fix: refactor authProviderModule and dangerouslyAllowSignInWithoutUserInCatalog config (#2354)

* fix dangerouslyAllowSignInWithoutUserInCatalog with OIDC

Signed-off-by: Jessica He <[email protected]>

* fix/patch rest of auth providers

Signed-off-by: Jessica He <[email protected]>

* update auth provider e2e tests

Signed-off-by: Jessica He <[email protected]>

---------

Signed-off-by: Jessica He <[email protected]>

Author: JessicaJHee

.yarn/patches/@backstage-plugin-auth-backend-module-atlassian-provider-npm-0.3.4-c82f4982c5.patch

@@ -0,0 +1,62 @@
+diff --git a/dist/index.d.ts b/dist/index.d.ts
+index 48136a1320584e3af0abfd4b7e5d28bfc77368f6..bde4ec87b64984d49397a85564264bbbd98f7f72 100644
+--- a/dist/index.d.ts
++++ b/dist/index.d.ts
+@@ -17,7 +17,9 @@ declare namespace atlassianSignInResolvers {
+     /**
+      * Looks up the user by matching their Atlassian username to the entity name.
+      */
+-    const usernameMatchingUserEntityName: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, unknown>;
++    const usernameMatchingUserEntityName: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, {
++        dangerouslyAllowSignInWithoutUserInCatalog?: boolean | undefined;
++    } | undefined>;
+ }
+ 
+ export { atlassianAuthenticator, atlassianSignInResolvers, authModuleAtlassianProvider as default };
+diff --git a/dist/resolvers.cjs.js b/dist/resolvers.cjs.js
+index 58621485a7d045b7c26dc1e28814c8f5c9f15729..326f6070dfbb4b7e5fe854d7f497d916d75c0a3a 100644
+--- a/dist/resolvers.cjs.js
++++ b/dist/resolvers.cjs.js
+@@ -1,18 +1,31 @@
+ 'use strict';
+ 
+ var pluginAuthNode = require('@backstage/plugin-auth-node');
++var zod = require('zod');
+ 
+ exports.atlassianSignInResolvers = void 0;
+ ((atlassianSignInResolvers2) => {
+   atlassianSignInResolvers2.usernameMatchingUserEntityName = pluginAuthNode.createSignInResolverFactory({
+-    create() {
++    optionsSchema: zod.z.object({
++      dangerouslyAllowSignInWithoutUserInCatalog: zod.z.boolean().optional()
++    }).optional(),
++    create(options = {}) {
+       return async (info, ctx) => {
+         const { result } = info;
+         const id = result.fullProfile.username;
+         if (!id) {
+           throw new Error(`Atlassian user profile does not contain a username`);
+         }
+-        return ctx.signInWithCatalogUser({ entityRef: { name: id } });
++        try {
++          return await ctx.signInWithCatalogUser({ entityRef: { name: id } });
++        } catch (error) {
++          return await pluginAuthNode.handleSignInUserNotFound({
++            ctx,
++            error,
++            userEntityName: id,
++            dangerouslyAllowSignInWithoutUserInCatalog: options?.dangerouslyAllowSignInWithoutUserInCatalog
++          });
++        }
+       };
+     }
+   });
+diff --git a/dist/resolvers.cjs.js.map b/dist/resolvers.cjs.js.map
+index 050a899e3e01fa6023a99fc63ce5fbcbfb14450e..89e1c3f72e24ae552f8a944953d16633a37deb54 100644
+--- a/dist/resolvers.cjs.js.map
++++ b/dist/resolvers.cjs.js.map
+@@ -1 +1 @@
