@hmcts/opal-frontend-common-node 0.0.12 → 0.0.13

package/sso/sso-login-callback.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login-callback.js","sourceRoot":"","sources":["../../src/sso/sso-login-callback.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,UAAkB,EAAE,EAAE;IAC3F,MAAM,sBAAsB,GAAG,GAAG,UAAU,kCAAkC,CAAC;IAC/E,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAElD,IAAI,CAAC;QACH,8DAA8D;QAC9D,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAM,sBAAsB,EAAE,GAAG,CAAC,IAAI,EAAE;YACrE,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;SACjE,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC;QAClC,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,aAAa,CAAC;QAE1C,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;YAED,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-login-callback.js","sourceRoot":"","sources":["../../src/sso/sso-login-callback.ts"],"names":[],"mappings":"AAEA,OAAO,iBAAiB,CAAC;AAEzB,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;AACtD,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAEpE;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,uBAAuB,CACnD,GAAY,EACZ,GAAa,EACb,YAA2C,EAC3C,QAAgB,EAChB,gBAAwB,EACxB,gBAAwB;IAExB,4EAA4E;IAC5E,MAAM,YAAY,GAAG;QACnB,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAW;QAChC,MAAM,EAAE,CAAC,SAAS,QAAQ,mBAAmB,CAAC;QAC9C,WAAW,EAAE,GAAG,gBAAgB,GAAG,gBAAgB,EAAE;KACtD,CAAC;IAEF,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,0EAA0E;QAC1E,MAAM,UAAU,GAAG,CAAC,CAAC;QACrB,IAAI,QAAQ,CAAC;QACb,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,YAAY,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;gBAC/D,MAAM;gBACN,8DAA8D;YAChE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,8DAA8D;gBAC9D,MAAM,WAAW,GAAG,CAAC,CAAM,EAAE,EAAE,CAC7B,CAAC,EAAE,SAAS,KAAK,eAAe,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;gBACpF,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;oBAC7C,MAAM,CAAC,IAAI,CAAC,yDAAyD,OAAO,KAAK,CAAC,CAAC;oBACnF,MAAM,KAAK,CAAC,GAAG,GAAG,OAAO,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAEjF,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;QAEzC,MAAM,aAAa,GAAkB;YACnC,UAAU,EAAE,SAAS;YACrB,YAAY,EAAE,WAAW;SAC1B,CAAC;QAEF,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,aAAa,CAAC;QAC1C,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACvD,OAAO;IACT,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;YAC1C,8DAA8D;YAC9D,SAAS,EAAG,KAAa,EAAE,SAAS;YACpC,8DAA8D;YAC9D,aAAa,EAAG,KAAa,EAAE,aAAa;SAC7C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACpD,CAAC;AACH,CAAC"}

package/sso/sso-login.d.ts

@@ -1,4 +1,19 @@
-import { NextFunction, Request, Response } from 'express';
-declare const _default: (req: Request, res: Response, next: NextFunction, opalApiUrl: string, frontendHostname: string) => Promise<void>;
+import { NextFunction, Response } from 'express';
+import { ConfidentialClientApplication } from '@azure/msal-node';
+/**
+ * Initiates the SSO login process by generating an authorization code URL and redirecting the user.
+ *
+ * @param res - The Express response object used to redirect the user.
+ * @param next - The Express next middleware function for error handling.
+ * @param msalInstance - An instance of MSAL ConfidentialClientApplication used to generate the auth code URL.
+ * @param frontendHostname - The base URL of the frontend application.
+ * @param ssoLoginCallback - The callback path to be appended to the frontend hostname for redirection after login.
+ *
+ * @remarks
+ * This function constructs the authorization code URL with the required scopes and redirect URI,
+ * then redirects the user to the authentication provider. If an error occurs, it logs the error and
+ * passes it to the next middleware.
+ */
+declare const _default: (res: Response, next: NextFunction, msalInstance: ConfidentialClientApplication, frontendHostname: string, ssoLoginCallback: string) => Promise<void>;
 export default _default;
 //# sourceMappingURL=sso-login.d.ts.map

