@axa-fr/react-oidc 6.15.8 → 6.16.0

package/service_worker/dist/utils/tokens.d.ts

@@ -0,0 +1,12 @@
+import { OidcConfig, OidcServerConfiguration, Tokens } from '../types';
+declare function b64DecodeUnicode(str: string): string;
+declare function computeTimeLeft(refreshTimeBeforeTokensExpirationInSecond: number, expiresAt: number): number;
+declare function isTokensValid(tokens: Tokens | null): boolean;
+declare const extractTokenPayload: (token?: string) => any;
+declare const isTokensOidcValid: (tokens: Tokens, nonce: string | null, oidcServerConfiguration: OidcServerConfiguration) => {
+    isValid: boolean;
+    reason: string;
+};
+declare function hideTokens(currentDatabaseElement: OidcConfig): (response: Response) => Response | Promise<Response>;
+export { b64DecodeUnicode, computeTimeLeft, isTokensValid, extractTokenPayload, isTokensOidcValid, hideTokens };
+//# sourceMappingURL=tokens.d.ts.map

package/service_worker/dist/utils/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../../utils/tokens.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAqB,uBAAuB,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAQ1F,iBAAS,gBAAgB,CAAC,GAAG,EAAE,MAAM,UASpC;AAED,iBAAS,eAAe,CACtB,yCAAyC,EAAE,MAAM,EACjD,SAAS,EAAE,MAAM,UAQlB;AAED,iBAAS,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,WAK3C;AAED,QAAA,MAAM,mBAAmB,WAAY,MAAM,QAc1C,CAAC;AAIF,QAAA,MAAM,iBAAiB,WACb,MAAM,SACP,MAAM,GAAG,IAAI,2BACK,uBAAuB,KAC/C;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CA8BpC,CAAC;AAEF,iBAAS,UAAU,CAAC,sBAAsB,EAAE,UAAU,cAElC,QAAQ,kCA6F3B;AAED,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,UAAU,EACX,CAAC"}

package/service_worker/tsconfig.json

@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "strict": true,
+    "useDefineForClassFields": true,
+    "forceConsistentCasingInFileNames": true,
+    "composite": true,
+    "module": "ESNext",
+    "target": "ESNext",
+    "moduleResolution": "Node",
+    "sourceMap": true,
+    "declarationMap": true,
+    "outDir": "../dist",
+    // From https://joshuatz.com/posts/2021/strongly-typed-service-workers/
+    "lib": ["webworker", "ESNext"],
+    "resolveJsonModule": true,
+    "esModuleInterop": true,
+    "noEmit": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noImplicitReturns": true,
+    "skipLibCheck": true,
+    "types": [] // Don't include the default node types or will get conflicts.
+  },
+  "include": ["./**/*.ts"],
+  "exclude": ["node_modules", "dist", "build", "coverage", "scripts"]
+}