+-{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the Atlassian auth provider.\n *\n * @public\n */\nexport namespace atlassianSignInResolvers {\n  /**\n   * Looks up the user by matching their Atlassian username to the entity name.\n   */\n  export const usernameMatchingUserEntityName = createSignInResolverFactory({\n    create() {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { result } = info;\n\n        const id = result.fullProfile.username;\n        if (!id) {\n          throw new Error(`Atlassian user profile does not contain a username`);\n        }\n\n        return ctx.signInWithCatalogUser({ entityRef: { name: id } });\n      };\n    },\n  });\n}\n"],"names":["atlassianSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AA4BiBA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,yBAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,QAAW,GAAA,IAAA;AAEnB,QAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,QAAA;AAC9B,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAI,MAAM,CAAoD,kDAAA,CAAA,CAAA;AAAA;AAGtE,QAAO,OAAA,GAAA,CAAI,sBAAsB,EAAE,SAAA,EAAW,EAAE,IAAM,EAAA,EAAA,IAAM,CAAA;AAAA,OAC9D;AAAA;AACF,GACD,CAAA;AAAA,CApBc,EAAAD,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;"}
+\ No newline at end of file
++{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  handleSignInUserNotFound,\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { z } from 'zod';\n\n/**\n * Available sign-in resolvers for the Atlassian auth provider.\n *\n * @public\n */\nexport namespace atlassianSignInResolvers {\n  /**\n   * Looks up the user by matching their Atlassian username to the entity name.\n   */\n  export const usernameMatchingUserEntityName = createSignInResolverFactory({\n    optionsSchema: z\n      .object({\n        dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n      })\n      .optional(),\n    create(options = {}) {\n      return async (\n        info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n        ctx,\n      ) => {\n        const { result } = info;\n\n        const id = result.fullProfile.username;\n        if (!id) {\n          throw new Error(`Atlassian user profile does not contain a username`);\n        }\n\n        try {\n          return await ctx.signInWithCatalogUser({ entityRef: { name: id } });\n        } catch (error) {\n          return await handleSignInUserNotFound({\n            ctx,\n            error,\n            userEntityName: id,\n            dangerouslyAllowSignInWithoutUserInCatalog:\n              options?.dangerouslyAllowSignInWithoutUserInCatalog,\n          });\n        }\n      };\n    },\n  });\n}\n"],"names":["atlassianSignInResolvers","createSignInResolverFactory","z","handleSignInUserNotFound"],"mappings":";;;;;AA8BiBA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,yBAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,aAAA,EAAeC,MACZ,MAAO,CAAA;AAAA,MACN,0CAA4C,EAAAA,KAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,KAClE,EACA,QAAS,EAAA;AAAA,IACZ,MAAA,CAAO,OAAU,GAAA,EAAI,EAAA;AACnB,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,QAAW,GAAA,IAAA;AAEnB,QAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,QAAA;AAC9B,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAI,MAAM,CAAoD,kDAAA,CAAA,CAAA;AAAA;AAGtE,QAAI,IAAA;AACF,UAAO,OAAA,MAAM,IAAI,qBAAsB,CAAA,EAAE,WAAW,EAAE,IAAA,EAAM,EAAG,EAAA,EAAG,CAAA;AAAA,iBAC3D,KAAO,EAAA;AACd,UAAA,OAAO,MAAMC,uCAAyB,CAAA;AAAA,YACpC,GAAA;AAAA,YACA,KAAA;AAAA,YACA,cAAgB,EAAA,EAAA;AAAA,YAChB,4CACE,OAAS,EAAA;AAAA,WACZ,CAAA;AAAA;AACH,OACF;AAAA;AACF,GACD,CAAA;AAAA,CAnCc,EAAAH,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;"}
+\ No newline at end of file

.yarn/patches/@backstage-plugin-auth-backend-module-azure-easyauth-provider-npm-0.2.4-a2db8644ad.patch

