@boxyhq/saml-jackson 0.2.1-beta.161 → 0.2.1-beta.162

package/README.md

@@ -71,6 +71,20 @@ router.post('/api/v1/saml/config', async (req, res) => {
     });
   }
 });
+// fetch config
+router.get('/api/v1/saml/config', async (req, res) => {
+  try {
+    // apply your authentication flow (or ensure this route has passed through your auth middleware)
+    ...
+
+    // only when properly authenticated, call the config function
+    res.json(await apiController.config(req.query));
+  } catch (err) {
+    res.status(500).json({
+      error: err.message,
+    });
+  }
+});
 
 // OAuth 2.0 flow
 router.get('/oauth/authorize', async (req, res) => {
@@ -198,7 +212,7 @@ The response returns a JSON with `client_id` and `client_secret` that can be sto
 This endpoint can be used to return metadata about an existing SAML config. This can be used to check and display the details to your customers. You can use either `clientID` or `tenant` and `product` combination.
 
 ```
-curl --location --request POST 'http://localhost:6000/api/v1/saml/config/get' \
+curl -G --location 'http://localhost:6000/api/v1/saml/config' \
 --header 'Authorization: Api-Key <Jackson API Key>' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'tenant=boxyhq.com' \
@@ -206,7 +220,7 @@ curl --location --request POST 'http://localhost:6000/api/v1/saml/config/get' \
 ```
 
 ```
-curl --location --request POST 'http://localhost:6000/api/v1/saml/config/get' \
+curl -G --location 'http://localhost:6000/api/v1/saml/config' \
 --header 'Authorization: Api-Key <Jackson API Key>' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'clientID=<Client ID>'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.1-beta.161",
+  "version": "0.2.1-beta.162",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "src/index.js",

package/src/jackson.js

@@ -114,7 +114,7 @@ internalApp.post(apiPath + '/config', async (req, res) => {
   }
 });
 
-internalApp.post(apiPath + '/config/get', async (req, res) => {
+internalApp.get(apiPath + '/config', async (req, res) => {
   try {
     const apiKey = extractAuthToken(req);
     if (!validateApiKey(apiKey)) {
@@ -122,7 +122,7 @@ internalApp.post(apiPath + '/config/get', async (req, res) => {
       return;
     }
 
-    res.json(await apiController.getConfig(req.body));
+    res.json(await apiController.getConfig(req.query));
   } catch (err) {
     res.status(500).json({
       error: err.message,

package/src/test/api.test.js

@@ -125,23 +125,28 @@ tap.test('controller/api', async (t) => {
 
     t.test('when the request is good', async (t) => {
       const body = Object.assign({}, config[0]);
+      const CLIENTID = '75edb050796a0eb1cf2cfb0da7245f85bc50baa7';
+      const PROVIDER = 'accounts.google.com';
 
-      sinon
-        .stub(dbutils, 'keyDigest')
-        .returns('75edb050796a0eb1cf2cfb0da7245f85bc50baa7');
-
-      sinon
+      const kdStub = sinon.stub(dbutils, 'keyDigest').returns(CLIENTID);
+      const rbStub = sinon
         .stub(crypto, 'randomBytes')
         .returns('f3b0f91eb8f4a9f7cc2254e08682d50b05b5d36262929e7f');
 
       const response = await apiController.config(body);
-
-      t.equal(response.client_id, '75edb050796a0eb1cf2cfb0da7245f85bc50baa7');
+      t.ok(kdStub.called);
+      t.ok(rbStub.calledOnce);
+      t.equal(response.client_id, CLIENTID);
       t.equal(
         response.client_secret,
         'f3b0f91eb8f4a9f7cc2254e08682d50b05b5d36262929e7f'
       );
-      t.equal(response.provider, 'accounts.google.com');
+      t.equal(response.provider, PROVIDER);
+
+      const savedConf = await apiController.getConfig({
+        clientID: CLIENTID,
+      });
+      t.equal(savedConf.provider, PROVIDER);
 
       dbutils.keyDigest.restore();
       crypto.randomBytes.restore();