package/sso/sso-login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login.d.ts","sourceRoot":"","sources":["../../src/sso/sso-login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAKxD,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,EAClB,YAAY,MAAM,EAClB,kBAAkB,MAAM;AAL1B,wBA0BE"}
+{"version":3,"file":"sso-login.d.ts","sourceRoot":"","sources":["../../src/sso/sso-login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,OAAO,EAAE,6BAA6B,EAAE,MAAM,kBAAkB,CAAC;AAEjE;;;;;;;;;;;;;GAaG;yBAED,KAAK,QAAQ,EACb,MAAM,YAAY,EAClB,cAAc,6BAA6B,EAC3C,kBAAkB,MAAM,EACxB,kBAAkB,MAAM;AAL1B,wBAoBE"}

package/sso/sso-login.js

@@ -1,24 +1,31 @@
 import { Logger } from '@hmcts/nodejs-logging';
-import axios from 'axios';
-export default async (req, res, next, opalApiUrl, frontendHostname) => {
-    const INTERNAL_USER_LOGIN = `${opalApiUrl}/internal-user/login-or-refresh`;
-    const logger = Logger.getLogger('login');
-    const url = `${INTERNAL_USER_LOGIN}?redirect_uri=${frontendHostname}/sso/login-callback`;
+/**
+ * Initiates the SSO login process by generating an authorization code URL and redirecting the user.
+ *
+ * @param res - The Express response object used to redirect the user.
+ * @param next - The Express next middleware function for error handling.
+ * @param msalInstance - An instance of MSAL ConfidentialClientApplication used to generate the auth code URL.
+ * @param frontendHostname - The base URL of the frontend application.
+ * @param ssoLoginCallback - The callback path to be appended to the frontend hostname for redirection after login.
+ *
+ * @remarks
+ * This function constructs the authorization code URL with the required scopes and redirect URI,
+ * then redirects the user to the authentication provider. If an error occurs, it logs the error and
+ * passes it to the next middleware.
+ */
+export default async (res, next, msalInstance, frontendHostname, ssoLoginCallback) => {
+    const logger = Logger.getLogger('sso-login');
     try {
-        const response = await axios.get(url);
-        const redirectUrl = response.request.res.responseUrl;
-        if (redirectUrl) {
-            res.redirect(redirectUrl);
-        }
-        else {
-            const error = new Error('Error trying to fetch login page');
-            logger.error('Error on login', error);
-            return next(error);
-        }
+        const authCodeUrl = await msalInstance.getAuthCodeUrl({
+            scopes: ['user.read'],
+            redirectUri: `${frontendHostname}${ssoLoginCallback}`,
+            responseMode: 'form_post',
+        });
+        res.redirect(authCodeUrl);
     }
     catch (error) {
-        logger.error('Error on login', error);
-        return next(error);
+        logger.error('Error on SSO Login:', error);
+        next(error);
     }
 };
 //# sourceMappingURL=sso-login.js.map

package/sso/sso-login.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login.js","sourceRoot":"","sources":["../../src/sso/sso-login.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,eAAe,KAAK,EAClB,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,UAAkB,EAClB,gBAAwB,EACxB,EAAE;IACF,MAAM,mBAAmB,GAAG,GAAG,UAAU,iCAAiC,CAAC;IAC3E,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,GAAG,mBAAmB,iBAAiB,gBAAgB,qBAAqB,CAAC;IAEzF,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtC,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;QAErD,IAAI,WAAW,EAAE,CAAC;YAChB,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;YAC5D,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-login.js","sourceRoot":"","sources":["../../src/sso/sso-login.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAG/C;;;;;;;;;;;;;GAaG;AACH,eAAe,KAAK,EAClB,GAAa,EACb,IAAkB,EAClB,YAA2C,EAC3C,gBAAwB,EACxB,gBAAwB,EACxB,EAAE;IACF,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,cAAc,CAAC;YACpD,MAAM,EAAE,CAAC,WAAW,CAAC;YACrB,WAAW,EAAE,GAAG,gBAAgB,GAAG,gBAAgB,EAAE;YACrD,YAAY,EAAE,WAAW;SAC1B,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC;AACH,CAAC,CAAC"}