@@ -0,0 +1,71 @@
+diff --git a/dist/index.d.ts b/dist/index.d.ts
+index d10c3f272d0d204402a70d8ce848b745eb9d17c4..fa9d82893de040aa056e3e34cf6ba791b5a30369 100644
+--- a/dist/index.d.ts
++++ b/dist/index.d.ts
+@@ -18,7 +18,9 @@ declare const azureEasyAuthAuthenticator: _backstage_plugin_auth_node.ProxyAuthe
+ 
+ /** @public */
+ declare namespace azureEasyAuthSignInResolvers {
+-    const idMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<AzureEasyAuthResult, unknown>;
++    const idMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<AzureEasyAuthResult, {
++        dangerouslyAllowSignInWithoutUserInCatalog?: boolean | undefined;
++    } | undefined>;
+ }
+ 
+ export { type AzureEasyAuthResult, azureEasyAuthAuthenticator, azureEasyAuthSignInResolvers, authModuleAzureEasyAuthProvider as default };
+diff --git a/dist/resolvers.cjs.js b/dist/resolvers.cjs.js
+index 3da68275e976cc5550755d31c753ad51290a1a8a..907923a989c73acd2d2880e041d3c3d0923e645e 100644
+--- a/dist/resolvers.cjs.js
++++ b/dist/resolvers.cjs.js
+@@ -1,11 +1,15 @@
+ 'use strict';
+ 
+ var pluginAuthNode = require('@backstage/plugin-auth-node');
++var zod = require('zod');
+ 
+ exports.azureEasyAuthSignInResolvers = void 0;
+ ((azureEasyAuthSignInResolvers2) => {
+   azureEasyAuthSignInResolvers2.idMatchingUserEntityAnnotation = pluginAuthNode.createSignInResolverFactory({
+-    create() {
++    optionsSchema: zod.z.object({
++      dangerouslyAllowSignInWithoutUserInCatalog: zod.z.boolean().optional()
++    }).optional(),
++    create(options = {}) {
+       return async (info, ctx) => {
+         const {
+           fullProfile: { id }
+@@ -13,11 +17,20 @@ exports.azureEasyAuthSignInResolvers = void 0;
+         if (!id) {
+           throw new Error("User profile contained no id");
+         }
+-        return await ctx.signInWithCatalogUser({
+-          annotations: {
+-            "graph.microsoft.com/user-id": id
+-          }
+-        });
++        try {
++          return await ctx.signInWithCatalogUser({
++            annotations: {
++              "graph.microsoft.com/user-id": id
++            }
++          });
++        } catch (error) {
++          return await pluginAuthNode.handleSignInUserNotFound({
++            ctx,
++            error,
++            userEntityName: id,
++            dangerouslyAllowSignInWithoutUserInCatalog: options?.dangerouslyAllowSignInWithoutUserInCatalog
++          });
++        }
+       };
+     }
+   });
+diff --git a/dist/resolvers.cjs.js.map b/dist/resolvers.cjs.js.map
+index 4bbdf9fca4676bed9a1545d4208071414aaec854..3680d98a7b72c83224b51f8371869dbe2cf1c5b4 100644
+--- a/dist/resolvers.cjs.js.map
++++ b/dist/resolvers.cjs.js.map
+@@ -1 +1 @@
