@boxyhq/saml-jackson 0.2.3-beta.223 → 0.2.3-beta.227

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.3-beta.223",
+  "version": "0.2.3-beta.227",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "dist/index.js",
@@ -19,8 +19,8 @@
     "build": "tsc -p tsconfig.build.json",
     "start": "cross-env IDP_ENABLED=true node dist/jackson.js",
     "dev": "cross-env IDP_ENABLED=true nodemon --config nodemon.json src/jackson.ts",
-    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson DB_ENCRYPTION_KEY=RiVoTxDoLUUoIUOp224abMxK6PGGfFuF nodemon --config nodemon.json src/jackson.ts",
-    "sql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/jackson DB_ENCRYPTION_KEY=RiVoTxDoLUUoIUOp224abMxK6PGGfFuF nodemon --config nodemon.json src/jackson.ts",
+    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon --config nodemon.json src/jackson.ts",
+    "sql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/jackson nodemon --config nodemon.json src/jackson.ts",
     "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon --config nodemon.json src/jackson.ts",
     "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon --config nodemon.json src/jackson.ts",
     "test": "tap --ts --timeout=100 src/**/*.test.ts",

package/src/db/mem.ts

@@ -1,6 +1,6 @@
 // This is an in-memory implementation to be used with testing and prototyping only
 
-import { DatabaseDriver, DatabaseOption, Index } from 'saml-jackson';
+import { DatabaseDriver, DatabaseOption, Index, Encrypted } from 'saml-jackson';
 import * as dbutils from './utils';
 
 class Mem implements DatabaseDriver {
@@ -65,7 +65,7 @@ class Mem implements DatabaseDriver {
   async put(
     namespace: string,
     key: string,
-    val: string,
+    val: Encrypted,
     ttl: number = 0,
     ...indexes: any[]
   ): Promise<any> {

package/src/db/mongo.ts

@@ -1,9 +1,9 @@
 import { MongoClient } from 'mongodb';
-import { DatabaseDriver, DatabaseOption, Index } from 'saml-jackson';
+import { DatabaseDriver, DatabaseOption, Encrypted, Index } from 'saml-jackson';
 import * as dbutils from './utils';
 
 type Document = {
-  value: string;
+  value: Encrypted;
   expiresAt: Date;
   indexes: string[];
 };
@@ -64,7 +64,7 @@ class Mongo implements DatabaseDriver {
   async put(
     namespace: string,
     key: string,
-    val: string,
+    val: Encrypted,
     ttl: number = 0,
     ...indexes: any[]
   ): Promise<void> {

package/src/db/redis.ts

@@ -1,5 +1,5 @@
 import * as redis from 'redis';
-import { DatabaseDriver, DatabaseOption, Index } from 'saml-jackson';
+import { DatabaseDriver, DatabaseOption, Encrypted, Index } from 'saml-jackson';
 import * as dbutils from './utils';
 
 class Redis implements DatabaseDriver {
@@ -54,7 +54,7 @@ class Redis implements DatabaseDriver {
   async put(
     namespace: string,
     key: string,
-    val: string,
+    val: Encrypted,
     ttl: number = 0,
     ...indexes: any[]
   ): Promise<void> {

package/src/db/sql/model/JacksonStore.ts

@@ -1,8 +1,8 @@
 export class JacksonStore {
   constructor(
     public key: string,
-    public value: any,
-    public iv: any,
-    public tag: any
+    public value: string,
+    public iv?: string,
+    public tag?: string
   ) {}
 }

package/src/db/sql/sql.ts

@@ -2,23 +2,24 @@
 
 require('reflect-metadata');
 
-import { DatabaseDriver, DatabaseOption, Index } from 'saml-jackson';
+import { DatabaseDriver, DatabaseOption, Index, Encrypted } from 'saml-jackson';
 import { Connection, createConnection } from 'typeorm';
 import * as dbutils from '../utils';
+import JacksonIndexEntity from './entity/JacksonIndex';
+import JacksonStoreEntity from './entity/JacksonStore';
+import {
+  JacksonTTL,
+  JacksonTTL as JacksonTTLEntity,
+} from './entity/JacksonTTL';
 import { JacksonIndex } from './model/JacksonIndex';
 import { JacksonStore } from './model/JacksonStore';
-import { JacksonTTL } from './entity/JacksonTTL';
-
-import JacksonStoreEntity from './entity/JacksonStore';
-import JacksonIndexEntity from './entity/JacksonIndex';
-import { JacksonTTL as JacksonTTLEntity } from './entity/JacksonTTL';
 
 class Sql implements DatabaseDriver {
   private options: DatabaseOption;
   private connection!: Connection;
-  private storeRepository; //!: typeorm.Repository<JacksonStore>;
-  private indexRepository; //!: typeorm.Repository<JacksonIndex>;
-  private ttlRepository; //!: typeorm.Repository<JacksonTTL>;
+  private storeRepository;
+  private indexRepository;
+  private ttlRepository;
   private ttlCleanup;
   private timerId;
 