package/service_worker/types.ts

@@ -0,0 +1,93 @@
+export type Domain = string | RegExp;
+
+export type TrustedDomains = {
+    [key: string]: Domain[]
+}
+export type OidcServerConfiguration = {
+    revocationEndpoint: string;
+    issuer: string;
+    authorizationEndpoint: string;
+    tokenEndpoint: string;
+    userInfoEndpoint: string;
+}
+
+export type OidcConfiguration = {
+    token_renew_mode: string;
+    service_worker_convert_all_requests_to_cors: boolean;
+}
+
+
+// Uncertain why the Headers interface in lib.webworker.d.ts does not have a keys() function, so extending
+export interface FetchHeaders extends Headers {
+    keys(): string[];
+}
+
+export type Status = 'LOGGED' | 'LOGGED_IN' | 'LOGGED_OUT' | 'NOT_CONNECTED' | 'LOGOUT_FROM_ANOTHER_TAB' | 'SESSION_LOST' | 'REQUIRE_SYNC_TOKENS' | 'FORCE_REFRESH' | null;
+export type MessageEventType = 'clear' | 'init' | 'setState' | 'getState' | 'setCodeVerifier' | 'getCodeVerifier' | 'setSessionState' | 'getSessionState' | 'setNonce';
+
+export type MessageData = {
+    status: Status;
+    oidcServerConfiguration: OidcServerConfiguration;
+    oidcConfiguration: OidcConfiguration;
+    where: string;
+    state: string;
+    codeVerifier: string;
+    sessionState: string;
+    nonce: Nonce;
+}
+
+export type MessageEventData = {
+    configurationName: string;
+    type: MessageEventType;
+    data: MessageData;
+}
+
+export type Nonce = {
+    nonce: string;
+} | null;
+
+export type OidcConfig = {
+    configurationName: string;
+    tokens: Tokens | null;
+    status: Status;
+    state: string | null;
+    codeVerifier: string | null;
+    nonce: Nonce;
+    oidcServerConfiguration: OidcServerConfiguration | null;
+    oidcConfiguration?: OidcConfiguration;
+    sessionState?: string | null;
+    items?: MessageData;
+}
+
+export type IdTokenPayload = {
+    iss: string;
+    /**
+     * (Expiration Time) Claim
+     */
+    exp: number;
+    /**
+     * (Issued At) Claim
+     */
+    iat: number;
+    nonce: string | null;
+}
+
+export type AccessTokenPayload = {
+    exp: number;
+    sub: string;
+}
+
+export type Tokens = {
+    issued_at: number;
+    access_token: string;
+    accessTokenPayload: AccessTokenPayload | null;
+    id_token: null | string;
+    idTokenPayload: IdTokenPayload;
+    refresh_token?: string;
+    expiresAt: number;
+    expires_in: number;
+};
+
+export type Database = {
+    [key: string]: OidcConfig
+}

package/service_worker/utils/__tests__/domains.spec.ts

@@ -0,0 +1,63 @@
+import { TrustedDomains, Database } from './../../types';
+import { describe, it, expect } from 'vitest';
+import { checkDomain, getCurrentDatabaseDomain } from '..';
+import { openidWellknownUrlEndWith } from '../../constants';
+
+describe('domains', () => {
+  describe('can check domain matches', () => {
+    it('can check string domains and return void', () => {
+      const result = () =>
+        checkDomain(
+          ['https://securesite.com:3000'],
+          'https://securesite.com:3000'
+        );
+      expect(result()).toBeUndefined();
+    });
+
+    it('can check regExp domains and return void when valid', () => {
+      const result = () =>
+        checkDomain(
+          [/^https:\/\/securesite\.com/],
+          'https://securesite.com:3000'
+        );
+      expect(result()).toBeUndefined();
+    });
+
+    it('will throw error when domain is not trusted', () => {
+      const result = () =>
+        checkDomain(
+          ['https://notsecuresite.com'],
+          'https://securesite.com:3000'
+        );
+      expect(result).toThrowError();
+    });
+
+    it('will return void when endpoint is falsy', () => {
+      const result = () => checkDomain(['https://securesite.com:3000'], '');
+      expect(result()).toBeUndefined();
+    });
+  });
+  describe('getCurrentDatabaseDomain', () => {
+    it('will return null when url ends with openidWellknownUrlEndWith', () => {
+      const trustedDomains: TrustedDomains = {
+        default: [
+          'https://demo.duendesoftware.com',
+          'https://kdhttps.auth0.com',
+        ],
+      };
+      const db: Database = {
+        default: {
+          configurationName: 'config',
+          tokens: null,
+          status: 'NOT_CONNECTED',
+          state: null,
+          codeVerifier: null,
+          nonce: null,
+          oidcServerConfiguration: null,
+        },
+      };
+      const url = 'http://url' + openidWellknownUrlEndWith;
+      getCurrentDatabaseDomain(db, url, trustedDomains);
+    });
+  });
+});

package/service_worker/utils/__tests__/serializeHeaders.spec.ts

@@ -0,0 +1,11 @@
+import { describe, it, expect } from 'vitest';
+import { serializeHeaders } from '..';
+
+describe('serializeHeaders', () => {
+  it('can serialize basic header', () => {
+    const result = serializeHeaders(
+      new Headers({ 'Content-Type': 'application/json' })
+    ); // Error: Argument of type 'Headers' is not assignable to parameter of type 'Headers'.(2345
+    expect(result).toEqual({ 'content-type': 'application/json' });
+  });
+});

package/service_worker/utils/__tests__/strings.spec.ts

@@ -0,0 +1,9 @@
+import { describe, it, expect } from 'vitest';
+import { countLetter } from '..';
+
+describe('strings', () => {
+  it('can count instance of char', () => {
+    const result = countLetter('token.type.z', '.');
+    expect(result).toBe(2);
+  });
+});

