feat: fix Data Missing From casbin_rule Table After Importing init_data.json (#4167 )

feat: fix bug that send code type will be "phone" when logged-in via autofill (#4164 )
feat: add username and loginHint to redirect URL in HandleSamlRedirect of SAML IdP (#4162 )
2025-09-10 12:50:29 +08:00 · 2025-09-09 21:20:25 +08:00 · 2025-09-08 18:13:52 +08:00 · 2025-09-07 14:18:35 +08:00
5 changed files with 50 additions and 5 deletions
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -59,8 +59,10 @@ func (c *ApiController) HandleSamlRedirect() {

 	relayState := c.Input().Get("RelayState")
 	samlRequest := c.Input().Get("SAMLRequest")
+	username := c.Input().Get("username")
+	loginHint := c.Input().Get("login_hint")

-	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)
+	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host, username, loginHint)

 	c.Redirect(targetURL, http.StatusSeeOther)
 }
--- a/object/init_data.go
+++ b/object/init_data.go
@@ -46,6 +46,8 @@ type InitData struct {
 	Sessions      []*Session            `json:"sessions"`
 	Subscriptions []*Subscription       `json:"subscriptions"`
 	Transactions  []*Transaction        `json:"transactions"`
+
+	EnforcerPolicies map[string][][]string `json:"enforcerPolicies"`
 }

 var initDataNewOnly bool
@@ -116,7 +118,8 @@ func InitFromFile() {
 			initDefinedAdapter(adapter)
 		}
 		for _, enforcer := range initData.Enforcers {
-			initDefinedEnforcer(enforcer)
+			policies := initData.EnforcerPolicies[enforcer.GetId()]
+			initDefinedEnforcer(enforcer, policies)
 		}
 		for _, plan := range initData.Plans {
 			initDefinedPlan(plan)
@@ -175,6 +178,8 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 		Sessions:      []*Session{},
 		Subscriptions: []*Subscription{},
 		Transactions:  []*Transaction{},
+
+		EnforcerPolicies: map[string][][]string{},
 	}
 	err := util.JsonToStruct(s, data)
 	if err != nil {
@@ -694,7 +699,7 @@ func initDefinedAdapter(adapter *Adapter) {
 	}
 }

-func initDefinedEnforcer(enforcer *Enforcer) {
+func initDefinedEnforcer(enforcer *Enforcer, policies [][]string) {
 	existed, err := getEnforcer(enforcer.Owner, enforcer.Name)
 	if err != nil {
 		panic(err)
@@ -716,6 +721,20 @@ func initDefinedEnforcer(enforcer *Enforcer) {
 	if err != nil {
 		panic(err)
 	}
+
+	err = enforcer.InitEnforcer()
+	if err != nil {
+		panic(err)
+	}
+
+	_, err = enforcer.AddPolicies(policies)
+	if err != nil {
+		panic(err)
+	}
+	err = enforcer.SavePolicy()
+	if err != nil {
+		panic(err)
+	}
 }

 func initDefinedPlan(plan *Plan) {
--- a/object/init_data_dump.go
+++ b/object/init_data_dump.go
@@ -146,6 +146,16 @@ func writeInitDataToFile(filePath string) error {
 		return err
 	}

+	enforcerPolicies := make(map[string][][]string)
+	for _, enforcer := range enforcers {
+		err = enforcer.InitEnforcer()
+		if err != nil {
+			continue
+		}
+
+		enforcerPolicies[enforcer.GetId()] = enforcer.GetPolicy()
+	}
+
 	data := &InitData{
 		Organizations: organizations,
 		Applications:  applications,
@@ -172,6 +182,8 @@ func writeInitDataToFile(filePath string) error {
 		Sessions:      sessions,
 		Subscriptions: subscriptions,
 		Transactions:  transactions,
+
+		EnforcerPolicies: enforcerPolicies,
 	}

 	text := util.StructToJsonFormatted(data)
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -26,6 +26,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net/url"
 	"strings"
 	"time"

@@ -547,7 +548,14 @@ func NewSamlResponse11(application *Application, user *User, requestID string, h
 	return samlResponse, nil
 }

-func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string) string {
+func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string, username string, loginHint string) string {
 	originF, _ := getOriginFromHost(host)
-	return fmt.Sprintf("%s/login/saml/authorize/%s/%s?relayState=%s&samlRequest=%s", originF, owner, application, relayState, samlRequest)
+	baseURL := fmt.Sprintf("%s/login/saml/authorize/%s/%s?relayState=%s&samlRequest=%s", originF, owner, application, relayState, samlRequest)
+	if username != "" {
+		baseURL += fmt.Sprintf("&username=%s", url.QueryEscape(username))
+	}
+	if loginHint != "" {
+		baseURL += fmt.Sprintf("&login_hint=%s", url.QueryEscape(loginHint))
+	}
+	return baseURL
 }
--- a/web/src/backend/UserBackend.js
+++ b/web/src/backend/UserBackend.js
@@ -125,6 +125,10 @@ export function setPassword(userOwner, userName, oldPassword, newPassword, code
 }

 export function sendCode(captchaType, captchaToken, clientSecret, method, countryCode = "", dest, type, applicationId, checkUser = "") {
+  if (Setting.isValidEmail(dest) && type !== "email") {
+    type = "email";
+  }
+
  const formData = new FormData();
  formData.append("captchaType", captchaType);
  formData.append("captchaToken", captchaToken);
Author	SHA1	Message	Date
DacongDA	8f7ea7f0a0	feat: fix Data Missing From casbin_rule Table After Importing init_data.json (#4167 )	2025-09-09 21:20:25 +08:00
DacongDA	2ab85c0c44	feat: fix bug that send code type will be "phone" when logged-in via autofill (#4164 )	2025-09-08 18:13:52 +08:00
Dev Hjz	bf67be2af6	feat: add username and loginHint to redirect URL in HandleSamlRedirect of SAML IdP (#4162 )	2025-09-07 14:18:35 +08:00