enable dangerouslyAllowSignInWithoutUserInCatalog for all auth providers

Signed-off-by: Jessica He <[email protected]>

package.json

@@ -66,7 +66,9 @@
     "@backstage/plugin-scaffolder-backend@^1.24.0": "patch:@backstage/plugin-scaffolder-backend@npm%3A1.29.0#./.yarn/patches/@backstage-plugin-scaffolder-backend-npm-1.29.0-af0f4d9efe.patch",
     "@backstage/plugin-scaffolder-backend@^1.26.1": "patch:@backstage/plugin-scaffolder-backend@npm%3A1.29.0#./.yarn/patches/@backstage-plugin-scaffolder-backend-npm-1.29.0-af0f4d9efe.patch",
     "@backstage/plugin-scaffolder-backend@^1.22.6": "patch:@backstage/plugin-scaffolder-backend@npm%3A1.29.0#./.yarn/patches/@backstage-plugin-scaffolder-backend-npm-1.29.0-af0f4d9efe.patch",
-    "@backstage/[email protected]": "patch:@backstage/plugin-scaffolder-backend@npm%3A1.29.0#./.yarn/patches/@backstage-plugin-scaffolder-backend-npm-1.29.0-af0f4d9efe.patch"
+    "@backstage/[email protected]": "patch:@backstage/plugin-scaffolder-backend@npm%3A1.29.0#./.yarn/patches/@backstage-plugin-scaffolder-backend-npm-1.29.0-af0f4d9efe.patch",
+    "@backstage/[email protected]": "patch:@backstage/plugin-auth-backend@npm%3A0.24.2#./.yarn/patches/@backstage-plugin-auth-backend-npm-0.24.2-4d8c46250f.patch",
+    "@backstage/plugin-auth-backend@^0.24.2": "patch:@backstage/plugin-auth-backend@npm%3A0.24.2#./.yarn/patches/@backstage-plugin-auth-backend-npm-0.24.2-4d8c46250f.patch"
   },
   "jest": {
     "testTimeout": 20000

packages/backend/package.json

@@ -27,10 +27,8 @@
     "@backstage/backend-defaults": "0.7.0",
     "@backstage/backend-dynamic-feature-service": "0.5.3",
     "@backstage/backend-plugin-api": "1.1.1",
-    "@backstage/catalog-model": "1.7.3",
     "@backstage/cli-node": "0.2.12",
     "@backstage/config": "1.3.2",
-    "@backstage/config-loader": "1.9.5",
     "@backstage/plugin-app-backend": "0.4.4",
     "@backstage/plugin-auth-backend": "0.24.2",
     "@backstage/plugin-auth-backend-module-guest-provider": "0.2.4",

packages/backend/src/modules/authProvidersModule.ts

@@ -2,11 +2,6 @@ import {
   coreServices,
   createBackendModule,
 } from '@backstage/backend-plugin-api';
-import {
-  DEFAULT_NAMESPACE,
-  stringifyEntityRef,
-} from '@backstage/catalog-model';
-import { ConfigSources } from '@backstage/config-loader';
 import {
   defaultAuthProviderFactories,
   ProviderFactories,
@@ -19,65 +14,9 @@ import {
 import {
   AuthProviderFactory,
   authProvidersExtensionPoint,
-  AuthResolverCatalogUserQuery,
-  AuthResolverContext,
   createOAuthProviderFactory,
 } from '@backstage/plugin-auth-node';
 
