@boxyhq/saml-jackson 1.1.4 → 1.2.0

package/dist/index.js

@@ -27,15 +27,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.controllers = void 0;
+const db_1 = __importDefault(require("./db/db"));
+const defaultDb_1 = __importDefault(require("./db/defaultDb"));
+const read_config_1 = __importDefault(require("./read-config"));
 const admin_1 = require("./controller/admin");
 const api_1 = require("./controller/api");
 const oauth_1 = require("./controller/oauth");
 const health_check_1 = require("./controller/health-check");
 const logout_1 = require("./controller/logout");
+const directory_sync_1 = __importDefault(require("./directory-sync"));
 const oidc_discovery_1 = require("./controller/oidc-discovery");
-const db_1 = __importDefault(require("./db/db"));
-const defaultDb_1 = __importDefault(require("./db/defaultDb"));
-const read_config_1 = __importDefault(require("./read-config"));
+const sp_config_1 = require("./controller/sp-config");
 const defaultOpts = (opts) => {
     const newOpts = Object.assign({}, opts);
     if (!newOpts.externalUrl) {
@@ -44,6 +46,7 @@ const defaultOpts = (opts) => {
     if (!newOpts.samlPath) {
         throw new Error('samlPath is required');
     }
+    newOpts.scimPath = newOpts.scimPath || '/api/scim/v2.0';
     newOpts.samlAudience = newOpts.samlAudience || 'https://saml.boxyhq.com';
     newOpts.preLoadedConfig = newOpts.preLoadedConfig || ''; // path to folder containing static SAML config that will be preloaded. This is useful for self-hosted deployments that only have to support a single tenant (or small number of known tenants).
     newOpts.idpEnabled = newOpts.idpEnabled === true;
@@ -78,7 +81,9 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
         sessionStore,
         opts,
     });
+    const directorySync = yield (0, directory_sync_1.default)({ db, opts });
     const oidcDiscoveryController = new oidc_discovery_1.OidcDiscoveryController({ opts });
+    const spConfig = new sp_config_1.SPSAMLConfig(opts);
     // write pre-loaded config if present
     if (opts.preLoadedConfig && opts.preLoadedConfig.length > 0) {
         const configs = yield (0, read_config_1.default)(opts.preLoadedConfig);
@@ -90,11 +95,13 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
     const type = opts.db.engine === 'sql' && opts.db.type ? ' Type: ' + opts.db.type : '';
     console.log(`Using engine: ${opts.db.engine}.${type}`);
     return {
+        spConfig,
         apiController,
         oauthController,
         adminController,
         logoutController,
         healthCheckController,
+        directorySync,
         oidcDiscoveryController,
     };
 });

package/dist/typings.d.ts

@@ -4,8 +4,8 @@ export declare type IdPConfig = {
     redirectUrl: string[] | string;
     tenant: string;
     product: string;
-    name: string;
-    description: string;
+    name?: string;
+    description?: string;
     rawMetadata?: string;
     encodedRawMetadata?: string;
 };
@@ -45,6 +45,13 @@ export interface IHealthCheckController {
     }>;
     init(): Promise<void>;
 }
+export interface ILogoutController {
+    createRequest(body: SLORequestParams): Promise<{
+        logoutUrl: string | null;
+        logoutForm: string | null;
+    }>;
+    handleResponse(body: SAMLResponsePayload): Promise<any>;
+}
 export interface IOidcDiscoveryController {
     openidConfig(): {
         issuer: string;
@@ -89,6 +96,7 @@ export interface OAuthTokenReq {
     code_verifier: string;
     code: string;
     grant_type: 'authorization_code';
+    redirect_uri?: string;
 }
 export interface OAuthTokenRes {
     access_token: string;
@@ -122,6 +130,9 @@ export interface Storable {
     delete(key: string): Promise<any>;
     getByIndex(idx: Index): Promise<any>;
 }
+export interface DatabaseStore {
+    store(namespace: string): Storable;
+}
 export interface Encrypted {
     iv?: string;
     tag?: string;
@@ -149,6 +160,7 @@ export interface JacksonOption {
     db: DatabaseOption;