package/sso/sso-logout-callback.d.ts

@@ -1,4 +1,14 @@
 import { NextFunction, Request, Response } from 'express';
+/**
+ * Express middleware to handle SSO logout callback.
+ *
+ * Destroys the user's session, clears the authentication cookie, and redirects to the home page.
+ *
+ * @param req - Express request object.
+ * @param res - Express response object.
+ * @param next - Express next middleware function.
+ * @param prefix - The name of the cookie to clear.
+ */
 declare const _default: (req: Request, res: Response, next: NextFunction, prefix: string) => void;
 export default _default;
 //# sourceMappingURL=sso-logout-callback.d.ts.map

package/sso/sso-logout-callback.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout-callback.d.ts","sourceRoot":"","sources":["../../src/sso/sso-logout-callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAK1C,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,QAAQ,MAAM;AAA/E,wBAWE"}
+{"version":3,"file":"sso-logout-callback.d.ts","sourceRoot":"","sources":["../../src/sso/sso-logout-callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAK1D;;;;;;;;;GASG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,QAAQ,MAAM;AAA/E,wBAWE"}

package/sso/sso-logout-callback.js

@@ -1,5 +1,15 @@
 import { Logger } from '@hmcts/nodejs-logging';
 const logger = Logger.getLogger('logout');
+/**
+ * Express middleware to handle SSO logout callback.
+ *
+ * Destroys the user's session, clears the authentication cookie, and redirects to the home page.
+ *
+ * @param req - Express request object.
+ * @param res - Express response object.
+ * @param next - Express next middleware function.
+ * @param prefix - The name of the cookie to clear.
+ */
 export default (req, res, next, prefix) => {
     req.session.destroy((err) => {
         if (err) {

package/sso/sso-logout-callback.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout-callback.js","sourceRoot":"","sources":["../../src/sso/sso-logout-callback.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,MAAc,EAAE,EAAE;IACjF,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1B,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QAED,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAExB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC"}
+{"version":3,"file":"sso-logout-callback.js","sourceRoot":"","sources":["../../src/sso/sso-logout-callback.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C;;;;;;;;;GASG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,MAAc,EAAE,EAAE;IACjF,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1B,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QAED,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAExB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC"}

package/sso/sso-logout.d.ts

@@ -1,4 +1,15 @@
-import { NextFunction, Request, Response } from 'express';
-declare const _default: (req: Request, res: Response, next: NextFunction, opalApiUrl: string, frontendHostname: string) => Promise<void>;
-export default _default;
+import { Response } from 'express';
+/**
+ * Logs out the user from Microsoft SSO by redirecting to the Azure logout endpoint.
+ *
+ * Constructs the Azure logout URL using the provided Microsoft URL with tenant ID and
+ * the post-logout redirect URI, then redirects the response to this URL.
+ * If an error occurs during the process, logs the error and sends a 500 response.
+ *
+ * @param res - The HTTP response object used to perform the redirect.
+ * @param microsoftUrlWithTenantId - The base Microsoft URL including the tenant ID.
+ * @param ssoLogoutCallback - The URI to redirect to after logout is complete.
+ * @returns A promise that resolves when the logout process is complete.
+ */
+export default function ssoLogout(res: Response, microsoftUrlWithTenantId: string, ssoLogoutCallback: string): Promise<void>;
 //# sourceMappingURL=sso-logout.d.ts.map

package/sso/sso-logout.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout.d.ts","sourceRoot":"","sources":["../../src/sso/sso-logout.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAIxD,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,EAClB,YAAY,MAAM,EAClB,kBAAkB,MAAM;AAL1B,wBAoCE"}
+{"version":3,"file":"sso-logout.d.ts","sourceRoot":"","sources":["../../src/sso/sso-logout.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC;;;;;;;;;;;GAWG;AACH,wBAA8B,SAAS,CACrC,GAAG,EAAE,QAAQ,EACb,wBAAwB,EAAE,MAAM,EAChC,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,IAAI,CAAC,CAWf"}

