|
@@ -974,7 +974,7 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
|
|
|
|
|
|
validate_internal_sso_issuer_url(&cfg.sso_authority)?;
|
|
|
validate_internal_sso_redirect_url(&cfg.sso_callback_path)?;
|
|
|
- check_master_password_policy(&cfg.sso_master_password_policy)?;
|
|
|
+ validate_sso_master_password_policy(&cfg.sso_master_password_policy)?;
|
|
|
}
|
|
|
|
|
|
if cfg._enable_yubico {
|
|
@@ -1168,12 +1168,19 @@ fn validate_internal_sso_redirect_url(sso_callback_path: &String) -> Result<open
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-fn check_master_password_policy(sso_master_password_policy: &Option<String>) -> Result<(), Error> {
|
|
|
+fn validate_sso_master_password_policy(
|
|
|
+ sso_master_password_policy: &Option<String>,
|
|
|
+) -> Result<Option<serde_json::Value>, Error> {
|
|
|
let policy = sso_master_password_policy.as_ref().map(|mpp| serde_json::from_str::<serde_json::Value>(mpp));
|
|
|
- if let Some(Err(error)) = policy {
|
|
|
- err!(format!("Invalid sso_master_password_policy ({error}), Ensure that it's correctly escaped with ''"))
|
|
|
+
|
|
|
+ match policy {
|
|
|
+ None => Ok(None),
|
|
|
+ Some(Ok(jsobject @ serde_json::Value::Object(_))) => Ok(Some(jsobject)),
|
|
|
+ Some(Ok(_)) => err!("Invalid sso_master_password_policy: parsed value is not a JSON object"),
|
|
|
+ Some(Err(error)) => {
|
|
|
+ err!(format!("Invalid sso_master_password_policy ({error}), Ensure that it's correctly escaped with ''"))
|
|
|
+ }
|
|
|
}
|
|
|
- Ok(())
|
|
|
}
|
|
|
|
|
|
/// Extracts an RFC 6454 web origin from a URL.
|
|
@@ -1578,6 +1585,10 @@ impl Config {
|
|
|
validate_internal_sso_redirect_url(&self.sso_callback_path())
|
|
|
}
|
|
|
|
|
|
+ pub fn sso_master_password_policy_value(&self) -> Option<serde_json::Value> {
|
|
|
+ validate_sso_master_password_policy(&self.sso_master_password_policy()).ok().flatten()
|
|
|
+ }
|
|
|
+
|
|
|
pub fn sso_scopes_vec(&self) -> Vec<String> {
|
|
|
self.sso_scopes().split_whitespace().map(str::to_string).collect()
|
|
|
}
|