Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- **[BREAKING]** `useMfa()` to require an `mfaMethod` parameter for `beginMfaSetup(mfaMethod)`
- **[BREAKING]** `useUserMeetsMfaRequirement(mfaRequirement)` to accept an `MfaRequirement` and return `{ mfaSetupRequired, isLoading, loadingError, refreshMfa }` instead of a boolean
- **[BREAKING]** MFA functions and types moved from `authService` to `mfaService`
- **[BREAKING]** changed signaure of `authService.isAuthorised` to include SAML groups

### Fixed

Expand Down
32 changes: 1 addition & 31 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 16 additions & 6 deletions src/apps/auth-service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -100,28 +100,38 @@ export function init({ oAuthClientId }: { oAuthClientId: string }) {

/**
* Determine if the current user is a OneBlink App User for a OneBlink Forms
* App. Returns `false` if the current user is not logged in.
* App. Returns `false` if the current user is not logged in or not authorised
* for the given SAML groups.
*
* #### Example
*
* ```js
* const formsAppId = 1
* const isAuthorised = await authService.isAuthorised(formsAppId)
* const isAuthorised = await authService.isAuthorised({
* formsAppId: 1,
* samlGroups: ['group1', 'group2'],
* })
* if (!isAuthorised) {
* // handle unauthorised user
* }
* ```
*
* @param formsAppId
* @param options.formsAppId
* @param options.samlGroups
* @param abortSignal
* @returns
*/
export async function isAuthorised(
formsAppId: number,
{ formsAppId, samlGroups }: { formsAppId: number; samlGroups?: string[] },
abortSignal?: AbortSignal,
): Promise<boolean> {
return getCurrentFormsAppUser(formsAppId, abortSignal)
.then(() => true)
.then((userProfile) => {
// if no SAML groups are provided, then provided the user is authenticated then they're authorised
if (!samlGroups) {
return true
}
return samlGroups.some((group) => userProfile?.groups.includes(group))
})
.catch((error) => {
if (error.status >= 400 && error.status < 500) {
return false
Expand Down
Loading