@p0security/cli 0.21.1 → 0.22.1

package/build/dist/plugins/ping/login.js

@@ -10,16 +10,30 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.pingLogin = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const authUtils_1 = require("../../types/authUtils");
 const login_1 = require("../oidc/login");
 /** Logs in to PingOne via OIDC */
 const pingLogin = (org) => __awaiter(void 0, void 0, void 0, function* () {
     return (0, login_1.oidcLogin)((0, login_1.oidcLoginSteps)(org, "openid email profile", () => {
-        if (org.providerType !== "ping" || org.providerType === undefined) {
-            throw `Invalid provider type ${org.providerType} (expected "ping")`;
+        const providerType = (0, authUtils_1.getProviderType)(org);
+        const providerDomain = (0, authUtils_1.getProviderDomain)(org);
+        const environmentId = (0, authUtils_1.getEnvironmentId)(org);
+        if (providerType !== "ping" || !providerDomain || !environmentId) {
+            throw `Invalid provider ${providerType} (expected ping OIDC provider)`;
         }
         return {
-            deviceAuthorizationUrl: `https://${org.providerDomain}/${org.environmentId}/as/device_authorization`,
-            tokenUrl: `https://${org.providerDomain}/${org.environmentId}/as/token`,
+            deviceAuthorizationUrl: `https://${providerDomain}/${environmentId}/as/device_authorization`,
+            tokenUrl: `https://${providerDomain}/${environmentId}/as/token`,
         };
     }));
 });

package/build/dist/plugins/ping/login.js.map

@@ -1 +1 @@
-{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../../src/plugins/ping/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAYA,yCAA0D;AAE1D,kCAAkC;AAC3B,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,sBAAsB,EAAE,GAAG,EAAE;QAC/C,IAAI,GAAG,CAAC,YAAY,KAAK,MAAM,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS,EAAE;YACjE,MAAM,yBAAyB,GAAG,CAAC,YAAY,oBAAoB,CAAC;SACrE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,0BAA0B;YACpG,QAAQ,EAAE,WAAW,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,WAAW;SACxE,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAXS,QAAA,SAAS,aAWlB"}
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../../src/plugins/ping/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,qDAI+B;AAG/B,yCAA0D;AAE1D,kCAAkC;AAC3B,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,sBAAsB,EAAE,GAAG,EAAE;QAC/C,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAiB,EAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,aAAa,GAAG,IAAA,4BAAgB,EAAC,GAAG,CAAC,CAAC;QAE5C,IAAI,YAAY,KAAK,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC,aAAa,EAAE;YAChE,MAAM,oBAAoB,YAAY,gCAAgC,CAAC;SACxE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,cAAc,IAAI,aAAa,0BAA0B;YAC5F,QAAQ,EAAE,WAAW,cAAc,IAAI,aAAa,WAAW;SAChE,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAfS,QAAA,SAAS,aAelB"}

package/build/dist/types/authUtils.d.ts

@@ -0,0 +1,28 @@
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+import type { OrgData } from "./org";
+/** Helper functions to access auth fields */
+/** Get provider type from org data */
+export declare const getProviderType: (org: OrgData) => "cloudflare" | "okta" | "ping" | undefined;
+/** Get provider domain from org data */
+export declare const getProviderDomain: (org: OrgData) => string | undefined;
+/** Get client ID from org data */
+export declare const getClientId: (org: OrgData) => string | undefined;
+/** Get environment ID from org data */
+export declare const getEnvironmentId: (org: OrgData) => string | undefined;
+/** Get SSO provider from org data */
+export declare const getSsoProvider: (org: OrgData) => string | undefined;
+/** Get provider ID from org data */
+export declare const getProviderId: (org: OrgData) => string | undefined;
+/** Check if org uses password authentication */
+export declare const usePasswordAuth: (org: OrgData) => boolean;
+/** Get Microsoft primary domain from org data (for Azure/Microsoft providers) */
+export declare const getMicrosoftPrimaryDomain: (org: OrgData) => string | undefined;

