@boxyhq/saml-jackson 0.2.3-beta.226 → 0.2.3-beta.231

package/.eslintrc.js

@@ -1,13 +1,18 @@
 module.exports = {
-    "env": {
-        "es2021": true,
-        "node": true
-    },
-    "extends": "eslint:recommended",
-    "parserOptions": {
-        "ecmaVersion": 13,
-        "sourceType": "module"
-    },
-    "rules": {
-    }
+  env: {
+    es2021: true,
+    node: true,
+  },
+  parserOptions: {
+    ecmaVersion: 13,
+    sourceType: 'module',
+  },
+  root: true,
+  parser: '@typescript-eslint/parser',
+  plugins: ['@typescript-eslint'],
+  extends: [
+    'eslint:recommended',
+    'plugin:@typescript-eslint/recommended',
+    'prettier',
+  ],
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.3-beta.226",
+  "version": "0.2.3-beta.231",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "dist/index.js",
@@ -57,8 +57,11 @@
     "@types/redis": "4.0.11",
     "@types/sinon": "10.0.6",
     "@types/tap": "15.0.5",
+    "@typescript-eslint/eslint-plugin": "^5.8.1",
+    "@typescript-eslint/parser": "^5.8.1",
     "cross-env": "7.0.3",
-    "eslint": "8.5.0",
+    "eslint": "^8.5.0",
+    "eslint-config-prettier": "^8.3.0",
     "husky": "7.0.4",
     "lint-staged": "12.1.4",
     "nodemon": "2.0.15",
@@ -66,7 +69,7 @@
     "sinon": "12.0.1",
     "tap": "15.1.5",
     "ts-node": "10.4.0",
-    "typescript": "4.5.4"
+    "typescript": "^4.5.4"
   },
   "lint-staged": {
     "*.{js,ts}": "eslint --cache --fix",

package/src/controller/api.ts

@@ -56,13 +56,13 @@ export class SAMLConfig implements ISAMLConfig {
 
     idpMetadata.provider = providerName ? providerName : 'Unknown';
 
-    let clientID = dbutils.keyDigest(
+    const clientID = dbutils.keyDigest(
       dbutils.keyFromParts(tenant, product, idpMetadata.entityID)
     );
 
     let clientSecret;
 
-    let exists = await this.configStore.get(clientID);
+    const exists = await this.configStore.get(clientID);
 
     if (exists) {
       clientSecret = exists.clientSecret;

package/src/controller/error.ts

@@ -2,7 +2,7 @@ export class JacksonError extends Error {
   public name: string;
   public statusCode: number;
 
-  constructor(message: string, statusCode: number = 500) {
+  constructor(message: string, statusCode = 500) {
     super(message);
 
     this.name = this.constructor.name;

package/src/controller/oauth.ts

@@ -66,7 +66,7 @@ export class OAuthController implements IOAuthController {
       product,
       code_challenge,
       code_challenge_method = '',
-      // eslint-disable-next-line no-unused-vars
+      // eslint-disable-next-line @typescript-eslint/no-unused-vars
       provider = 'saml',
     } = body;
 
@@ -134,7 +134,6 @@ export class OAuthController implements IOAuthController {
     }
 
     const samlReq = saml.request({
-      // @ts-ignore
       entityID: this.opts.samlAudience,
       callbackUrl: this.opts.externalUrl + this.opts.samlPath,
       signingKey: samlConfig.certs.privateKey,
@@ -190,8 +189,6 @@ export class OAuthController implements IOAuthController {
 
     const samlConfigs = await this.configStore.getByIndex({
       name: IndexNames.EntityID,
-
-      // @ts-ignore
       value: parsedResp?.issuer,
     });
 
@@ -214,7 +211,7 @@ export class OAuthController implements IOAuthController {
       }
     }
 
