@backstage/plugin-auth-backend-module-bitbucket-provider 0.3.3-next.1 → 0.3.3-next.2

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @backstage/plugin-auth-backend-module-bitbucket-provider
 
+## 0.3.3-next.2
+
+### Patch Changes
+
+- 5cc1f7f: Introduce `dangerouslyAllowSignInWithoutUserInCatalog` auth resolver config.
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.6.3-next.2
+  - @backstage/backend-plugin-api@1.3.1-next.2
+
 ## 0.3.3-next.1
 
 ### Patch Changes

package/config.d.ts

@@ -30,12 +30,23 @@ export interface Config {
           additionalScopes?: string | string[];
           signIn?: {
             resolvers: Array<
-              | { resolver: 'userIdMatchingUserEntityAnnotation' }
+              | {
+                  resolver: 'userIdMatchingUserEntityAnnotation';
+                  dangerouslyAllowSignInWithoutUserInCatalog?: boolean;
+                }
+              | {
+                  resolver: 'usernameMatchingUserEntityAnnotation';
+                  dangerouslyAllowSignInWithoutUserInCatalog?: boolean;
+                }
               | {
                   resolver: 'emailLocalPartMatchingUserEntityName';
                   allowedDomains?: string[];
+                  dangerouslyAllowSignInWithoutUserInCatalog?: boolean;
+                }
+              | {
+                  resolver: 'emailMatchingUserEntityProfileEmail';
+                  dangerouslyAllowSignInWithoutUserInCatalog?: boolean;
                 }
-              | { resolver: 'emailMatchingUserEntityProfileEmail' }
             >;
           };
           sessionDuration?: HumanDuration | string;

package/dist/index.d.ts

@@ -17,11 +17,15 @@ declare namespace bitbucketSignInResolvers {
     /**
      * Looks up the user by matching their Bitbucket user ID with the `bitbucket.org/user-id` annotation.
      */
-    const userIdMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, unknown>;
+    const userIdMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, {
+        dangerouslyAllowSignInWithoutUserInCatalog?: boolean | undefined;
+    } | undefined>;
     /**
      * Looks up the user by matching their Bitbucket username with the `bitbucket.org/username` annotation.
      */
-    const usernameMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, unknown>;
+    const usernameMatchingUserEntityAnnotation: _backstage_plugin_auth_node.SignInResolverFactory<OAuthAuthenticatorResult<PassportProfile>, {
+        dangerouslyAllowSignInWithoutUserInCatalog?: boolean | undefined;
+    } | undefined>;
 }
 
 export { bitbucketAuthenticator, bitbucketSignInResolvers, authModuleBitbucketProvider as default };

package/dist/resolvers.cjs.js

@@ -1,29 +1,41 @@
 'use strict';
 
 var pluginAuthNode = require('@backstage/plugin-auth-node');
+var zod = require('zod');
 
 exports.bitbucketSignInResolvers = void 0;
 ((bitbucketSignInResolvers2) => {
   bitbucketSignInResolvers2.userIdMatchingUserEntityAnnotation = pluginAuthNode.createSignInResolverFactory(
     {
-      create() {
+      optionsSchema: zod.z.object({
+        dangerouslyAllowSignInWithoutUserInCatalog: zod.z.boolean().optional()
+      }).optional(),
+      create(options = {}) {
         return async (info, ctx) => {
           const { result } = info;
           const id = result.fullProfile.id;
           if (!id) {
             throw new Error("Bitbucket user profile does not contain an ID");
           }
-          return ctx.signInWithCatalogUser({
-            annotations: {
-              "bitbucket.org/user-id": id
+          return ctx.signInWithCatalogUser(
+            {
+              annotations: {
+                "bitbucket.org/user-id": id
+              }
+            },
+            {
+              dangerousEntityRefFallback: options?.dangerouslyAllowSignInWithoutUserInCatalog ? { entityRef: { name: id } } : void 0
             }
-          });
+          );
         };
       }
     }
   );
   bitbucketSignInResolvers2.usernameMatchingUserEntityAnnotation = pluginAuthNode.createSignInResolverFactory({
-    create() {
+    optionsSchema: zod.z.object({
+      dangerouslyAllowSignInWithoutUserInCatalog: zod.z.boolean().optional()
+    }).optional(),
+    create(options = {}) {
       return async (info, ctx) => {
         const { result } = info;
         const username = result.fullProfile.username;
@@ -32,11 +44,16 @@ exports.bitbucketSignInResolvers = void 0;
             "Bitbucket user profile does not contain a Username"
           );
         }
-        return ctx.signInWithCatalogUser({
-          annotations: {
-            "bitbucket.org/username": username
+        return ctx.signInWithCatalogUser(
+          {
+            annotations: {
+              "bitbucket.org/username": username
+            }
+          },
+          {
+            dangerousEntityRefFallback: options?.dangerouslyAllowSignInWithoutUserInCatalog ? { entityRef: { name: username } } : void 0
           }
-        });
+        );
       };
     }
   });

