@boxyhq/saml-jackson 0.1.5-beta.112 → 0.1.5-beta.114

package/README.md

@@ -100,7 +100,7 @@ router.get('/oauth/userinfo', cors(), async (req, res) => {
 });
  
 // set the router
-app.user('/sso', router);
+app.use('/sso', router);
  
 ```
  

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.1.5-beta.112",
+  "version": "0.1.5-beta.114",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "src/index.js",

package/src/controller/oauth.js

@@ -2,7 +2,7 @@ const crypto = require('crypto');
 
 const saml = require('../saml/saml.js');
 const codeVerifier = require('./oauth/code-verifier.js');
-const { indexNames, extractAuthToken } = require('./utils.js');
+const { indexNames } = require('./utils.js');
 const dbutils = require('../db/utils.js');
 const redirect = require('./oauth/redirect.js');
 const allowed = require('./oauth/allowed.js');
@@ -15,6 +15,16 @@ let options;
 
 const relayStatePrefix = 'boxyhq_jackson_';
 
+const extractBearerToken = (req) => {
+  const authHeader = req.get('authorization');
+  const parts = (authHeader || '').split(' ');
+  if (parts.length > 1) {
+    return parts[1];
+  }
+
+  return null;
+};
+
 function getEncodedClientId(client_id) {
   try {
     const sp = new URLSearchParams(client_id);
@@ -293,7 +303,7 @@ const token = async (req, res) => {
 };
 
 const userInfo = async (req, res) => {
-  let token = extractAuthToken(req);
+  let token = extractBearerToken(req);
 
   // check for query param
   if (!token) {

package/src/controller/utils.js

@@ -3,17 +3,6 @@ const indexNames = {
   tenantProduct: 'tenantProduct',
 };
 
-const extractAuthToken = (req) => {
-  const authHeader = req.get('authorization');
-  const parts = (authHeader || '').split(' ');
-  if (parts.length > 1) {
-    return parts[1];
-  }
-
-  return null;
-};
-
 module.exports = {
   indexNames,
-  extractAuthToken,
 };

package/src/env.js

@@ -7,8 +7,6 @@ const samlPath = process.env.SAML_PATH || '/oauth/saml';
 const internalHostUrl = process.env.INTERNAL_HOST_URL || 'localhost';
 const internalHostPort = (process.env.INTERNAL_HOST_PORT || '6000') * 1;
 
-const apiKeys = (process.env.JACKSON_API_KEYS || '').split(',');
-
 const samlAudience = process.env.SAML_AUDIENCE;
 const preLoadedConfig = process.env.PRE_LOADED_CONFIG;
 
@@ -29,7 +27,6 @@ module.exports = {
   preLoadedConfig,
   internalHostUrl,
   internalHostPort,
-  apiKeys,
   idpEnabled,
   db,
   useInternalServer: !(

package/src/jackson.js

@@ -2,7 +2,6 @@ const express = require('express');
 const cors = require('cors');
 
 const env = require('./env.js');
-const { extractAuthToken } = require('./controller/utils.js');
 
 let apiController;
 let oauthController;
@@ -67,18 +66,8 @@ if (env.useInternalServer) {
   internalApp.use(express.urlencoded({ extended: true }));
 }
 
-const validateApiKey = (token) => {
-  return env.apiKeys.includes(token);
-};
-
 internalApp.post(apiPath + '/config', async (req, res) => {
   try {
-    const apiKey = extractAuthToken(req);
-    if (!validateApiKey(apiKey)) {
-      res.status(401).send('Unauthorized');
-      return;
-    }
-
     res.json(await apiController.config(req.body));
   } catch (err) {
     res.status(500).json({