feat(core): add PATCH/GET /saml-applications/:id APIs

packages/core/src/saml-applications/libraries/saml-applications.ts

@@ -0,0 +1,100 @@
+import {
+  ApplicationType,
+  type SamlApplicationResponse,
+  type PatchSamlApplication,
+} from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import { removeUndefinedKeys } from '@silverhand/essentials';
+
+import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { ensembleSamlApplication, generateKeyPairAndCertificate } from './utils.js';
+
+export const createSamlApplicationsLibrary = (queries: Queries) => {
+  const {
+    applications: { findApplicationById, updateApplicationById },
+    samlApplicationSecrets: {
+      insertSamlApplicationSecret,
+      findSamlApplicationSecretsByApplicationId,
+    },
+    samlApplicationConfigs: {
+      findSamlApplicationConfigByApplicationId,
+      updateSamlApplicationConfig,
+    },
+  } = queries;
+
+  const createNewSamlApplicationSecretForApplication = async (
+    applicationId: string,
+    // Set certificate life span to 1 year by default.
+    lifeSpanInDays = 365
+  ) => {
+    const { privateKey, certificate, notAfter } = await generateKeyPairAndCertificate(
+      lifeSpanInDays
+    );
+
+    return insertSamlApplicationSecret({
+      id: generateStandardId(),
+      applicationId,
+      privateKey,
+      certificate,
+      expiresAt: Math.floor(notAfter.getTime() / 1000),
+      active: false,
+    });
+  };
+
+  const findSamlApplicationById = async (
+    applicationId: string
+  ): Promise<SamlApplicationResponse> => {
+    const application = await findApplicationById(applicationId);
+    assertThat(application.type === ApplicationType.SAML, 'application.saml.saml_application_only');
+
+    const [samlConfig, samlSecrets] = await Promise.all([
+      findSamlApplicationConfigByApplicationId(application.id),
+      findSamlApplicationSecretsByApplicationId(application.id),
+    ]);
+
+    return ensembleSamlApplication({ application, samlConfig, samlSecret: samlSecrets });
+  };
+
+  const updateSamlApplicationById = async (
+    id: string,
+    patchApplicationObject: PatchSamlApplication
+  ): Promise<SamlApplicationResponse> => {
+    const { name, description, customData, config } = patchApplicationObject;
+
+    const [updatedApplication, upToDateSamlConfig, samlSecrets] = await Promise.all([
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+      name || description || customData
+        ? updateApplicationById(
+            id,
+            removeUndefinedKeys({
+              name,
+              description,
+              customData,
+            })
+          )
+        : findApplicationById(id),
+      config
+        ? updateSamlApplicationConfig({
+            set: config,
+            where: { applicationId: id },
+            jsonbMode: 'replace',
+          })
+        : findSamlApplicationConfigByApplicationId(id),
+      findSamlApplicationSecretsByApplicationId(id),
+    ]);
+
+    return ensembleSamlApplication({
+      application: updatedApplication,
+      samlConfig: upToDateSamlConfig,
+      samlSecret: samlSecrets,
+    });
+  };
+
+  return {
+    createNewSamlApplicationSecretForApplication,
+    findSamlApplicationById,
+    updateSamlApplicationById,
+  };
+};

packages/core/src/saml-applications/libraries/utils.ts

@@ -1,5 +1,11 @@
 import crypto from 'node:crypto';
 
+import {
+  type SamlApplicationResponse,
+  type SamlApplicationSecret,
+  type Application,
+  type SamlApplicationConfig,
+} from '@logto/schemas';
 import { addDays } from 'date-fns';
 import forge from 'node-forge';
 
