@boxyhq/saml-jackson 1.1.6 → 1.2.0

package/dist/index.js

@@ -27,16 +27,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.controllers = void 0;
+const db_1 = __importDefault(require("./db/db"));
+const defaultDb_1 = __importDefault(require("./db/defaultDb"));
+const read_config_1 = __importDefault(require("./read-config"));
 const admin_1 = require("./controller/admin");
 const api_1 = require("./controller/api");
 const oauth_1 = require("./controller/oauth");
 const health_check_1 = require("./controller/health-check");
 const logout_1 = require("./controller/logout");
+const directory_sync_1 = __importDefault(require("./directory-sync"));
 const oidc_discovery_1 = require("./controller/oidc-discovery");
 const sp_config_1 = require("./controller/sp-config");
-const db_1 = __importDefault(require("./db/db"));
-const defaultDb_1 = __importDefault(require("./db/defaultDb"));
-const read_config_1 = __importDefault(require("./read-config"));
 const defaultOpts = (opts) => {
     const newOpts = Object.assign({}, opts);
     if (!newOpts.externalUrl) {
@@ -45,6 +46,7 @@ const defaultOpts = (opts) => {
     if (!newOpts.samlPath) {
         throw new Error('samlPath is required');
     }
+    newOpts.scimPath = newOpts.scimPath || '/api/scim/v2.0';
     newOpts.samlAudience = newOpts.samlAudience || 'https://saml.boxyhq.com';
     newOpts.preLoadedConfig = newOpts.preLoadedConfig || ''; // path to folder containing static SAML config that will be preloaded. This is useful for self-hosted deployments that only have to support a single tenant (or small number of known tenants).
     newOpts.idpEnabled = newOpts.idpEnabled === true;
@@ -79,6 +81,7 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
         sessionStore,
         opts,
     });
+    const directorySync = yield (0, directory_sync_1.default)({ db, opts });
     const oidcDiscoveryController = new oidc_discovery_1.OidcDiscoveryController({ opts });
     const spConfig = new sp_config_1.SPSAMLConfig(opts);
     // write pre-loaded config if present
@@ -98,6 +101,7 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
         adminController,
         logoutController,
         healthCheckController,
+        directorySync,
         oidcDiscoveryController,
     };
 });