     clientSecretVerifier?: string;
     idpDiscoveryPath?: string;
+    scimPath?: string;
     openid: {
         jwsAlg?: string;
         jwtSigningKeys?: {
@@ -185,17 +197,286 @@ export interface SAMLConfig {
     };
     defaultRedirectUrl: string;
 }
-export interface ILogoutController {
-    createRequest(body: SLORequestParams): Promise<{
-        logoutUrl: string | null;
-        logoutForm: string | null;
-    }>;
-    handleResponse(body: SAMLResponsePayload): Promise<any>;
-}
 export interface OAuthErrorHandlerParams {
     error: 'invalid_request' | 'access_denied' | 'unauthorized_client' | 'unsupported_response_type' | 'invalid_scope' | 'server_error' | 'temporarily_unavailable';
     error_description: string;
     redirect_uri: string;
     state?: string;
 }
+export interface ISPSAMLConfig {
+    get(): {
+        acsUrl: string;
+        entityId: string;
+        response: string;
+        assertionSignature: string;
+        signatureAlgorithm: string;
+        assertionEncryption: string;
+    };
+    toMarkdown(): string;
+    toHTML(): string;
+}
+export declare type DirectorySyncEventType = 'user.created' | 'user.updated' | 'user.deleted' | 'group.created' | 'group.updated' | 'group.deleted' | 'group.user_added' | 'group.user_removed';
+export interface Base {
+    store(type: 'groups' | 'members' | 'users'): Storable;
+    setTenant(tenant: string): this;
+    setProduct(product: string): this;
+    setTenantAndProduct(tenant: string, product: string): this;
+    with(tenant: string, product: string): this;
+    createId(): string;
+}
+export interface Users extends Base {
+    list({ pageOffset, pageLimit, }: {
+        pageOffset?: number;
+        pageLimit?: number;
+    }): Promise<{
+        data: User[] | null;
+        error: ApiError | null;
+    }>;
+    get(id: string): Promise<{
+        data: User | null;
+        error: ApiError | null;
+    }>;
+    search(userName: string): Promise<{
+        data: User[] | null;
+        error: ApiError | null;
+    }>;
+    delete(id: string): Promise<{
+        data: null;
+        error: ApiError | null;
+    }>;
+    clear(): Promise<void>;
+    create(param: {
+        first_name: string;
+        last_name: string;
+        email: string;
+        active: boolean;
+        raw: any;
+    }): Promise<{
+        data: User | null;
+        error: ApiError | null;
+    }>;
+    update(id: string, param: {
+        first_name: string;
+        last_name: string;
+        email: string;
+        active: boolean;
+        raw: object;
+    }): Promise<{
+        data: User | null;
+        error: ApiError | null;
+    }>;
+}
+export interface Groups extends Base {
+    create(param: {
+        name: string;
+        raw: any;
+    }): Promise<{
+        data: Group | null;
+        error: ApiError | null;
+    }>;
+    removeAllUsers(groupId: string): Promise<void>;
+    list({ pageOffset, pageLimit, }: {
+        pageOffset?: number;
+        pageLimit?: number;
+    }): Promise<{
+        data: Group[] | null;
+        error: ApiError | null;
+    }>;
+    get(id: string): Promise<{
+        data: Group | null;
+        error: ApiError | null;
+    }>;
+    getAllUsers(groupId: string): Promise<{
+        user_id: string;
+    }[]>;
+    delete(id: string): Promise<{
+        data: null;
+        error: ApiError | null;
+    }>;
+    addUserToGroup(groupId: string, userId: string): Promise<void>;
+    isUserInGroup(groupId: string, userId: string): Promise<boolean>;
+    removeUserFromGroup(groupId: string, userId: string): Promise<void>;
+    search(displayName: string): Promise<{
+        data: Group[] | null;
+        error: ApiError | null;
+    }>;
+    update(id: string, param: {
+        name: string;
+        raw: any;
+    }): Promise<{
+        data: Group | null;
+        error: ApiError | null;
+    }>;
+}
+export declare type User = {
+    id: string;
+    email: string;
+    first_name: string;
+    last_name: string;
