@tsed/oidc-provider 8.0.1 → 8.0.3

package/src/services/OidcInteractionContext.spec.ts

@@ -0,0 +1,304 @@
+import {catchAsyncError, catchError} from "@tsed/core";
+import {runInContext} from "@tsed/di";
+import {PlatformTest} from "@tsed/platform-http/testing";
+
+import {OidcInteractionContext} from "./OidcInteractionContext.js";
+import {OidcProvider} from "./OidcProvider.js";
+
+async function createOidcInteractionContextFixture(grantId: any = "grantId") {
+  const $ctx = PlatformTest.createRequestContext();
+
+  const session = {
+    accountId: "accountId"
+  };
+
+  const interactionDetails: any = {
+    uid: "uid",
+    grantId,
+    session,
+    prompt: {
+      name: "login"
+    },
+    params: {
+      client_id: "client_id",
+      email: "email@email.com"
+    },
+    save: vi.fn()
+  };
+
+  const oidcProvider = {
+    interactionDetails: vi.fn().mockResolvedValue(interactionDetails),
+    interactionFinished: vi.fn().mockResolvedValue(undefined),
+    interactionResult: vi.fn().mockResolvedValue(undefined),
+    setProviderSession: vi.fn().mockResolvedValue(undefined),
+    find: vi.fn().mockResolvedValue("grant"),
+    Grant: class {
+      static find = vi.fn().mockResolvedValue("grant");
+    },
+    Client: {
+      find: vi.fn().mockResolvedValue({
+        client_id: "client_id"
+      })
+    },
+    Account: {
+      findAccount: vi.fn().mockResolvedValue({
+        accountId: "accountId"
+      })
+    }
+  };
+  const oidcCtx = await PlatformTest.invoke<OidcInteractionContext>(OidcInteractionContext, [
+    {
+      token: OidcProvider,
+      use: {
+        get() {
+          return oidcProvider;
+        }
+      }
+    }
+  ]);
+
+  await runInContext($ctx, () => oidcCtx.interactionDetails());
+
+  return {$ctx, oidcCtx, oidcProvider, session, interactionDetails};
+}
+
+describe("OidcInteractionContext", () => {
+  beforeEach(() => PlatformTest.create());
+  afterEach(() => PlatformTest.reset());
+
+  describe("uid()", () => {
+    it("should return uid", async () => {
+      const {$ctx, oidcCtx} = await createOidcInteractionContextFixture();
+
+      await runInContext($ctx, () => {
+        expect(oidcCtx.uid).toEqual("uid");
+      });
+    });
+  });
+
+  describe("checkInteractionName()", () => {
+    it("should throw error", async () => {
+      const {$ctx, oidcCtx} = await createOidcInteractionContextFixture();
+
+      await runInContext($ctx, () => {
+        const error: any = catchError(() => oidcCtx.checkInteractionName("test"));
+
+        expect(error?.message).toEqual("Bad interaction name");
+      });
+    });
+  });
+
+  describe("checkClientId()", () => {
+    it("should throw error", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+      oidcProvider.Client.find.mockResolvedValue(undefined);
+
+      await runInContext($ctx, async () => {
+        const error: any = await catchAsyncError(() => oidcCtx.checkClientId());
+
+        expect(error?.message).toEqual("Unknown client_id client_id");
+      });
+    });
+  });
+
+  describe("grantId()", () => {
+    it("should return uid", async () => {
+      const {$ctx, oidcCtx} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, () => {
+        expect(oidcCtx.grantId).toEqual("grantId");
+      });
+    });
+  });
+
+  describe("session()", () => {
+    it("should return session", async () => {
+      const {$ctx, oidcCtx, interactionDetails} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, () => {
+        expect(oidcCtx.session).toEqual(interactionDetails.session);
+      });
+    });
+  });
+
+  describe("prompt()", () => {
+    it("should return prompt", async () => {
+      const {$ctx, oidcCtx} = await createOidcInteractionContextFixture();
+
+      await runInContext($ctx, () => {
+        expect(oidcCtx.prompt).toEqual({
+          name: "login"
+        });
+      });
+    });
+  });
+
+  describe("params()", () => {
+    it("should return params", async () => {
+      const {$ctx, oidcCtx, interactionDetails} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, () => {
+        expect(oidcCtx.params).toEqual(interactionDetails.params);
+      });
+    });
+  });
+
+  describe("interactionFinished()", () => {
+    it("should return call interactionFinished", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+
+      await runInContext($ctx, async () => {
+        await oidcCtx.interactionFinished({login: {accountId: "string"}}, {mergeWithLastSubmission: false});
+
+        expect(oidcProvider.interactionFinished).toHaveBeenCalledWith(
+          $ctx.getReq(),
+          $ctx.getRes(),
+          {login: {accountId: "string"}},
+          {mergeWithLastSubmission: false}
