@commercetools/connect-payments-sdk 0.2.2 → 0.3.0

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @commercetools/connect-payments-sdk
 
+## 0.3.0
+
+### Minor Changes
+
+- 45cf960: added a new hook for authenticating a query params based session
+
 ## 0.2.2
 
 ### Patch Changes

package/dist/api/hooks/jwt-auth.hook.d.ts

@@ -12,5 +12,6 @@ export declare class JWTAuthenticationHook implements AuthenticationHook {
     });
     authenticate(): (request: {
         headers: IncomingHttpHeaders;
+        query?: any;
     }) => Promise<void>;
 }

package/dist/api/hooks/jwt-auth.hook.js

@@ -10,6 +10,7 @@ class JWTAuthenticationHook {
         this.contextProvider = opts.contextProvider;
     }
     authenticate() {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         return async (request) => {
             const authorizationHeader = new security_1.HeaderBasedAuthentication(request.headers['authorization']);
             const authn = await this.authenticationManager.authenticate(authorizationHeader);

package/dist/api/hooks/oauth2-auth.hook.d.ts

@@ -12,5 +12,6 @@ export declare class Oauth2AuthenticationHook implements AuthenticationHook {
     });
     authenticate(): (request: {
         headers: IncomingHttpHeaders;
+        query?: any;
     }) => Promise<void>;
 }

package/dist/api/hooks/oauth2-auth.hook.js

@@ -10,6 +10,7 @@ class Oauth2AuthenticationHook {
         this.contextProvider = opts.contextProvider;
     }
     authenticate() {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         return async (request) => {
             const authorizationHeader = new security_1.HeaderBasedAuthentication(request.headers['authorization']);
             const authn = await this.authenticationManager.authenticate(authorizationHeader);

package/dist/api/hooks/{session-auth.hook.d.ts → session-header-auth.hook.d.ts}

@@ -1,16 +1,17 @@
 /// <reference types="node" />
 import { IncomingHttpHeaders } from 'node:http';
 import { ContextProvider, RequestContextData } from '../context/types/request-context.type';
-import { SessionAuthenticationManager } from '../../security';
+import { SessionHeaderAuthenticationManager } from '../../security';
 import { AuthenticationHook } from './types/hook.type';
-export declare class SessionAuthenticationHook implements AuthenticationHook {
+export declare class SessionHeaderAuthenticationHook implements AuthenticationHook {
     private authenticationManager;
     private contextProvider;
     constructor(opts: {
-        authenticationManager: SessionAuthenticationManager;
+        authenticationManager: SessionHeaderAuthenticationManager;
         contextProvider: ContextProvider<RequestContextData>;
     });
     authenticate(): (request: {
         headers: IncomingHttpHeaders;
+        query?: any;
     }) => Promise<void>;
 }

package/dist/api/hooks/{session-auth.hook.js → session-header-auth.hook.js}

@@ -1,8 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SessionAuthenticationHook = void 0;
+exports.SessionHeaderAuthenticationHook = void 0;
 const security_1 = require("../../security");
-class SessionAuthenticationHook {
+class SessionHeaderAuthenticationHook {
     authenticationManager;
     contextProvider;
     constructor(opts) {
@@ -10,6 +10,7 @@ class SessionAuthenticationHook {
         this.contextProvider = opts.contextProvider;
     }
     authenticate() {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         return async (request) => {
             const sessionIdAuthn = new security_1.HeaderBasedAuthentication(request.headers['x-session-id']);
             const authn = await this.authenticationManager.authenticate(sessionIdAuthn);
@@ -19,4 +20,4 @@ class SessionAuthenticationHook {
         };
     }
 }
-exports.SessionAuthenticationHook = SessionAuthenticationHook;
+exports.SessionHeaderAuthenticationHook = SessionHeaderAuthenticationHook;

package/dist/api/hooks/session-query-param-auth.hook.d.ts

@@ -0,0 +1,17 @@
+/// <reference types="node" />
+import { IncomingHttpHeaders } from 'node:http';
+import { ContextProvider, RequestContextData } from '../context/types/request-context.type';
+import { SessionQueryParamAuthenticationManager } from '../../security';
+import { AuthenticationHook } from './types/hook.type';
+export declare class SessionQueryParamAuthenticationHook implements AuthenticationHook {
+    private authenticationManager;
+    private contextProvider;
+    constructor(opts: {
+        authenticationManager: SessionQueryParamAuthenticationManager;
+        contextProvider: ContextProvider<RequestContextData>;
+    });
+    authenticate(): (request: {
+        headers: IncomingHttpHeaders;
+        query?: any;
+    }) => Promise<void>;
+}