+-{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AzureEasyAuthResult } from './types';\n\n/** @public */\nexport namespace azureEasyAuthSignInResolvers {\n  export const idMatchingUserEntityAnnotation = createSignInResolverFactory({\n    create() {\n      return async (info: SignInInfo<AzureEasyAuthResult>, ctx) => {\n        const {\n          fullProfile: { id },\n        } = info.result;\n\n        if (!id) {\n          throw new Error('User profile contained no id');\n        }\n\n        return await ctx.signInWithCatalogUser({\n          annotations: {\n            'graph.microsoft.com/user-id': id,\n          },\n        });\n      };\n    },\n  });\n}\n"],"names":["azureEasyAuthSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AAuBiBA;AAAA,CAAV,CAAUA,6BAAV,KAAA;AACE,EAAMA,6BAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,MAAS,GAAA;AACP,MAAO,OAAA,OAAO,MAAuC,GAAQ,KAAA;AAC3D,QAAM,MAAA;AAAA,UACJ,WAAA,EAAa,EAAE,EAAG;AAAA,YAChB,IAAK,CAAA,MAAA;AAET,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAI,MAAM,8BAA8B,CAAA;AAAA;AAGhD,QAAO,OAAA,MAAM,IAAI,qBAAsB,CAAA;AAAA,UACrC,WAAa,EAAA;AAAA,YACX,6BAA+B,EAAA;AAAA;AACjC,SACD,CAAA;AAAA,OACH;AAAA;AACF,GACD,CAAA;AAAA,CAnBc,EAAAD,oCAAA,KAAAA,oCAAA,GAAA,EAAA,CAAA,CAAA;;"}
+\ No newline at end of file
++{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  handleSignInUserNotFound,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { AzureEasyAuthResult } from './types';\nimport { z } from 'zod';\n\n/** @public */\nexport namespace azureEasyAuthSignInResolvers {\n  export const idMatchingUserEntityAnnotation = createSignInResolverFactory({\n    optionsSchema: z\n      .object({\n        dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n      })\n      .optional(),\n    create(options = {}) {\n      return async (info: SignInInfo<AzureEasyAuthResult>, ctx) => {\n        const {\n          fullProfile: { id },\n        } = info.result;\n\n        if (!id) {\n          throw new Error('User profile contained no id');\n        }\n\n        try {\n          return await ctx.signInWithCatalogUser({\n            annotations: {\n              'graph.microsoft.com/user-id': id,\n            },\n          });\n        } catch (error) {\n          return await handleSignInUserNotFound({\n            ctx,\n            error,\n            userEntityName: id,\n            dangerouslyAllowSignInWithoutUserInCatalog:\n              options?.dangerouslyAllowSignInWithoutUserInCatalog,\n          });\n        }\n      };\n    },\n  });\n}\n"],"names":["azureEasyAuthSignInResolvers","createSignInResolverFactory","z","handleSignInUserNotFound"],"mappings":";;;;;AAyBiBA;AAAA,CAAV,CAAUA,6BAAV,KAAA;AACE,EAAMA,6BAAAA,CAAA,iCAAiCC,0CAA4B,CAAA;AAAA,IACxE,aAAA,EAAeC,MACZ,MAAO,CAAA;AAAA,MACN,0CAA4C,EAAAA,KAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,KAClE,EACA,QAAS,EAAA;AAAA,IACZ,MAAA,CAAO,OAAU,GAAA,EAAI,EAAA;AACnB,MAAO,OAAA,OAAO,MAAuC,GAAQ,KAAA;AAC3D,QAAM,MAAA;AAAA,UACJ,WAAA,EAAa,EAAE,EAAG;AAAA,YAChB,IAAK,CAAA,MAAA;AAET,QAAA,IAAI,CAAC,EAAI,EAAA;AACP,UAAM,MAAA,IAAI,MAAM,8BAA8B,CAAA;AAAA;AAGhD,QAAI,IAAA;AACF,UAAO,OAAA,MAAM,IAAI,qBAAsB,CAAA;AAAA,YACrC,WAAa,EAAA;AAAA,cACX,6BAA+B,EAAA;AAAA;AACjC,WACD,CAAA;AAAA,iBACM,KAAO,EAAA;AACd,UAAA,OAAO,MAAMC,uCAAyB,CAAA;AAAA,YACpC,GAAA;AAAA,YACA,KAAA;AAAA,YACA,cAAgB,EAAA,EAAA;AAAA,YAChB,4CACE,OAAS,EAAA;AAAA,WACZ,CAAA;AAAA;AACH,OACF;AAAA;AACF,GACD,CAAA;AAAA,CAlCc,EAAAH,oCAAA,KAAAA,oCAAA,GAAA,EAAA,CAAA,CAAA;;"}
+\ No newline at end of file