@rockcarver/frodo-lib 0.16.2-8 → 0.17.0

package/esm/ops/IdpOps.mjs

@@ -3,8 +3,9 @@ import { getSocialIdentityProviders, putProviderByTypeAndId } from '../api/Socia
 import { getScript } from '../api/ScriptApi';
 import { createOrUpdateScript } from './ScriptOps';
 import { convertBase64TextToArray, convertTextArrayToBase64, getRealmString, getTypedFilename, saveJsonToFile, validateImport } from './utils/ExportImportUtils';
-import { printMessage, createProgressIndicator, updateProgressIndicator, stopProgressIndicator } from './utils/Console'; // use a function vs a template variable to avoid problems in loops
+import { printMessage, createProgressIndicator, updateProgressIndicator, stopProgressIndicator } from './utils/Console';
 
+// use a function vs a template variable to avoid problems in loops
 function getFileDataTemplate() {
   return {
     meta: {},
@@ -12,11 +13,10 @@ function getFileDataTemplate() {
     idp: {}
   };
 }
+
 /**
  * List providers
  */
-
-
 export async function listSocialProviders() {
   try {
     const providers = await getSocialIdentityProviders();
@@ -29,55 +29,47 @@ export async function listSocialProviders() {
     printMessage(err, 'error');
   }
 }
+
 /**
  * Get social identity provider by id
  * @param {String} providerId social identity provider id/name
  * @returns {Promise} a promise that resolves a social identity provider object
  */
-
 export async function getSocialProvider(providerId) {
   return getSocialIdentityProviders().then(response => {
     const foundProviders = response.result.filter(provider => provider._id === providerId);
-
     switch (foundProviders.length) {
       case 1:
         return foundProviders[0];
-
       case 0:
         throw new Error(`Provider '${providerId}' not found`);
-
       default:
         throw new Error(`${foundProviders.length} providers '${providerId}' found`);
     }
   });
 }
+
 /**
  * Export provider by id
  * @param {String} providerId provider id/name
  * @param {String} file optional export file name
  */
-
 export async function exportSocialProviderToFile(providerId, file = '') {
   let fileName = file;
-
   if (!fileName) {
     fileName = getTypedFilename(providerId, 'idp');
   }
-
   createProgressIndicator(1, `Exporting ${providerId}`);
-
   try {
     const idpData = await getSocialProvider(providerId);
     updateProgressIndicator(`Writing file ${fileName}`);
     const fileData = getFileDataTemplate();
     fileData.idp[idpData._id] = idpData;
-
     if (idpData.transform) {
       const scriptData = await getScript(idpData.transform);
       scriptData.script = convertBase64TextToArray(scriptData.script);
       fileData.script[idpData.transform] = scriptData;
     }
-
     saveJsonToFile(fileData, fileName);
     stopProgressIndicator(`Exported ${providerId['brightCyan']} to ${fileName['brightCyan']}.`);
   } catch (err) {
@@ -85,26 +77,22 @@ export async function exportSocialProviderToFile(providerId, file = '') {
     printMessage(`${err}`, 'error');
   }
 }
+
 /**
  * Export all providers
  * @param {String} file optional export file name
  */
-
 export async function exportSocialProvidersToFile(file) {
   let fileName = file;
-
   if (!fileName) {
     fileName = getTypedFilename(`all${getRealmString()}Providers`, 'idp');
   }
-
   const fileData = getFileDataTemplate();
   const allIdpsData = (await getSocialIdentityProviders()).result;
   createProgressIndicator(allIdpsData.length, 'Exporting providers');
-
   for (const idpData of allIdpsData) {
     updateProgressIndicator(`Exporting provider ${idpData._id}`);
     fileData.idp[idpData._id] = idpData;
-
     if (idpData.transform) {
       // eslint-disable-next-line no-await-in-loop
       const scriptData = await getScript(idpData.transform);
@@ -112,52 +100,45 @@ export async function exportSocialProvidersToFile(file) {