@@ -56,3 +62,19 @@ const createCertificate = (keypair: forge.pki.KeyPair, lifeSpanInDays: number) =
     notAfter,
   };
 };
+
+export const ensembleSamlApplication = ({
+  application,
+  samlConfig,
+  samlSecret: secrets,
+}: {
+  application: Application;
+  samlConfig: Pick<SamlApplicationConfig, 'attributeMapping' | 'entityId' | 'acsUrl'>;
+  samlSecret: readonly SamlApplicationSecret[];
+}): SamlApplicationResponse => {
+  return {
+    ...application,
+    ...samlConfig,
+    secrets: [...secrets],
+  };
+};

packages/core/src/saml-applications/queries/configs.ts

@@ -16,7 +16,7 @@ export const createSamlApplicationConfigQueries = (pool: CommonQueryMethods) =>
   const updateSamlApplicationConfig = buildUpdateWhereWithPool(pool)(SamlApplicationConfigs, true);
 
   const findSamlApplicationConfigByApplicationId = async (applicationId: string) =>
-    pool.maybeOne<SamlApplicationConfig>(sql`
+    pool.one<SamlApplicationConfig>(sql`
       select ${sql.join(Object.values(fields), sql`, `)}
       from ${table}
       where ${fields.applicationId}=${applicationId}

packages/core/src/saml-applications/routes/index.ts

@@ -2,6 +2,7 @@ import {
   ApplicationType,
   BindingType,
   samlApplicationCreateGuard,
+  samlApplicationPatchGuard,
   samlApplicationResponseGuard,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
@@ -13,7 +14,7 @@ import koaGuard from '#src/middleware/koa-guard.js';
 import { buildOidcClientMetadata } from '#src/oidc/utils.js';
 import { generateInternalSecret } from '#src/routes/applications/application-secret.js';
 import type { ManagementApiRouter, RouterInitArgs } from '#src/routes/types.js';
-import { ensembleSamlApplication } from '#src/saml-applications/routes/utils.js';
+import { ensembleSamlApplication } from '#src/saml-applications/libraries/utils.js';
 import assertThat from '#src/utils/assert-that.js';
 
 export default function samlApplicationRoutes<T extends ManagementApiRouter>(
@@ -24,15 +25,19 @@ export default function samlApplicationRoutes<T extends ManagementApiRouter>(
     samlApplicationConfigs: { insertSamlApplicationConfig },
   } = queries;
   const {
-    samlApplicationSecrets: { createNewSamlApplicationSecretForApplication },
+    samlApplications: {
+      createNewSamlApplicationSecretForApplication,
+      findSamlApplicationById,
+      updateSamlApplicationById,
+    },
   } = libraries;
 
   router.post(
     '/saml-applications',
     koaGuard({
       body: samlApplicationCreateGuard,
       response: samlApplicationResponseGuard,
-      status: [201, 400],
+      status: [201, 400, 422],
     }),
     async (ctx, next) => {
       const { name, description, customData, config } = ctx.guard.body;
@@ -67,7 +72,48 @@ export default function samlApplicationRoutes<T extends ManagementApiRouter>(
       ]);
 
       ctx.status = 201;
-      ctx.body = ensembleSamlApplication({ application, samlConfig, samlSecret });
+      ctx.body = ensembleSamlApplication({ application, samlConfig, samlSecret: [samlSecret] });
+
+      return next();
+    }
+  );
+
+  router.get(
+    '/saml-applications/:id',
+    koaGuard({
+      params: z.object({
+        id: z.string(),
+      }),
+      response: samlApplicationResponseGuard,
+      status: [200, 400, 404],
+    }),
+    async (ctx, next) => {
+      const { id } = ctx.guard.params;
+
+      const samlApplication = await findSamlApplicationById(id);
+
+      ctx.status = 200;
+      ctx.body = samlApplication;
+
+      return next();
+    }
+  );
+
+  router.patch(
+    '/saml-applications/:id',
+    koaGuard({
+      params: z.object({ id: z.string() }),
+      body: samlApplicationPatchGuard,
+      response: samlApplicationResponseGuard,
+      status: [200, 400, 404, 422],
+    }),
+    async (ctx, next) => {
+      const { id } = ctx.guard.params;
+
+      const updatedSamlApplication = await updateSamlApplicationById(id, ctx.guard.body);
+
+      ctx.status = 200;
+      ctx.body = updatedSamlApplication;
 
       return next();
     }

packages/core/src/tenants/Libraries.ts

@@ -17,7 +17,7 @@ import { createSocialLibrary } from '#src/libraries/social.js';
 import { createSsoConnectorLibrary } from '#src/libraries/sso-connector.js';
 import { createUserLibrary } from '#src/libraries/user.js';
 import { createVerificationStatusLibrary } from '#src/libraries/verification-status.js';
-import { createSamlApplicationSecretsLibrary } from '#src/saml-applications/libraries/secrets.js';
+import { createSamlApplicationsLibrary } from '#src/saml-applications/libraries/saml-applications.js';
 
 import type Queries from './Queries.js';
 
