From 75f028f8a4f5ac2ddf66f563a72f5527e3612863 Mon Sep 17 00:00:00 2001
From: Pierre Lehnen <pierre.lehnen@rocket.chat>
Date: Wed, 21 Aug 2019 17:48:05 -0300
Subject: [PATCH 1/3] Add new setting to configure SAML context comparison

---
 app/meteor-accounts-saml/server/saml_rocketchat.js | 14 ++++++++++++++
 app/meteor-accounts-saml/server/saml_utils.js      |  3 ++-
 packages/rocketchat-i18n/i18n/en.i18n.json         |  7 ++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/app/meteor-accounts-saml/server/saml_rocketchat.js b/app/meteor-accounts-saml/server/saml_rocketchat.js
index 0d401b2c6d305..52ca7e131d831 100644
--- a/app/meteor-accounts-saml/server/saml_rocketchat.js
+++ b/app/meteor-accounts-saml/server/saml_rocketchat.js
@@ -160,6 +160,18 @@ Meteor.methods({
 			section: name,
 			i18nLabel: 'SAML_Custom_Authn_Context',
 		});
+		settings.add(`SAML_Custom_${ name }_authn_context_comparison`, 'exact', {
+			type: 'select',
+			values: [
+				{ key: 'better', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Better' },
+				{ key: 'exact', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Exact' },
+				{ key: 'maximum', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Maximum' },
+				{ key: 'minimum', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Minimum' },
+			],
+			group: 'SAML',
+			section: name,
+			i18nLabel: 'SAML_Custom_Authn_Context_Comparison',
+		});
 	},
 });
 
@@ -192,6 +204,7 @@ const getSamlConfigs = function(service) {
 		issuer: settings.get(`${ service.key }_issuer`),
 		logoutBehaviour: settings.get(`${ service.key }_logout_behaviour`),
 		customAuthnContext: settings.get(`${ service.key }_custom_authn_context`),
+		authnContextComparison: settings.get(`${ service.key }_authn_context_comparison`),
 		secret: {
 			privateKey: settings.get(`${ service.key }_private_key`),
 			publicCert: settings.get(`${ service.key }_public_cert`),
@@ -241,6 +254,7 @@ const configureSamlService = function(samlConfigs) {
 		privateCert,
 		privateKey,
 		customAuthnContext: samlConfigs.customAuthnContext,
+		authnContextComparison: samlConfigs.authnContextComparison,
 	};
 };
 
diff --git a/app/meteor-accounts-saml/server/saml_utils.js b/app/meteor-accounts-saml/server/saml_utils.js
index 37313596a222a..7f8452134be5c 100644
--- a/app/meteor-accounts-saml/server/saml_utils.js
+++ b/app/meteor-accounts-saml/server/saml_utils.js
@@ -96,9 +96,10 @@ SAML.prototype.generateAuthorizeRequest = function(req) {
 		request += `<samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="${ this.options.identifierFormat }" AllowCreate="true"></samlp:NameIDPolicy>\n`;
 	}
 
+	const authnContextComparison = this.options.authnContextComparison || 'exact';
 	const authnContext = this.options.customAuthnContext || 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport';
 	request
-		+= '<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">'
+		+= `<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="${ authnContextComparison }">`
 		+ `<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">${ authnContext }</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n`
 		+ '</samlp:AuthnRequest>';
 
diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
index 8a7634c7f9ace..9d6d4ea026a7b 100644
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -2650,6 +2650,11 @@
   "Same_Style_For_Mentions": "Same style for mentions",
   "SAML": "SAML",
   "SAML_Custom_Authn_Context": "Custom Authn Context",
+  "SAML_Custom_Authn_Context_Comparison": "Authn Context Comparison",
+  "SAML_Custom_Authn_Context_Comparison_Better": "Better",
+  "SAML_Custom_Authn_Context_Comparison_Exact": "Exact",
+  "SAML_Custom_Authn_Context_Comparison_Maximum": "Maximum",
+  "SAML_Custom_Authn_Context_Comparison_Minimum": "Minimum",
   "SAML_Custom_Cert": "Custom Certificate",
   "SAML_Custom_Debug": "Enable Debug",
   "SAML_Custom_Entry_point": "Custom Entry Point",
@@ -3396,4 +3401,4 @@
   "Your_question": "Your question",
   "Your_server_link": "Your server link",
   "Your_workspace_is_ready": "Your workspace is ready to use 🎉"
-}
\ No newline at end of file
+}

From 9b5147889969be34adf411df0b63030671335952 Mon Sep 17 00:00:00 2001
From: pierre-lehnen-rc <55164754+pierre-lehnen-rc@users.noreply.github.com>
Date: Thu, 19 Sep 2019 13:46:02 -0300
Subject: [PATCH 2/3] Use setting values as i18n keys instead of the setting
 name+value

