npm - @boxyhq/saml-jackson - Versions diffs - 0.2.2 → 0.2.3-beta.208 - Mend

@boxyhq/saml-jackson 0.2.2 → 0.2.3-beta.208

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/ nodemon.json +12 -0
package/.github/workflows/main.yml +2 -2
package/.nyc_output/2ce4e6ea-b6d5-420c-a785-5bf972000431.json +1 -0
package/.nyc_output/373b0bbd-e18f-4f72-bdcf-a89b611f6db1.json +1 -0
package/.nyc_output/d97c16a4-039f-4dee-aabe-3a0333e17d9a.json +1 -0
package/.nyc_output/processinfo/2ce4e6ea-b6d5-420c-a785-5bf972000431.json +1 -0
package/.nyc_output/processinfo/373b0bbd-e18f-4f72-bdcf-a89b611f6db1.json +1 -0
package/.nyc_output/processinfo/d97c16a4-039f-4dee-aabe-3a0333e17d9a.json +1 -0
package/.nyc_output/processinfo/index.json +1 -0
package/Dockerfile +2 -2
package/README.md +35 -1
package/package.json +23 -15
package/.eslintrc.js +0 -13
package/prettier.config.js +0 -4
package/src/controller/api.js +0 -136
package/src/controller/error.js +0 -12
package/src/controller/oauth/allowed.js +0 -19
package/src/controller/oauth/code-verifier.js +0 -16
package/src/controller/oauth/redirect.js +0 -18
package/src/controller/oauth.js +0 -321
package/src/controller/utils.js +0 -19
package/src/db/db.js +0 -81
package/src/db/db.test.js +0 -302
package/src/db/encrypter.js +0 -36
package/src/db/mem.js +0 -111
package/src/db/mongo.js +0 -89
package/src/db/redis.js +0 -88
package/src/db/sql/entity/JacksonIndex.js +0 -42
package/src/db/sql/entity/JacksonStore.js +0 -42
package/src/db/sql/entity/JacksonTTL.js +0 -23
package/src/db/sql/model/JacksonIndex.js +0 -9
package/src/db/sql/model/JacksonStore.js +0 -10
package/src/db/sql/model/JacksonTTL.js +0 -8
package/src/db/sql/sql.js +0 -153
package/src/db/store.js +0 -42
package/src/db/utils.js +0 -30
package/src/env.js +0 -39
package/src/index.js +0 -67
package/src/jackson.js +0 -145
package/src/read-config.js +0 -24
package/src/saml/claims.js +0 -40
package/src/saml/saml.js +0 -223
package/src/saml/x509.js +0 -48
package/src/test/api.test.js +0 -161
package/src/test/data/metadata/boxyhq.js +0 -6
package/src/test/data/metadata/boxyhq.xml +0 -30
package/src/test/data/saml_response +0 -1
package/src/test/oauth.test.js +0 -342

package/ nodemon.json ADDED Viewed

@@ -0,0 +1,12 @@
+{
+  "restartable": "rs",
+  "ignore": [".git", "node_modules/", "dist/", "coverage/"],
+  "watch": ["src/"],
+  "execMap": {
+    "ts": "node -r ts-node/register"
+  },
+  "env": {
+    "NODE_ENV": "development"
+  },
+  "ext": "js,json,ts"
+}

package/.github/workflows/main.yml CHANGED Viewed

@@ -98,7 +98,7 @@ jobs:
       - name: Get short SHA
         id: slug
-        run: echo "::set-output name=sha8::$(echo ${GITHUB_SHA} | cut -c1-7)"
+        run: echo "::set-output name=sha7::$(echo ${GITHUB_SHA} | cut -c1-7)"
       - name: Set up Docker Buildx
         id: buildx
@@ -117,7 +117,7 @@ jobs:
           context: ./
           file: ./Dockerfile
           push: true
-          tags: ${{ github.repository }}:latest,${{ github.repository }}:${{ steps.slug.outputs.sha8 }}
+          tags: ${{ github.repository }}:latest,${{ github.repository }}:${{ steps.slug.outputs.sha7 }}
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}

