@workos-inc/node 7.69.2 → 7.70.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/user-management/interfaces/authenticate-with-session-cookie.interface.d.ts +2 -0
- package/lib/user-management/interfaces/create-organization-membership-options.interface.d.ts +2 -0
- package/lib/user-management/interfaces/organization-membership.interface.d.ts +2 -0
- package/lib/user-management/interfaces/update-organization-membership-options.interface.d.ts +2 -0
- package/lib/user-management/serializers/create-organization-membership-options.serializer.js +1 -0
- package/lib/user-management/serializers/organization-membership.serializer.js +1 -11
- package/lib/user-management/serializers/update-organization-membership-options.serializer.js +1 -0
- package/lib/user-management/session.js +4 -2
- package/lib/user-management/session.spec.js +4 -2
- package/lib/user-management/user-management.js +2 -1
- package/lib/user-management/user-management.spec.js +33 -0
- package/lib/workos.js +1 -1
- package/package.json +1 -1
|
@@ -9,6 +9,7 @@ export interface AccessToken {
|
|
|
9
9
|
sid: string;
|
|
10
10
|
org_id?: string;
|
|
11
11
|
role?: string;
|
|
12
|
+
roles?: string[];
|
|
12
13
|
permissions?: string[];
|
|
13
14
|
entitlements?: string[];
|
|
14
15
|
feature_flags?: string[];
|
|
@@ -28,6 +29,7 @@ export type AuthenticateWithSessionCookieSuccessResponse = {
|
|
|
28
29
|
sessionId: string;
|
|
29
30
|
organizationId?: string;
|
|
30
31
|
role?: string;
|
|
32
|
+
roles?: string[];
|
|
31
33
|
permissions?: string[];
|
|
32
34
|
entitlements?: string[];
|
|
33
35
|
featureFlags?: string[];
|
package/lib/user-management/interfaces/create-organization-membership-options.interface.d.ts
CHANGED
|
@@ -2,9 +2,11 @@ export interface CreateOrganizationMembershipOptions {
|
|
|
2
2
|
organizationId: string;
|
|
3
3
|
userId: string;
|
|
4
4
|
roleSlug?: string;
|
|
5
|
+
roleSlugs?: string[];
|
|
5
6
|
}
|
|
6
7
|
export interface SerializedCreateOrganizationMembershipOptions {
|
|
7
8
|
organization_id: string;
|
|
8
9
|
user_id: string;
|
|
9
10
|
role_slug?: string;
|
|
11
|
+
role_slugs?: string[];
|
|
10
12
|
}
|
|
@@ -10,6 +10,7 @@ export interface OrganizationMembership {
|
|
|
10
10
|
createdAt: string;
|
|
11
11
|
updatedAt: string;
|
|
12
12
|
role: RoleResponse;
|
|
13
|
+
roles?: RoleResponse[];
|
|
13
14
|
}
|
|
14
15
|
export interface OrganizationMembershipResponse {
|
|
15
16
|
object: 'organization_membership';
|
|
@@ -21,4 +22,5 @@ export interface OrganizationMembershipResponse {
|
|
|
21
22
|
created_at: string;
|
|
22
23
|
updated_at: string;
|
|
23
24
|
role: RoleResponse;
|
|
25
|
+
roles?: RoleResponse[];
|
|
24
26
|
}
|
package/lib/user-management/serializers/create-organization-membership-options.serializer.js
CHANGED
|
@@ -5,5 +5,6 @@ const serializeCreateOrganizationMembershipOptions = (options) => ({
|
|
|
5
5
|
organization_id: options.organizationId,
|
|
6
6
|
user_id: options.userId,
|
|
7
7
|
role_slug: options.roleSlug,
|
|
8
|
+
role_slugs: options.roleSlugs,
|
|
8
9
|
});
|
|
9
10
|
exports.serializeCreateOrganizationMembershipOptions = serializeCreateOrganizationMembershipOptions;
|
|
@@ -1,15 +1,5 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.deserializeOrganizationMembership = void 0;
|
|
4
|
-
const deserializeOrganizationMembership = (organizationMembership) => ({
|
|
5
|
-
object: organizationMembership.object,
|
|
6
|
-
id: organizationMembership.id,
|
|
7
|
-
userId: organizationMembership.user_id,
|
|
8
|
-
organizationId: organizationMembership.organization_id,
|
|
9
|
-
organizationName: organizationMembership.organization_name,
|
|
10
|
-
status: organizationMembership.status,
|
|
11
|
-
createdAt: organizationMembership.created_at,
|
|
12
|
-
updatedAt: organizationMembership.updated_at,
|
|
13
|
-
role: organizationMembership.role,
|
|
14
|
-
});
|
|
4
|
+