package/dist/api/hooks/session-query-param-auth.hook.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionQueryParamAuthenticationHook = void 0;
+const security_1 = require("../../security");
+class SessionQueryParamAuthenticationHook {
+    authenticationManager;
+    contextProvider;
+    constructor(opts) {
+        this.authenticationManager = opts.authenticationManager;
+        this.contextProvider = opts.contextProvider;
+    }
+    authenticate() {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        return async (request) => {
+            const sessionIdAuthn = new security_1.QueryParamBasedAuthentication(request.query['ctsid']);
+            const authn = await this.authenticationManager.authenticate(sessionIdAuthn);
+            this.contextProvider.updateContextData({
+                authentication: authn,
+            });
+        };
+    }
+}
+exports.SessionQueryParamAuthenticationHook = SessionQueryParamAuthenticationHook;

package/dist/api/hooks/types/hook.type.d.ts

@@ -3,6 +3,7 @@ import { IncomingHttpHeaders } from 'node:http';
 export interface AuthenticationHook {
     authenticate(): (request: {
         headers: IncomingHttpHeaders;
+        query?: any;
     }) => Promise<void>;
 }
 export interface AuthorizationHook {

package/dist/api/index.d.ts

@@ -4,6 +4,7 @@ export * from './handlers/config.handler';
 export * from './handlers/status.handler';
 export * from './hooks/jwt-auth.hook';
 export * from './hooks/oauth2-auth.hook';
-export * from './hooks/session-auth.hook';
+export * from './hooks/session-header-auth.hook';
+export * from './hooks/session-query-param-auth.hook';
 export * from './hooks/types/hook.type';
 export * from './hooks/authorize.hook';

package/dist/api/index.js

@@ -20,6 +20,7 @@ __exportStar(require("./handlers/config.handler"), exports);
 __exportStar(require("./handlers/status.handler"), exports);
 __exportStar(require("./hooks/jwt-auth.hook"), exports);
 __exportStar(require("./hooks/oauth2-auth.hook"), exports);
-__exportStar(require("./hooks/session-auth.hook"), exports);
+__exportStar(require("./hooks/session-header-auth.hook"), exports);
+__exportStar(require("./hooks/session-query-param-auth.hook"), exports);
 __exportStar(require("./hooks/types/hook.type"), exports);
 __exportStar(require("./hooks/authorize.hook"), exports);

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { JWTAuthenticationHook, Oauth2AuthenticationHook, RequestContextData, RequestContextProvider, SessionAuthenticationHook, AuthorityAuthorizationHook } from './api';
+import { JWTAuthenticationHook, Oauth2AuthenticationHook, RequestContextData, RequestContextProvider, AuthorityAuthorizationHook, SessionHeaderAuthenticationHook, SessionQueryParamAuthenticationHook } from './api';
 import { DefaultCommercetoolsAPI } from './commercetools/api/root-api';
 import { DefaultAuthorizationService } from './commercetools/services/ct-authorization.service';
 import { DefaultCartService } from './commercetools/services/ct-cart.service';
@@ -27,7 +27,8 @@ export declare const setupPaymentSDK: (opts: {
     ctPaymentService: DefaultPaymentService;
     ctAuthorizationService: DefaultAuthorizationService;
     contextProvider: RequestContextProvider;
-    sessionAuthHookFn: SessionAuthenticationHook;
+    sessionHeaderAuthHookFn: SessionHeaderAuthenticationHook;
+    sessionQueryParamAuthHookFn: SessionQueryParamAuthenticationHook;
     jwtAuthHookFn: JWTAuthenticationHook;
     oauth2AuthHookFn: Oauth2AuthenticationHook;
     authorityAuthorizationHookFn: AuthorityAuthorizationHook;

