npm - @node-c/domain-iam - Versions diffs - 1.0.0-beta6 → 1.0.0-beta8 - Mend

@node-c/domain-iam 1.0.0-beta6 → 1.0.0-beta8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/src/services/authentication/iam.authentication.service.ts CHANGED Viewed

@@ -1,12 +1,14 @@
 import { ApplicationError, ConfigProviderService, LoggerService } from '@node-c/core';
+import * as jwt from 'jsonwebtoken';
 import {
   IAMAuthenticationCompleteData,
   IAMAuthenticationCompleteOptions,
   IAMAuthenticationCompleteResult,
   IAMAuthenticationGetPayloadsFromExternalTokensData,
   IAMAuthenticationGetPayloadsFromExternalTokensResult,
-  IAMAuthenticationGetUserCreateAccessTokenConfigResult,
+  IAMAuthenticationGetUserAuthenticationConfigResult,
   IAMAuthenticationGetUserDataFromExternalTokenPayloadsData,
   IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult,
   IAMAuthenticationInitiateData,
@@ -15,9 +17,12 @@ import {
   IAMAuthenticationRefreshExternalAccessTokenData,
   IAMAuthenticationRefreshExternalAccessTokenResult,
   IAMAuthenticationVerifyExternalAccessTokenData,
-  IAMAuthenticationVerifyExternalAccessTokenResult
+  IAMAuthenticationVerifyExternalAccessTokenResult,
+  IAMAuthenticationVerifyTokenOptions
 } from './iam.authentication.definitions';
+import { Constants } from '../../common/definitions';
 export class IAMAuthenticationService<CompleteContext extends object, InitiateContext extends object> {
   protected isLocal: boolean;
@@ -27,11 +32,13 @@ export class IAMAuthenticationService<CompleteContext extends object, InitiateCo
     // eslint-disable-next-line no-unused-vars
     protected logger: LoggerService,
     // eslint-disable-next-line no-unused-vars
-    protected moduleName: string
+    protected moduleName: string,
+    // eslint-disable-next-line no-unused-vars
+    protected serviceName: string
   ) {}
-  /*
-   * Step 2 of the auth process. Mandatory.
+  /**
+   * Step 2 of the authentication process. Mandatory.
    */
   async complete(
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
@@ -42,26 +49,42 @@ export class IAMAuthenticationService<CompleteContext extends object, InitiateCo
     throw new ApplicationError(`[${this.moduleName}][IAMAuthenticationService]: Method "complete" not implemented.`);
   }
-  getUserCreateAccessTokenConfig(): IAMAuthenticationGetUserCreateAccessTokenConfigResult {
+  getUserAuthenticationConfig(): IAMAuthenticationGetUserAuthenticationConfigResult {
     throw new ApplicationError(
       `[${this.moduleName}][IAMAuthenticationService]: Method "getUserAccessTokenConfig" not implemented.`
     );
   }
-  /*
+  /**
    * Method for decoding JWTs and returning their payloads.
+   *
    * If the tokens aren't JWTs, other ways for retreiving the payloads can be implemented, such as the OAuth introspection endpoint.
    */
   async getPayloadsFromExternalTokens(
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    _data: IAMAuthenticationGetPayloadsFromExternalTokensData
+    data: IAMAuthenticationGetPayloadsFromExternalTokensData
   ): Promise<IAMAuthenticationGetPayloadsFromExternalTokensResult> {
-    throw new ApplicationError(
-      `[${this.moduleName}][IAMAuthenticationService]: Method "getPayloadsFromExternalTokens" not implemented.`
-    );
+    const { logger, moduleName, serviceName } = this;
+    const { accessToken, idToken } = data;
+    const returnData: IAMAuthenticationGetPayloadsFromExternalTokensResult = {};
+    if (accessToken) {
+      const { content: accessTokenPayload, error } = await this.verifyToken(accessToken);
+      if (error) {
+        logger.error(
+          `[${moduleName}][${serviceName}]: Method "getPayloadsFromExternalTokens" has produced an error:`,
+          error
+        );
+        throw new ApplicationError(`[${moduleName}][${serviceName}]: Error getting data from external tokens.`);
+      }
+      returnData.accessTokenPayload = accessTokenPayload;
+    }
+    if (idToken) {
+      const idTokenData = await this.verifyToken(idToken);
+      returnData.idTokenPayload = idTokenData.content;
+    }
+    return returnData;
   }
-  /*
+  /**
    * Method for mapping token payload data, such as username and scopes, to local user data, such as email and roles.