@@ -29,8 +30,6 @@ class Sql implements DatabaseDriver {
   async init(): Promise<Sql> {
     while (true) {
       try {
-        // TODO: Fix it
-        // @ts-ignore
         this.connection = await createConnection({
           name: this.options.type + Math.floor(Math.random() * 100000),
           type: this.options.type,
@@ -116,11 +115,10 @@ class Sql implements DatabaseDriver {
       key: dbutils.keyForIndex(namespace, idx),
     });
 
-    const ret: string[] = [];
+    const ret: Encrypted[] = [];
 
     if (res) {
       res.forEach((r) => {
-        // @ts-ignore
         ret.push({
           value: r.store.value,
           iv: r.store.iv,
@@ -135,14 +133,13 @@ class Sql implements DatabaseDriver {
   async put(
     namespace: string,
     key: string,
-    val: string,
+    val: Encrypted,
     ttl: number = 0,
     ...indexes: any[]
   ): Promise<void> {
     await this.connection.transaction(async (transactionalEntityManager) => {
       const dbKey = dbutils.key(namespace, key);
 
-      // @ts-ignore
       const store = new JacksonStore(dbKey, val.value, val.iv, val.tag);
 
       await transactionalEntityManager.save(store);

package/src/jackson.ts

@@ -1,12 +1,13 @@
 import cors from 'cors';
 import express from 'express';
+import { IOAuthController, ISAMLConfig } from 'saml-jackson';
 import { JacksonError } from './controller/error';
 import { extractAuthToken } from './controller/utils';
 import env from './env';
 import jackson from './index';
 
-let apiController;
-let oauthController;
+let apiController: ISAMLConfig;
+let oauthController: IOAuthController;
 
 const oauthPath = '/oauth';
 const apiPath = '/api/v1/saml';
@@ -62,7 +63,7 @@ app.get(oauthPath + '/userinfo', async (req, res) => {
     }
 
     if (!token) {
-      res.status(401).json({ message: 'Unauthorized' });
+      return res.status(401).json({ message: 'Unauthorized' });
     }
 
     const profile = await oauthController.userInfo(token);
@@ -80,7 +81,6 @@ const server = app.listen(env.hostPort, async () => {
     `🚀 The path of the righteous server: http://${env.hostUrl}:${env.hostPort}`
   );
 
-  // TODO: Fix it
   // @ts-ignore
   const ctrlrModule = await jackson(env);
 

package/src/test/api.test.ts

@@ -16,8 +16,7 @@ const OPTIONS = {
   samlAudience: 'https://saml.boxyhq.com',
   samlPath: '/sso/oauth/saml',
   db: {
-    engine: 'mongo',
-    url: 'mongodb://localhost:27017/jackson-demo',
+    engine: 'mem',
   } as DatabaseOption,
 };
 

package/src/test/oauth.test.ts

@@ -1,30 +1,36 @@
 import crypto from 'crypto';
 import { promises as fs } from 'fs';
 import path from 'path';
-import { JacksonOption } from 'saml-jackson';
+import {
+  IOAuthController,
+  ISAMLConfig,
+  JacksonOption,
+  OAuthReqBody,
+  OAuthTokenReq,
+  SAMLResponsePayload,
+} from 'saml-jackson';
 import sinon from 'sinon';
 import tap from 'tap';
 import { JacksonError } from '../controller/error';
 import readConfig from '../read-config';
 import saml from '../saml/saml';
 
-// TODO: Add type
-let apiController;
-let oauthController;
+let apiController: ISAMLConfig;
+let oauthController: IOAuthController;
 
 const code = '1234567890';
 const token = '24c1550190dd6a5a9bd6fe2a8ff69d593121c7b9';
 
 const metadataPath = path.join(__dirname, '/data/metadata');
 
-const options = {
+const options = <JacksonOption>{
   externalUrl: 'https://my-cool-app.com',
   samlAudience: 'https://saml.boxyhq.com',
   samlPath: '/sso/oauth/saml',
   db: {
     engine: 'mem',
   },
-} as JacksonOption;
+};
 
 const samlConfig = {
   tenant: 'boxyhq.com',
@@ -57,13 +63,13 @@ tap.teardown(async () => {
 
 tap.test('authorize()', async (t) => {
   t.test('Should throw an error if `redirect_uri` null', async (t) => {
-    const body = {
-      redirect_uri: null,
+    const body: Partial<OAuthReqBody> = {
+      redirect_uri: undefined,
       state: 'state',
     };
 
     try {
-      await oauthController.authorize(body);
+      await oauthController.authorize(<OAuthReqBody>body);
       t.fail('Expecting JacksonError.');
     } catch (err) {
       const { message, statusCode } = err as JacksonError;
@@ -79,13 +85,13 @@ tap.test('authorize()', async (t) => {
   });
 