package/dist/index.js

@@ -61,7 +61,10 @@ const setupPaymentSDK = (opts) => {
     const jwtService = new security_1.DefaultJWTService({
         jwksUrl: opts.jwksUrl,
     });
-    const sessionAuthenticationManager = new security_1.SessionAuthenticationManager({
+    const sessionHeaderAuthenticationManager = new security_1.SessionHeaderAuthenticationManager({
+        sessionService,
+    });
+    const sessionQueryParamAuthenticationManager = new security_1.SessionQueryParamAuthenticationManager({
         sessionService,
     });
     const oauth2AuthenticationManager = new security_1.Oauth2AuthenticationManager({
@@ -76,8 +79,12 @@ const setupPaymentSDK = (opts) => {
         iss: opts.jwtIssuer,
         projectKey: opts.projectKey,
     });
-    const sessionAuthHookFn = new api_1.SessionAuthenticationHook({
-        authenticationManager: sessionAuthenticationManager,
+    const sessionHeaderAuthHookFn = new api_1.SessionHeaderAuthenticationHook({
+        authenticationManager: sessionHeaderAuthenticationManager,
+        contextProvider,
+    });
+    const sessionQueryParamAuthHookFn = new api_1.SessionQueryParamAuthenticationHook({
+        authenticationManager: sessionQueryParamAuthenticationManager,
         contextProvider,
     });
     const jwtAuthHookFn = new api_1.JWTAuthenticationHook({
@@ -98,7 +105,8 @@ const setupPaymentSDK = (opts) => {
         ctPaymentService,
         ctAuthorizationService,
         contextProvider,
-        sessionAuthHookFn,
+        sessionHeaderAuthHookFn,
+        sessionQueryParamAuthHookFn,
         jwtAuthHookFn,
         oauth2AuthHookFn,
         authorityAuthorizationHookFn,

package/dist/security/authn/authns.d.ts

@@ -1,4 +1,4 @@
-import { Authentication, HeaderPrincipal, JWTPrincipal, Oauth2Principal, SessionPrincipal } from './types/authn.type';
+import { Authentication, HeaderPrincipal, JWTPrincipal, Oauth2Principal, QueryParamPrincipal, SessionPrincipal } from './types/authn.type';
 export declare class SessionAuthentication implements Authentication<SessionPrincipal, string> {
     private principal;
     private authorities;
@@ -22,6 +22,16 @@ export declare class HeaderBasedAuthentication implements Authentication<HeaderP
     getPrincipal(): HeaderPrincipal;
     isAuthenticated(): boolean;
 }
+export declare class QueryParamBasedAuthentication implements Authentication<QueryParamPrincipal, string> {
+    private authQueryParam;
+    constructor(authQueryParam: string);
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getCredentials(): string;
+    getPrincipal(): QueryParamPrincipal;
+    isAuthenticated(): boolean;
+}
 export declare class Oauth2Authentication implements Authentication<Oauth2Principal, string> {
     private principal;
     private authorities;

package/dist/security/authn/authns.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.JWTAuthentication = exports.Oauth2Authentication = exports.HeaderBasedAuthentication = exports.SessionAuthentication = void 0;
+exports.JWTAuthentication = exports.Oauth2Authentication = exports.QueryParamBasedAuthentication = exports.HeaderBasedAuthentication = exports.SessionAuthentication = void 0;
 class SessionAuthentication {
     principal;
     authorities;
@@ -58,6 +58,33 @@ class HeaderBasedAuthentication {
     }
 }
 exports.HeaderBasedAuthentication = HeaderBasedAuthentication;
+class QueryParamBasedAuthentication {
+    authQueryParam;
+    constructor(authQueryParam) {
+        this.authQueryParam = authQueryParam;
+    }
+    hasPrincipal() {
+        return this.getPrincipal() != undefined;
+    }
+    getAuthorities() {
+        return [];
+    }
+    hasCredentials() {
+        return this.getCredentials() != undefined;
+    }
+    getCredentials() {
+        return this.authQueryParam;
+    }
+    getPrincipal() {
+        return {
+            authQueryParam: this.authQueryParam,
+        };
+    }
+    isAuthenticated() {
+        return false;
+    }
+}
+exports.QueryParamBasedAuthentication = QueryParamBasedAuthentication;
 class Oauth2Authentication {
     principal;
     authorities;

package/dist/security/authn/{session-authn-manager.d.ts → session-header-authn-manager.d.ts}

@@ -1,7 +1,7 @@
 import { AuthenticationManager } from './types/authn.type';
 import { HeaderBasedAuthentication, SessionAuthentication } from './authns';
 import { CommercetoolsSessionService } from '../../commercetools';
-export declare class SessionAuthenticationManager implements AuthenticationManager {
+export declare class SessionHeaderAuthenticationManager implements AuthenticationManager {
     private sessionService;
     constructor(opts: {
         sessionService: CommercetoolsSessionService;

package/dist/security/authn/{session-authn-manager.js → session-header-authn-manager.js}

