@axa-fr/oidc-client-service-worker 6.25.2-alpha949

package/src/utils/__tests__/serializeHeaders.spec.ts

@@ -0,0 +1,12 @@
+import { describe, expect, it } from 'vitest';
+
+import { serializeHeaders } from '..';
+
+describe('serializeHeaders', () => {
+  it('can serialize basic header', () => {
+    const result = serializeHeaders(
+      new Headers({ 'Content-Type': 'application/json' }),
+    ); // Error: Argument of type 'Headers' is not assignable to parameter of type 'Headers'.(2345
+    expect(result).toEqual({ 'content-type': 'application/json' });
+  });
+});

package/src/utils/__tests__/strings.spec.ts

@@ -0,0 +1,10 @@
+import { describe, expect, it } from 'vitest';
+
+import { countLetter } from '..';
+
+describe('strings', () => {
+  it('can count instance of char', () => {
+    const result = countLetter('token.type.z', '.');
+    expect(result).toBe(2);
+  });
+});

package/src/utils/__tests__/testHelper.ts

@@ -0,0 +1,346 @@
+import { vi } from 'vitest';
+
+import {
+  AccessTokenPayload,
+  IdTokenPayload,
+  Nonce,
+  OidcConfig,
+  OidcConfiguration,
+  OidcServerConfiguration,
+  Status,
+  Tokens,
+} from '../../types';
+
+const currentTimeUnixSeconds = (): number => {
+  return new Date().getTime() / 1000;
+};
+
+const createToken = (expires: number, issued_at: number): Tokens => {
+  return {
+    expiresAt: expires,
+    issued_at,
+    expires_in: 60,
+    id_token: null,
+    accessTokenPayload: null,
+    access_token: '',
+    idTokenPayload: { iss: '', exp: 0, iat: 0, nonce: null },
+  };
+};
+
+class TokenBuilder {
+  private tokens: Tokens = {
+    expiresAt: 0,
+    issued_at: 0,
+    expires_in: 0,
+    id_token: null,
+    accessTokenPayload: null,
+    access_token: '',
+    idTokenPayload: { iss: '', exp: 0, iat: 0, nonce: null },
+  };
+
+  public withExpiredToken(): TokenBuilder {
+    this.withExpiresIn(currentTimeUnixSeconds() - 10);
+    this.withIssuedAt(currentTimeUnixSeconds() - 60);
+    return this;
+  }
+
+  public WithNonExpiredToken(): TokenBuilder {
+    this.withExpiresAt(currentTimeUnixSeconds() + 60);
+    this.withExpiresIn(currentTimeUnixSeconds() + 60);
+    this.withIssuedAt(currentTimeUnixSeconds() - 60);
+    return this;
+  }
+
+  public withExpiresAt(expiresAt: number): TokenBuilder {
+    this.tokens.expiresAt = expiresAt;
+    return this;
+  }
+
+  public withIssuedAt(issued_at: number): TokenBuilder {
+    this.tokens.issued_at = issued_at;
+    return this;
+  }
+
+  public withExpiresIn(expires_in: number): TokenBuilder {
+    this.tokens.expires_in = expires_in;
+    return this;
+  }
+
+  public withIdToken(id_token: string): TokenBuilder {
+    this.tokens.id_token = id_token;
+    return this;
+  }
+
+  public withAccessTokenPayload(
+    accessTokenPayload: AccessTokenPayload,
+  ): TokenBuilder {
+    this.tokens.accessTokenPayload = accessTokenPayload;
+    return this;
+  }
+
+  public withAccessToken(access_token: string): TokenBuilder {
+    this.tokens.access_token = access_token;
+    return this;
+  }
+
+  public withIdTokenPayload(idTokenPayload: IdTokenPayload): TokenBuilder {
+    this.tokens.idTokenPayload = idTokenPayload;
+    return this;
+  }
+
+  public build(): Tokens {
+    return this.tokens;
+  }
+}
+
+class OidcConfigurationBuilder {
+  private oidcConfiguration: OidcConfiguration = {
+    token_renew_mode: 'offline',