package/sso/sso-logout.js

@@ -1,31 +1,25 @@
-import axios from 'axios';
 import { Logger } from '@hmcts/nodejs-logging';
-export default async (req, res, next, opalApiUrl, frontendHostname) => {
-    const INTERNAL_USER_LOGOUT = `${opalApiUrl}/internal-user/logout`;
-    const logger = Logger.getLogger('login');
-    const url = `${INTERNAL_USER_LOGOUT}?redirect_uri=${frontendHostname}/sso/logout-callback`;
+/**
+ * Logs out the user from Microsoft SSO by redirecting to the Azure logout endpoint.
+ *
+ * Constructs the Azure logout URL using the provided Microsoft URL with tenant ID and
+ * the post-logout redirect URI, then redirects the response to this URL.
+ * If an error occurs during the process, logs the error and sends a 500 response.
+ *
+ * @param res - The HTTP response object used to perform the redirect.
+ * @param microsoftUrlWithTenantId - The base Microsoft URL including the tenant ID.
+ * @param ssoLogoutCallback - The URI to redirect to after logout is complete.
+ * @returns A promise that resolves when the logout process is complete.
+ */
+export default async function ssoLogout(res, microsoftUrlWithTenantId, ssoLogoutCallback) {
+    const logger = Logger.getLogger('sso-logout');
     try {
-        let accessToken;
-        if (req.session.securityToken) {
-            accessToken = req.session.securityToken.access_token;
-        }
-        if (!accessToken) {
-            return next(new Error('No access token found in session'));
-        }
-        const response = await axios.get(url, {
-            headers: { Authorization: `Bearer ${accessToken}` },
-        });
-        const logoutRedirect = response.request.res.responseUrl;
-        if (logoutRedirect) {
-            res.redirect(logoutRedirect);
-        }
-        else {
-            next(new Error('Error trying to fetch logout page'));
-        }
+        const azureLogoutUrl = `${microsoftUrlWithTenantId}/oauth2/v2.0/logout?post_logout_redirect_uri=${ssoLogoutCallback}`;
+        res.redirect(azureLogoutUrl);
     }
     catch (error) {
-        logger.error('Error logging out', error);
-        return next(error);
+        logger.error('Error on SSO Logout:', error);
+        res.status(500).send('Logout failed');
     }
-};
+}
 //# sourceMappingURL=sso-logout.js.map

package/sso/sso-logout.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout.js","sourceRoot":"","sources":["../../src/sso/sso-logout.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,eAAe,KAAK,EAClB,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,UAAkB,EAClB,gBAAwB,EACxB,EAAE;IACF,MAAM,oBAAoB,GAAG,GAAG,UAAU,uBAAuB,CAAC;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,GAAG,oBAAoB,iBAAiB,gBAAgB,sBAAsB,CAAC;IAE3F,IAAI,CAAC;QACH,IAAI,WAAW,CAAC;QAEhB,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC9B,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,YAAY,CAAC;QACvD,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YACpC,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;QACxD,IAAI,cAAc,EAAE,CAAC;YACnB,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-logout.js","sourceRoot":"","sources":["../../src/sso/sso-logout.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,SAAS,CACrC,GAAa,EACb,wBAAgC,EAChC,iBAAyB;IAEzB,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,GAAG,wBAAwB,gDAAgD,iBAAiB,EAAE,CAAC;QAEtH,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACxC,CAAC;AACH,CAAC"}

package/stubs/sso/sso-authenticated.stub.d.ts

@@ -1,4 +1,15 @@
 import { Request, Response } from 'express';
+/**
+ * Express middleware that checks if the current session has a valid, non-expired access token.
+ *
+ * - Sets the `Cache-Control` header to prevent caching of the endpoint.
+ * - Retrieves the `access_token` from the session.
+ * - If the token is missing or expired (as determined by `Jwt.isJwtExpired`), responds with HTTP 401 and `false`.
+ * - Otherwise, responds with HTTP 200 and `true`.
+ *
+ * @param req - The Express request object, expected to have a `session.securityToken.access_token` property.
+ * @param res - The Express response object used to send the HTTP response.
+ */
 declare const _default: (req: Request, res: Response) => void;
 export default _default;
 //# sourceMappingURL=sso-authenticated.stub.d.ts.map

package/stubs/sso/sso-authenticated.stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAG5B,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAYE"}
+{"version":3,"file":"sso-authenticated.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5C;;;;;;;;;;GAUG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAWE"}

