@tsed/oidc-provider 8.11.1 → 8.12.0-rc.1

package/src/services/OidcInteractionContext.ts

@@ -1,206 +0,0 @@
-import {Env} from "@tsed/core";
-import {constant, context, inject, Injectable} from "@tsed/di";
-import {Unauthorized} from "@tsed/exceptions";
-import {PlatformContext} from "@tsed/platform-http";
-import omit from "lodash/omit.js";
-import type {Account, default as Provider, InteractionResults, PromptDetail} from "oidc-provider";
-
-import {
-  INTERACTION_CONTEXT,
-  INTERACTION_DETAILS,
-  INTERACTION_GRANT_ID,
-  INTERACTION_PARAMS,
-  INTERACTION_PROMPT,
-  INTERACTION_SESSION,
-  INTERACTION_UID
-} from "../constants/constants.js";
-import {OidcSession} from "../decorators/oidcSession.js";
-import {OidcClient, OidcInteraction} from "../domain/interfaces.js";
-import {OidcBadInteractionName} from "../domain/OidcBadInteractionName.js";
-import {OidcInteractionPromptProps} from "../domain/OidcInteractionPromptProps.js";
-import {debug} from "../utils/debug.js";
-import {OidcInteractions} from "./OidcInteractions.js";
-import {OidcProvider} from "./OidcProvider.js";
-
-@Injectable()
-export class OidcInteractionContext {
-  protected env = constant<Env>("env");
-  protected oidcProvider = inject(OidcProvider);
-  protected oidcInteractions = inject(OidcInteractions);
-
-  get $ctx() {
-    return context<PlatformContext>();
-  }
-
-  get raw(): OidcInteraction {
-    return this.$ctx.get(INTERACTION_DETAILS)!;
-  }
-
-  get session(): OidcSession | undefined {
-    return this.raw.session as any;
-  }
-
-  get prompt(): PromptDetail {
-    return this.raw.prompt;
-  }
-
-  get params(): Record<string, any> {
-    return this.raw.params;
-  }
-
-  get uid(): string {
-    return this.raw.uid;
-  }
-
-  get grantId(): string {
-    return (this.raw as any).grantId;
-  }
-
-  async runInteraction(name?: string) {
-    name = name || this.prompt.name;
-
-    const handler = this.oidcInteractions.getInteractionHandler(name);
-
-    if (handler) {
-      this.raw.prompt = {
-        ...this.raw.prompt,
-        name,
-        reasons: [name]
-      };
-
-      await handler(this.$ctx);
-    }
-  }
-
-  async interactionDetails(): Promise<OidcInteraction> {
-    const raw = await this.oidcProvider.get().interactionDetails(this.$ctx.getReq(), this.$ctx.getRes());
-    const {uid, prompt, params, session, grantId} = raw as any;
-
-    this.$ctx.set(INTERACTION_CONTEXT, this);
-    this.$ctx.set(INTERACTION_DETAILS, raw);
-    this.$ctx.set(INTERACTION_UID, uid);
-    this.$ctx.set(INTERACTION_PROMPT, prompt);
-    this.$ctx.set(INTERACTION_PARAMS, params);
-    this.$ctx.set(INTERACTION_GRANT_ID, grantId);
-    this.$ctx.set(INTERACTION_SESSION, session);
-
-    return raw;
-  }
-
-  interactionFinished(
-    result: InteractionResults,
-    options: {
-      mergeWithLastSubmission?: boolean;
-    } = {mergeWithLastSubmission: false}
-  ) {
-    return this.oidcProvider.get().interactionFinished(this.$ctx.getReq(), this.$ctx.getRes(), result, options);
-  }
-
-  interactionResult(
-    result: InteractionResults,
-    options: {
-      mergeWithLastSubmission?: boolean;
-    } = {mergeWithLastSubmission: false}
-  ) {
-    return this.oidcProvider.get().interactionResult(this.$ctx.getReq(), this.$ctx.getRes(), result, options);
-  }
-
-  async interactionPrompt({client, ...options}: Record<string, any>): Promise<OidcInteractionPromptProps> {
-    client = client || (await this.findClient());
-
-    const omitClientProps = constant("oidc.render.omitClientProps", []);
-
-    return {
-      client: omit(client, ["clientSecret", ...omitClientProps]),
-      uid: this.uid,
-      grantId: this.grantId,
-      details: this.prompt.details,
-      params: {
-        ...this.params,
-        ...options.params
-      },
-      ...options,
-      ...this.debug()
-    };
-  }
-
-  render(view: string, result: any): Promise<string> {
-    return this.$ctx.response.render(view, result);
-  }
-
-  save(ttl: number): Promise<string> {
-    return this.raw.save(ttl);
-  }
-
-  findClient(clientId: string = this.params.client_id): Promise<OidcClient | undefined> {
-    const key = `$client:${clientId}`;
-
-    return this.$ctx.cacheAsync(key, () => this.oidcProvider.get().Client.find(clientId));
-  }
-
-  findAccount(sub?: string, token?: any): Promise<Account | undefined> {
-    if (!sub && this.session) {
-      sub = this.session?.accountId as any;
-    }
-
-    if (!sub) {
-      return Promise.resolve(undefined);
-    }
-
-    const key = `$account:${sub}`;
-
-    return this.$ctx.cacheAsync<Account | undefined>(key, (() => {
-      return this.oidcProvider.get().Account.findAccount(undefined as any, sub!, token);
-    }) as any);
-  }
-
-  getGrant(): Promise<InstanceType<Provider["Grant"]>> {
-    const {Grant} = this.oidcProvider.get() as any;
-
-    if (this.grantId) {
-      // we'll be modifying existing grant in existing session
-      // @ts-ignore
-      return Grant.find(this.grantId);
-    }
-
-    return Promise.resolve(
-      new Grant({
-        accountId: this.session?.accountId,
-        clientId: this.params.client_id
-      })
-    );
-  }
-
-  checkInteractionName(name: string) {
-    if (this.prompt.name !== name) {
-      throw new OidcBadInteractionName("Bad interaction name");
-    }
-  }
-
-  async checkClientId(clientId = this.params.client_id) {
-    const client = await this.findClient(clientId);
-
-    if (!client) {
-      throw new Unauthorized(`Unknown client_id ${clientId}`);
-    }
-  }
-
-  debug(obj?: any): any {
-    /* istanbul ignore next */
-    if (this.env === Env.PROD) {
-      return {session: undefined, dbg: {params: undefined, prompt: undefined}};
-    }
-
-    if (obj) {
-      return debug(obj);
-    }
-
-    return {
-      session: this.session ? this.debug(this.session) : undefined,
-      dbg: {
-        params: this.debug(this.params),
-        prompt: this.debug(this.prompt)
-      }
-    };
-  }
-}