    */
   async getUserDataFromExternalTokenPayloads(
@@ -73,8 +96,8 @@ export class IAMAuthenticationService<CompleteContext extends object, InitiateCo
     );
   }
-  /*
-   * Step 1 of the auth process. Mandatory.
+  /**
+   * Step 1 of the authentication process. Mandatory.
    */
   async initiate(
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
@@ -102,4 +125,45 @@ export class IAMAuthenticationService<CompleteContext extends object, InitiateCo
       `[${this.moduleName}][IAMAuthenticationService]: Method "verifyExternalAccessToken" not implemented.`
     );
   }
+  async verifyToken<DecodedTokenContent = unknown>(
+    token: string,
+    options?: IAMAuthenticationVerifyTokenOptions
+  ): Promise<{ content?: DecodedTokenContent; error?: unknown }> {
+    const { audiences, issuer, secret } = options || {};
+    let returnData: { content?: DecodedTokenContent; error?: unknown } = {};
+    if (secret) {
+      returnData = await new Promise<{ content?: DecodedTokenContent; error?: unknown }>(resolve => {
+        jwt.verify(token, secret, (err, decoded) => {
+          if (err) {
+            resolve({ content: decoded as DecodedTokenContent, error: err });
+          }
+          resolve({ content: decoded as DecodedTokenContent });
+        });
+      });
+    } else {
+      const tokenContent = jwt.decode(token) as DecodedTokenContent & { aud?: string; exp?: number; iss?: string };
+      if (tokenContent.exp) {
+        // tokenContent.exp < new Date().valueOf()
+        let currentTimeStamp = `${new Date().valueOf()}`;
+        let expString = `${tokenContent.exp}`;
+        if (expString.length < currentTimeStamp.length) {
+          currentTimeStamp = currentTimeStamp.substring(0, expString.length);
+        } else if (expString.length > currentTimeStamp.length) {
+          expString = expString.substring(0, currentTimeStamp.length);
+        }
+        if (parseInt(expString, 10) < parseInt(currentTimeStamp, 10)) {
+          returnData.error = Constants.TOKEN_EXPIRED_ERROR;
+        }
+      }
+      if (tokenContent.aud && audiences && !audiences.includes(tokenContent.aud)) {
+        returnData.error = Constants.TOKEN_MISMATCHED_AUDIENCES_ERROR;
+      }
+      if (tokenContent.iss && issuer && issuer !== tokenContent.iss) {
+        returnData.error = Constants.TOKEN_MISMATCHED_ISSUER_ERROR;
+      }
+      returnData.content = tokenContent;
+    }
+    return returnData;
+  }
 }

package/src/services/authenticationConsumer/iam.authenticationConsumer.definitions.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import {
+  IAMAuthenticationCompleteData,
+  IAMAuthenticationCompleteOptions,
+  IAMAuthenticationCompleteResult,
+  IAMAuthenticationGetUserAuthenticationConfigResult,
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsData,
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult,
+  IAMAuthenticationInitiateData,
+  IAMAuthenticationInitiateOptions,
+  IAMAuthenticationInitiateResult,
+  IAMAuthenticationRefreshExternalAccessTokenData,
+  IAMAuthenticationRefreshExternalAccessTokenResult
+} from '../authentication';
+export type IAMAuthenticationConsumerCompleteData = IAMAuthenticationCompleteData;
+export type IAMAuthenticationConsumerCompleteOptions<Context extends object> =
+  IAMAuthenticationCompleteOptions<Context>;
+export interface IAMAuthenticationConsumerCompleteResult extends IAMAuthenticationCompleteResult {
+  idToken?: string;
+  refreshToken?: string;
+}
+export type IAMAuthenticationConsumerGetUserAuthenticationConfigResult =