package/.nyc_output/2ce4e6ea-b6d5-420c-a785-5bf972000431.json ADDED Viewed

	@@ -0,0 +1 @@
1	+ {}

package/.nyc_output/373b0bbd-e18f-4f72-bdcf-a89b611f6db1.json ADDED Viewed

	@@ -0,0 +1 @@
1	+ {}

package/.nyc_output/d97c16a4-039f-4dee-aabe-3a0333e17d9a.json ADDED Viewed

	@@ -0,0 +1 @@
1	+ {}

package/.nyc_output/processinfo/2ce4e6ea-b6d5-420c-a785-5bf972000431.json ADDED Viewed

@@ -0,0 +1 @@

+ {"parent":"d97c16a4-039f-4dee-aabe-3a0333e17d9a","pid":3602,"argv":["/opt/hostedtoolcache/node/16.13.1/x64/bin/node","/home/runner/work/jackson/jackson/src/test/oauth.test.ts"],"execArgv":["-r","/home/runner/work/jackson/jackson/node_modules/ts-node/register/index.js"],"cwd":"/home/runner/work/jackson/jackson","time":1640696742405,"ppid":3591,"coverageFilename":"/home/runner/work/jackson/jackson/.nyc_output/2ce4e6ea-b6d5-420c-a785-5bf972000431.json","externalId":"src/test/oauth.test.ts","uuid":"2ce4e6ea-b6d5-420c-a785-5bf972000431","files":[]}

package/.nyc_output/processinfo/373b0bbd-e18f-4f72-bdcf-a89b611f6db1.json ADDED Viewed

@@ -0,0 +1 @@

+ {"parent":"d97c16a4-039f-4dee-aabe-3a0333e17d9a","pid":3608,"argv":["/opt/hostedtoolcache/node/16.13.1/x64/bin/node","/home/runner/work/jackson/jackson/src/test/api.test.ts"],"execArgv":["-r","/home/runner/work/jackson/jackson/node_modules/ts-node/register/index.js"],"cwd":"/home/runner/work/jackson/jackson","time":1640696742406,"ppid":3591,"coverageFilename":"/home/runner/work/jackson/jackson/.nyc_output/373b0bbd-e18f-4f72-bdcf-a89b611f6db1.json","externalId":"src/test/api.test.ts","uuid":"373b0bbd-e18f-4f72-bdcf-a89b611f6db1","files":[]}

package/.nyc_output/processinfo/d97c16a4-039f-4dee-aabe-3a0333e17d9a.json ADDED Viewed

@@ -0,0 +1 @@

+ {"parent":null,"pid":3591,"argv":["/opt/hostedtoolcache/node/16.13.1/x64/bin/node","/home/runner/work/jackson/jackson/node_modules/.bin/tap","--ts","--timeout=100","src/test/api.test.ts","src/test/oauth.test.ts"],"execArgv":[],"cwd":"/home/runner/work/jackson/jackson","time":1640696742097,"ppid":3580,"coverageFilename":"/home/runner/work/jackson/jackson/.nyc_output/d97c16a4-039f-4dee-aabe-3a0333e17d9a.json","externalId":"","uuid":"d97c16a4-039f-4dee-aabe-3a0333e17d9a","files":[]}

package/.nyc_output/processinfo/index.json ADDED Viewed

@@ -0,0 +1 @@

+ {"processes":{"2ce4e6ea-b6d5-420c-a785-5bf972000431":{"parent":"d97c16a4-039f-4dee-aabe-3a0333e17d9a","externalId":"src/test/oauth.test.ts","children":[]},"373b0bbd-e18f-4f72-bdcf-a89b611f6db1":{"parent":"d97c16a4-039f-4dee-aabe-3a0333e17d9a","externalId":"src/test/api.test.ts","children":[]},"d97c16a4-039f-4dee-aabe-3a0333e17d9a":{"parent":null,"children":["2ce4e6ea-b6d5-420c-a785-5bf972000431","373b0bbd-e18f-4f72-bdcf-a89b611f6db1"]}},"files":{},"externalIds":{"src/test/oauth.test.ts":{"root":"2ce4e6ea-b6d5-420c-a785-5bf972000431","children":[]},"src/test/api.test.ts":{"root":"373b0bbd-e18f-4f72-bdcf-a89b611f6db1","children":[]}}}