package/service_worker/utils/__tests__/testHelper.ts

@@ -0,0 +1,346 @@
+import { vi } from 'vitest';
+import {
+  AccessTokenPayload,
+  IdTokenPayload,
+  Nonce,
+  OidcConfig,
+  OidcConfiguration,
+  OidcServerConfiguration,
+  Status,
+  Tokens,
+} from '../../types';
+
+const currentTimeUnixSeconds = (): number => {
+  return new Date().getTime() / 1000;
+};
+
+const createToken = (expires: number, issued_at: number): Tokens => {
+  return {
+    expiresAt: expires,
+    issued_at: issued_at,
+    expires_in: 60,
+    id_token: null,
+    accessTokenPayload: null,
+    access_token: '',
+    idTokenPayload: { iss: '', exp: 0, iat: 0, nonce: null },
+  };
+};
+
+class TokenBuilder {
+  private tokens: Tokens = {
+    expiresAt: 0,
+    issued_at: 0,
+    expires_in: 0,
+    id_token: null,
+    accessTokenPayload: null,
+    access_token: '',
+    idTokenPayload: { iss: '', exp: 0, iat: 0, nonce: null },
+  };
+
+  constructor() {}
+
+  public withExpiredToken(): TokenBuilder {
+    this.withExpiresIn(currentTimeUnixSeconds() - 10);
+    this.withIssuedAt(currentTimeUnixSeconds() - 60);
+    return this;
+  }
+  public WithNonExpiredToken(): TokenBuilder {
+    this.withExpiresAt(currentTimeUnixSeconds() + 60);
+    this.withExpiresIn(currentTimeUnixSeconds() + 60);
+    this.withIssuedAt(currentTimeUnixSeconds() - 60);
+    return this;
+  }
+
+  public withExpiresAt(expiresAt: number): TokenBuilder {
+    this.tokens.expiresAt = expiresAt;
+    return this;
+  }
+
+  public withIssuedAt(issued_at: number): TokenBuilder {
+    this.tokens.issued_at = issued_at;
+    return this;
+  }
+
+  public withExpiresIn(expires_in: number): TokenBuilder {
+    this.tokens.expires_in = expires_in;
+    return this;
+  }
+
+  public withIdToken(id_token: string): TokenBuilder {
+    this.tokens.id_token = id_token;
+    return this;
+  }
+
+  public withAccessTokenPayload(
+    accessTokenPayload: AccessTokenPayload
+  ): TokenBuilder {
+    this.tokens.accessTokenPayload = accessTokenPayload;
+    return this;
+  }
+
+  public withAccessToken(access_token: string): TokenBuilder {
+    this.tokens.access_token = access_token;
+    return this;
+  }
+
+  public withIdTokenPayload(idTokenPayload: IdTokenPayload): TokenBuilder {
+    this.tokens.idTokenPayload = idTokenPayload;
+    return this;
+  }
+
+  public build(): Tokens {
+    return this.tokens;
+  }
+}
+
+class OidcConfigurationBuilder {
+  private oidcConfiguration: OidcConfiguration = {
+    token_renew_mode: 'offline',
+    service_worker_convert_all_requests_to_cors: true,
+  };
+
+  constructor() {}
+
+  public withTokenRenewMode(
+    token_renew_mode: string
+  ): OidcConfigurationBuilder {
+    this.oidcConfiguration.token_renew_mode = token_renew_mode;
+    return this;
+  }
+
+  public withServiceWorkerConvertAllRequestsToCors(
+    service_worker_convert_all_requests_to_cors: boolean
+  ): OidcConfigurationBuilder {
+    this.oidcConfiguration.service_worker_convert_all_requests_to_cors =
+      service_worker_convert_all_requests_to_cors;
+    return this;
+  }
+
+  public build(): OidcConfiguration {
+    return this.oidcConfiguration;
+  }
+}
+
+class OidcConfigBuilder {
+  private oidcConfig: OidcConfig = {
+    configurationName: '',
+    tokens: null,
+    status: 'NOT_CONNECTED',
+    state: '',
+    codeVerifier: '',
+    nonce: null,
+    oidcServerConfiguration: null,
+    oidcConfiguration: undefined,
+    sessionState: null,
+    items: undefined,
+  };
+
+  constructor() {}
+
+  public withTestingDefault(): OidcConfigBuilder {
+    this.oidcConfig.configurationName = 'test';
+    this.oidcConfig.tokens = new TokenBuilder().WithNonExpiredToken().build();
+    this.oidcConfig.status = 'NOT_CONNECTED';
+    this.oidcConfig.state = 'state';
+    this.oidcConfig.codeVerifier = 'codeVerifier';
+    this.oidcConfig.nonce = null;
+    this.oidcConfig.oidcConfiguration = new OidcConfigurationBuilder().build();
+    this.oidcConfig.oidcServerConfiguration = new OidcServerConfigBuilder()
+      .withTestingDefault()
+      .build();
+    this.oidcConfig.sessionState = null;
+    this.oidcConfig.items = undefined;
+    return this;
+  }
+
+  public withConfigurationName(configurationName: string): OidcConfigBuilder {
+    this.oidcConfig.configurationName = configurationName;
+    return this;
+  }
+
+  public withTokens(tokens: Tokens): OidcConfigBuilder {
+    this.oidcConfig.tokens = tokens;
+    return this;
+  }
+
+  public withStatus(status: Status): OidcConfigBuilder {
+    this.oidcConfig.status = status;