package/build/dist/types/authUtils.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getMicrosoftPrimaryDomain = exports.usePasswordAuth = exports.getProviderId = exports.getSsoProvider = exports.getEnvironmentId = exports.getClientId = exports.getProviderDomain = exports.getProviderType = void 0;
+/** Helper functions to access auth fields */
+/** Get provider type from org data */
+const getProviderType = (org) => {
+    return org.auth.type === "sso" && "providerType" in org.auth.provider
+        ? org.auth.provider.providerType
+        : undefined;
+};
+exports.getProviderType = getProviderType;
+/** Get provider domain from org data */
+const getProviderDomain = (org) => {
+    return org.auth.type === "sso" && "providerDomain" in org.auth.provider
+        ? org.auth.provider.providerDomain
+        : undefined;
+};
+exports.getProviderDomain = getProviderDomain;
+/** Get client ID from org data */
+const getClientId = (org) => {
+    return org.auth.type === "sso" && "clientId" in org.auth.provider
+        ? org.auth.provider.clientId
+        : undefined;
+};
+exports.getClientId = getClientId;
+/** Get environment ID from org data */
+const getEnvironmentId = (org) => {
+    return org.auth.type === "sso" && "environmentId" in org.auth.provider
+        ? org.auth.provider.environmentId
+        : undefined;
+};
+exports.getEnvironmentId = getEnvironmentId;
+/** Get SSO provider from org data */
+const getSsoProvider = (org) => {
+    return org.auth.type === "sso" ? org.auth.provider.ssoProvider : undefined;
+};
+exports.getSsoProvider = getSsoProvider;
+/** Get provider ID from org data */
+const getProviderId = (org) => {
+    return org.auth.type === "sso" && "providerId" in org.auth.provider
+        ? org.auth.provider.providerId
+        : undefined;
+};
+exports.getProviderId = getProviderId;
+/** Check if org uses password authentication */
+const usePasswordAuth = (org) => {
+    return org.auth.type === "password";
+};
+exports.usePasswordAuth = usePasswordAuth;
+/** Get Microsoft primary domain from org data (for Azure/Microsoft providers) */
+const getMicrosoftPrimaryDomain = (org) => {
+    return org.auth.type === "sso" &&
+        "microsoftPrimaryDomain" in org.auth.provider
+        ? org.auth.provider.microsoftPrimaryDomain
+        : undefined;
+};
+exports.getMicrosoftPrimaryDomain = getMicrosoftPrimaryDomain;
+//# sourceMappingURL=authUtils.js.map

package/build/dist/types/authUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authUtils.js","sourceRoot":"","sources":["../../../src/types/authUtils.ts"],"names":[],"mappings":";;;AAYA,6CAA6C;AAE7C,sCAAsC;AAC/B,MAAM,eAAe,GAAG,CAC7B,GAAY,EACgC,EAAE;IAC9C,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,cAAc,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ;QACnE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY;QAChC,CAAC,CAAC,SAAS,CAAC;AAChB,CAAC,CAAC;AANW,QAAA,eAAe,mBAM1B;AAEF,wCAAwC;AACjC,MAAM,iBAAiB,GAAG,CAAC,GAAY,EAAsB,EAAE;IACpE,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,gBAAgB,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ;QACrE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc;QAClC,CAAC,CAAC,SAAS,CAAC;AAChB,CAAC,CAAC;AAJW,QAAA,iBAAiB,qBAI5B;AAEF,kCAAkC;AAC3B,MAAM,WAAW,GAAG,CAAC,GAAY,EAAsB,EAAE;IAC9D,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,UAAU,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC/D,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ;QAC5B,CAAC,CAAC,SAAS,CAAC;AAChB,CAAC,CAAC;AAJW,QAAA,WAAW,eAItB;AAEF,uCAAuC;AAChC,MAAM,gBAAgB,GAAG,CAAC,GAAY,EAAsB,EAAE;IACnE,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,eAAe,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ;QACpE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa;QACjC,CAAC,CAAC,SAAS,CAAC;AAChB,CAAC,CAAC;AAJW,QAAA,gBAAgB,oBAI3B;AAEF,qCAAqC;AAC9B,MAAM,cAAc,GAAG,CAAC,GAAY,EAAsB,EAAE;IACjE,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7E,CAAC,CAAC;AAFW,QAAA,cAAc,kBAEzB;AAEF,oCAAoC;AAC7B,MAAM,aAAa,GAAG,CAAC,GAAY,EAAsB,EAAE;IAChE,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,YAAY,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ;QACjE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU;QAC9B,CAAC,CAAC,SAAS,CAAC;AAChB,CAAC,CAAC;AAJW,QAAA,aAAa,iBAIxB;AAEF,gDAAgD;AACzC,MAAM,eAAe,GAAG,CAAC,GAAY,EAAW,EAAE;IACvD,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,CAAC;AACtC,CAAC,CAAC;AAFW,QAAA,eAAe,mBAE1B;AAEF,iFAAiF;AAC1E,MAAM,yBAAyB,GAAG,CAAC,GAAY,EAAsB,EAAE;IAC5E,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK;QAC5B,wBAAwB,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC7C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,sBAAsB;QAC1C,CAAC,CAAC,SAAS,CAAC;AAChB,CAAC,CAAC;AALW,QAAA,yBAAyB,6BAKpC"}