const deserializeOrganizationMembership = (organizationMembership) => (Object.assign({ object: organizationMembership.object, id: organizationMembership.id, userId: organizationMembership.user_id, organizationId: organizationMembership.organization_id, organizationName: organizationMembership.organization_name, status: organizationMembership.status, createdAt: organizationMembership.created_at, updatedAt: organizationMembership.updated_at, role: organizationMembership.role }, (organizationMembership.roles && { roles: organizationMembership.roles })));
|
|
15
5
|
exports.deserializeOrganizationMembership = deserializeOrganizationMembership;
|
package/lib/user-management/serializers/update-organization-membership-options.serializer.js
CHANGED
|
@@ -3,5 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.serializeUpdateOrganizationMembershipOptions = void 0;
|
|
4
4
|
const serializeUpdateOrganizationMembershipOptions = (options) => ({
|
|
5
5
|
role_slug: options.roleSlug,
|
|
6
|
+
role_slugs: options.roleSlugs,
|
|
6
7
|
});
|
|
7
8
|
exports.serializeUpdateOrganizationMembershipOptions = serializeUpdateOrganizationMembershipOptions;
|
|
@@ -61,12 +61,13 @@ class CookieSession {
|
|
|
61
61
|
reason: interfaces_1.AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
|
|
62
62
|
};
|
|
63
63
|
}
|
|
64
|
-
const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
64
|
+
const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
65
65
|
return {
|
|
66
66
|
authenticated: true,
|
|
67
67
|
sessionId,
|
|
68
68
|
organizationId,
|
|
69
69
|
role,
|
|
70
|
+
roles,
|
|
70
71
|
permissions,
|
|
71
72
|
entitlements,
|
|
72
73
|
featureFlags,
|
|
@@ -114,7 +115,7 @@ class CookieSession {
|
|
|
114
115
|
this.cookiePassword = options.cookiePassword;
|
|
115
116
|
}
|
|
116
117
|
this.sessionData = authenticationResponse.sealedSession;
|
|
117
|
-
const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(authenticationResponse.accessToken);
|
|
118
|
+
const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(authenticationResponse.accessToken);
|
|
118
119
|
// TODO: Returning `session` here means there's some duplicated data.
|
|
119
120
|
// Slim down the return type in a future major version.
|
|
120
121
|
return {
|
|
@@ -124,6 +125,7 @@ class CookieSession {
|
|
|
124
125
|
sessionId,
|
|
125
126
|
organizationId,
|
|
126
127
|
role,
|
|
128
|
+
roles,
|
|
127
129
|
permissions,
|
|
128
130
|
entitlements,
|
|
129
131
|
featureFlags,
|
|
@@ -119,7 +119,7 @@ describe('Session', () => {
|
|
|
119
119
|
.spyOn(jose, 'jwtVerify')
|
|
120
120
|
.mockResolvedValue({});
|
|
121
121
|
const cookiePassword = 'alongcookiesecretmadefortestingsessions';
|
|
122
|
-
const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.
|
|
122
|
+
const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6Im1lbWJlciIsInJvbGVzIjpbIm1lbWJlciIsImFkbWluIl0sInBlcm1pc3Npb25zIjpbInBvc3RzOmNyZWF0ZSIsInBvc3RzOmRlbGV0ZSJdLCJlbnRpdGxlbWVudHMiOlsiYXVkaXQtbG9ncyJdLCJmZWF0dXJlX2ZsYWdzIjpbImRhcmstbW9kZSIsImJldGEtZmVhdHVyZXMiXSwidXNlciI6eyJvYmplY3QiOiJ1c2VyIiwiaWQiOiJ1c2VyXzAxSDVKUURWN1I3QVRFWVpERUcwVzVQUllTIiwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIn19.TNUzJYn6lzLWFFsiWiKEgIshyUs-bKJQf1VxwNr1cGI';
|
|
123
123
|
const sessionData = yield (0, iron_session_1.sealData)({
|
|
124
124
|
accessToken,
|
|
125
125
|
refreshToken: 'def456',
|
|
@@ -146,6 +146,7 @@ describe('Session', () => {
|
|
|
146
146
|
sessionId: 'session_123',
|
|
147
147
|
organizationId: 'org_123',
|
|
148
148
|
role: 'member',
|
|
149
|
+
roles: ['member', 'admin'],
|
|
149
150
|
permissions: ['posts:create', 'posts:delete'],
|
|
150
151
|
entitlements: ['audit-logs'],
|
|
151
152
|
featureFlags: ['dark-mode', 'beta-features'],
|
|
@@ -173,7 +174,7 @@ describe('Session', () => {
|
|
|
173
174
|
}));
|
|
174
175
|
describe('when the session data is valid', () => {
|
|
175
176
|
it('returns a successful response with a sealed and unsealed session', () => __awaiter(void 0, void 0, void 0, function* () {
|
|
176
|
-
const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
|
|
177
|
+