+    active: boolean;
+    raw?: any;
+};
+export declare type Group = {
+    id: string;
+    name: string;
+    raw?: any;
+};
+export declare enum DirectorySyncProviders {
+    'azure-scim-v2' = "Azure SCIM v2.0",
+    'onelogin-scim-v2' = "OneLogin SCIM v2.0",
+    'okta-scim-v2' = "Okta SCIM v2.0",
+    'jumpcloud-scim-v2' = "JumpCloud v2.0",
+    'generic-scim-v2' = "SCIM Generic v2.0"
+}
+export declare type DirectoryType = keyof typeof DirectorySyncProviders;
+export declare type HTTPMethod = 'POST' | 'PUT' | 'DELETE' | 'GET' | 'PATCH';
+export declare type Directory = {
+    id: string;
+    name: string;
+    tenant: string;
+    product: string;
+    type: DirectoryType;
+    log_webhook_events: boolean;
+    scim: {
+        path: string;
+        endpoint?: string;
+        secret: string;
+    };
+    webhook: {
+        endpoint: string;
+        secret: string;
+    };
+};
+export declare type DirectorySyncGroupMember = {
+    value: string;
+    email?: string;
+};
+export interface DirectoryConfig {
+    create({ name, tenant, product, webhook_url, webhook_secret, type, }: {
+        name?: string;
+        tenant: string;
+        product: string;
+        webhook_url?: string;
+        webhook_secret?: string;
+        type?: DirectoryType;
+    }): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    update(id: string, param: Omit<Partial<Directory>, 'id' | 'tenant' | 'prodct' | 'scim'>): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    get(id: string): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    getByTenantAndProduct(tenant: string, product: string): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    list({ pageOffset, pageLimit, }: {
+        pageOffset?: number;
+        pageLimit?: number;
+    }): Promise<{
+        data: Directory[] | null;
+        error: ApiError | null;
+    }>;
+    delete(id: string): Promise<void>;
+}
+export interface IDirectoryUsers {
+    create(directory: Directory, body: any): Promise<DirectorySyncResponse>;
+    get(user: User): Promise<DirectorySyncResponse>;
+    update(directory: Directory, user: User, body: any): Promise<DirectorySyncResponse>;
+    patch(directory: Directory, user: User, body: any): Promise<DirectorySyncResponse>;
+    delete(directory: Directory, user: User, active: boolean): Promise<DirectorySyncResponse>;
+    getAll(queryParams: {
+        count: number;
+        startIndex: number;
+        filter?: string;
+    }): Promise<DirectorySyncResponse>;
+    handleRequest(request: DirectorySyncRequest, eventCallback?: EventCallback): Promise<DirectorySyncResponse>;
+}
+export interface IDirectoryGroups {
+    create(directory: Directory, body: any): Promise<DirectorySyncResponse>;
+    get(group: Group): Promise<DirectorySyncResponse>;
+    updateDisplayName(directory: Directory, group: Group, body: any): Promise<Group>;
+    delete(directory: Directory, group: Group): Promise<DirectorySyncResponse>;
+    getAll(queryParams: {
+        filter?: string;
+    }): Promise<DirectorySyncResponse>;
+    addGroupMembers(directory: Directory, group: Group, members: DirectorySyncGroupMember[] | undefined, sendWebhookEvent: boolean): Promise<void>;
+    removeGroupMembers(directory: Directory, group: Group, members: DirectorySyncGroupMember[], sendWebhookEvent: boolean): Promise<void>;
+    addOrRemoveGroupMembers(directory: Directory, group: Group, members: DirectorySyncGroupMember[]): Promise<void>;
+    update(directory: Directory, group: Group, body: any): Promise<DirectorySyncResponse>;
+    patch(directory: Directory, group: Group, body: any): Promise<DirectorySyncResponse>;
+    handleRequest(request: DirectorySyncRequest, eventCallback?: EventCallback): Promise<DirectorySyncResponse>;
+}
+export interface IWebhookEventsLogger extends Base {
+    log(directory: Directory, event: DirectorySyncEvent): Promise<WebhookEventLog>;
+    getAll(): Promise<WebhookEventLog[]>;
+    get(id: string): Promise<WebhookEventLog>;