package/build/dist/types/org.d.ts

@@ -30,24 +30,67 @@ export type GoogleApplicationConfig = ApplicationConfig & {
     };
 };
 export type Config = ApplicationConfig | GoogleApplicationConfig;
-type BaseOrgData = {
+type GoogleOidcProvider = {
+    ssoProvider: "google-oidc";
+};
+type GoogleSsoProvider = {
+    ssoProvider: "google";
+};
+type LegacyOktaSsoProvider = {
+    ssoProvider: "okta";
+    providerId: string;
+};
+type CommonOidcProvider = {
+    providerId: string;
+    providerDomain: string;
     clientId: string;
+};
+type AzureOidcProvider = Partial<CommonOidcProvider> & {
+    ssoProvider: "azure-oidc";
+    microsoftPrimaryDomain: string;
+};
+type MicrosoftSsoProvider = Partial<CommonOidcProvider> & {
+    ssoProvider: "microsoft";
+    microsoftPrimaryDomain: string;
+};
+type BaseOidcPkceProvider = {
+    ssoProvider: "oidc-pkce";
     providerId: string;
-    providerDomain?: string;
-    ssoProvider?: "azure-oidc" | "google-oidc" | "google" | "microsoft" | "oidc-pkce" | "okta";
-    usePassword?: boolean;
+    providerDomain: string;
+    clientId: string;
+};
+type OktaOidcPkceProvider = BaseOidcPkceProvider & {
+    providerType: "okta";
+    authServerPath?: string;
+};
+type PingIdOidcPkceProvider = BaseOidcPkceProvider & {
+    providerType: "ping";
+    environmentId: string;
+};
+type CloudflareOidcPkceProvider = BaseOidcPkceProvider & {
+    providerType: "cloudflare";
+    clientSecret: string;
+};
+type OidcPkceProvider = CloudflareOidcPkceProvider | OktaOidcPkceProvider | PingIdOidcPkceProvider;
+type SsoProvider = AzureOidcProvider | GoogleOidcProvider | GoogleSsoProvider | LegacyOktaSsoProvider | MicrosoftSsoProvider | OidcPkceProvider;
+type OrgMagicLinkAuth = {
+    type: "magic-link";
+};
+type OrgPasswordAuth = {
+    type: "password";
+};
+type OrgSsoAuth = {
+    type: "sso";
+    provider: SsoProvider;
+};
+export type OrgAuth = OrgMagicLinkAuth | OrgPasswordAuth | OrgSsoAuth;
+export type RawOrgData = {
     tenantId: string;
+    auth: OrgAuth;
     config: Config;
     /** Swaps API auth to tokens from the ssoProvider, rather than firebase */
     useProviderToken?: boolean;
 };
-/** Publicly readable organization data */
-export type RawOrgData = BaseOrgData & ({
-    providerType?: "okta";
-} | {
-    providerType?: "ping";
-    environmentId: string;
-});
 export type OrgData = RawOrgData & {
     slug: string;
 };

package/build/dist/types/request.d.ts

@@ -38,4 +38,5 @@ export type RequestResponse<T> = {
     request: T;
     isPreexisting: boolean;
     isPersistent: boolean;
+    isPreapproved: boolean;
 };