@adobe/spacecat-shared-http-utils 1.14.0 → 1.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +2 -1
- package/src/auth/handlers/ims.js +32 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
# [@adobe/spacecat-shared-http-utils-v1.14.2](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.14.1...@adobe/spacecat-shared-http-utils-v1.14.2) (2025-06-16)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Bug Fixes
|
|
5
|
+
|
|
6
|
+
* case insensitive check ([#804](https://github.com/adobe/spacecat-shared/issues/804)) ([264a524](https://github.com/adobe/spacecat-shared/commit/264a5245301660e842a40187afbfe1a7c1af31d2))
|
|
7
|
+
|
|
8
|
+
# [@adobe/spacecat-shared-http-utils-v1.14.1](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.14.0...@adobe/spacecat-shared-http-utils-v1.14.1) (2025-06-06)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Bug Fixes
|
|
12
|
+
|
|
13
|
+
* trigger a release for non-adobe users tenant isolation ([#789](https://github.com/adobe/spacecat-shared/issues/789)) ([92f5aa2](https://github.com/adobe/spacecat-shared/commit/92f5aa2cb65ffe1e1f19ef35f94f1f5016a49979))
|
|
14
|
+
|
|
1
15
|
# [@adobe/spacecat-shared-http-utils-v1.14.0](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.13.2...@adobe/spacecat-shared-http-utils-v1.14.0) (2025-05-27)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adobe/spacecat-shared-http-utils",
|
|
3
|
-
"version": "1.14.
|
|
3
|
+
"version": "1.14.2",
|
|
4
4
|
"description": "Shared modules of the Spacecat Services - HTTP Utils",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -12,6 +12,7 @@
|
|
|
12
12
|
"scripts": {
|
|
13
13
|
"test": "c8 mocha --spec=test/**/*.test.js",
|
|
14
14
|
"lint": "eslint .",
|
|
15
|
+
"lint:fix": "eslint --fix .",
|
|
15
16
|
"clean": "rm -rf package-lock.json node_modules"
|
|
16
17
|
},
|
|
17
18
|
"mocha": {
|
package/src/auth/handlers/ims.js
CHANGED
|
@@ -10,16 +10,14 @@
|
|
|
10
10
|
* governing permissions and limitations under the License.
|
|
11
11
|
*/
|
|
12
12
|
|
|
13
|
-
import { hasText } from '@adobe/spacecat-shared-utils';
|
|
13
|
+
import { hasText, isNonEmptyArray } from '@adobe/spacecat-shared-utils';
|
|
14
14
|
import {
|
|
15
15
|
createLocalJWKSet,
|
|
16
16
|
createRemoteJWKSet,
|
|
17
17
|
decodeJwt,
|
|
18
18
|
jwtVerify,
|
|
19
19
|
} from 'jose';
|
|
20
|
-
|
|
21
20
|
import { getBearerToken } from './utils/bearer.js';
|
|
22
|
-
|
|
23
21
|
import AbstractHandler from './abstract.js';
|
|
24
22
|
import AuthInfo from '../auth-info.js';
|
|
25
23
|
|
|
@@ -37,6 +35,7 @@ const IGNORED_PROFILE_PROPS = [
|
|
|
37
35
|
'aa_id',
|
|
38
36
|
];
|
|
39
37
|
|
|
38
|
+
const SERVICE_CODE = 'dx_aem_perf';
|
|
40
39
|
const loadConfig = (context) => {
|
|
41
40
|
try {
|
|
42
41
|
const config = JSON.parse(context.env.AUTH_HANDLER_IMS);
|
|
@@ -57,6 +56,18 @@ const transformProfile = (payload) => {
|
|
|
57
56
|
return profile;
|
|
58
57
|
};
|
|
59
58
|
|
|
59
|
+
function getTenants(organizations) {
|
|
60
|
+
if (!isNonEmptyArray(organizations)) {
|
|
61
|
+
return [];
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
return organizations.map((org) => ({
|
|
65
|
+
id: org.orgRef.ident,
|
|
66
|
+
name: org.orgName,
|
|
67
|
+
subServices: [`${SERVICE_CODE}_auto_suggest`, `${SERVICE_CODE}_auto_fix`],
|
|
68
|
+
}));
|
|
69
|
+
}
|
|
70
|
+
|
|
60
71
|
/**
|
|
61
72
|
* @deprecated Use JwtHandler instead in the context of IMS login with subsequent JWT exchange.
|
|
62
73
|
*/
|
|
@@ -115,16 +126,33 @@ export default class AdobeImsHandler extends AbstractHandler {
|
|
|
115
126
|
return null;
|
|
116
127
|
}
|
|
117
128
|
|
|
129
|
+
if (!context.imsClient) {
|
|
130
|
+
this.log('No IMS client available in context', 'error');
|
|
131
|
+
return null;
|
|
132
|
+
}
|
|
133
|
+
|
|
118
134
|
try {
|
|
119
135
|
const config = loadConfig(context);
|
|
120
136
|
const payload = await this.#validateToken(token, config);
|
|
137
|
+
const imsProfile = await context.imsClient.getImsUserProfile(token);
|
|
138
|
+
const scopes = [];
|
|
139
|
+
if (imsProfile.email?.toLowerCase().endsWith('@adobe.com')) {
|
|
140
|
+
scopes.push({ name: 'admin' });
|
|
141
|
+
} else {
|
|
142
|
+
// for non-adobe users, we need to get the organizations and create the tenants
|
|
143
|
+
const organizations = await context.imsClient.getImsUserOrganizations(token);
|
|
144
|
+
payload.tenants = getTenants(organizations) || [];
|
|
145
|
+
scopes.push(...payload.tenants.map(
|
|
146
|
+
(tenant) => ({ name: 'user', domains: [tenant.id], subScopes: tenant.subServices }),
|
|
147
|
+
));
|
|
148
|
+
}
|
|
121
149
|
const profile = transformProfile(payload);
|
|
122
150
|
|
|
123
151
|
return new AuthInfo()
|
|
124
152
|
.withType(this.name)
|
|
125
153
|
.withAuthenticated(true)
|
|
126
154
|
.withProfile(profile)
|
|
127
|
-
.withScopes(
|
|
155
|
+
.withScopes(scopes);
|
|
128
156
|
} catch (e) {
|
|
129
157
|
this.log(`Failed to validate token: ${e.message}`, 'error');
|
|
130
158
|
}
|