@rockcarver/frodo-lib 0.16.2-8 → 0.17.0

package/esm/ops/ConnectionProfileOps.mjs

@@ -1,55 +1,58 @@
 import fs from 'fs';
 import os from 'os';
 import path from 'path';
-import storage from '../storage/SessionStorage';
+import * as state from '../shared/State';
 import DataProtection from './utils/DataProtection';
-import { createObjectTable, createTable, printMessage } from './utils/Console';
+import { createObjectTable, createTable, debugMessage, printMessage, verboseMessage } from './utils/Console';
 import { FRODO_CONNECTION_PROFILES_PATH_KEY } from '../storage/StaticStorage';
-const dataProtection = new DataProtection();
+import { createJwkRsa, createJwks, getJwkRsaPublic } from './JoseOps';
+import { createServiceAccount } from './ServiceAccountOps';
+import { saveJsonToFile } from './utils/ExportImportUtils';
+import { isValidUrl } from './utils/OpsUtils';
+const crypto = new DataProtection();
 const fileOptions = {
   indentation: 4
 };
+const legacyProfileFilename = '.frodorc';
+const newProfileFilename = 'Connections.json';
+
 /**
  * Get connection profiles file name
  * @returns {String} connection profiles file name
  */
-
 export function getConnectionProfilesPath() {
-  return storage.session.getConnectionProfilesPath() || process.env[FRODO_CONNECTION_PROFILES_PATH_KEY] || `${os.homedir()}/.frodo/.frodorc`;
+  return state.getConnectionProfilesPath() || process.env[FRODO_CONNECTION_PROFILES_PATH_KEY] || `${os.homedir()}/.frodo/${newProfileFilename}`;
 }
+
 /**
- * Find connection profile
- * @param {Object} connectionProfiles connection profile object
- * @param {String} host tenant host url or unique substring
- * @returns {Object} connection profile object or null
+ * Find connection profiles
+ * @param {ConnectionsFileInterface} connectionProfiles connection profile object
+ * @param {string} host host url or unique substring
+ * @returns {SecureConnectionProfileInterface[]} Array of connection profiles
  */
-
-function findConnectionProfile(connectionProfiles, host) {
+function findConnectionProfiles(connectionProfiles, host) {
   const profiles = [];
-
   for (const tenant in connectionProfiles) {
     if (tenant.includes(host)) {
-      const foundProfile = connectionProfiles[tenant];
+      const foundProfile = {
+        ...connectionProfiles[tenant]
+      };
       foundProfile.tenant = tenant;
       profiles.push(foundProfile);
     }
   }
-
   return profiles;
 }
+
 /**
  * List connection profiles
  * @param {boolean} long Long list format with details
  */
-
-
 export function listConnectionProfiles(long = false) {
   const filename = getConnectionProfilesPath();
-
   try {
     const data = fs.readFileSync(filename, 'utf8');
     const connectionsData = JSON.parse(data);
-
     if (long) {
       const table = createTable(['Host', 'Username', 'Log API Key']);
       Object.keys(connectionsData).forEach(c => {
@@ -61,65 +64,86 @@ export function listConnectionProfiles(long = false) {
         printMessage(`${c}`, 'data');
       });
     }
-
     printMessage('Any unique substring of a saved host can be used as the value for host parameter in all commands', 'info');
   } catch (e) {
     printMessage(`No connections found in ${filename} (${e.message})`, 'error');
   }
 }
+
 /**
- * Initialize connection profiles
+ * Migrate from .frodorc to Connections.json
  */
+function migrateFromLegacyProfile() {
+  const legacyPath = `${os.homedir()}/.frodo/${legacyProfileFilename}`;
+  if (fs.existsSync(legacyPath)) {
+    fs.copyFileSync(legacyPath, `${os.homedir()}/.frodo/${newProfileFilename}`);
+    // for now, just add a "deprecated" suffix. May delete the old file
+    // in a future release
+    fs.renameSync(legacyPath, `${legacyPath}.deprecated`);
+  }
+}
 