-/**
- * Function is responsible for signing in a user with the catalog user and
- * creating an entity reference based on the provided name parameter.
- * If the user exist in the catalog , it returns the signed-in user.
- * If an error occurs, it issues a token with the user entity reference.
- *
- * @param name
- * @param ctx
- * @returns
- */
-async function signInWithCatalogUserOptional(
-  name: string | AuthResolverCatalogUserQuery,
-  ctx: AuthResolverContext,
-) {
-  try {
-    const query: AuthResolverCatalogUserQuery =
-      typeof name === 'string'
-        ? {
-            entityRef: { name },
-          }
-        : name;
-    const signedInUser = await ctx.signInWithCatalogUser(query);
-
-    return Promise.resolve(signedInUser);
-  } catch (e) {
-    const config = await ConfigSources.toConfig(
-      await ConfigSources.default({}),
-    );
-    const dangerouslyAllowSignInWithoutUserInCatalog =
-      config.getOptionalBoolean('dangerouslyAllowSignInWithoutUserInCatalog') ||
-      false;
-    if (!dangerouslyAllowSignInWithoutUserInCatalog) {
-      throw new Error(
-        `Sign in failed: User not found in the RHDH software catalog. Verify that users/groups are synchronized to the software catalog. For non-production environments, manually provision the user or disable the user provisioning requirement. Refer to the RHDH Authentication documentation for further details.`,
-      );
-    }
-    let entityRef: string = typeof name === 'string' ? name : '';
-    if (typeof name !== 'string' && 'annotations' in name)
-      entityRef = Object.values(name.annotations)[0];
-    const userEntityRef = stringifyEntityRef({
-      kind: 'User',
-      name: entityRef,
-      namespace: DEFAULT_NAMESPACE,
-    });
-
-    return ctx.issueToken({
-      claims: {
-        sub: userEntityRef,
-        ent: [userEntityRef],
-      },
-    });
-  }
-}
-
 function getAuthProviderFactory(providerId: string): AuthProviderFactory {
   switch (providerId) {
     case 'atlassian':
@@ -90,7 +29,7 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
                 'Atlassian user profile does not contain a username',
               );
             }
-            return await signInWithCatalogUserOptional(userId, ctx);
+            return await ctx.signInWithCatalogUser({ entityRef: { name: userId }});
           },
         },
       });
@@ -102,7 +41,7 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
             if (!userId) {
               throw new Error(`Auth0 user profile does not contain an id`);
             }
-            return await signInWithCatalogUserOptional(userId, ctx);
+            return await ctx.signInWithCatalogUser({ entityRef: { name: userId }});
           },
         },
       });
@@ -158,7 +97,7 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
                 `GitHub user profile does not contain a username`,
               );
             }
-            return await signInWithCatalogUserOptional(userId, ctx);
+            return await ctx.signInWithCatalogUser({ entityRef: { name: userId }});
           },
         },
       });
@@ -172,7 +111,7 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
                 `GitLab user profile does not contain an username`,
               );
             }
-            return await signInWithCatalogUserOptional(userId, ctx);
+            return await ctx.signInWithCatalogUser({ entityRef: { name: userId }});
           },
         },
       });
@@ -196,7 +135,7 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
                 'Google IAP user profile does not contain an email',
               );
             }
-            return await signInWithCatalogUserOptional(userId, ctx);
+            return await ctx.signInWithCatalogUser({ entityRef: { name: userId }});
           },
         },
       });
@@ -211,7 +150,7 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
             if (!name) {
               throw new Error('Request did not contain a user');
             }
-            return await signInWithCatalogUserOptional(name, ctx);
+            return await ctx.signInWithCatalogUser({ entityRef: { name }});
           },
         },
       });
@@ -241,7 +180,7 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
                 `OneLogin user profile does not contain a user id`,
               );
             }
-            return await signInWithCatalogUserOptional(userId, ctx);
+            return await ctx.signInWithCatalogUser({ entityRef: { name: userId }});
           },
         },
       });
@@ -253,13 +192,12 @@ function getAuthProviderFactory(providerId: string): AuthProviderFactory {
             if (!userId) {
               throw new Error(`Microsoft user profile does not contain an id`);
             }
-            return await signInWithCatalogUserOptional(
+            return await ctx.signInWithCatalogUser(
               {
                 annotations: {
                   'graph.microsoft.com/user-id': userId,
                 },
-              },
-              ctx,
+              }
             );
           },
         },

