@boxyhq/saml-jackson 0.2.2-beta.172 → 0.2.2-beta.174

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -0
  2. package/package.json +1 -1
  3. package/src/controller/api.js +13 -2
  4. package/src/test/api.test.js +22 -3
package/README.md CHANGED
@@ -259,6 +259,7 @@ curl -X "DELETE" --location 'http://localhost:6000/api/v1/saml/config' \
259
259
  --header 'Authorization: Api-Key <Jackson API Key>' \
260
260
  --header 'Content-Type: application/x-www-form-urlencoded' \
261
261
  --data-urlencode 'clientID=<Client ID>'
262
+ --data-urlencode 'clientSecret=<Client Secret>'
262
263
  ```
263
264
 
264
265
  ### 3. OAuth 2.0 Flow
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@boxyhq/saml-jackson",
3
- "version": "0.2.2-beta.172",
3
+ "version": "0.2.2-beta.174",
4
4
  "license": "Apache 2.0",
5
5
  "description": "SAML 2.0 service",
6
6
  "main": "src/index.js",
package/src/controller/api.js CHANGED
@@ -128,10 +128,21 @@ const getConfig = async (body) => {
128
128
  };
129
129
 
130
130
  const deleteConfig = async (body) => {
131
- const { clientID, tenant, product } = body;
131
+ const { clientID, clientSecret, tenant, product } = body;
132
132
 
133
133
  if (clientID) {
134
- await configStore.delete(clientID);
134
+ if (!clientSecret) {
135
+ throw new JacksonError('Please provide clientSecret', 400);
136
+ }
137
+ const samlConfig = await configStore.get(clientID);
138
+ if (!samlConfig) {
139
+ return;
140
+ }
141
+ if (samlConfig.clientSecret === clientSecret) {
142
+ await configStore.delete(clientID);
143
+ } else {
144
+ throw new JacksonError('clientSecret mismatch', 400);
145
+ }
135
146
  } else {
136
147
  const samlConfigs = await configStore.getByIndex({
137
148
  name: indexNames.tenantProduct,
package/src/test/api.test.js CHANGED
@@ -147,12 +147,31 @@ tap.test('controller/api', async (t) => {
147
147
  clientID: CLIENT_ID,
148
148
  });
149
149
  t.equal(savedConf.provider, PROVIDER);
150
-
151
- await apiController.deleteConfig({ clientID: CLIENT_ID });
150
+ try {
151
+ await apiController.deleteConfig({ clientID: CLIENT_ID });
152
+ t.fail('Expecting JacksonError.');
153
+ } catch (err) {
154
+ t.equal(err.message, 'Please provide clientSecret');
155
+ t.equal(err.statusCode, 400);
156
+ }
157
+ try {
158
+ await apiController.deleteConfig({
159
+ clientID: CLIENT_ID,
160
+ clientSecret: 'xxxxx',
161
+ });
162
+ t.fail('Expecting JacksonError.');
163
+ } catch (err) {
164
+ t.equal(err.message, 'clientSecret mismatch');
165
+ t.equal(err.statusCode, 400);
166
+ }
167
+ await apiController.deleteConfig({
168
+ clientID: CLIENT_ID,
169
+ clientSecret: 'f3b0f91eb8f4a9f7cc2254e08682d50b05b5d36262929e7f',
170
+ });
152
171
  savedConf = await apiController.getConfig({
153
172
  clientID: CLIENT_ID,
154
173
  });
155
- t.same(savedConf, {});
174
+ t.same(savedConf, {}, 'should return empty config');
156
175
 
157
176
  dbutils.keyDigest.restore();
158
177
  crypto.randomBytes.restore();