+        );
+      });
+    });
+  });
+
+  describe("interactionResult()", () => {
+    it("should return call interactionResult", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        await oidcCtx.interactionResult({login: {accountId: "string"}}, {mergeWithLastSubmission: false});
+
+        expect(oidcProvider.interactionResult).toHaveBeenCalledWith(
+          $ctx.getReq(),
+          $ctx.getRes(),
+          {login: {accountId: "string"}},
+          {mergeWithLastSubmission: false}
+        );
+      });
+    });
+    it("should return call interactionResult (default)", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        await oidcCtx.interactionResult({login: {accountId: "string"}});
+
+        expect(oidcProvider.interactionResult).toHaveBeenCalledWith(
+          $ctx.getReq(),
+          $ctx.getRes(),
+          {login: {accountId: "string"}},
+          {mergeWithLastSubmission: false}
+        );
+      });
+    });
+  });
+
+  describe("render()", () => {
+    it("should return call render", async () => {
+      const {$ctx, oidcCtx} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        vi.spyOn($ctx.response, "render").mockResolvedValue("");
+
+        await oidcCtx.render("login", {});
+
+        expect($ctx.response.render).toHaveBeenCalledWith("login", {});
+      });
+    });
+  });
+
+  describe("save()", () => {
+    it("should return call save", async () => {
+      const {$ctx, oidcCtx, interactionDetails} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        await oidcCtx.save(2000);
+
+        expect(interactionDetails.save).toHaveBeenCalledWith(2000);
+      });
+    });
+
+    it("should return call save (default)", async () => {
+      const {$ctx, oidcCtx, interactionDetails} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        await oidcCtx.save(100);
+
+        expect(interactionDetails.save).toHaveBeenCalledWith(100);
+      });
+    });
+  });
+
+  describe("findClient()", () => {
+    it("should return call findClient", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        const result = await oidcCtx.findClient("client_id");
+
+        expect(result).toEqual({
+          client_id: "client_id"
+        });
+        expect(oidcProvider.Client.find).toHaveBeenCalledWith("client_id");
+      });
+    });
+
+    it("should return call findClient (default)", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+
+      await runInContext($ctx, async () => {
+        const result = await oidcCtx.findClient();
+
+        expect(result).toEqual({
+          client_id: "client_id"
+        });
+        expect(oidcProvider.Client.find).toHaveBeenCalledWith("client_id");
+      });
+    });
+  });
+
+  describe("findAccount()", () => {
+    it("should return call findAccount", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        const result = await oidcCtx.findAccount(undefined, "token");
+
+        expect(oidcProvider.Account.findAccount).toHaveBeenCalledWith(undefined, "accountId", "token");
+        expect(result).toEqual({
+          accountId: "accountId"
+        });
+      });
+    });
+
+    it("should return call findAccount (with accountId)", async () => {
+      const {$ctx, oidcCtx, oidcProvider} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        const result = await oidcCtx.findAccount("accountId", "token");
+
+        expect(oidcProvider.Account.findAccount).toHaveBeenCalledWith(undefined, "accountId", "token");
+        expect(result).toEqual({
+          accountId: "accountId"
+        });
+      });
+    });
+
+    it("should return call findAccount (without session/accountId)", async () => {
+      const {$ctx, oidcCtx, interactionDetails} = await createOidcInteractionContextFixture();
+
+      await runInContext($ctx, async () => {
+        interactionDetails.session.accountId = undefined;
+
+        const result = await runInContext($ctx, () => oidcCtx.findAccount(undefined, "token"));
+
+        expect(result).toBeUndefined();
+      });
+    });
+  });
+
+  describe("getGrant()", () => {
+    it("should return call grant from grantId", async () => {
+      const {$ctx, oidcCtx} = await createOidcInteractionContextFixture();
+      await runInContext($ctx, async () => {
+        const result = await oidcCtx.getGrant();
+        expect(result).toEqual("grant");
+      });
+    });
+
+    it("should create grant", async () => {
+      const {$ctx, oidcCtx} = await createOidcInteractionContextFixture(null);
+      await runInContext($ctx, async () => {
+        const result = await oidcCtx.getGrant();
+        expect(result).toEqual({});
+      });
+    });
+  });
+});

