Fix: Learn more button

Changed <a> to <div> to avoid nested <a>

backend/src/ee/routes/v1/saml-router.ts

@@ -27,6 +27,7 @@ type TSAMLConfig = {
   cert: string;
   audience: string;
   wantAuthnResponseSigned?: boolean;
+  wantAssertionsSigned?: boolean;
   disableRequestedAuthnContext?: boolean;
 };
 
@@ -82,6 +83,10 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
                 samlConfig.audience = `spn:${ssoConfig.issuer}`;
               }
             }
+            if (ssoConfig.authProvider === SamlProviders.GOOGLE_SAML) {
+              samlConfig.wantAssertionsSigned = false;
+            }
+
             (req as unknown as FastifyRequest).ssoConfig = ssoConfig;
             done(null, samlConfig);
           } catch (error) {

backend/src/ee/services/license/license-service.ts

@@ -47,7 +47,7 @@ export type TLicenseServiceFactory = ReturnType<typeof licenseServiceFactory>;
 const LICENSE_SERVER_CLOUD_LOGIN = "/api/auth/v1/license-server-login";
 const LICENSE_SERVER_ON_PREM_LOGIN = "/api/auth/v1/license-login";
 
-const LICENSE_SERVER_CLOUD_PLAN_TTL = 60; // 60s
+const LICENSE_SERVER_CLOUD_PLAN_TTL = 30; // 30 second
 const FEATURE_CACHE_KEY = (orgId: string) => `infisical-cloud-plan-${orgId}`;
 
 export const licenseServiceFactory = ({

backend/src/ee/services/saml-config/saml-config-types.ts

@@ -4,7 +4,8 @@ import { ActorType } from "@app/services/auth/auth-type";
 export enum SamlProviders {
   OKTA_SAML = "okta-saml",
   AZURE_SAML = "azure-saml",
-  JUMPCLOUD_SAML = "jumpcloud-saml"
+  JUMPCLOUD_SAML = "jumpcloud-saml",
+  GOOGLE_SAML = "google-saml"
 }
 
 export type TCreateSamlCfgDTO = {

backend/src/server/routes/v1/organization-router.ts

@@ -87,11 +87,12 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
     schema: {
       params: z.object({ organizationId: z.string().trim() }),
       body: z.object({
-        name: z.string().trim().optional(),
+        name: z.string().trim().max(64, { message: "Name must be 64 or fewer characters" }).optional(),
         slug: z
           .string()
           .trim()
-          .regex(/^[a-zA-Z0-9-]+$/, "Name must only contain alphanumeric characters or hyphens")
+          .max(64, { message: "Slug must be 64 or fewer characters" })
+          .regex(/^[a-zA-Z0-9-]+$/, "Slug must only contain alphanumeric characters or hyphens")
           .optional(),
         authEnforced: z.boolean().optional(),
         scimEnabled: z.boolean().optional()

backend/src/server/routes/v1/project-router.ts

@@ -222,7 +222,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         workspaceId: z.string().trim()
       }),
       body: z.object({
-        name: z.string().trim().optional(),
+        name: z.string().trim().max(64, { message: "Name must be 64 or fewer characters" }).optional(),
         autoCapitalization: z.boolean().optional()
       }),
       response: {

docs/documentation/platform/project-upgrade.mdx

@@ -2,7 +2,6 @@
 title: "Enhancing Security and Usability: Project Upgrades"
 ---
 
-
 At Infisical, we're constantly striving to elevate the security and usability standards of our platform to better serve our users.
 With this commitment in mind, we're excited to introduce our latest addition, non-E2EE projects, aimed at addressing two significant issues while enhancing how clients interact with Infisical programmatically.
 
@@ -11,11 +10,11 @@ Additionally, our API lacked the capability to interact with projects without de
 These obstacles made API driven automation and collaboration a painful experience for a majority of our users.
 