package/src/services/OidcInteractions.ts

@@ -1,57 +0,0 @@
-import {Env} from "@tsed/core";
-import {constant, Injectable, injector, Provider, TokenProvider} from "@tsed/di";
-import {PlatformContext, PlatformHandler} from "@tsed/platform-http";
-import {EndpointMetadata} from "@tsed/schema";
-
-import {INTERACTION, INTERACTION_OPTIONS, INTERACTIONS} from "../constants/constants.js";
-import {OidcInteractionOptions} from "../domain/OidcInteractionOptions.js";
-
-@Injectable()
-export class OidcInteractions {
-  protected injector = injector();
-  protected env = constant<Env>("env");
-  protected interactions: Map<string, Provider> = new Map();
-
-  $onInit(): void {
-    const platformHandler = this.injector.get<PlatformHandler>(PlatformHandler)!;
-
-    this.getInteractions().forEach((provider: Provider) => {
-      const {name} = provider.store.get<OidcInteractionOptions>(INTERACTION_OPTIONS);
-      this.interactions.set(name, provider);
-
-      if (this.injector.get(provider.token)?.$prompt) {
-        provider.store.set("$prompt", platformHandler.createCustomHandler(provider, "$prompt"));
-      }
-    });
-  }
-
-  getInteractions(): Provider[] {
-    const interactionsProvider = this.injector.getProviders().find((provider) => provider.subType === INTERACTIONS);
-
-    /* istanbul ignore next */
-    if (!interactionsProvider) {
-      return [];
-    }
-
-    return interactionsProvider.children
-      .map((token: TokenProvider) => this.injector.getProvider(token)!)
-      .filter((provider: Provider) => provider?.subType === INTERACTION);
-  }
-
-  getInteractionProvider(name: string): Provider | undefined {
-    return this.interactions.get(name);
-  }
-
-  getInteractionHandler(name: string) {
-    const interaction = this.getInteractionProvider(name);
-
-    if (interaction) {
-      const endpoint = EndpointMetadata.get(interaction.useClass, "$prompt");
-      return (ctx: PlatformContext) => {
-        // Add current endpoint metadata to ctx
-        ctx.endpoint = endpoint;
-        return interaction.store.get("$prompt")(ctx);
-      };
-    }
-  }
-}