       fileData.script[idpData.transform] = scriptData;
     }
   }
-
   saveJsonToFile(fileData, fileName);
   stopProgressIndicator(`${allIdpsData.length} providers exported to ${fileName}.`);
 }
+
 /**
  * Export all providers to individual files
  */
-
 export async function exportSocialProvidersToFiles() {
-  const allIdpsData = await (await getSocialIdentityProviders()).result; // printMessage(allIdpsData, 'data');
-
+  const allIdpsData = await (await getSocialIdentityProviders()).result;
+  // printMessage(allIdpsData, 'data');
   createProgressIndicator(allIdpsData.length, 'Exporting providers');
-
   for (const idpData of allIdpsData) {
     updateProgressIndicator(`Writing provider ${idpData._id}`);
     const fileName = getTypedFilename(idpData._id, 'idp');
     const fileData = getFileDataTemplate();
     fileData.idp[idpData._id] = idpData;
-
     if (idpData.transform) {
       // eslint-disable-next-line no-await-in-loop
       const scriptData = await getScript(idpData.transform);
       scriptData.script = convertBase64TextToArray(scriptData.script);
       fileData.script[idpData.transform] = scriptData;
     }
-
     saveJsonToFile(fileData, fileName);
   }
-
   stopProgressIndicator(`${allIdpsData.length} providers exported.`);
 }
+
 /**
  * Import provider by id/name
  * @param {String} providerId provider id/name
  * @param {String} file import file name
  */
-
 export async function importSocialProviderFromFile(providerId, file) {
   fs.readFile(file, 'utf8', async (err, data) => {
     if (err) throw err;
     const fileData = JSON.parse(data);
-
     if (validateImport(fileData.meta)) {
       createProgressIndicator(1, 'Importing provider...');
       let found = false;
-
       for (const idpId in fileData.idp) {
         if ({}.hasOwnProperty.call(fileData.idp, idpId)) {
           if (idpId === providerId) {
@@ -165,13 +146,11 @@ export async function importSocialProviderFromFile(providerId, file) {
             updateProgressIndicator(`Importing ${fileData.idp[idpId]._id}`);
             const scriptId = fileData.idp[idpId].transform;
             const scriptData = fileData.script[scriptId];
-
             if (scriptId && scriptData) {
-              scriptData.script = convertTextArrayToBase64(scriptData.script); // eslint-disable-next-line no-await-in-loop
-
+              scriptData.script = convertTextArrayToBase64(scriptData.script);
+              // eslint-disable-next-line no-await-in-loop
               await createOrUpdateScript(fileData.idp[idpId].transform, fileData.script[fileData.idp[idpId].transform]);
             }
-
             putProviderByTypeAndId(fileData.idp[idpId]._type._id, idpId, fileData.idp[idpId]).then(() => {
               stopProgressIndicator(`Successfully imported provider ${providerId}.`);
             }).catch(importProviderErr => {
@@ -183,7 +162,6 @@ export async function importSocialProviderFromFile(providerId, file) {
           }
         }
       }
-
       if (!found) {
         stopProgressIndicator(`Provider ${providerId.brightCyan} not found in ${file.brightCyan}!`);
       }
@@ -192,31 +170,27 @@ export async function importSocialProviderFromFile(providerId, file) {
     }
   });
 }
+
 /**
  * Import first provider from file
  * @param {String} file import file name
  */
-
 export async function importFirstSocialProviderFromFile(file) {
   fs.readFile(file, 'utf8', async (err, data) => {
     if (err) throw err;
     const fileData = JSON.parse(data);
-
     if (validateImport(fileData.meta)) {
       createProgressIndicator(1, 'Importing provider...');
-
       for (const idpId in fileData.idp) {
         if ({}.hasOwnProperty.call(fileData.idp, idpId)) {
           updateProgressIndicator(`Importing ${fileData.idp[idpId]._id}`);