 To overcome these limitations, our upgrade focuses on disabling end-to-end encryption (E2EE) for projects.
-While this may raise eyebrows, it's important to understand that this decision is a strategic move to make Infisical easer to use and interact with.
+While this may raise eyebrows, it's important to understand that this decision is a strategic move to make Infisical easier to use and interact with.
 
-But what does this mean for our users? Essentially nothing, there are no changes required on your end. 
+But what does this mean for our users? Essentially nothing, there are no changes required on your end.
 Rest assured, all sensitive data remains encrypted at rest according to the latest industry standards.
 Our commitment to security remains unwavering, and this upgrade is a testament to our dedication to delivering on our promises in both security and usability when it comes to secrets management.
 
-To increase consistency with existing and future integrations, all projects created on Infisical from now on will have end-to-end encryption (E2EE) disabled by default. 
+To increase consistency with existing and future integrations, all projects created on Infisical from now on will have end-to-end encryption (E2EE) disabled by default.
 This will not only reduce confusion for end users, but will also make the Infisical API seamless to use.

docs/documentation/platform/sso/google-saml.mdx

@@ -0,0 +1,95 @@
+---
+title: "Google SAML"
+description: "Configure Google SAML for Infisical SSO"
+---
+
+<Info>
+    Google SAML SSO feature is a paid feature.
+   
+    If you're using Infisical Cloud, then it is available under the **Pro Tier**. If you're self-hosting Infisical,
+    then you should contact team@infisical.com to purchase an enterprise license to use it.
+</Info>
+
+<Steps>
+   <Step title="Prepare the SAML SSO configuration in Infisical">
+        In Infisical, head to your Organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+
+        Next, note the **ACS URL** and **SP Entity ID** to use when configuring the Google SAML application.
+      
+        ![Google SAML initial configuration](../../../images/sso/google-saml/init-config.png)
+   </Step>
+   <Step title="Create a SAML application in Google">
+        2.1. In your [Google Admin console](https://support.google.com/a/answer/182076), head to Menu > Apps > Web and mobile apps and
+        create a **custom SAML app**.
+        
+        ![Google SAML app creation](../../../images/sso/google-saml/create-custom-saml-app.png)
+        
+        2.2. In the **App details** tab, give the application a unique name like Infisical.
+        
+        ![Google SAML app naming](../../../images/sso/google-saml/name-custom-saml-app.png)
+        
+        2.3. In the **Google Identity Provider details** tab, copy the **SSO URL**, **Entity ID** and **Certificate**.
+        
+        ![Google SAML custom app details](../../../images/sso/google-saml/custom-saml-app-config.png)
+        
+        2.4. Back in Infisical, set **SSO URL**, **IdP Entity ID**, and **Certificate** to the corresponding items from step 2.3.
+        
+        ![Google SAML Infisical config](../../../images/sso/google-saml/infisical-config.png)
+        
+        2.5. Back in the Google Admin console, in the **Service provider details** tab, set the **ACS URL** and **Entity ID** to the corresponding items from step 1.
+
+        Also, check the **Signed response** checkbox.
+
+        ![Google SAML app config 2](../../../images/sso/google-saml/custom-saml-app-config-2.png)
+        
+        2.6. In the **Attribute mapping** tab, configure the following map:
+
+        - **First name** -> **firstName**
+        - **Last name** -> **lastName**
+        - **Primary email** -> **email**
+
+        ![Google SAML attribute mapping](../../../images/sso/google-saml/attribute-mapping.png)
+        
+        Click **Finish**.
+    </Step>
+    <Step title="Assign users in Google Workspace to the application">
+        Back in your [Google Admin console](https://support.google.com/a/answer/182076), head to Menu > Apps > Web and mobile apps > your SAML app
+        and press on **User access**.
+
+        ![Google SAML user access](../../../images/sso/google-saml/user-access.png)
+        
+        To assign everyone in your organization to the application, click **On for everyone** or **Off for everyone** and then click **Save**.
+        
+        You can also assign an organizational unit or set of users to an application; you can learn more about that [here](https://support.google.com/a/answer/6087519?hl=en#add_custom_saml&turn_on&verify_sso&&zippy=%2Cstep-add-the-custom-saml-app%2Cstep-turn-on-your-saml-app%2Cstep-verify-that-sso-is-working-with-your-custom-app).
+        
+        ![Google SAML user access assignment](../../../images/sso/google-saml/user-access-assign.png)
+    </Step>
+    <Step title="Enable SAML SSO in Infisical">
+        Enabling SAML SSO allows members in your organization to log into Infisical via Google Workspace.
+
+        ![Google SAML enable](../../../images/sso/google-saml/enable-saml.png)
+    </Step>
+    <Step title="Enforce SAML SSO in Infisical">
+        Enforcing SAML SSO ensures that members in your organization can only access Infisical
+        by logging into the organization via Google.
+
+        To enforce SAML SSO, you're required to test out the SAML connection by successfully authenticating at least one Google user with Infisical;
+        Once you've completed this requirement, you can toggle the **Enforce SAML SSO** button to enforce SAML SSO.
+        
+        <Warning>
+            We recommend ensuring that your account is provisioned the application in Google
+            prior to enforcing SAML SSO to prevent any unintended issues.
+        </Warning>
+    </Step>
+</Steps>
+
+<Note>
+   If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to
+   set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work:
+   
+   - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
+   - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
+</Note>
+
+References:
+- Google's guide to [set up your own custom SAML app](https://support.google.com/a/answer/6087519?hl=en#add_custom_saml&turn_on&verify_sso&&zippy=%2Cstep-add-the-custom-saml-app%2Cstep-turn-on-your-saml-app%2Cstep-verify-that-sso-is-working-with-your-custom-app).