-export function initConnectionProfiles() {
+/**
+ * Initialize connection profiles
+ *
+ * This method is called from app.ts and runs before any of the message handlers are registered.
+ * Therefore none of the Console message functions will produce any output.
+ */
+export async function initConnectionProfiles() {
   // create connections.json file if it doesn't exist
   const filename = getConnectionProfilesPath();
   const folderName = path.dirname(filename);
-
   if (!fs.existsSync(folderName)) {
     fs.mkdirSync(folderName, {
       recursive: true
     });
-
     if (!fs.existsSync(filename)) {
       fs.writeFileSync(filename, JSON.stringify({}, null, fileOptions.indentation));
     }
-  } // encrypt the password from clear text to aes-256-GCM
+  }
+  // encrypt the password and logApiSecret from clear text to aes-256-GCM
   else {
+    migrateFromLegacyProfile();
     const data = fs.readFileSync(filename, 'utf8');
     const connectionsData = JSON.parse(data);
     let convert = false;
-    Object.keys(connectionsData).forEach(async conn => {
-      if (connectionsData[conn].password) {
+    for (const conn of Object.keys(connectionsData)) {
+      if (connectionsData[conn]['password']) {
         convert = true;
-        connectionsData[conn].encodedPassword = await dataProtection.encrypt(connectionsData[conn].password); // Buffer.from(connectionsData[conn].password).toString('base64');
-
-        delete connectionsData[conn].password;
+        connectionsData[conn].encodedPassword = await crypto.encrypt(connectionsData[conn]['password']);
+        delete connectionsData[conn]['password'];
       }
-    });
-
+      if (connectionsData[conn]['logApiSecret']) {
+        convert = true;
+        connectionsData[conn].encodedLogApiSecret = await crypto.encrypt(connectionsData[conn]['logApiSecret']);
+        delete connectionsData[conn]['logApiSecret'];
+      }
+      if (connectionsData[conn]['svcacctJwk']) {
+        convert = true;
+        connectionsData[conn].encodedSvcacctJwk = await crypto.encrypt(connectionsData[conn]['svcacctJwk']);
+        delete connectionsData[conn]['svcacctJwk'];
+      }
+    }
     if (convert) {
       fs.writeFileSync(filename, JSON.stringify(connectionsData, null, fileOptions.indentation));
     }
   }
 }
+
 /**
  * Get connection profile by host
  * @param {String} host host tenant host url or unique substring
  * @returns {Object} connection profile or null
  */
-
 export async function getConnectionProfileByHost(host) {
   try {
     const filename = getConnectionProfilesPath();
     const connectionsData = JSON.parse(fs.readFileSync(filename, 'utf8'));
-    const profiles = findConnectionProfile(connectionsData, host);
-
+    const profiles = findConnectionProfiles(connectionsData, host);
     if (profiles.length == 0) {
       printMessage(`Profile for ${host} not found. Please specify credentials on command line`, 'error');
       return null;
     }
-
     if (profiles.length > 1) {
       printMessage(`Multiple matching profiles found.`, 'error');
       profiles.forEach(p => {
@@ -128,76 +152,117 @@ export async function getConnectionProfileByHost(host) {
       printMessage(`Please specify a unique sub-string`, 'error');
       return null;
     }
-
     return {
       tenant: profiles[0].tenant,
       username: profiles[0].username ? profiles[0].username : null,
-      password: profiles[0].encodedPassword ? await dataProtection.decrypt(profiles[0].encodedPassword) : null,
-      key: profiles[0].logApiKey ? profiles[0].logApiKey : null,
-      secret: profiles[0].logApiSecret ? profiles[0].logApiSecret : null,
+      password: profiles[0].encodedPassword ? await crypto.decrypt(profiles[0].encodedPassword) : null,
+      logApiKey: profiles[0].logApiKey ? profiles[0].logApiKey : null,
+      logApiSecret: profiles[0].encodedLogApiSecret ? await crypto.decrypt(profiles[0].encodedLogApiSecret) : null,
       authenticationService: profiles[0].authenticationService ? profiles[0].authenticationService : null,
-      authenticationHeaderOverrides: profiles[0].authenticationHeaderOverrides ? profiles[0].authenticationHeaderOverrides : {}
+      authenticationHeaderOverrides: profiles[0].authenticationHeaderOverrides ? profiles[0].authenticationHeaderOverrides : {},
+      svcacctId: profiles[0].svcacctId ? profiles[0].svcacctId : null,
+      svcacctJwk: profiles[0].encodedSvcacctJwk ? await crypto.decrypt(profiles[0].encodedSvcacctJwk) : null
     };
   } catch (e) {
     printMessage(`Can not read saved connection info, please specify credentials on command line: ${e}`, 'error');
     return null;
   }
 }
+
 /**
  * Get connection profile
  * @returns {Object} connection profile or null
  */
-
 export async function getConnectionProfile() {
-  return getConnectionProfileByHost(storage.session.getTenant());
+  return getConnectionProfileByHost(state.getHost());
 }
+
 /**
  * Save connection profile
+ * @param {string} host host url for new profiles or unique substring for existing profiles
+ * @returns {Promise<boolean>} true if the operation succeeded, false otherwise
  */
-
-export async function saveConnectionProfile() {
+export async function saveConnectionProfile(host) {
   const filename = getConnectionProfilesPath();
-  printMessage(`Saving creds in ${filename}...`);
-  let connectionsData = {};
-  let existingData = {};
-
+  verboseMessage(`Saving connection profile in ${filename}`);
+  let profiles = {};
+  let profile = {
+    tenant: ''
+  };
   try {
     fs.statSync(filename);
     const data = fs.readFileSync(filename, 'utf8');
-    connectionsData = JSON.parse(data);
+    profiles = JSON.parse(data);
 
