Remove SAML SSO + WorkOS code (campsite#14)

buildwithflux · Dec 12, 2024 · 3f4ff84 · 3f4ff84
1 parent e09d6e2
commit 3f4ff84
Show file tree

Hide file tree

Showing 62 changed files with 30 additions and 1,818 deletions.
diff --git a/README.md b/README.md
@@ -75,7 +75,6 @@ There are many other services we use to power Campsite features. Create accounts
 - `slack` - Campsite Slack app
 - `vercel.revalidate_static_cache` - generate your own key to safely revalidate cached docs (ISR)
 - `webpush_vapid` - VAPID keys necessary to send web push notifications ([docs](https://github.com/pushpad/web-push#generating-vapid-keys))
-- `workos` - SSO (likely wont need this)
 - `zapier` - The Campsite Zapier app
 - `tenor` - GIF search ([docs](https://tenor.com/gifapi))
 

diff --git a/api/Gemfile b/api/Gemfile
@@ -26,7 +26,6 @@ gem "faraday-follow_redirects"
 gem "flipper", "~> 1.0"
 gem "flipper-active_record", "~> 1.0"
 gem "friendly_id", "~> 5.4.0"
-gem "workos"
 gem "ip_anonymizer"
 gem "jsbundling-rails"
 gem "json-schema"

diff --git a/api/Gemfile.lock b/api/Gemfile.lock
@@ -465,7 +465,6 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    sorbet-runtime (0.5.11367)
     sprockets (4.1.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -518,8 +517,6 @@ GEM
     workflow-activerecord (6.0.1)
       activerecord (>= 6.0)
       workflow (~> 3.0)
-    workos (2.12.0)
-      sorbet-runtime (~> 0.5)
     yajl-ruby (1.4.3)
     zeitwerk (2.6.18)
 
@@ -613,7 +610,6 @@ DEPENDENCIES
   web-push
   webmock
   workflow-activerecord
-  workos
   yajl-ruby
 
 RUBY VERSION

diff --git a/api/README.md b/api/README.md
@@ -43,16 +43,6 @@ When you invite users in dev, or create new accounts etc you'll send/receive ema
 (currently the stylesheet is broken, but you have a list of the emails at the top and then you can view them in an iframe at the bottom). If you're inviting a new user, make sure you log out with your existing user before you
 click the link in the email :)
 
-### SAML SSO
-
-To set up SSO for the seeded Campsite organization in development using Auth0 as the identity provider (IdP), follow these steps:
-
-1. From the `api` directory, run `bin/rails dev:setup_sso_user` to set up Campsite and Auth0 users with your Campsite email address.
-2. Start the API and client servers with ngrok (`script/dev --ngrok` from the root directory).
-3. Visit https://app-dev.campsite.com/campsite/settings using your Campsite email address.
-4. Scroll down to "Single Sign-On." Click "Enable." Add the domain "campsite.com" and click "Enable."
-5. Click "Configure" and follow the WorkOS Admin Portal prompts to create and connect a SAML2 web app in Auth0.
-
 ## Deploying
 
 ### Steps

diff --git a/api/app/controllers/api/v1/attachments_controller.rb b/api/app/controllers/api/v1/attachments_controller.rb
@@ -6,7 +6,6 @@ class AttachmentsController < BaseController
       extend Apigen::Controller
 
       skip_before_action :require_authenticated_user, only: :show
-      skip_before_action :require_org_sso_authentication, only: :show
       skip_before_action :require_org_two_factor_authentication, only: :show
       skip_before_action :require_authenticated_organization_membership, only: :show
 

diff --git a/api/app/controllers/api/v1/base_controller.rb b/api/app/controllers/api/v1/base_controller.rb
@@ -16,7 +16,6 @@ class CalDotComUnauthorizedAccess < StandardError; end
       before_action :require_authenticated_user
       before_action :require_authenticated_organization_membership
       before_action :require_org_two_factor_authentication
-      before_action :require_org_sso_authentication
       before_action :set_sentry_info
       before_action :set_user_last_seen_at, if: proc { user_signed_in? && (!current_user.last_seen_at || current_user.last_seen_at < 1.hour.ago) }
       before_action :set_organization_membership_last_seen_at, if: proc { current_organization_membership && (!current_organization_membership.last_seen_at || current_organization_membership.last_seen_at < 1.hour.ago) }
@@ -107,7 +106,7 @@ def current_organization_membership
         @current_organization_membership ||= current_user
           &.kept_organization_memberships
           &.joins(:organization)
-          &.eager_load(:latest_status, organization: [:enforce_two_factor_authentication_setting, :enforce_sso_authentication_setting])
+          &.eager_load(:latest_status, organization: [:enforce_two_factor_authentication_setting])
           &.find_by(organization: { slug: params[:org_slug] })
       end
 
@@ -130,12 +129,6 @@ def current_project
         @current_project ||= current_organization.projects.find_by!(public_id: params[:project_id])
       end
 