           const scriptId = fileData.idp[idpId].transform;
           const scriptData = fileData.script[scriptId];
-
           if (scriptId && scriptData) {
-            scriptData.script = convertTextArrayToBase64(scriptData.script); // eslint-disable-next-line no-await-in-loop
-
+            scriptData.script = convertTextArrayToBase64(scriptData.script);
+            // eslint-disable-next-line no-await-in-loop
             await createOrUpdateScript(fileData.idp[idpId].transform, fileData.script[fileData.idp[idpId].transform]);
           }
-
           putProviderByTypeAndId(fileData.idp[idpId]._type._id, idpId, fileData.idp[idpId]).then(result => {
             if (result == null) {
               stopProgressIndicator(`Error importing provider ${fileData.idp[idpId]._id}`);
@@ -233,80 +207,68 @@ export async function importFirstSocialProviderFromFile(file) {
     }
   });
 }
+
 /**
  * Import all providers from file
  * @param {String} file import file name
  */
-
 export async function importSocialProvidersFromFile(file) {
   fs.readFile(file, 'utf8', async (err, data) => {
     if (err) throw err;
     const fileData = JSON.parse(data);
-
     if (validateImport(fileData.meta)) {
       createProgressIndicator(Object.keys(fileData.idp).length, 'Importing providers...');
-
       for (const idpId in fileData.idp) {
         if ({}.hasOwnProperty.call(fileData.idp, idpId)) {
           const scriptId = fileData.idp[idpId].transform;
           const scriptData = fileData.script[scriptId];
-
           if (scriptId && scriptData) {
-            scriptData.script = convertTextArrayToBase64(scriptData.script); // eslint-disable-next-line no-await-in-loop
-
+            scriptData.script = convertTextArrayToBase64(scriptData.script);
+            // eslint-disable-next-line no-await-in-loop
             await createOrUpdateScript(fileData.idp[idpId].transform, fileData.script[fileData.idp[idpId].transform]);
-          } // eslint-disable-next-line no-await-in-loop
-
-
+          }
+          // eslint-disable-next-line no-await-in-loop
           const result = await putProviderByTypeAndId(fileData.idp[idpId]._type._id, idpId, fileData.idp[idpId]);
-
           if (!result) {
             updateProgressIndicator(`Successfully imported ${fileData.idp[idpId].name}`);
           }
         }
       }
-
       stopProgressIndicator(`Providers imported.`);
     } else {
       printMessage('Import validation failed...', 'error');
     }
   });
 }
+
 /**
  * Import providers from *.idp.json files in current working directory
  */
-
 export async function importSocialProvidersFromFiles() {
   const names = fs.readdirSync('.');
   const jsonFiles = names.filter(name => name.toLowerCase().endsWith('.idp.json'));
   createProgressIndicator(jsonFiles.length, 'Importing providers...');
   let total = 0;
-
   for (const file of jsonFiles) {
     const data = fs.readFileSync(file, 'utf8');
     const fileData = JSON.parse(data);
-
     if (validateImport(fileData.meta)) {
       const count = Object.keys(fileData.idp).length;
       total += count;
-
       for (const idpId in fileData.idp) {
         if ({}.hasOwnProperty.call(fileData.idp, idpId)) {
           // eslint-disable-next-line no-await-in-loop
           const result = await putProviderByTypeAndId(fileData.idp[idpId]._type._id, idpId, fileData.idp[idpId]);
-
           if (result == null) {
             printMessage(`Error importing ${count} providers from ${file}`, 'error');
           }
         }
       }
-
       updateProgressIndicator(`Imported ${count} provider(s) from ${file}`);
     } else {
       printMessage(`Validation of ${file} failed!`, 'error');
     }
   }
-
   stopProgressIndicator(`Finished importing ${total} provider(s) from ${jsonFiles.length} file(s).`);
 }
 //# sourceMappingURL=IdpOps.js.map