package/Dockerfile CHANGED Viewed

@@ -1,5 +1,5 @@
 # Install dependencies only when needed
-FROM node:16.9.1-alpine3.14 AS deps
+FROM node:16.13.1-alpine3.14 AS deps
 # Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
@@ -8,7 +8,7 @@ COPY package.json package-lock.json ./
 RUN npm ci --only=production
 # Production image, copy all the files and run next
-FROM node:16.9.1-alpine3.14 AS runner
+FROM node:16.13.1-alpine3.14 AS runner
 WORKDIR /app
 ENV NODE_OPTIONS="--max-http-header-size=81920"

package/README.md CHANGED Viewed

@@ -85,7 +85,21 @@ router.get('/api/v1/saml/config', async (req, res) => {
     });
   }
 });
+// delete config
+router.delete('/api/v1/saml/config', async (req, res) => {
+  try {
+    // apply your authentication flow (or ensure this route has passed through your auth middleware)
+    ...
+    // only when properly authenticated, call the config function
+    await apiController.deleteConfig(req.body);
+    res.status(200).end();
+  } catch (err) {
+    res.status(500).json({
+      error: err.message,
+    });
+  }
+});
 // OAuth 2.0 flow
 router.get('/oauth/authorize', async (req, res) => {
   try {
@@ -228,6 +242,26 @@ curl -G --location 'http://localhost:6000/api/v1/saml/config' \
 The response returns a JSON with `provider` indicating the domain of your Identity Provider. If an empty JSON payload is returned then we do not have any configuration stored for the attributes you requested.
+#### 2.2 SAML delete config API
+This endpoint can be used to delete an existing IdP metadata.
+```
+curl -X "DELETE" --location 'http://localhost:6000/api/v1/saml/config' \
+--header 'Authorization: Api-Key <Jackson API Key>' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+--data-urlencode 'tenant=boxyhq.com' \
+--data-urlencode 'product=demo'
+```
+```
+curl -X "DELETE" --location 'http://localhost:6000/api/v1/saml/config' \
+--header 'Authorization: Api-Key <Jackson API Key>' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+--data-urlencode 'clientID=<Client ID>'
+--data-urlencode 'clientSecret=<Client Secret>'
+```
 ### 3. OAuth 2.0 Flow
 Jackson has been designed to abstract the SAML login flow as a pure OAuth 2.0 flow. This means it's compatible with any standard OAuth 2.0 library out there, both client-side and server-side. It is important to remember that SAML is configured per customer unlike OAuth 2.0 where you can have a single OAuth app supporting logins for all customers.
@@ -293,7 +327,7 @@ The short-lived access token can now be used to request the user's profile. You'
 ```
 curl --request GET \
-  --url https://localhost:5000/oauth/me \
+  --url https://localhost:5000/oauth/userinfo \
   --header 'authorization: Bearer <access token>' \
   --header 'content-type: application/json'
 ```