-    if (connectionsData[storage.session.getTenant()]) {
-      existingData = connectionsData[storage.session.getTenant()];
-      printMessage(`Updating connection profile ${storage.session.getTenant()}`);
-    } else printMessage(`Adding connection profile ${storage.session.getTenant()}`);
-  } catch (e) {
-    printMessage(`Creating connection profiles file ${filename} with ${storage.session.getTenant()}`);
-  }
+    // find tenant
+    const found = findConnectionProfiles(profiles, host);
 
-  if (storage.session.getUsername()) existingData['username'] = storage.session.getUsername();
-  if (storage.session.getPassword()) existingData['encodedPassword'] = await dataProtection.encrypt(storage.session.getPassword());
-  if (storage.session.getLogApiKey()) existingData['logApiKey'] = storage.session.getLogApiKey();
-  if (storage.session.getLogApiSecret()) existingData['logApiSecret'] = storage.session.getLogApiSecret(); // advanced settings
+    // replace tenant in session with real tenant url if necessary
+    if (found.length === 1) {
+      profile = found[0];
+      state.setHost(profile.tenant);
+      verboseMessage(`Existing profile: ${profile.tenant}`);
+    }
 
-  if (storage.session.getAuthenticationService()) {
-    existingData['authenticationService'] = storage.session.getAuthenticationService();
-    printMessage('Advanced setting: Authentication Service: ' + storage.session.getAuthenticationService(), 'info');
+    // connection profile not found, validate host is a real URL
+    if (found.length === 0) {
+      if (isValidUrl(host)) {
+        state.setHost(host);
+        verboseMessage(`New profile: ${host}`);
+      } else {
+        printMessage(`No existing profile found matching '${host}'. Provide a valid URL as the host argument to create a new profile.`, 'error');
+        return false;
+      }
+    }
+  } catch (error) {
+    verboseMessage(`New profiles file ${filename} with new profile ${host}`);
   }
 
-  if (storage.session.getAuthenticationHeaderOverrides()) {
-    existingData['authenticationHeaderOverrides'] = storage.session.getAuthenticationHeaderOverrides();
+  // user account
+  if (state.getUsername()) profile.username = state.getUsername();
+  if (state.getPassword()) profile.encodedPassword = await crypto.encrypt(state.getPassword());
+
+  // log API
+  if (state.getLogApiKey()) profile.logApiKey = state.getLogApiKey();
+  if (state.getLogApiSecret()) profile.encodedLogApiSecret = await crypto.encrypt(state.getLogApiSecret());
+
+  // service account
+  if (state.getServiceAccountId()) profile.svcacctId = state.getServiceAccountId();
+  if (state.getServiceAccountJwk()) profile.encodedSvcacctJwk = await crypto.encrypt(state.getServiceAccountJwk());
+
+  // advanced settings
+  if (state.getAuthenticationService()) {
+    profile.authenticationService = state.getAuthenticationService();
+    printMessage('Advanced setting: Authentication Service: ' + state.getAuthenticationService(), 'info');
+  }
+  if (state.getAuthenticationHeaderOverrides() && Object.entries(state.getAuthenticationHeaderOverrides()).length) {
+    profile.authenticationHeaderOverrides = state.getAuthenticationHeaderOverrides();
     printMessage('Advanced setting: Authentication Header Overrides: ', 'info');
-    printMessage(storage.session.getAuthenticationHeaderOverrides(), 'info');
+    printMessage(state.getAuthenticationHeaderOverrides(), 'info');
   }
 