package/stubs/sso/sso-authenticated.stub.js

@@ -1,14 +1,22 @@
 import { Jwt } from '../../utils';
+/**
+ * Express middleware that checks if the current session has a valid, non-expired access token.
+ *
+ * - Sets the `Cache-Control` header to prevent caching of the endpoint.
+ * - Retrieves the `access_token` from the session.
+ * - If the token is missing or expired (as determined by `Jwt.isJwtExpired`), responds with HTTP 401 and `false`.
+ * - Otherwise, responds with HTTP 200 and `true`.
+ *
+ * @param req - The Express request object, expected to have a `session.securityToken.access_token` property.
+ * @param res - The Express response object used to send the HTTP response.
+ */
 export default (req, res) => {
-    const isJwtExpired = Jwt.isJwtExpired(req.session.securityToken?.access_token);
-    const userId = req.session.securityToken?.user_state?.user_id;
     // Don't allow caching of this endpoint
     res.header('Cache-Control', 'no-store, must-revalidate');
-    if (isJwtExpired || !userId) {
+    const accessToken = req.session.securityToken?.access_token;
+    if (!accessToken || Jwt.isJwtExpired(accessToken)) {
         res.status(401).send(false);
     }
-    else {
-        res.status(200).send(true);
-    }
+    res.status(200).send(true);
 };
 //# sourceMappingURL=sso-authenticated.stub.js.map

package/stubs/sso/sso-authenticated.stub.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAElC,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAC/E,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC;IAE9D,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,IAAI,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-authenticated.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAElC;;;;;;;;;;GAUG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;IAE5D,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC,CAAC"}

package/stubs/sso/sso-login-callback.stub.d.ts

@@ -1,4 +1,21 @@
 import { NextFunction, Request, Response } from 'express';
+/**
+ * Express middleware stub for handling SSO login callback in a testing environment.
+ *
+ * This middleware simulates the login callback by minting a JWT token for a supplied email address
+ * using the internal testing-support API. The token is then stored in the session for subsequent requests.
+ *
+ * @param req - Express request object, expects an 'email' query parameter.
+ * @param res - Express response object.
+ * @param next - Express next middleware function.
+ * @param opalApiUrl - The base URL of the Opal API, used to construct the token minting endpoint.
+ *
+ * @remarks
+ * - If the 'email' query parameter is missing, the middleware logs an error and calls `next` with the error.
+ * - If token minting fails or the response does not contain an access token, an error is logged and passed to `next`.
+ * - On success, the access token is stored in `req.session.securityToken` and the user is redirected to the root path.
+ * - Intended for use in test and development environments only.
+ */
 declare const _default: (req: Request, res: Response, next: NextFunction, opalApiUrl: string) => Promise<void>;
 export default _default;
 //# sourceMappingURL=sso-login-callback.stub.d.ts.map

package/stubs/sso/sso-login-callback.stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login-callback.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAIpC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,YAAY,MAAM;AAAzF,wBAwBE"}
+{"version":3,"file":"sso-login-callback.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAI1D;;;;;;;;;;;;;;;;GAgBG;yBACmB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,YAAY,MAAM;AAAzF,wBA2CE"}