package/esm/ops/IdpOps.test.mjs

@@ -4,11 +4,11 @@ import { Idp, state } from '../index';
 import * as global from '../storage/StaticStorage';
 import { mockGetSocialProviders } from '../test/mocks/ForgeRockApiMockEngine';
 const mock = new MockAdapter(axios);
-state.default.session.setTenant('https://openam-frodo-dev.forgeblocks.com/am');
-state.default.session.setRealm('alpha');
-state.default.session.setCookieName('cookieName');
-state.default.session.setCookieValue('cookieValue');
-state.default.session.setDeploymentType(global.CLOUD_DEPLOYMENT_TYPE_KEY);
+state.setHost('https://openam-frodo-dev.forgeblocks.com/am');
+state.setRealm('alpha');
+state.setCookieName('cookieName');
+state.setCookieValue('cookieValue');
+state.setDeploymentType(global.CLOUD_DEPLOYMENT_TYPE_KEY);
 describe('IdpOps - exportSocialProviderToFile()', () => {
   test('exportSocialProviderToFile() 0: Method is implemented', async () => {
     expect(Idp.exportSocialProviderToFile).toBeDefined();

package/esm/ops/JoseOps.mjs

@@ -0,0 +1,41 @@
+import jose from 'node-jose';
+export async function createJwkRsa() {
+  const jwk = await jose.JWK.createKey('RSA', 4096, {
+    alg: 'RS256'
+  });
+  // include the private key
+  return jwk.toJSON(true);
+}
+export async function getJwkRsaPublic(jwkJson) {
+  const jwk = await jose.JWK.asKey(jwkJson);
+  // do not include the private key
+  return jwk.toJSON(false);
+}
+export function createJwks(...keys) {
+  return {
+    keys
+  };
+}
+export async function createSignedJwtToken(payload, jwkJson) {
+  const key = await jose.JWK.asKey(jwkJson);
+  if (typeof payload === 'object') {
+    payload = JSON.stringify(payload);
+  }
+  const jwt = await jose.JWS.createSign({
+    alg: 'RS256',
+    compact: true,
+    fields: {}
+  },
+  // https://github.com/cisco/node-jose/issues/253
+  {
+    key,
+    reference: false
+  }).update(payload).final();
+  return jwt;
+}
+export async function verifySignedJwtToken(jwt, jwkJson) {
+  const jwk = await jose.JWK.asKey(jwkJson);
+  const verifyResult = await jose.JWS.createVerify(jwk).verify(jwt);
+  return verifyResult;
+}
+//# sourceMappingURL=JoseOps.js.map