-    let validateOpts: any = {
+    const validateOpts: Record<string, string> = {
       thumbprint: samlConfig.idpMetadata.thumbprint,
       audience: this.opts.samlAudience,
     };
@@ -228,7 +225,7 @@ export class OAuthController implements IOAuthController {
     // store details against a code
     const code = crypto.randomBytes(20).toString('hex');
 
-    let codeVal: any = {
+    const codeVal: Record<string, unknown> = {
       profile,
       clientID: samlConfig.clientID,
       clientSecret: samlConfig.clientSecret,
@@ -248,7 +245,7 @@ export class OAuthController implements IOAuthController {
       throw new JacksonError('Redirect URL is not allowed.', 403);
     }
 
-    let params: any = {
+    const params: Record<string, string> = {
       code,
     };
 

package/src/db/db.ts

@@ -13,7 +13,7 @@ import redis from './redis';
 import sql from './sql/sql';
 import store from './store';
 
-const decrypt = (res: Encrypted, encryptionKey: EncryptionKey): any => {
+const decrypt = (res: Encrypted, encryptionKey: EncryptionKey): unknown => {
   if (res.iv && res.tag) {
     return JSON.parse(
       encrypter.decrypt(res.value, res.iv, res.tag, encryptionKey)
@@ -24,15 +24,15 @@ const decrypt = (res: Encrypted, encryptionKey: EncryptionKey): any => {
 };
 
 class DB implements DatabaseDriver {
-  private db: any;
+  private db: DatabaseDriver;
   private encryptionKey: EncryptionKey;
 
-  constructor(db: any, encryptionKey: EncryptionKey) {
+  constructor(db: DatabaseDriver, encryptionKey: EncryptionKey) {
     this.db = db;
     this.encryptionKey = encryptionKey;
   }
 
-  async get(namespace: string, key: string): Promise<any> {
+  async get(namespace: string, key: string): Promise<unknown> {
     const res = await this.db.get(namespace, key);
 
     if (!res) {
@@ -42,7 +42,7 @@ class DB implements DatabaseDriver {
     return decrypt(res, this.encryptionKey);
   }
 
-  async getByIndex(namespace: string, idx: Index): Promise<any> {
+  async getByIndex(namespace: string, idx: Index): Promise<unknown[]> {
     const res = await this.db.getByIndex(namespace, idx);
     const encryptionKey = this.encryptionKey;
     return res.map((r) => {
@@ -54,10 +54,10 @@ class DB implements DatabaseDriver {
   async put(
     namespace: string,
     key: string,
-    val: any,
-    ttl: number = 0,
-    ...indexes: any[]
-  ): Promise<any> {
+    val: unknown,
+    ttl = 0,
+    ...indexes: Index[]
+  ): Promise<unknown> {
     if (ttl > 0 && indexes && indexes.length > 0) {
       throw new Error('secondary indexes not allow on a store with ttl');
     }
@@ -69,11 +69,11 @@ class DB implements DatabaseDriver {
     return await this.db.put(namespace, key, dbVal, ttl, ...indexes);
   }
 
-  async delete(namespace: string, key: string): Promise<any> {
+  async delete(namespace: string, key: string): Promise<unknown> {
     return await this.db.delete(namespace, key);
   }
 
-  store(namespace: string, ttl: number = 0): Storable {
+  store(namespace: string, ttl = 0): Storable {
     return store.new(namespace, this, ttl);
   }
 }

package/src/db/mem.ts

@@ -43,7 +43,7 @@ class Mem implements DatabaseDriver {
   }
 
   async get(namespace: string, key: string): Promise<any> {
-    let res = this.store[dbutils.key(namespace, key)];
+    const res = this.store[dbutils.key(namespace, key)];
     if (res) {
       return res;
     }
@@ -66,7 +66,7 @@ class Mem implements DatabaseDriver {
     namespace: string,
     key: string,
     val: Encrypted,
-    ttl: number = 0,
+    ttl = 0,
     ...indexes: any[]
   ): Promise<any> {
     const k = dbutils.key(namespace, key);