   t.test('Should throw an error if `state` null', async (t) => {
-    const body = {
+    const body: Partial<OAuthReqBody> = {
       redirect_uri: 'https://example.com/',
-      state: null,
+      state: undefined,
     };
 
     try {
-      await oauthController.authorize(body);
+      await oauthController.authorize(<OAuthReqBody>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -109,7 +115,7 @@ tap.test('authorize()', async (t) => {
     };
 
     try {
-      await oauthController.authorize(body);
+      await oauthController.authorize(<OAuthReqBody>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -135,7 +141,7 @@ tap.test('authorize()', async (t) => {
       };
 
       try {
-        await oauthController.authorize(body);
+        await oauthController.authorize(<OAuthReqBody>body);
 
         t.fail('Expecting JacksonError.');
       } catch (err) {
@@ -159,7 +165,7 @@ tap.test('authorize()', async (t) => {
       client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
     };
 
-    const response = await oauthController.authorize(body);
+    const response = await oauthController.authorize(<OAuthReqBody>body);
     const params = new URLSearchParams(new URL(response.redirect_url).search);
 
     t.ok('redirect_url' in response, 'got the Idp authorize URL');
@@ -179,7 +185,9 @@ tap.test('samlResponse()', async (t) => {
     client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
   };
 
-  const { redirect_url } = await oauthController.authorize(authBody);
+  const { redirect_url } = await oauthController.authorize(
+    <OAuthReqBody>authBody
+  );
 
   const relayState = new URLSearchParams(new URL(redirect_url).search).get(
     'RelayState'
@@ -191,12 +199,12 @@ tap.test('samlResponse()', async (t) => {
   );
 
   t.test('Should throw an error if `RelayState` is missing', async (t) => {
-    const responseBody = {
+    const responseBody: Partial<SAMLResponsePayload> = {
       SAMLResponse: rawResponse,
     };
 
     try {
-      await oauthController.samlResponse(responseBody);
+      await oauthController.samlResponse(<SAMLResponsePayload>responseBody);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -224,10 +232,13 @@ tap.test('samlResponse()', async (t) => {
       const stubValidateAsync = sinon
         .stub(saml, 'validateAsync')
         .resolves({ audience: '', claims: {}, issuer: '', sessionIndex: '' });
+
       //@ts-ignore
       const stubRandomBytes = sinon.stub(crypto, 'randomBytes').returns(code);
 
-      const response = await oauthController.samlResponse(responseBody);
+      const response = await oauthController.samlResponse(
+        <SAMLResponsePayload>responseBody
+      );
 
       const params = new URLSearchParams(new URL(response.redirect_url).search);
 
@@ -257,7 +268,7 @@ tap.test('token()', (t) => {
       };
 
       try {
-        await oauthController.token(body);
+        await oauthController.token(<OAuthTokenReq>body);
 
         t.fail('Expecting JacksonError.');
       } catch (err) {
@@ -280,7 +291,7 @@ tap.test('token()', (t) => {
     };
 
     try {
-      await oauthController.token(body);
+      await oauthController.token(<OAuthTokenReq>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -293,16 +304,15 @@ tap.test('token()', (t) => {
   });
 
   t.test('Should throw an error if `code` is invalid', async (t) => {
-    const body = {
+    const body: Partial<OAuthTokenReq> = {
       grant_type: 'authorization_code',
       client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
       client_secret: 'some-secret',
-      redirect_uri: null,
       code: 'invalid-code',
     };
 
     try {
-      await oauthController.token(body);
+      await oauthController.token(<OAuthTokenReq>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -315,11 +325,10 @@ tap.test('token()', (t) => {
   });
 
   t.test('Should return the `access_token` for a valid request', async (t) => {
-    const body = {
+    const body: Partial<OAuthTokenReq> = {
       grant_type: 'authorization_code',
       client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
       client_secret: 'some-secret',
-      redirect_uri: null,
       code: code,
     };
 
@@ -329,7 +338,7 @@ tap.test('token()', (t) => {
       //@ts-ignore
       .returns(token);
 
-    const response = await oauthController.token(body);
+    const response = await oauthController.token(<OAuthTokenReq>body);
 
     t.ok(stubRandomBytes.calledOnce, 'randomBytes called once');
     t.ok('access_token' in response, 'includes access_token');

package/src/typings.ts

@@ -51,7 +51,7 @@ declare module 'saml-jackson' {
     authorize(body: OAuthReqBody): Promise<{ redirect_url: string }>;
     samlResponse(body: SAMLResponsePayload): Promise<{ redirect_url: string }>;
     token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
-    userInfo(body: string): Promise<Profile>;
+    userInfo(token: string): Promise<Profile>;
   }
 
   export interface OAuthReqBody {
@@ -118,8 +118,8 @@ declare module 'saml-jackson' {
   }
 
   export interface Encrypted {
-    iv: string;
-    tag: string;
+    iv?: string;
+    tag?: string;
     value: string;
   }