package/stubs/sso/sso-login-callback.stub.js

@@ -1,21 +1,53 @@
 import { Logger } from '@hmcts/nodejs-logging';
 import axios from 'axios';
+/**
+ * Express middleware stub for handling SSO login callback in a testing environment.
+ *
+ * This middleware simulates the login callback by minting a JWT token for a supplied email address
+ * using the internal testing-support API. The token is then stored in the session for subsequent requests.
+ *
+ * @param req - Express request object, expects an 'email' query parameter.
+ * @param res - Express response object.
+ * @param next - Express next middleware function.
+ * @param opalApiUrl - The base URL of the Opal API, used to construct the token minting endpoint.
+ *
+ * @remarks
+ * - If the 'email' query parameter is missing, the middleware logs an error and calls `next` with the error.
+ * - If token minting fails or the response does not contain an access token, an error is logged and passed to `next`.
+ * - On success, the access token is stored in `req.session.securityToken` and the user is redirected to the root path.
+ * - Intended for use in test and development environments only.
+ */
 export default async (req, res, next, opalApiUrl) => {
-    const INTERNAL_JWT = `${opalApiUrl}/testing-support/token/user`;
     const logger = Logger.getLogger('login-callback-stub');
     try {
-        const email = req.query['email'];
-        const result = await axios.get(INTERNAL_JWT, {
+        const email = req.query['email']?.trim();
+        if (!email) {
+            const error = new Error('No email provided on login callback.');
+            logger.error(error);
+            return next(error);
+        }
+        const internalJwtUrl = `${opalApiUrl}/testing-support/token/user`;
+        // Ask testing-support to mint a token for the supplied email
+        const result = await axios.get(internalJwtUrl, {
             headers: { 'X-User-Email': email },
         });
-        req.session.securityToken = result.data;
+        // testing-support may return just a JWT string or a structured token object
+        const data = result.data;
+        const access_token = typeof data === 'string' ? data : data?.access_token;
+        if (!access_token) {
+            const error = new Error('Token minting failed: missing access_token.');
+            logger.error(error, { data });
+            return next(error);
+        }
+        // Persist only what we need for subsequent calls
+        req.session.securityToken = { user_state: undefined, access_token };
         req.session.save((err) => {
             if (err) {
                 logger.error('Error saving session', err);
                 return next(err);
             }
-            logger.info('Session saved');
-            res.redirect('/');
+            logger.info('Session saved (access token only)');
+            return res.redirect('/');
         });
     }
     catch (error) {

package/stubs/sso/sso-login-callback.stub.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login-callback.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,UAAkB,EAAE,EAAE;IAC3F,MAAM,YAAY,GAAG,GAAG,UAAU,6BAA6B,CAAC;IAChE,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAW,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE;YAC3C,OAAO,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC;QAExC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC7B,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-login-callback.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B;;;;;;;;;;;;;;;;GAgBG;AACH,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,UAAkB,EAAE,EAAE;IAC3F,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,KAAK,GAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAwB,EAAE,IAAI,EAAE,CAAC;QACjE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAChE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,MAAM,cAAc,GAAG,GAAG,UAAU,6BAA6B,CAAC;QAElE,6DAA6D;QAC7D,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE;YAC7C,OAAO,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,4EAA4E;QAC5E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,MAAM,YAAY,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,YAAY,CAAC;QAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACvE,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,iDAAiD;QACjD,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;QAEpE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}

package/stubs/sso/sso-login.stub.d.ts

@@ -1,4 +1,15 @@
 import { Request, Response, NextFunction } from 'express';
+/**
+ * Express middleware stub for simulating SSO login.
+ *
+ * If an `email` query parameter is present, redirects to the SSO login callback with the email.
+ * Otherwise, logs an error and passes it to the next middleware.
+ *
+ * @param req - Express request object
+ * @param res - Express response object
+ * @param next - Express next middleware function
+ * @returns A redirect response or calls `next` with an error if no email is provided.
+ */
 declare const _default: (req: Request, res: Response, next: NextFunction) => Promise<void>;
 export default _default;
 //# sourceMappingURL=sso-login.stub.d.ts.map

package/stubs/sso/sso-login.stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;yBAKpC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;AAArE,wBAUE"}
+{"version":3,"file":"sso-login.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAK1D;;;;;;;;;;GAUG;yBACmB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;AAArE,wBAUE"}

package/stubs/sso/sso-login.stub.js

@@ -1,14 +1,23 @@
 import { Logger } from '@hmcts/nodejs-logging';
 const logger = Logger.getLogger('login-stub');
+/**
+ * Express middleware stub for simulating SSO login.
+ *
+ * If an `email` query parameter is present, redirects to the SSO login callback with the email.
+ * Otherwise, logs an error and passes it to the next middleware.
+ *
+ * @param req - Express request object
+ * @param res - Express response object
+ * @param next - Express next middleware function
+ * @returns A redirect response or calls `next` with an error if no email is provided.
+ */
 export default async (req, res, next) => {
-    const email = req.query['email'];
-    if (email !== 'null') {
-        res.redirect(`/sso/login-callback?email=${email}`);
-    }
-    else {
-        const error = new Error('No email provided.');
-        logger.error('Error on login-stub', error);
-        return next(error);
+    const email = req.query['email']?.trim();
+    if (email) {
+        return res.redirect(`/sso/login-callback?email=${encodeURIComponent(email)}`);
     }
+    const error = new Error('No email provided.');
+    logger.error('Error on login-stub', error);
+    return next(error);
 };
 //# sourceMappingURL=sso-login.stub.js.map