package/src/db/mongo.ts

@@ -36,7 +36,7 @@ class Mongo implements DatabaseDriver {
   }
 
   async get(namespace: string, key: string): Promise<any> {
-    let res = await this.collection.findOne({
+    const res = await this.collection.findOne({
       _id: dbutils.key(namespace, key),
     });
     if (res && res.value) {
@@ -65,7 +65,7 @@ class Mongo implements DatabaseDriver {
     namespace: string,
     key: string,
     val: Encrypted,
-    ttl: number = 0,
+    ttl = 0,
     ...indexes: any[]
   ): Promise<void> {
     const doc = <Document>{

package/src/db/redis.ts

@@ -11,7 +11,7 @@ class Redis implements DatabaseDriver {
   }
 
   async init(): Promise<Redis> {
-    let opts = {};
+    const opts = {};
 
     if (this.options && this.options.url) {
       opts['socket'] = {
@@ -30,7 +30,7 @@ class Redis implements DatabaseDriver {
   }
 
   async get(namespace: string, key: string): Promise<any> {
-    let res = await this.client.get(dbutils.key(namespace, key));
+    const res = await this.client.get(dbutils.key(namespace, key));
     if (res) {
       return JSON.parse(res);
     }
@@ -55,7 +55,7 @@ class Redis implements DatabaseDriver {
     namespace: string,
     key: string,
     val: Encrypted,
-    ttl: number = 0,
+    ttl = 0,
     ...indexes: any[]
   ): Promise<void> {
     let tx = this.client.multi();

package/src/db/sql/entity/JacksonIndex.ts

@@ -21,7 +21,6 @@ export default new EntitySchema({
     },
   },
   relations: {
-    // TODO: Remove the below line to see the error
     // @ts-ignore
     store: {
       target: () => JacksonStore,

package/src/db/sql/sql.ts

@@ -5,20 +5,21 @@ require('reflect-metadata');
 import { DatabaseDriver, DatabaseOption, Index, Encrypted } from 'saml-jackson';
 import { Connection, createConnection } from 'typeorm';
 import * as dbutils from '../utils';
+import JacksonIndexEntity from './entity/JacksonIndex';
+import JacksonStoreEntity from './entity/JacksonStore';
+import {
+  JacksonTTL,
+  JacksonTTL as JacksonTTLEntity,
+} from './entity/JacksonTTL';
 import { JacksonIndex } from './model/JacksonIndex';
 import { JacksonStore } from './model/JacksonStore';
-import { JacksonTTL } from './entity/JacksonTTL';
-
-import JacksonStoreEntity from './entity/JacksonStore';
-import JacksonIndexEntity from './entity/JacksonIndex';
-import { JacksonTTL as JacksonTTLEntity } from './entity/JacksonTTL';
 
 class Sql implements DatabaseDriver {
   private options: DatabaseOption;
   private connection!: Connection;
-  private storeRepository; //!: typeorm.Repository<JacksonStore>;
-  private indexRepository; //!: typeorm.Repository<JacksonIndex>;
-  private ttlRepository; //!: typeorm.Repository<JacksonTTL>;
+  private storeRepository;
+  private indexRepository;
+  private ttlRepository;
   private ttlCleanup;
   private timerId;
 

package/src/db/store.ts

@@ -6,7 +6,7 @@ class Store implements Storable {
   private db: any;
   private ttl: number;
 
-  constructor(namespace: string, db: any, ttl: number = 0) {
+  constructor(namespace: string, db: any, ttl = 0) {
     this.namespace = namespace;
     this.db = db;
     this.ttl = ttl;
@@ -43,7 +43,7 @@ class Store implements Storable {
 }
 
 export default {
-  new: (namespace: string, db: any, ttl: number = 0): Storable => {
+  new: (namespace: string, db: any, ttl = 0): Storable => {
     return new Store(namespace, db, ttl);
   },
 };

package/src/env.ts

@@ -9,7 +9,7 @@ const internalHostPort = +(process.env.INTERNAL_HOST_PORT || '6000');
 
 const apiKeys = (process.env.JACKSON_API_KEYS || '').split(',');
 
