@carisls/sso-standard 1.0.0 → 1.0.2

package/cjs/authorize.cjs

@@ -62,6 +62,6 @@ function authorize (role, exceptions, redirectToLogin = false) {
       next();
     }
   };
-};
+}
 
 module.exports = authorize;

package/cjs/index.cjs

@@ -24,6 +24,7 @@ const authorize = require('./authorize.cjs');
  * @param {string} options.paths.afterLogin Change default final endpoint after successful login from /
  * @param {string} options.paths.logout Change default logout init endpoint from /logout
  * @param {string} options.paths.afterLogout Change default logout final endpoint after a successful logout from /
+ * @param {boolean} options.groups To request groups scope (default is true)
  * @returns
  */
 const router = (options) => {
@@ -31,11 +32,13 @@ const router = (options) => {
   if (!options)
     throw Error('You need to set options parameter');
 
-  if (!options.ssoUrl && !options.providers)
-    throw Error('ssoUrl is always required');
+  const providers = options.providers?.split ? options.providers.split(',').map(i => ({ ssoUrl: i })) : options.providers;
 
-  if (!options.clientId && !options.providers)
-    throw Error('clientId is required');
+  if (!options.providers)
+    throw Error('providers is always required');
+
+  if (!options.clientId || !options.clientSecret)
+    throw Error('clientId and clientSecret are required');
 
   if (!options.publicKeyCache)
     options.publicKeyCache = 300;
@@ -46,9 +49,6 @@ const router = (options) => {
   const router = Router();
 
   (async () => {
-    const providers = options.providers || [];
-    if (!providers.length && options.ssoUrl)
-      providers.push({ iss: options.iss || options.ssoUrl, ssoUrl: options.ssoUrl, publicKey: options.publicKey });
     const issuerSelector = await issuerSelectorModule(providers, options.publicKeyCache);
     const encryptor = encryptorModule(options.encPassword, options.encPasswordSalt, options.encIterationCount);
 
@@ -60,9 +60,10 @@ const router = (options) => {
       encryptor,
       options.userMapper,
       options.paths,
-      options.expOffset);
-
-      })()
+      options.expOffset,
+      options.groups ?? true
+    );
+  })()
     .catch((err) => {
       router.all('*', (req, res, next) => {
         next(new HttpError(500, 'SSO settings have failed to load'));
@@ -73,7 +74,7 @@ const router = (options) => {
   return router;
 };
 
-module.exports = { 
+module.exports = {
   router,
   authorize
 };

package/cjs/shared/cookies/cookieParser.cjs

@@ -6,6 +6,6 @@ function cookieParser (router) {
     else
       cookieParserModule()(req, res, next); // Cookie parser is needed
   });
-};
+}
 
 module.exports = cookieParser;

package/cjs/shared/logout.cjs

@@ -20,6 +20,6 @@ function logout (router, client, encryptor, logoutPath, afterLogoutPath) {
 
     }));
   });
-};
+}
 
 module.exports = logout;

package/cjs/shared/user.cjs

@@ -26,6 +26,6 @@ function user (router, encryptor, userMapper) {
         next();
       });
   });
-};
+}
 
 module.exports = user;

package/cjs/standard/codeRequest.cjs

@@ -12,6 +12,6 @@ function codeRequest (client) {
     code,
     redirect_uri: redirectUri
   });
-};
+}
 
 module.exports = codeRequest;

package/cjs/standard/index.cjs

@@ -13,7 +13,7 @@ const codeRequestModule2 = require('./codeRequest.cjs');
 
 const userModule = require('../shared/user.cjs');
 
-function index (router, clientId, clientSecret, issuerSelector, encryptor, userMapper, paths, expOffset = 0) {
+function index (router, clientId, clientSecret, issuerSelector, encryptor, userMapper, paths, expOffset = 0, groups = true) {
   // Add cookieParser
   cookieParserModule(router);
 
@@ -40,7 +40,8 @@ function index (router, clientId, clientSecret, issuerSelector, encryptor, userM
     client,
     paths?.login || '/login',
     paths?.sso || '/sso',
-    paths?.afterLogin || '/'
+    paths?.afterLogin || '/',
+    groups ?? true
   );
 
   // Handle return from standard SSO
@@ -69,6 +70,6 @@ function index (router, clientId, clientSecret, issuerSelector, encryptor, userM
 