+  IAMAuthenticationGetUserAuthenticationConfigResult;
+export type IAMAuthenticationConsumerGetUserDataFromExternalTokenPayloadsData =
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsData;
+export type IAMAuthenticationConsumerGetUserDataFromExternalTokenPayloadsResult =
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult;
+export type IAMAuthenticationConsumerInitiateData = IAMAuthenticationInitiateData;
+export type IAMAuthenticationConsumerInitiateOptions<Context extends object> =
+  IAMAuthenticationInitiateOptions<Context>;
+export type IAMAuthenticationConsumerInitiateResult = IAMAuthenticationInitiateResult;
+export type IAMAuthenticationConsumerRefreshExternalAccessTokenData = IAMAuthenticationRefreshExternalAccessTokenData;
+export type IAMAuthenticationConsumerRefreshExternalAccessTokenResult =
+  IAMAuthenticationRefreshExternalAccessTokenResult;

package/src/services/authenticationConsumer/iam.authenticationConsumer.service.ts ADDED Viewed

@@ -0,0 +1,192 @@
+import {
+  AppConfigDomainIAM,
+  AppConfigDomainIAMAuthenticationStep,
+  ApplicationError,
+  ConfigProviderService,
+  GenericObject,
+  HttpMethod,
+  LoggerService,
+  httpRequest
+} from '@node-c/core';
+import ld from 'lodash';
+import {
+  IAMAuthenticationConsumerCompleteData,
+  IAMAuthenticationConsumerCompleteOptions,
+  IAMAuthenticationConsumerCompleteResult,
+  IAMAuthenticationConsumerGetUserAuthenticationConfigResult,
+  IAMAuthenticationConsumerGetUserDataFromExternalTokenPayloadsData,
+  IAMAuthenticationConsumerGetUserDataFromExternalTokenPayloadsResult,
+  IAMAuthenticationConsumerInitiateData,
+  IAMAuthenticationConsumerInitiateOptions,
+  IAMAuthenticationConsumerInitiateResult,
+  IAMAuthenticationConsumerRefreshExternalAccessTokenData,
+  IAMAuthenticationConsumerRefreshExternalAccessTokenResult
+} from './iam.authenticationConsumer.definitions';
+import { IAMAuthenticationService } from '../authentication';
+/**
+ * The base service for integrating authenticationServices via other Node-C Apps as a consumer.
+ *
+ * This service is intended to be extended by services that will be used in the consumer environment.
+ */
+export class IAMAuthenticationConsumerService<
+  CompleteContext extends object,
+  InitiateContext extends object
+> extends IAMAuthenticationService<CompleteContext, InitiateContext> {
+  constructor(configProvider: ConfigProviderService, logger: LoggerService, moduleName: string, serviceName: string) {
+    super(configProvider, logger, moduleName, serviceName);
+    this.isLocal = false;
+  }
+  async complete(
+    data: IAMAuthenticationConsumerCompleteData,
+    options: IAMAuthenticationConsumerCompleteOptions<CompleteContext>
+  ): Promise<IAMAuthenticationConsumerCompleteResult> {
+    const responseData = await this.runRequest<IAMAuthenticationConsumerCompleteResult>(
+      AppConfigDomainIAMAuthenticationStep.Complete,
+      {
+        auth: { ...data, type: this.serviceName },
+        step: AppConfigDomainIAMAuthenticationStep.Complete,
+        ...(options?.contextIdentifierField
+          ? {
+              filters: {
+                [options.contextIdentifierField]:
+                  options.context[options.contextIdentifierField as keyof CompleteContext]
+              }
+            }
+          : {})
+      }
+    );
+    return {
+      ...responseData,
+      valid: typeof responseData.valid !== 'undefined' ? responseData.valid : !!responseData.accessToken?.length
+    };
+  }
+  /**
+   * This config is intended for use by the consumer environment.
