_app_id
HELP_SCOUT_APP_SECRET=fake_app_secret
HELP_SCOUT_SIGNATURE_KEY=fake_signature_key
HELP_SCOUT_VAULT_KEY=ym9ZQg0KPNGCH3C2eD5y6KpL0tFzUqAhwxQO6uEv/ZM=
SSO_ENABLED=true
S3_DISABLED=false
S3_ACCESS_KEY_ID=minioadmin

3
config/runtime.exs
View File

@ -318,8 +318,6 @@ secure_cookie =
license_key = get_var_from_path_or_env(config_dir, "LICENSE_KEY", "")
sso_enabled = get_bool_from_path_or_env(config_dir, "SSO_ENABLED", false)
sso_saml_adapter =
case get_var_from_path_or_env(config_dir, "SSO_SAML_ADAPTER", "fake") do
"fake" -> PlausibleWeb.SSO.FakeSAMLAdapter
@ -353,7 +351,6 @@ config :plausible,
license_key: license_key,
data_dir: data_dir,
session_transfer_dir: session_transfer_dir,
sso_enabled: sso_enabled,
sso_saml_adapter: sso_saml_adapter,
sso_verification_nameservers: sso_verification_nameservers

2
extra/lib/plausible_web/controllers/sso_controller.ex
View File

@ -95,7 +95,7 @@ defmodule PlausibleWeb.SSOController do
end
def sso_settings(conn, _params) do
if Plausible.Teams.setup?(conn.assigns.current_team) and Plausible.sso_enabled?() and
if Plausible.Teams.setup?(conn.assigns.current_team) and
Plausible.Billing.Feature.SSO.check_availability(conn.assigns.current_team) == :ok do
render(conn, :sso_settings,
layout: {PlausibleWeb.LayoutView, :settings},

22
extra/lib/plausible_web/plugs/gate_sso.ex
View File

@ -1,22 +0,0 @@
defmodule PlausibleWeb.Plugs.GateSSO do
@moduledoc """
Plug for gating access to SSO routes with `SSO_ENABLED` env var.
"""
@behaviour Plug
import Plug.Conn
@impl true
def init(opts), do: opts
@impl true
def call(conn, _) do
if Plausible.sso_enabled?() do
conn
else
conn
|> Phoenix.Controller.redirect(to: "/")
|> halt()
end
end
end

5
lib/plausible.ex
View File

@ -12,11 +12,6 @@ defmodule Plausible do
end
end
@spec sso_enabled?() :: boolean()
def sso_enabled?() do
Application.fetch_env!(:plausible, :sso_enabled)
end
defmacro on_ee(clauses) do
do_on_ee(clauses)
end

4
lib/plausible_web/controllers/auth_controller.ex
View File

@ -245,11 +245,7 @@ defmodule PlausibleWeb.AuthController do
case {login_preference, params["prefer"], error} do
{"sso", nil, nil} ->
if Plausible.sso_enabled?() do
redirect(conn, to: Routes.sso_path(conn, :login_form, return_to: params["return_to"]))
else
render(conn, "login_form.html")
end
_ ->
render(conn, "login_form.html")

4
lib/plausible_web/router.ex
View File

@ -176,14 +176,14 @@ defmodule PlausibleWeb.Router do
end
scope "/sso", PlausibleWeb do
pipe_through [PlausibleWeb.Plugs.GateSSO, :browser, :csrf]
pipe_through [:browser, :csrf]
get "/login", SSOController, :login_form
post "/login", SSOController, :login
end
scope "/sso/saml", PlausibleWeb do
pipe_through [PlausibleWeb.Plugs.GateSSO, :sso_saml]
pipe_through [:sso_saml]
scope [] do
pipe_through :sso_saml_auth

2
lib/plausible_web/templates/auth/login_form.html.heex
View File

@ -49,7 +49,7 @@
</.styled_link>
instead.
</:item>
<:item :if={ee?() and Plausible.sso_enabled?()}>
<:item :if={ee?()}>
<%= on_ee do %>
Have a Single Sign-on account?
<.styled_link href={