package/src/services/OidcInteractionContext.ts

@@ -0,0 +1,206 @@
+import {Env} from "@tsed/core";
+import {constant, context, inject, Injectable} from "@tsed/di";
+import {Unauthorized} from "@tsed/exceptions";
+import {PlatformContext} from "@tsed/platform-http";
+import omit from "lodash/omit.js";
+import type {Account, default as Provider, InteractionResults, PromptDetail} from "oidc-provider";
+
+import {
+  INTERACTION_CONTEXT,
+  INTERACTION_DETAILS,
+  INTERACTION_GRANT_ID,
+  INTERACTION_PARAMS,
+  INTERACTION_PROMPT,
+  INTERACTION_SESSION,
+  INTERACTION_UID
+} from "../constants/constants.js";
+import {OidcSession} from "../decorators/oidcSession.js";
+import {OidcClient, OidcInteraction} from "../domain/interfaces.js";
+import {OidcBadInteractionName} from "../domain/OidcBadInteractionName.js";
+import {OidcInteractionPromptProps} from "../domain/OidcInteractionPromptProps.js";
+import {debug} from "../utils/debug.js";
+import {OidcInteractions} from "./OidcInteractions.js";
+import {OidcProvider} from "./OidcProvider.js";
+
+@Injectable()
+export class OidcInteractionContext {
+  protected env = constant<Env>("env");
+  protected oidcProvider = inject(OidcProvider);
+  protected oidcInteractions = inject(OidcInteractions);
+
+  get $ctx() {
+    return context<PlatformContext>();
+  }
+
+  get raw(): OidcInteraction {
+    return this.$ctx.get(INTERACTION_DETAILS)!;
+  }
+
+  get session(): OidcSession | undefined {
+    return this.raw.session as any;
+  }
+
+  get prompt(): PromptDetail {
+    return this.raw.prompt;
+  }
+
+  get params(): Record<string, any> {
+    return this.raw.params;
+  }
+
+  get uid(): string {
+    return this.raw.uid;
+  }
+
+  get grantId(): string {
+    return (this.raw as any).grantId;
+  }
+
+  async runInteraction(name?: string) {
+    name = name || this.prompt.name;
+
+    const handler = this.oidcInteractions.getInteractionHandler(name);
+
+    if (handler) {
+      this.raw.prompt = {
+        ...this.raw.prompt,
+        name,
+        reasons: [name]
+      };
+
+      await handler(this.$ctx);
+    }
+  }
+
+  async interactionDetails(): Promise<OidcInteraction> {
+    const raw = await this.oidcProvider.get().interactionDetails(this.$ctx.getReq(), this.$ctx.getRes());
+    const {uid, prompt, params, session, grantId} = raw as any;
+
+    this.$ctx.set(INTERACTION_CONTEXT, this);
+    this.$ctx.set(INTERACTION_DETAILS, raw);
+    this.$ctx.set(INTERACTION_UID, uid);
+    this.$ctx.set(INTERACTION_PROMPT, prompt);
+    this.$ctx.set(INTERACTION_PARAMS, params);
+    this.$ctx.set(INTERACTION_GRANT_ID, grantId);
+    this.$ctx.set(INTERACTION_SESSION, session);
+
+    return raw;
+  }
+
+  interactionFinished(
+    result: InteractionResults,
+    options: {
+      mergeWithLastSubmission?: boolean;
+    } = {mergeWithLastSubmission: false}
+  ) {
+    return this.oidcProvider.get().interactionFinished(this.$ctx.getReq(), this.$ctx.getRes(), result, options);
+  }
+
+  interactionResult(
+    result: InteractionResults,
+    options: {
+      mergeWithLastSubmission?: boolean;
+    } = {mergeWithLastSubmission: false}
+  ) {
+    return this.oidcProvider.get().interactionResult(this.$ctx.getReq(), this.$ctx.getRes(), result, options);
+  }
+
+  async interactionPrompt({client, ...options}: Record<string, any>): Promise<OidcInteractionPromptProps> {
+    client = client || (await this.findClient());
+
+    const omitClientProps = constant("oidc.render.omitClientProps", []);
+
+    return {
+      client: omit(client, ["clientSecret", ...omitClientProps]),
+      uid: this.uid,
+      grantId: this.grantId,
+      details: this.prompt.details,
+      params: {
+        ...this.params,
+        ...options.params
+      },
+      ...options,
+      ...this.debug()
+    };
+  }
+
+  render(view: string, result: any): Promise<string> {
+    return this.$ctx.response.render(view, result);
+  }
+
+  save(ttl: number): Promise<string> {
+    return this.raw.save(ttl);
+  }
+
+  findClient(clientId: string = this.params.client_id): Promise<OidcClient | undefined> {
+    const key = `$client:${clientId}`;
+
+    return this.$ctx.cacheAsync(key, () => this.oidcProvider.get().Client.find(clientId));
+  }
+
+  findAccount(sub?: string, token?: any): Promise<Account | undefined> {
+    if (!sub && this.session) {
+      sub = this.session?.accountId as any;
+    }
+
+    if (!sub) {
+      return Promise.resolve(undefined);
+    }
+
+    const key = `$account:${sub}`;
+
+    return this.$ctx.cacheAsync<Account | undefined>(key, (() => {
+      return this.oidcProvider.get().Account.findAccount(undefined as any, sub!, token);
+    }) as any);
+  }
+
+  getGrant(): Promise<InstanceType<Provider["Grant"]>> {
+    const {Grant} = this.oidcProvider.get() as any;
+
+    if (this.grantId) {
+      // we'll be modifying existing grant in existing session
+      // @ts-ignore
+      return Grant.find(this.grantId);
+    }
+
+    return Promise.resolve(
+      new Grant({
+        accountId: this.session?.accountId,
+        clientId: this.params.client_id
+      })
+    );
+  }
+
+  checkInteractionName(name: string) {
+    if (this.prompt.name !== name) {
+      throw new OidcBadInteractionName("Bad interaction name");
+    }
+  }
+
+  async checkClientId(clientId = this.params.client_id) {
+    const client = await this.findClient(clientId);
+
+    if (!client) {
+      throw new Unauthorized(`Unknown client_id ${clientId}`);
+    }
+  }
+
+  debug(obj?: any): any {
+    /* istanbul ignore next */
+    if (this.env === Env.PROD) {
+      return {session: undefined, dbg: {params: undefined, prompt: undefined}};
+    }
+
+    if (obj) {
+      return debug(obj);
+    }
+
+    return {
+      session: this.session ? this.debug(this.session) : undefined,
+      dbg: {
+        params: this.debug(this.params),
+        prompt: this.debug(this.prompt)
+      }
+    };
+  }
+}

