@commercetools/connect-payments-sdk 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/index.js +1 -0
  3. package/dist/security/authn/jwt-authn-manager.d.ts +2 -0
  4. package/dist/security/authn/jwt-authn-manager.js +13 -1
  5. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # @commercetools/connect-payments-sdk
2
2
 
3
+ ## 0.0.5
4
+
5
+ ### Patch Changes
6
+
7
+ - 22434c9: Enforce validation of projectkey on the jwt authentication.
8
+
3
9
  ## 0.0.4
4
10
 
5
11
  ### Patch Changes
package/dist/index.js CHANGED
@@ -73,6 +73,7 @@ const setupPaymentSDK = (opts) => {
73
73
  const jwtAuthenticationManager = new security_1.JWTAuthenticationManager({
74
74
  jwtService,
75
75
  iss: opts.jwtIssuer,
76
+ projectKey: opts.projectKey,
76
77
  });
77
78
  const sessionAuthHookFn = new api_1.SessionAuthenticationHook({
78
79
  authenticationManager: sessionAuthenticationManager,
package/dist/security/authn/jwt-authn-manager.d.ts CHANGED
@@ -4,9 +4,11 @@ import { AuthenticationManager } from './types/authn.type';
4
4
  export declare class JWTAuthenticationManager implements AuthenticationManager {
5
5
  private jwtService;
6
6
  private iss;
7
+ private projectKey;
7
8
  constructor(opts: {
8
9
  jwtService: JWTService;
9
10
  iss: string;
11
+ projectKey: string;
10
12
  });
11
13
  authenticate(authentication: HeaderBasedAuthentication): Promise<JWTAuthentication>;
12
14
  }
package/dist/security/authn/jwt-authn-manager.js CHANGED
@@ -7,9 +7,11 @@ const bearer_utils_1 = require("./bearer-utils");
7
7
  class JWTAuthenticationManager {
8
8
  jwtService;
9
9
  iss;
10
+ projectKey;
10
11
  constructor(opts) {
11
12
  this.jwtService = opts.jwtService;
12
13
  this.iss = opts.iss;
14
+ this.projectKey = opts.projectKey;
13
15
  }
14
16
  async authenticate(authentication) {
15
17
  const principal = authentication.getPrincipal();
@@ -18,13 +20,23 @@ class JWTAuthenticationManager {
18
20
  token,
19
21
  }));
20
22
  if (decodedToken.iss !== this.iss) {
21
- throw new errorx_1.ErrorAuthErrorResponse('Issuer in the token does not match the expected issuer', {
23
+ throw new errorx_1.ErrorAuthErrorResponse('Issuer in the token does not match the expected issuer.', {
22
24
  privateFields: {
23
25
  expectedIssuer: this.iss,
24
26
  actualIssuer: decodedToken['iss'],
25
27
  },
26
28
  });
27
29
  }
30
+ const projectKey = decodedToken[`${this.iss}/claims/project_key`];
31
+ if (projectKey !== this.projectKey) {
32
+ throw new errorx_1.ErrorAuthErrorResponse('Project key does not match.', {
33
+ privateFields: {
34
+ expectedIssuer: this.iss,
35
+ actualIssuer: decodedToken['iss'],
36
+ projectKey,
37
+ },
38
+ });
39
+ }
28
40
  return new authns_1.JWTAuthentication(token, {
29
41
  mcCustomerId: decodedToken['sub'],
30
42
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@commercetools/connect-payments-sdk",
3
- "version": "0.0.4",
3
+ "version": "0.0.5",
4
4
  "description": "Payment SDK for commercetools payment connectors",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",