   // Inject user from session cookie if present
   userModule(router, encryptor, userMapper);
-};
+}
 
 module.exports = index;

package/cjs/standard/login.cjs

@@ -1,15 +1,21 @@
-function login (router, client, loginPath, ssoPath, afterLoginPath) {
+function login (router, client, loginPath, ssoPath, afterLoginPath, groups = true) {
   router.get(loginPath, (req, res) => {
     // Set redirectTo
     const redirectTo = req.query.ReturnUrl || afterLoginPath;
 
+    // Set default scopes
+    const scopes = ['openid', 'profile', 'email', 'offline_access'];
+
+    if (groups === true)
+      scopes.push('groups');
+
     // Standard flow initiates directly
     res.redirect(client.authorizationUrl({
       redirect_uri: `${req.protocol}://${req.headers.host}${ssoPath}`,
       state: redirectTo ? Buffer.from(redirectTo).toString('hex') : undefined,
-      scope: 'openid profile email offline_access groups'
+      scope: scopes.join(' ')
     }));
   });
-};
+}
 
 module.exports = login;

package/cjs/standard/refreshRequest.cjs

@@ -42,6 +42,6 @@ function refreshRequest (router, client, encryptor, accessTokenModule, refreshTo
         next();
       });
   });
-};
+}
 
 module.exports = refreshRequest;

package/cjs/standard/sso.cjs

@@ -20,6 +20,6 @@ function sso (router, client, ssoPath, codeRequestModule, accessTokenModule, ref
         next(err);
       });
   });
-};
+}
 
 module.exports = sso;

package/eslint.config.js

@@ -0,0 +1,17 @@
+import neostandard from 'neostandard';
+
+export default [
+  ...neostandard({ semi: true }),
+  {
+    rules: {
+      curly: ['error', 'multi-or-nest'],
+      '@stylistic/brace-style': ['error', 'stroustrup'],
+      'no-undef': ['warn', { typeof: true }],
+      'no-unused-vars': ['warn']
+    }
+  },
+  {
+    files: ['**/*.test.js'],
+    rules: { 'no-unused-expressions': 'off' }
+  }
+];

package/esm/authorize.js

@@ -62,6 +62,6 @@ function authorize (role, exceptions, redirectToLogin = false) {
       next();
     }
   };
-};
+}
 
 export default authorize;

package/esm/index.js

@@ -25,6 +25,7 @@ import authorize from '../cjs/authorize.cjs';
  * @param {string} options.paths.logout Change default logout init endpoint from /logout
  * @param {string} options.paths.afterLogout Change default logout final endpoint after a successful logout from /
  * @param {boolean} options.useCachedSession Whether or not to store access token to cache instead of a cookie (if larger than 4096)
+ * @param {boolean} options.groups To request groups scope (default is true)
  * @returns
  */
 const router = (options) => {
@@ -32,11 +33,13 @@ const router = (options) => {
   if (!options)
     throw Error('You need to set options parameter');
 
-  if (!options.ssoUrl && !options.providers)
-    throw Error('ssoUrl is always required');
+  const providers = options.providers?.split ? options.providers.split(',').map(i => ({ ssoUrl: i })) : options.providers;
 
-  if (!options.clientId && !options.providers)
-    throw Error('clientId is required');
+  if (!options.providers)
+    throw Error('providers is always required');
+
+  if (!options.clientId || !options.clientSecret)
+    throw Error('clientId and clientSecret are required');
 
   if (!options.publicKeyCache)
     options.publicKeyCache = 300;
@@ -47,9 +50,6 @@ const router = (options) => {
   const router = Router();
 
   (async () => {
-    const providers = options.providers || [];
-    if (!providers.length && options.ssoUrl)
-      providers.push({ iss: options.iss || options.ssoUrl, ssoUrl: options.ssoUrl, publicKey: options.publicKey });
     const issuerSelector = await issuerSelectorModule(providers, options.publicKeyCache);
     const encryptor = encryptorModule(options.encPassword, options.encPasswordSalt, options.encIterationCount);
 
@@ -61,8 +61,9 @@ const router = (options) => {
       encryptor,
       options.userMapper,
       options.paths,
-      options.expOffset);
-
+      options.expOffset,
+      options.groups ?? true
+    );
   })()
     .catch((err) => {
       router.all('*', (req, res, next) => {
@@ -76,7 +77,7 @@ const router = (options) => {
 
 export { router, authorize };
 