package/src/services/OidcInteractions.ts

@@ -0,0 +1,57 @@
+import {Env} from "@tsed/core";
+import {constant, Injectable, injector, Provider, TokenProvider} from "@tsed/di";
+import {PlatformContext, PlatformHandler} from "@tsed/platform-http";
+import {EndpointMetadata} from "@tsed/schema";
+
+import {INTERACTION, INTERACTION_OPTIONS, INTERACTIONS} from "../constants/constants.js";
+import {OidcInteractionOptions} from "../domain/OidcInteractionOptions.js";
+
+@Injectable()
+export class OidcInteractions {
+  protected injector = injector();
+  protected env = constant<Env>("env");
+  protected interactions: Map<string, Provider> = new Map();
+
+  $onInit(): void {
+    const platformHandler = this.injector.get<PlatformHandler>(PlatformHandler)!;
+
+    this.getInteractions().forEach((provider: Provider) => {
+      const {name} = provider.store.get<OidcInteractionOptions>(INTERACTION_OPTIONS);
+      this.interactions.set(name, provider);
+
+      if (this.injector.get(provider.token)?.$prompt) {
+        provider.store.set("$prompt", platformHandler.createCustomHandler(provider, "$prompt"));
+      }
+    });
+  }
+
+  getInteractions(): Provider[] {
+    const interactionsProvider = this.injector.getProviders().find((provider) => provider.subType === INTERACTIONS);
+
+    /* istanbul ignore next */
+    if (!interactionsProvider) {
+      return [];
+    }
+
+    return interactionsProvider.children
+      .map((token: TokenProvider) => this.injector.getProvider(token)!)
+      .filter((provider: Provider) => provider?.subType === INTERACTION);
+  }
+
+  getInteractionProvider(name: string): Provider | undefined {
+    return this.interactions.get(name);
+  }
+
+  getInteractionHandler(name: string) {
+    const interaction = this.getInteractionProvider(name);
+
+    if (interaction) {
+      const endpoint = EndpointMetadata.get(interaction.useClass, "$prompt");
+      return (ctx: PlatformContext) => {
+        // Add current endpoint metadata to ctx
+        ctx.endpoint = endpoint;
+        return interaction.store.get("$prompt")(ctx);
+      };
+    }
+  }
+}

package/src/services/OidcJwks.ts

@@ -0,0 +1,21 @@
+import {constant, Injectable} from "@tsed/di";
+import {getJwks, JwksKeyParameters} from "@tsed/jwks";
+import {join} from "path";
+
+@Injectable()
+export class OidcJwks {
+  public jwksPath: string = constant("oidc.jwksPath", join(process.cwd(), "keys", "jwks.json"));
+  public certificates?: JwksKeyParameters[] = constant("oidc.certificates");
+  public keys: string;
+
+  $onInit() {
+    return this.getJwks();
+  }
+
+  getJwks() {
+    return getJwks({
+      path: this.jwksPath,
+      certificates: this.certificates
+    });
+  }
+}