-const samlAudience = process.env.SAML_AUDIENCE;
+const samlAudience = process.env.SAML_AUDIENCE || 'https://saml.boxyhq.com';
 const preLoadedConfig = process.env.PRE_LOADED_CONFIG;
 
 const idpEnabled = process.env.IDP_ENABLED;

package/src/index.ts

@@ -32,9 +32,12 @@ const defaultOpts = (opts: JacksonOption): JacksonOption => {
   return newOpts;
 };
 
-export default async function controllers(
+const controllers = async (
   opts: JacksonOption
-): Promise<{ apiController: SAMLConfig; oauthController: OAuthController }> {
+): Promise<{
+  apiController: SAMLConfig;
+  oauthController: OAuthController;
+}> => {
   opts = defaultOpts(opts);
 
   const db = await DB.new(opts.db);
@@ -76,4 +79,6 @@ export default async function controllers(
     apiController,
     oauthController,
   };
-}
+};
+
+export default controllers;

package/src/jackson.ts

@@ -1,12 +1,16 @@
 import cors from 'cors';
 import express from 'express';
+import { IOAuthController, ISAMLConfig } from 'saml-jackson';
 import { JacksonError } from './controller/error';
 import { extractAuthToken } from './controller/utils';
 import env from './env';
-import jackson from './index';
 
-let apiController;
-let oauthController;
+//import jackson from './index';
+
+const jackson = require('./index');
+
+let apiController: ISAMLConfig;
+let oauthController: IOAuthController;
 
 const oauthPath = '/oauth';
 const apiPath = '/api/v1/saml';
@@ -62,7 +66,7 @@ app.get(oauthPath + '/userinfo', async (req, res) => {
     }
 
     if (!token) {
-      res.status(401).json({ message: 'Unauthorized' });
+      return res.status(401).json({ message: 'Unauthorized' });
     }
 
     const profile = await oauthController.userInfo(token);
@@ -80,8 +84,6 @@ const server = app.listen(env.hostPort, async () => {
     `🚀 The path of the righteous server: http://${env.hostUrl}:${env.hostPort}`
   );
 
-  // TODO: Fix it
-  // @ts-ignore
   const ctrlrModule = await jackson(env);
 
   apiController = ctrlrModule.apiController;

package/src/saml/saml.ts

@@ -1,7 +1,7 @@
-const saml = require('@boxyhq/saml20');
-const xml2js = require('xml2js');
-const thumbprint = require('thumbprint');
-const xmlcrypto = require('xml-crypto');
+import saml from '@boxyhq/saml20';
+import xml2js from 'xml2js';
+import thumbprint from 'thumbprint';
+import xmlcrypto from 'xml-crypto';
 import * as rambda from 'rambda';
 import xmlbuilder from 'xmlbuilder';
 import crypto from 'crypto';
@@ -53,7 +53,8 @@ const request = ({
   const id = idPrefix + crypto.randomBytes(10).toString('hex');
   const date = new Date().toISOString();
 
-  let samlReq: Record<string, any> = {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const samlReq: Record<string, any> = {
     'samlp:AuthnRequest': {
       '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
       '@ID': id,
@@ -97,9 +98,7 @@ const request = ({
   };
 };
 
-const parseAsync = async (
-  rawAssertion: string
-): Promise<SAMLProfile | void> => {
+const parseAsync = async (rawAssertion: string): Promise<SAMLProfile> => {
   return new Promise((resolve, reject) => {
     saml.parse(
       rawAssertion,
@@ -118,7 +117,7 @@ const parseAsync = async (
 const validateAsync = async (
   rawAssertion: string,
   options
-): Promise<SAMLProfile | void> => {
+): Promise<SAMLProfile> => {
   return new Promise((resolve, reject) => {
     saml.validate(
       rawAssertion,

package/src/test/api.test.ts

@@ -144,7 +144,7 @@ tap.test('controller/api', async (t) => {
       t.equal(response.client_id, CLIENT_ID);
       t.equal(response.provider, PROVIDER);
 