package/dist/typings.d.ts

@@ -45,6 +45,13 @@ export interface IHealthCheckController {
     }>;
     init(): Promise<void>;
 }
+export interface ILogoutController {
+    createRequest(body: SLORequestParams): Promise<{
+        logoutUrl: string | null;
+        logoutForm: string | null;
+    }>;
+    handleResponse(body: SAMLResponsePayload): Promise<any>;
+}
 export interface IOidcDiscoveryController {
     openidConfig(): {
         issuer: string;
@@ -123,6 +130,9 @@ export interface Storable {
     delete(key: string): Promise<any>;
     getByIndex(idx: Index): Promise<any>;
 }
+export interface DatabaseStore {
+    store(namespace: string): Storable;
+}
 export interface Encrypted {
     iv?: string;
     tag?: string;
@@ -150,6 +160,7 @@ export interface JacksonOption {
     db: DatabaseOption;
     clientSecretVerifier?: string;
     idpDiscoveryPath?: string;
+    scimPath?: string;
     openid: {
         jwsAlg?: string;
         jwtSigningKeys?: {
@@ -186,13 +197,6 @@ export interface SAMLConfig {
     };
     defaultRedirectUrl: string;
 }
-export interface ILogoutController {
-    createRequest(body: SLORequestParams): Promise<{
-        logoutUrl: string | null;
-        logoutForm: string | null;
-    }>;
-    handleResponse(body: SAMLResponsePayload): Promise<any>;
-}
 export interface OAuthErrorHandlerParams {
     error: 'invalid_request' | 'access_denied' | 'unauthorized_client' | 'unsupported_response_type' | 'invalid_scope' | 'server_error' | 'temporarily_unavailable';
     error_description: string;
@@ -211,4 +215,268 @@ export interface ISPSAMLConfig {
     toMarkdown(): string;
     toHTML(): string;
 }
+export declare type DirectorySyncEventType = 'user.created' | 'user.updated' | 'user.deleted' | 'group.created' | 'group.updated' | 'group.deleted' | 'group.user_added' | 'group.user_removed';
+export interface Base {
+    store(type: 'groups' | 'members' | 'users'): Storable;
+    setTenant(tenant: string): this;
+    setProduct(product: string): this;
+    setTenantAndProduct(tenant: string, product: string): this;
+    with(tenant: string, product: string): this;
+    createId(): string;
+}
+export interface Users extends Base {
+    list({ pageOffset, pageLimit, }: {
+        pageOffset?: number;
+        pageLimit?: number;
+    }): Promise<{
+        data: User[] | null;
+        error: ApiError | null;
+    }>;
+    get(id: string): Promise<{
+        data: User | null;
+        error: ApiError | null;
+    }>;
+    search(userName: string): Promise<{
+        data: User[] | null;
+        error: ApiError | null;
+    }>;
+    delete(id: string): Promise<{
+        data: null;
+        error: ApiError | null;
+    }>;
+    clear(): Promise<void>;
+    create(param: {
+        first_name: string;
+        last_name: string;
+        email: string;
+        active: boolean;
+        raw: any;
+    }): Promise<{
+        data: User | null;
+        error: ApiError | null;
+    }>;
+    update(id: string, param: {
+        first_name: string;
+        last_name: string;
+        email: string;
+        active: boolean;
+        raw: object;
+    }): Promise<{
+        data: User | null;
+        error: ApiError | null;
+    }>;
+}
+export interface Groups extends Base {
+    create(param: {
+        name: string;
+        raw: any;
+    }): Promise<{
+        data: Group | null;
+        error: ApiError | null;
+    }>;
+    removeAllUsers(groupId: string): Promise<void>;
+    list({ pageOffset, pageLimit, }: {
+        pageOffset?: number;
+        pageLimit?: number;
+    }): Promise<{
+        data: Group[] | null;
+        error: ApiError | null;
+    }>;
+    get(id: string): Promise<{
+        data: Group | null;
+        error: ApiError | null;
+    }>;
+    getAllUsers(groupId: string): Promise<{
+        user_id: string;
+    }[]>;
+    delete(id: string): Promise<{
+        data: null;
+        error: ApiError | null;
+    }>;
+    addUserToGroup(groupId: string, userId: string): Promise<void>;
+    isUserInGroup(groupId: string, userId: string): Promise<boolean>;
+    removeUserFromGroup(groupId: string, userId: string): Promise<void>;
+    search(displayName: string): Promise<{
+        data: Group[] | null;
+        error: ApiError | null;
+    }>;
+    update(id: string, param: {
+        name: string;
+        raw: any;
+    }): Promise<{
+        data: Group | null;
+        error: ApiError | null;
+    }>;
+}
+export declare type User = {
+    id: string;
+    email: string;
+    first_name: string;
+    last_name: string;
+    active: boolean;
+    raw?: any;
+};
+export declare type Group = {
+    id: string;
+    name: string;
+    raw?: any;
+};
+export declare enum DirectorySyncProviders {
+    'azure-scim-v2' = "Azure SCIM v2.0",
+    'onelogin-scim-v2' = "OneLogin SCIM v2.0",
+    'okta-scim-v2' = "Okta SCIM v2.0",
+    'jumpcloud-scim-v2' = "JumpCloud v2.0",
+    'generic-scim-v2' = "SCIM Generic v2.0"
+}
+export declare type DirectoryType = keyof typeof DirectorySyncProviders;
+export declare type HTTPMethod = 'POST' | 'PUT' | 'DELETE' | 'GET' | 'PATCH';
+export declare type Directory = {
+    id: string;
+    name: string;
+    tenant: string;
+    product: string;
+    type: DirectoryType;
+    log_webhook_events: boolean;
+    scim: {
+        path: string;
+        endpoint?: string;
+        secret: string;
+    };
+    webhook: {
+        endpoint: string;
+        secret: string;
+    };
+};
+export declare type DirectorySyncGroupMember = {
+    value: string;
+    email?: string;
+};
+export interface DirectoryConfig {
+    create({ name, tenant, product, webhook_url, webhook_secret, type, }: {
+        name?: string;
+        tenant: string;
+        product: string;
+        webhook_url?: string;
+        webhook_secret?: string;
+        type?: DirectoryType;
+    }): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    update(id: string, param: Omit<Partial<Directory>, 'id' | 'tenant' | 'prodct' | 'scim'>): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    get(id: string): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    getByTenantAndProduct(tenant: string, product: string): Promise<{
+        data: Directory | null;
+        error: ApiError | null;
+    }>;
+    list({ pageOffset, pageLimit, }: {
+        pageOffset?: number;
+        pageLimit?: number;
+    }): Promise<{
+        data: Directory[] | null;
+        error: ApiError | null;
+    }>;
+    delete(id: string): Promise<void>;
+}
+export interface IDirectoryUsers {
+    create(directory: Directory, body: any): Promise<DirectorySyncResponse>;
+    get(user: User): Promise<DirectorySyncResponse>;
+    update(directory: Directory, user: User, body: any): Promise<DirectorySyncResponse>;
+    patch(directory: Directory, user: User, body: any): Promise<DirectorySyncResponse>;
+    delete(directory: Directory, user: User, active: boolean): Promise<DirectorySyncResponse>;
+    getAll(queryParams: {
+        count: number;
+        startIndex: number;
+        filter?: string;
+    }): Promise<DirectorySyncResponse>;
+    handleRequest(request: DirectorySyncRequest, eventCallback?: EventCallback): Promise<DirectorySyncResponse>;
+}
+export interface IDirectoryGroups {
+    create(directory: Directory, body: any): Promise<DirectorySyncResponse>;
+    get(group: Group): Promise<DirectorySyncResponse>;
+    updateDisplayName(directory: Directory, group: Group, body: any): Promise<Group>;
+    delete(directory: Directory, group: Group): Promise<DirectorySyncResponse>;
+    getAll(queryParams: {
+        filter?: string;
+    }): Promise<DirectorySyncResponse>;
+    addGroupMembers(directory: Directory, group: Group, members: DirectorySyncGroupMember[] | undefined, sendWebhookEvent: boolean): Promise<void>;
+    removeGroupMembers(directory: Directory, group: Group, members: DirectorySyncGroupMember[], sendWebhookEvent: boolean): Promise<void>;
+    addOrRemoveGroupMembers(directory: Directory, group: Group, members: DirectorySyncGroupMember[]): Promise<void>;
+    update(directory: Directory, group: Group, body: any): Promise<DirectorySyncResponse>;
+    patch(directory: Directory, group: Group, body: any): Promise<DirectorySyncResponse>;
+    handleRequest(request: DirectorySyncRequest, eventCallback?: EventCallback): Promise<DirectorySyncResponse>;
+}
+export interface IWebhookEventsLogger extends Base {
+    log(directory: Directory, event: DirectorySyncEvent): Promise<WebhookEventLog>;
+    getAll(): Promise<WebhookEventLog[]>;
+    get(id: string): Promise<WebhookEventLog>;
+    clear(): Promise<void>;
+    delete(id: string): Promise<void>;
+    updateStatus(log: WebhookEventLog, statusCode: number): Promise<WebhookEventLog>;
+}
+export declare type DirectorySyncResponse = {
+    status: number;
+    data?: any;
+};
+export interface DirectorySyncRequestHandler {
+    handle(request: DirectorySyncRequest, callback?: EventCallback): Promise<DirectorySyncResponse>;
+}
+export interface Events {
+    handle(event: DirectorySyncEvent): Promise<void>;
+}
+export interface DirectorySyncRequest {
+    method: HTTPMethod;
+    body: any | undefined;
+    directoryId: Directory['id'];
+    resourceType: 'users' | 'groups';
+    resourceId: string | undefined;
+    apiSecret: string | null;
+    query: {
+        count?: number;
+        startIndex?: number;
+        filter?: string;
+    };
+}
+export declare type DirectorySync = {
+    requests: DirectorySyncRequestHandler;
+    directories: DirectoryConfig;
+    groups: Groups;
+    users: Users;
+    events: {
+        callback: EventCallback;
+    };
+    webhookLogs: IWebhookEventsLogger;
+    providers: () => {
+        [K in string]: string;
+    };
+};
+export interface ApiError {
+    message: string;
+    code: number;
+}
+export interface DirectorySyncEvent {
+    directory_id: Directory['id'];
+    event: DirectorySyncEventType;
+    data: User | Group | (User & {
+        group: Group;
+    });
+    tenant: string;
+    product: string;
+}
+export interface EventCallback {
+    (event: DirectorySyncEvent): Promise<void>;
+}
+export interface WebhookEventLog extends DirectorySyncEvent {
+    id: string;
+    webhook_endpoint: string;
+    created_at: Date;
+    status_code?: number;
+    delivered?: boolean;
+}
 export {};

