npm - @openinc/parse-server-opendash - Versions diffs - 3.10.2 → 3.10.4 - Mend

@openinc/parse-server-opendash 3.10.2 → 3.10.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/functions/openinc-auth-login-microsoft.js +30 -92
package/package.json +1 -1

package/dist/functions/openinc-auth-login-microsoft.js CHANGED Viewed

@@ -15,129 +15,67 @@ const tenantId = config_1.ConfigInstance.getInstance().get("MICROSOFT_TENANT_ID"
 const appId = config_1.ConfigInstance.getInstance().get("MICROSOFT_APP_ID") ||
     process.env.MICROSOFT_APP_ID ||
     process.env.OI_MICROSOFT_APP_ID;
-// Setup JWKS client for Microsoft - try v2.0 first, fallback to v1.0
-const getJwksUri = (version = "v2.0") => `https://login.microsoftonline.com/${tenantId}/discovery/${version}/keys`;
+// Simple, standard Microsoft v2.0 endpoint with app-specific parameter
 const client = (0, jwks_rsa_1.default)({
-    jwksUri: getJwksUri(),
+    jwksUri: `https://login.microsoftonline.com/${tenantId}/discovery/keys?appid=${appId}`,
     cache: true,
-    cacheMaxEntries: 5,
-    cacheMaxAge: 1000 * 60 * 60 * 24, // 24 hours
-    timeout: 30000, // 30 seconds
-});
-// Fallback client for v1.0 if v2.0 fails
-const clientV1 = (0, jwks_rsa_1.default)({
-    jwksUri: getJwksUri("v1.0"),
-    cache: true,
-    cacheMaxEntries: 5,
-    cacheMaxAge: 1000 * 60 * 60 * 24, // 24 hours
-    timeout: 30000, // 30 seconds
+    cacheMaxAge: 12 * 60 * 60 * 1000, // 12 hours
+    timeout: 30000,
 });
 function getKey(header, callback) {
-    console.log("JWT Header:", header);
-    console.log("Tenant ID:", tenantId);
-    console.log("App ID:", appId);
     if (!header.kid) {
-        console.error("No kid found in token header");
         return callback(new Error("No kid found in token header"));
     }
-    console.log("Attempting to get signing key for kid:", header.kid);
     client.getSigningKey(header.kid, (err, key) => {
-        if (err) {
-            console.error("Error with v2.0 endpoint, trying v1.0:", err);
-            // Try v1.0 endpoint as fallback
-            clientV1.getSigningKey(header.kid, (errV1, keyV1) => {
-                if (errV1) {
-                    console.error("Error with v1.0 endpoint:", errV1);
-                    return callback(errV1);
-                }
-                if (!keyV1) {
-                    console.error("No key returned from v1.0 JWKS client");
-                    return callback(new Error("Key not found in v1.0 endpoint"));
-                }
-                try {
-                    const signingKey = keyV1.getPublicKey();
-                    console.log("Successfully retrieved signing key from v1.0 endpoint");
-                    callback(null, signingKey);
-                }
-                catch (keyError) {
-                    console.error("Error extracting public key from v1.0:", keyError);
-                    callback(keyError instanceof Error ? keyError : new Error(String(keyError)));
-                }
-            });
-            return;
-        }
-        if (!key) {
-            console.error("No key returned from JWKS client");
+        if (err)
+            return callback(err);
+        if (!key)
             return callback(new Error("Key not found"));
-        }
-        try {
-            const signingKey = key.getPublicKey();
-            console.log("Successfully retrieved signing key");
-            callback(null, signingKey);
-        }
-        catch (keyError) {
-            console.error("Error extracting public key:", keyError);
-            callback(keyError instanceof Error ? keyError : new Error(String(keyError)));
-        }
+        callback(null, key.getPublicKey());
     });
 }
 async function init(name) {
     Parse.Cloud.define(name, async (request) => {
-        console.log("Logging in with microsoft...");
         const token = request.params.token;
         const account = request.params.account;
-        const defaultTenant = await new Parse.Query(types_1.Tenant)
-            .ascending("createdAt")
-            .first({ useMasterKey: true });
         if (!token) {
             throw new Parse.Error(Parse.Error.INVALID_JSON, "Token missing");
         }
-        // Validate Microsoft configuration
         if (!tenantId || !appId) {
-            console.error("Missing Microsoft configuration:", {
-                tenantId: !!tenantId,
-                appId: !!appId,
-            });
             throw new Parse.Error(Parse.Error.INVALID_JSON, "Microsoft authentication not properly configured");
