@boxyhq/saml-jackson 0.2.1-beta.158 → 0.2.1-beta.164

package/README.md

@@ -71,6 +71,20 @@ router.post('/api/v1/saml/config', async (req, res) => {
     });
   }
 });
+// fetch config
+router.get('/api/v1/saml/config', async (req, res) => {
+  try {
+    // apply your authentication flow (or ensure this route has passed through your auth middleware)
+    ...
+
+    // only when properly authenticated, call the config function
+    res.json(await apiController.config(req.query));
+  } catch (err) {
+    res.status(500).json({
+      error: err.message,
+    });
+  }
+});
 
 // OAuth 2.0 flow
 router.get('/oauth/authorize', async (req, res) => {
@@ -198,7 +212,7 @@ The response returns a JSON with `client_id` and `client_secret` that can be sto
 This endpoint can be used to return metadata about an existing SAML config. This can be used to check and display the details to your customers. You can use either `clientID` or `tenant` and `product` combination.
 
 ```
-curl --location --request POST 'http://localhost:6000/api/v1/saml/config/get' \
+curl -G --location 'http://localhost:6000/api/v1/saml/config' \
 --header 'Authorization: Api-Key <Jackson API Key>' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'tenant=boxyhq.com' \
@@ -206,7 +220,7 @@ curl --location --request POST 'http://localhost:6000/api/v1/saml/config/get' \
 ```
 
 ```
-curl --location --request POST 'http://localhost:6000/api/v1/saml/config/get' \
+curl -G --location 'http://localhost:6000/api/v1/saml/config' \
 --header 'Authorization: Api-Key <Jackson API Key>' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'clientID=<Client ID>'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.1-beta.158",
+  "version": "0.2.1-beta.164",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "src/index.js",

package/src/controller/api.js

@@ -2,6 +2,7 @@ const saml = require('../saml/saml.js');
 const x509 = require('../saml/x509.js');
 const dbutils = require('../db/utils.js');
 const { indexNames } = require('./utils.js');
+const { JacksonError } = require('./error.js');
 
 const crypto = require('crypto');
 
@@ -22,6 +23,27 @@ const extractHostName = (url) => {
 const config = async (body) => {
   const { rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product } =
     body;
+
+  if (!rawMetadata) {
+    throw new JacksonError('Please provide rawMetadata', 400);
+  }
+
+  if (!defaultRedirectUrl) {
+    throw new JacksonError('Please provide a defaultRedirectUrl', 400);
+  }
+
+  if (!redirectUrl) {
+    throw new JacksonError('Please provide redirectUrl', 400);
+  }
+
+  if (!tenant) {
+    throw new JacksonError('Please provide tenant', 400);
+  }
+
+  if (!product) {
+    throw new JacksonError('Please provide product', 400);
+  }
+
   const idpMetadata = await saml.parseMetadataAsync(rawMetadata);
 
   // extract provider

package/src/jackson.js

@@ -114,7 +114,7 @@ internalApp.post(apiPath + '/config', async (req, res) => {
   }
 });
 
-internalApp.post(apiPath + '/config/get', async (req, res) => {
+internalApp.get(apiPath + '/config', async (req, res) => {
   try {
     const apiKey = extractAuthToken(req);
     if (!validateApiKey(apiKey)) {
@@ -122,7 +122,7 @@ internalApp.post(apiPath + '/config/get', async (req, res) => {
       return;
     }
 
-    res.json(await apiController.getConfig(req.body));
+    res.json(await apiController.getConfig(req.query));
   } catch (err) {
     res.status(500).json({
       error: err.message,

package/src/test/api.test.js

@@ -0,0 +1,161 @@
+const tap = require('tap');
+const path = require('path');
+const sinon = require('sinon');
+const crypto = require('crypto');
+
+const readConfig = require('../read-config');
+const dbutils = require('../db/utils');
+
+let apiController;
+
+const CLIENT_ID = '75edb050796a0eb1cf2cfb0da7245f85bc50baa7';
+const PROVIDER = 'accounts.google.com';
+const OPTIONS = {
+  externalUrl: 'https://my-cool-app.com',
+  samlAudience: 'https://saml.boxyhq.com',
+  samlPath: '/sso/oauth/saml',