@@ -38,7 +38,7 @@ export default class Libraries {
   passcodes = createPasscodeLibrary(this.queries, this.connectors);
   applications = createApplicationLibrary(this.queries);
   verificationStatuses = createVerificationStatusLibrary(this.queries);
-  samlApplicationSecrets = createSamlApplicationSecretsLibrary(this.queries);
+  samlApplications = createSamlApplicationsLibrary(this.queries);
   roleScopes = createRoleScopeLibrary(this.queries);
   domains = createDomainLibrary(this.queries);
   protectedApps = createProtectedAppLibrary(this.queries);

packages/integration-tests/src/api/saml-application.ts

@@ -1,4 +1,8 @@
-import { type SamlApplicationResponse, type CreateSamlApplication } from '@logto/schemas';
+import {
+  type SamlApplicationResponse,
+  type CreateSamlApplication,
+  type PatchSamlApplication,
+} from '@logto/schemas';
 
 import { authedAdminApi } from './api.js';
 
@@ -11,3 +15,14 @@ export const createSamlApplication = async (createSamlApplication: CreateSamlApp
 
 export const deleteSamlApplication = async (id: string) =>
   authedAdminApi.delete(`saml-applications/${id}`);
+
+export const updateSamlApplication = async (
+  id: string,
+  patchSamlApplication: PatchSamlApplication
+) =>
+  authedAdminApi
+    .patch(`saml-applications/${id}`, { json: patchSamlApplication })
+    .json<SamlApplicationResponse>();
+
+export const getSamlApplication = async (id: string) =>
+  authedAdminApi.get(`saml-applications/${id}`).json<SamlApplicationResponse>();

packages/integration-tests/src/tests/api/application/saml-application.test.ts

@@ -1,7 +1,12 @@
 import { ApplicationType, BindingType } from '@logto/schemas';
 
 import { createApplication, deleteApplication } from '#src/api/application.js';
-import { createSamlApplication, deleteSamlApplication } from '#src/api/saml-application.js';
+import {
+  createSamlApplication,
+  deleteSamlApplication,
+  updateSamlApplication,
+  getSamlApplication,
+} from '#src/api/saml-application.js';
 import { expectRejects } from '#src/helpers/index.js';
 import { devFeatureTest } from '#src/utils.js';
 
@@ -66,6 +71,31 @@ describe('SAML application', () => {
     await deleteSamlApplication(createdSamlApplication.id);
   });
 
+  it('should be able to update SAML application and get the updated one', async () => {
+    const createdSamlApplication = await createSamlApplication({
+      name: 'test',
+      description: 'test',
+    });
+
+    const newConfig = {
+      acsUrl: {
+        binding: BindingType.POST,
+        url: 'https://example.logto.io/sso/saml',
+      },
+    };
+    const updatedSamlApplication = await updateSamlApplication(createdSamlApplication.id, {
+      name: 'updated',
+      config: newConfig,
+    });
+    const upToDateSamlApplication = await getSamlApplication(createdSamlApplication.id);
+
+    expect(updatedSamlApplication).toEqual(upToDateSamlApplication);
+    expect(updatedSamlApplication.name).toEqual('updated');
+    expect(updatedSamlApplication.acsUrl).toEqual(newConfig.acsUrl);
+
+    await deleteSamlApplication(updatedSamlApplication.id);
+  });
+
   it('can not delete non-SAML applications with `DEL /saml-applications/:id` API', async () => {
     const application = await createApplication('test-non-saml-app', ApplicationType.Traditional, {
       isThirdParty: true,