docs/documentation/platform/sso/overview.mdx

@@ -22,3 +22,4 @@ your IdP cannot and will not have access to the decryption key needed to decrypt
 - [Okta SAML](/documentation/platform/sso/okta)
 - [Azure SAML](/documentation/platform/sso/azure)
 - [JumpCloud SAML](/documentation/platform/sso/jumpcloud)
+- [Google SAML](/documentation/platform/sso/google-saml)

docs/infisical-agent/overview.mdx

@@ -1,5 +1,5 @@
 ---
-title: "Infisical Agent"
+title: "Overview"
 ---
 
 Infisical Agent is a client daemon that simplifies the adoption of Infisical by providing a more scalable and user-friendly approach for applications to interact with Infisical.
@@ -51,6 +51,9 @@ While specifying an authentication method is mandatory to start the agent, confi
 | `sinks[].config.path`        | The file path where the access token should be stored for each sink in the list. |
 | `templates[].source-path`    | The path to the template file that should be used to render secrets. |
 | `templates[].destination-path` | The path where the rendered secrets from the source template will be saved to. |
+| `templates[].config.polling-interval` | How frequently to check for secret changes. Default: `60s` (optional)  |
+| `templates[].config.execute.command` | The command to execute when secret change is detected (optional) |
+| `templates[].config.execute.timeout` | How long in seconds to wait for command to execute before timing out (optional) |
 