+    return this;
+  }
+
+  public withState(state: string): OidcConfigBuilder {
+    this.oidcConfig.state = state;
+    return this;
+  }
+
+  public withCodeVerifier(codeVerifier: string): OidcConfigBuilder {
+    this.oidcConfig.codeVerifier = codeVerifier;
+    return this;
+  }
+
+  public withNonce(nonce: Nonce): OidcConfigBuilder {
+    this.oidcConfig.nonce = nonce;
+    return this;
+  }
+
+  public withOidcServerConfiguration(
+    oidcServerConfiguration: OidcServerConfiguration
+  ): OidcConfigBuilder {
+    this.oidcConfig.oidcServerConfiguration = oidcServerConfiguration;
+    return this;
+  }
+  public build() {
+    return this.oidcConfig;
+  }
+}
+
+class OidcServerConfigBuilder {
+  private oidcServerConfig: OidcServerConfiguration = {
+    revocationEndpoint: '',
+    issuer: '',
+    authorizationEndpoint: '',
+    tokenEndpoint: '',
+    userInfoEndpoint: '',
+  };
+
+  constructor() {}
+
+  public withTestingDefault(): OidcServerConfigBuilder {
+    this.oidcServerConfig.revocationEndpoint =
+      'http://localhost:3000/revocation';
+    this.oidcServerConfig.issuer = 'http://localhost:3000';
+    this.oidcServerConfig.authorizationEndpoint =
+      'http://localhost:3000/authorization';
+    this.oidcServerConfig.tokenEndpoint = 'http://localhost:3000/token';
+    this.oidcServerConfig.userInfoEndpoint = 'http://localhost:3000/userinfo';
+    return this;
+  }
+
+  public withRevocationEndpoint(
+    revocationEndpoint: string
+  ): OidcServerConfigBuilder {
+    this.oidcServerConfig.revocationEndpoint = revocationEndpoint;
+    return this;
+  }
+
+  public withIssuer(issuer: string): OidcServerConfigBuilder {
+    this.oidcServerConfig.issuer = issuer;
+    return this;
+  }
+
+  public withAuthorizationEndpoint(
+    authorizationEndpoint: string
+  ): OidcServerConfigBuilder {
+    this.oidcServerConfig.authorizationEndpoint = authorizationEndpoint;
+    return this;
+  }
+
+  public withTokenEndpoint(tokenEndpoint: string): OidcServerConfigBuilder {
+    this.oidcServerConfig.tokenEndpoint = tokenEndpoint;
+    return this;
+  }
+
+  public withUserInfoEndpoint(
+    userInfoEndpoint: string
+  ): OidcServerConfigBuilder {
+    this.oidcServerConfig.userInfoEndpoint = userInfoEndpoint;
+    return this;
+  }
+
+  public build(): OidcServerConfiguration {
+    return this.oidcServerConfig;
+  }
+}
+
+interface TestingResponse extends Response {
+  bodyContent?: any;
+}
+
+class ResponseBuilder {
+  private response: any = {
+    status: 200,
+    body: '',
+    headers: {},
+    bodyContent: { issued_at: 343434 },
+  };
+
+  constructor() {}
+
+  public withStatus(status: number): ResponseBuilder {
+    this.response.status = status;
+    return this;
+  }
+
+  public withBody(body: string): ResponseBuilder {
+    this.response.body = body;
+    return this;
+  }
+
+  public withHeaders(headers: Headers): ResponseBuilder {
+    this.response.headers = headers;
+    return this;
+  }
+
+  /**
+   * Custom property for Testing setup
+   * @param body
+   * @returns
+   */
+  public withBodyContent(body: any): ResponseBuilder {
+    this.response.bodyContent = body;
+    return this;
+  }
+
+  public build(): TestingResponse {
+    return {
+      ...{
+        status: 200,
+        headers: {
+          append: vi.fn(),
+          delete: vi.fn(),
+          forEach: vi.fn(),
+          get: vi.fn(),
+          has: vi.fn(),
+          set: vi.fn(),
+        },
+        ok: true,
+        redirected: false,
+        statusText: '',
+        type: 'basic',
+        url: '',
+        clone: function (): Response {
+          throw new Error('Function not implemented.');
+        },
+        body: null,
+        bodyUsed: false,
+        arrayBuffer: function (): Promise<ArrayBuffer> {
+          throw new Error('Function not implemented.');
+        },
+        blob: function (): Promise<Blob> {
+          throw new Error('Function not implemented.');
+        },
+        formData: function (): Promise<FormData> {
+          throw new Error('Function not implemented.');
+        },
+        json: function (): Promise<any> {
+          return new Promise<any>((resolve) => {
+            resolve(this.bodyContent);
+          });
+        },
+        text: function (): Promise<string> {
+          throw new Error('Function not implemented.');
+        },
+      },
+      ...this.response,
+    } as TestingResponse;
+  }
+}
+
+export {
+  currentTimeUnixSeconds,
+  createToken,
+  TokenBuilder,
+  OidcServerConfigBuilder,
+  OidcConfigBuilder,
+  ResponseBuilder,
+};