         }
-        const verifiedPayload = await new Promise((resolve, reject) => {
-            console.log("Starting JWT verification...");
-            console.log("Token length:", token.length);
+        // DEBUGGING: Decode token without verification to see what we're dealing with
+        console.log("=== DEBUGGING TOKEN ===");
+        try {
+            const tokenParts = token.split(".");
+            const payload = JSON.parse(Buffer.from(tokenParts[1], "base64").toString());
+            console.log("Token audience (aud):", payload.aud);
+            console.log("Token issuer (iss):", payload.iss);
             console.log("Expected audience:", appId);
             console.log("Expected issuer:", `https://login.microsoftonline.com/${tenantId}/v2.0`);
-            // Decode token payload for debugging (without verification)
-            try {
-                const tokenParts = token.split(".");
-                if (tokenParts.length === 3) {
-                    const header = JSON.parse(Buffer.from(tokenParts[0], "base64").toString());
-                    const payload = JSON.parse(Buffer.from(tokenParts[1], "base64").toString());
-                    console.log("Token header (unverified):", header);
-                    console.log("Token payload (unverified):", {
-                        aud: payload.aud,
-                        iss: payload.iss,
-                        tid: payload.tid,
-                        ver: payload.ver,
-                    });
-                }
-            }
-            catch (decodeError) {
-                console.error("Failed to decode token for debugging:", decodeError);
-            }
+            console.log("Audience match:", payload.aud === appId);
+            console.log("Issuer match:", payload.iss === `https://login.microsoftonline.com/${tenantId}/v2.0`);
+        }
+        catch (e) {
+            console.error("Failed to decode token:", e);
+        }
+        console.log("=== END DEBUGGING ===");
+        const verifiedPayload = await new Promise((resolve, reject) => {
             jsonwebtoken_1.default.verify(token, getKey, {
                 audience: appId,
                 issuer: `https://login.microsoftonline.com/${tenantId}/v2.0`,
-                algorithms: ["RS256"], // Microsoft uses RS256
+                algorithms: ["RS256"],
             }, (err, decoded) => {
                 if (err) {
-                    console.error("JWT verification failed:", err);
-                    console.error("Error name:", err.name);
-                    console.error("Error message:", err.message);
+                    console.error("JWT verification failed:", err.message);
                     return reject(err);
                 }
-                console.log("JWT verification successful");
                 resolve(decoded);
             });
         });
+        const defaultTenant = await new Parse.Query(types_1.Tenant)
+            .ascending("createdAt")
+            .first({ useMasterKey: true });
         let user = await new Parse.Query(Parse.User)
             .equalTo("username", verifiedPayload.oid)
             .first({ useMasterKey: true });
@@ -145,7 +83,7 @@ async function init(name) {
             user = new Parse.User();
             user.set("username", verifiedPayload.oid);
             user.set("email", account.username);
-            user.set("password", (0, crypto_1.randomBytes)(16).toString("hex")); // Generate a random password
+            user.set("password", (0, crypto_1.randomBytes)(16).toString("hex"));
             user.set("name", verifiedPayload.name || verifiedPayload.preferred_username);
             user.set("tenant", defaultTenant);
             user = await user.signUp(null, { useMasterKey: true });
@@ -155,7 +93,7 @@ async function init(name) {
         const session = new Parse.Object("_Session");
         session.set("user", user);
         session.set("sessionToken", sessionToken);
-        session.set("expiresAt", new Date(Date.now() + 24 * 60 * 60 * 1000 * 7)); // 7 day expiration
+        session.set("expiresAt", new Date(Date.now() + 24 * 60 * 60 * 1000 * 7));
         const savedSession = await session.save(null, { useMasterKey: true });
         return savedSession.get("sessionToken");
     });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@openinc/parse-server-opendash",
-  "version": "3.10.2",
+  "version": "3.10.4",
   "description": "Parse Server Cloud Code for open.INC Stack.",
   "packageManager": "pnpm@10.13.1",
   "keywords": [