+   *
+   * User data from: provider
+   *
+   * Internal tokens from: provider
+   *
+   * External tokens from: provider
+   *
+   * Authentication happens in: provider
+   */
+  getUserAuthenticationConfig(): IAMAuthenticationConsumerGetUserAuthenticationConfigResult {
+    const { configProvider, moduleName, serviceName } = this;
+    const moduleConfig = configProvider.config.domain[moduleName] as AppConfigDomainIAM;
+    const { steps } = moduleConfig.authServiceSettings![serviceName];
+    const defaultConfig: IAMAuthenticationConsumerGetUserAuthenticationConfigResult = {
+      // this step just extracts the user data from the returned data and saves it in the consumer environment,
+      // together with the tokens
+      [AppConfigDomainIAMAuthenticationStep.Complete]: {
+        authReturnsTokens: true,
+        decodeReturnedTokens: true,
+        findUser: true,
+        findUserBeforeAuth: false,
+        findUserInExternalTokenPayloads: true,
+        useReturnedTokens: true,
+        useReturnedTokensAsLocal: true,
+        validWithoutUser: false
+      },
+      // this step simply does nothing
+      [AppConfigDomainIAMAuthenticationStep.Initiate]: {
+        findUser: false,
+        validWithoutUser: true
+      }
+    };
+    return ld.merge(defaultConfig, steps || {});
+  }
+  async getUserDataFromExternalTokenPayloads(
+    data: IAMAuthenticationConsumerGetUserDataFromExternalTokenPayloadsData
+  ): Promise<IAMAuthenticationConsumerGetUserDataFromExternalTokenPayloadsResult | null> {
+    const { idTokenPayload } = data;
+    if (!idTokenPayload?.data?.user) {
+      return null;
+    }
+    return idTokenPayload.data.user as unknown as IAMAuthenticationConsumerGetUserDataFromExternalTokenPayloadsResult;
+  }
+  async initiate(
+    data: IAMAuthenticationConsumerInitiateData,
+    options: IAMAuthenticationConsumerInitiateOptions<InitiateContext>
+  ): Promise<IAMAuthenticationConsumerInitiateResult> {
+    const responseData = await this.runRequest<
+      IAMAuthenticationConsumerInitiateResult | IAMAuthenticationConsumerCompleteResult
+    >(AppConfigDomainIAMAuthenticationStep.Initiate, {
+      auth: { ...data, type: this.serviceName },
+      step: AppConfigDomainIAMAuthenticationStep.Initiate,
+      ...(options?.contextIdentifierField
+        ? {
+            filters: {
+              [options.contextIdentifierField]: options.context[options.contextIdentifierField as keyof InitiateContext]
+            }
+          }
+        : {})
+    });
+    return {
+      ...responseData,
+      valid:
+        typeof responseData.valid !== 'undefined'
+          ? responseData.valid
+          : 'accessToken' in responseData && !!responseData.accessToken?.length,
+      ...('nextStepsRequired' in responseData && responseData.nextStepsRequired
+        ? { mfaUsed: true, mfaValid: true }
+        : { mfaUsed: false })
+    };
+  }
+  protected async runRequest<ReturnData>(
+    endpoint: AppConfigDomainIAMAuthenticationStep | 'refreshExternalAccessToken',
+    data: GenericObject
+  ): Promise<ReturnData> {
+    const { configProvider, logger, moduleName, serviceName } = this;
+    const moduleConfig = configProvider.config.domain[moduleName] as AppConfigDomainIAM;
+    const { apiKey, apiSecret, apiSecretHashingAlgorithm, baseUrl, ...configData } =
+      moduleConfig.authServiceSettings![serviceName].nodeC!;
+    const endpointMethod = configData[`${endpoint}EndpointMethod`];
+    const endpointUri = configData[`${endpoint}Endpoint`];
+    if (!baseUrl) {
+      logger.error(`[${moduleName}][${serviceName}]: Base URL not configured.`);
+      throw new ApplicationError('Authentication failed.');
+    }
+    if (!endpointUri) {
+      logger.error(`[${moduleName}][${serviceName}]: Endpoint URI for "${endpoint}" not configured.`);
+      throw new ApplicationError('Authentication failed.');
+    }
+    if (!endpointMethod) {
+      logger.error(`[${moduleName}][${serviceName}]: Endpoint method for "${endpoint}" not configured.`);
+      throw new ApplicationError('Authentication failed.');
+    }
+    const { data: responseData, hasError } = await httpRequest<ReturnData>(`${baseUrl}${endpointUri}`, {
+      apiKey,
+      apiSecret,
+      apiSecretHashingAlgorithm,
+      isJSON: true,
