@backstage/plugin-auth-backend-module-guest-provider 0.2.0-next.2 → 0.2.0

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @backstage/plugin-auth-backend-module-guest-provider
 
+## 0.2.0
+
+### Minor Changes
+
+- d425fc4: **BREAKING**: The return values from `createBackendPlugin`, `createBackendModule`, and `createServiceFactory` are now simply `BackendFeature` and `ServiceFactory`, instead of the previously deprecated form of a function that returns them. For this reason, `createServiceFactory` also no longer accepts the callback form where you provide direct options to the service. This also affects all `coreServices.*` service refs.
+
+  This may in particular affect tests; if you were effectively doing `createBackendModule({...})()` (note the parentheses), you can now remove those extra parentheses at the end. You may encounter cases of this in your `packages/backend/src/index.ts` too, where you add plugins, modules, and services. If you were using `createServiceFactory` with a function as its argument for the purpose of passing in options, this pattern has been deprecated for a while and is no longer supported. You may want to explore the new multiton patterns to achieve your goals, or moving settings to app-config.
+
+  As part of this change, the `IdentityFactoryOptions` type was removed, and can no longer be used to tweak that service. The identity service was also deprecated some time ago, and you will want to [migrate to the new auth system](https://backstage.io/docs/tutorials/auth-service-migration) if you still rely on it.
+
+### Patch Changes
+
+- 339c67d: This provider will now reject authentication attempts rather than halt backend startup when `dangerouslyAllowOutsideDevelopment` is not set in production.
+- Updated dependencies
+  - @backstage/backend-common@0.25.0
+  - @backstage/backend-plugin-api@1.0.0
+  - @backstage/plugin-auth-node@0.5.2
+  - @backstage/catalog-model@1.7.0
+  - @backstage/errors@1.2.4
+
 ## 0.2.0-next.2
 
 ### Patch Changes

package/dist/index.cjs.js

@@ -15,13 +15,14 @@ const guestAuthenticator = pluginAuthNode.createProxyAuthenticator({
     const allowOutsideDev = config.getOptionalBoolean(
       "dangerouslyAllowOutsideDevelopment"
     );
-    if (process.env.NODE_ENV !== "development" && allowOutsideDev !== true) {
-      throw new errors.NotImplementedError(
-        "The guest provider cannot be used outside of a development environment"
+    return process.env.NODE_ENV !== "development" && allowOutsideDev !== true;
+  },
+  async authenticate(_, disabled) {
+    if (disabled) {
+      throw new errors.NotAllowedError(
+        "The guest provider cannot be used outside of a development environment unless 'auth.providers.guest.dangerouslyAllowOutsideDevelopment' is enabled"
       );
     }
-  },
-  async authenticate() {
     return { result: {} };
   }
 });

package/dist/index.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs.js","sources":["../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { NotImplementedError } from '@backstage/errors';\n\nexport const guestAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async () => {\n    return { profile: {} };\n  },\n  initialize({ config }) {\n    const allowOutsideDev = config.getOptionalBoolean(\n      'dangerouslyAllowOutsideDevelopment',\n    );\n    if (process.env.NODE_ENV !== 'development' && allowOutsideDev !