 
 ## Quick start Infisical Agent
@@ -76,6 +79,11 @@ sinks:
 templates:
   - source-path: my-dot-ev-secret-template
     destination-path: /some/path/.env
+    config:
+      polling-interval: 60s
+      execute:
+        timeout: 30
+        command: ./reload-app.sh
 ```
 
 Above is an example agent configuration file that defines the token authentication method, one sink location (where to deposit access tokens after renewal) and a secret template. 

docs/internals/components.mdx

@@ -9,9 +9,7 @@ The Infisical API (sometimes referred to as the **backend**) contains the core p
 
 ## Storage backend
 
-Infisical relies on a storage backend to store data including users and secrets.
-
-Currently, the only supported storage backend is [MongoDB](https://www.mongodb.com) but we plan to add support for other options including PostgreSQL in Q1 2024.
+Infisical relies on a storage backend to store data including users and secrets. Infisical's storage backend is Postgres.
 
 ## Redis
 
@@ -27,4 +25,4 @@ Clients are any application or infrastructure that connecting to the Infisical A
 - Public API: Making API requests directly to the Infisical API.
 - Client SDK: A platform-specific library with method abstractions for working with secrets. Currently, there are three official SDKs: [Node SDK](https://infisical.com/docs/sdks/languages/node), [Python SDK](https://infisical.com/docs/sdks/languages/python), and [Java SDK](https://infisical.com/docs/sdks/languages/java).
 - CLI: A terminal-based interface for interacting with the Infisical API.
-- Kubernetes Operator: This operator retrieves secrets from Infisical and securely store
+- Kubernetes Operator: This operator retrieves secrets from Infisical and securely store

docs/mint.json

@@ -146,7 +146,8 @@
             "documentation/platform/sso/gitlab",
             "documentation/platform/sso/okta",
             "documentation/platform/sso/azure",
-            "documentation/platform/sso/jumpcloud"
+            "documentation/platform/sso/jumpcloud",
+            "documentation/platform/sso/google-saml"
           ]
         },
         {

frontend/src/components/v2/Menu/Menu.tsx

@@ -42,27 +42,27 @@ export const MenuItem = <T extends ElementType = "button">({
   const iconRef = useRef();
 
   return (
-    <a onMouseEnter={() => iconRef.current?.play()} onMouseLeave={() => iconRef.current?.stop()}>
+    <div onMouseEnter={() => iconRef.current?.play()} onMouseLeave={() => iconRef.current?.stop()}>
       <li
         className={twMerge(
-          "group px-1 py-2 mt-0.5 font-inter flex flex-col text-sm text-bunker-100 transition-all rounded cursor-pointer hover:bg-mineshaft-700 duration-50",
+          "duration-50 group mt-0.5 flex cursor-pointer flex-col rounded px-1 py-2 font-inter text-sm text-bunker-100 transition-all hover:bg-mineshaft-700",
           isSelected && "bg-mineshaft-600 hover:bg-mineshaft-600",
-          isDisabled && "hover:bg-transparent cursor-not-allowed",
+          isDisabled && "cursor-not-allowed hover:bg-transparent",
           className
         )}
       >
-        <motion.span className="w-full flex flex-row items-center justify-start rounded-sm">
+        <motion.span className="flex w-full flex-row items-center justify-start rounded-sm">
           <Item
             type="button"
             role="menuitem"
-            className="flex items-center relative"
+            className="relative flex items-center"
             ref={inputRef}
             {...props}
           >
             <div
               className={`${
                 isSelected ? "visisble" : "invisible"
-              } -left-[0.28rem] absolute w-[0.07rem] rounded-md h-5 bg-primary`}
+              } absolute -left-[0.28rem] h-5 w-[0.07rem] rounded-md bg-primary`}
             />
             {/* {icon && <span className="mr-3 ml-4 w-5 block group-hover:hidden">{icon}</span>} */}
             {icon && (
@@ -81,7 +81,7 @@ export const MenuItem = <T extends ElementType = "button">({
           {description && <span className="mt-2 text-xs">{description}</span>}
         </motion.span>