+      method: endpointMethod,
+      ...(endpointMethod === HttpMethod.GET ? { query: data } : { body: data })
+    });
+    if (hasError || !responseData) {
+      logger.error(`[${moduleName}][${serviceName}]: Endpoint ${endpointUri} failed.`, responseData);
+      throw new ApplicationError('Authentication failed.');
+    }
+    return responseData;
+  }
+  async refreshExternalAccessToken(
+    data: IAMAuthenticationConsumerRefreshExternalAccessTokenData
+  ): Promise<IAMAuthenticationConsumerRefreshExternalAccessTokenResult> {
+    return await this.runRequest<IAMAuthenticationConsumerRefreshExternalAccessTokenResult>(
+      'refreshExternalAccessToken',
+      {
+        data
+      }
+    );
+  }
+}

package/src/services/authenticationConsumer/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './iam.authenticationConsumer.definitions';
2	+ export * from './iam.authenticationConsumer.service';

package/src/services/{userManager/iam.userManager.definitions.ts → authenticationManager/iam.authenticationManager.definitions.ts} RENAMED Viewed

@@ -2,7 +2,6 @@ import {
   AppConfigCommonDomainIAMAuthServiceConfigCompleteSettings,
   AppConfigCommonDomainIAMAuthServiceConfigInitiateSettings,
   AppConfigDomainIAMAuthenticationStep,
-  DomainFindOnePrivateOptions,
   GenericObject
 } from '@node-c/core';
@@ -12,10 +11,10 @@ import {
   IAMAuthenticationService,
   IAMAuthenticationType
 } from '../authentication';
-import { AuthorizationUser } from '../authorization';
 import { IAMMFAType } from '../mfa';
+import { IAMUserWithPermissionsData } from '../users';
-export interface IAMUserManagerCreateAccessTokenOptions<AuthData = unknown> {
+export interface IAMAuthenticationManagerAuthenticateOptions<AuthData = unknown> {
   auth: {
     mfaType?: IAMMFAType;
     type: IAMAuthenticationType | string;
@@ -26,7 +25,7 @@ export interface IAMUserManagerCreateAccessTokenOptions<AuthData = unknown> {
   step?: AppConfigDomainIAMAuthenticationStep;
 }
-export type IAMUserManagerCreateAccessTokenReturnData<UserData> =
+export type IAMAuthenticationManagerAuthenticateReturnData<UserData> =
   | {
       accessToken: string;
       idToken: string;
@@ -35,12 +34,12 @@ export type IAMUserManagerCreateAccessTokenReturnData<UserData> =
     }
   | { nextStepsRequired: boolean };
-export type IAMUserManagerExecuteStepData<AuthData = unknown> = Omit<
-  IAMUserManagerCreateAccessTokenOptions<AuthData>,
+export type IAMAuthenticationManagerExecuteStepData<AuthData = unknown> = Omit<
+  IAMAuthenticationManagerAuthenticateOptions<AuthData>,
   'rememberUser' | 'step'
 >;
-export interface IAMUserManagerExecuteStepOptions<User extends object> {
+export interface IAMAuthenticationManagerExecuteStepOptions<User extends object> {
   authService: IAMAuthenticationService<User, User>;
   name: AppConfigDomainIAMAuthenticationStep;
   stepConfig:
@@ -48,28 +47,21 @@ export interface IAMUserManagerExecuteStepOptions<User extends object> {
     | AppConfigCommonDomainIAMAuthServiceConfigInitiateSettings;
 }
-export interface IAMUserManagerExecuteStepResult<User extends object> {
+export interface IAMAuthenticationManagerExecuteStepResult<User extends object> {
   stepResult: IAMAuthenticationCompleteResult | IAMAuthenticationInitiateResult;
-  user: IAMUserManagerUserWithPermissionsData<User, unknown> | null;
+  user: IAMUserWithPermissionsData<User, unknown> | null;
   userFilterField?: string | undefined;
   userFilterValue?: unknown | undefined;
 }
-export interface IAMUserManagerGetUserWithPermissionsDataOptions extends DomainFindOnePrivateOptions {
-  keepPassword?: boolean;
-}
-export type IAMUserManagerUserWithPermissionsData<UserData, AuthorizationPointId> =
-  AuthorizationUser<AuthorizationPointId> & UserData;
-export interface IAMUserManagerUserTokenEnityFields<UserId = unknown> {
+export interface IAMAuthenticationManagerUserTokenEnityFields<UserId = unknown> {
   accessToken?: string;
   refreshToken?: string;
   userId: UserId;
-  user?: IAMUserManagerUserWithPermissionsData<object, unknown>;
+  user?: IAMUserWithPermissionsData<object, unknown>;
 }
-export enum IAMUserManagerUserTokenUserIdentifier {
+export enum IAMAuthenticationManagerUserTokenUserIdentifier {
   // eslint-disable-next-line no-unused-vars
   FieldName = 'userId'
 }