== true) {\n      throw new NotImplementedError(\n        'The guest provider cannot be used outside of a development environment',\n      );\n    }\n  },\n  async authenticate() {\n    return { result: {} };\n  },\n});\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { stringifyEntityRef } from '@backstage/catalog-model';\nimport type { Config } from '@backstage/config';\nimport { SignInResolver } from '@backstage/plugin-auth-node';\nimport { NotImplementedError } from '@backstage/errors';\n\n/**\n * Provide a default implementation of the user to resolve to. By default, this\n *  is `user:development/guest`. We will attempt to get that user if they're in the\n *  catalog. If that user doesn't exist in the catalog, we will still create a\n *  token for them so they can keep viewing.\n */\nexport const signInAsGuestUser: (config: Config) => SignInResolver<{}> =\n  (config: Config) => async (_, ctx) => {\n    if (\n      process.env.NODE_ENV !== 'development' &&\n      config.getOptionalBoolean('dangerouslyAllowOutsideDevelopment') !== true\n    ) {\n      throw new NotImplementedError(\n        'The guest provider is NOT recommended for use outside of a development environment. If you want to enable this, set `auth.providers.guest.dangerouslyAllowOutsideDevelopment: true` in your app config.',\n      );\n    }\n    const userRef =\n      config.getOptionalString('userEntityRef') ??\n      stringifyEntityRef({\n        kind: 'user',\n        namespace: 'development',\n        name: 'guest',\n      });\n    const ownershipRefs = config.getOptionalStringArray(\n      'ownershipEntityRefs',\n    ) ?? [userRef];\n    try {\n      return await ctx.signInWithCatalogUser({ entityRef: userRef });\n    } catch (err) {\n      // We can't guarantee that a guest user exists in the catalog, so we issue a token directly,\n      return ctx.issueToken({\n        claims: {\n          sub: userRef,\n          ent: ownershipRefs,\n        },\n      });\n    }\n  };\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  coreServices,\n  createBackendModule,\n} from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { guestAuthenticator } from './authenticator';\nimport { signInAsGuestUser } from './resolvers';\n\n/** @public */\nexport const authModuleGuestProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'guest-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n        config: coreServices.rootConfig,\n      },\n      async init({ providers, config }) {\n        providers.registerProvider({\n          providerId: 'guest',\n          factory: createProxyAuthProviderFactory({\n            authenticator: guestAuthenticator,\n            signInResolver: signInAsGuestUser(\n              config.getConfig('auth.providers.guest'),\n            ),\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createProxyAuthenticator","NotImplementedError","stringifyEntityRef","createBackendModule","authProvidersExtensionPoint","coreServices","createProxyAuthProviderFactory"],"mappings":";;;;;;;;;AAmBO,MAAM,qBAAqBA,uCAAyB,CAAA;AAAA,EACzD,yBAAyB,YAAY;AACnC,IAAO,OAAA,EAAE,OAAS,EAAA,EAAG,EAAA,CAAA;AAAA,GACvB;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAU,EAAA;AACrB,IAAA,MAAM,kBAAkB,MAAO,CAAA,kBAAA;AAAA,MAC7B,oCAAA;AAAA,KACF,CAAA;AACA,IAAA,IAAI,OAAQ,CAAA,GAAA,CAAI,QAAa,KAAA,aAAA,IAAiB,oBAAoB,IAAM,EAAA;AACtE,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,wEAAA;AAAA,OACF,CAAA;AAAA,KACF;AAAA,GACF;AAAA,EACA,MAAM,YAAe,GAAA;AACnB,IAAO,OAAA,EAAE,MAAQ,EAAA,EAAG,EAAA,CAAA;AAAA,GACtB;AACF,CAAC,CAAA;;ACTM,MAAM,iBACX,GAAA,CAAC,MAAmB,KAAA,OAAO,GAAG,GAAQ,KAAA;AACpC,EACE,IAAA,OAAA,CAAQ,IAAI,QAAa,KAAA,aAAA,IACzB,OAAO,kBAAmB,CAAA,oCAAoC,MAAM,IACpE,EAAA;AACA,IAAA,MAAM,IAAIA,0BAAA;AAAA,MACR,yMAAA;AAAA,KACF,CAAA;AAAA,GACF;AACA,EAAA,MAAM,OACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,eAAe,KACxCC,+BAAmB,CAAA;AAAA,IACjB,IAAM,EAAA,MAAA;AAAA,IACN,SAAW,EAAA,aAAA;AAAA,IACX,IAAM,EAAA,OAAA;AAAA,GACP,CAAA,CAAA;AACH,EAAA,MAAM,gBAAgB,MAAO,CAAA,sBAAA;AAAA,IAC3B,qBAAA;AAAA,GACF,IAAK,CAAC,OAAO,CAAA,CAAA;AACb,EAAI,IAAA;AACF,IAAA,OAAO,MAAM,GAAI,CAAA,qBAAA,CAAsB,