+    clear(): Promise<void>;
+    delete(id: string): Promise<void>;
+    updateStatus(log: WebhookEventLog, statusCode: number): Promise<WebhookEventLog>;
+}
+export declare type DirectorySyncResponse = {
+    status: number;
+    data?: any;
+};
+export interface DirectorySyncRequestHandler {
+    handle(request: DirectorySyncRequest, callback?: EventCallback): Promise<DirectorySyncResponse>;
+}
+export interface Events {
+    handle(event: DirectorySyncEvent): Promise<void>;
+}
+export interface DirectorySyncRequest {
+    method: HTTPMethod;
+    body: any | undefined;
+    directoryId: Directory['id'];
+    resourceType: 'users' | 'groups';
+    resourceId: string | undefined;
+    apiSecret: string | null;
+    query: {
+        count?: number;
+        startIndex?: number;
+        filter?: string;
+    };
+}
+export declare type DirectorySync = {
+    requests: DirectorySyncRequestHandler;
+    directories: DirectoryConfig;
+    groups: Groups;
+    users: Users;
+    events: {
+        callback: EventCallback;
+    };
+    webhookLogs: IWebhookEventsLogger;
+    providers: () => {
+        [K in string]: string;
+    };
+};
+export interface ApiError {
+    message: string;
+    code: number;
+}
+export interface DirectorySyncEvent {
+    directory_id: Directory['id'];
+    event: DirectorySyncEventType;
+    data: User | Group | (User & {
+        group: Group;
+    });
+    tenant: string;
+    product: string;
+}
+export interface EventCallback {
+    (event: DirectorySyncEvent): Promise<void>;
+}
+export interface WebhookEventLog extends DirectorySyncEvent {
+    id: string;
+    webhook_endpoint: string;
+    created_at: Date;
+    status_code?: number;
+    delivered?: boolean;
+}
 export {};

package/dist/typings.js

@@ -1,2 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.DirectorySyncProviders = void 0;
+var DirectorySyncProviders;
+(function (DirectorySyncProviders) {
+    DirectorySyncProviders["azure-scim-v2"] = "Azure SCIM v2.0";
+    DirectorySyncProviders["onelogin-scim-v2"] = "OneLogin SCIM v2.0";
+    DirectorySyncProviders["okta-scim-v2"] = "Okta SCIM v2.0";
+    DirectorySyncProviders["jumpcloud-scim-v2"] = "JumpCloud v2.0";
+    DirectorySyncProviders["generic-scim-v2"] = "SCIM Generic v2.0";
+})(DirectorySyncProviders = exports.DirectorySyncProviders || (exports.DirectorySyncProviders = {}));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "1.1.4",
+  "version": "1.2.0",
   "description": "SAML Jackson library",
   "keywords": [
     "SAML 2.0"
@@ -39,36 +39,39 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "1.0.6",
-    "@opentelemetry/api-metrics": "0.27.0",
     "@opentelemetry/api": "1.0.4",
+    "@opentelemetry/api-metrics": "0.27.0",
     "@peculiar/webcrypto": "1.4.0",
-    "@peculiar/x509": "1.8.1",
-    "jose": "4.8.3",
-    "mongodb": "4.8.1",
+    "axios": "^0.27.2",
+    "@peculiar/x509": "1.8.3",
+    "jose": "4.9.2",
+    "marked": "4.1.0",
+    "mongodb": "4.9.1",
     "mysql2": "2.3.3",
-    "pg": "8.7.3",
-    "redis": "4.0.6",
+    "pg": "8.8.0",
+    "redis": "4.3.1",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
-    "typeorm": "0.3.7",
+    "typeorm": "0.3.9",
     "xml2js": "0.4.23",
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
-    "@types/node": "18.6.3",
+    "@faker-js/faker": "7.2.0",
+    "@types/node": "18.7.16",
     "@types/sinon": "10.0.13",
     "@types/tap": "15.0.7",
-    "@typescript-eslint/eslint-plugin": "5.31.0",
-    "@typescript-eslint/parser": "5.31.0",
+    "@typescript-eslint/eslint-plugin": "5.36.2",
+    "@typescript-eslint/parser": "5.36.2",
     "cross-env": "7.0.3",
-    "eslint": "8.21.0",
+    "eslint": "8.23.0",
     "eslint-config-prettier": "8.5.0",
     "prettier": "2.7.1",
     "sinon": "14.0.0",
     "tap": "16.3.0",
     "ts-node": "10.9.1",
-    "tsconfig-paths": "4.0.0",
-    "typescript": "4.7.4"
+    "tsconfig-paths": "4.1.0",
+    "typescript": "4.8.2"
   },
   "engines": {
     "node": ">=14.18.1 <=16.x"