package/package.json CHANGED Viewed

@@ -1,9 +1,10 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.2",
+  "version": "0.2.3-beta.208",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
-  "main": "src/index.js",
+  "main": "dist/index.js",
+  "types": "dist/types.d.ts",
   "engines": {
     "node": ">=14.18.1"
   },
@@ -15,12 +16,14 @@
     "SAML 2.0"
   ],
   "scripts": {
+    "build": "tsc",
     "start": "cross-env IDP_ENABLED=true node src/jackson.js",
     "dev": "cross-env IDP_ENABLED=true nodemon src/jackson.js",
-    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
+    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson DB_ENCRYPTION_KEY=RiVoTxDoLUUoIUOp224abMxK6PGGfFuF nodemon --config nodemon.json src/jackson.ts",
+    "sql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/jackson DB_ENCRYPTION_KEY=RiVoTxDoLUUoIUOp224abMxK6PGGfFuF nodemon src/jackson.js",
     "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
     "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
-    "test": "tap --timeout=100 src/**/*.test.js",
+    "test": "tap --ts --timeout=100 src/**/*.test.ts",
     "dev-dbs": "docker-compose -f ./_dev/docker-compose.yml up -d",
     "dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans"
   },
@@ -33,15 +36,15 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "0.2.0",
-    "@peculiar/webcrypto": "1.2.2",
-    "@peculiar/x509": "1.6.0",
+    "@peculiar/webcrypto": "1.2.3",
+    "@peculiar/x509": "1.6.1",
     "cors": "2.8.5",
-    "express": "4.17.1",
-    "mongodb": "4.2.1",
+    "express": "4.17.2",
+    "mongodb": "4.2.2",
     "mysql2": "2.3.3",
     "pg": "8.7.1",
     "rambda": "6.9.0",
-    "redis": "4.0.0-rc.4",
+    "redis": "4.0.1",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
     "thumbprint": "0.0.1",
@@ -51,17 +54,22 @@
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
+    "@types/redis": "4.0.11",
+    "@types/sinon": "10.0.6",
+    "@types/tap": "15.0.5",
     "cross-env": "7.0.3",
-    "eslint": "8.4.0",
+    "eslint": "8.5.0",
     "husky": "7.0.4",
-    "lint-staged": "12.1.2",
+    "lint-staged": "12.1.4",
     "nodemon": "2.0.15",
     "prettier": "2.5.1",
     "sinon": "12.0.1",
-    "tap": "15.1.5"
+    "tap": "15.1.5",
+    "ts-node": "10.4.0",
+    "typescript": "4.5.4"
   },
   "lint-staged": {
-    "*.js": "eslint --cache --fix",
-    "*.{js,css,md}": "prettier --write"
+    "*.{js,ts}": "eslint --cache --fix",
+    "*.{js,ts,css,md}": "prettier --write"
   }
-}
+}

package/.eslintrc.js DELETED Viewed

@@ -1,13 +0,0 @@
-module.exports = {
-    "env": {
-        "es2021": true,
-        "node": true
-    },
-    "extends": "eslint:recommended",
-    "parserOptions": {
-        "ecmaVersion": 13,
-        "sourceType": "module"
-    },
-    "rules": {
-    }
-};

package/prettier.config.js DELETED Viewed

@@ -1,4 +0,0 @@
-module.exports = {
-  singleQuote: true,
-  trailingComma: 'es5',
-};