package/stubs/sso/sso-login.stub.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;AAE9C,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACvE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAW,CAAC;IAE3C,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACrB,GAAG,CAAC,QAAQ,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-login.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;AAE9C;;;;;;;;;;GAUG;AACH,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACvE,MAAM,KAAK,GAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAwB,EAAE,IAAI,EAAE,CAAC;IAEjE,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,GAAG,CAAC,QAAQ,CAAC,6BAA6B,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAC9C,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;AACrB,CAAC,CAAC"}

package/stubs/sso/sso-logout-callback.stub.d.ts

@@ -1,4 +1,16 @@
 import { NextFunction, Request, Response } from 'express';
+/**
+ * Handles the SSO logout callback by destroying the user's session,
+ * clearing the authentication cookie, and redirecting to the home page.
+ *
+ * @param req - The Express request object.
+ * @param res - The Express response object.
+ * @param next - The next middleware function in the Express stack.
+ * @param prefix - The prefix used for the authentication cookie to be cleared.
+ *
+ * @remarks
+ * If an error occurs while destroying the session, it is logged and passed to the next middleware.
+ */
 declare const _default: (req: Request, res: Response, next: NextFunction, prefix: string) => void;
 export default _default;
 //# sourceMappingURL=sso-logout-callback.stub.d.ts.map

package/stubs/sso/sso-logout-callback.stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout-callback.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout-callback.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAG1C,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,QAAQ,MAAM;AAA/E,wBAYE"}
+{"version":3,"file":"sso-logout-callback.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout-callback.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG1D;;;;;;;;;;;GAWG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,QAAQ,MAAM;AAA/E,wBAYE"}

package/stubs/sso/sso-logout-callback.stub.js

@@ -1,4 +1,16 @@
 import { Logger } from '@hmcts/nodejs-logging';
+/**
+ * Handles the SSO logout callback by destroying the user's session,
+ * clearing the authentication cookie, and redirecting to the home page.
+ *
+ * @param req - The Express request object.
+ * @param res - The Express response object.
+ * @param next - The next middleware function in the Express stack.
+ * @param prefix - The prefix used for the authentication cookie to be cleared.
+ *
+ * @remarks
+ * If an error occurs while destroying the session, it is logged and passed to the next middleware.
+ */
 export default (req, res, next, prefix) => {
     const logger = Logger.getLogger('logout-callback-stub');
     req.session.destroy((err) => {

package/stubs/sso/sso-logout-callback.stub.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout-callback.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout-callback.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,MAAc,EAAE,EAAE;IACjF,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;IAExD,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1B,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,CAAC,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QAED,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC"}
+{"version":3,"file":"sso-logout-callback.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout-callback.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C;;;;;;;;;;;GAWG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,MAAc,EAAE,EAAE;IACjF,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;IAExD,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1B,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,CAAC,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QAED,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC"}

package/stubs/sso/sso-logout.stub.d.ts

@@ -1,4 +1,16 @@
-import { Request, Response, NextFunction } from 'express';
-declare const _default: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+import { Request, Response } from 'express';
+/**
+ * Handles the SSO logout stub endpoint.
+ *
+ * - Prevents caching of the endpoint by setting appropriate headers.
+ * - Checks for the presence and validity of the access token in the session.
+ * - Responds with HTTP 401 and `false` if the access token is missing or expired.
+ * - Responds with HTTP 200 and `true` if the access token is present and valid.
+ *
+ * @param req - The Express request object.
+ * @param res - The Express response object.
+ * @returns Sends a boolean response indicating the validity of the access token.
+ */
+declare const _default: (req: Request, res: Response) => Response<any, Record<string, any>>;
 export default _default;
 //# sourceMappingURL=sso-logout.stub.d.ts.map

package/stubs/sso/sso-logout.stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;yBAGpC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;AAArE,wBAEE"}
+{"version":3,"file":"sso-logout.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5C;;;;;;;;;;;GAWG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAWE"}