const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzaWQiOiJzZXNzaW9uXzEyMyIsIm9yZ19pZCI6Im9yZ18xMjMiLCJyb2xlIjoibWVtYmVyIiwicm9sZXMiOlsibWVtYmVyIiwiYWRtaW4iXSwicGVybWlzc2lvbnMiOlsicG9zdHM6Y3JlYXRlIiwicG9zdHM6ZGVsZXRlIl19.N5zveP149QhRR5zNvzGJPiCX098uXaN8VM1_lwsMg4A';
|
|
177
178
|
const refreshToken = 'def456';
|
|
178
179
|
(0, test_utils_1.fetchOnce)({
|
|
179
180
|
user: user_json_1.default,
|
|
@@ -216,6 +217,7 @@ describe('Session', () => {
|
|
|
216
217
|
entitlements: undefined,
|
|
217
218
|
permissions: ['posts:create', 'posts:delete'],
|
|
218
219
|
role: 'member',
|
|
220
|
+
roles: ['member', 'admin'],
|
|
219
221
|
sessionId: 'session_123',
|
|
220
222
|
user: expect.objectContaining({
|
|
221
223
|
email: 'test01@example.com',
|
|
@@ -217,12 +217,13 @@ class UserManagement {
|
|
|
217
217
|
reason: authenticate_with_session_cookie_interface_1.AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
|
|
218
218
|
};
|
|
219
219
|
}
|
|
220
|
-
const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
220
|
+
const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
221
221
|
return {
|
|
222
222
|
authenticated: true,
|
|
223
223
|
sessionId,
|
|
224
224
|
organizationId,
|
|
225
225
|
role,
|
|
226
|
+
roles,
|
|
226
227
|
user: session.user,
|
|
227
228
|
permissions,
|
|
228
229
|
entitlements,
|
|
@@ -889,6 +889,39 @@ describe('UserManagement', () => {
|
|
|
889
889
|
accessToken,
|
|
890
890
|
});
|
|
891
891
|
}));
|
|
892
|
+
it('returns the JWT claims when provided a valid JWT with multiple roles', () => __awaiter(void 0, void 0, void 0, function* () {
|
|
893
|
+
jest
|
|
894
|
+
.spyOn(jose, 'jwtVerify')
|
|
895
|
+
.mockResolvedValue({});
|
|
896
|
+
const cookiePassword = 'alongcookiesecretmadefortestingsessions';
|
|
897
|
+
const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6ImFkbWluIiwicm9sZXMiOlsiYWRtaW4iLCJtZW1iZXIiXSwicGVybWlzc2lvbnMiOlsicG9zdHM6Y3JlYXRlIiwicG9zdHM6ZGVsZXRlIl0sImVudGl0bGVtZW50cyI6WyJhdWRpdC1sb2dzIl0sImZlYXR1cmVfZmxhZ3MiOlsiZGFyay1tb2RlIiwiYmV0YS1mZWF0dXJlcyJdLCJ1c2VyIjp7Im9iamVjdCI6InVzZXIiLCJpZCI6InVzZXJfMDFINUpRRFY3UjdBVEVZWkRFRzBXNVBSWVMiLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifX0.hsMptIB7PmbF5pxxtgTtCdUyOAhA11ZIAP-JY5zU5fE';
|
|
898
|
+
const sessionData = yield (0, iron_session_1.sealData)({
|
|
899
|
+
accessToken,
|
|
900
|
+
refreshToken: 'def456',
|
|
901
|
+
user: {
|
|
902
|
+
object: 'user',
|
|
903
|
+
id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
|
|
904
|
+
email: 'test@example.com',
|
|
905
|
+
},
|
|
906
|
+
}, { password: cookiePassword });
|
|
907
|
+
yield expect(workos.userManagement.authenticateWithSessionCookie({
|
|
908
|
+
sessionData,
|
|
909
|
+
cookiePassword,
|
|
910
|
+
})).resolves.toEqual({
|
|
911
|
+
authenticated: true,
|
|
912
|
+
sessionId: 'session_123',
|
|
913
|
+
organizationId: 'org_123',
|
|
914
|
+
role: 'admin',
|
|
915
|
+
roles: ['admin', 'member'],
|
|
916
|
+
permissions: ['posts:create', 'posts:delete'],
|
|
917
|
+
entitlements: ['audit-logs'],
|
|
918
|
+
featureFlags: ['dark-mode', 'beta-features'],
|
|
919
|
+
user: expect.objectContaining({
|
|
920
|
+
email: 'test@example.com',
|
|
921
|
+
}),
|
|
922
|
+
accessToken,
|
|
923
|
+
});
|
|
924
|
+
}));
|
|
892
925
|
});
|
|
893
926
|
describe('refreshAndSealSessionData', () => {
|
|
894
927
|
it('throws an error when the cookie password is undefined', () => __awaiter(void 0, void 0, void 0, function* () {
|
package/lib/workos.js
CHANGED
|
@@ -32,7 +32,7 @@ const actions_1 = require("./actions/actions");
|
|
|
32
32
|
const vault_1 = require("./vault/vault");
|
|
33
33
|
const conflict_exception_1 = require("./common/exceptions/conflict.exception");
|
|
34
34
|
const parse_error_1 = require("./common/exceptions/parse-error");
|
|
35
|
-
const VERSION = '7.
|
|
35
|
+
const VERSION = '7.70.0';
|
|
36
36
|
const DEFAULT_HOSTNAME = 'api.workos.com';
|
|
37
37
|
const HEADER_AUTHORIZATION = 'Authorization';
|
|
38
38
|
const HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';
|
package/package.json
CHANGED