-      let savedConf = await apiController.getConfig({
+      const savedConf = await apiController.getConfig({
         clientID: CLIENT_ID,
       });
 

package/src/test/oauth.test.ts

@@ -1,30 +1,36 @@
 import crypto from 'crypto';
 import { promises as fs } from 'fs';
 import path from 'path';
-import { JacksonOption } from 'saml-jackson';
+import {
+  IOAuthController,
+  ISAMLConfig,
+  JacksonOption,
+  OAuthReqBody,
+  OAuthTokenReq,
+  SAMLResponsePayload,
+} from 'saml-jackson';
 import sinon from 'sinon';
 import tap from 'tap';
 import { JacksonError } from '../controller/error';
 import readConfig from '../read-config';
 import saml from '../saml/saml';
 
-// TODO: Add type
-let apiController;
-let oauthController;
+let apiController: ISAMLConfig;
+let oauthController: IOAuthController;
 
 const code = '1234567890';
 const token = '24c1550190dd6a5a9bd6fe2a8ff69d593121c7b9';
 
 const metadataPath = path.join(__dirname, '/data/metadata');
 
-const options = {
+const options = <JacksonOption>{
   externalUrl: 'https://my-cool-app.com',
   samlAudience: 'https://saml.boxyhq.com',
   samlPath: '/sso/oauth/saml',
   db: {
     engine: 'mem',
   },
-} as JacksonOption;
+};
 
 const samlConfig = {
   tenant: 'boxyhq.com',
@@ -57,13 +63,13 @@ tap.teardown(async () => {
 
 tap.test('authorize()', async (t) => {
   t.test('Should throw an error if `redirect_uri` null', async (t) => {
-    const body = {
-      redirect_uri: null,
+    const body: Partial<OAuthReqBody> = {
+      redirect_uri: undefined,
       state: 'state',
     };
 
     try {
-      await oauthController.authorize(body);
+      await oauthController.authorize(<OAuthReqBody>body);
       t.fail('Expecting JacksonError.');
     } catch (err) {
       const { message, statusCode } = err as JacksonError;
@@ -79,13 +85,13 @@ tap.test('authorize()', async (t) => {
   });
 
   t.test('Should throw an error if `state` null', async (t) => {
-    const body = {
+    const body: Partial<OAuthReqBody> = {
       redirect_uri: 'https://example.com/',
-      state: null,
+      state: undefined,
     };
 
     try {
-      await oauthController.authorize(body);
+      await oauthController.authorize(<OAuthReqBody>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -109,7 +115,7 @@ tap.test('authorize()', async (t) => {
     };
 
     try {
-      await oauthController.authorize(body);
+      await oauthController.authorize(<OAuthReqBody>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -135,7 +141,7 @@ tap.test('authorize()', async (t) => {
       };
 
       try {
-        await oauthController.authorize(body);
+        await oauthController.authorize(<OAuthReqBody>body);
 
         t.fail('Expecting JacksonError.');
       } catch (err) {
@@ -159,7 +165,7 @@ tap.test('authorize()', async (t) => {
       client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
     };
 
-    const response = await oauthController.authorize(body);
+    const response = await oauthController.authorize(<OAuthReqBody>body);
     const params = new URLSearchParams(new URL(response.redirect_url).search);
 
     t.ok('redirect_url' in response, 'got the Idp authorize URL');
@@ -179,7 +185,9 @@ tap.test('samlResponse()', async (t) => {
     client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
   };
 