package/stubs/sso/sso-logout.stub.js

@@ -1,5 +1,23 @@
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-export default async (req, res, next) => {
-    res.redirect('/sso/logout-callback');
+import { Jwt } from '../../utils';
+/**
+ * Handles the SSO logout stub endpoint.
+ *
+ * - Prevents caching of the endpoint by setting appropriate headers.
+ * - Checks for the presence and validity of the access token in the session.
+ * - Responds with HTTP 401 and `false` if the access token is missing or expired.
+ * - Responds with HTTP 200 and `true` if the access token is present and valid.
+ *
+ * @param req - The Express request object.
+ * @param res - The Express response object.
+ * @returns Sends a boolean response indicating the validity of the access token.
+ */
+export default (req, res) => {
+    // Don't allow caching of this endpoint
+    res.header('Cache-Control', 'no-store, must-revalidate');
+    const accessToken = req.session.securityToken?.access_token;
+    if (!accessToken || Jwt.isJwtExpired(accessToken)) {
+        return res.status(401).send(false);
+    }
+    return res.status(200).send(true);
 };
 //# sourceMappingURL=sso-logout.stub.js.map

package/stubs/sso/sso-logout.stub.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-logout.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout.stub.ts"],"names":[],"mappings":"AAEA,6DAA6D;AAC7D,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACvE,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;AACvC,CAAC,CAAC"}
+{"version":3,"file":"sso-logout.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-logout.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAElC;;;;;;;;;;;GAWG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;IAE5D,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC,CAAC"}

package/interfaces/userState.d.ts

@@ -1,16 +0,0 @@
-declare class UserState {
-    user_id: string;
-    user_name: string;
-    business_unit_user?: BusinessUnitUser[];
-}
-declare class BusinessUnitUser {
-    business_user_id: string;
-    business_unit: string;
-    permissions?: Permissions[];
-}
-declare class Permissions {
-    permission_id: number;
-    permission_name: string;
-}
-export default UserState;
-//# sourceMappingURL=userState.d.ts.map

package/interfaces/userState.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"userState.d.ts","sourceRoot":"","sources":["../../src/interfaces/userState.ts"],"names":[],"mappings":"AAAA,cAAM,SAAS;IACb,OAAO,EAAG,MAAM,CAAC;IACjB,SAAS,EAAG,MAAM,CAAC;IACnB,kBAAkB,CAAC,EAAE,gBAAgB,EAAE,CAAC;CACzC;AAED,cAAM,gBAAgB;IACpB,gBAAgB,EAAG,MAAM,CAAC;IAC1B,aAAa,EAAG,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,WAAW,EAAE,CAAC;CAC7B;AAED,cAAM,WAAW;IACf,aAAa,EAAG,MAAM,CAAC;IACvB,eAAe,EAAG,MAAM,CAAC;CAC1B;AAED,eAAe,SAAS,CAAC"}

package/interfaces/userState.js

@@ -1,16 +0,0 @@
-class UserState {
-    user_id;
-    user_name;
-    business_unit_user;
-}
-class BusinessUnitUser {
-    business_user_id;
-    business_unit;
-    permissions;
-}
-class Permissions {
-    permission_id;
-    permission_name;
-}
-export default UserState;
-//# sourceMappingURL=userState.js.map

package/interfaces/userState.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"userState.js","sourceRoot":"","sources":["../../src/interfaces/userState.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS;IACb,OAAO,CAAU;IACjB,SAAS,CAAU;IACnB,kBAAkB,CAAsB;CACzC;AAED,MAAM,gBAAgB;IACpB,gBAAgB,CAAU;IAC1B,aAAa,CAAU;IACvB,WAAW,CAAiB;CAC7B;AAED,MAAM,WAAW;IACf,aAAa,CAAU;IACvB,eAAe,CAAU;CAC1B;AAED,eAAe,SAAS,CAAC"}

package/session/session-user-state/index.d.ts

@@ -1,4 +0,0 @@
-import { Request, Response } from 'express';
-declare const sessionUserState: (req: Request, res: Response) => void;
-export default sessionUserState;
-//# sourceMappingURL=index.d.ts.map

package/session/session-user-state/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/session/session-user-state/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAI5C,QAAA,MAAM,gBAAgB,GAAI,KAAK,OAAO,EAAE,KAAK,QAAQ,SAiBpD,CAAC;AAEF,eAAe,gBAAgB,CAAC"}