package/src/services/OidcJwks.ts

@@ -1,22 +0,0 @@
-import {join} from "node:path";
-
-import {constant, Injectable} from "@tsed/di";
-import {getJwks, JwksKeyParameters} from "@tsed/jwks";
-
-@Injectable()
-export class OidcJwks {
-  public jwksPath: string = constant("oidc.jwksPath", join(process.cwd(), "keys", "jwks.json"));
-  public certificates?: JwksKeyParameters[] = constant("oidc.certificates");
-  public keys: string;
-
-  $onInit() {
-    return this.getJwks();
-  }
-
-  getJwks() {
-    return getJwks({
-      path: this.jwksPath,
-      certificates: this.certificates
-    });
-  }
-}

package/src/services/OidcPolicy.spec.ts

@@ -1,156 +0,0 @@
-import {Env} from "@tsed/core";
-import {PlatformTest} from "@tsed/platform-http/testing";
-
-import {ConsentInteraction} from "../../test/app/interactions/ConsentInteraction.js";
-import {Interaction} from "../decorators/interaction.js";
-import {OidcInteractions} from "./OidcInteractions.js";
-import {OidcPolicy} from "./OidcPolicy.js";
-
-describe("OidcPolicy", () => {
-  beforeEach(() =>
-    PlatformTest.create({
-      env: Env.PROD,
-      oidc: {
-        issuer: "http://localhost:8081",
-        secureKey: ["secureKey"]
-      }
-    })
-  );
-  afterEach(() => PlatformTest.reset());
-  describe("createPrompt()", () => {
-    it("should bind options to prompt instance", async () => {
-      const oidcProvider = PlatformTest.get<OidcPolicy>(OidcPolicy);
-      const instance = {};
-      const options = {
-        name: "name",
-        requestable: true,
-        details: vi.fn(),
-        checks: []
-      };
-
-      const prompt = await oidcProvider.createPrompt(instance, options);
-
-      expect(prompt.details).toEqual(options.details);
-      expect(prompt.name).toEqual(options.name);
-      expect(prompt.requestable).toEqual(options.requestable);
-    });
-
-    it("should bind methods from instance to prompt instance", async () => {
-      const oidcProvider = PlatformTest.get<OidcPolicy>(OidcPolicy);
-      const instance = {
-        details: vi.fn(),
-        checks: vi.fn().mockReturnValue([])
-      };
-      const options = {
-        name: "name",
-        requestable: true
-      };
-
-      const prompt = await oidcProvider.createPrompt(instance, options);
-
-      expect(prompt.details).toBeDefined();
-      expect(prompt.name).toEqual(options.name);
-      expect(prompt.requestable).toEqual(options.requestable);
-    });
-  });
-  describe("getPolicy()", () => {
-    describe('when there is interactions with "priority" property', () => {
-      @Interaction({
-        name: "test"
-      })
-      class TestInteraction {}
-
-      @Interaction({
-        name: "test2"
-      })
-      class Test2Interaction {}
-
-      @Interaction({
-        name: "login"
-      })
-      class LoginInteraction {}
-
-      @Interaction({
-        name: "consent"
-      })
-      class ConsentInteraction {}
-
-      @Interaction({
-        name: "test3",
-        priority: 0
-      })
-      class Test3Interaction {}
-
-      it("should load policy (without priority)", async () => {
-        const oidcInteractions = {
-          getInteractions: vi
-            .fn()
-            .mockReturnValue([
-              PlatformTest.injector.getProvider(Test2Interaction),
-              PlatformTest.injector.getProvider(LoginInteraction),
-              PlatformTest.injector.getProvider(ConsentInteraction),
-              PlatformTest.injector.getProvider(TestInteraction)
-            ])
-        };
-
-        const oidcProvider = await PlatformTest.invoke<OidcPolicy>(OidcPolicy, [
-          {
-            token: OidcInteractions,
-            use: oidcInteractions
-          }
-        ]);
-
-        const policy = oidcProvider.getPolicy();
-
-        expect(policy.map(({name}: {name: string}) => name)).toEqual(["test2", "login", "consent", "test"]);
-      });
-      it("should load policy (with priority)", async () => {
-        const oidcInteractions = {
-          getInteractions: vi
-            .fn()
-            .mockReturnValue([
-              PlatformTest.injector.getProvider(Test2Interaction),
-              PlatformTest.injector.getProvider(LoginInteraction),
-              PlatformTest.injector.getProvider(ConsentInteraction),
-              PlatformTest.injector.getProvider(TestInteraction),
-              PlatformTest.injector.getProvider(Test3Interaction)
-            ])
-        };
-
-        const oidcProvider = await PlatformTest.invoke<OidcPolicy>(OidcPolicy, [
-          {
-            token: OidcInteractions,
-            use: oidcInteractions
-          }
-        ]);
-
-        const policy = oidcProvider.getPolicy();
-
-        expect(policy.map(({name}: {name: string}) => name)).toEqual(["test3", "login", "consent", "test2", "test"]);
-      });
-    });
-    describe("when there is no interactions without usePriority", () => {
-      it("should load policy", async () => {
-        const oidcInteractions = {
-          getInteractions: vi.fn().mockReturnValue([])
-        };
-
-        const oidcPolicy = await PlatformTest.invoke<OidcPolicy>(OidcPolicy, [
-          {
-            token: OidcInteractions,
-            use: oidcInteractions
-          }
-        ]);
-
-        vi.spyOn(oidcPolicy as any, "getInteractions").mockReturnValue({
-          usePriority: false,
-          interactions: new Map([["login", {name: "login", instance: {}} as any]])
-        });
-
-        const policy = oidcPolicy.getPolicy();
-
-        expect(policy.map(({name}: {name: string}) => name)).toEqual(["login", "consent"]);
-      });
-    });
-  });
-});

