@workos-inc/node 7.19.0 → 7.21.0

package/lib/organizations/interfaces/update-organization-options.interface.d.ts

@@ -1,7 +1,7 @@
 import { DomainData } from './domain-data.interface';
 export interface UpdateOrganizationOptions {
     organization: string;
-    name: string;
+    name?: string;
     domainData?: DomainData[];
     /**
      * @deprecated If you need to allow sign-ins from any email domain, contact support@workos.com.
@@ -13,7 +13,7 @@ export interface UpdateOrganizationOptions {
     domains?: string[];
 }
 export interface SerializedUpdateOrganizationOptions {
-    name: string;
+    name?: string;
     domain_data?: DomainData[];
     /**
      * @deprecated If you need to allow sign-ins from any email domain, contact support@workos.com.

package/lib/organizations/organizations.spec.js

@@ -216,11 +216,9 @@ describe('Organizations', () => {
                         domainData: [
                             { domain: 'example.com', state: interfaces_1.DomainDataState.Verified },
                         ],
-                        name: 'Test Organization 2',
                     });
                     expect((0, test_utils_1.fetchBody)()).toEqual({
                         domain_data: [{ domain: 'example.com', state: 'verified' }],
-                        name: 'Test Organization 2',
                     });
                     expect(subject.id).toEqual('org_01EHT88Z8J8795GZNQ4ZP1J81T');
                     expect(subject.name).toEqual('Test Organization 2');

package/lib/user-management/user-management.d.ts

@@ -87,5 +87,12 @@ export declare class UserManagement {
     getLogoutUrl({ sessionId }: {
         sessionId: string;
     }): string;
+    /**
+     * getLogoutUrlFromSessionCookie takes in session cookie data, unseals the cookie, decodes the JWT claims,
+     * and uses the session ID to generate the logout URL.
+     *
+     * Use this over `getLogoutUrl` if you'd like to the SDK to handle session cookies for you.
+     */
+    getLogoutUrlFromSessionCookie({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<string>;
     getJwksUrl(clientId: string): string;
 }

package/lib/user-management/user-management.js

@@ -500,6 +500,25 @@ class UserManagement {
         }
         return `${this.workos.baseURL}/user_management/sessions/logout?session_id=${sessionId}`;
     }
+    /**
+     * getLogoutUrlFromSessionCookie takes in session cookie data, unseals the cookie, decodes the JWT claims,
+     * and uses the session ID to generate the logout URL.
+     *
+     * Use this over `getLogoutUrl` if you'd like to the SDK to handle session cookies for you.
+     */
+    getLogoutUrlFromSessionCookie({ sessionData, cookiePassword = process.env.WORKOS_COOKIE_PASSWORD, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const authenticationResponse = yield this.authenticateWithSessionCookie({
+                sessionData,
+                cookiePassword,
+            });
+            if (!authenticationResponse.authenticated) {
+                const { reason } = authenticationResponse;
+                throw new Error(`Failed to extract session ID for logout URL: ${reason}`);
+            }
+            return this.getLogoutUrl({ sessionId: authenticationResponse.sessionId });
+        });
+    }
     getJwksUrl(clientId) {
         if (!clientId) {
             throw TypeError('clientId must be a valid clientId');