Co-Authored-By: Diego Sampaio <chinello@gmail.com>
---
 app/meteor-accounts-saml/server/saml_rocketchat.js | 8 ++++----
 packages/rocketchat-i18n/i18n/en.i18n.json         | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/meteor-accounts-saml/server/saml_rocketchat.js b/app/meteor-accounts-saml/server/saml_rocketchat.js
index 52ca7e131d831..47c11be7aa54d 100644
--- a/app/meteor-accounts-saml/server/saml_rocketchat.js
+++ b/app/meteor-accounts-saml/server/saml_rocketchat.js
@@ -163,10 +163,10 @@ Meteor.methods({
 		settings.add(`SAML_Custom_${ name }_authn_context_comparison`, 'exact', {
 			type: 'select',
 			values: [
-				{ key: 'better', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Better' },
-				{ key: 'exact', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Exact' },
-				{ key: 'maximum', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Maximum' },
-				{ key: 'minimum', i18nLabel: 'SAML_Custom_Authn_Context_Comparison_Minimum' },
+				{ key: 'better', i18nLabel: 'Better' },
+				{ key: 'exact', i18nLabel: 'Exact' },
+				{ key: 'maximum', i18nLabel: 'Maximum' },
+				{ key: 'minimum', i18nLabel: 'Minimum' },
 			],
 			group: 'SAML',
 			section: name,
diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
index 9d6d4ea026a7b..81674dec82326 100644
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -2651,10 +2651,10 @@
   "SAML": "SAML",
   "SAML_Custom_Authn_Context": "Custom Authn Context",
   "SAML_Custom_Authn_Context_Comparison": "Authn Context Comparison",
-  "SAML_Custom_Authn_Context_Comparison_Better": "Better",
-  "SAML_Custom_Authn_Context_Comparison_Exact": "Exact",
-  "SAML_Custom_Authn_Context_Comparison_Maximum": "Maximum",
-  "SAML_Custom_Authn_Context_Comparison_Minimum": "Minimum",
+  "Better": "Better",
+  "Exact": "Exact",
+  "Maximum": "Maximum",
+  "Minimum": "Minimum",
   "SAML_Custom_Cert": "Custom Certificate",
   "SAML_Custom_Debug": "Enable Debug",
   "SAML_Custom_Entry_point": "Custom Entry Point",

From a542e27c8791c8a326e1fcbf204a1e55d4e874c5 Mon Sep 17 00:00:00 2001
From: Diego Sampaio <chinello@gmail.com>
Date: Thu, 19 Sep 2019 17:33:21 -0300
Subject: [PATCH 3/3] Improve i18n order

---
 packages/rocketchat-i18n/i18n/en.i18n.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
index 55f6804357d8e..cd2f220aa6bfc 100644
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -460,6 +460,7 @@
   "ban-user": "Ban User",
   "ban-user_description": "Permission to ban a user from a channel",
   "Beta_feature_Depends_on_Video_Conference_to_be_enabled": "Beta feature. Depends on Video Conference to be enabled.",
+  "Better": "Better",
   "Best_first_response_time": "Best first response time",
   "Block_User": "Block User",
   "Blockchain": "Blockchain",
@@ -1341,6 +1342,7 @@
   "every_six_hours": "Once every six hours",
   "every_day": "Once every day",
   "Everyone_can_access_this_channel": "Everyone can access this channel",
+  "Exact": "Exact",
   "Example_s": "Example: <code class=\"inline\">%s</code>",
   "Exclude_Botnames": "Exclude Bots",
   "Exclude_Botnames_Description": "Do not propagate messages from bots whose name matches the regular expression above. If left empty, all messages from bots will be propagated.",
@@ -2068,6 +2070,7 @@
   "Max_length_is": "Max length is %s",
   "Max_number_incoming_livechats_displayed": "Max number of items displayed in the queue",
   "Max_number_incoming_livechats_displayed_description": "(Optional) Max number of items displayed in the incoming Livechats queue.",
+  "Maximum": "Maximum",
   "Media": "Media",
   "Medium": "Medium",
   "Members_List": "Members List",
@@ -2176,6 +2179,7 @@
   "meteor_status_try_now_waiting": "Try now",
   "meteor_status_try_now_offline": "Connect again",
   "Min_length_is": "Min length is %s",
+  "Minimum": "Minimum",
   "Minimum_balance": "Minimum balance",
   "minutes": "minutes",
   "Mobile": "Mobile",
@@ -2661,10 +2665,6 @@
   "SAML": "SAML",
   "SAML_Custom_Authn_Context": "Custom Authn Context",
   "SAML_Custom_Authn_Context_Comparison": "Authn Context Comparison",
-  "Better": "Better",
-  "Exact": "Exact",
-  "Maximum": "Maximum",
-  "Minimum": "Minimum",
   "SAML_Custom_Cert": "Custom Certificate",
   "SAML_Custom_Debug": "Enable Debug",
   "SAML_Custom_Entry_point": "Custom Entry Point",