5
lib/plausible_web/views/layout_view.ex
View File

@ -125,7 +125,7 @@ defmodule PlausibleWeb.LayoutView do
do: %{key: "API Keys", value: "api-keys", icon: :key}
),
if(
Plausible.sso_enabled?() and current_team_role == :owner and
ee?() and current_team_role == :owner and
Plausible.Billing.Feature.SSO.check_availability(current_team) == :ok,
do: %{
key: "Single Sign-On",
@ -137,8 +137,7 @@ defmodule PlausibleWeb.LayoutView do
}
),
if(
Plausible.sso_enabled?() and
Plausible.Billing.Feature.SSO.check_availability(current_team) != :ok,
ee?() and Plausible.Billing.Feature.SSO.check_availability(current_team) != :ok,
do: %{
key: "Single Sign-On",
value: "sso/info",

84
test/plausible_web/controllers/sso_controller_sync_test.exs
View File

@ -10,90 +10,6 @@ defmodule PlausibleWeb.SSOControllerSyncTest do
alias Plausible.Auth.SSO
alias Plausible.Repo
describe "sso_enabled = false" do
setup do
patch_env(:sso_enabled, false)
end
test "standard login form does not show link to SSO login", %{conn: conn} do
conn = get(conn, Routes.auth_path(conn, :login_form))
assert html = html_response(conn, 200)
refute html =~ Routes.sso_path(conn, :login_form)
refute html =~ "Single Sign-on"
end
test "sso_settings/2 are guarded by the env var", %{conn: conn} do
user = new_user()
team = new_site(owner: user).team |> Plausible.Teams.complete_setup()
{:ok, ctx} = log_in(%{conn: conn, user: user})
conn = ctx[:conn]
conn = set_current_team(conn, team)
conn = get(conn, Routes.sso_path(conn, :sso_settings))
assert redirected_to(conn, 302) == "/sites"
end
test "sso team settings item is guarded by the env var", %{conn: conn} do
user =
new_user() |> subscribe_to_enterprise_plan(features: [Plausible.Billing.Feature.SSO])
team = new_site(owner: user).team |> Plausible.Teams.complete_setup()
{:ok, ctx} = log_in(%{conn: conn, user: user})
conn = ctx[:conn]
conn = set_current_team(conn, team)
conn = get(conn, Routes.settings_path(conn, :team_general))
assert html = html_response(conn, 200)
refute html =~ "Single Sign-On"
end
test "login_form/2 is guarded by the env var", %{conn: conn} do
conn = get(conn, Routes.sso_path(conn, :login_form))
assert redirected_to(conn, 302) == "/"
end
test "login/2 is guarded by the env var", %{conn: conn} do
conn = post(conn, Routes.sso_path(conn, :login), %{"email" => "some@example.com"})
assert redirected_to(conn, 302) == "/"
end
test "saml_signin/2 is guarded by the env var", %{conn: conn} do
conn =
get(
conn,
Routes.sso_path(conn, :saml_signin, Ecto.UUID.generate(),
email: "some@example.com",
return_to: "/sites"
)
)
assert redirected_to(conn, 302) == "/"
end
test "saml_consume/2 is guarded by the env var", %{conn: conn} do
conn =
post(conn, Routes.sso_path(conn, :saml_consume, Ecto.UUID.generate()), %{
"email" => "some@example.com",
"return_to" => "/sites"
})
assert redirected_to(conn, 302) == "/"
end
test "csp_report/2 is guarded by the env var", %{conn: conn} do
conn = post(conn, Routes.sso_path(conn, :csp_report), %{})
assert redirected_to(conn, 302) == "/"
end
end
@cert_pem """
-----BEGIN CERTIFICATE-----
MIICmjCCAYICCQDX5sKPsYV3+jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0

2
test/plausible_web/live/verification_v2_test.exs
View File

@ -1,4 +1,4 @@
defmodule PlausibleWeb.Live.VerificationTest do
defmodule PlausibleWeb.Live.VerificationV2Test do
use PlausibleWeb.ConnCase, async: true
use Plausible.Test.Support.DNS