package/dist/typings.js

@@ -1,2 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.DirectorySyncProviders = void 0;
+var DirectorySyncProviders;
+(function (DirectorySyncProviders) {
+    DirectorySyncProviders["azure-scim-v2"] = "Azure SCIM v2.0";
+    DirectorySyncProviders["onelogin-scim-v2"] = "OneLogin SCIM v2.0";
+    DirectorySyncProviders["okta-scim-v2"] = "Okta SCIM v2.0";
+    DirectorySyncProviders["jumpcloud-scim-v2"] = "JumpCloud v2.0";
+    DirectorySyncProviders["generic-scim-v2"] = "SCIM Generic v2.0";
+})(DirectorySyncProviders = exports.DirectorySyncProviders || (exports.DirectorySyncProviders = {}));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "1.1.6",
+  "version": "1.2.0",
   "description": "SAML Jackson library",
   "keywords": [
     "SAML 2.0"
@@ -42,6 +42,7 @@
     "@opentelemetry/api": "1.0.4",
     "@opentelemetry/api-metrics": "0.27.0",
     "@peculiar/webcrypto": "1.4.0",
+    "axios": "^0.27.2",
     "@peculiar/x509": "1.8.3",
     "jose": "4.9.2",
     "marked": "4.1.0",
@@ -56,6 +57,7 @@
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
+    "@faker-js/faker": "7.2.0",
     "@types/node": "18.7.16",
     "@types/sinon": "10.0.13",
     "@types/tap": "15.0.7",