scimgateway 4.2.5 → 4.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -0
- package/lib/plugin-api.js +1 -9
- package/lib/plugin-azure-ad.js +1 -9
- package/lib/plugin-scim.js +1 -9
- package/lib/scimgateway.js +17 -1
- package/package.json +1 -1
package/README.md
CHANGED
package/lib/plugin-api.js
CHANGED
|
@@ -434,15 +434,7 @@ const doRequest = async (baseEntity, method, path, body, ctx, opt, retryCount) =
|
|
|
434
434
|
throw newerr
|
|
435
435
|
}
|
|
436
436
|
} else {
|
|
437
|
-
if (statusCode === 401)
|
|
438
|
-
if (_serviceClient[baseEntity]) delete _serviceClient[baseEntity][clientIdentifier]
|
|
439
|
-
err.message = JSON.stringify( // don't reveal original message
|
|
440
|
-
{
|
|
441
|
-
statusCode: 401,
|
|
442
|
-
error: 'Access denied'
|
|
443
|
-
}
|
|
444
|
-
)
|
|
445
|
-
}
|
|
437
|
+
if (statusCode === 401 && _serviceClient[baseEntity]) delete _serviceClient[baseEntity][clientIdentifier]
|
|
446
438
|
throw err // CA IM retries getUsers failure once (retry 6 times on ECONNREFUSED)
|
|
447
439
|
}
|
|
448
440
|
}
|
package/lib/plugin-azure-ad.js
CHANGED
|
@@ -1160,15 +1160,7 @@ const doRequest = async (baseEntity, method, path, body, ctx, opt, retryCount) =
|
|
|
1160
1160
|
throw newerr
|
|
1161
1161
|
}
|
|
1162
1162
|
} else {
|
|
1163
|
-
if (statusCode === 401)
|
|
1164
|
-
if (_serviceClient[baseEntity]) delete _serviceClient[baseEntity][clientIdentifier]
|
|
1165
|
-
err.message = JSON.stringify( // don't reveal original message
|
|
1166
|
-
{
|
|
1167
|
-
statusCode: 401,
|
|
1168
|
-
error: 'Access denied'
|
|
1169
|
-
}
|
|
1170
|
-
)
|
|
1171
|
-
}
|
|
1163
|
+
if (statusCode === 401 && _serviceClient[baseEntity]) delete _serviceClient[baseEntity][clientIdentifier]
|
|
1172
1164
|
throw err // CA IM retries getUser failure once (retry 6 times on ECONNREFUSED)
|
|
1173
1165
|
}
|
|
1174
1166
|
}
|
package/lib/plugin-scim.js
CHANGED
|
@@ -773,15 +773,7 @@ const doRequest = async (baseEntity, method, path, body, ctx, opt, retryCount) =
|
|
|
773
773
|
throw newerr
|
|
774
774
|
}
|
|
775
775
|
} else {
|
|
776
|
-
if (statusCode === 401)
|
|
777
|
-
if (_serviceClient[baseEntity]) delete _serviceClient[baseEntity][clientIdentifier]
|
|
778
|
-
err.message = JSON.stringify( // don't reveal original message
|
|
779
|
-
{
|
|
780
|
-
statusCode: 401,
|
|
781
|
-
error: 'Access denied'
|
|
782
|
-
}
|
|
783
|
-
)
|
|
784
|
-
}
|
|
776
|
+
if (statusCode === 401 && _serviceClient[baseEntity]) delete _serviceClient[baseEntity][clientIdentifier]
|
|
785
777
|
throw err // CA IM retries getUsers failure once (retry 6 times on ECONNREFUSED)
|
|
786
778
|
}
|
|
787
779
|
}
|
package/lib/scimgateway.js
CHANGED
|
@@ -318,11 +318,27 @@ const ScimGateway = function () {
|
|
|
318
318
|
if (!userName && authType === 'Bearer') userName = 'token'
|
|
319
319
|
if (ctx.request.url !== '/favicon.ico') {
|
|
320
320
|
if (ctx.response.status < 200 || ctx.response.status > 299) {
|
|
321
|
+
let isEndpointAccessDenied = false
|
|
322
|
+
if (res.body.detail) {
|
|
323
|
+
if (res.body.detail.includes('\"statusCode\":401')) isEndpointAccessDenied= true // eslint-disable-line
|
|
324
|
+
} else if (res.body.Errors) {
|
|
325
|
+
if (Array.isArray(res.body.Errors) && res.body.Errors[0].description && res.body.Errors[0].description.includes('\"statusCode\":401')) { // eslint-disable-line
|
|
326
|
+
isEndpointAccessDenied = true
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
if (isEndpointAccessDenied) { // don't reveal original SCIM error message details related to access denied (e.g. using Auth PassThrough)
|
|
330
|
+
ctx.response.set('Content-Type', 'application/json; charset=utf-8')
|
|
331
|
+
ctx.response.status = 401 // ctx.response.message becomes default 'Unauthorized'
|
|
332
|
+
ctx.response.body = { error: 'Access denied' }
|
|
333
|
+
res.statusCode = ctx.response.status
|
|
334
|
+
res.statusMessage = ctx.response.message
|
|
335
|
+
res.body = ctx.response.body
|
|
336
|
+
}
|
|
321
337
|
logger.error(`${gwName}[${pluginName}] ${ellapsed} ${ctx.request.ipcli} ${userName} ${ctx.request.method} ${ctx.request.href} Inbound = ${JSON.stringify(ctx.request.body)} Outbound = ${JSON.stringify(res)}${(config.log.loglevel.file === 'debug' && ctx.request.url !== '/ping') ? '\n' : ''}`)
|
|
322
338
|
} else logger.info(`${gwName}[${pluginName}] ${ellapsed} ${ctx.request.ipcli} ${userName} ${ctx.request.method} ${ctx.request.href} Inbound = ${JSON.stringify(ctx.request.body)} Outbound = ${JSON.stringify(res)}${(config.log.loglevel.file === 'debug' && ctx.request.url !== '/ping') ? '\n' : ''}`)
|
|
323
339
|
requestCounter += 1 // logged on exit (not win process termination)
|
|
324
340
|
}
|
|
325
|
-
if (ctx.response.body && typeof ctx.response.body === 'object') ctx.set('Content-Type', 'application/scim+json; charset=utf-8')
|
|
341
|
+
if (ctx.response.body && typeof ctx.response.body === 'object' && ctx.response.status !== 401) ctx.set('Content-Type', 'application/scim+json; charset=utf-8')
|
|
326
342
|
}
|
|
327
343
|
|
|
328
344
|
// start auth methods - used by auth
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "scimgateway",
|
|
3
|
-
"version": "4.2.
|
|
3
|
+
"version": "4.2.6",
|
|
4
4
|
"description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
|
|
5
5
|
"author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",
|
|
6
6
|
"homepage": "https://elshaug.xyz",
|