package/esm/ops/JoseOps.test.mjs

@@ -0,0 +1,137 @@
+import { jest } from '@jest/globals';
+import * as Jose from './JoseOps';
+import { parseUrl } from '../api/utils/ApiUtils';
+import { v4 } from 'uuid';
+import { isEqualJson } from './utils/OpsUtils';
+import { decode } from '../api/utils/Base64';
+
+// Increase timeout for this test as pipeline keeps failing with error:
+// Timeout - Async callback was not invoked within the 5000 ms timeout specified by jest.setTimeout.
+jest.setTimeout(30000);
+describe('JoseOps - createJWK()', () => {
+  test('createJWK() 0: Method is implemented', async () => {
+    expect(Jose.createJwkRsa).toBeDefined();
+  });
+  test('createJWK() 1: Create JWK with RSA key', async () => {
+    const jwk = await Jose.createJwkRsa();
+    expect(jwk).toBeTruthy();
+    expect(jwk.kty).toBe('RSA');
+    expect(jwk.alg).toBe('RS256');
+    expect(jwk.kid).toBeTruthy();
+    expect(jwk.d).toBeTruthy();
+    expect(jwk.dp).toBeTruthy();
+    expect(jwk.dq).toBeTruthy();
+    expect(jwk.e).toBe('AQAB');
+    expect(jwk.n).toBeTruthy();
+    expect(jwk.p).toBeTruthy();
+    expect(jwk.q).toBeTruthy();
+    expect(jwk.qi).toBeTruthy();
+  });
+});
+describe('JoseOps - getJwkRsaPublic()', () => {
+  test('getJwkRsaPublic() 0: Method is implemented', async () => {
+    expect(Jose.getJwkRsaPublic).toBeDefined();
+  });
+  test('getJwkRsaPublic() 1: Get JWK with RSA public key, only', async () => {
+    const jwk = await Jose.createJwkRsa();
+    const jwkPublic = await Jose.getJwkRsaPublic(jwk);
+    expect(jwkPublic).toBeTruthy();
+    expect(jwkPublic.kty).toBe('RSA');
+    expect(jwkPublic.alg).toBe('RS256');
+    expect(jwkPublic.kid).toBeTruthy();
+    expect(jwkPublic['d']).toBeFalsy();
+    expect(jwkPublic['dp']).toBeFalsy();
+    expect(jwkPublic['dq']).toBeFalsy();
+    expect(jwkPublic.e).toBe('AQAB');
+    expect(jwkPublic.n).toBeTruthy();
+    expect(jwkPublic['p']).toBeFalsy();
+    expect(jwkPublic['q']).toBeFalsy();
+    expect(jwkPublic['qi']).toBeFalsy();
+  });
+});
+describe('JoseOps - createJwks()', () => {
+  test('createJwks() 0: Method is implemented', async () => {
+    expect(Jose.createJwks).toBeDefined();
+  });
+  test('createJwks() 1: Create JWKS with 1 key', async () => {
+    const jwk = await Jose.createJwkRsa();
+    const jwks = await Jose.createJwks(jwk);
+    expect(jwks).toBeTruthy();
+    expect(jwks.keys).toBeTruthy();
+    expect(jwks.keys.length).toBe(1);
+  });
+  test('createJwks() 2: Create JWKS with 2 keys', async () => {
+    const jwk1 = await Jose.createJwkRsa();
+    const jwk2 = await Jose.createJwkRsa();
+    const jwks = await Jose.createJwks(jwk1, jwk2);
+    expect(jwks).toBeTruthy();
+    expect(jwks.keys).toBeTruthy();
+    expect(jwks.keys.length).toBe(2);
+  });
+});
+describe('JoseOps - createSignedJwtToken()', () => {
+  test('createSignedJwtToken() 0: Method is implemented', async () => {
+    expect(Jose.createSignedJwtToken).toBeDefined();
+  });
+  test('createSignedJwtToken() 1: Create signed JWT', async () => {
+    // The audience is the URL of the access token in the realm for client, and must include the port number
+    const u = parseUrl('https://openam-svcaccts-final.forgeblocks.com/am');
+    const aud = `${u.origin}:${u.port ? u.port : u.protocol === 'https' ? '443' : '80'}${u.pathname}/oauth2/access_token`;
+
+    // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH
+    const exp = Math.floor(new Date().getTime() / 1000 + 180);
+
+    // A unique ID for the JWT which is required when requesting the openid scope
+    const jti = v4();
+    const iss = '0de8d0d8-e423-41e8-9034-73883af90917';
+    const sub = iss;
+
+    // Create the payload for our bearer token
+    const payload = {
+      iss,
+      sub,
+      aud,
+      exp,
+      jti
+    };
+    const jwk = await Jose.createJwkRsa();
+    const jwt = await Jose.createSignedJwtToken(payload, jwk);
+    expect(jwt).toBeTruthy();
+    expect(jwt.split('.').length).toBe(3);
+    expect(isEqualJson(JSON.parse(decode(jwt.split('.')[1])), payload)).toBeTruthy();
+  });
+});
+describe('JoseOps - verifySignedJwtToken()', () => {
+  test('verifySignedJwtToken() 0: Method is implemented', async () => {
+    expect(Jose.verifySignedJwtToken).toBeDefined();
+  });
+  test('verifySignedJwtToken() 1: Verify signed JWT', async () => {
+    // The audience is the URL of the access token in the realm for client, and must include the port number
+    const u = parseUrl('https://openam-svcaccts-final.forgeblocks.com/am');
+    const aud = `${u.origin}:${u.port ? u.port : u.protocol === 'https' ? '443' : '80'}${u.pathname}/oauth2/access_token`;
+
+    // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH
+    const exp = Math.floor(new Date().getTime() / 1000 + 180);
+
+    // A unique ID for the JWT which is required when requesting the openid scope
+    const jti = v4();
+    const iss = '0de8d0d8-e423-41e8-9034-73883af90917';
+    const sub = iss;
+
+    // Create the payload for our bearer token
+    const payload = {
+      iss,
+      sub,
+      aud,
+      exp,
+      jti
+    };
+    const jwk = await Jose.createJwkRsa();
+    const jwt = await Jose.createSignedJwtToken(payload, jwk);
+    expect(jwt).toBeTruthy();
+    const jwkPublic = await Jose.getJwkRsaPublic(jwk);
+    const verifyResult = await Jose.verifySignedJwtToken(jwt, jwkPublic);
+    expect(isEqualJson(JSON.parse(verifyResult.payload.toString()), payload)).toBeTruthy();
+  });
+});
+//# sourceMappingURL=JoseOps.test.js.map