+    service_worker_convert_all_requests_to_cors: true,
+  };
+
+  public withTokenRenewMode(
+    token_renew_mode: string,
+  ): OidcConfigurationBuilder {
+    this.oidcConfiguration.token_renew_mode = token_renew_mode;
+    return this;
+  }
+
+  public withServiceWorkerConvertAllRequestsToCors(
+    service_worker_convert_all_requests_to_cors: boolean,
+  ): OidcConfigurationBuilder {
+    this.oidcConfiguration.service_worker_convert_all_requests_to_cors =
+      service_worker_convert_all_requests_to_cors;
+    return this;
+  }
+
+  public build(): OidcConfiguration {
+    return this.oidcConfiguration;
+  }
+}
+
+class OidcConfigBuilder {
+  private oidcConfig: OidcConfig = {
+    configurationName: '',
+    tokens: null,
+    status: 'NOT_CONNECTED',
+    state: '',
+    codeVerifier: '',
+    nonce: null,
+    oidcServerConfiguration: null,
+    oidcConfiguration: undefined,
+    sessionState: null,
+    items: undefined,
+    hideAccessToken: true,
+  };
+
+  public withTestingDefault(): OidcConfigBuilder {
+    this.oidcConfig.configurationName = 'test';
+    this.oidcConfig.tokens = new TokenBuilder().WithNonExpiredToken().build();
+    this.oidcConfig.status = 'NOT_CONNECTED';
+    this.oidcConfig.state = 'state';
+    this.oidcConfig.codeVerifier = 'codeVerifier';
+    this.oidcConfig.nonce = null;
+    this.oidcConfig.oidcConfiguration = new OidcConfigurationBuilder().build();
+    this.oidcConfig.oidcServerConfiguration = new OidcServerConfigBuilder()
+      .withTestingDefault()
+      .build();
+    this.oidcConfig.sessionState = null;
+    this.oidcConfig.items = undefined;
+    this.oidcConfig.hideAccessToken = true;
+    return this;
+  }
+
+  public withHideAccessToken(hideAccessToken: boolean): OidcConfigBuilder {
+    this.oidcConfig.hideAccessToken = hideAccessToken;
+    return this;
+  }
+
+  public withConfigurationName(configurationName: string): OidcConfigBuilder {
+    this.oidcConfig.configurationName = configurationName;
+    return this;
+  }
+
+  public withTokens(tokens: Tokens): OidcConfigBuilder {
+    this.oidcConfig.tokens = tokens;
+    return this;
+  }
+
+  public withStatus(status: Status): OidcConfigBuilder {
+    this.oidcConfig.status = status;
+    return this;
+  }
+
+  public withState(state: string): OidcConfigBuilder {
+    this.oidcConfig.state = state;
+    return this;
+  }
+
+  public withCodeVerifier(codeVerifier: string): OidcConfigBuilder {
+    this.oidcConfig.codeVerifier = codeVerifier;
+    return this;
+  }
+
+  public withNonce(nonce: Nonce): OidcConfigBuilder {
+    this.oidcConfig.nonce = nonce;
+    return this;
+  }
+
+  public withOidcServerConfiguration(
+    oidcServerConfiguration: OidcServerConfiguration,
+  ): OidcConfigBuilder {
+    this.oidcConfig.oidcServerConfiguration = oidcServerConfiguration;
+    return this;
+  }
+
+  public build() {
+    return this.oidcConfig;
+  }
+}
+
+class OidcServerConfigBuilder {
+  private oidcServerConfig: OidcServerConfiguration = {
+    revocationEndpoint: '',
+    issuer: '',
+    authorizationEndpoint: '',
+    tokenEndpoint: '',
+    userInfoEndpoint: '',
+  };
+
+  public withTestingDefault(): OidcServerConfigBuilder {
+    this.oidcServerConfig.revocationEndpoint =
+      'http://localhost:3000/revocation';
+    this.oidcServerConfig.issuer = 'http://localhost:3000';
+    this.oidcServerConfig.authorizationEndpoint =