-      def current_user_sso_session?
-        return false unless current_user.workos_profile_id?
-
-        session[:sso_session_id] == current_user.workos_profile_id
-      end
-
       def require_org_two_factor_authentication
         return unless current_organization
         return unless current_organization_membership
@@ -180,21 +173,6 @@ def ensure_cal_dot_com_token_access_restricted
         end
       end
 
-      def require_org_sso_authentication
-        return unless current_organization
-        return unless current_organization_membership&.enforce_sso_authentication?
-        return if figma_token_auth?
-        return if sync_token_auth?
-
-        unless current_user_sso_session?
-          render_error(
-            status: :forbidden,
-            code: "sso_required",
-            message: "Your organization requires SSO authentication, please authenticate through SSO to continue.",
-          )
-        end
-      end
-
       def require_linear_integration
         render(status: :forbidden) unless current_organization.linear_integration
       end

diff --git a/api/app/controllers/api/v1/data_export_callbacks_controller.rb b/api/app/controllers/api/v1/data_export_callbacks_controller.rb
@@ -4,7 +4,6 @@ module Api
   module V1
     class DataExportCallbacksController < BaseController
       skip_before_action :require_authenticated_user, only: :update
-      skip_before_action :require_org_sso_authentication, only: :update
       skip_before_action :require_org_two_factor_authentication, only: :update
       skip_before_action :require_authenticated_organization_membership, only: :update
 

diff --git a/api/app/controllers/api/v1/organization_invitations_controller.rb b/api/app/controllers/api/v1/organization_invitations_controller.rb
@@ -4,7 +4,6 @@ module Api
   module V1
     class OrganizationInvitationsController < BaseController
       skip_before_action :require_authenticated_organization_membership, only: [:accept, :destroy, :show]
-      skip_before_action :require_org_sso_authentication, only: [:accept, :destroy, :show]
       skip_before_action :require_org_two_factor_authentication, only: [:accept, :destroy, :show]
 
       rescue_from Role::RoleNotFoundError, with: :render_unprocessable_entity

diff --git a/api/app/controllers/api/v1/organization_membership_requests_controller.rb b/api/app/controllers/api/v1/organization_membership_requests_controller.rb
@@ -5,7 +5,6 @@ module V1
     class OrganizationMembershipRequestsController < BaseController
       skip_before_action :require_authenticated_organization_membership, only: [:create, :show]
       skip_before_action :require_org_two_factor_authentication, only: [:create, :show]
-      skip_before_action :require_org_sso_authentication, only: [:create, :show]
 
       extend Apigen::Controller
 

diff --git a/api/app/controllers/api/v1/organizations/features_controller.rb b/api/app/controllers/api/v1/organizations/features_controller.rb
@@ -9,7 +9,6 @@ class FeaturesController < V1::BaseController
         skip_before_action :require_authenticated_user, only: :index
         skip_before_action :require_authenticated_organization_membership, only: :index
         skip_before_action :require_org_two_factor_authentication, only: :index
-        skip_before_action :require_org_sso_authentication, only: :index
 
         response code: 200 do
           { features: { type: :string, is_array: true, enum: (Organization::FEATURE_FLAGS + Plan::FEATURES).uniq } }

diff --git a/api/app/controllers/api/v1/organizations/sso_configuration_controller.rb b/api/app/controllers/api/v1/organizations/sso_configuration_controller.rb
diff --git a/api/app/controllers/api/v1/organizations/sso_webhooks_controller.rb b/api/app/controllers/api/v1/organizations/sso_webhooks_controller.rb
diff --git a/api/app/controllers/api/v1/organizations/verified_domain_memberships_controller.rb b/api/app/controllers/api/v1/organizations/verified_domain_memberships_controller.rb
@@ -5,7 +5,6 @@ module V1
     module Organizations
       class VerifiedDomainMembershipsController < BaseController
         skip_before_action :require_authenticated_organization_membership, only: [:create]
-        skip_before_action :require_org_sso_authentication, only: [:create]
         skip_before_action :require_org_two_factor_authentication, only: [:create]
 
         extend Apigen::Controller

diff --git a/api/app/controllers/api/v1/organizations_controller.rb b/api/app/controllers/api/v1/organizations_controller.rb
@@ -4,7 +4,6 @@ module Api
   module V1
     class OrganizationsController < BaseController
       skip_before_action :require_authenticated_organization_membership, only: [:index, :create, :join]
-      skip_before_action :require_org_sso_authentication, only: [:join]
       skip_before_action :require_org_two_factor_authentication, only: [:join]
 
       extend Apigen::Controller

diff --git a/api/app/controllers/users/sso/reauthorize_sessions_controller.rb b/api/app/controllers/users/sso/reauthorize_sessions_controller.rb
diff --git a/api/app/controllers/users/sso/sessions_controller.rb b/api/app/controllers/users/sso/sessions_controller.rb
diff --git a/api/app/jobs/work_os_connection_activated_job.rb b/api/app/jobs/work_os_connection_activated_job.rb