yarn.lock

@@ -5409,7 +5409,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@backstage/config-loader@npm:1.9.5, @backstage/config-loader@npm:^1.8.0, @backstage/config-loader@npm:^1.8.1, @backstage/config-loader@npm:^1.9.0, @backstage/config-loader@npm:^1.9.1, @backstage/config-loader@npm:^1.9.2, @backstage/config-loader@npm:^1.9.5":
+"@backstage/config-loader@npm:^1.8.0, @backstage/config-loader@npm:^1.8.1, @backstage/config-loader@npm:^1.9.0, @backstage/config-loader@npm:^1.9.1, @backstage/config-loader@npm:^1.9.2, @backstage/config-loader@npm:^1.9.5":
   version: 1.9.5
   resolution: "@backstage/config-loader@npm:1.9.5"
   dependencies:
@@ -6269,7 +6269,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@backstage/plugin-auth-backend@npm:0.24.2, @backstage/plugin-auth-backend@npm:^0.24.2":
+"@backstage/plugin-auth-backend@npm:0.24.2":
   version: 0.24.2
   resolution: "@backstage/plugin-auth-backend@npm:0.24.2"
   dependencies:
@@ -6334,6 +6334,71 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@backstage/plugin-auth-backend@patch:@backstage/plugin-auth-backend@npm%3A0.24.2#./.yarn/patches/@backstage-plugin-auth-backend-npm-0.24.2-4d8c46250f.patch::locator=root%40workspace%3A.":
+  version: 0.24.2
+  resolution: "@backstage/plugin-auth-backend@patch:@backstage/plugin-auth-backend@npm%3A0.24.2#./.yarn/patches/@backstage-plugin-auth-backend-npm-0.24.2-4d8c46250f.patch::version=0.24.2&hash=eb0eff&locator=root%40workspace%3A."
+  dependencies:
+    "@backstage/backend-common": ^0.25.0
+    "@backstage/backend-plugin-api": ^1.1.1
+    "@backstage/catalog-client": ^1.9.1
+    "@backstage/catalog-model": ^1.7.3
+    "@backstage/config": ^1.3.2
+    "@backstage/errors": ^1.2.7
+    "@backstage/plugin-auth-backend-module-atlassian-provider": ^0.3.4
+    "@backstage/plugin-auth-backend-module-auth0-provider": ^0.1.4
+    "@backstage/plugin-auth-backend-module-aws-alb-provider": ^0.3.2
+    "@backstage/plugin-auth-backend-module-azure-easyauth-provider": ^0.2.4
+    "@backstage/plugin-auth-backend-module-bitbucket-provider": ^0.2.4
+    "@backstage/plugin-auth-backend-module-bitbucket-server-provider": ^0.1.4
+    "@backstage/plugin-auth-backend-module-cloudflare-access-provider": ^0.3.4
+    "@backstage/plugin-auth-backend-module-gcp-iap-provider": ^0.3.4
+    "@backstage/plugin-auth-backend-module-github-provider": ^0.2.4
+    "@backstage/plugin-auth-backend-module-gitlab-provider": ^0.2.4
+    "@backstage/plugin-auth-backend-module-google-provider": ^0.2.4
+    "@backstage/plugin-auth-backend-module-microsoft-provider": ^0.2.4
+    "@backstage/plugin-auth-backend-module-oauth2-provider": ^0.3.4
+    "@backstage/plugin-auth-backend-module-oauth2-proxy-provider": ^0.2.4
+    "@backstage/plugin-auth-backend-module-oidc-provider": ^0.3.4
+    "@backstage/plugin-auth-backend-module-okta-provider": ^0.1.4
+    "@backstage/plugin-auth-backend-module-onelogin-provider": ^0.2.4
+    "@backstage/plugin-auth-node": ^0.5.6
+    "@backstage/plugin-catalog-node": ^1.15.1
+    "@backstage/types": ^1.2.1
+    "@google-cloud/firestore": ^7.0.0
+    "@node-saml/passport-saml": ^5.0.0
+    "@types/express": ^4.17.6
+    "@types/passport": ^1.0.3
+    compression: ^1.7.4
+    connect-session-knex: ^4.0.0
+    cookie-parser: ^1.4.5
+    cors: ^2.8.5
+    express: ^4.17.1
+    express-promise-router: ^4.1.0
+    express-session: ^1.17.1
+    fs-extra: ^11.2.0
+    google-auth-library: ^9.0.0
+    jose: ^5.0.0
+    knex: ^3.0.0
+    lodash: ^4.17.21
+    luxon: ^3.0.0
+    minimatch: ^9.0.0
+    morgan: ^1.10.0
+    node-cache: ^5.1.2
+    openid-client: ^5.2.1
+    passport: ^0.7.0
+    passport-auth0: ^1.4.3
+    passport-github2: ^0.1.12
+    passport-google-oauth20: ^2.0.0
+    passport-microsoft: ^1.0.0
+    passport-oauth2: ^1.6.1
+    passport-onelogin-oauth: ^0.0.1
+    uuid: ^11.0.0
+    winston: ^3.2.1
+    yn: ^4.0.0
+  checksum: 308f7db6395a316ee5b3be1075cb35c87dd6146b641879d25207ea43b240607d1a24cd0906c7a05bae092e03d716f7ffef144a9725e0987170aa25ed05d63989
+  languageName: node
+  linkType: hard
+
 "@backstage/plugin-auth-node@npm:0.5.6, @backstage/plugin-auth-node@npm:^0.5.1, @backstage/plugin-auth-node@npm:^0.5.2, @backstage/plugin-auth-node@npm:^0.5.3, @backstage/plugin-auth-node@npm:^0.5.4, @backstage/plugin-auth-node@npm:^0.5.6":
   version: 0.5.6
   resolution: "@backstage/plugin-auth-node@npm:0.5.6"
@@ -22724,11 +22789,9 @@ __metadata:
     "@backstage/backend-defaults": 0.7.0
     "@backstage/backend-dynamic-feature-service": 0.5.3
     "@backstage/backend-plugin-api": 1.1.1
-    "@backstage/catalog-model": 1.7.3
     "@backstage/cli": 0.29.5
     "@backstage/cli-node": 0.2.12
     "@backstage/config": 1.3.2
-    "@backstage/config-loader": 1.9.5
     "@backstage/plugin-app-backend": 0.4.4
     "@backstage/plugin-auth-backend": 0.24.2
     "@backstage/plugin-auth-backend-module-guest-provider": 0.2.4