-export default { 
+export default {
   router,
   authorize
-}
+};

package/esm/shared/cookies/cookieParser.js

@@ -6,6 +6,6 @@ function cookieParser (router) {
     else
       cookieParserModule()(req, res, next); // Cookie parser is needed
   });
-};
+}
 
 export default cookieParser;

package/esm/shared/logout.js

@@ -20,6 +20,6 @@ function logout (router, client, encryptor, logoutPath, afterLogoutPath) {
 
     }));
   });
-};
+}
 
 export default logout;

package/esm/shared/user.js

@@ -26,6 +26,6 @@ function user (router, encryptor, userMapper) {
         next();
       });
   });
-};
+}
 
 export default user;

package/esm/standard/codeRequest.js

@@ -12,6 +12,6 @@ function codeRequest (client) {
     code,
     redirect_uri: redirectUri
   });
-};
+}
 
 export default codeRequest;

package/esm/standard/index.js

@@ -13,7 +13,7 @@ import codeRequestModule2 from './codeRequest.js';
 
 import userModule from '../shared/user.js';
 
-function index (router, clientId, clientSecret, issuerSelector, encryptor, userMapper, paths, expOffset = 0) {
+function index (router, clientId, clientSecret, issuerSelector, encryptor, userMapper, paths, expOffset = 0, groups = true) {
   // Add cookieParser
   cookieParserModule(router);
 
@@ -40,7 +40,8 @@ function index (router, clientId, clientSecret, issuerSelector, encryptor, userM
     client,
     paths?.login || '/login',
     paths?.sso || '/sso',
-    paths?.afterLogin || '/'
+    paths?.afterLogin || '/',
+    groups ?? true
   );
 
   // Handle return from standard SSO
@@ -69,6 +70,6 @@ function index (router, clientId, clientSecret, issuerSelector, encryptor, userM
 
   // Inject user from session cookie if present
   userModule(router, encryptor, userMapper);
-};
+}
 
 export default index;

package/esm/standard/login.js

@@ -1,15 +1,21 @@
-function login (router, client, loginPath, ssoPath, afterLoginPath) {
+function login (router, client, loginPath, ssoPath, afterLoginPath, groups = true) {
   router.get(loginPath, (req, res) => {
     // Set redirectTo
     const redirectTo = req.query.ReturnUrl || afterLoginPath;
 
+    // Set default scopes
+    const scopes = ['openid', 'profile', 'email', 'offline_access'];
+
+    if (groups === true)
+      scopes.push('groups');
+
     // Standard flow initiates directly
     res.redirect(client.authorizationUrl({
       redirect_uri: `${req.protocol}://${req.headers.host}${ssoPath}`,
       state: redirectTo ? Buffer.from(redirectTo).toString('hex') : undefined,
-      scope: 'openid profile email offline_access groups'
+      scope: scopes.join(' ')
     }));
   });
-};
+}
 
 export default login;

package/esm/standard/refreshRequest.js

@@ -42,6 +42,6 @@ function refreshRequest (router, client, encryptor, accessTokenModule, refreshTo
         next();
       });
   });
-};
+}
 
 export default refreshRequest;

package/esm/standard/sso.js

@@ -20,6 +20,6 @@ function sso (router, client, ssoPath, codeRequestModule, accessTokenModule, ref
         next(err);
       });
   });
-};
+}
 
 export default sso;

package/package.json

@@ -1,12 +1,20 @@
 {
   "name": "@carisls/sso-standard",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "A middleware implementing standard flow SSO",
   "main": "cjs/index.cjs",
   "module": "esm/index.js",
   "type": "module",
+  "exports": {
+    ".": {
+      "require": "./cjs/index.cjs",
+      "import": "./esm/index.js"
+    }
+  },
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "npm run test:lint",
+    "test:lint": "eslint '**/*.js' '**/*.cjs'",
+    "test:lint-fix": "eslint '**/*.js' '**/*.cjs' --fix"
   },
   "keywords": [
     "sso",
@@ -17,8 +25,12 @@
   "author": "Mihovil Strujic <mstrujic@carisls.com>",
   "license": "MIT",
   "dependencies": {
-    "@carisls/sso-core": "^1.0.0",
+    "@carisls/sso-core": "file:../core",
     "cookie-parser": "^1.4.6",
     "express": "^4.19.2"
+  },
+  "devDependencies": {
+    "eslint": "^9.9.1",
+    "neostandard": "^0.11.4"
   }
 }