       </li>
-    </a>
+    </div>
   );
 };
 
@@ -103,16 +103,16 @@ export const SubMenuItem = <T extends ElementType = "button">({
     <a onMouseEnter={() => iconRef.current?.play()} onMouseLeave={() => iconRef.current?.stop()}>
       <li
         className={twMerge(
-          "group px-1 py-1 mt-0.5 font-inter flex flex-col text-sm text-mineshaft-300 hover:text-mineshaft-100 transition-all rounded cursor-pointer hover:bg-mineshaft-700 duration-50",
-          isDisabled && "hover:bg-transparent cursor-not-allowed",
+          "duration-50 group mt-0.5 flex cursor-pointer flex-col rounded px-1 py-1 font-inter text-sm text-mineshaft-300 transition-all hover:bg-mineshaft-700 hover:text-mineshaft-100",
+          isDisabled && "cursor-not-allowed hover:bg-transparent",
           className
         )}
       >
-        <motion.span className="w-full flex flex-row items-center justify-start rounded-sm pl-6">
+        <motion.span className="flex w-full flex-row items-center justify-start rounded-sm pl-6">
           <Item
             type="button"
             role="menuitem"
-            className="flex items-center relative"
+            className="relative flex items-center"
             ref={inputRef}
             {...props}
           >

frontend/src/components/v2/UpgradeProjectAlert/UpgradeProjectAlert.tsx

@@ -103,7 +103,7 @@ export const UpgradeProjectAlert = ({ project }: UpgradeProjectAlertProps): JSX.
               Upgrade your project version to continue receiving the latest improvements and
               patches.
             </p>
-            <Link href="/docs/documentation/platform/project-upgrade">
+            <Link href="https://infisical.com/docs/documentation/platform/project-upgrade">
               <a target="_blank" className="text-primary-400">
                 Learn more
               </a>
@@ -117,7 +117,7 @@ export const UpgradeProjectAlert = ({ project }: UpgradeProjectAlertProps): JSX.
               Upgrading the project version is required to continue receiving the latest
               improvements and patches.
             </p>
-            <Link href="/docs/documentation/platform/project-upgrade">
+            <Link href="https://infisical.com/docs/documentation/platform/project-upgrade">
               <a target="_blank" className="text-primary-400">
                 Learn more
               </a>

frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/OrgSSOSection.tsx

@@ -19,7 +19,8 @@ import { SSOModal } from "./SSOModal";
 const ssoAuthProviderMap: { [key: string]: string } = {
   "okta-saml": "Okta SAML",
   "azure-saml": "Azure SAML",
-  "jumpcloud-saml": "JumpCloud SAML"
+  "jumpcloud-saml": "JumpCloud SAML",
+  "google-saml": "Google SAML"
 };
 
 export const OrgSSOSection = (): JSX.Element => {

frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/SSOModal.tsx

@@ -21,13 +21,15 @@ import { UsePopUpState } from "@app/hooks/usePopUp";
 enum AuthProvider {
   OKTA_SAML = "okta-saml",
   AZURE_SAML = "azure-saml",
-  JUMPCLOUD_SAML = "jumpcloud-saml"
+  JUMPCLOUD_SAML = "jumpcloud-saml",
+  GOOGLE_SAML = "google-saml"
 }
 
 const ssoAuthProviders = [
   { label: "Okta SAML", value: AuthProvider.OKTA_SAML },
   { label: "Azure SAML", value: AuthProvider.AZURE_SAML },
-  { label: "JumpCloud SAML", value: AuthProvider.JUMPCLOUD_SAML }
+  { label: "JumpCloud SAML", value: AuthProvider.JUMPCLOUD_SAML },
+  { label: "Google SAML", value: AuthProvider.GOOGLE_SAML }
 ];
 
 const schema = yup
@@ -140,7 +142,15 @@ export const SSOModal = ({ popUp, handlePopUpClose, handlePopUpToggle }: Props)
           issuer: "IdP Entity ID",
           issuerPlaceholder: "xxx"
         };
-
+      case AuthProvider.GOOGLE_SAML:
+        return {
+          acsUrl: "ACS URL",
+          entityId: "SP Entity ID",
+          entryPoint: "SSO URL",
+          entryPointPlaceholder: "https://accounts.google.com/o/saml2/idp?idpid=xxx",
+          issuer: "IdP Entity ID",
+          issuerPlaceholder: "https://accounts.google.com/o/saml2/idp?idpid=xxx"
+        };
       default:
         return {
           acsUrl: "ACS URL",