package/lib/user-management/user-management.spec.js

@@ -1536,6 +1536,101 @@ describe('UserManagement', () => {
             expect(url).toBe('https://api.workos.com/user_management/sessions/logout?session_id=123456');
         });
     });
+    describe('getLogoutUrlFromSessionCookie', () => {
+        beforeEach(() => {
+            // Mock createRemoteJWKSet
+            jest
+                .spyOn(jose, 'createRemoteJWKSet')
+                .mockImplementation((_url, _options) => {
+                // This function simulates the token verification process
+                const verifyFunction = (_protectedHeader, _token) => {
+                    return Promise.resolve({
+                        type: 'public',
+                    });
+                };
+                // Return an object that includes the verify function and the additional expected properties
+                return {
+                    __call__: verifyFunction,
+                    coolingDown: false,
+                    fresh: false,
+                    reloading: false,
+                    reload: jest.fn().mockResolvedValue(undefined),
+                    jwks: () => undefined,
+                };
+            });
+        });
+        it('throws an error when the cookie password is undefined', () => __awaiter(void 0, void 0, void 0, function* () {
+            yield expect(workos.userManagement.getLogoutUrlFromSessionCookie({
+                sessionData: 'session_cookie',
+            })).rejects.toThrow('Cookie password is required');
+        }));
+        it('returns authenticated = false when the session cookie is empty', () => __awaiter(void 0, void 0, void 0, function* () {
+            yield expect(workos.userManagement.getLogoutUrlFromSessionCookie({
+                sessionData: '',
+                cookiePassword: 'secret',
+            })).rejects.toThrowError(new Error('Failed to extract session ID for logout URL: no_session_cookie_provided'));
+        }));
+        it('returns authenticated = false when session cookie is invalid', () => __awaiter(void 0, void 0, void 0, function* () {
+            yield expect(workos.userManagement.getLogoutUrlFromSessionCookie({
+                sessionData: 'thisisacookie',
+                cookiePassword: 'secret',
+            })).rejects.toThrowError(new Error('Failed to extract session ID for logout URL: invalid_session_cookie'));
+        }));
+        it('returns authenticated = false when session cookie cannot be unsealed', () => __awaiter(void 0, void 0, void 0, function* () {
+            const cookiePassword = 'alongcookiesecretmadefortestingsessions';
+            const sessionData = yield (0, iron_session_1.sealData)({
+                accessToken: 'abc123',
+                refreshToken: 'def456',
+                user: {
+                    object: 'user',
+                    id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
+                    email: 'test@example.com',
+                },
+            }, { password: cookiePassword });
+            yield expect(workos.userManagement.getLogoutUrlFromSessionCookie({
+                sessionData,
+                cookiePassword: 'secretpasswordwhichisalsolongbutnottherightone',
+            })).rejects.toThrowError(new Error('Failed to extract session ID for logout URL: invalid_session_cookie'));
+        }));
+        it('returns authenticated = false when the JWT is invalid', () => __awaiter(void 0, void 0, void 0, function* () {
+            jest.spyOn(jose, 'jwtVerify').mockImplementationOnce(() => {
+                throw new Error('Invalid JWT');
+            });
+            const cookiePassword = 'alongcookiesecretmadefortestingsessions';
+            const sessionData = yield (0, iron_session_1.sealData)({
+                accessToken: 'abc123',
+                refreshToken: 'def456',
+                user: {
+                    object: 'user',
+                    id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
+                    email: 'test@example.com',
+                },
+            }, { password: cookiePassword });
+            yield expect(workos.userManagement.getLogoutUrlFromSessionCookie({
+                sessionData,
+                cookiePassword,
+            })).rejects.toThrowError(new Error('Failed to extract session ID for logout URL: invalid_jwt'));
+        }));
+        it('returns the logout URL for the session when provided a valid JWT', () => __awaiter(void 0, void 0, void 0, function* () {
+            jest
+                .spyOn(jose, 'jwtVerify')
+                .mockResolvedValue({});
+            const cookiePassword = 'alongcookiesecretmadefortestingsessions';
+            const sessionData = yield (0, iron_session_1.sealData)({
+                accessToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICJzdWIiOiAiMTIzNDU2Nzg5MCIsCiAgIm5hbWUiOiAiSm9obiBEb2UiLAogICJpYXQiOiAxNTE2MjM5MDIyLAogICJzaWQiOiAic2Vzc2lvbl8xMjMiLAogICJvcmdfaWQiOiAib3JnXzEyMyIsCiAgInJvbGUiOiAibWVtYmVyIiwKICAicGVybWlzc2lvbnMiOiBbInBvc3RzOmNyZWF0ZSIsICJwb3N0czpkZWxldGUiXQp9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c',
+                refreshToken: 'def456',
+                user: {
+                    object: 'user',
+                    id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
+                    email: 'test@example.com',
+                },
+            }, { password: cookiePassword });
+            yield expect(workos.userManagement.getLogoutUrlFromSessionCookie({
+                sessionData,
+                cookiePassword,
+            })).resolves.toEqual(`https://api.workos.test/user_management/sessions/logout?session_id=session_123`);
+        }));
+    });
     describe('getJwksUrl', () => {
         it('returns the jwks url', () => {
             const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');

package/lib/workos.js

@@ -27,14 +27,13 @@ const bad_request_exception_1 = require("./common/exceptions/bad-request.excepti
 const http_client_1 = require("./common/net/http-client");
 const subtle_crypto_provider_1 = require("./common/crypto/subtle-crypto-provider");
 const fetch_client_1 = require("./common/net/fetch-client");
-const VERSION = '7.19.0';
+const VERSION = '7.21.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 const HEADER_AUTHORIZATION = 'Authorization';
 const HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';
 const HEADER_WARRANT_TOKEN = 'Warrant-Token';
 class WorkOS {
     constructor(key, options = {}) {
-        var _a;
         this.key = key;
         this.options = options;
         this.auditLogs = new audit_logs_1.AuditLogs(this);
@@ -49,7 +48,10 @@ class WorkOS {
         this.fga = new fga_1.FGA(this);
         if (!key) {
             // process might be undefined in some environments
-            this.key = process === null || process === void 0 ? void 0 : process.env.WORKOS_API_KEY;
+            this.key =
+                typeof process !== 'undefined'
+                    ? process === null || process === void 0 ? void 0 : process.env.WORKOS_API_KEY
+                    : undefined;
             if (!this.key) {
                 throw new exceptions_1.NoApiKeyProvidedException();
             }
@@ -57,7 +59,10 @@ class WorkOS {
         if (this.options.https === undefined) {
             this.options.https = true;
         }
-        this.clientId = (_a = this.options.clientId) !== null && _a !== void 0 ? _a : process === null || process === void 0 ? void 0 : process.env.WORKOS_CLIENT_ID;
+        this.clientId = this.options.clientId;
+        if (!this.clientId && typeof process !== 'undefined') {
+            this.clientId = process === null || process === void 0 ? void 0 : process.env.WORKOS_CLIENT_ID;
+        }
         const protocol = this.options.https ? 'https' : 'http';
         const apiHostname = this.options.apiHostname || DEFAULT_HOSTNAME;
         const port = this.options.port;

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "7.19.0",
+  "version": "7.21.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",
@@ -67,4 +67,4 @@
       "default": "./lib/index.js"
     }
   }
-}
+}