@unwanted/matrix-sdk-mini 34.13.0 → 36.0.0

package/src/randomstring.ts

@@ -17,9 +17,23 @@ limitations under the License.
 
 import { encodeUnpaddedBase64Url } from "./base64.ts";
 
-const LOWERCASE = "abcdefghijklmnopqrstuvwxyz";
-const UPPERCASE = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-const DIGITS = "0123456789";
+/**
+ * String representing the lowercase latin alphabet for use in {@link secureRandomStringFrom}
+ * (can be combined with other such exports or other characters by appending strings)
+ */
+export const LOWERCASE = "abcdefghijklmnopqrstuvwxyz";
+
+/**
+ * String representing the uppercase latin alphabet for use in secureRandomStringFrom
+ * (can be combined with other such exports or other characters by appending strings)
+ */
+export const UPPERCASE = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+/**
+ * String representing the arabic numerals for use in secureRandomStringFrom
+ * (can be combined with other such exports or other characters by appending strings)
+ */
+export const DIGITS = "0123456789";
 
 export function secureRandomBase64Url(len: number): string {
     const key = new Uint8Array(len);
@@ -28,24 +42,56 @@ export function secureRandomBase64Url(len: number): string {
     return encodeUnpaddedBase64Url(key);
 }
 
-export function randomString(len: number): string {
-    return randomStringFrom(len, UPPERCASE + LOWERCASE + DIGITS);
+/**
+ * Generates a random string of uppercase and lowercase letters plus digits using a
+ * cryptographically secure random number generator.
+ * @param len The length of the string to generate
+ * @returns Random string of uppercase and lowercase letters plus digits of length `len`
+ */
+export function secureRandomString(len: number): string {
+    return secureRandomStringFrom(len, UPPERCASE + LOWERCASE + DIGITS);
 }
 
-export function randomLowercaseString(len: number): string {
-    return randomStringFrom(len, LOWERCASE);
-}
-
-export function randomUppercaseString(len: number): string {
-    return randomStringFrom(len, UPPERCASE);
-}
-
-function randomStringFrom(len: number, chars: string): string {
-    let ret = "";
-
-    for (let i = 0; i < len; ++i) {
-        ret += chars.charAt(Math.floor(Math.random() * chars.length));
+/**
+ * Generate a cryptographically secure random string using characters given.
+ *
+ * @param len - The length of the string to generate (must be positive and less than 32768).
+ * @param chars - The characters to use in the random string (between 2 and 256 characters long).
+ * @returns Random string of characters of length `len`.
+ */
+export function secureRandomStringFrom(len: number, chars: string): string {
+    // This is intended for latin strings so 256 possibilities should be more than enough and
+    // means we can use random bytes, minimising the amount of entropy we need to ask for.
+    if (chars.length < 2 || chars.length > 256) {
+        throw new Error("Character set must be between 2 and 256 characters long");
+    }
+    if (len < 1 || len > 32768) {
+        throw new Error("Requested random string length must be between 1 and 32768");
+    }
+    // We'll generate random unsigned bytes, so get the largest number less than 256 that is a multiple
+    // of the length of the character set: We'll need to discard any random values that are larger than
+    // this as we can't possibly map them onto the character set while keeping each character equally
+    // likely to be chosen (minus 1 to convert to indices in a string). (Essentially, we're using a d8
+    // to choose between 7 possibilities and re-rolling on an 8, keeping all 7 outcomes equally likely.)
+    // Our random values must be strictly less than this
+    const randomValueCutoff = 256 - (256 % chars.length);
+    // Grab 30% more entropy than we need. This should be enough that we can discard the values that are
+    // too high without having to go back and grab more unless we're super unlucky.
+    const entropyBuffer = new Uint8Array(Math.floor(len * 1.3));
+    // Mark all of this buffer as used to start with (we haven't populated it with entropy yet) so it will
+    // be filled on the first iteration.
+    let entropyBufferPos = entropyBuffer.length;
+    const result = [];
+    while (result.length < len) {
+        if (entropyBufferPos === entropyBuffer.length) {
+            globalThis.crypto.getRandomValues(entropyBuffer);
+            entropyBufferPos = 0;
+        }
+        const randomByte = entropyBuffer[entropyBufferPos++];
+        if (randomByte < randomValueCutoff) {
+            result.push(chars[randomByte % chars.length]);
+        }
     }
 
-    return ret;
+    return result.join("");
 }

package/src/store/indexeddb-local-backend.ts

@@ -71,7 +71,7 @@ function selectQuery<T>(
     return new Promise((resolve, reject) => {
         const results: T[] = [];
         query.onerror = (): void => {
-            reject(new Error("Query failed: " + query.error));
+            reject(new Error("Query failed: " + query.error?.name));
         };
         // collect results
         query.onsuccess = (): void => {
@@ -360,7 +360,7 @@ export class LocalIndexedDBStoreBackend implements IIndexedDBBackend {
                 // in firefox, with indexedDB disabled, this fails with a
                 // DOMError. We treat this as non-fatal, so that we can still
                 // use the app.
-                logger.warn(`unable to delete js-sdk store indexeddb: ${req.error}`);
+                logger.warn(`unable to delete js-sdk store indexeddb: ${req.error?.name}`);
                 resolve();
             };
 

package/src/testing.ts

@@ -25,6 +25,7 @@ limitations under the License.
 import { IContent, IEvent, IUnsigned, MatrixEvent } from "./models/event.ts";
 import { RoomMember } from "./models/room-member.ts";
 import { EventType } from "./@types/event.ts";
+import { OidcClientConfig, ValidatedAuthMetadata } from "./oidc/index.ts";
 
 /**
  * Create a {@link MatrixEvent}.
@@ -81,3 +82,43 @@ export function mkMatrixEvent(opts: {
     } as unknown as RoomMember;
     return mxEvent;
 }
+
+/**
+ * Makes a valid OidcClientConfig with minimum valid values
+ * @param issuer used as the base for all other urls
+ * @param additionalGrantTypes to add to the default grant types
+ * @returns OidcClientConfig
+ * @experimental
+ */
+export const makeDelegatedAuthConfig = (
+    issuer = "https://auth.org/",
+    additionalGrantTypes: string[] = [],
+): OidcClientConfig => {
+    const metadata = mockOpenIdConfiguration(issuer, additionalGrantTypes);
+    return {
+        ...metadata,
+        signingKeys: null,
+    };
+};
+/**
+ * Useful for mocking <issuer>/.well-known/openid-configuration
+ * @param issuer used as the base for all other urls
+ * @param additionalGrantTypes to add to the default grant types
+ * @returns ValidatedAuthMetadata
+ * @experimental
+ */
+export const mockOpenIdConfiguration = (
+    issuer = "https://auth.org/",
+    additionalGrantTypes: string[] = [],
+): ValidatedAuthMetadata => ({
+    issuer,
+    revocation_endpoint: issuer + "revoke",
+    token_endpoint: issuer + "token",
+    authorization_endpoint: issuer + "auth",
+    registration_endpoint: issuer + "registration",
+    device_authorization_endpoint: issuer + "device",
+    jwks_uri: issuer + "jwks",
+    response_types_supported: ["code"],
+    grant_types_supported: ["authorization_code", "refresh_token", ...additionalGrantTypes],
+    code_challenge_methods_supported: ["S256"],
+});