+  db: {
+    engine: 'mem',
+  },
+};
+
+tap.before(async () => {
+  const controller = await require('../index.js')(OPTIONS);
+
+  apiController = controller.apiController;
+});
+
+tap.teardown(async () => {
+  process.exit(0);
+});
+
+tap.test('controller/api', async (t) => {
+  const metadataPath = path.join(__dirname, '/data/metadata');
+  const config = await readConfig(metadataPath);
+
+  t.test('.config()', async (t) => {
+    t.test('when required fields are missing or invalid', async (t) => {
+      t.test('when `rawMetadata` is empty', async (t) => {
+        const body = Object.assign({}, config[0]);
+        delete body['rawMetadata'];
+
+        try {
+          await apiController.config(body);
+          t.fail('Expecting JacksonError.');
+        } catch (err) {
+          t.equal(err.message, 'Please provide rawMetadata');
+          t.equal(err.statusCode, 400);
+        }
+
+        t.end();
+      });
+
+      t.test('when `defaultRedirectUrl` is empty', async (t) => {
+        const body = Object.assign({}, config[0]);
+        delete body['defaultRedirectUrl'];
+
+        try {
+          await apiController.config(body);
+          t.fail('Expecting JacksonError.');
+        } catch (err) {
+          t.equal(err.message, 'Please provide a defaultRedirectUrl');
+          t.equal(err.statusCode, 400);
+        }
+
+        t.end();
+      });
+
+      t.test('when `redirectUrl` is empty', async (t) => {
+        const body = Object.assign({}, config[0]);
+        delete body['redirectUrl'];
+
+        try {
+          await apiController.config(body);
+          t.fail('Expecting JacksonError.');
+        } catch (err) {
+          t.equal(err.message, 'Please provide redirectUrl');
+          t.equal(err.statusCode, 400);
+        }
+
+        t.end();
+      });
+
+      t.test('when `tenant` is empty', async (t) => {
+        const body = Object.assign({}, config[0]);
+        delete body['tenant'];
+
+        try {
+          await apiController.config(body);
+          t.fail('Expecting JacksonError.');
+        } catch (err) {
+          t.equal(err.message, 'Please provide tenant');
+          t.equal(err.statusCode, 400);
+        }
+
+        t.end();
+      });
+
+      t.test('when `product` is empty', async (t) => {
+        const body = Object.assign({}, config[0]);
+        delete body['product'];
+
+        try {
+          await apiController.config(body);
+          t.fail('Expecting JacksonError.');
+        } catch (err) {
+          t.equal(err.message, 'Please provide product');
+          t.equal(err.statusCode, 400);
+        }
+
+        t.end();
+      });
+
+      t.test('when `rawMetadata` is not a valid XML', async (t) => {
+        const body = Object.assign({}, config[0]);
+        body['rawMetadata'] = 'not a valid XML';
+
+        try {
+          await apiController.config(body);
+          t.fail('Expecting Error.');
+        } catch (err) {
+          t.match(err.message, /Non-whitespace before first tag./);
+        }
+
+        t.end();
+      });
+    });
+
+    t.test('when the request is good', async (t) => {
+      const body = Object.assign({}, config[0]);
+
+      const kdStub = sinon.stub(dbutils, 'keyDigest').returns(CLIENT_ID);
+      const rbStub = sinon
+        .stub(crypto, 'randomBytes')
+        .returns('f3b0f91eb8f4a9f7cc2254e08682d50b05b5d36262929e7f');
+
+      const response = await apiController.config(body);
+      t.ok(kdStub.called);
+      t.ok(rbStub.calledOnce);
+      t.equal(response.client_id, CLIENT_ID);
+      t.equal(
+        response.client_secret,
+        'f3b0f91eb8f4a9f7cc2254e08682d50b05b5d36262929e7f'
+      );
+      t.equal(response.provider, PROVIDER);
+
+      const savedConf = await apiController.getConfig({
+        clientID: CLIENT_ID,
+      });
+      t.equal(savedConf.provider, PROVIDER);
+
+      dbutils.keyDigest.restore();
+      crypto.randomBytes.restore();
+
+      t.end();
+    });
+
+    t.end();
+  });
+
+  t.end();
+});