+      'http://localhost:3000/authorization';
+    this.oidcServerConfig.tokenEndpoint = 'http://localhost:3000/token';
+    this.oidcServerConfig.userInfoEndpoint = 'http://localhost:3000/userinfo';
+    return this;
+  }
+
+  public withRevocationEndpoint(
+    revocationEndpoint: string,
+  ): OidcServerConfigBuilder {
+    this.oidcServerConfig.revocationEndpoint = revocationEndpoint;
+    return this;
+  }
+
+  public withIssuer(issuer: string): OidcServerConfigBuilder {
+    this.oidcServerConfig.issuer = issuer;
+    return this;
+  }
+
+  public withAuthorizationEndpoint(
+    authorizationEndpoint: string,
+  ): OidcServerConfigBuilder {
+    this.oidcServerConfig.authorizationEndpoint = authorizationEndpoint;
+    return this;
+  }
+
+  public withTokenEndpoint(tokenEndpoint: string): OidcServerConfigBuilder {
+    this.oidcServerConfig.tokenEndpoint = tokenEndpoint;
+    return this;
+  }
+
+  public withUserInfoEndpoint(
+    userInfoEndpoint: string,
+  ): OidcServerConfigBuilder {
+    this.oidcServerConfig.userInfoEndpoint = userInfoEndpoint;
+    return this;
+  }
+
+  public build(): OidcServerConfiguration {
+    return this.oidcServerConfig;
+  }
+}
+
+interface TestingResponse extends Response {
+  bodyContent?: any;
+}
+
+class ResponseBuilder {
+  private response: any = {
+    status: 200,
+    body: '',
+    headers: {},
+    bodyContent: { issued_at: 343434 },
+  };
+
+  public withStatus(status: number): ResponseBuilder {
+    this.response.status = status;
+    return this;
+  }
+
+  public withBody(body: string): ResponseBuilder {
+    this.response.body = body;
+    return this;
+  }
+
+  public withHeaders(headers: Headers): ResponseBuilder {
+    this.response.headers = headers;
+    return this;
+  }
+
+  /**
+   * Custom property for Testing setup
+   * @param body
+   * @returns
+   */
+  public withBodyContent(body: any): ResponseBuilder {
+    this.response.bodyContent = body;
+    return this;
+  }
+
+  public build(): TestingResponse {
+    return {
+      ...{
+        status: 200,
+        headers: {
+          append: vi.fn(),
+          delete: vi.fn(),
+          forEach: vi.fn(),
+          get: vi.fn(),
+          has: vi.fn(),
+          set: vi.fn(),
+        },
+        ok: true,
+        redirected: false,
+        statusText: '',
+        type: 'basic',
+        url: '',
+        clone: function (): Response {
+          throw new Error('Function not implemented.');
+        },
+        body: null,
+        bodyUsed: false,
+        arrayBuffer: function (): Promise<ArrayBuffer> {
+          throw new Error('Function not implemented.');
+        },
+        blob: function (): Promise<Blob> {
+          throw new Error('Function not implemented.');
+        },
+        formData: function (): Promise<FormData> {
+          throw new Error('Function not implemented.');
+        },
+        json: function (): Promise<any> {
+          return new Promise<any>((resolve) => {
+            resolve(this.bodyContent);
+          });
+        },
+        text: function (): Promise<string> {
+          throw new Error('Function not implemented.');
+        },
+      },
+      ...this.response,
+    } as TestingResponse;
+  }
+}
+
+export {
+  createToken,
+  currentTimeUnixSeconds,
+  OidcConfigBuilder,
+  OidcServerConfigBuilder,
+  ResponseBuilder,
+  TokenBuilder,
+};