-  const { redirect_url } = await oauthController.authorize(authBody);
+  const { redirect_url } = await oauthController.authorize(
+    <OAuthReqBody>authBody
+  );
 
   const relayState = new URLSearchParams(new URL(redirect_url).search).get(
     'RelayState'
@@ -191,12 +199,12 @@ tap.test('samlResponse()', async (t) => {
   );
 
   t.test('Should throw an error if `RelayState` is missing', async (t) => {
-    const responseBody = {
+    const responseBody: Partial<SAMLResponsePayload> = {
       SAMLResponse: rawResponse,
     };
 
     try {
-      await oauthController.samlResponse(responseBody);
+      await oauthController.samlResponse(<SAMLResponsePayload>responseBody);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -224,10 +232,13 @@ tap.test('samlResponse()', async (t) => {
       const stubValidateAsync = sinon
         .stub(saml, 'validateAsync')
         .resolves({ audience: '', claims: {}, issuer: '', sessionIndex: '' });
+
       //@ts-ignore
       const stubRandomBytes = sinon.stub(crypto, 'randomBytes').returns(code);
 
-      const response = await oauthController.samlResponse(responseBody);
+      const response = await oauthController.samlResponse(
+        <SAMLResponsePayload>responseBody
+      );
 
       const params = new URLSearchParams(new URL(response.redirect_url).search);
 
@@ -257,7 +268,7 @@ tap.test('token()', (t) => {
       };
 
       try {
-        await oauthController.token(body);
+        await oauthController.token(<OAuthTokenReq>body);
 
         t.fail('Expecting JacksonError.');
       } catch (err) {
@@ -280,7 +291,7 @@ tap.test('token()', (t) => {
     };
 
     try {
-      await oauthController.token(body);
+      await oauthController.token(<OAuthTokenReq>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -293,16 +304,15 @@ tap.test('token()', (t) => {
   });
 
   t.test('Should throw an error if `code` is invalid', async (t) => {
-    const body = {
+    const body: Partial<OAuthTokenReq> = {
       grant_type: 'authorization_code',
       client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
       client_secret: 'some-secret',
-      redirect_uri: null,
       code: 'invalid-code',
     };
 
     try {
-      await oauthController.token(body);
+      await oauthController.token(<OAuthTokenReq>body);
 
       t.fail('Expecting JacksonError.');
     } catch (err) {
@@ -315,11 +325,10 @@ tap.test('token()', (t) => {
   });
 
   t.test('Should return the `access_token` for a valid request', async (t) => {
-    const body = {
+    const body: Partial<OAuthTokenReq> = {
       grant_type: 'authorization_code',
       client_id: `tenant=${samlConfig.tenant}&product=${samlConfig.product}`,
       client_secret: 'some-secret',
-      redirect_uri: null,
       code: code,
     };
 
@@ -329,7 +338,7 @@ tap.test('token()', (t) => {
       //@ts-ignore
       .returns(token);
 
-    const response = await oauthController.token(body);
+    const response = await oauthController.token(<OAuthTokenReq>body);
 
     t.ok(stubRandomBytes.calledOnce, 'randomBytes called once');
     t.ok('access_token' in response, 'includes access_token');

package/src/typings.ts

@@ -51,7 +51,7 @@ declare module 'saml-jackson' {
     authorize(body: OAuthReqBody): Promise<{ redirect_url: string }>;
     samlResponse(body: SAMLResponsePayload): Promise<{ redirect_url: string }>;
     token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
-    userInfo(body: string): Promise<Profile>;
+    userInfo(token: string): Promise<Profile>;
   }
 
   export interface OAuthReqBody {
@@ -104,7 +104,7 @@ declare module 'saml-jackson' {
       key: string,
       val: any,
       ttl: number,
-      indexes: Index[]
+      ...indexes: Index[]
     ): Promise<any>;
     delete(namespace: string, key: string): Promise<any>;
     getByIndex(namespace: string, idx: Index): Promise<any>;
@@ -159,7 +159,7 @@ declare module 'saml-jackson' {
   export interface JacksonOption {
     externalUrl: string;
     samlPath: string;
-    samlAudience?: string;
+    samlAudience: string;
     preLoadedConfig?: string;
     idpEnabled?: boolean;
     db: DatabaseOption;