package/service_worker/utils/__tests__/tokens.spec.ts

@@ -0,0 +1,68 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { OidcServerConfiguration } from '../../types';
+import { extractTokenPayload, isTokensOidcValid, isTokensValid } from '..';
+import { OidcServerConfigBuilder, TokenBuilder } from './testHelper';
+
+describe('tokens', () => {
+  let oidcServerConfig: OidcServerConfiguration;
+
+  beforeEach(() => {
+    oidcServerConfig = new OidcServerConfigBuilder()
+      .withTestingDefault()
+      .build();
+  });
+
+  describe('isTokensValid', () => {
+    it('can check expired token', () => {
+      expect(
+        isTokensValid(new TokenBuilder().withExpiredToken().build())
+      ).toBeFalsy();
+    });
+
+    it('can check non-expired token', () => {
+      const token = new TokenBuilder().WithNonExpiredToken().build();
+      expect(isTokensValid(token)).toBeTruthy();
+    });
+
+    it('can check null token', () => {
+      expect(isTokensValid(null)).toBeFalsy();
+    });
+  });
+
+  describe('extractTokenPayload', () => {
+    it('can extract token payload', () => {
+      const result = extractTokenPayload(
+        'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
+      );
+      expect(result).toEqual({
+        sub: '1234567890',
+        name: 'John Doe',
+        iat: 1516239022,
+      });
+    });
+    it('returns null if undefined', () => {
+      expect(extractTokenPayload(undefined)).toBeNull();
+    });
+
+    it('returns null if invalid token', () => {
+      expect(extractTokenPayload('invalid token')).toBeNull();
+    });
+  });
+
+  describe('isTokensOidcValid', () => {
+    it('can validate valid token', () => {
+      const token = new TokenBuilder()
+        .WithNonExpiredToken()
+        .withIdTokenPayload({
+          iss: oidcServerConfig.issuer,
+          exp: 0,
+          iat: 0,
+          nonce: null,
+        })
+        .build();
+      const result = isTokensOidcValid(token, null, oidcServerConfig);
+      expect(result.isValid).toBeTruthy();
+      expect(result.reason).toBe('');
+    });
+  });
+});