package/src/utils/__tests__/tokens.spec.ts

@@ -0,0 +1,90 @@
+import { beforeEach, describe, expect, it } from 'vitest';
+
+import { OidcServerConfiguration } from '../../types';
+import { _hideTokens, extractTokenPayload, isTokensOidcValid, isTokensValid } from '..';
+import { OidcConfigBuilder, OidcServerConfigBuilder, TokenBuilder } from './testHelper';
+
+describe('tokens', () => {
+  let oidcServerConfig: OidcServerConfiguration;
+
+  beforeEach(() => {
+    oidcServerConfig = new OidcServerConfigBuilder()
+      .withTestingDefault()
+      .build();
+  });
+
+  describe('isTokensValid', () => {
+    it('can check expired token', () => {
+      expect(
+        isTokensValid(new TokenBuilder().withExpiredToken().build()),
+      ).toBeFalsy();
+    });
+
+    it('can check non-expired token', () => {
+      const token = new TokenBuilder().WithNonExpiredToken().build();
+      expect(isTokensValid(token)).toBeTruthy();
+    });
+
+    it('can check null token', () => {
+      expect(isTokensValid(null)).toBeFalsy();
+    });
+  });
+
+  describe('extractTokenPayload', () => {
+    it('can extract token payload', () => {
+      const result = extractTokenPayload(
+        'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c',
+      );
+      expect(result).toEqual({
+        sub: '1234567890',
+        name: 'John Doe',
+        iat: 1516239022,
+      });
+    });
+    it('returns null if undefined', () => {
+      expect(extractTokenPayload(undefined)).toBeNull();
+    });
+
+    it('returns null if invalid token', () => {
+      expect(extractTokenPayload('invalid token')).toBeNull();
+    });
+  });
+
+  describe('isTokensOidcValid', () => {
+    it('can validate valid token', () => {
+      const token = new TokenBuilder()
+        .WithNonExpiredToken()
+        .withIdTokenPayload({
+          iss: oidcServerConfig.issuer,
+          exp: 0,
+          iat: 0,
+          nonce: null,
+        })
+        .build();
+      const result = isTokensOidcValid(token, null, oidcServerConfig);
+      expect(result.isValid).toBeTruthy();
+      expect(result.reason).toBe('');
+    });
+  });
+
+  describe('_hideTokens', () => {
+    it.each([
+      { hideAccessToken: true, expectedAccessToken: 'ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER_test' },
+      { hideAccessToken: false, expectedAccessToken: 'test_access_token' },
+    ])('accesstoken will be hide $hideAccessToken result should be $expectedAccessToken', ({ hideAccessToken, expectedAccessToken }) => {
+      const token = new TokenBuilder()
+          .withIdTokenPayload({
+            iss: oidcServerConfig.issuer,
+            exp: 0,
+            iat: 0,
+            nonce: null,
+          })
+          .WithNonExpiredToken()
+          .withAccessToken('test_access_token')
+          .build();
+      const oidcConfiguration = new OidcConfigBuilder().withTestingDefault().withHideAccessToken(hideAccessToken).build();
+      const secureTokens = _hideTokens(token, oidcConfiguration, 'test');
+      expect(secureTokens.access_token).toBe(expectedAccessToken);
+    });
+  });
+});

package/src/utils/codeVerifier.ts

@@ -0,0 +1,4 @@
+export function replaceCodeVerifier(codeVerifier:string, newCodeVerifier:string):string {
+    const regex = /code_verifier=[A-Za-z0-9_-]+/i;
+    return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);
+}