package/dist/resolvers.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\n\n/**\n * Available sign-in resolvers for the Bitbucket auth provider.\n *\n * @public\n */\nexport namespace bitbucketSignInResolvers {\n  /**\n   * Looks up the user by matching their Bitbucket user ID with the `bitbucket.org/user-id` annotation.\n   */\n  export const userIdMatchingUserEntityAnnotation = createSignInResolverFactory(\n    {\n      create() {\n        return async (\n          info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n          ctx,\n        ) => {\n          const { result } = info;\n\n          const id = result.fullProfile.id;\n          if (!id) {\n            throw new Error('Bitbucket user profile does not contain an ID');\n          }\n\n          return ctx.signInWithCatalogUser({\n            annotations: {\n              'bitbucket.org/user-id': id,\n            },\n          });\n        };\n      },\n    },\n  );\n\n  /**\n   * Looks up the user by matching their Bitbucket username with the `bitbucket.org/username` annotation.\n   */\n  export const usernameMatchingUserEntityAnnotation =\n    createSignInResolverFactory({\n      create() {\n        return async (\n          info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n          ctx,\n        ) => {\n          const { result } = info;\n\n          const username = result.fullProfile.username;\n          if (!username) {\n            throw new Error(\n              'Bitbucket user profile does not contain a Username',\n            );\n          }\n\n          return ctx.signInWithCatalogUser({\n            annotations: {\n              'bitbucket.org/username': username,\n            },\n          });\n        };\n      },\n    });\n}\n"],"names":["bitbucketSignInResolvers","createSignInResolverFactory"],"mappings":";;;;AA4BiBA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,0BAAA,kCAAqC,GAAAC,0CAAA;AAAA,IAChD;AAAA,MACE,MAAS,GAAA;AACP,QAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,UAAM,MAAA,EAAE,QAAW,GAAA,IAAA;AAEnB,UAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,EAAA;AAC9B,UAAA,IAAI,CAAC,EAAI,EAAA;AACP,YAAM,MAAA,IAAI,MAAM,+CAA+C,CAAA;AAAA;AAGjE,UAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,YAC/B,WAAa,EAAA;AAAA,cACX,uBAAyB,EAAA;AAAA;AAC3B,WACD,CAAA;AAAA,SACH;AAAA;AACF;AACF,GACF;AAKO,EAAMD,yBAAAA,CAAA,uCACXC,0CAA4B,CAAA;AAAA,IAC1B,MAAS,GAAA;AACP,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,QAAW,GAAA,IAAA;AAEnB,QAAM,MAAA,QAAA,GAAW,OAAO,WAAY,CAAA,QAAA;AACpC,QAAA,IAAI,CAAC,QAAU,EAAA;AACb,UAAA,MAAM,IAAI,KAAA;AAAA,YACR;AAAA,WACF;AAAA;AAGF,QAAA,OAAO,IAAI,qBAAsB,CAAA;AAAA,UAC/B,WAAa,EAAA;AAAA,YACX,wBAA0B,EAAA;AAAA;AAC5B,SACD,CAAA;AAAA,OACH;AAAA;AACF,GACD,CAAA;AAAA,CAtDY,EAAAD,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;"}
+{"version":3,"file":"resolvers.cjs.js","sources":["../src/resolvers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  createSignInResolverFactory,\n  OAuthAuthenticatorResult,\n  PassportProfile,\n  SignInInfo,\n} from '@backstage/plugin-auth-node';\nimport { z } from 'zod';\n\n/**\n * Available sign-in resolvers for the Bitbucket auth provider.\n *\n * @public\n */\nexport namespace bitbucketSignInResolvers {\n  /**\n   * Looks up the user by matching their Bitbucket user ID with the `bitbucket.org/user-id` annotation.\n   */\n  export const userIdMatchingUserEntityAnnotation = createSignInResolverFactory(\n    {\n      optionsSchema: z\n        .object({\n          dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n        })\n        .optional(),\n      create(options = {}) {\n        return async (\n          info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n          ctx,\n        ) => {\n          const { result } = info;\n\n          const id = result.fullProfile.id;\n          if (!id) {\n            throw new Error('Bitbucket user profile does not contain an ID');\n          }\n\n          return ctx.signInWithCatalogUser(\n            {\n              annotations: {\n                'bitbucket.org/user-id': id,\n              },\n            },\n            {\n              dangerousEntityRefFallback:\n                options?.dangerouslyAllowSignInWithoutUserInCatalog\n                  ? { entityRef: { name: id } }\n                  : undefined,\n            },\n          );\n        };\n      },\n    },\n  );\n\n  /**\n   * Looks up the user by matching their Bitbucket username with the `bitbucket.org/username` annotation.