EAAE,SAAA,EAAW,SAAS,CAAA,CAAA;AAAA,WACtD,GAAK,EAAA;AAEZ,IAAA,OAAO,IAAI,UAAW,CAAA;AAAA,MACpB,MAAQ,EAAA;AAAA,QACN,GAAK,EAAA,OAAA;AAAA,QACL,GAAK,EAAA,aAAA;AAAA,OACP;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAA;;AC/BK,MAAM,0BAA0BC,oCAAoB,CAAA;AAAA,EACzD,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,gBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,QACX,QAAQC,6BAAa,CAAA,UAAA;AAAA,OACvB;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAW,QAAU,EAAA;AAChC,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,OAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAA,kBAAA;AAAA,YACf,cAAgB,EAAA,iBAAA;AAAA,cACd,MAAA,CAAO,UAAU,sBAAsB,CAAA;AAAA,aACzC;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}
+{"version":3,"file":"index.cjs.js","sources":["../src/authenticator.ts","../src/resolvers.ts","../src/module.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createProxyAuthenticator } from '@backstage/plugin-auth-node';\nimport { NotAllowedError } from '@backstage/errors';\n\nexport const guestAuthenticator = createProxyAuthenticator({\n  defaultProfileTransform: async () => {\n    return { profile: {} };\n  },\n  initialize({ config }) {\n    const allowOutsideDev = config.getOptionalBoolean(\n      'dangerouslyAllowOutsideDevelopment',\n    );\n    return process.env.NODE_ENV !== 'development' && allowOutsideDev !== true;\n  },\n  async authenticate(_, disabled) {\n    if (disabled) {\n      throw new NotAllowedError(\n        \"The guest provider cannot be used outside of a development environment unless 'auth.providers.guest.dangerouslyAllowOutsideDevelopment' is enabled\",\n      );\n    }\n    return { result: {} };\n  },\n});\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { stringifyEntityRef } from '@backstage/catalog-model';\nimport type { Config } from '@backstage/config';\nimport { SignInResolver } from '@backstage/plugin-auth-node';\nimport { NotImplementedError } from '@backstage/errors';\n\n/**\n * Provide a default implementation of the user to resolve to. By default, this\n *  is `user:development/guest`. We will attempt to get that user if they're in the\n *  catalog. If that user doesn't exist in the catalog, we will still create a\n *  token for them so they can keep viewing.\n */\nexport const signInAsGuestUser: (config: Config) => SignInResolver<{}> =\n  (config: Config) => async (_, ctx) => {\n    if (\n      process.env.NODE_ENV !== 'development' &&\n      config.getOptionalBoolean('dangerouslyAllowOutsideDevelopment') !== true\n    ) {\n      throw new NotImplementedError(\n        'The guest provider is NOT recommended for use outside of a development environment. If you want to enable this, set `auth.providers.guest.dangerouslyAllowOutsideDevelopment: true` in your app config.',\n      );\n    }\n    const userRef =\n      config.getOptionalString('userEntityRef') ??\n      stringifyEntityRef({\n        kind: 'user',\n        namespace: 'development',\n        name: 'guest',\n      });\n    const ownershipRefs = config.getOptionalStringArray(\n      'ownershipEntityRefs',\n    ) ?? [userRef];\n    try {\n      return await ctx.signInWithCatalogUser({ entityRef: userRef });\n    } catch (err) {\n      // We can't guarantee that a guest user exists in the catalog, so we issue a token directly,\n      return ctx.issueToken({\n        claims: {\n          sub: userRef,\n          ent: ownershipRefs,\n        },\n      });\n    }\n  };\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  coreServices,\n  createBackendModule,\n} from '@backstage/backend-plugin-api';\nimport {\n  authProvidersExtensionPoint,\n  createProxyAuthProviderFactory,\n} from '@backstage/plugin-auth-node';\nimport { guestAuthenticator } from './authenticator';\nimport { signInAsGuestUser } from './resolvers';\n\n/** @public */\nexport const authModuleGuestProvider = createBackendModule({\n  pluginId: 'auth',\n  moduleId: 'guest-provider',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        providers: authProvidersExtensionPoint,\n        config: coreServices.rootConfig,\n      },\n      async init({ providers, config }) {\n        providers.registerProvider({\n          providerId: 'guest',\n          factory: createProxyAuthProviderFactory({\n            authenticator: guestAuthenticator,\n            signInResolver: signInAsGuestUser(\n              config.getConfig('auth.providers.guest'),\n            ),\n          }),\n        });\n      },\n    });\n  },\n});\n"],"names":["createProxyAuthenticator","NotAllowedError","NotImplementedError","stringifyEntityRef","createBackendModule","authProvidersExtensionPoint","coreServices","createProxyAuthProviderFactory"],"mappings":";;;;;;;;;AAmBO,MAAM,qBAAqBA,uCAAyB,CAAA;AAAA,EACzD,yBAAyB,YAAY;AACnC,IAAO,OAAA,EAAE,OAAS,EAAA,EAAG,EAAA,CAAA;AAAA,GACvB;AAAA,EACA,UAAA,CAAW,EAAE,MAAA,EAAU,EAAA;AACrB,IAAA,MAAM,kBAAkB,MAAO,CAAA,kBAAA;AAAA,MAC7B,oCAAA;AAAA,KACF,CAAA;AACA,IAAA,OAAO,OAAQ,CAAA,GAAA,CAAI,QAAa,KAAA,aAAA,IAAiB,eAAoB,KAAA,IAAA,CAAA;AAAA,GACvE;AAAA,EACA,MAAM,YAAa,CAAA,CAAA,EAAG,QAAU,EAAA;AAC9B,IAAA,IAAI,QAAU,EAAA;AACZ,MAAA,MAAM,IAAIC,sBAAA;AAAA,QACR,oJAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAO,OAAA,EAAE,MAAQ,EAAA,EAAG,EAAA,CAAA;AAAA,GACtB;AACF,CAAC,CAAA;;ACVM,MAAM,iBACX,GAAA,CAAC,MAAmB,KAAA,OAAO,GAAG,GAAQ,KAAA;AACpC,EACE,IAAA,OAAA,CAAQ,IAAI,QAAa,KAAA,aAAA,IACzB,OAAO,kBAAmB,CAAA,oCAAoC,MAAM,IACpE,EAAA;AACA,IAAA,MAAM,IAAIC,0BAAA;AAAA,MACR,yMAAA;AAAA,KACF,CAAA;AAAA,GACF;AACA,EAAA,MAAM,OACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,eAAe,KACxCC,+BAAmB,CAAA;AAAA,IACjB,IAAM,EAAA,MAAA;AAAA,IACN,SAAW,EAAA,aAAA;AAAA,IACX,IAAM,EAAA,OAAA;AAAA,GACP,CAAA,CAAA;AACH,EAAA,MAAM,gBAAgB,MAAO,CAAA,sBAAA;AAAA,IAC3B,qBAAA;AAAA,GACF,IAAK,CAAC,OAAO,CAAA,CAAA;AACb,EAAI,IAAA;AACF,IAAA,OAAO,MAAM,GAAI,CAAA,qBAAA,CAAsB,EAAE,SAAA,EAAW,SAAS,CAAA,CAAA;AAAA,WACtD,GAAK,EAAA;AAEZ,IAAA,OAAO,IAAI,UAAW,CAAA;AAAA,MACpB,MAAQ,EAAA;AAAA,QACN,GAAK,EAAA,OAAA;AAAA,QACL,GAAK,EAAA,aAAA;AAAA,OACP;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAA;;AC/BK,MAAM,0BAA0BC,oCAAoB,CAAA;AAAA,EACzD,QAAU,EAAA,MAAA;AAAA,EACV,QAAU,EAAA,gBAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,SAAW,EAAAC,0CAAA;AAAA,QACX,QAAQC,6BAAa,CAAA,UAAA;AAAA,OACvB;AAAA,MACA,MAAM,IAAA,CAAK,EAAE,SAAA,EAAW,QAAU,EAAA;AAChC,QAAA,SAAA,CAAU,gBAAiB,CAAA;AAAA,UACzB,UAAY,EAAA,OAAA;AAAA,UACZ,SAASC,6CAA+B,CAAA;AAAA,YACtC,aAAe,EAAA,kBAAA;AAAA,YACf,cAAgB,EAAA,iBAAA;AAAA,cACd,MAAA,CAAO,UAAU,sBAAsB,CAAA;AAAA,aACzC;AAAA,WACD,CAAA;AAAA,SACF,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-backend-module-guest-provider",
-  "version": "0.2.0-next.2",
+  "version": "0.2.0",
   "description": "The guest-provider backend module for the auth plugin.",
   "backstage": {
     "role": "backend-plugin-module",
@@ -34,16 +34,16 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.25.0-next.2",
-    "@backstage/backend-plugin-api": "^1.0.0-next.2",
-    "@backstage/catalog-model": "^1.6.0",
+    "@backstage/backend-common": "^0.25.0",
+    "@backstage/backend-plugin-api": "^1.0.0",
+    "@backstage/catalog-model": "^1.7.0",
     "@backstage/errors": "^1.2.4",
-    "@backstage/plugin-auth-node": "^0.5.2-next.2",
+    "@backstage/plugin-auth-node": "^0.5.2",
     "passport-oauth2": "^1.7.0"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "^1.0.0-next.2",
-    "@backstage/cli": "^0.27.1-next.2",
+    "@backstage/backend-test-utils": "^1.0.0",
+    "@backstage/cli": "^0.27.1",
     "@backstage/config": "^1.2.0",
     "express": "^4.18.2"
   },