package/src/services/OidcPolicy.ts

@@ -1,92 +0,0 @@
-import {inject, Injectable, injector, Provider} from "@tsed/di";
-import {interactionPolicy} from "oidc-provider";
-
-import {InteractionMethods} from "../domain/InteractionMethods.js";
-import {OidcInteractionOptions} from "../domain/OidcInteractionOptions.js";
-import {OidcInteractions} from "./OidcInteractions.js";
-import Prompt = interactionPolicy.Prompt;
-
-@Injectable()
-export class OidcPolicy {
-  protected injector = injector();
-  protected oidcInteractions = inject(OidcInteractions);
-
-  public getPolicy() {
-    let policy = interactionPolicy.base();
-    const {usePriority, interactions} = this.getInteractions();
-
-    if (interactions.size) {
-      for (const {name, instance, options} of interactions.values()) {
-        if (!policy.get(name)) {
-          const prompt = this.createPrompt(instance, options);
-
-          policy.add(prompt, options.priority);
-        }
-
-        if (instance.$onCreate) {
-          instance.$onCreate(policy.get(name)!);
-        }
-      }
-
-      // reordering interactions by interactions index
-      if (!usePriority) {
-        policy = policy.sort((a, b) => {
-          const o1 = interactions.get(a.name)?.order || 0;
-          const o2 = interactions.get(b.name)?.order || 0;
-
-          return o1 < o2 ? -1 : 1;
-        });
-      }
-    }
-
-    return this.injector.alter("$alterOidcPolicy", policy);
-  }
-
-  public createPrompt(instance: InteractionMethods, options: OidcInteractionOptions): Prompt {
-    const {checks: originalChecks = [], details, ...promptOptions} = options;
-    const checks = [...(instance.checks ? instance.checks() : originalChecks)].filter(Boolean);
-
-    return new interactionPolicy.Prompt(promptOptions, instance.details ? instance.details.bind(instance) : details, ...checks);
-  }
-
-  private getInteractions() {
-    let usePriority = false;
-
-    const interactions = this.oidcInteractions.getInteractions();
-
-    const map = interactions.reduce(
-      (map, provider, index) => {
-        const instance = this.injector.get<InteractionMethods>(provider.token)!;
-
-        const options = provider.store.get("interactionOptions");
-
-        if (options.priority !== undefined) {
-          usePriority = true;
-        }
-
-        return map.set(options.name, {
-          order: index,
-          name: options.name,
-          provider,
-          instance,
-          options
-        });
-      },
-      new Map<
-        string,
-        {
-          order: number;
-          provider: Provider;
-          instance: any;
-          options: OidcInteractionOptions;
-          name: string;
-        }
-      >()
-    );
-
-    return {
-      interactions: map,
-      usePriority
-    };
-  }
-}