package/src/controller/api.js DELETED Viewed

@@ -1,136 +0,0 @@
-const saml = require('../saml/saml.js');
-const x509 = require('../saml/x509.js');
-const dbutils = require('../db/utils.js');
-const { indexNames } = require('./utils.js');
-const { JacksonError } = require('./error.js');
-const crypto = require('crypto');
-let configStore;
-const extractHostName = (url) => {
-  try {
-    const pUrl = new URL(url);
-    if (pUrl.hostname.startsWith('www.')) {
-      return pUrl.hostname.substring(4);
-    }
-    return pUrl.hostname;
-  } catch (err) {
-    return null;
-  }
-};
-const config = async (body) => {
-  const { rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product } =
-    body;
-  if (!rawMetadata) {
-    throw new JacksonError('Please provide rawMetadata', 400);
-  }
-  if (!defaultRedirectUrl) {
-    throw new JacksonError('Please provide a defaultRedirectUrl', 400);
-  }
-  if (!redirectUrl) {
-    throw new JacksonError('Please provide redirectUrl', 400);
-  }
-  if (!tenant) {
-    throw new JacksonError('Please provide tenant', 400);
-  }
-  if (!product) {
-    throw new JacksonError('Please provide product', 400);
-  }
-  const idpMetadata = await saml.parseMetadataAsync(rawMetadata);
-  // extract provider
-  let providerName = extractHostName(idpMetadata.entityID);
-  if (!providerName) {
-    providerName = extractHostName(
-      idpMetadata.sso.redirectUrl || idpMetadata.sso.postUrl
-    );
-  }
-  idpMetadata.provider = providerName ? providerName : 'Unknown';
-  let clientID = dbutils.keyDigest(
-    dbutils.keyFromParts(tenant, product, idpMetadata.entityID)
-  );
-  let clientSecret;
-  let exists = await configStore.get(clientID);
-  if (exists) {
-    clientSecret = exists.clientSecret;
-  } else {
-    clientSecret = crypto.randomBytes(24).toString('hex');
-  }
-  const certs = await x509.generate();
-  if (!certs) {
-    throw new Error('Error generating x59 certs');
-  }
-  await configStore.put(
-    clientID,
-    {
-      idpMetadata,
-      defaultRedirectUrl,
-      redirectUrl: JSON.parse(redirectUrl), // redirectUrl is a stringified array
-      tenant,
-      product,
-      clientID,
-      clientSecret,
-      certs,
-    },
-    {
-      // secondary index on entityID
-      name: indexNames.entityID,
-      value: idpMetadata.entityID,
-    },
-    {
-      // secondary index on tenant + product
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    }
-  );
-  return {
-    client_id: clientID,
-    client_secret: clientSecret,
-    provider: idpMetadata.provider,
-  };
-};
-const getConfig = async (body) => {
-  const { clientID, tenant, product } = body;
-  if (clientID) {
-    const samlConfig = await configStore.get(clientID);
-    if (!samlConfig) {
-      return {};
-    }
-    return { provider: samlConfig.idpMetadata.provider };
-  } else {
-    const samlConfigs = await configStore.getByIndex({
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    });
-    if (!samlConfigs || !samlConfigs.length) {
-      return {};
-    }
-    return { provider: samlConfigs[0].idpMetadata.provider };
-  }
-};
-module.exports = (opts) => {
-  configStore = opts.configStore;
-  return {
-    config,
-    getConfig,
-  };
-};

package/src/controller/error.js DELETED Viewed

@@ -1,12 +0,0 @@
-class JacksonError extends Error {
-  constructor(message, statusCode = 500) {
-    super(message);
-    this.name = this.constructor.name;
-    this.statusCode = statusCode;
-    Error.captureStackTrace(this, this.constructor);
-  }
-}
-module.exports = { JacksonError };

package/src/controller/oauth/allowed.js DELETED Viewed

@@ -1,19 +0,0 @@
-module.exports = {
-  redirect: (redirectUrl, redirectUrls) => {
-    const url = new URL(redirectUrl);
-    for (const idx in redirectUrls) {
-      const rUrl = new URL(redirectUrls[idx]);
-      // TODO: Check pathname, for now pathname is ignored
-      if (
-        rUrl.protocol === url.protocol &&
-        rUrl.hostname === url.hostname &&
-        rUrl.port === url.port
-      ) {
-        return true;
-      }
-    }
-    return false;
-  },
-};

package/src/controller/oauth/code-verifier.js DELETED Viewed

@@ -1,16 +0,0 @@
-const crypto = require('crypto');
-const transformBase64 = (input) => {
-  return input.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
-};
-const encode = (code_challenge) => {
-  return transformBase64(
-    crypto.createHash('sha256').update(code_challenge).digest('base64')
-  );
-};
-module.exports = {
-  encode,
-  transformBase64,
-};

package/src/controller/oauth/redirect.js DELETED Viewed

@@ -1,18 +0,0 @@
-module.exports = {
-  error: (res, redirectUrl, err) => {
-    var url = new URL(redirectUrl);
-    url.searchParams.set('error', err);
-    res.redirect(url);
-  },
-  success: (redirectUrl, params) => {
-    const url = new URL(redirectUrl);
-    for (const [key, value] of Object.entries(params)) {
-      url.searchParams.set(key, value);
-    }
-    return url.href;
-  },
-};