package/src/utils/domains.ts

@@ -0,0 +1,104 @@
+import {
+  acceptAnyDomainToken,
+  openidWellknownUrlEndWith,
+  scriptFilename,
+} from '../constants';
+import { Database, Domain, DomainDetails, OidcConfig, TrustedDomains } from '../types';
+
+function checkDomain(domains: Domain[], endpoint: string) {
+  if (!endpoint) {
+    return;
+  }
+
+  const domain = domains.find((domain) => {
+    let testable: RegExp;
+
+    if (typeof domain === 'string') {
+      testable = new RegExp(`^${domain}`);
+    } else {
+      testable = domain;
+    }
+
+    return testable.test?.(endpoint);
+  });
+  if (!domain) {
+    throw new Error(
+      'Domain ' +
+        endpoint +
+        ' is not trusted, please add domain in ' +
+        scriptFilename,
+    );
+  }
+}
+
+export const getDomains = (trustedDomain: Domain[] | DomainDetails, type: 'oidc' | 'accessToken') => {
+  if (Array.isArray(trustedDomain)) {
+    return trustedDomain;
+  }
+
+  return trustedDomain[`${type}Domains`] ?? trustedDomain.domains ?? [];
+};
+
+const getCurrentDatabaseDomain = (
+  database: Database,
+  url: string,
+  trustedDomains: TrustedDomains,
+) => {
+  if (url.endsWith(openidWellknownUrlEndWith)) {
+    return null;
+  }
+  for (const [key, currentDatabase] of Object.entries<OidcConfig>(database)) {
+    const oidcServerConfiguration = currentDatabase.oidcServerConfiguration;
+
+    if (!oidcServerConfiguration) {
+      continue;
+    }
+
+    if (
+      oidcServerConfiguration.tokenEndpoint &&
+      url === oidcServerConfiguration.tokenEndpoint
+    ) {
+      continue;
+    }
+    if (
+      oidcServerConfiguration.revocationEndpoint &&
+      url === oidcServerConfiguration.revocationEndpoint
+    ) {
+      continue;
+    }
+    const trustedDomain = trustedDomains == null ? [] : trustedDomains[key];
+
+    const domains = getDomains(trustedDomain, 'accessToken');
+    const domainsToSendTokens = oidcServerConfiguration.userInfoEndpoint
+      ? [oidcServerConfiguration.userInfoEndpoint, ...domains]
+      : [...domains];
+
+    let hasToSendToken = false;
+    if (domainsToSendTokens.find((f) => f === acceptAnyDomainToken)) {
+      hasToSendToken = true;
+    } else {
+      for (let i = 0; i < domainsToSendTokens.length; i++) {
+        let domain = domainsToSendTokens[i];
+
+        if (typeof domain === 'string') {
+          domain = new RegExp(`^${domain}`);
+        }
+
+        if (domain.test?.(url)) {
+          hasToSendToken = true;
+          break;
+        }
+      }
+    }
+
+    if (hasToSendToken) {
+      if (!currentDatabase.tokens) {
+        return null;
+      }
+      return currentDatabase;
+    }
+  }
+  return null;
+};
+
+export { checkDomain, getCurrentDatabaseDomain };

package/src/utils/index.ts

@@ -0,0 +1,5 @@
+export * from './domains';
+export * from './serializeHeaders';
+export * from './sleep';
+export * from './strings';
+export * from './tokens';

package/src/utils/serializeHeaders.ts

@@ -0,0 +1,12 @@
+import { FetchHeaders } from '../types';
+
+function serializeHeaders(headers: Headers) {
+  const headersObj: Record<string, string> = {};
+  for (const key of (headers as FetchHeaders).keys()) {
+    if (headers.has(key)) {
+      headersObj[key] = headers.get(key) as string;
+    }
+  }
+  return headersObj;
+}
+export { serializeHeaders };

package/src/utils/sleep.ts

@@ -0,0 +1,2 @@
+const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
+export { sleep };

package/src/utils/strings.ts

@@ -0,0 +1,9 @@
+/**
+ * Count occurances of letter in string
+ * @param str
+ * @param find
+ * @returns
+ */
+export function countLetter(str: string, find: string) {
+  return str.split(find).length - 1;
+}