package/src/services/OidcProvider.spec.ts

@@ -1,116 +0,0 @@
-import "../../test/app/controllers/oidc/InteractionsCtrl.js";
-
-import {Env} from "@tsed/core";
-import {runInContext} from "@tsed/di";
-import {PlatformTest} from "@tsed/platform-http/testing";
-
-import {OidcProvider} from "./OidcProvider.js";
-
-describe("OidcProvider", () => {
-  describe("Production", () => {
-    beforeEach(() =>
-      PlatformTest.create({
-        env: Env.PROD,
-        oidc: {
-          issuer: "http://localhost:8081",
-          secureKey: ["secureKey"]
-        }
-      })
-    );
-    afterEach(() => PlatformTest.reset());
-
-    it("should create oidc instance", () => {
-      const oidcProvider = PlatformTest.get<OidcProvider>(OidcProvider);
-
-      // @ts-ignore
-      expect(oidcProvider.getInteractionsUrl()({}, {uid: "uid"})).toEqual("/interaction/uid");
-    });
-  });
-  describe("createErrorHandler()", () => {
-    beforeEach(() =>
-      PlatformTest.create({
-        env: Env.PROD,
-        oidc: {
-          issuer: "http://localhost:8081",
-          secureKey: ["secureKey"]
-        }
-      })
-    );
-    afterEach(() => PlatformTest.reset());
-
-    it("should intercept all oidc errors", () => {
-      const oidcProvider = PlatformTest.get<OidcProvider>(OidcProvider);
-      vi.spyOn((oidcProvider as any).injector.logger, "error");
-
-      const fn = (oidcProvider as any).createErrorHandler("event");
-      fn(
-        {
-          headers: {
-            origin: "origin"
-          },
-          oidc: {
-            params: {
-              client_id: "client_id"
-            }
-          }
-        },
-        {error: "error", error_description: "error_description", error_detail: "error_detail"},
-        "account_id",
-        "sid"
-      );
-
-      expect((oidcProvider as any).injector.logger.error).toHaveBeenCalledWith({
-        duration: expect.any(Number),
-        reqId: expect.any(String),
-        account_id: "account_id",
-        error: {error_description: "error_description", error_detail: "error_detail", error: "error"},
-        event: "OIDC_ERROR",
-        headers: {
-          origin: "origin"
-        },
-        params: {client_id: "client_id"},
-        sid: "sid",
-        type: "event",
-        time: expect.any(Date)
-      });
-    });
-    it("should intercept all oidc errors (in request context)", async () => {
-      const oidcProvider = PlatformTest.get<OidcProvider>(OidcProvider);
-      const ctx = PlatformTest.createRequestContext();
-
-      vi.spyOn(ctx.logger, "error");
-
-      const fn = (oidcProvider as any).createErrorHandler("event");
-
-      await runInContext(ctx, () => {
-        fn(
-          {
-            headers: {
-              origin: "origin"
-            },
-            oidc: {
-              params: {
-                client_id: "client_id"
-              }
-            }
-          },
-          {error: "error", error_description: "error_description", error_detail: "error_detail"},
-          "account_id",
-          "sid"
-        );
-      });
-
-      expect(ctx.logger.error).toHaveBeenCalledWith({
-        account_id: "account_id",
-        error: {error_description: "error_description", error_detail: "error_detail", error: "error"},
-        event: "OIDC_ERROR",
-        headers: {
-          origin: "origin"
-        },
-        params: {client_id: "client_id"},
-        sid: "sid",
-        type: "event"
-      });
-    });
-  });
-});