-  connectionsData[storage.session.getTenant()] = existingData;
-  fs.writeFileSync(filename, JSON.stringify(connectionsData, null, 2));
+  // remove the helper key 'tenant'
+  delete profile.tenant;
+
+  // update profiles
+  profiles[state.getHost()] = profile;
+
+  // sort profiles
+  const orderedProfiles = Object.keys(profiles).sort().reduce((obj, key) => {
+    obj[key] = profiles[key];
+    return obj;
+  }, {});
+
+  // save profiles
+  saveJsonToFile(orderedProfiles, filename, false);
+  verboseMessage(`Saved connection profile ${state.getHost()} in ${filename}`);
+  return true;
 }
+
 /**
  * Delete connection profile
  * @param {String} host host tenant host url or unique substring
  */
-
 export function deleteConnectionProfile(host) {
   const filename = getConnectionProfilesPath();
   let connectionsData = {};
@@ -205,12 +270,11 @@ export function deleteConnectionProfile(host) {
     if (err == null) {
       const data = fs.readFileSync(filename, 'utf8');
       connectionsData = JSON.parse(data);
-      const profiles = findConnectionProfile(connectionsData, host);
-
+      const profiles = findConnectionProfiles(connectionsData, host);
       if (profiles.length == 1) {
-        printMessage(`Deleting connection profile ${profiles[0].tenant}`);
         delete connectionsData[profiles[0].tenant];
         fs.writeFileSync(filename, JSON.stringify(connectionsData, null, 2));
+        printMessage(`Deleted connection profile ${profiles[0].tenant}`);
       } else {
         if (profiles.length > 1) {
           printMessage(`Multiple matching profiles found.`, 'error');
@@ -230,33 +294,79 @@ export function deleteConnectionProfile(host) {
     }
   });
 }
+
+/**
+ * Describe connection profile
+ * @param {string} host Host URL or unique substring
+ * @param {boolean} showSecrets Whether secrets should be shown in clear text or not
+ */
 export async function describeConnectionProfile(host, showSecrets) {
   const profile = await getConnectionProfileByHost(host);
-
   if (profile) {
+    const present = '[present]';
+    const jwk = profile.svcacctJwk;
     if (!showSecrets) {
+      if (profile.password) profile.password = present;
+      if (profile.logApiSecret) profile.logApiSecret = present;
+      if (profile.svcacctJwk) profile['svcacctJwk'] = present;
+    }
+    if (!profile.username) {
+      delete profile.username;
       delete profile.password;
-      delete profile.secret;
     }
-
-    if (!profile.key) {
-      delete profile.key;
-      delete profile.secret;
+    if (!profile.logApiKey) {
+      delete profile.logApiKey;
+      delete profile.logApiSecret;
+    }
+    if (!profile.svcacctId) {
+      delete profile.svcacctId;
+      delete profile.svcacctJwk;
+    }
+    if (showSecrets && jwk) {
+      profile['svcacctJwk'] = 'see below';
+    }
+    if (!profile.authenticationService) {
+      delete profile.authenticationService;
     }
-
     const keyMap = {
       tenant: 'Host',
       username: 'Username',
       password: 'Password',
-      key: 'Log API Key',
-      secret: 'Log API Secret',
+      logApiKey: 'Log API Key',
+      logApiSecret: 'Log API Secret',
       authenticationService: 'Authentication Service',
-      authenticationHeaderOverrides: 'Authentication Header Overrides'
+      authenticationHeaderOverrides: 'Authentication Header Overrides',
+      svcacctId: 'Service Account Id',
+      svcacctJwk: 'Service Account JWK'
     };
     const table = createObjectTable(profile, keyMap);
     printMessage(table.toString(), 'data');
+    if (showSecrets && jwk) {
+      printMessage(jwk, 'data');
+    }
   } else {
     printMessage(`No connection profile ${host} found`);
   }
 }
+
+/**
+ * Create a new service account using auto-generated parameters
+ * @returns {Promise<ObjectSkeletonInterface>} A promise resolving to a service account object
+ */
+export async function addNewServiceAccount() {
+  debugMessage(`ConnectionProfileOps.addNewServiceAccount: start`);
+  const name = `Frodo-SA-${new Date().getTime()}`;
+  debugMessage(`ConnectionProfileOps.addNewServiceAccount: name=${name}...`);
+  const description = `${state.getUsername()}'s Frodo Service Account`;
+  const scope = ['fr:am:*', 'fr:idm:*', 'fr:idc:esv:*'];
+  const jwkPrivate = await createJwkRsa();
+  const jwkPublic = await getJwkRsaPublic(jwkPrivate);
+  const jwks = createJwks(jwkPublic);
+  const sa = await createServiceAccount(name, description, 'Active', scope, jwks);
+  debugMessage(`ConnectionProfileOps.addNewServiceAccount: id=${sa._id}`);
+  state.setServiceAccountId(sa._id);
+  state.setServiceAccountJwk(jwkPrivate);
+  debugMessage(`ConnectionProfileOps.addNewServiceAccount: end`);
+  return sa;
+}
 //# sourceMappingURL=ConnectionProfileOps.js.map