\n   */\n  export const usernameMatchingUserEntityAnnotation =\n    createSignInResolverFactory({\n      optionsSchema: z\n        .object({\n          dangerouslyAllowSignInWithoutUserInCatalog: z.boolean().optional(),\n        })\n        .optional(),\n      create(options = {}) {\n        return async (\n          info: SignInInfo<OAuthAuthenticatorResult<PassportProfile>>,\n          ctx,\n        ) => {\n          const { result } = info;\n\n          const username = result.fullProfile.username;\n          if (!username) {\n            throw new Error(\n              'Bitbucket user profile does not contain a Username',\n            );\n          }\n\n          return ctx.signInWithCatalogUser(\n            {\n              annotations: {\n                'bitbucket.org/username': username,\n              },\n            },\n            {\n              dangerousEntityRefFallback:\n                options?.dangerouslyAllowSignInWithoutUserInCatalog\n                  ? { entityRef: { name: username } }\n                  : undefined,\n            },\n          );\n        };\n      },\n    });\n}\n"],"names":["bitbucketSignInResolvers","createSignInResolverFactory","z"],"mappings":";;;;;AA6BiBA;AAAA,CAAV,CAAUA,yBAAV,KAAA;AAIE,EAAMA,0BAAA,kCAAqC,GAAAC,0CAAA;AAAA,IAChD;AAAA,MACE,aAAA,EAAeC,MACZ,MAAO,CAAA;AAAA,QACN,0CAA4C,EAAAA,KAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,OAClE,EACA,QAAS,EAAA;AAAA,MACZ,MAAA,CAAO,OAAU,GAAA,EAAI,EAAA;AACnB,QAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,UAAM,MAAA,EAAE,QAAW,GAAA,IAAA;AAEnB,UAAM,MAAA,EAAA,GAAK,OAAO,WAAY,CAAA,EAAA;AAC9B,UAAA,IAAI,CAAC,EAAI,EAAA;AACP,YAAM,MAAA,IAAI,MAAM,+CAA+C,CAAA;AAAA;AAGjE,UAAA,OAAO,GAAI,CAAA,qBAAA;AAAA,YACT;AAAA,cACE,WAAa,EAAA;AAAA,gBACX,uBAAyB,EAAA;AAAA;AAC3B,aACF;AAAA,YACA;AAAA,cACE,0BAAA,EACE,SAAS,0CACL,GAAA,EAAE,WAAW,EAAE,IAAA,EAAM,EAAG,EAAA,EACxB,GAAA,KAAA;AAAA;AACR,WACF;AAAA,SACF;AAAA;AACF;AACF,GACF;AAKO,EAAMF,yBAAAA,CAAA,uCACXC,0CAA4B,CAAA;AAAA,IAC1B,aAAA,EAAeC,MACZ,MAAO,CAAA;AAAA,MACN,0CAA4C,EAAAA,KAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,KAClE,EACA,QAAS,EAAA;AAAA,IACZ,MAAA,CAAO,OAAU,GAAA,EAAI,EAAA;AACnB,MAAO,OAAA,OACL,MACA,GACG,KAAA;AACH,QAAM,MAAA,EAAE,QAAW,GAAA,IAAA;AAEnB,QAAM,MAAA,QAAA,GAAW,OAAO,WAAY,CAAA,QAAA;AACpC,QAAA,IAAI,CAAC,QAAU,EAAA;AACb,UAAA,MAAM,IAAI,KAAA;AAAA,YACR;AAAA,WACF;AAAA;AAGF,QAAA,OAAO,GAAI,CAAA,qBAAA;AAAA,UACT;AAAA,YACE,WAAa,EAAA;AAAA,cACX,wBAA0B,EAAA;AAAA;AAC5B,WACF;AAAA,UACA;AAAA,YACE,0BAAA,EACE,SAAS,0CACL,GAAA,EAAE,WAAW,EAAE,IAAA,EAAM,QAAS,EAAA,EAC9B,GAAA,KAAA;AAAA;AACR,SACF;AAAA,OACF;AAAA;AACF,GACD,CAAA;AAAA,CAhFY,EAAAF,gCAAA,KAAAA,gCAAA,GAAA,EAAA,CAAA,CAAA;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-bitbucket-provider",
-  "version": "0.3.3-next.1",
+  "version": "0.3.3-next.2",
   "description": "The bitbucket-provider backend module for the auth plugin.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -37,17 +37,18 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-plugin-api": "1.3.1-next.1",
-    "@backstage/plugin-auth-node": "0.6.3-next.1",
+    "@backstage/backend-plugin-api": "1.3.1-next.2",
+    "@backstage/plugin-auth-node": "0.6.3-next.2",
     "express": "^4.18.2",
     "passport": "^0.7.0",
-    "passport-bitbucket-oauth2": "^0.1.2"
+    "passport-bitbucket-oauth2": "^0.1.2",
+    "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "0.10.0-next.1",
-    "@backstage/backend-test-utils": "1.5.0-next.1",
-    "@backstage/cli": "0.32.1-next.1",
-    "@backstage/plugin-auth-backend": "0.25.0-next.1",
+    "@backstage/backend-defaults": "0.10.0-next.3",
+    "@backstage/backend-test-utils": "1.5.0-next.3",
+    "@backstage/cli": "0.32.1-next.3",
+    "@backstage/plugin-auth-backend": "0.25.0-next.2",
     "@backstage/types": "1.2.1",
     "supertest": "^7.0.0"
   },