@@ -1,9 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SessionAuthenticationManager = void 0;
+exports.SessionHeaderAuthenticationManager = void 0;
 const authns_1 = require("./authns");
 const errorx_1 = require("../../errorx");
-class SessionAuthenticationManager {
+class SessionHeaderAuthenticationManager {
     sessionService;
     constructor(opts) {
         this.sessionService = opts.sessionService;
@@ -25,4 +25,4 @@ class SessionAuthenticationManager {
         }
     }
 }
-exports.SessionAuthenticationManager = SessionAuthenticationManager;
+exports.SessionHeaderAuthenticationManager = SessionHeaderAuthenticationManager;

package/dist/security/authn/session-query-param-authn-manager.d.ts

@@ -0,0 +1,10 @@
+import { AuthenticationManager } from './types/authn.type';
+import { QueryParamBasedAuthentication, SessionAuthentication } from './authns';
+import { CommercetoolsSessionService } from '../../commercetools';
+export declare class SessionQueryParamAuthenticationManager implements AuthenticationManager {
+    private sessionService;
+    constructor(opts: {
+        sessionService: CommercetoolsSessionService;
+    });
+    authenticate(authentication: QueryParamBasedAuthentication): Promise<SessionAuthentication>;
+}

package/dist/security/authn/session-query-param-authn-manager.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionQueryParamAuthenticationManager = void 0;
+const authns_1 = require("./authns");
+const errorx_1 = require("../../errorx");
+class SessionQueryParamAuthenticationManager {
+    sessionService;
+    constructor(opts) {
+        this.sessionService = opts.sessionService;
+    }
+    async authenticate(authentication) {
+        const principal = authentication.getPrincipal();
+        try {
+            const session = await this.sessionService.verifySession(principal.authQueryParam);
+            return new authns_1.SessionAuthentication(principal.authQueryParam, {
+                cartId: this.sessionService.getCartFromSession(session),
+                allowedPaymentMethods: this.sessionService.getAllowedPaymentMethodsFromSession(session),
+                processorUrl: this.sessionService.getProcessorUrlFromSession(session),
+                paymentInterface: this.sessionService.getPaymentInterfaceFromSession(session),
+                merchantReturnUrl: this.sessionService.getMerchantReturnUrlFromSession(session),
+            });
+        }
+        catch (e) {
+            throw new errorx_1.ErrorAuthErrorResponse('Session is not active');
+        }
+    }
+}
+exports.SessionQueryParamAuthenticationManager = SessionQueryParamAuthenticationManager;

package/dist/security/authn/types/authn.type.d.ts

@@ -12,6 +12,9 @@ export interface Authentication<Principal = unknown, Credentials = unknown> {
 export type HeaderPrincipal = {
     authHeader: string;
 };
+export type QueryParamPrincipal = {
+    authQueryParam: string;
+};
 export type SessionPrincipal = {
     cartId: string;
     allowedPaymentMethods: string[];

package/dist/security/index.d.ts

@@ -1,7 +1,8 @@
 export * from './authn/authns';
 export * from './authn/jwt-authn-manager';
 export * from './authn/oauth2-authn-manager';
-export * from './authn/session-authn-manager';
+export * from './authn/session-header-authn-manager';
+export * from './authn/session-query-param-authn-manager';
 export * from './authn/types/authn.type';
 export * from './services/jwt.service';
 export * from './services/oauth2.service';

package/dist/security/index.js

@@ -17,7 +17,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./authn/authns"), exports);
 __exportStar(require("./authn/jwt-authn-manager"), exports);
 __exportStar(require("./authn/oauth2-authn-manager"), exports);
-__exportStar(require("./authn/session-authn-manager"), exports);
+__exportStar(require("./authn/session-header-authn-manager"), exports);
+__exportStar(require("./authn/session-query-param-authn-manager"), exports);
 __exportStar(require("./authn/types/authn.type"), exports);
 __exportStar(require("./services/jwt.service"), exports);
 __exportStar(require("./services/oauth2.service"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools/connect-payments-sdk",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "description": "Payment SDK for commercetools payment connectors",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",