package/esm/ops/ConnectionProfileOps.test.mjs

@@ -8,11 +8,11 @@ describe('ConnectionProfileOps', () => {
     const user = 'frodo.baggins@shire.me';
     const password = 'G@nd@lfTheW153';
     const connectionProfilePath = `${homedir()}/connections1.json`;
-    state.default.session.setTenant(host);
-    state.default.session.setUsername(user);
-    state.default.session.setPassword(password);
-    state.default.session.setConnectionProfilesPath(connectionProfilePath);
-    await ConnectionProfile.saveConnectionProfile();
+    state.setHost(host);
+    state.setUsername(user);
+    state.setPassword(password);
+    state.setConnectionProfilesPath(connectionProfilePath);
+    await ConnectionProfile.saveConnectionProfile(host);
     expect(fs.existsSync(connectionProfilePath)).toBeTruthy();
     const connections = JSON.parse(fs.readFileSync(connectionProfilePath, 'utf8'));
     expect(connections).toBeTruthy();
@@ -24,14 +24,14 @@ describe('ConnectionProfileOps', () => {
     const host = 'https://openam-tenant-name.forgeblocks.com/am';
     const user = 'frodo.baggins@shire.me';
     const password = 'G@nd@lfTheW153';
-    const connectionProfilePath = `${homedir()}/connections2.json`; // set the hard-coded master key
-
+    const connectionProfilePath = `${homedir()}/connections2.json`;
+    // set the hard-coded master key
     process.env[FRODO_CONNECTION_PROFILES_PATH_KEY] = connectionProfilePath;
-    state.default.session.setTenant(host);
-    state.default.session.setUsername(user);
-    state.default.session.setPassword(password);
-    state.default.session.setConnectionProfilesPath(null);
-    await ConnectionProfile.saveConnectionProfile();
+    state.setHost(host);
+    state.setUsername(user);
+    state.setPassword(password);
+    state.setConnectionProfilesPath('');
+    await ConnectionProfile.saveConnectionProfile(host);
     expect(ConnectionProfile.getConnectionProfilesPath()).toEqual(connectionProfilePath);
     expect(fs.existsSync(connectionProfilePath)).toBeTruthy();
     const connections = JSON.parse(fs.readFileSync(connectionProfilePath, 'utf8'));
@@ -45,14 +45,14 @@ describe('ConnectionProfileOps', () => {
     const user = 'frodo.baggins@shire.me';
     const password = 'G@nd@lfTheW153';
     const connectionProfilePath = `${homedir()}/connections3.json`;
-    const masterKey = 'bxnQlhcU5VfyDs+BBPhRhK09yHaNtdIIk85HUMKBnqg='; // set the hard-coded master key
-
+    const masterKey = 'bxnQlhcU5VfyDs+BBPhRhK09yHaNtdIIk85HUMKBnqg=';
+    // set the hard-coded master key
     process.env[FRODO_MASTER_KEY_KEY] = masterKey;
-    state.default.session.setTenant(host);
-    state.default.session.setUsername(user);
-    state.default.session.setPassword(password);
-    state.default.session.setConnectionProfilesPath(connectionProfilePath);
-    await ConnectionProfile.saveConnectionProfile();
+    state.setHost(host);
+    state.setUsername(user);
+    state.setPassword(password);
+    state.setConnectionProfilesPath(connectionProfilePath);
+    await ConnectionProfile.saveConnectionProfile(host);
     expect(fs.existsSync(connectionProfilePath)).toBeTruthy();
     const connections = JSON.parse(fs.readFileSync(connectionProfilePath, 'utf8'));
     expect(connections).toBeTruthy();